Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
DETAILED ACTION
This action is in response to original filings made on 3/12/2021. Claims 1-21 are cancelled. Claims 22-43 are pending.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). 
Specification (Title)
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
Claim Objections
Claim 22 is objected to because of the following informalities:  The examiner notes that the applicant is advised to consider amending the claim to recite either a data hardware interface or a memory to avoid the misinterpretation of the claim as being capable of being implemented solely by software. Appropriate correction is required.
Claim Interpretation
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “security unit configured to…” in claims 22 and 25. The examiner notes that the applicant states that the structure of the security unit is a hardware circuit in claim 26.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 22-43 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett et al. (US Patent Publication No. 2019/0394089 and Barrett hereinafter) in view of OVERBY et al. (US Patent Publication No. 2019/0379683 and OVERBY hereinafter).

As to claim 22, Barrett teaches a device for processing data, comprising: 
at least two data interfaces, a first data interface of the at least two data interfaces being configured to at least temporarily exchange first data with at least one first external unit according to a first communication protocol (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications.”.), 
a second data interface of the at least two data interfaces being configured to at least temporarily exchange second data with a second external unit according to a second communication protocol (i.e., …teaches in par. 0040 the following: “ The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications.”.), 
which is different than the first communication protocol (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443.”.); 
and a security unit configured to at least temporarily carry out at least one security function with regard to at least one of the at least two data interfaces (i.e., …teaches in par. 0091 the following: “the IDS can take one or more immediate actions. For example, in the CAN case, the IDS can de-activate the node (e.g., ECU) or software process that is being targeted with unexpected Remote Frames. Additional or different actions may be taken in response to the detection of an intrusion.” …teaches in par. 0093 the following: “The car software can be then executed according to one of the techniques described with respect to the dynamic analyses. Then, a process within the firewall system (e.g., the intrusion detection) can record whether any packets are blocked from getting through. The information regarding what packets were blocked (especially for example Layer 2, Layer 3, Layer 4, Application level information) can be returned to, for example, security engineers or other personnel who can take it into account in considering whether to provide a revised firewall configuration.”).

Barrett does not explicitly use the terms first interface and second interface.
In this instance the examiner notes the teachings of prior art reference OVERBY. 
Overby teaches in par. 0064 the following: “For example, FIG. 2B shows a guest OS 212A and a guest OS 212N, which may be included in the Guest OSes 212 of FIG. 2A. The guest OSes 212A and 212N may include a virtualized network interface 224A to a hardware network interface 226A, which may be IP network interfaces, such as Ethernet interfaces. The hardware network interface 226A provides access to a hardware communication channel 210A, which may correspond to physical portions of the communication channel(s) 150 that are external to the embedded system and/or the virtualized environment 102 (e.g., an external Ethernet link). Similarly, the guest OS 212A and the guest OS 212N may include a virtualized network interface 224N to a hardware network interface 226N, which may be vehicle bus network interfaces, such as CAN interfaces. The hardware network interface 226N provides access to a hardware communication channel 210N, which may correspond to physical portions of the communication channel(s) 152 that are external to the embedded system and/or the virtualized environment 102 (e.g., an external CAN bus).”. Teaches in par. 00187 the following: “Although the bus 1202 is described herein as being a CAN bus, this is not intended to be limiting. For example, in addition to, or alternatively from, the CAN bus, FlexRay and/or Ethernet may be used. Additionally, although a single line is used to represent the bus 1202, this is not intended to be limiting. For example, there may be any number of busses 1202, which may include one or more CAN busses, one or more FlexRay busses, one or more Ethernet busses, and/or one or more other types of busses using a different protocol. In some examples, two or more busses 1202 may be used to perform different functions, and/or may be used for redundancy. For example, a first bus 1202 may be used for collision avoidance functionality and a second bus 1202 may be used for actuation control. In any example, each bus 1202 may communicate with any of the components of the vehicle 1200, and two or more busses 1202 may communicate with the same components. In some examples, each SoC 1204, each controller 1236, and/or each computer within the vehicle may have access to the same input data (e.g., inputs from sensors of the vehicle 1200), and may be connected to a common bus, such the CAN bus.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barrett with the teachings of OVERBY by having their system comprise defined interface structure. One would have been motivated to do so to provide a simple and effective means to communication, wherein the device interface helps facilitate inter-communication within the network and makes it easier to configure the devices within the network communication.

As to claim 23, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the first communication protocol includes CAN and/or FlexRay and/or LIN and/or MOST and/or Ethernet (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications.”.).

As to claim 24, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the at least one security function includes at least one of the following functions: a) firewall function, b) intrusion detection, c) intrusion prevention, d) intrusion detection and prevention, e) deep packet inspection, f) stateful packet inspection (i.e., …teaches in par. 0037 the following: “FIG. 2 shows an example implementation of inter-domain firewalling in the example vehicle network 200.”).

As to claim 25, the system of Barrett and as OVERBY applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to execute the at least one security function in a cross-protocol manner and/or a protocol- independent manner (i.e., …teaches in par. 0041 the following: “The example implementation of intra-domain firewalling shows locations of firewalls (e.g., firewalls 460, 470) implemented on the powertrain and vehicle dynamics DC 450. As illustrated, the firewall 460 is placed between the powertrain and vehicle dynamics DC 450 and the CAN network that connects the powertrain and vehicle dynamics DC 450 to the ECUs on the CAN network. The firewall 460 can be used to ensure that only authorized traffic passes between the powertrain and vehicle dynamics DC 450 and the ECUs on the CAN network. Similarly, the firewall 470 is placed between the powertrain and vehicle dynamics DC 450 and the FlexRay network that connects the powertrain and vehicle dynamics DC 450. The firewall 470 can be used to ensure that only authorized traffic passes from and into the ECUs based on FlexRay communication protocols.”).

As to claim 26, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is at least partially, implemented as a hardware circuit (i.e., …teaches in par. 0111 the following: “Implementations of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry”.).

As to claim 27, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 26, wherein the security unit includes at least one of the following elements: a) a hardware circuit; b) a field-programmable gate array c) an application-specific integrated circuit (ASIC) (i.e., …teaches in par. 0111 the following: “Implementations of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry”.).

As to claim 28, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit a) includes at least one protocol-independent hardware filter, and/or b) is configured to define the at least one hardware filter, wherein the at least one hardware filter is at least temporarily usable to filter at least one part of the first data and/or the second data and/or further data, wherein the first data and/or the second data are associated with different communication protocols (i.e., …teaches in par. 0041 the following: “The example implementation of intra-domain firewalling shows locations of firewalls (e.g., firewalls 460, 470) implemented on the powertrain and vehicle dynamics DC 450. As illustrated, the firewall 460 is placed between the powertrain and vehicle dynamics DC 450 and the CAN network that connects the powertrain and vehicle dynamics DC 450 to the ECUs on the CAN network. The firewall 460 can be used to ensure that only authorized traffic passes between the powertrain and vehicle dynamics DC 450 and the ECUs on the CAN network. Similarly, the firewall 470 is placed between the powertrain and vehicle dynamics DC 450 and the FlexRay network that connects the powertrain and vehicle dynamics DC 450. The firewall 470 can be used to ensure that only authorized traffic passes from and into the ECUs based on FlexRay communication protocols.”).

As to claim 29, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to evaluate at least one part of the first data and/or of the second data (i.e., …teaches in par. 0041 the following: “The example implementation of intra-domain firewalling shows locations of firewalls (e.g., firewalls 460, 470) implemented on the powertrain and vehicle dynamics DC 450. As illustrated, the firewall 460 is placed between the powertrain and vehicle dynamics DC 450 and the CAN network that connects the powertrain and vehicle dynamics DC 450 to the ECUs on the CAN network. The firewall 460 can be used to ensure that only authorized traffic passes between the powertrain and vehicle dynamics DC 450 and the ECUs on the CAN network. Similarly, the firewall 470 is placed between the powertrain and vehicle dynamics DC 450 and the FlexRay network that connects the powertrain and vehicle dynamics DC 450. The firewall 470 can be used to ensure that only authorized traffic passes from and into the ECUs based on FlexRay communication protocols.”), 
the security unit being configured to infer a context of a target system for the device, based on the evaluation, the security unit being configured to: (i) influence an execution of the at least one security function, based on the evaluation and/or on the context, and/or (ii) vary a configuration of the security unit and/or the at least one security function (i.e., …teaches in par. 0041 the following: “The example implementation of intra-domain firewalling shows locations of firewalls (e.g., firewalls 460, 470) implemented on the powertrain and vehicle dynamics DC 450. As illustrated, the firewall 460 is placed between the powertrain and vehicle dynamics DC 450 and the CAN network that connects the powertrain and vehicle dynamics DC 450 to the ECUs on the CAN network. The firewall 460 can be used to ensure that only authorized traffic passes between the powertrain and vehicle dynamics DC 450 and the ECUs on the CAN network. Similarly, the firewall 470 is placed between the powertrain and vehicle dynamics DC 450 and the FlexRay network that connects the powertrain and vehicle dynamics DC 450. The firewall 470 can be used to ensure that only authorized traffic passes from and into the ECUs based on FlexRay communication protocols.”).

As to claim 30, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to carry out a check of pieces of header information which are associated with an Ethernet-based protocol, and/or DoIP, and/or SomeIP, and/or TCP (i.e., …teaches in par. 0040 the following: “[0040] The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications. In some implementations, CAN is used, for example, for medium-speed (e.g., 1 Mbps) applications including ECU-to-ECU communications. The powertrain and vehicle dynamics DC 450 can also be connected with a FlexRay network that includes one or more sensor ECUs 442, 446 and actuator ECUs 444, 448 that support FlexRay communications. In some implementations, FlexRay is used for real-time, safety-critical applications. In some implementations, additional or different types of communications (e.g., Ethernet/IP, LIN, or MOST) can be used in the powertrain and vehicle dynamics domain 405. For example, LIN can be used for low-speed applications like sensors and actuators (e.g., with a data rate around 20 kbps).”.).

As to claim 31, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to monitor and/or analyze and/or report a sequence of multiple predefinable messages of the first data interface and/or of the second data interface (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”).

As to claim 32, the system of Barrett and OVERBY as applied to claim 31 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 31, wherein the security unit is configured to monitor whether a predefinable sequence of the predefinable messages occurs at the first data interface and/or the second data interface (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”), 
the security unit being configured to initiate a response if the predefinable sequence does not occur or does not occur within a predefinable time, the response including at least one of the following elements: a) limiting a data rate of at least one of the at least two data interfaces, b) at least temporarily deactivating at least one of the at least two data interfaces (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”).

As to claim 33, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit includes at least one state machine, and/or the security unit is configured to at least temporarily define or implement the at least one state machine (i.e., …teaches in par. 0060 the following: “In the example case of IP based connectivity, the IP address, protocol type, and port number of the listening services can be recorded. In some implementations, a dynamic analysis includes turning off all firewalls and exercising the various software states of the vehicle using a packet sniffing application to record connectivity used (source and destination addresses, etc.).”).

As to claim 34, the system of Barrett and OVERBY as applied to claim 33 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 33, wherein the security unit is configured to monitor, using the at least one state machine, one or multiple messages of at least one stateful communication protocol, which is at least temporarily assignable or assigned to at least one of the at least two data interfaces, and/or to simulate and/or monitor state sequences of the at least one stateful communication protocol (i.e. …teaches in par. 0061 the following: “dynamic analysis can be performed for exercising the software states of the vehicle in one or more of the following example environments: (a) where all the codes are deployed in the vehicle and the vehicle is driven around to execute software features; (b) where the relevant ECU's, DCs, and interconnecting wiring loom are constructed on a bench/wall. All codes are deployed to ECUs and DCs. Executing the software features to ascertain connectivity used in a wide range of conditions may be simulated by injection of appropriate messages or by switching ECUs into certain states.”).

As claim 35, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to: (i) at least temporarily monitor and/or limit a data rate and/or packet frequency, and/or (ii) carry out further policing functions (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”).

As to claim 36, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit includes at least one counter, and/or the security unit is configured to at least temporarily define or implement the at least one counter, wherein the device is configured to use the at least one counter at least temporarily to count events (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”).

As to claim 37, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to at least temporarily link the at least one security function to at least one of the at least two data interfaces (i.e., …teaches in par. 0037 the following: “FIG. 2 shows an example implementation of inter-domain firewalling in the example vehicle network 200. ”).

As to claim 38, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to: a) at least temporarily limit, for at least one data interface of the at least two data interfaces, a data rate and/or packet frequency of packets arriving at the at least one data interface and/or going out from the at least one data interface, and/or b) at least temporarily block at least one data interface of the at least two data interfaces, to prevent or make more difficult denial of service attacks on the at least one data interface (i.e., …teaches in par. 0030 the following: “… security checks on traffic and potentially block certain traffic from being transferred.”).

As to claim 39, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to configure and/or reconfigure at least one component of the security unit dynamically (i.e., …teaches in par. 0060 the following: “performing a dynamic analysis of the software code includes performing a port scan or a packet sniffing to determine connectivity paths. Packet sniffing can also be used to troubleshoot network problems or to gather network statistics. The software or device used for capturing packet data can be referred to as a packet sniffer, packet analyzer, network sniffer or simply network analyzer. Packet sniffing can be performed to capture network traffic (e.g., at the frame level) and derive network information by analysing the captured packets or frames (e.g., according to certain frame structure and/or traffic statics).”).

As to claim 40, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the security unit is configured to at least temporarily monitor and/or evaluate a data traffic between the at least two data interfaces, which are each assigned to different communication protocols (i.e., …teaches in par. 0060 the following: “performing a dynamic analysis of the software code includes performing a port scan or a packet sniffing to determine connectivity paths. Packet sniffing can also be used to troubleshoot network problems or to gather network statistics. The software or device used for capturing packet data can be referred to as a packet sniffer, packet analyzer, network sniffer or simply network analyzer. Packet sniffing can be performed to capture network traffic (e.g., at the frame level) and derive network information by analysing the captured packets or frames (e.g., according to certain frame structure and/or traffic statics).”), 
the security unit being configured to generate a heat map based on the monitored and/or evaluated data traffic (i.e., …teaches in par. 0045 the following: “The powertrain and vehicle dynamics DC 650 includes an intruder detection system (IDS) 635. As shown in FIG. 6, in some instances, an intruder 669 may gain access to the internal CAN network and attempt to compromise the powertrain and vehicle dynamics domain 605. The IDS 635 can be used for intruder detection. For example, the IDS 635 can identify a data frame that is unexpected (e.g., one with message identity that does not appear within the identified connectivity information based on code analysis). In some implementations, the IDS 635 may generate a log and/or a report which is transmitted to a cloud server to record any intrusion, unexpected data frame, or any other abnormal information.”).

As to claim 41, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the device includes at least one evaluation unit which is configured to evaluate the first data and/or the second data and/or data derived from the first data and/or the second data (i.e., …teaches in par. 0060 the following: “performing a dynamic analysis of the software code includes performing a port scan or a packet sniffing to determine connectivity paths. Packet sniffing can also be used to troubleshoot network problems or to gather network statistics. The software or device used for capturing packet data can be referred to as a packet sniffer, packet analyzer, network sniffer or simply network analyzer. Packet sniffing can be performed to capture network traffic (e.g., at the frame level) and derive network information by analysing the captured packets or frames (e.g., according to certain frame structure and/or traffic statics).”.), the evaluation unit being configured to carry out at least one software-based function (i.e., …teaches in par. 0060 the following: “performing a dynamic analysis of the software code includes performing a port scan or a packet sniffing to determine connectivity paths. Packet sniffing can also be used to troubleshoot network problems or to gather network statistics. The software or device used for capturing packet data can be referred to as a packet sniffer, packet analyzer, network sniffer or simply network analyzer. Packet sniffing can be performed to capture network traffic (e.g., at the frame level) and derive network information by analysing the captured packets or frames (e.g., according to certain frame structure and/or traffic statics).”).

As to claim 42, Barrett teaches a method for processing data packets of different communication protocols in motor vehicle, the method comprising: providing, in the motor vehicle, a device including: 
(i) at least two data interfaces, a first data interface of the at least two data interfaces being configured to at least temporarily exchange first data with at least one first external unit according to a first communication protocol (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications.”), 
a second data interface of the at least two data interfaces being configured to at least temporarily exchange second data with a second external unit according to a second communication protocol (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443. For example, the powertrain and vehicle dynamics DC 450 can be connected to an Ethernet that includes the Ethernet switch 445 for inter-domain communication with other domains 415, 425, and 435. The powertrain and vehicle dynamics DC 450 can be connected with a CAN network that includes one or more actuator ECUs 432, 436 and sensor ECUs 434, 438 that support CAN communications.”), 
which is different than the first communication protocol (i.e., …teaches in par. 0040 the following: “The powertrain and vehicle dynamics DC 450 can support communications based on different communication protocols such as TCP/IP stack 422, CAN stack 432, and FlexRay stack 443.”); 
and (ii) a security unit configured to at least temporarily carry out at least one security function with regard to at least one of the at least two data interfaces (i.e., …teaches in par. 0037 the following: “FIG. 2 shows an example implementation of inter-domain firewalling in the example vehicle network 200”); 
and at least temporarily using the device (i.e., …teaches in par. 0050 the following: “… configuring firewalls for intra-domain communications, the firewall can be applied at all connections from the ECU endpoint (e.g., as described with respect to FIG. 5) to the intra-domain network”).

Barrett does not explicitly use the terms first interface and second interface.
In this instance the examiner notes the teachings of prior art reference OVERBY. 
Overby teaches in par. 0064 the following: “For example, FIG. 2B shows a guest OS 212A and a guest OS 212N, which may be included in the Guest OSes 212 of FIG. 2A. The guest OSes 212A and 212N may include a virtualized network interface 224A to a hardware network interface 226A, which may be IP network interfaces, such as Ethernet interfaces. The hardware network interface 226A provides access to a hardware communication channel 210A, which may correspond to physical portions of the communication channel(s) 150 that are external to the embedded system and/or the virtualized environment 102 (e.g., an external Ethernet link). Similarly, the guest OS 212A and the guest OS 212N may include a virtualized network interface 224N to a hardware network interface 226N, which may be vehicle bus network interfaces, such as CAN interfaces. The hardware network interface 226N provides access to a hardware communication channel 210N, which may correspond to physical portions of the communication channel(s) 152 that are external to the embedded system and/or the virtualized environment 102 (e.g., an external CAN bus).”. Teaches in par. 00187 the following: “Although the bus 1202 is described herein as being a CAN bus, this is not intended to be limiting. For example, in addition to, or alternatively from, the CAN bus, FlexRay and/or Ethernet may be used. Additionally, although a single line is used to represent the bus 1202, this is not intended to be limiting. For example, there may be any number of busses 1202, which may include one or more CAN busses, one or more FlexRay busses, one or more Ethernet busses, and/or one or more other types of busses using a different protocol. In some examples, two or more busses 1202 may be used to perform different functions, and/or may be used for redundancy. For example, a first bus 1202 may be used for collision avoidance functionality and a second bus 1202 may be used for actuation control. In any example, each bus 1202 may communicate with any of the components of the vehicle 1200, and two or more busses 1202 may communicate with the same components. In some examples, each SoC 1204, each controller 1236, and/or each computer within the vehicle may have access to the same input data (e.g., inputs from sensors of the vehicle 1200), and may be connected to a common bus, such the CAN bus.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Barrett with the teachings of OVERBY by having their system comprise defined interface structure. One would have been motivated to do so to provide a simple and effective means to communication, wherein the device interface helps facilitate inter-communication within the network and makes it easier to configure the devices within the network communication.

As to claim 43, the system of Barrett and OVERBY as applied to claim 22 above teaches vehicle network communication, specifically Barrett teaches a device as recited in claim 22, wherein the device is used for at least one of the following elements: a) hardware-based and/or hardware-accelerated monitoring, of data packets of different communication protocols in a motor vehicle; b) ascertaining and/or detecting a context of a target system; c) hardware-based and/or hardware-accelerated monitoring of a violation of firewall rules; d) hardware-based and cross-protocol filtering of data packets; e) preventing and/or making more difficult denial of service attacks on the at least one data interface (i.e., …teaches in par. 0090 the following: “An example of an IDS for CAN is shown in FIG. 6. In this case the IDS 635 is hosted on the DC 650 that monitors activity on a CAN bus. The IDS 635 can compare Message identities in Remote Frames and Data Frames of messages that are sent on the CAN Bus with a whitelist (e.g., determined by static code analysis and/or dynamic analysis) of allowed Remote Frames and Data frames that are allowed on the CAN Bus. Then, when a Remote Frame or Data Frame that is not compliant with the whitelist is detected, the IDS can take certain actions. For example, the IDS can log the non-compliance including details of packet type detected, packet field settings, time of detection, etc. Optionally, at some later point in time, this log may be reported to a server on a network that is external to the vehicle or it may be read by some diagnostic tool (e.g., over ODBII). In some implementations, the IDS may immediately report the non-compliance, for example, to a server in the network.”).



Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497