Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 17/183,926 is presented for examination by the examiner. Claims 1, 9, and 17 are amended. Claims 1-3, 6-11, 14-19, and 21-23 are pending.
Response to Arguments
Applicant's arguments with respect to claim(s) 1, 9, and 17 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 8-10, 16-18 and 21-23 rejected under 35 U.S.C. 103 as being unpatentable over John (WO 2019/118836 A1) in view of Reznik (US 20100131751 A1).
Regarding Claim 1
John teaches:
An autonomous vehicle control attack mitigation system (John Abstract "Systems, methods, and computer-readable storage media for intrusion protection on autonomous vehicles"), the system comprising:
a radio frequency (RF) transceiver to send and receive RF signals (John Paragraph 3 and 55: guide the vehicles via RF (Radio Frequency) transmissions... the autonomous vehicle receives an RF signal.);
processing circuitry; and
one or more storage devices comprising instructions, which when executed by the processing circuitry (John Paragraph 7: Autonomous vehicle, configured according to this Page 5 disclosure may include: a processor; a computer-readable storage medium having instructions stored.), configure the processing circuitry to:
receive an autonomous vehicle malicious control signal from the RF receiver (John Paragraph 6: at a processor on the autonomous vehicle, that an intrusion attempt on the autonomous vehicle is being made as the autonomous vehicle is traveling);
generate a plurality of autonomous vehicle signal content characteristics based on an extracted message content of the autonomous vehicle malicious control signal (John Paragraph 29: Threat criteria may comprise one or more factors. The factors stored within the database may be static references, actively sensed data, programmatically communicated, algorithmically determined, or be various states, and/or characteristics the autonomous vehicle is capable of measuring or otherwise acquiring.);
generate a plurality of extracted physical signal characteristics based on an extracted physical signal information of the autonomous vehicle malicious control signal (John Paragraph 46: Hacking attempts may have certain characteristics, such as a particular error rate, signal strength, or type of packet. And within these types there may be changes in the signal qualities, such as data rate, frequency, channel, etc. These qualities can be evaluated to detect hacking attempts.),
generate an autonomous vehicle attack determination based on the plurality of autonomous vehicle signal characteristics (John Paragraph 26: The iterative analysis can apply rule-based or machine learning to a process of (1) identifying threats, (2) evaluating threats, (3) responding to threats, and (4) repeating the process), the autonomous vehicle attack determination identifying the malicious control signal includes at least one of signal jamming or message injection (John Paragraph 18 and 41: For example, autonomous vehicles may be targeted by attackers seeking to take control of the autonomous vehicle via hacking or other intrusive mechanisms. Likewise, the autonomous vehicle may be subject to a denial of service attack, where an attacker attempts to intercept, impede, spoof, or otherwise disrupt the communication system of the autonomous vehicle. In some cases, the threat may be created by another autonomous vehicle. For example, an unfriendly autonomous vehicle may be used to capture an autonomous vehicle, or otherwise control the autonomous vehicle to perform espionage ... FIG. I illustrate an example of ground stations communicating with an unmanned vehicle which is an aerial drone 102. In this example, the aerial drone 102 is receiving signals from two distinct ground stations 104, 106. However, it may be that one of the ground stations 104, 106 is not operating with friendly intentions, and may be attempting to take control of(or otherwise harm) the aerial drone 102.);
However, John is silent in explicitly teaching generating a dual response countermeasure signal that includes both null steering based on attack signal direction of arrival and frequency hopping, and causing an RF transceiver to generate an RF dual response countermeasure broadcast including steering a null in an antenna gain response pattern toward the attacker while modifying the control signal via frequency hopping to maintain operational control.
On the other hand, Reznik teaches RF security countermeasures triggered by detection of malicious interference or jamming, including estimating the direction of interference using MIMO antenna systems and steering a receive beam pattern to place a spectral null in the direction of a detected jammer (¶44, 51, 55). Reznik further teaches that, upon detection of a malicious jammer by a security manager, the system may dynamically switch communication channels or implement channel hopping policies to mitigate interference and maintain communications (¶52, 55). Reznik teaches that these RF countermeasures are initiated based on attack detection and coordinated by a control entity that instructs the physical and MAC layers to execute beam steering and channel switching operations (¶49–52). Reznik therefore teaches null steering based on direction of arrival of a malicious interferer and modifying transmissions via channel switching or hopping in response to detected jamming, as recited in claim 1. One of ordinary skill in the art would have been motivated to incorporate Reznik’s RF countermeasure techniques into John’s autonomous vehicle attack response system to improve resistance to RF jamming and spoofing while allowing continued autonomous operation. Combining known attack detection and response techniques with known RF mitigation techniques yields predictable results, namely mitigating malicious RF control interference while maintaining operational communications. Accordingly, the combination of John and Reznik teaches or renders obvious generating a dual response countermeasure signal based on an attack determination and direction of arrival, and causing an RF transceiver to generate a countermeasure broadcast including null steering and frequency hopping, as recited in claim 1. The claim is obvious because one of ordinary skill in the art can combine methods known before the effective filing date which produce predictable results.
Regarding Claim 2
John discloses:
The system of claim 1, the instructions further configuring the processing circuitry to: send the plurality of autonomous vehicle signal characteristics to an autonomous vehicle attack machine learning (ML) system, the autonomous vehicle attack ML system including an autonomous vehicle attack ML model trained to recognize attack signatures based on previously received autonomous vehicle attack signals using reinforcement learning (John Paragraph 25: discusses collecting AV data andfeeding it into a threat processing system that adapts behavior over time, which aligns with sending AV signal characteristics to an ML system trained via reinforcement learning.);
receive a plurality of ML signal characteristics from the autonomous vehicle attack ML system (John Paragraph 26: ML signal characteristics are received from the system as updated insights to adjust threat levels and responses, aligning with dynamic adjustment mentioned.); and generate a retrained autonomous vehicle ML model by updating the autonomous vehicle attack ML model using online learning based on an effectiveness of the attack countermeasure (John Paragraph 25: modifying AV behavior based on countermeasure, which maps to online learning through retraining.),wherein the reinforcement learning and online learning enable the system to adapt to changes in attack types over time (John Paragraph 26: The AV adjusts its model based on historical and real-time effectiveness, illustrating reinforcement and online learning to adapt to evolving threats.);
wherein the generation of the attack determination is further based on analysis of the plurality of ML signal characteristics using the retrained autonomous vehicle attack ML model (John Paragraph 26: Reinforcement learning is showed in the discussion of updating weights and behavior based on countermeasure success, enabling adaptation to new attack types.).
Regarding Claim 8
John discloses:
The system of claim 1, wherein: the autonomous vehicle signal characteristics include at least one of a set of mean eigenvalues, a bad packet ratio (John Paragraph 30-32: With the understanding that specific criteria, results, or corresponding threat levels may vary based on specific needs and configuration, consider the following exemplary rules... Number of packets received during an interval is higher than expected peak; A combination of values or states exceed criteria, resulting in assigned threat levels.), an energy statistic, or a root-means-squared (RMS) error vector magnitude (EVM); and
the plurality of autonomous vehicle signal characteristics includes at least one of a signal frequency selection, a signal modulation pattern, or a signal timing (John Paragraph 46: Hacking attempts may have certain characteristics, such as a particular error rate, signal strength, or type of packet. Andwithin these types there may be changes in the signal qualities, such as data rate, frequency, channel, etc. These qualities can be evaluated to detect hacking attempts.).
Regarding Claim 9
Claim 9 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 9 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 10
Claim 10 is directed to a method corresponding to the computer-implemented method in claim 2. Claim 10 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 16
Claim 16 is directed to a method corresponding to the computer-implemented method in claim 8. Claim 16 is similar in scope to claim 8 and is therefore rejected under similar rationale.
Regarding Claim 17
Claim 17 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 17 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 18
Claim 18 is directed to a method corresponding to the computer-implemented method in claim 2. Claim 18 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 21
John teaches an autonomous vehicle attack mitigation system that detects malicious control signals and causes an RF transceiver to modify autonomous vehicle control signals in response to an attack determination. However, John is silent as to explicitly teaching that modifying the autonomous vehicle control signal includes generating a null in an antenna gain response pattern in the direction of the attack signal direction of arrival.
On the other hand, Reznik teaches RF security countermeasures triggered by detection of malicious interference or jamming, including estimating the direction of interference using multi-antenna (MIMO) systems and steering a receive beam pattern to place a spectral null in the direction of a detected jammer (¶44, 51, 55). Reznik further teaches that upon detection of a malicious jammer, a control entity may instruct the physical layer to adjust beamforming vectors to null the interference source based on the direction of arrival (¶49–52). One of ordinary skill in the art would have been motivated to incorporate Reznik’s null-steering technique into John’s autonomous vehicle attack response system in order to improve resistance to RF jamming and spoofing attacks while maintaining operational control of the vehicle. Doing so merely applies a known RF mitigation technique to a known autonomous vehicle attack detection system and yields predictable results, namely attenuation or blocking of malicious RF control signals arriving from a known direction. Accordingly, the combination of John and Reznik teaches or renders obvious causing the RF transceiver to modify the autonomous vehicle control signal by generating a null in an antenna gain response pattern in the direction of the attack signal direction of arrival, as recited in claim 21. The claim is obvious because one of ordinary skill in the art can combine methods known before the effective filing date which produce predictable results.
Regarding Claim 22
Claim 22 is directed to a method corresponding to the computer-implemented method in claim 21. Claim 22 is similar in scope to claim 21 and is therefore rejected under similar rationale.
Regarding Claim 23
Claim 23 is directed to a method corresponding to the computer-implemented method in claim 21. Claim 23 is similar in scope to claim 21 and is therefore rejected under similar rationale.
Claims 3, 11 and 19 rejected under 35 U.S.C. 103 as being unpatentable over John (WO 2019/118836 A1) in view of Reznik (US 20100131751 A1) as applied to claims 1, 9 and 17 above, and in further view of KATO (US 2020/0342697 A1).
Regarding Claim 3
John and Reznik do not disclose the following limitation “the instructions further configuring the processing circuitry to: send the autonomous vehicle attack determination and the dual response countermeasure signal to the autonomous vehicle attack ML system; generate a retrained autonomous vehicle ML model based on the autonomous vehicle attack ML system, the autonomous vehicle attack determination and the dual response countermeasure signal; and deploy the retrained autonomous vehicle ML model for use in other autonomous vehicle attack response systems”
On the other hand, KATO teaches updating and refining countermeasures for an autonomous vehicle based on detected failure conditions and the current operating environment. Specifically, KATO teaches that when a failure or abnormal condition is detected, a failure correspondence unit determines an appropriate countermeasure and a failure countermeasure update unit updates stored countermeasure logic based on environmental conditions (¶74–79, 81–0084). KATO further teaches that artificial intelligence and machine learning techniques may be applied to decide and update countermeasures to better suit observed conditions and improve future responses (¶101). KATO also teaches deploying the updated countermeasure logic by transmitting updated control information to vehicle control systems for continued or future automated operation (¶76–0077, 102).
John teaches generating an autonomous vehicle attack determination and initiating attack response logic, while Reznik teaches RF attack mitigation actions taken in response to detected malicious interference. One of ordinary skill in the art would have been motivated to incorporate KATO’s adaptive countermeasure updating techniques into John’s attack detection system and Reznik’s RF countermeasure framework in order to improve robustness and safety of autonomous vehicle attack response systems by learning from detected attacks and deployed countermeasures. The combination yields predictable results, namely refining and redeploying attack-response models based on prior attack determinations and applied countermeasures. Accordingly, the combination of John, Reznik, and KATO teaches or renders obvious sending the autonomous vehicle attack determination and dual response countermeasure signal to an attack response system, generating a retrained model based on that information, and deploying the retrained model for use in other autonomous vehicle attack response systems, as recited in claim 3.
Regarding Claim 11
Claim 11 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 11 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 19
Claim 19 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 19 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Claims 6, 7, 14, 15 rejected under 35 U.S.C. 103 as being unpatentable over John (WO 2019/118836 A1) in view of Reznik (US 20100131751 A1) as applied to claims 1, 9 and 17 above, and in further view of N.P.L Arjoune (Wideband Spectrum Sensing: A Bayesian Compressive Sensing Approach).
Regarding Claim 6
John teaches generating a dual response countermeasure signal in response to an autonomous vehicle attack determination and modifying an autonomous vehicle control signal via frequency hopping to maintain operational control during an RF attack. However, John and Reznik are silent in explicitly teaching that the generation of the dual response countermeasure signal is based on a compressive wideband spectrum sensing approach, including sampling a wideband spectrum at specific time instances, reconstructing wideband signal samples using Bayesian inference, and identifying free control signal channels via autocorrelation detection.
On the other hand, Arjone teaches a compressive wideband spectrum sensing approach in which a wideband spectrum is sampled at a limited number of time instances using compressive sensing techniques to reduce sampling rate and processing complexity (page 3). Arjone further teaches reconstructing the wideband signal using Bayesian inference methods, specifically Bayesian compressive sensing, to recover sparse wideband signal samples from the limited measurements (page 4). Arjone additionally teaches identifying spectrum occupancy and free frequency channels using autocorrelation-based detection of the reconstructed signal samples, which enables detection of unused spectrum holes suitable for dynamic channel access (page 4). Arjone teaches that these identified free channels allow rapid access to available spectrum and support dynamic frequency selection in response to interference (page 1).
It would have been obvious to one of ordinary skill in the art to incorporate Arjone’s compressive wideband spectrum sensing, Bayesian reconstruction, and autocorrelation-based free-channel identification techniques into John’s autonomous vehicle attack response system, as enhanced by Reznik’s RF countermeasures, in order to rapidly identify free control signal channels during an RF attack while minimizing sensing latency and hardware complexity. Such a combination yields predictable results, namely enabling fast recovery of lost communications by identifying spectrum holes for frequency hopping while concurrently blocking malicious RF control signals and maintaining autonomous vehicle operation. Accordingly, the combination of John, Reznik, and Arjone teaches or renders obvious generating a dual response countermeasure signal based on a compressive wideband spectrum sensing approach, identifying free control signal channels using Bayesian inference and autocorrelation detection, and implementing frequency hopping through the identified free channels while maintaining operational control of the autonomous vehicle, as recited in claim 6. The claim is obvious because one of ordinary skill in the art can combine methods known before the effective filing date which produce predictable results.
Regarding Claim 7
John teaches determining that a received autonomous vehicle control signal includes malicious control messages, such as injected or spoofed commands intended to take control of the autonomous vehicle. Specifically, John teaches detecting “attacks sending a particular type of command” and determining that such commands are harmful or indicative of intrusion attempts (¶46). John further teaches that, in response to such detected malicious commands, the autonomous vehicle may ignore outside communications for a period of time, disregard specific commands, or isolate the communication system to prevent malicious control ([0019], [0022], [0040], [0046]). This teaches determining that malicious control messages are present and responding by preventing those messages from influencing vehicle operation.
Reznik teaches distinguishing legitimate packets from malicious packets at the PHY/MAC layers and implementing countermeasures accordingly. Reznik expressly teaches that “the correlation output may be used… for distinguishing legitimately received packets from interference packets sent by a malicious adversary” (¶33) and that detected MAC-layer misbehavior indicative of malicious activity triggers countermeasures (¶34–35). Such countermeasures inherently include dropping or suppressing malicious packets, as packets identified as illegitimate are excluded from further processing. Reznik further teaches per-packet PHY/MAC-layer control to support such security services (¶44).
It would have been obvious to one of ordinary skill in the art to incorporate Reznik’s known PHY/MAC-layer packet discrimination and suppression techniques into John’s autonomous vehicle threat-response system in order to more precisely handle malicious control messages, rather than broadly ignoring all communications. The combination yields predictable results namely, selectively dropping malicious control messages while allowing legitimate communications to continue. Accordingly, John in view of Reznik teaches or renders obvious determining that a malicious control signal includes malicious control messages and modifying the autonomous vehicle control signal by causing the RF transceiver to drop malicious control messages, as recited in Claim 7.
Regarding Claim 14
Claim 14 is directed to a method corresponding to the computer-implemented method in claim 6. Claim 14 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Regarding Claim 15
Claim 15 is directed to a method corresponding to the computer-implemented method in claim 7. Claim 15 is similar in scope to claim 7 and is therefore rejected under similar rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is (571)272-1531. The examiner can normally be reached on Monday - Friday, 9:30am - 5:30pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/ Examiner, Art Unit 2431
/MICHAEL R VAUGHAN/ Primary Examiner, Art Unit 2431