DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
2.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3. Claim(s) 20,23,25-29 and 32- 34 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116).

4. Regarding claims 20 and 34 Yoo teaches a single-chip system and a method, comprising: a plurality of computing units; at least one input/output unit; a memory unit; an input/output control unit configured to coordinate communication between the plurality of computing units and the at least one input/output unit; and an attack detection unit communicatively connected to the at least the input/output control unit via a first hardware signal connection (Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.2-18), wherein the attack detection unit is configured to:
 evaluate a first input signal received from the input/output control unit for determining infringement of one or more rules based on a set of attack detection rules (abstract and Page.3, Under Title: TECH-PROBLEM, Lines.6-8 teaches establish a firewall and an anti-malware engine based on memory on a system-on-chip to detect malicious code, and to detect malware by referring to a pattern of malicious code registered in a malware signature database on the system-on-chip memory. Page.3, Under Title: “TECH-SOLUTION”,  Lines.2-8 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory);

and based on the evaluation of the first input signal and upon determination of infringement of the one or more rules, respond to the first infringement of the one or more rules with at least one preconfigured measure (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200.
Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed);

evaluate a second input signal received from at least one component of the single- chip system via a second hardware signal connection for determining a second infringement of the one or more rules based on the set of attack detection rules (abstract and Page.3, Under Title: TECH-PROBLEM, Lines.6-8 teaches establish a firewall and an anti-malware engine based on memory on a system-on-chip to detect malicious code, and to detect malware by referring to a pattern of malicious code registered in a malware signature database on the system-on-chip memory. Page.3, Under Title: “TECH-SOLUTION”,  Lines.2-8 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory);

and based on the evaluation of the second input signal and upon determination of infringement of the one or more rules, respond to the second infringement of the one or more rules with the at least one preconfigured measure, wherein the at least one component of the single-chip system comprises a memory access control unit, and/or the memory unit (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200.
Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed).

Yoo teaches all the above claimed limitations but does not expressly teach based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules.

Chen teaches based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules (Para:0030-0031 teaches the SVM security model wrapper 501 may be included in the SOC 500 to monitor the input/output behavior of the security policy decision point module 507 and security policy enforcement point module 508 to prevent execution of insecure inputs and/or to block insecure output.  The security monitor can record the address of the violating attempt in the audit log database 511 which the security monitor 502 uses to keep a log of violations).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Yoo to include based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules, as taught by Chen since such a setup will give a predictable result of providing security assurance in a data processing system.

5.  Regarding claim 23 Chen teaches the single-chip system, wherein the second input signal corresponds to a load on a memory bus connecting the plurality of computing units and the memory unit (Para:0030-0031 teaches plurality of processing cores and memory unit) .

6.  Regarding claim 25 Yoo teaches the system-chip system, wherein the at least one component of the single-chip system further comprises a computing unit timer, a power management unit, a configuration register associated with the plurality of computing units, and/or an interrupt controller, and wherein the attack detection unit is further configured to: evaluate the second input signal from the at least one component of the single-chip system for determining utilization of the single-chip system or impermissible configuration based on the set of attack detection rules (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200.
Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed).

7. Regarding claim 26 Chen teaches the system-chip system, wherein the at least one component of the single- chip system further comprises a debug interface of the single-chip system (Para:0004 teaches the single- chip system comprises a debug interface).

8.  Regarding claim 27 Yoo teaches the single-chip system, wherein the attack detection unit is further configured to: pre-evaluate the first input signal or the second input signal transmitted to the attack detection unit for filtering the first input signal or the second input signal (Page.3, Under Title: “TECH-SOLUTION”, Lines.2-11 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory).

9. Regarding claim 28 Yoo in view of Chen, wherein the set of attack detection rules is either unalterable in hardware or alterable using a secured method according to secret information encoded in the hardware in the single-chip system (YOO: Page.2, Under Title: “BACKGROUND-ART”, Lines.14-16 ; Page.4, Lines.1-8 and Page.5, Lines.1-12 teaches the software-based antivirus program basically includes an anti-malware engine and a signature matching unit, and has a structure in which a virus signature database is periodically updated. 
Chen: Para:0024-0025 and Para:0033 teaches updating /altering the rules).

10.  Regarding claim 29 Yoo teaches the single-chip system, wherein the attack detection unit is further configured to: forward an event classified as an attack on an internal memory device or an external memory device to a computing device external to the single-chip system abstract and (Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200. Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed).

12. Regarding claim 32 Yoo teaches the single-chip system, wherein the attack detection unit meets security requirements corresponding to the at least one component of the single-chip system for evaluating the first input signal or the second input signal related to the security requirements (abstract and Page.3, Under Title: “TECH-SOLUTION”, Lines.2-11 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory).

13. Regarding claim 33 Yoo in view of Chen teaches the single-chip system, wherein the attack detection unit is further configured to: trigger the at least one preconfigured measure for at least part of an event classified as an attack; and transmitting one or more signals describing the at least one preconfigured measure via hardware measure connections to the at least one component of the single-chip system affected by the at least one preconfigured measure, the plurality of computing units, and/or a virtual computing component (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200. Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed.
Chen: Para:0030-0031 teaches plurality of processing cores).

14. Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116) as applied to claim 20 above and further in view of Gooding (US Pub.No.2011/0119445).

15. Regarding claim 21 Yoo in view of Chen teaches the single-chip system, wherein the plurality of computing units comprise one or more computer cores and/or one or more central processing units, wherein the memory access control unit comprises a memory access register (YOO: abstract), but does not expressly teach wherein the memory unit is configured to receive an input signal to access a guard page of the memory unit, wherein the guard page is described on a physical level.

Gooding teaches the memory access control unit comprises a memory access register, and wherein the memory unit is configured to receive an input signal to access a guard page of the memory unit, wherein the guard page is described on a physical level (Para:0011 and Para:0025 teaches receiving the signal to access guard page).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen  to include the memory access control unit comprises a memory access register, and wherein the memory unit is configured to receive an input signal to access a guard page of the memory unit, wherein the guard page is described on a physical level, as taught by Gooding such a setup 
would give predictable result of providing memory access check to detect guard page violation.

16. Claim 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116)as applied to claim 20 above and further in view of Hars (US Pub.No.2016/0026824).

17. Regarding claim 22 Yoo in view of Chen teaches the single-chip system, wherein the attack detection unit is either a separate hardware component of the single-chip system (Yoo: abstract) or a part of an inspection unit for monitoring the plurality of computing units or a virtual computing component of the single- chip system (Chen: Para:0030-0031), but does not expressly teach wherein the inspection unit is configured to analyze a shadow memory of the single- chip system.

Hars teaches the inspection unit is configured to analyze a shadow memory of the single- chip system (Figs.4-5, Para:0007, Para: 0031 and Claims 15, 19 teaches analyzing a shadow memory of the single- chip system). 
Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen  to include the inspection unit is configured to analyze a shadow memory of the single- chip system , as taught by Hars such a setup would give predictable result of providing security against memory replay attacks.

18. Regarding claim 24 Yoo in view of Chen teaches all the above claimed limitations but does not expressly teach the single-chip system, wherein the at least one component of the single-chip system further comprises an inspection unit configured for monitoring a shadow memory of the single-chip system.

Hars teaches an inspection unit configured for monitoring a shadow memory of the single-chip system (Figs.4-5, Para:0007, Para: 0031 and Claims 15, 19 teaches monitoring a shadow memory of the single- chip system). 

Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen  to include an inspection unit configured for monitoring a shadow memory of the single-chip system, as taught by Hars such a setup would give predictable result of providing security against memory replay attacks.

19. Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116)as applied to claim 20 above and further in view of Hildebrand (US Pub.No.2009/0077417).

20.  Regarding claim 30 Yoo in view of Chen teaches all the above claimed limitations but does not expressly teach the single-chip system, wherein the attack detection unit is further configured to: add a chip ID identifier to event data corresponding to the event classified as the attack on the internal memory device or the external memory device.

Hildebrand teaches the attack detection unit is further configured to: add a chip ID identifier to event data corresponding to the event classified as the attack on the internal memory device or the external (Para:0028, Para:0031-0032 teaches checking the chip ID).

Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen  to include an inspection unit configured for monitoring a shadow memory of the single-chip system, as taught by Hars such a setup would give predictable result of checking external memory attacks. 

21. Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116)as applied to claim 20 above and further in view of Gukal (US Pub.No.20017/0093910).

22. Regarding claim 31 Yoo in view of Chen teaches all the above claimed limitations but does not expressly teach the single-chip system, wherein the attack detection unit is further configured to: determine event data corresponding to a cause of an event classified as an attack, a type of the event, and/or time of the event.

Gukal teaches the attack detection unit is further configured to: determine event data corresponding to a cause of an event classified as an attack, a type of the event, and/or time of the event (Para:0286, Para:0339  and Para:0353 teaches analyzing the attack and determine the type of attack and the time of the event). 

Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen  to include an inspection unit configured for monitoring a shadow memory of the single-chip system, as taught by Gukal such a setup would give predictable result of detecting threats to a network. 

23. Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Yoo (WO 2010117155) in view of Chen (US Pub.No.2017/0076116) and further in view of Fons (US Pub.No.2018/0217942).

24. Regarding claim 35 Yoo teaches a system, comprising: a control device that comprises a single-chip system, wherein the single-chip system comprises:  a plurality of computing units, at least one input/output unit, a memory unit, an input/output control unit configured to coordinate communication between the plurality of computing units and the at least one input/output unit , an attack detection unit communicatively connected to the at least the input/output control unit via a first hardware signal connection (Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.2-18), wherein the attack detection unit is configured to:
 evaluate a first input signal received from the input/output control unit for determining infringement of one or more rules based on a set of attack detection rules (abstract and Page.3, Under Title: TECH-PROBLEM, Lines.6-8 teaches establish a firewall and an anti-malware engine based on memory on a system-on-chip to detect malicious code, and to detect malware by referring to a pattern of malicious code registered in a malware signature database on the system-on-chip memory. Page.3, Under Title: “TECH-SOLUTION”,  Lines.2-8 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory);

and based on the evaluation of the first input signal and upon determination of infringement of the one or more rules, respond to the first infringement of the one or more rules with at least one preconfigured measure (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200.
Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed);

evaluate a second input signal received from at least one component of the single- chip system via a second hardware signal connection for determining a second infringement of the one or more rules based on the set of attack detection rules (abstract and Page.3, Under Title: TECH-PROBLEM, Lines.6-8 teaches establish a firewall and an anti-malware engine based on memory on a system-on-chip to detect malicious code, and to detect malware by referring to a pattern of malicious code registered in a malware signature database on the system-on-chip memory. Page.3, Under Title: “TECH-SOLUTION”,  Lines.2-8 teaches a central processing unit that collectively controls each part in the system on chip to detect malicious codes based on the system on chip. Classify packets that are input from the outside through the network interface unit and perform filtering operations such as dropping and dropping the classified packets according to preset contents, and outputting the result to the application memory or the anti-malware engine. A memory-based anti-malware engine for a system-on-chip anti-malware engine that detects malicious codes by performing a pattern matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database on a system-on-chip memory);

and based on the evaluation of the second input signal and upon determination of infringement of the one or more rules, respond to the second infringement of the one or more rules with the at least one preconfigured measure, wherein the at least one component of the single-chip system comprises a memory access control unit, and/or the memory unit (abstract and Page.4, Under Title: “MODE-FOR-INVENTION”, Lines.22-24 teaches in the firewall 131 of the system-on-chip memory 130, the packet identification unit 131A classifies the input packets and outputs them to the packet filtering unit 131B. In this case, the packet filtering unit 131B performs filtering, such as 'allow' and 'drop' on the input packets according to the setting contents of the application memory 200.
Page.5, Lines.5-8 teaches the anti-malware engine 132 performs malware detection on the packet filtered file output from the packet filtering unit 131B and a file newly input from the input /output interface unit 20. The malware signature database 133B is built on the system-on-chip memory 130. The anti-malware engine 132 uses the pattern and the path of the malware registered in the malware signature database 133B to detect malware. Pattern matching between code patterns in the input file is performed).

Yoo teaches all the above claimed limitations but does not expressly teach based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules.

Chen teaches based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules (Para:0030-0031 teaches the SVM security model wrapper 501 may be included in the SOC 500 to monitor the input/output behavior of the security policy decision point module 507 and security policy enforcement point module 508 to prevent execution of insecure inputs and/or to block insecure output.  The security monitor can record the address of the violating attempt in the audit log database 511 which the security monitor 502 uses to keep a log of violations).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Yoo to include based on the evaluation of the first and second input signal and upon determination of infringement of the one or more rules, log the first and second infringement of the one or more rules, as taught by Chen since such a setup will give a predictable result of providing security assurance in a data processing system.

Both Yoo and Chen teaches all the above claimed limitations but does not expressly teach the system is a motor vehicle system.
 Fons teaches the system is a motor vehicle system  (abstract and Para:0001-0003 teaches analyzing the motor vehicle data).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Yoo in view of Chen to include teaches the system is a motor vehicle system, as taught by Fons such a setup would enable the hardware based security systems to secure an electronic device, specifically, to a hardware security system for an electronic device, a mobile device or a motor vehicle.

                                                         Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If You would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/ Primary Examiner, Art Unit 2431