DETAILED ACTION
No claims have been amended.
No claims have been added.
No claims have been cancelled.
Claims 1-16 are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 09/01/2022 have been fully considered but they were not found to be persuasive. 
Applicant argues that even though the system of Saeki detects an attack in the form of an actual physical intrusion on the CAN bus, Saeki does not teach CAN node arbitration may occur upon the CAN bus impedance being below a threshold value. Examiner respectfully disagrees. As recited in the rejection of claim 1 Saeki does teach detecting bus impedance below a threshold. Saeki para. 0100 teaches of detecting if the impedance between the two CAN lines is smaller than a predetermined value, which is analogous to detecting an impedance value below a threshold. Furthermore, Shin teaches of detecting an electrical characteristic being abnormal to determine whether or not CAN node arbitration is occurring on the CAN bus. Therefore, as seen in the rejection of claim 1 the combination of Saeki and Shin under 35 USC 103 clearly teaches all limitations of claim 1 and other parallel claims 8, 15, and 16.
The response to the arguments of claim 1 further apply to all additional arguments of the dependent claims.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5, 6, 8, 9, 12, 13, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over SAEKI (US-20180069874-A1) in view of SHIN (US-20190245872-A1), hereinafter SAEKI-SHIN.
Regarding claim 1, SAEKI teaches “A method of detecting manipulation of data on a Controller Area Network, CAN, bus to which a device is connected, the method comprising: detecting that bus impedance is below a threshold bus impedance value; ([SAEKI, para. 0093] “An embodiment in which a short circuit attack is detected by monitoring the impedance between the two CAN lines will now be described.”) ([SAEKI, para. 0094] “FIG. 10 is a diagram illustrating an example of the configuration of a countermeasure node 2 that monitors impedance.”) ([SAEKI, para. 0098] “With reference to FIG. 11, the impedance monitor 11 has a resistor 12 and an AD converter 13. Note that the impedance monitor 11 is not limited to the configuration of FIG. 11 as long as it is a circuit or element that can measure the impedance between the two CAN lines and transmit a measurement result as digital information to the ECU.”) ([SAEKI, para. 0100] “However, if a short circuit attack occurs, recessive is detected on the CAN but a current flows through the two power supplies. In the short circuit attack, the impedance between the two CAN lines becomes a very small value (assumed to be r[Ω]) but not 0. Thus, when the countermeasure node 2 of FIG. 10 is connected, a current in accordance with the ratio of R to r flows through the resistor 12 of FIG. 11. Accordingly, by measuring the potential difference between both ends of the resistors 12 by the AD converter 13 of FIG. 11, the impedance between the two CAN lines can be known indirectly. That is, it is approximately 60 Ω during normal dominant, a very large value during normal recessive, and a very small value during recessive by a short circuit attack. The ECU 8 of FIG. 10 monitors the impedance when recessive is detected on the CAN, and if the impedance between the two CAN lines is smaller than a predetermined value, considers that a short circuit attack is detected and performs notification.”) detecting whether or not CAN node arbitration currently may occur on the CAN …… (SAEKI, para. 0045] “In CAN, there is no dedicated signal line for performing arbitration before communication is started, so that a plurality of nodes may start transmission at the same time. In such a case, arbitration is performed as described below. It is important here that when different nodes transmit dominant and recessive, respectively, the state on the CAN becomes dominant (for details, refer to the international specification of CAN, Non-Patent Literature 1, etc.). It is arranged that each node monitors signals on the CAN, and upon detecting a signal value different from a signal value each node itself has transmitted, the node that has transmitted recessive stops transmitting and only the node that has transmitted dominant continues transmitting. With this arrangement, arbitration is realized.”). 
However, SAEKI does not teach “detecting whether or not CAN node arbitration currently may occur on the CAN bus upon detecting that the bus impedance is below the threshold bus impedance value; and if not determining that an attempt to manipulate data on the CAN bus has occurred.”
In analogous teaching, SHIN teaches “detecting whether or not CAN node arbitration currently may occur on the CAN bus ([SHIN, para. 0052] “The objective of a flood attack is to disrupt the in-vehicle network by flooding attack messages. It is similar to the high-frequency fabrication attack in the sense that the attack messages are injected at a very high frequency. However, the main difference is that the forged ID need not be the same as that some other ECU is already sending. In fact, since low ID values represent high priority in CAN, the ID value is forged to be a very low value (e.g., all 0s for the 11-bit ID field). This way, the adversary can prevent other ECUs from sending their messages—as they would always lose arbitration/contention to the adversary's attack messages—and thus mount a Denial-of-Service (DoS) attack.”) upon detecting that the bus [impedance] is below the threshold bus [impedance] value; and if not determining that an attempt to manipulate data on the CAN bus has occurred ([SHIN, para.0108] “In the case of flood attack, since the forged ID value is not usually used by other ECUs, i.e., misuse of ID, it can easily be detected. Therefore, similarly to how one achieves root-cause analysis for low-frequency fabrication attacks, only the voltage measurements from the attack messages can be considered in constructing the intrusion voltage profile, and then exploited for the root-cause analysis.”) [Examiner’s note: SHIN teaches that upon detecting an electrical characteristic i.e. voltage being abnormal, the detection of node arbitration not occurring is performed.]  
However, SHIN does not teach the electrical characteristic is specifically impedance but SAEKI teaches detecting bus reference is below a threshold value. ([SAEKI, para. 0100] “and if the impedance between the two CAN lines is smaller than a predetermined value, considers that a short circuit attack is detected and performs notification.”).
Thus, given the teaching of SHIN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of detecting arbitration upon detecting a change in electrical characteristics as taught by SHIN into the teaching of a method for detecting manipulation of data on a controller area network as taught by SAEKI. One of ordinary skill in the art would have been motivated to do so because SHIN recognizes the need for improved vehicle security by isolating or patching the source that is compromised. ([SHIN, para. 0006] “No matter how well an IDS detects the intrusion on a vehicle, if one still does not know where the attack is coming from and which ECU to isolate/patch, the vehicle will remain insecure and unsafe. It would be much better and more economical to isolate or patch the ECU which is compromised and attacking the network, instead of blindly regarding all in-vehicle ECUs as controlled by the attacker.”)

Regarding claim 8, this claim recites of a device configured to detect the features of claim 1. Therefore, claim 8 is rejected in a similar manner as in the rejection of claim 1. 

Regarding claims 2 and 9, SAEKI-SHIN teaches all limitations of claims 1 and 8. SAEKI further teaches “discarding at least one current data frame being received over the CAN bus following the determination that an attempt to manipulate data on the CAN bus has occurred.” ([SAEKI, para. 0052] “In FIG. 5, it is assumed that a node X connected to the CAN is an unauthorized transmission node. The node X starts transmitting an unauthorized message using an ID assigned to a node A which is an authorized transmission node (1). The node A monitors signal values on the CAN (2), and upon detecting that the ID of the frame is the value assigned to the node A itself, inserts an error frame into this message (3). The error frame consists of six consecutive dominant bits. In CAN, when six or more consecutive bits of the same bit value appear during communication, this is considered as an error. As described above, when a collision between dominant and recessive occurs, dominant is detected on the CAN, so that recessive transmitted by the node X at the same timing is overridden. As a result, a node B detects the error frame during communication, and the communication of the unauthorized message is invalidated (4).”).

Regarding claim 5 and 12, SAEKI-SHIN teaches all limitations of claims 1 and 8. SHIN further teaches “wherein the detecting whether or not CAN node arbitration currently may occur on the CAN bus comprises: detecting occurrence of a Start-Of-Frame, SOF, bit on the CAN bus, wherein during a predetermined number of bits immediately following the SOF bit, it is detected that arbitration may occur.” ([SHIN, para. 0046] “Once the CAN bus is detected idle, a node with data to transmit, starts its frame transmission by sending a 0-bit in the Start-of-Frame (SOF) slot. It then enters a phase of arbitration in which bus access contention between ECUs is resolved. If the node wins the arbitration, it gains sole access of the bus and thus transmits the remaining fields as a stream of 0/1 bits.”) ([SHIN, para. 0052] “In fact, since low ID values represent high priority in CAN, the ID value is forged to be a very low value (e.g., all 0s for the 11-bit ID field). This way, the adversary can prevent other ECUs from sending their messages—as they would always lose arbitration/contention to the adversary's attack messages”).
The same motivation to modify SHIN with SAEKI as in the rejection of claim 1 applies. 

Regarding claims 6 and 13, SAEKI-SHIN teaches all limitations of claims 1 and 8. SHIN further teaches “wherein the detecting whether or not node arbitration currently may occur further comprises: detecting whether or not data frame acknowledgement currently occurs on the bus.” ([SHIN, para. 0045] “Only one ECU is assigned to transmit a given ID at a time, and the ID values are defined to be distinct from each other by the manufacturer. Sensor data are packed into the frame's data field and are delivered in the form of a CAN frame/message, which basically is a sequence of dominant (logical 0) and recessive (logical 1) bits. ECUs other than the message transmitter acknowledge their message reception by sending a dominant (0) bit in the Acknowledgment (ACK) slot. Note that such an acknowledgment is made even before the transmitter finishes sending its message on the bus as seen in FIG. 1. This ACK is done by all ECUs on the bus that correctly receive the message, regardless of whether they are interested in its content or not. While reference is made to CAN throughout this application, it is readily understood that other types of communication protocols fall within the broader aspects of this disclosure.”).
The same motivation to modify SHIN with SAEKI as in the rejection of claim 1 applies. 

Regarding claim 15, this claim recites a non-transitory computer-readable medium comprising instructions to perform the steps of claim 1. Therefore, claim 15 is rejected in a similar manner as in the rejection of claim 1.

Regarding claim 16, this claim recites a computer program product comprising a non-transitory medium to perform the steps of claim 1. Therefore, claim 16 is rejected in a similar manner as in the rejection of claim 1.


Claims 3 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over SAEKI-SHIN in view of HARRISON (GB-2559431-A) and further in view of ELEND (EP-3772839-A1).
Regarding claims 3 and 10, SAEKI-SHIN teaches all limitations of claims 2 and 9. However, SAEKI-SHIN does not teach “wherein the discarding of the at least one current data frame comprises: overwriting a remainder of said at least one current data frame with zeros, or overwriting at least six consecutive bits following a first bit detected to be manipulated for the data frame; and passing the overwritten at least one current data frame on to a CAN protocol controller to which the data frame is intended.”.
In analogous teaching, HARRISON teaches “discarding of the at least one current data frame comprises: overwriting a remainder of said at least one current data frame with zeros, or overwriting at least six consecutive bits following a first bit detected to be manipulated for the data frame;” ([HARRISON, Page 4 lines 21-29] “Alternatively, the data splitter may be further configured to process the received network communications to remove payload information to produce cleared data, the cleared data comprising communication state information included in received network communications. Sending network data to the server may then comprise sending the cleared data to the server. Processing received network communications to produce cleared data may comprise overwriting a payload of a received network communication, for example with zeroes or other meaningless data.”) ([HARRISON, Page 13 lines 12-16] “In other embodiments, the data splitter 31 processes the communications received from the client 10 to remove payload information to produce cleared data, and then forwards the cleared data to the server 20. For example, the data splitter may remove or overwrite the payload. The payload can be overwritten with zeroes or other meaningless data that the server will ignore or with data that the server 20 is configured to ignore.”).
Thus, given the teaching of HARRISON, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of overwriting a data frame with zeros as taught by HARRISON into the teaching of a method for detecting manipulation of data on a controller area network as taught by SAEKI-SHIN. One of ordinary skill in the art would have been motivated to do so because HARRISON recognizes the need for improved security and efficient communication of data between servers. ([HARRISON, page 19 lines 7-10] “It will therefore be appreciated that the system 30 described above improves the security of web servers 30 by taking away the requirement for the server itself to process received data to extract parameters, but does so without reducing the functionality of the server and, in particular, can be used with connection-oriented protocols such as TCP.”).
However, HARRISON mentions passing data to a server but does not teach “and passing the overwritten at least one current data frame on to a CAN protocol controller to which the data frame is intended.”
In an analogous teaching, ELEND teaches “and passing the overwritten at least one current data frame on to a CAN protocol controller to which the data frame is intended.” ([ELEND, para. 0036] “Figure 4B depicts a CAN node 402 including a security module 460 according to another embodiment of the present disclosure. In this embodiment, the security module 460 is provided as part of the CAN local controller 410. For instance, the functionality of the security module 460 can be provided by a CAN protocol controller.”) ([ELEND, para. 0041] “The security module 434 includes a receive data, RXD, input interface 436 for receiving data from the CAN bus 404. The security module 434 also includes a transmit data, TXD, output interface 438 for transmitting data to the CAN bus 404. The security module 434 can receive a message from the CAN bus 404 via the RXD input interface 436, and compare the message with one or more conditions. The conditions can include one or more of form errors, stuff errors and policy violations, as non-limiting examples. For instance a policy may be violated if the security module determines that the CAN message is being spoofed.”)
Thus, given the teaching of ELEND, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of passing data to a CAN controller as taught by ELEND into the teaching of a method for detecting manipulation of data on a controller area network as taught by SAEKI-SHIN. One of ordinary skill in the art would have been motivated to do so because ELEND recognizes the need to invalidate and detect malicious frames ([ELEND, para. 0109 ] “One or more of the examples disclosed herein can provide a mechanism to invalidate a frame / message by a cyber or safety function, where one does not already exist, such as in CAN XL. Also, examples described herein can provide a mechanism for identifying which node detected an error and / or for what reason the message shall be discarded to receivers and transmitters on a serial communications network.”)

Claims 4 and 11 is rejected under 35 U.S.C. 103 as being unpatentable over SAEKI-SHIN in view of ELEND (EP-3772839-A1).
Regarding claims 4 and 11, SAEKI-SHIN teaches all limitations of claims 1 and 8. However, SAEKI-SHIN does not teach “passing at least one current data frame having been determined to be manipulated on to a CAN protocol controller to which the data frame is intended.”
In analogues teaching ELEND teaches “passing at least one current data frame having been determined to be manipulated on to a CAN protocol controller to which the data frame is intended.” ([ELEND, para. 0025] “The CAN protocol controllers 114, which can be embedded within the local controllers 110 or external to the local controllers (e.g., a separate IC device), implement data link layer operations. For example, in receive operations, a CAN protocol controller 114 stores received serial bits from the transceiver 120 until an entire message is available for fetching by the local controller 110. The CAN protocol controller 114 can also decode CAN messages according to the standardized frame formats of the CAN protocol. In transmit operations, the CAN protocol controller 114 receives messages from the local controller and transmits the messages as serial bits in one of the CAN frame formats to the CAN transceiver 120.”) ([ELEND, para. 0036] “Figure 4B depicts a CAN node 402 including a security module 460 according to another embodiment of the present disclosure. In this embodiment, the security module 460 is provided as part of the CAN local controller 410. For instance, the functionality of the security module 460 can be provided by a CAN protocol controller.”) ([ELEND, para. 0041] “For instance a policy may be violated if the security module determines that the CAN message is being spoofed. Various types of form errors and stuff errors are known in the art.”) ([ELEND, para. 0042] “If the security module 434 detects that a condition has been violated, then it can output an error-signal to the CAN bus 404 via the TXD output interface 438. In this way, the security module 434 can perform one or more of: identifying form errors and / or stuff errors; and determining that a policy has been violated.”).
The same motivation to modify ELEND with SAEKI-SHIN as in the rejection of claim 3 applies. 

Claims 7 and 14 is rejected under 35 U.S.C. 103 as being unpatentable over SAEKI-SHIN in view of FOLEY (US-20140344930-A1).
Regarding claims 7 and 14, SAEKI-SHIN teaches all limitations of claims 1 and 8. However, SAEKI-SHIN does not teach “the threshold bus impedance value being 10 Ω”.
In analogous teaching, FOLEY teaches “the threshold bus impedance value being 10 Ω”. ([FOLEY, para. 0010] “In one embodiment, a method includes receiving a series of impedance values for a communication line over a time period and calculating a baseline impedance as a function of the series of impedance values.”) ([FOLEY, para. 0025] “The monitor 123 is configured to compare an absolute value of the difference to a threshold impedance tolerance. Example threshold impedance tolerances may be 5 ohms, 10 ohms, 50 ohms, 100 ohms, or another value. Example threshold impedance tolerance may be a percentage of the baseline (e.g., 10%, 25%, 50%, or another value). The threshold impedance tolerance may be selected by a user. The user may configure the threshold impedance tolerance to select a tradeoff between a lower tolerance level, which may include more false positive warnings but has a higher reliability of detection of network taps and a higher tolerance level, which may include fewer false positive warnings but has a lower reliability of detection of network taps.”) 
Thus, given the teaching of FOLEY, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of threshold impedance being 10 ohms as taught by FOLEY into the teaching of a method for detecting manipulation of data on a controller area network as taught by SAEKI-SHIN. One of ordinary skill in the art would have been motivated to do so because FOLEY recognizes the benefits of monitoring impedance to detect unwanted network activity. ([FOLEY, para. 0003] “Physical probes may be directly connected to a network. The physical probes may be difficult to detect on the network because the physical probes may be passive device, have no physical or logical address and do not respond to end network communications.”) ([FOLEY, para. 0011] “a processor are operable to receive an impedance measurement, detect a network tap as a function of the impedance measurement, generate a network tap warning message in response to the detection of the network tap, and send the network tap warning message to a cloud service.”)


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                        /NOURA ZOUBAIR/Primary Examiner, Art Unit 2434