DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1-6, 8-15, 17 and 18 are pending.  Claims 1, 6, 10 and 15 are independent and currently amended.  Claims 7 and 16 are canceled.  Amendments to the claims are accepted.

Response to Arguments

3.	Applicant's arguments filed 5/31/2022 have been fully considered; however, they are not persuasive based on new ground(s) of rejection.  Notice that previous rejections rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, for claims 7 and 16 are removed due to cancelation of the claims.










Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


5.	Claims 1-3, 5, 6, 8-12, 14, 15, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kishikawa (US PG Pub. 2016/0205194) in view of Maeda (US PG Pub. 2016/0294855) and further in view of Galula (US PG Pub. 2016/0381068).
Regarding claims 1, 6, 10 and 15, Kishikawa discloses A method comprising: 
receiving, by one or more processors associated with a receiving node of a plurality of nodes coupled with a Controller Area Network (CAN) bus of a connected car, a data frame broadcast from a source node of the plurality of nodes [para. 85 and 104; receiving a data frame from the bus]; 
Kishikawa does not explicitly disclose the data frame being broadcast by the source node.  However, Maeda discloses it [para. 143].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa’s receiving data frame to further comprise receiving the data frame that is being broadcast by a source node in order to conform with the CAN protocol for communication among ECU’s in a vehicle [Maeda para. 6].
Kishikawa and Maeda further disclose making a first determination, by the one or more processors, whether the receiving node is the intended recipient of the data frame [Kishikawa para. 85 and 104; determining whether the received data frame is for the receiving ECU itself]; 
responsive to said first determination being affirmative [Kishikawa para. 85 and 104; determining the received data frame is for the receiving ECU itself]: 
making a second determination, by the one or more processors, whether an internal firewall node of the plurality of nodes has identified the data frame as a potentially malicious data frame [Kishikawa para. 54 and 104; determining a fraudulent data frame by determining whether the reception of the frame is not within a transmission period and the event-driven identification flag is not 1]; and 
responsive to said second determination being affirmative, dropping the data frame and discontinuing processing of the data frame [Kishikawa para. 107; in determining a fraudulent data frame, discarding the data frame]; 
responsive to said first determination being negative or said second determination being negative, extracting, by the one or more processors, information from the data frame [Kishikawa para. para. 199-206; extracting the state of the vehicle]; 
analyzing coherence between the extracted information and historical information observed by the receiving node [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], wherein said analyzing coherence comprises analyzing coherence between the extracted information and any or a combination of (i) a current status of an environment in which the connected car is operating based on a current database [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored] and (ii) a status of the source node, using a local behavior database; and 
responsive to a result of said analyzing coherence indicating the data frame is valid, updating, by the one or more processors, the historical information based on the data frame, otherwise discarding the data frame [Kishikawa para. 203-205; receiving the data frame normally].  
Kishikawa and Maeda do not explicitly disclose that the current database includes historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles.  However, Galula discloses it [para. 57].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa and Maeda’s database to further comprise historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles as disclosed by Galula, in order to maintain CAN messages for detecting anomaly in an in-vehicle network [Galula para. 87 and 124].
Kishikawa, Maeda and Galula further disclose wherein the local behavior database includes historical information regarding a sequence of communications observed by the receiving node [Kishikawa para. 90].  

Regarding claims 2, 8, 11 and 17, Kishikawa, Maeda and Galula further disclose The method of claim 1, wherein said analyzing coherence comprises analyzing coherence between the extracted information and any or a combination of (i) a current status of an environment in which the connected car is operating based on a current database [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored] and (ii) a status of the source node, using a local behavior database, wherein the current database includes historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles [Galula para. 57] and wherein the local behavior database includes historical information regarding a sequence of communications observed by the receiving node [Kishikawa para. 90].  

Regarding claim 3, Kishikawa, Maeda and Galula further disclose The method of claim 1, wherein the method further comprises when the first determination is affirmative and a confidence level of the result is greater than or equal to a confidence threshold, then causing the connected car to take an action based on the data frame [Kishikawa para. 105].  

Regarding claim 5, Kishikawa and Maeda further disclose The method of claim 2, wherein the status of the source node is determined based on any or a combination of (i) the historical information regarding the sequence of communications and (ii) a data communication specification associated with the source node indicative of one or more of (a) data transmitted by the source node [para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], (b) a data rate associated with the source node, (c) a data format in accordance with which the source node generates data frames, and (d) contents expected to be included in the data frames.  

Regarding claim 6, Kishikawa, Maeda and Galula also disclose A method comprising: 
receiving, by one or more processors associated with an internal firewall node of a plurality of nodes coupled with a Controller Area Network (CAN) bus of a connected car, a data frame broadcast from a source node of the plurality of nodes [Kishikawa para. 85 and 104; receiving a data frame from the bus];
extracting, by the one or more processors, information from the data frame [Kishikawa para. para. 199-206; extracting the state of the vehicle]; 
analyzing coherence between the extracted information and historical information observed by the internal firewall node [para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored]; and 
responsive to a result of said analyzing coherence indicating the data frame is valid, updating, by the one or more processors, the historical information based on the data frame [Kishikawa para. 203-205; receiving the data frame normally if the data frame is valid], wherein said analyzing coherence comprises analyzing coherence between the extracted information and any or a combination of (i) a current status of an environment in which the connected car is operating based on a current database [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored] and (ii) a status of the source node, using a local behavior database; 
responsive to the result of said analyzing coherence indicating the data frame is invalid, causing one or more intended recipients of the data frame of the plurality of nodes - 25 -to drop the data frame [Kishikawa para. 206; discarding the data frame if the data frame is invalid], by broadcasting a high priority warning notification data frame on the CAN bus [Maeda para. 147-148].  
Kishikawa and Maeda do not explicitly disclose that the current database includes historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles.  However, Galula discloses it [para. 57].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa and Maeda’s database to further comprise historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles as disclosed by Galula, in order to maintain CAN messages for detecting anomaly in an in-vehicle network [Galula para. 87 and 124].
Kishikawa, Maeda and Galula further disclose wherein the local behavior database includes historical information regarding a sequence of communications observed by the receiving node [Kishikawa para. 90].  

Regarding claim 9, Kishikawa, Maeda and Galula further disclose The method of claim 8, wherein the status of the source node is determined based on any or a combination of (i) the historical information regarding the sequence of communications and (ii) a data communication specification associated with the source node indicative of one or more of (a) data transmitted by the source node [para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], (b) a data rate associated with the source node, (c) a data format in accordance with which the source node generates data frames, and (d) contents expected to be included in the data frames.  

Regarding claim 10, Kishikawa, Maeda and Galula also disclose A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a receiving node of a plurality of nodes coupled with a Controller Area Network (CAN) bus of a connected car, causes the one or more processors to perform a method comprising: 
receiving, by the receiving node, a data frame broadcast from a source node of the plurality of nodes [para. 85 and 104; receiving a data frame from the bus]; 
making a first determination whether the receiving node is the intended recipient of the data frame [Kishikawa para. 85 and 104; determining whether the received data frame is for the receiving ECU itself];  
- 26 -responsive to said first determination being affirmative [Kishikawa para. 85 and 104; determining the received data frame is for the receiving ECU itself]: 
making a second determination whether an internal firewall node of the plurality of nodes has identified the data frame as a potentially malicious data frame [Kishikawa para. 54 and 104; determining a fraudulent data frame by determining whether the reception of the frame is not within a transmission period and the event-driven identification flag is not 1]; and 
responsive to said second determination being affirmative, dropping the data frame and discontinuing processing of the data frame [Kishikawa para. 107; in determining a fraudulent data frame, discarding the data frame]; 
responsive to said first determination being negative or said second determination being negative, extracting information from the data frame [Kishikawa para. para. 199-206; extracting the state of the vehicle]; 
analyzing coherence between the extracted information and historical information observed by the receiving node [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], wherein said analyzing coherence comprises analyzing coherence between the extracted information and any or a combination of (i) a current status of an environment in which the connected car is operating based on a current database [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored] and (ii) a status of the source node, using a local behavior database; and 
responsive to a result of said analyzing coherence indicating the data frame is valid, updating the historical information based on the data frame, otherwise discarding the data frame [Kishikawa para. 203-205; receiving the data frame normally].  
Kishikawa and Maeda do not explicitly disclose that the current database includes historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles.  However, Galula discloses it [para. 57].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa and Maeda’s database to further comprise historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles as disclosed by Galula, in order to maintain CAN messages for detecting anomaly in an in-vehicle network [Galula para. 87 and 124].
Kishikawa, Maeda and Galula further disclose wherein the local behavior database includes historical information regarding a sequence of communications observed by the receiving node [Kishikawa para. 90].  

Regarding claim 12, Kishikawa, Maeda and Galula further disclose The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises when the first determination is affirmative and a confidence level of the result is greater than or equal to a confidence threshold, then causing the connected car to take an action based on the data frame [Kishikawa para. 105].  

Regarding claim 14, Kishikawa, Maeda and Galula further disclose The non-transitory computer-readable storage medium of claim 11, wherein the status of the source node is determined based on any or a combination of (i) the historical information regarding the sequence of communications and (ii) a data communication specification associated with the source node indicative of one or more of (a) data transmitted by the source node [para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], (b) a data rate associated with the source node, (c) a data format in accordance with which the source node generates data frames, and (d) contents expected to be included in the data frames.  

Regarding claim 15, Kishikawa, Maeda and Galula also disclose A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of an internal firewall node of a plurality of nodes coupled with a Controller Area Network (CAN) bus of a connected car, causes the one or more processors to perform a method comprising: 
receiving a data frame broadcast from a source node of the plurality of nodes [Kishikawa para. 85 and 104; receiving a data frame from the bus]; 
extracting information from the data frame [Kishikawa para. para. 199-206; extracting the state of the vehicle]; 
analyzing coherence between the extracted information and historical information observed by the internal firewall node [para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored]; and 
responsive to a result of said analyzing coherence indicating the data frame is valid, updating, by the one or more processors, the historical information based on the data frame [Kishikawa para. 203-205; receiving the data frame normally if the data frame is valid], wherein said analyzing coherence comprises analyzing coherence between the extracted information and any or a combination of (i) a current status of an environment in which the connected car is operating based on a current database [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored] and (ii) a status of the source node, using a local behavior database;
responsive to the result of said analyzing coherence indicating the data frame is invalid, causing one or more intended recipients of the data frame of the plurality of nodes to drop the data frame [Kishikawa para. 206; discarding the data frame if the data frame is invalid], by broadcasting a high priority warning notification data frame on the CAN bus [Maeda para. 147-148].  
	Kishikawa and Maeda do not explicitly disclose that the current database includes historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles.  However, Galula discloses it [para. 57].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa and Maeda’s database to further comprise historical information regarding one or more of (a) - 24 -neighboring vehicles in proximity to the connected car, (b) a status of a road on which the connected car is driving, and (c) respective status associated with the neighboring vehicles as disclosed by Galula, in order to maintain CAN messages for detecting anomaly in an in-vehicle network [Galula para. 87 and 124].
Kishikawa, Maeda and Galula further disclose wherein the local behavior database includes historical information regarding a sequence of communications observed by the receiving node [Kishikawa para. 90].  

Regarding claim 18, Kishikawa, Maeda and Galula further disclose The non-transitory computer-readable storage medium of claim 17, wherein the status of the source node is determined based on any or a combination of (i) the historical information regarding the sequence of communications and (ii) a data communication specification associated with the source node indicative of one or more of (a) data transmitted by the source node [Kishikawa para. 199-206; analyzing coherence between the state of the vehicle obtained from the current frame and the state of the vehicle previously stored], (b) a data rate associated with the source node, (c) a data format in accordance with which the source node generates data frames, and (d) contents expected to be included in the data frames.

6.	Claims 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Kishikawa (US PG Pub. 2016/0205194) in view of Maeda (US PG Pub. 2016/0294855) in view of Galula (US PG Pub. 2016/0381068) and further in view of Ruvio (US PG Pub. 2019/0036946).
Regarding claim 4, Kishikawa, Maeda and Galula disclose performing a certain action in responsive to determining when the first determination is affirmative [Kishikawa para. 85 and 104; determining whether the received data frame is for the receiving ECU itself] and a confidence level of the result is less than a confidence threshold me [Kishikawa para. 54 and 104; determining a fraudulent data frame by determining whether the reception of the frame is not within a transmission period]; 
Kishikawa and Maeda do not disclose the responsive action including requesting further analysis of the data frame by an external device.  Ruvio discloses an action including additional analysis performed by an external server [para. 38 and 105].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Kishikawa, Maeda and Galula’s responsive action including requesting further analysis of the data frame by an external device, as disclosed by Ruvio, to further enhance detection of malicious activity.  

Regarding claim 13, Kishikawa, Maeda, Galula and Ruvio also disclose The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises when the first determination is affirmative [Kishikawa para. 85 and 104; determining whether the received data frame is for the receiving ECU itself] and a confidence level of the - 27 -result is less than a confidence threshold [Kishikawa para. 54 and 104; determining a fraudulent data frame by determining whether the reception of the frame is not within a transmission period], then requesting further analysis of the data frame by an external device [para. 38 and 105; performing addition analysis by an external server].




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433