Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 12/23/2019. Claims 1-20 are pending. Claims 1, 16, and 19 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 12/23/2019 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-15 and 19-20 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites “the critical components” and “the non-critical components”. However, there is no antecedent basis for the critical components or the non-critical components.
The claims depending from claim 1 inherit the limitations of claim 1 and are also rejected for the same reasons as claim 1.
Claim 19 recites “the automotive system.” However, there is no antecedent basis for the automotive system.
Claim 20 depends from claim 19, inherits the limitations of claim 19 and is also rejected for the same reason as claim 19.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 19-20 is/are rejected as being directed to non-statutory subject matter. The
claim(s) does/do not fall within at least one of the four categories of patent eligible subject
matter because the claim(s) recite “computer-readable medium” and the broadest
reasonable interpretation of “computer-readable medium” may include a transitory form of
signal transmission. See MPEP section 2106.03. Furthermore, the claimed device comprises only the computer-readable medium and therefore may include a transitory form of
signal transmission.
The disclosure at para. 84 states that:
“[0084] In some examples, the computer-readable storage media may comprise non-transitory media. The term “non-transitory” may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. In certain examples, a non-transitory storage medium may store data that can, over time, change (e.g., in RAM or cache)..”

The description of computer-readable storage media in the specification is very open ended. Unless the specification specifically states that a “computer-readable medium” excludes “signals” or defines it in some other way as hardware, the computer-readable medium is considered non-statutory. Applicant must amend the claims and incorporate the word “non-transitory” or amend the claims to recite that the device includes the processing circuitry. Examiner suggests amending "computer-readable medium" to “non-transitory computer-readable storage medium." See In re Nuijten, 500 F.3d 1346, 84 USPQ2d 1495 (Fed. Cir. 2007).  As indicated above, Applicant may also amend the claim to recite that the device includes the processing circuitry, and not just that the executable instructions are executable by processing circuitry.
Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	

Claims 1-2, 7-8, 10, 16, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park et al. U.S. Publication 20210075807 (hereinafter “Park”) in view of Ahmed et al. U.S. Publication 20160328272 (hereinafter “Ahmed”), further in view of Leon et al. U.S. Publication 20190386957 (hereinafter “Leon”).
As per claim 1, Park discloses 
An automobile [ vehicle; Park 0020 ] comprising: 
a plurality of electrical components interconnected by a communication network; 
a set of policies that logically partition the electrical components of the automobile into a first zone having one or more of the powertrain components and a second zone having one or more of the infotainment components, wherein the policies specify rules for communication between the zones defined for the communication network within the automobile; and 
(communication network = in-vehicle network [Park 0020]
plurality of electrical components = the gateways plus router plus ECU as depicted in Park figure 1
set of policies = rule set is a set of predefined rules [Park 0033] and the boundaries between domains [Park 0024]
a set of policies that logically partition is disclosed because the rules are applied to detect security threats in the network messages [Park 0033], and the intrusion detection system while applying the rules detects the messages moving between the different domains. 
policies specify rules for communication between the zones = rule set is a set of predefined rules [Park 0033] and ‘detecting an attack directed to another domain from inside the CAN domain’ [Park 0024]
)
[Park 0020]
FIG. 1 ….A central gateway (CGW) shown is a central communication node that serves as a router for transferring data between various domains within a vehicle1  and serves as a gate for communications between an external network and an in-vehicle network. The central gateway (CGW) may be viewed as a gate for all data coming into the vehicle. Sub-gateways are local communication nodes that are each responsible for a particular functional domain, such as a power train, chassis, body, infotainment, etc. 
[Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0033] The rule set is a set of predefined rules used by a plurality of detection techniques performed in the detection process for detecting a network message associated with a security threat. 


a security gateway embedded within the automobile and coupled, by the communication network, to the one or more powertrain components and the one or more infotainment components, 
wherein the security gateway is configured to provide security operations by applying the policies to communications within the automobile to determine, based on the rules defined by the policies, whether to forward or drop data messages communicated on the communication network.  

( a security gateway = sub-gateway in figure 1; the security gateway coupled to the various components is depicted in figure 1 and para. 20 describing the sub- gateways responsible for various domains
applying the policies = detection process 32 [of the rule engine 30] detects a malicious message during operation of the vehicle
whether to forward or drop data messages = post-process 33 may drop or log a detected malicious message or generate an alarm.
rules defined by the policies = rule set is a set of predefined rules [Park 0033]
)
	 [Park 0029] The message queue module 20 stores, in a message queue, all the CAN traffic data collected by the CAN bus. The request of other modules of the IDS for the collected traffic data is processed by the message queue module 20. The rule engine (or called ‘detection engine’) 30 is a module that operates as a detector and responder that is an essential function of the IDS. The function of the rule engine 30 may be broadly divided into a pre-process 31, a detection process 32, and a post-process 33. The pre-process 31 updates the rule set stored in the storage 60 with a rule set 10 obtained via various devices (e.g., a back-end server, a USB memory stick, an SD card, etc.) or resets the IDS. The detection process 32 detects a malicious message during operation of the vehicle. The post-process 33 determines how to process the detected malicious message. For example, the post-process 33 may drop or log a detected malicious message or generate an alarm.
[Park 0034] In the post-process, actions are executed such as passing, blocking, logging, or warning based on the results of checking the CAN messages. 
[Park 0039] According to the illustrated operation of FIG. 3, each message stacked in a message queue is determined by the detection process including three detection techniques (i.e., detection of static detection.fwdarw.misuse detection.fwdarw.anomaly detection) while blocking or passing the message.
[Park 0020]
FIG. 1 ….A central gateway (CGW) shown is a central communication node that serves as a router for transferring data between various domains within a vehicle and serves as a gate for communications between an external network and an in-vehicle network. The central gateway (CGW) may be viewed as a gate for all data coming into the vehicle. Sub-gateways are local communication nodes that are each responsible for a particular functional domain, such as a power train, chassis, body, infotainment, etc. 
[Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0033] The rule set is a set of predefined rules used by a plurality of detection techniques performed in the detection process for detecting a network message associated with a security threat. 

However, Park does not expressly disclose 
critical components and non-critical components 
determine, based on the rules defined by the policies, whether to forward or drop data packets 
Ahmed discloses a high reliability domain to execute vehicle critical applications and a lower reliability domain to execute lower priority vehicle applications
(Ahmed discloses packets at para. 102 but does not disclose dropping the packets or that the packets are part of messages)
[Ahmed 0005]
In some embodiments, the task scheduler identifies a priority level associated with each of the tasks and determines the order in which to send the tasks to the graphics processing unit based on the identified priority levels. Identifying a priority level associated with a task may include identifying which of the plurality of processing domains generated the task, identifying a priority level associated with the identified processing domain, and assigning a priority level to the task according to the priority level associated with the identified processing domain.
[Ahmed 0006]
plurality of processing domains include a high reliability domain configured to execute vehicle critical applications and generate high priority tasks for the graphics processing unit. The plurality of processing domains may further include a lower reliability domain configured to execute lower priority vehicle applications and generate low priority tasks for the graphics processing unit. 
[Ahmed 0015]
In some embodiments, the high priority tasks are generated by vehicle applications that relate to at least one of a safety of the vehicle and critical vehicle operations. The low priority tasks may be generated by at least one of vehicle infotainment applications, cloud applications, and autonomous driver assistance system applications. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Park with the techniques for grouping vehicle critical applications associated with a high reliability domain and lower priority vehicle applications associated with a lower reliability domain of Ahmed to include 
a set of policies that logically partition the electrical components of the automobile into a first zone having one or more of the critical components and a second zone having one or more of the non-critical components, 
a security gateway embedded within the automobile and coupled, by the communication network, to the one or more critical components and the one or more non- critical components, 
One of ordinary skill in the art would have made this modification to improve the ability of the system to prioritize higher priority application/components according to degree of criticality, thereby facilitating resource allocation among the domains using domain priority. The system (intrusion detection system) of the primary reference can be modified to prioritize the various domains so that domains that are more critical to the operation of the vehicle may be grouped as more critical/high-priority components/applications.

	However, the combination of Park and Ahmed does not expressly disclose 
determine, based on the rules defined by the policies, whether to forward or drop data packets 
Leon discloses
determine, based on the rules defined by the policies, whether to forward or drop data packets communicated on the communication network.  
Leon 0126]
cross-domain guard device 1122 may allow the data packet(s) to pass… may drop the data packet(s) (e.g., if the analysis results in a determination that the single message includes words, files, macros, attachments, and/or other content that is not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules)

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for forwarding/dropping packets according to security rules and security domains of Leon to include 
wherein the security gateway is configured to provide security operations by applying the policies to communications within the automobile to determine, based on the rules defined by the policies, whether to forward or drop data packets communicated on the communication network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to manage individual packets according to the security domains and forward or drop packets as needed. The system of the primary reference (e.g., intrusion detection system) can be modified to analyze communications at a packet level and drop or forward packets according to intrusion detection rules. 


As per claim 2, the rejection of claim 1 is incorporated herein. 
Park discloses wherein the security gateway includes intrusion detection and prevention for data messages communicated on the communication network.  
 [Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0003] Intrusion Detection and Prevention System (IDPS).
	However, the combination of Park and Ahmed does not expressly disclose wherein the security gateway includes intrusion detection and prevention for data packets communicated on the communication network.  
(Ahmed discloses packets at para. 102 but does not disclose intrusion detection and prevention using the packets)
Leon discloses processing packets and forwarding/dropping packets according to security rules and security domains 
[Leon 0126]
cross-domain guard device 1122 may allow the data packet(s) to pass…may drop the data packet(s) (e.g., if the analysis results in a determination that the single message includes words, files, macros, attachments, and/or other content that is not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules)

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for processing packets and forwarding/dropping packets according to security rules and security domains of Leon to include 
wherein the security gateway includes intrusion detection and prevention for data packets communicated on the communication network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to manage individual packets according to the security domains and drop packets as needed. The system of the primary reference (e.g., intrusion detection system) can be modified to analyze communications at a packet level and drop or forward packets according to intrusion detection rules. 

As per claim 7, the rejection of claim 1 is incorporated herein. 
Park discloses domains that include powertrain and infotainment domains (para. 20), 
(but Park does not categorize such domains as critical or non-critical.)
Park does not expressly disclose 
wherein the one or more critical components comprise an engine control unit, a body control module, or a driver-assistance system, and wherein the one or more non-critical components comprise an entertainment system or a Bluetooth module.  
Ahmed discloses 
wherein the one or more critical components comprise an engine control unit, a body control module, or a driver-assistance system, and wherein the one or more non-critical components comprise an entertainment system or a Bluetooth module.   
(driver-assistance system = high reliability driver information cluster domain [0037]
).
[Ahmed 0006]
plurality of processing domains include a high reliability domain configured to execute vehicle critical applications and generate high priority tasks for the graphics processing unit. The plurality of processing domains may further include a lower reliability domain configured to execute lower priority vehicle applications and generate low priority tasks for the graphics processing unit. 
[Ahmed 0015]
In some embodiments, the high priority tasks are generated by vehicle applications that relate to at least one of a safety of the vehicle and critical vehicle operations. The low priority tasks may be generated by at least one of vehicle infotainment applications, cloud applications, and autonomous driver assistance system applications. 
 [Ahmed 0037]
In an exemplary embodiment, the system includes and supports at least the following four domains: (1) a high reliability driver information cluster domain, (2) a cloud domain, (3) an entertainment domain, and (4) an autonomous driver assistance systems (ADAS) domain. The high reliability driver information cluster domain may support critical vehicle applications that relate to the safety of the vehicle and/or critical vehicle operations. The cloud domain may support downloads of new user or vehicle “apps” from the Internet, a connected portable electronic device, or another source. The entertainment domain may provide a high quality user experience for applications and user interface components including, e.g., a music player, navigation, phone and/or connectivity applications. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Park with the technique for including driver information critical vehicle applications and non-critical entertainment system  of Ahmed to include wherein the one or more critical components comprise an engine control unit, a body control module, or a driver-assistance system, and wherein the one or more non-critical components comprise an entertainment system or a Bluetooth module.   
One of ordinary skill in the art would have made this modification to improve the ability of the system to prioritize the critical driving components over the non-critical entertainment components, so that system resources can be properly allocated to higher priority components. The system of the primary reference can be modified to to include driver information critical vehicle applications as critical domain components and prioritize the entertainment components as non-critical components   

As per claim 8, the rejection of claim 1 is incorporated herein. 
	However, the combination of Park and Ahmed does not expressly disclose 
wherein the security gateway is configured to apply the rules to each packet at least in part by applying zone-based rules to each packet.  
Leon discloses 
wherein the security gateway is configured to apply the rules to each packet at least in part by applying zone-based rules to each packet.  
 (see Leon figure 11A where the computing system 1120 functions as both cross-domain guard device and gateway; similarly node 110b functions as cross-domain guard device and gateway in figure 11b; the cross-domain guard device applies rules and the zone is disclosed by the domain of Leon [Leon 0126]
)
[Leon 0126]
The cross-domain guard device 1122 may control whether data can pass from one security domain to another security domain. … the cross-domain guard device 1122 to inspect the content of data packets received from the network gateway 1124 and destined for the server(s) 1110 storing entity data and/or to inspect the content of data packets received from the server(s) 1110 storing entity data and destined for the network gateway 1124 (and other systems). …analyze content of the single message to determine whether the content satisfies one or more rules. Based on the analysis, the cross-domain guard device 1122 may allow the data packet(s) to pass (e.g., if the analysis results in a determination that the single message does not include words, files, macros, attachments, and/or other content that are not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), may redirect the data packet(s) (e.g., for further analysis), may drop the data packet(s) …given the destination's security domain level, as determined by one or more rules), and/or may quarantine the data packet(s) (e.g., for further analysis). In some embodiments, the cross-domain guard device 1122 may translate one or more data packets into a common format prior to the analysis.

For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for apply domain rules to packets of Leon to include 
wherein the security gateway is configured to apply the rules to each packet at least in part by applying zone-based rules to each packet.  

As per claim 10, the rejection of claim 8 is incorporated herein. 
Park discloses wherein the security gateway is configured to apply zone- based rules (see rejection of claim 1)
However, Park does not expressly disclose
wherein the security gateway is configured to apply zone- based rules by allowing packets traveling between the non-critical components and a public network.  
Ahmed discloses a high reliability domain to execute vehicle critical applications and a lower reliability domain to execute lower priority vehicle applications
( Ahmed discloses packets at para. 102 but not dropping packets or data packets traveling between non-critical and critical domains
).
 [Ahmed 0005]
In some embodiments, the task scheduler identifies a priority level associated with each of the tasks and determines the order in which to send the tasks to the graphics processing unit based on the identified priority levels. Identifying a priority level associated with a task may include identifying which of the plurality of processing domains generated the task, identifying a priority level associated with the identified processing domain, and assigning a priority level to the task according to the priority level associated with the identified processing domain.
[Ahmed 0006]
plurality of processing domains include a high reliability domain configured to execute vehicle critical applications and generate high priority tasks for the graphics processing unit. The plurality of processing domains may further include a lower reliability domain configured to execute lower priority vehicle applications and generate low priority tasks for the graphics processing unit. 
[Ahmed 0015]
In some embodiments, the high priority tasks are generated by vehicle applications that relate to at least one of a safety of the vehicle and critical vehicle operations. The low priority tasks may be generated by at least one of vehicle infotainment applications, cloud applications, and autonomous driver assistance system applications. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Park with the techniques for grouping vehicle critical applications associated with a high reliability domain and lower priority vehicle applications associated with a lower reliability domain of Ahmed to include 
wherein the security gateway is configured to apply zone- based rules by allowing messages traveling between the non-critical components
	However, the combination of Park and Ahmed does not expressly disclose 
wherein the security gateway is configured to apply zone- based rules by allowing packets traveling between the non-critical components and a public network.  
Leon discloses 
apply zone- based rules by allowing packets traveling between the non-critical components and a public network.   
(See Leon figure 11A and figure 14. The cross-domain guard device 1122 of figure 11A allows packets traveling between server 1110 and the public network 210, and Leon figure 14 shows server 1110A can be a moderate, which is lower security domain. See Leon para. 126
). 
[Leon 0126]
cross-domain guard device 1122 to inspect the content of data packets received from the network gateway 1124 and destined for the server(s) 1110 storing entity data and/or to inspect the content of data packets received from the server(s) 1110 storing entity data and destined for the network gateway 1124 (and other systems). … analyze content of the single message to determine whether the content satisfies one or more rules. Based on the analysis, the cross-domain guard device 1122 may allow the data packet(s) to pass (e.g., if the analysis results in a determination that the single message does not include words, files, macros, attachments, and/or other content that are not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), 
[Leon 0128]
The network gateway 1124 may be configured to communicate with other network gateways 1124 present in other systems via the public network 210

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for applying domain-based rules that allow packets to travel between a lower security domain and a public network of Leon to include 
wherein the security gateway is configured to apply zone- based rules by allowing packets traveling between the non-critical components and a public network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to facilitate communication between the lower security domain and the public network, so that the components in the vehicle have access to Internet. The system of the primary reference as modified can be further modified so that packets are allowed to travel between a lower security domain and the public network.

As per claim 16, Park discloses 
A method for operating a security gateway in an automobile [ vehicle; Park 0020 ], the method comprising: 
receiving, by the security gateway, a message via a network interconnecting one or more powertrain components and one or more infotainment components of the automotive system;
applying, by the security gateway, rules to the message
dropping, by the security gateway, the message or forwarding, by the security gateway, the message to a destination on the network based on applying the rules to the message.  

[Park 0011] The methods described above may be performed by at least one electronic apparatus
[Park 0020]
FIG. 1 ….A central gateway (CGW) shown is a central communication node that serves as a router for transferring data between various domains within a vehicle  and serves as a gate for communications between an external network and an in-vehicle network. The central gateway (CGW) may be viewed as a gate for all data coming into the vehicle. Sub-gateways are local communication nodes that are each responsible for a particular functional domain, such as a power train, chassis, body, infotainment, etc. 
 [Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0028] FIG. 2 … The IDS illustrated in FIG. 2 may be implemented as a dedicated electronic control unit(s) which is embedded in the gateway(s) or ECU(s) illustrated in FIG. 1 or linked to the in-vehicle network.
[Park 0029] The detection process 32 detects a malicious message during operation of the vehicle. The post-process 33 determines how to process the detected malicious message. For example, the post-process 33 may drop or log a detected malicious message or generate an alarm.
[Park 0033] The rule set is a set of predefined rules used by a plurality of detection techniques performed in the detection process for detecting a network message associated with a security threat. 
[Park 0034] In the post-process, actions are executed such as passing, blocking, logging, or warning based on the results of checking the CAN messages. 

However, Park does not expressly disclose 
receiving, by the security gateway, a packet via a packet-based network interconnecting one or more critical components and one or more non-critical components of the automotive system; 
applying, by the security gateway, rules to the packet; and 
dropping, by the security gateway, the packet or forwarding, by the security gateway, the packet to a destination on the packet-based network based on applying the rules to the packet.  

Ahmed discloses a high reliability domain to execute vehicle critical applications and a lower reliability domain to execute lower priority vehicle applications
(Ahmed discloses packets in a network at para. 102 but does not disclose applying rules to packets).
[Ahmed 0005]
In some embodiments, the task scheduler identifies a priority level associated with each of the tasks and determines the order in which to send the tasks to the graphics processing unit based on the identified priority levels. Identifying a priority level associated with a task may include identifying which of the plurality of processing domains generated the task, identifying a priority level associated with the identified processing domain, and assigning a priority level to the task according to the priority level associated with the identified processing domain.
[Ahmed 0006]
plurality of processing domains include a high reliability domain configured to execute vehicle critical applications and generate high priority tasks for the graphics processing unit. The plurality of processing domains may further include a lower reliability domain configured to execute lower priority vehicle applications and generate low priority tasks for the graphics processing unit. 
[Ahmed 0015]
In some embodiments, the high priority tasks are generated by vehicle applications that relate to at least one of a safety of the vehicle and critical vehicle operations. The low priority tasks may be generated by at least one of vehicle infotainment applications, cloud applications, and autonomous driver assistance system applications. 
[0102] Virtual networking interfaces can also be provided for use by each domain. To the OS user space it appears as a regular network interface with a name and MAC address (configurable in a device tree)…. The valid data area can include a sequence of packets. A single interrupt may be used to signal the receiving guest that a new packet has been written to the buffer. More specifically, the transmitting domain writes the packet size, followed by the packet data to a send buffer in the shared memory. On the incoming side, an interrupt signals the presence of incoming packets. The packets received by the system are read and forwarded to the guest OS's network subsystem by the receiving domain. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Park with the techniques for grouping vehicle critical applications associated with a high reliability domain and lower priority vehicle applications associated with a lower reliability domain of Ahmed to include 
receiving, by the security gateway, a message via a packet-based network interconnecting one or more critical components and one or more non-critical components of the automotive system; 
One of ordinary skill in the art would have made this modification to improve the ability of the system to prioritize higher priority application/components according to degree of criticality, to facilitate allocating resources among domains. The system (intrusion detection system) of the primary reference can be modified to prioritize the various domains so that domains that are more critical to the operation of the vehicle may be grouped as more critical/high-priority components/applications.

	However, the combination of Park and Ahmed does not expressly disclose 
applying, by the security gateway, rules to the packet; and 
dropping, by the security gateway, the packet or forwarding, by the security gateway, the packet to a destination on the packet-based network based on applying the rules to the packet.  

Leon discloses forwarding or dropping packets based on rules
[Leon 0126]
cross-domain guard device 1122 may allow the data packet(s) to pass (e.g., if the analysis results in a determination that the single message does not include words, files, macros, attachments, and/or other content that are not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), may redirect the data packet(s) (e.g., for further analysis), may drop the data packet(s) (e.g., if the analysis results in a determination that the single message includes words, files, macros, attachments, and/or other content that is not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules)

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for forwarding/dropping packets according to security rules and security domains of Leon to include 
applying, by the security gateway, rules to the packet; and 
dropping, by the security gateway, the packet or forwarding, by the security gateway, the packet to a destination on the packet-based network based on applying the rules to the packet.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to manage individual packets according to the rules and forward or drop packets as needed. The system of the primary reference (e.g., intrusion detection system) can be modified to analyze communications at a packet level and drop or forward packets according to intrusion detection rules. 

As per claim 19, the claim(s) is/are directed to a device with limitations which correspond to limitations of claim 16, and is/are rejected for the reasons detailed with respect to claim 16.  Claim 19 also recites, and Park discloses
A device comprising a computer-readable medium having executable instructions stored thereon, configured to be executable by processing circuitry for causing the processing circuitry to: 
[Park 0041]
methods, apparatuses, systems described in this disclosure may be implemented by or included in an electronic controller, a gateway, or the like having a processor, memory, communication interface, and the like. For example, the electronic controller may operate as an apparatus that executes the methods described above by loading software instructions into the processor and then executing the instructions to perform the functions described in this disclosure. 
[Park 0042] The various methods described in this disclosure, on the other hand, may be implemented with instructions stored in a non-transitory recording medium that may be read and executed by one or more processors. The non-transitory recording medium includes, for example, all types of recording devices in which data is stored in a form readable by a computer system. By way of example, and not limitation, the non-transitory recording medium includes storage media such as erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash memory, optical drive, magnetic hard drive, solid-state drive (SSD).



Claims 3-6, 11, 17, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Ahmed, in view of Leon, further in view of Kapoor et al. U.S. Publication 20080262991 (hereinafter “Kapoor”).
As per claim 3, the rejection of claim 2 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the intrusion detection and prevention includes application identification to determine whether to forward or drop the data packets.  
Kapoor discloses wherein the intrusion detection and prevention includes application identification to determine whether to forward or drop the data packets.  
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0525] Such intrusions may be detected with content inspection as facilitated by the flow processing facility 102. 
[Kapoor 0527] By applying the behavioral analysis methods and techniques herein described to packets containing email, the flow processing facility 102 may detect email that may be a spam email. In an example, internet email traffic to each recipient on the network may be analyzed for patterns associated with the source of the email (i.e.: the sender).., the security policy 414 may provide for remedies such as dropping the entire spam email …By applying anti-spam techniques such as behavioral based content inspection with the flow processing facility 102 to all packets passing through a network border, other communication applications such as instant messaging and faxing may also be protected from spam.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for identifying email applications and dropping data packets that are spam related of Kapoor to include 
wherein the intrusion detection and prevention includes application identification to determine whether to forward or drop the data packets.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to properly filter spam packets for email applications. The system (e.g. intrusion detection system) of the primary reference can be modified to drop packets for various applications such as email or instant messaging, as taught in the Kapoor reference.

As per claim 4, the rejection of claim 2 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the intrusion detection and prevention includes deep packet inspection of data packets communicated on the communication network.  
Kapoor discloses wherein the intrusion detection and prevention includes deep packet inspection of data packets communicated on the communication network.  
 [Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
 [Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. …Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection of Kapoor to include 
wherein the intrusion detection and prevention includes deep packet inspection of data packets communicated on the communication network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection, as taught by the Kapoor reference.


As per claim 5, the rejection of claim 4 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the deep packet inspection includes anti-virus detection to determine whether to forward or drop the data packets.  
Kapoor discloses wherein the deep packet inspection includes anti-virus detection to determine whether to forward or drop the data packets.  
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. … Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 
[Kapoor 0015] recognize patterns in the data flow, wherein the patterns are relevant to recognition of the presence of at least two of a virus, 
[Kapoor 0525]  identifying content that may be associated with a computer virus and taking an appropriate action (such as and without limitation, dropping the packet). 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection of Kapoor to include 
wherein the deep packet inspection includes anti-virus detection to determine whether to forward or drop the data packets.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection to recognize viruses and drop packets that have been infected. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection and drop packets with detected virus, as taught by the Kapoor reference.





As per claim 6, the rejection of claim 4 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the deep packet inspection includes pattern recognition to determine whether to forward or drop the data packets.  
Kapoor discloses wherein the deep packet inspection includes pattern recognition to determine whether to forward or drop the data packets.  
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. … Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 
[Kapoor 0015] flow processing facility to recognize patterns in the data flow, wherein the patterns are relevant to recognition of the presence of at least two of a virus, a spam communication, a hacker's attack, spyware, and intrusion on a computer network and wherein the flow processing facility recognizes patterns using a set of artificial neurons. In embodiments, the patterns are relevant to recognition of a virus and a spam communication. In embodiments, the patterns are relevant to recognition of a virus and a hacker's attack. In embodiments, the patterns are relevant to recognition of a virus and spyware. In embodiments, the patterns are relevant to recognition of a virus and intrusion on a computer network. …, the patterns are relevant to recognition of a hacker's attack and intrusion on a computer network. In embodiments, the patterns are relevant to recognition of spyware and intrusion on a computer network. 
[Kapoor 0525]  identifying content that may be associated with a computer virus and taking an appropriate action (such as and without limitation, dropping the packet).
[Kapoor 0067] Taking action may include dropping the packets or dropping subsequent packets associated with a stream of the abnormal or invalid packets. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection using pattern recognition of Kapoor to include 
wherein the deep packet inspection includes pattern recognition to determine whether to forward or drop the data packets.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection using pattern recognition to recognize viruses or other threats and drop packets that have been infected or is otherwise a threat. The system (intrusion detection system) of the primary reference can be modified to to perform intrusion detection with deep packet inspection and drop packets with detected threats, as taught by the Kapoor reference.

As per claim 11, the rejection of claim 1 is incorporated herein. 
	Park discloses wherein the security gateway is configured to apply the rules 
[Park 0020]
FIG. 1…Sub-gateways are local communication nodes that are each responsible for a particular functional domain, such as a power train, chassis, body, infotainment, etc. 
[Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0033] The rule set is a set of predefined rules used by a plurality of detection techniques performed in the detection process for detecting a network message associated with a security threat.

However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the security gateway is configured to apply the rules to each packet at least in part by performing deep packet inspection on each packet.  
Kapoor discloses wherein the security gateway is configured to apply the rules to each packet at least in part by performing deep packet inspection on each packet.  
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. …Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 
[Kapoor 0055] Content inspection may be based on one or more action rules or a security policy.
[Kapoor 0140] Additionally, the flow processing facility 102 may perform as a network switch, hub, router, server, client, gateway

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection of Kapoor to include 
wherein the intrusion detection and prevention includes deep packet inspection of data packets communicated on the communication network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection using rules. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection using rules, in order to detect intrusions into the system, as taught by the Kapoor reference.

As per claim 17, the rejection of claim 16 is incorporated herein. 
Park discloses applying the rules to the message comprises performing intrusion detection and prevention
 [Park 0003] The IDS and IPS are generally used together into such a system referred to as an Intrusion Detection and Prevention System (IDPS).
(Ahmed discloses packets at para. 102 but does not disclose intrusion detection and prevention using the packets)
However, the combination of Park and Ahmed does not expressly disclose
wherein applying the rules to the packet comprises performing intrusion detection and prevention by performing deep packet inspection of the packet.  
Leon discloses processing packets and forwarding/dropping packets according to security rules and security domains 
 [Leon 0126]
cross-domain guard device 1122 may allow the data packet(s) to pass (e.g., if the analysis results in a determination that the single message does not include words, files, macros, attachments, and/or other content that are not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), may redirect the data packet(s) (e.g., for further analysis), may drop the data packet(s) (e.g., if the analysis results in a determination that the single message includes words, files, macros, attachments, and/or other content that is not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), and/or may quarantine the data packet(s) (e.g., for further analysis). 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for processing packets and forwarding/dropping packets according to security rules of Leon to include 
wherein applying the rules to the packet comprises performing intrusion detection and prevention by performing packet inspection of the packet.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to manage individual packets and drop packets as needed according to the rules. The system of the primary reference (e.g., intrusion detection system) can be modified to analyze communications at a packet level and drop or forward packets according to intrusion detection rules. 
However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein applying the rules to the packet comprises performing intrusion detection and prevention by performing deep packet inspection of the packet.  
Kapoor discloses the intrusion detection and prevention includes deep packet inspection of data packets 
 [Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
 [Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. …Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection of Kapoor to include 
wherein the intrusion detection and prevention includes deep packet inspection of data packets communicated on the communication network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection, as taught by the Kapoor reference.

As per claim 20, the rejection of claim 19 is incorporated herein. 
	Park discloses perform intrusion detection and prevention
[Park 0003] Intrusion Detection and Prevention System (IDPS).
However, the combination of Park, Ahmed, and Leon does not expressly disclose 
perform intrusion detection and prevention by performing deep packet inspection of the packet; and perform pattern recognition to determine whether to forward or drop the packet.
(Ahmed discloses packets at para. 102 but does not disclose intrusion detection and prevention using the packets)
Kapoor discloses perform intrusion detection and prevention by performing deep packet inspection of the packet; and perform pattern recognition to determine whether to forward or drop the packet.
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. …Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 
[Kapoor 0031] This application also includes methods and systems for an intrusion detection and prevention system. 
[Kapoor 0023] The packet inspection may be directed at a header of the packet and/or a payload of the packet. … Inspecting the payload of the packet may be referred to as "deep packet inspection" or "payload inspection." 
[Kapoor 0015] flow processing facility to recognize patterns in the data flow, wherein the patterns are relevant to recognition of the presence of at least two of a virus, a spam communication, a hacker's attack, spyware, and intrusion on a computer network and wherein the flow processing facility recognizes patterns using a set of artificial neurons. In embodiments, the patterns are relevant to recognition of a virus and a spam communication. In embodiments, the patterns are relevant to recognition of a virus and a hacker's attack. In embodiments, the patterns are relevant to recognition of a virus and spyware. In embodiments, the patterns are relevant to recognition of a virus and intrusion on a computer network. …, the patterns are relevant to recognition of a hacker's attack and intrusion on a computer network. In embodiments, the patterns are relevant to recognition of spyware and intrusion on a computer network. 
[Kapoor 0525]  identifying content that may be associated with a computer virus and taking an appropriate action (such as and without limitation, dropping the packet).
[Kapoor 0067] Taking action may include dropping the packets or dropping subsequent packets associated with a stream of the abnormal or invalid packets. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for performing intrusion detection with deep packet inspection using pattern recognition of Kapoor to include 
perform intrusion detection and prevention by performing deep packet inspection of the packet; and perform pattern recognition to determine whether to forward or drop the packet. 
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection, in order to detect intruders into the network. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection, as taught by the Kapoor reference. One of ordinary skill in the art would also have made this modification to improve the ability of the system to perform intrusion detection with deep packet inspection using pattern recognition to recognize viruses or other threats and drop packets that have been infected or is otherwise a threat. The system (intrusion detection system) of the primary reference can be modified to perform intrusion detection with deep packet inspection and drop packets with detected threats, as taught by the Kapoor reference.

Claims 9 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Ahmed, in view of Leon, further in view of Davis et al. U.S. Publication 20110103391 (hereinafter “Davis”).
As per claim 9, the rejection of claim 8 is incorporated herein. 
	Park discloses security gateway configured to apply zone-based rules and dropping messages (see rejection of claim 8), however Park does not disclose wherein the security gateway is configured to apply zone- based rules by dropping packets traveling from the non-critical components to the critical components.  
Ahmed discloses a high reliability domain to execute vehicle critical applications and a lower reliability domain to execute lower priority vehicle applications (see rejection of claim 1)
However, the combination of Park and Ahmed does not expressly disclose 
wherein the security gateway is configured to apply zone- based rules by dropping packets traveling from the non-critical components to the critical components.  
Leon discloses dropping data packets according to rules (see para. 126)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the technique for processing packets and forwarding/dropping packets according to security rules and security domains of Leon to include 
wherein the security gateway is configured to apply zone- based rules by dropping packets traveling among the high reliability and lower reliability domains.
However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the security gateway is configured to apply zone- based rules by dropping packets traveling from the non-critical components to the critical components.  
Davis discloses excluding unnecessary packets from a domain
 [Davis 0026] The herein presented aspects of a server-on-a-chip (SOC) with packet switch functionality are focused on network aggregation. … with routing based on source/destination MAC addresses. It further supports virtual local area network (VLAN), with configurable VLAN filtering on domain incoming packets to minimize unnecessary traffic in a domain. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the techniques for excluding unnecessary packets from a domain of Davis to include 
wherein the security gateway is configured to apply zone- based rules by dropping packets traveling from the non-critical components to the critical components.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to prevent congestion in the critical domain by excluding unnecessary packets originating from the non-critical domain, thereby improving performance in the critical domain. The system of the primary reference (intrusion detection system) as modified can be further modified to exclude packets that are unnecessary from the critical domain.

As per claim 18, the rejection of claim 16 is incorporated herein. 
Park discloses further comprising implementing policies to logically partition electrical components of the automotive system into a first zone having the one or more powertrain components and a second zone having the one or more infotainment components, 
wherein the policies specify rules for communication between the first and second zones defined for the communication network within the automotive system 
wherein applying the rules to the message comprises applying zone-based rules to the message by: 
dropping messages 
 ( policies = rule set is a set of predefined rules [Park 0033] and the boundaries between domains [Park 0024]
applying zone-based rules to the message = rule set is a set of predefined rules [Park 0033] and ‘detecting an attack directed to another domain’ [Park 0024]
)
[Park 0020]
FIG. 1 illustrates locations such as {circle around (A)}, {circle around (B)}, {circle around (C)}, {circle around (D)}, and {circle around (E)} at which an IDS (Intrusion Detection System) may be deployed on a controller area network (CAN). A central gateway (CGW) shown is a central communication node that serves as a router for transferring data between various domains within a vehicle and serves as a gate for communications between an external network and an in-vehicle network. The central gateway (CGW) may be viewed as a gate for all data coming into the vehicle. Sub-gateways are local communication nodes that are each responsible for a particular functional domain, such as a power train, chassis, body, infotainment, etc. FIG. 1 presupposes that electronic control units (ECUs) are connected to a CAN bus in the respective functional domains, although the ECUs may be connected to a bus using other communication protocols (e.g., LIN, FlexRay, Ethernet, etc.) in some functional domains.
[Park 0024]
{circle around (C)} At sub-gateway: Where management is performed on CAN messages that are transmitted and received to and from a specific CAN domain, an IDS may be installed to more easily detect a discrepancy between a CAN message at {circle around (B)} and a CAN message flowing in the specific CAN domain. At this location for detecting an attack directed to another domain from inside the CAN domain, the IDS may detect an attacker inside the CAN domain with a high level of success. 
[Park 0033] The rule set is a set of predefined rules used by a plurality of detection techniques performed in the detection process for detecting a network message associated with a security threat. 
	 [Park 0029] The message queue module 20 stores, in a message queue, all the CAN traffic data collected by the CAN bus. The request of other modules of the IDS for the collected traffic data is processed by the message queue module 20. The rule engine (or called ‘detection engine’) 30 is a module that operates as a detector and responder that is an essential function of the IDS. … The detection process 32 detects a malicious message during operation of the vehicle. The post-process 33 determines how to process the detected malicious message. For example, the post-process 33 may drop or log a detected malicious message or generate an alarm.
[Park 0034] In the post-process, actions are executed such as passing, blocking, logging, or warning based on the results of checking the CAN messages. 
[Park 0039] blocking or passing the message.

However, Park does not expressly disclose 
further comprising implementing policies to logically partition electrical components of the automotive system into a first zone having the one or more critical components and a second zone having the one or more non-critical components, 
wherein applying the rules to the packet comprises applying zone-based rules to the packet by: 
dropping packets traveling from the one or more non-critical components to the one or more critical components; and  27Docket No.: 2014-109US01 / JNP3005-US-ORG1 
allowing packets traveling between the one or more non-critical components and a public network.  

Ahmed discloses a high reliability domain to execute vehicle critical applications and a lower reliability domain to execute lower priority vehicle applications
(Ahmed discloses packets at para. 102 but does not disclose dropping the packets or that the packets are part of messages)
 [Ahmed 0005]
In some embodiments, the task scheduler identifies a priority level associated with each of the tasks and determines the order in which to send the tasks to the graphics processing unit based on the identified priority levels. Identifying a priority level associated with a task may include identifying which of the plurality of processing domains generated the task, identifying a priority level associated with the identified processing domain, and assigning a priority level to the task according to the priority level associated with the identified processing domain.
[Ahmed 0006]
plurality of processing domains include a high reliability domain configured to execute vehicle critical applications and generate high priority tasks for the graphics processing unit. The plurality of processing domains may further include a lower reliability domain configured to execute lower priority vehicle applications and generate low priority tasks for the graphics processing unit. 
[Ahmed 0015]
In some embodiments, the high priority tasks are generated by vehicle applications that relate to at least one of a safety of the vehicle and critical vehicle operations. The low priority tasks may be generated by at least one of vehicle infotainment applications, cloud applications, and autonomous driver assistance system applications. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Park with the techniques for grouping vehicle critical applications associated with a high reliability domain and lower priority vehicle applications associated with a lower reliability domain of Ahmed to include 
further comprising implementing policies to logically partition electrical components of the automotive system into a first zone having the one or more critical components and a second zone having the one or more non-critical components, 
One of ordinary skill in the art would have made this modification to improve the ability of the system to prioritize higher priority application/components according to degree of criticality, to facilitate allocation of resources among domains. The system (intrusion detection system) of the primary reference can be modified to prioritize the various domains so that domains that are more critical to the operation of the vehicle may be grouped as more critical/high-priority components/applications.

	However, the combination of Park and Ahmed does not expressly disclose
wherein applying the rules to the packet comprises applying zone-based rules to the packet by: 
dropping packets traveling from the one or more non-critical components to the one or more critical components; and  27Docket No.: 2014-109US01 / JNP3005-US-ORG1 
allowing packets traveling between the one or more non-critical components and a public network.  
Leon discloses wherein applying the rules to the packet comprises applying zone-based rules to the packet by: 
[Leon 0126]
cross-domain guard device 1122 may allow the data packet(s) to pass…may drop the data packet(s) (e.g., if the analysis results in a determination that the single message includes words, files, macros, attachments, and/or other content that is not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules) 

allowing packets traveling between the one or more non-critical components and a public network. 
(See Leon figure 11A and figure 14. The cross-domain guard 1122 of figure 11A allows packets traveling between server 1110 and the public network 210, and figure 14 shows server 1110A can be a moderate, which is lower security domain. See Leon para. 126
). 
[Leon 0126]
cross-domain guard device 1122 to inspect the content of data packets received from the network gateway 1124 and destined for the server(s) 1110 storing entity data and/or to inspect the content of data packets received from the server(s) 1110 storing entity data and destined for the network gateway 1124 (and other systems). In particular, the cross-domain guard device 1122 can assembly one or more data packets into a single message within a sandboxed environment, and then analyze content of the single message to determine whether the content satisfies one or more rules. Based on the analysis, the cross-domain guard device 1122 may allow the data packet(s) to pass (e.g., if the analysis results in a determination that the single message does not include words, files, macros, attachments, and/or other content that are not allowed to be sent to the destination given the destination's security domain level, as determined by one or more rules), 
[Leon 0128]
The network gateway 1124 may be configured to communicate with other network gateways 1124 present in other systems via the public network 210


It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park and Ahmed with the techniques for forwarding/dropping packets according to security rules and security domains and applying domain-based rules that allow packets to travel between a lower security domain and a public network of Leon to include 
wherein applying the rules to the packet comprises applying zone-based rules to the packet by: 
dropping packets traveling
allowing packets traveling between the one or more non-critical components and a public network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to manage individual packets according to the security domains and drop packets as needed. The system of the primary reference (e.g., intrusion detection system) can be modified to to analyze communications at a packet level and drop or forward packets according to intrusion detection rules. One of ordinary skill in the art would also have made this modification to improve the ability of the system to facilitate communication between the lower security domain and the public network, so that the components in the vehicle have access to Internet. The system of the primary reference as modified can be further modified so that packets are allowed to travel between a lower security domain and the public network.

However, the combination of Park, Ahmed, and Leon does not expressly disclose 
dropping packets traveling from the one or more non-critical components to the one or more critical components; and  27Docket No.: 2014-109US01 / JNP3005-US-ORG1 
Davis discloses excluding unnecessary packets from a domain
 [0026] The herein presented aspects of a server-on-a-chip (SOC) with packet switch functionality are focused on network aggregation. … with routing based on source/destination MAC addresses. It further supports virtual local area network (VLAN), with configurable VLAN filtering on domain incoming packets to minimize unnecessary traffic in a domain. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the techniques for excluding unnecessary packets from a domain of Davis to include 
dropping packets traveling from the one or more non-critical components to the one or more critical components; and  27Docket No.: 2014-109US01 / JNP3005-US-ORG1 
One of ordinary skill in the art would have made this modification to improve the ability of the system to prevent congestion in the critical domain by excluding unnecessary packets originating from the non-critical domain, thereby improving performance in the critical domain. The system of the primary reference (intrusion detection system) as modified can be further modified to exclude packets that are unnecessary from the critical domain.



Claims 12 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Ahmed, in view of Leon, further in view of Nimmagadda et al. U.S. Publication 20180063195 (hereinafter “Nimmagadda”).
As per claim 12, the rejection of claim 1 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the security gateway is configured to run a software-based firewall on a hypervisor to apply the rules to each packet.  
Nimmagadda discloses wherein the security gateway is configured to run a software-based firewall on a hypervisor to apply the rules to each packet.  

 [Nimmagadda 0011] A firewall rule for a DCN may be triggered, for example, when the specification of a data packet received at the DCN matches the specification of the firewall rule (e.g., when the five-tuple of the packet headers match the identification fields of the rule).
[Nimmagadda 0036] A logical network, logically connects different DCNs (e.g., of a tenant in a hosting system), which run on one or more host machines, to each other …, and pushes the initial and runtime configuration data to a set of physical nodes (e.g., host machines, gateway machines, etc.) of the hosting system in order to configure the physical nodes to implement the logical network.
[Nimmagadda 0113] FIG. 5 …performed by a firewall module such as the firewall module or engine that runs on a host machine (e.g., in a hypervisor of the host machine). The process starts by receiving (at 510) a packet. The process then determines (at 520) whether the received packet matches any of the firewall rules (e.g., that is generated based on a security policy defined by a user). 
 [Nimmagadda 0028] management and control plane also configures a firewall module or engine on each host machine for applying the firewall rules on the network traffic that is destined for and/or originated from the logical network's end machines (i.e., DCNs) that run on the host machine. The firewall module of some embodiments is instantiated in the virtualization software (e.g., hypervisor) of the host machine and applies the network security policy on the network traffic that passes through the hypervisor. 
[Nimmagadda 0119]
A firewall engine that is coupled to the MFE (e.g., running in a same hypervisor as the MFE), checks the packet against a set of firewall rules in the table 650 …generates and sends a log message for this triggered firewall rule to a log server.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for executing a firewall on a hypervisor to apply rules to packets of Nimmagadda to include 
wherein the security gateway is configured to run a software-based firewall on a hypervisor to apply the rules to each packet.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to execute a firewall on the hypervisor, so that the firewall can be isolated and restarted without affecting the rest of the system if the firewall is compromised. The system of the primary reference can be modified to run a firewall on a hypervisor executing on a gateway.


As per claim 13, the rejection of claim 12 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the hypervisor runs on an operating system running on one or more processors of the security gateway, or wherein the hypervisor runs directly on one or more processors of the security gateway.  
Nimmagadda discloses wherein the hypervisor runs on an operating system running on one or more processors of the security gateway, or wherein the hypervisor runs directly on one or more processors of the security gateway.  
(wherein the hypervisor runs directly on one or more processors of the security gateway is disclosed by combining the disclosed concepts of instructions executed by processors [0121], hypervisor being software process executing as instructions, the data compute nodes (DCNs) [0003] may include a gateway [0036], the DCNs execute firewall rules [Nimmagadda 0011] and the firewalls may execute in the hypervisor [0113]
).
[Nimmagadda 0121] Many of the above-described features and applications are implemented as software processes that are specified as a set of instructions recorded on a computer readable storage medium (also referred to as computer readable medium). When these instructions are executed by one or more computational or processing unit(s) (e.g., one or more processors, cores of processors, or other processing units), they cause the processing unit(s) to perform the actions indicated in the instructions. 
[Nimmagadda 0011] A firewall rule for a DCN may be triggered, for example, when the specification of a data packet received at the DCN matches the specification of the firewall rule (e.g., when the five-tuple of the packet headers match the identification fields of the rule).
[Nimmagadda 0036] A logical network, logically connects different DCNs (e.g., of a tenant in a hosting system), which run on one or more host machines, to each other and to other end machines. In some embodiments, a user defines a logical network topology (i.e., defines the logical network elements and the connections between these elements) for the logical network through a management and control system of the logical network. The management and control system (manager and controller machines and/or applications) of a logical network receives the logical network elements, generates configuration data, and pushes the initial and runtime configuration data to a set of physical nodes (e.g., host machines, gateway machines, etc.) of the hosting system in order to configure the physical nodes to implement the logical network.
[Nimmagadda 0113] FIG. 5 conceptually illustrates a process 500 of some embodiments for determining a logging policy for a triggered firewall rule, which can be either a policy defined in an associated log generation rule, or a default logging policy. This process, in some embodiments, is performed by a firewall module such as the firewall module or engine that runs on a host machine (e.g., in a hypervisor of the host machine). The process starts by receiving (at 510) a packet. The process then determines (at 520) whether the received packet matches any of the firewall rules (e.g., that is generated based on a security policy defined by a user). 
 [Nimmagadda 0028] management and control plane also configures a firewall module or engine on each host machine for applying the firewall rules on the network traffic that is destined for and/or originated from the logical network's end machines (i.e., DCNs) that run on the host machine. The firewall module of some embodiments is instantiated in the virtualization software (e.g., hypervisor) of the host machine and applies the network security policy on the network traffic that passes through the hypervisor. 
[Nimmagadda 0119]
A firewall engine that is coupled to the MFE (e.g., running in a same hypervisor as the MFE), checks the packet against a set of firewall rules in the table 650 …generates and sends a log message for this triggered firewall rule to a log server.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for executing hypervisor is one or more processors of gateway of Nimmagadda to include 
wherein the hypervisor runs on an operating system running on one or more processors of the security gateway, or wherein the hypervisor runs directly on one or more processors of the security gateway.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to execute the hypervisor on the processor of the gateway, so that the hypervisor can provide virtual machine services and isolate the different software processes (such as firewall)  on different virtual machines so that they cannot interfere with each other. The system of the primary reference (e.g., intrusion detection system) can be modified to execute a hypervisor using one or more processors on the gateway.

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Ahmed, in view of Leon, further in view of Wu et al. U.S. Patent No. 10375104 (hereinafter “Wu”).
As per claim 14, the rejection of claim 1 is incorporated herein. 
	However, the combination of Park, Ahmed, and Leon does not expressly disclose 
wherein the security gateway presents a standardized application programming interface to an external security management system, and wherein the security gateway sends records of the data packets communicated on the communication network to the external security management system for threat analysis.  
Wu discloses 
device presents a standardized application programming interface to an external security management system, and sends records of the data packets communicated on the communication network to the external security management system for threat analysis.  
(external security management system = threat score evaluator 170
any of the user devices 120b-c may be considered to present a standard API 140b to threat score evaluator 170 because API 140b collects log data describing actions of the user devices and provides such log data to threat score evaluator 170.
) 

Wu 4:33-4:50 (16) Network environment 100 may also comprise one or more data capturing devices 140 configured to capture log file data 150. Log file data 150 may be recorded and stored in components of network environment 100 and used by system administrators and/or software to ascertain underlying actions taken by a user 120 of a device 130. As an example, network environment 100 may comprise a proxy server 140a and/or an application programming interface (API) 140b) configured to capture log filedata 150. As depicted in FIG. 1, network environment 100 comprises both a proxy server 140a and an API 140b. In this example, log file data 150 from user device 130a is captured by proxy server 140a and log file data from user devices 120b-c is captured by API 140b. In some embodiments, the data capturing devices 140 send the collected log file data 150 to other components of network environment 100. For example, the data capturing devices 140 may send the collected log file data 150 to log file organizer 160 and/or threat score evaluator 170.
Wu 4:53-5:18 (17) Log file organizer 160 may be configured to receive log file data data 150 from one or more data capturing devices 140 (e.g., proxy server 140a and/or API 140b) …, a “source” may refer to the data capturing device 140 that collected a particular log file entry (e.g., proxy server 140a, API 140b), a “user” may refer to the user 120 associated with the device 130 that sent or received information associated with the particular log file entry, …, log file organizer 160 sends or otherwise makes the organized information available to threat score evaluator 170.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, and Leon with the technique for using an API to collect log data to provide to a threat score evaluator of Wu to include 
wherein the security gateway presents a standardized application programming interface to an external security management system, and wherein the security gateway sends records of the data packets communicated on the communication network to the external security management system for threat analysis.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to collect the log data and provide such log data to threat score evaluator in order to determine the threats. The system of the primary reference can be modified so that the intrusion detection system can include an API that collects log data from devices and sends the log data to a threat score evaluator as taught by the Wu reference.

Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Ahmed, in view of Leon, in view of Wu, further in view of Agerstam et al. U.S. Publication 20190138295 (hereinafter “Agerstam”).
As per claim 15, the rejection of claim 14 is incorporated herein. 
	However, the combination of Park, Ahmed, Leon and Wu does not expressly disclose 
wherein the security gateway is configured to receive software updates from the external security management system.  
Agerstam discloses gateway is configured to receive software updates from the external security management system.  
 [Agerstam 0052] Continuing with reference to FIG. 1, gateway 120 includes DM agent 125, which is incorporated with the teachings of the present disclosure for efficiently managing the distribution of a software update to select nodes of network 150. Gateway 120 has a northbound connection 115 to device management service (DMS) 110, from which, in embodiments, gateway 120 receives the software update, as well as a list of nodes of network 150 that are to receive it. Gateway 120 also includes low-power wide area network (LPWAN) interface 127, through which DM agent 125 distributes the software update to the list of nodes of network 150. Thus, in embodiments, DM agent 125 supports a batch update of sensor nodes on the list, and is responsible for scheduling and distribution of a FW image to the selected nodes over the LPWAN stack.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Park, Ahmed, Leon and Wu with the technique for receiving software updates from a management system of Agerstam to include 
wherein the security gateway is configured to receive software updates from the external security management system.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to update the software on the gateway. The system of the primary reference can be modified so that the gateways receive software updates from a management system.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        

/THEODORE C PARSONS/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Emphasis is additional throughout.