Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on April 21, 2021 has been considered.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No.  16/120,762, filed on November 16, 2018.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
In claim 7: lines 2-4 and in claim 15: line 2; replace “the supplier” with --a supplier--.

Reason for allowance
Claims 1-20 are allowed. The following is an examiner’s statement of reasons for allowance. After consideration of the applicant’s correspondence filed on April 08, 2021, through examination of the claims with application and further search, the pertinent prior arts of record cited in PTO-892, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole and claims 1-20 having particular features have been found in condition for allowance. The following is an examiner’s statement of reasons for allowance: 
The instant application address the following issues: when cyberattacks are carried out on internal electronic control units (ECUs) of an automobile, even if the attack is successfully detected, it is exceedingly difficult to undertake adequate steps to neutralize its consequences. Furthermore, update cycles in the automobile industry also take a long time, and therefore when a vulnerability is discovered in electronic systems of an automobile, release of an update and installation thereof on the electronic systems of the automobile may take a long time, and a recall of the automobile may even be required, while older models may even remain with no update at all and, consequently, exposed to the vulnerability. Existing intrusion detection systems (IDS) are limited to discover anomalies in data being transmitted on buses of an automobile. However, operation of existing IDS systems cannot efficiently detect a complex targeted attack, and cannot easily adapted to network architecture of vehicles.  Finally, in the event of a successful computer attack which may result in substantial consequences, including a road traffic accident (RTA), information about the causes of the incident (such as the RTA) is extremely significant, even if it was not possible to detect the attack in advance and prevent it. This information is highly valuable both to the car makers and to the authorities conducting the investigation of the incident, since it makes it possible to develop the means for preventing such incidents in future. It must be noted that, at the stage of investigation of the incident already after it has occurred, all evidence indicating that it was caused by a computer attack, if such was the case, may have been removed from the system or lost. 
The instant invention provides a solution which is to detect and block such computer attacks by intercepting a plurality of messages transmitted on communications bus between a plurality of Electronic Control Units (ECUs) of a vehicle.  Each of the plurality of ECUs belong to one of the categories: primary electronic systems of the vehicle, and auxiliary electronic systems of the vehicle. The primary electronic systems include the ECU critical to the control of the vehicle and the safety of the vehicle and the people in its surroundings. The auxiliary electronic systems include the ECU providing additional convenience to the driver, affording entertainment options and other additional functions of the vehicle, the disconnecting of which does not impact the ability to control the vehicle or its safety. At least one recipient ECU that is a recipient of the intercepted messages is determined. The intercepted messages and information indicating the determined at least one recipient ECU are stored in a log. The system further includes detecting a cyberattacks of the vehicle based on satisfaction of at least one condition of a rule by the stored messages and information in the log and blocking the computer attack of the vehicle by performing an action associated with the rule. The rule depends on whether one or more intercepted messages are malicious messages and a recipient ECU of the malicious messages. The blocking of the detected cyberattack include blocking a transmission of at least one message between the ECUs.

The following prior arts are not relied upon, but is considered the closest to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

HAGA et al. US 20160297401: Discloses a security processing unit for executing a security action in accordance with a security condition table held in a security condition holding unit. The security actions include processes such as a process of adding a message ID of a frame for which a verification of a MAC has failed to a fraudulent-ID list held in the fraudulent-ID list holding unit, a process of recording the message ID in a log held in the fraud log holding unit, a process of instructing the mode change processing unit to put the vehicle into a safe state. The fraud log holding unit holds a log for recording events such as the transmission of a fraudulent data frame that includes a message ID of a fraudulent data frame, the date and time at which the fraudulent data frame was transmitted, and the number of times the fraudulent data frame has been transmitted. In order to prevent tampering with the log, the content of the log may be marked with digital signature or the like or the content of the log may be encrypted.
Evans et al. US 9843594: Discuses steps of receiving automobile-network messages that includes logging the automobile-network messages as they are broadcast over automobile network, and the step of logging is performed by an electronic control unit that is connected to the automobile network and/or a logging device that is connected to the automobile network via a port of the automobile network. Evans et al. further discuses a portion of the automobile-network messages to be broadcast over the automobile network and logged by the logging device connected to the automobile network. The step of receiving the automobile-network messages may include (1) receiving, at a cloud-based computing system, the portion of the automobile-network messages from the logging device and (2) receiving, at the cloud-based computing system, the additional portion of the automobile-network messages from the additional logging device. A module is created to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages in a variety of ways. One example is to use set of features to generate a baseline profile or rule set that defines one or more features of expected automobile-network messages and/or a baseline profile or rule set that defines one or more features of anomalous automobile-network messages. 
Galula et al. US 10298612: Describes a security enforcement unit and controller configured to enforce cyber-security in a vehicle, e.g., by: creating, storing and/or otherwise maintaining a timing, content, or other model for an expected behavior or for one or more messages communicated over an in-vehicle network; receiving a message sent from, or sent to, at least one of a plurality of ECUs; determining, based on the model, whether or not a behavior or, the received message, meets a criteria or complies with an expected timing, content, or other expected value or attribute; and, if the message does not comply with an expected value or does not meet a criteria, then performing at least one action related to the message, related to in-vehicle network and/or related to the at least one ECU. An action performed by controller may be or may include, logging or recording an event (e.g., for further or future investigation or analysis), removing a message from a communication bus, modifying a message and/or changing a configuration of an in-vehicle network or of at least one of the ECUs connected to the in-vehicle network.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494