DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is in response to applicant’s amendment and RCE filed, 02 September 2022, of application filed, with the above serial number, on 19 July 2019 in which claims 10 and 17 have been amended and claim 18 has been added. Claims 10-18 are pending in the application. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The claim recites that “the in-vehicle data network further comprises a hybrid network that combines ETH and CAN technologies in one security zone”, while claim 10 from which claim 16 depends recites “an in-vehicle data network that is subdivided into a first security zone and a second security zone”. It is not clear if the hybrid network that combines ETH and CAN technologies is part of the in-vehicle data network (subdivided into two zones) or one in zone, particularly as a first message protocol is in the first zone and second protocol in the second zone.
	

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 10-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al (hereinafter “Kim”, 2016/0255154) in view of 	Ben-Noon et al (hereinafter “Ben”, 2017/0093866).
As per Claim 10, Kim discloses a motor vehicle comprising an in-vehicle data network that is subdivided into a first security zone and a second security zone, the in-vehicle data network comprising: 
a first control device assigned to the first security zone corresponding to a first message protocol (at least Fig. 7, paragraph 40-42, 96-97; FE functional element 711 controlling engine in security zone 710 in CAN network 730 (first message protocol));
a second control device assigned to the second security zone corresponding to a second message protocol, each of the first and second control device configured to exchange messages with other coupled control devices (at least Fig. 7, paragraph 40-42, 96-97; FE functional element 721 controlling door locks in security zone 720 or [WAVE zone (second message protocol) USIM, Bluetooth, etc connected to conduit C3 connecting to CAN network]); 
a domain controller configured to: 
logically separate the first and second security zones from each other (at least paragraph 34-36, 86-90; logical security zone for functional elements on a conduit); 
allow transmission of a message from the first security zone to the second security zone and convert the message from the first message protocol to the second message protocol if the message fulfills a predetermined safety criterion (at least Fig. 7, paragraph 89-90, 97, 100-105; gate keeper (opening or closing gate) for a signal when security level identified of risk source is met for determining achieved security level of security zone to determine risk level; CAN gateway (or bridge) functioning as an interface between different networks); and 
block the transmission of the message between the first and the second security zones if the message does not fulfill the predetermined safety criterion (at least paragraph 89-90, 97, 100-105; gate keeper (opening or closing gate) for a signal when security level identified of risk source is not met for determining achieved security level of security zone to determine risk level).
Kim fails to explicitly disclose by realizing the first and second security zones as a virtual local area network (VLAN) having a common data line, and wherein the predetermined safety criterion includes a message type of the message coincides with a predetermined type specification, wherein the predetermined type specification includes a measured value type. However, the use and advantages for using such a system was well known to one skilled in the art before the effective filing date of the claimed invention as evidenced by the teachings of Ben. Ben discloses, in an analogous in-vehicle network security art, each ECU in a vehicle uses a different VLAN (at least paragraph 126-129, 39, 63, 81-82, 85, 95; see also token teachings in par. 50, 66, 73-75). Ben also discloses differentiating messages between signals being data sent by a control unit and signal values being values sent by the control unit such that data can be read from ECUs (measured values) but preventing configuring ECUs (control data). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the use of Ben’s VLAN with Kim, as Kim teaches the vehicle security zones being logically defined and that messages having a Severity of 0 and Controllability of 0 would have a low risk/damage level and pass through a gate keeper node (see par. 103-106; Tables 12, 14). Ben teaches a vehicle gateway allowing access to a network if meeting security qualifications such as reading only ECU values and not control or configuration based, where a VLAN for each ECU would allow cross domain communication while limiting an external attacker’s ability to affect other ECU’s. It would be obvious that Ben’s read only ECU signal values would have Severity and Controllability of 0 and of little risk in Kim’s security zones to allow them to pass through.
As per Claim 11. The motor vehicle according to claim 10, the in-vehicle data network further including a third security zone and a fourth security zone, wherein the third and the fourth security zones are physically separated from each other by each having its own data line (at least Fig. 7, paragraph 40-42 97; ie. vehicle device security zone, or mobile zone or wave zone etc. with C6, C7 data lines etc).
As per Claim 12. The motor vehicle according to claim 10, wherein the domain controller has a firewall or a message filter or a routing unit for routing the message (at least paragraph 40-42; gate keeper; Ben par. 129; gateway filters).
As per Claim 13. The motor vehicle according to claim 10, wherein the in-vehicle data network further comprises a second domain controller and a higher-level domain controller, wherein the higher-level domain controller combines the domain controller and the second domain controller in a tree hierarchy within the in-vehicle data network (at least Fig. 2; par. 41-42; A gate keeper 221 is disposed on the conduit 220 to control an access to the security zone 202 by an external source. The security zone 202 may include a subzone 203. Here, hierarchical zone setting may be understood from such an example. A gate keeper 231 is disposed on the conduit 230 to control an access to the subzone 203 by an external source. As described in the foregoing, the gate keeper 221 may include a security element that obtains lower-level security than that of the gate keeper 231. That is, the gate keeper 231 configured to maintain security of the subzone 203 may be embodied by the security element of a higher level than the gate keeper 221).
As per Claim 14. The motor vehicle according to claim 10, wherein the in-vehicle data network further comprises a communication device that connects, via a radio link or a wired communication link, with an off-board device or an off-board data network (at least Fig. 7; Mobile zone or wave zone wireless networks).
As per Claim 15. The motor vehicle according to claim 10, wherein the in-vehicle data network is further configured to use at least one of the following network technologies: Ethernet (ETH), Controller Area Network (CAN), FlexRay, and Media Oriented Systems Transport (MOST) (at least Fig. 7; CAN zone).
As per Claim 16. The motor vehicle according to claim 10, wherein the in-vehicle data network further comprises a hybrid network that combines ETH and CAN technologies in one security zone (at least Fig. 7, paragraph 96-97; a powertrain zone 710, a safeguard zone 720, and a controller area network (CAN) zone 730 are set. As illustrated, the powertrain zone 710 and the safeguard zone 720 may be a subzone of the CAN zone 730; other networks on conduit C3 in “vehicle zone’ 700 outside CAN network 730 zone ECUs in CAN network zone 730; Ben par. 118; some of the ECUs connected to an Ethernet switch may also be connected to other in-vehicle networks. These networks may for example be CAN networks).
As per Claim 18. The motor vehicle according to claim 10, wherein the predetermined safety criterion further includes a sender or an addressee of the message coincides with a respective predetermined control device specification or a predetermined plausibility condition of the message is satisfied (at least Kim paragraphs 40-42, 102; eg, controlling access to security zone by an external source (sender) and/or risk to attack target (addressee); Ben par. 128, 97-98, verifying the messages are from a known source, destined to a known destination, include a specific payload and the like).
Claim 17 does not, in substance, add or define any additional limitations over claim 10 and therefore is rejected for similar reasons, supra.

Response to Arguments
Applicant's arguments filed 09 August 2022 have been fully considered but they are not persuasive.
Applicant argues Kim and Ben do not disclose the amended claim 10 “wherein the predetermined safety criterion includes a message type of the message coincides with a predetermined type specification, wherein the predetermined type specification includes a measured value type”. 
However, Ben teaches differentiating messages between signals being data sent by a control unit and signal values being values sent by the control unit such that data can be read from ECUs (measured values) but preventing configuring ECUs (control data) (at least paragraph 39, 63, 81-82, 85, 95; see also token teachings in par. 50, 66, 73-75).
Regarding claim 16, Applicant argues Kim and Ben do not teach wherein the in-vehicle data network further comprises a hybrid network that combines ETH and CAN technologies in one security zone. However, Kim teaches (at least Fig. 7, paragraph 96-97) a controller area network (CAN) zone 730 having ECUs. As illustrated, the powertrain zone 710 and the safeguard zone 720 may be a subzone of the CAN zone 730; other networks on conduit C3 in “vehicle zone’ 700 outside CAN network 730 zone. Ben teaches some of the ECUs connected to an Ethernet switch may also be connected to other in-vehicle networks. These networks may for example be CAN networks (par. 118). Thus, Ben clearly teaches that ECUs are well known to be connected to an ethernet switch, and Kim’s ECUs are in the CAN network security zone 730, it would be obvious that these ECUs in the CAN network zone would be connected to an ethernet switch to their various CAN connection gate keepers ie. C2, C1 etc.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY TODD whose telephone number is (303)297-4763. The examiner can normally be reached 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/GREGORY TODD/Primary Examiner, Art Unit 2443