APPARATUS AND METHOD FOR AUTHENTICATING ADS-B TRACKS

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The following is a final office action in response to the communication filed on 12/17/2025. Claims 1 and 11 have been amended. Claims 2 and 12 have been cancelled. Claims 1, 3-11 and 13-21 are currently pending and have been examined. Response to Arguments Applicant’s arguments and remarks filed on 12/17/2025 have been fully considered. Applicant’s arguments provided for the U.S.C. §102 and §103 rejections of claims 1-21 have been considered but are not persuasive. (A) Applicant argues, “In the Office Action, the Office asserts that the above italicized limitation is disclosed in Manesh Table 1 and Paragraph [0021]. Applicant respectfully submits, however, that the Office’s assertion is based on an incorrect interpretation of Applicant’s claim terms. “… the meaning given to a claim term must be consistent with the ordinary and customary meaning of the term (unless the term has been given a special definition in the specification), and must be consistent with the use of the claim term in the specification and drawings.” MPEP, §2111 (emphasis added). Applicant respectfully submits that the claim term “ADS-B rules” has been given a specific special definition in the Specification and that this definition does not align with the Office’s interpretation of the Manesh reference. In particular, Paragraphs [0055]-[0058] specify what the Applicant defines as ADS-B rules. As noted in Paragraph [0056], the ADS-B rules based analysis is focused on a transmitters compliance with the ADS-B standard. This is in contrast to Manesh’s bit-wise validity analysis. Claim 1 does not claim a bit-wise analysis. Instead, Claim 1 determines whether a transmission, for example, complies with the ADS-B standard prohibiting periodic transmissions on the 1090MHz frequency. See FAA-E-3011 Rev. A, Pg76. Accordingly, under the broadest reasonable interpretation, Manesh’s bit-wise error analysis cannot be interpreted as equivalent to Applicant’s ADS-B Rules limitation. Applicant, therefore, respectfully requests that the 35 U.S.C. §102 rejections be withdrawn,” (from remarks page 2). As to point (A), Examiner respectfully disagrees. Applicant asserts that Manesh does not teach an example of ADS-B rules-based analysis consistent with a specific definition given in the instant specification. After reviewing specification paragraphs [0055] – [0058], Examiner has found that an ADS-B rules-based analysis can be understood as an ADS-B Rule that is not satisfied (See [0057]: “…if it is found that a track does not satisfy all of the ADS-B requirements, this would be a strong indication of spoofing…”. See also [0056]: “The ADS-B standard is complex, with a large number of rules that define which data is populated into which fields. Specific combination of data must be provided under specific conditions, and the timing for transmitting the information is very specific.”). In Examiner’s judgement, the bad packet ratio analysis by Manesh meets the description of ADS-B rules-based analysis given in the instant specification paragraphs [0055] – [0058]. Specifically, the instant specification in [0058] states: “Some of the ADS-B rule checks that are performed in embodiments as part of a rules-based detection test are illustrated in Figs. 5A and 5B. These can include formatting checks, which verify if the data is formatted in accordance with data definitions in the ADS-B Specification, as well as data checks that verify whether the reported data is within acceptable ranges and are self-consistent, such as latitude being within the limits…”. Manesh states that the bad packet ratio analysis may be performed, for example, using a cyclic redundancy check (CRC). A CRC is a data check that verifies whether the reported data is corrupted by doing a self-consistency check. Therefore, a CRC verifies whether the reported data is self-consistent and performing this check is in accordance with the ADS-B rule checks as described in [0055] – [0058] of the instant specification. In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., “Claim 1 does not claim a bit-wise analysis. Instead, Claim 1 determines whether a transmission, for example, complies with the ADS-B standard prohibiting periodic transmissions on the 1090MHz frequency.”) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). (B) Applicant argues, “Claims 4-5, 9-10, 14-16, and 20-21 stand rejected under 35 U.S.C. §103 as being obvious. Applicant respectfully submits that the 35 U.S.C. §103 rejection has been rendered moot in view of Applicant’s 35 U.S.C. §102 response. Applicant therefore respectfully requests that the rejection under 35 U.S.C. §103 be withdrawn and that the application be placed in condition for allowance.,” (from remarks page 3). As to point (B), see point (A). Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1, 3, 6-8, 11, 13 and 17-19 are rejected under 35 U.S.C. 102(a) as being anticipated by Manesh et al. (US-20220094710-A1; hereinafter Manesh). Regarding claim 1, Manesh discloses: An apparatus for discriminating between spoofed and valid ADS-B tracks (see at least Fig. 1, ADS-B cyber-attack detection and mitigation system 100), the apparatus comprising: an input configured to receive an ADS-B waveform (see at least Fig. 1, block 110 input ADS-B signals) detected by one or more antennae (see at least [0010]; “These solutions do not require implementing additional array antennas or an encrypted or any other new communication protocol.”), an apparent ADS-B track being encoded in the ADS-B waveform (see at least [0003]; “The ADS-B systems use Global Navigation Satellite Systems (GLASS) such as the Global Positioning System (GPS) to gather and broadcast flight information, such as aircraft identity, heading, three-dimensional position, velocity, and other flight information. The information is broadcast in the form of unencrypted plaintext messages, allowing other aircraft and ground stations to receive and process the information for air traffic awareness and control purposes.”); an ADS-B processing module configured to extract data from the ADS-B waveform (see at least Fig. 1, block 120 signal characteristics calculation / subsystem A), said data including digital data reported by the apparent ADS-B track (see at least [0013]; “Subsystem A 120 may implement signal characteristics calculations. In operation, Subsystem A receives input ADS-B signals 110 and extract and calculate various parameters from the received ADS-B signals. In an embodiment, these parameters may be classified into two broad categories as (1) information taken from the content of the message (e.g., transmitter latitude, longitude, heading, velocity), and (2) information extracted from the ADS-B physical signal itself (e.g., received signal strength (RSS), frequency of the received signal).”); and a verifying unit (see at least Fig. 1, subsystems B, C and D) configured to: receive from the ADS-B processing module the extracted data from the ADS-B waveform; apply a plurality of detection tests to the extracted data (see at least [0029]; “Subsystem B 130, the attack detection subsystem, may implement attack detection using various attack detection blocks based on parameters received from Subsystem A 120. Subsystem B 130 may include three machine learning algorithms, including jamming attack detection 132, injection attack detection 134, and modification attack detection 136. In an embodiment, a random forest algorithm is used for jamming attack detection 132, and neural networks are used for injection attack detection 134, and modification attack detection 136.”), each of said detection tests resulting in a score indicating a degree of likelihood that the apparent ADS-B track is a valid ADS-B track (see at least [0030]; “Jamming attack detection 132 may receive the group of jamming attack parameters 122, which includes mean eigenvalue (EGV), signal-to-noise ratio (SNR), received signal strength (RSS), had packet ratio (BPR), and energy, test statistic (E). These parameters are provided to a random forest algorithm to detect abnormalities in the signals. This jamming detection algorithm includes an ensemble of decision tree classifiers in which each classifier is created by means of a vector sampled randomly and independently from the input vector, and each tree provides a unit vote for the most popular class to classify an input vector. The classification of data is performed by taking the majority voted class from all the tree predictors in the forest… Jamming attack detection block 132 provides this classification decision Ŷ as the jamming attack detection output to Subsystem C 140.” See also [0031]; “Injection attack detection 134 may receive the group of injection attack parameters 124, including ownship latitude (LatR), ownship longitude (LonR), transmitter latitude (LatT), transmitter longitude (LonT), velocity difference (Δv), doppler shift (Δf), and received signal strength (RSS). Injection attack detection 134 uses its received parameters to provide Subsystem C 140 with a binary decision about presence or absence of the attack.”); apply a weighting factor to each of the scores (see at least [0034]; “In the Bayesian models used in Subsystem C 140, prior knowledge of the attacks is used to compute the posterior probability distribution of the attacks when a new ADS-B message is received.” This computation is performed in equation 28, where the prior probability distribution PriorAtt is used to scale the computed attack probability and thus can be described as a weighting factor.); and combine the scores to obtain a confidence level predicting whether the ADS-B waveform is a valid ADS-B waveform containing accurate ADS-B track information, or a spoofed waveform containing inaccurate or specious ADS-B track information (see at least [0033]; “Subsystem C 140 may implement Bayesian inference processing for each type of attack. Subsystem C 140 may use Bayesian models to calculate the probability that each type of attack will happen, to calculate the probability of detection, or provide other calculations. Subsystem C 140 uses Bayesian methodologies to generate an estimate of the probability of detection, probability of false alarm, and accuracy of the attack based on past and present data.” See also [0038]; “Subsystem D 150 may implement decision-making and provide an ADS-B system output 160, which may include the ADS-B cyber-attack type and probability. Subsystem D 150 may receive the output from Subsystem C 140 from all three detection algorithms, including attack type, attack rate, PostAtt, and the attack presence probability, ATProb. Subsystem D 150 synthesizes (e.g., analyzes and combines) the information, and provide an attack type and probability of attack as ADS-B system output 160.”). wherein the plurality of detection tests includes (see at least Table 1, ADS-B Attack Detection Signal Parameters) at least one of: an ADS-B rules-based analysis applied to the digital data reported by the ADS-B track (see at least [0021]; “Bad packet ratio (BPR): BPR is a parameter that is calculated by various systems that transmit or receive information. For example, ADS-B systems may use data error detection techniques to verify whether the received packet has not been corrupted, such as a cyclic redundancy check (CRC). In an example, when the data error detection technique shows that a packet is corrupted, this packet is dropped, a running count of the number of bad packets is incremented, and the BPR is updated as the ratio of the number of bad packets to the total number of packets. A high Blit can indicate various transmission issues, including cyber-attacks.”); a multi-band detection analysis applied to the digital data reported by the ADS-B track; and a track origination detection analysis applied to the digital data reported by the ADS-B track. Regarding claim 3, Manesh discloses the apparatus of claim 1. Manesh further discloses: wherein the data extracted from the ADS-B waveform further includes a detected power level at which the ADS-B waveform was detected (see at least Table 1 and [0015]; “Received signal strength (RSS): This parameter has a correlation with the great circle distance, which is calculated from the coordinates of the ownship and the transmitter. RSS is given by the Friis transmission equation as follows…”), and wherein the plurality of detection tests includes a power level validation applied to the detected power (see at least [0032]; “Modification attack detection 136 may receive the group of message modification attack parameters 126, including received signal strength (RSS), bad packet ratio (BPR), rate of climb (cr), rate of turn (tr), speed rate (vr), and displacement rate (dr). Similar to the neural network algorithm for injection attack detection 134, the neural network of the modification attack detector 136 provides an output determination as to whether the signal under consideration is modified or not.”). Regarding claim 6, Manesh discloses the apparatus of claim 1. Manesh further discloses: wherein the verifying unit further includes a weighting factor library containing a plurality of sets of weighting factors, and wherein applying a weighting factor to each of the scores includes selecting one of the sets of weighting factors from the weighting factor library, and applying the weighting factors of the selected set to the scores (see at least [0034]; “In the Bayesian models used in Subsystem C 140, prior knowledge of the attacks is used to compute the posterior probability distribution of the attacks when a new ADS-B message is received… PriorAtt is the prior probability distribution, and PostAtt is the posterior probability distribution. The maximum value of PostAtt is considered as the attack rate and taken as PriorOcc for the next iteration.” Examiner maps all values of PostAtt to the plurality of sets of weighting factors, selecting maximum value of PostAtt to selecting a set of weighting factors, and use of the selected value in the subsequent Bayesian analysis to applying the weighting factor to the selected set of scores.). Regarding claim 7, Manesh discloses the apparatus of claim 1. Manesh further discloses: wherein the verifying unit further includes a detection test library containing a plurality of detection tests (see at least [0029]; “Subsystem B 130, the attack detection subsystem, may implement attack detection using various attack detection blocks based on parameters received from Subsystem A 120.”), and wherein applying the plurality of detection tests to the extracted data includes selecting a plurality of detection tests from the detection test library, and applying the selected detection tests to the extracted data (see at least [0029]; “Subsystem B 130 may include three machine learning algorithms, including jamming attack detection 132, injection attack detection 134, and modification attack detection 136. In an embodiment, a random forest algorithm is used for jamming attack detection 132, and neural networks are used for injection attack detection 134, and modification attack detection 136. Each of the detection blocks 132-136 classify the incoming signals in real-time based on the provided characteristics of the signal.”). Regarding claim 8, Manesh discloses the apparatus of claim 1. Manesh further discloses: wherein the verifying unit is further configured to generate display data according to apparent ADS-B tracks encoded in a plurality of detected ADS-B waveforms and their associated confidence levels, and to forward the display data to a "situational awareness" display (SA) (see at least [0039]; “The ADS-B system output 160 may include identification of one or more warnings, alerts, and attacks. The ADS-B system output 160 may be associated with specific visible, audible, tactile, or other indicators. For example, ADS-B system output 160 may be used to notify an air controller by using red, yellow, and green visual indicators to indicate one or more attack types, attack probabilities, attack severities, and other attack information.”). Regarding claim 11, Manesh discloses: A method of discriminating between spoofed and valid ADS-B tracks (see at least Abs; “The present subject matter provides various technical solutions to technical problems facing ADS-B cyber-attacks. One technical solution for detecting and mitigating ADS-B cyber-attacks includes receiving extracting information from received ADS-B signals, detecting a cyber-attack based on a selected subset of ADS-B information, determining a detection probability, and outputting a ADS-B cyber-attack type and probability.”), the method comprising: receiving an ADS-B waveform, an apparent ADS-B track being encoded in the ADS-B waveform (see at least [0013]; “In operation, Subsystem A receives input ADS-B signals 110 and extract and calculate various parameters from the received ADS-B signals. In an embodiment, these parameters may be classified into two broad categories as (1) information taken from the content of the message (e.g., transmitter latitude, longitude, heading, velocity), and (2) information extracted from the ADS-B physical signal itself (e.g., received signal strength (RSS), frequency of the received signal).”); extracting data from the ADS-B waveform, said data including digital data reported by the apparent ADS-B track (see again [0013]); applying a plurality of detection tests to the data extracted from the ADS-B waveform (see at least [0029]; “Subsystem B 130, the attack detection subsystem, may implement attack detection using various attack detection blocks based on parameters received from Subsystem A 120. Subsystem B 130 may include three machine learning algorithms, including jamming attack detection 132, injection attack detection 134, and modification attack detection 136. In an embodiment, a random forest algorithm is used for jamming attack detection 132, and neural networks are used for injection attack detection 134, and modification attack detection 136.”), each of said detection test applications resulting in a corresponding score indicating a degree of likelihood that the apparent ADS-B track is a valid ADS-B track (see at least [0030]; “Jamming attack detection 132 may receive the group of jamming attack parameters 122, which includes mean eigenvalue (EGV), signal-to-noise ratio (SNR), received signal strength (RSS), had packet ratio (BPR), and energy, test statistic (E). These parameters are provided to a random forest algorithm to detect abnormalities in the signals. This jamming detection algorithm includes an ensemble of decision tree classifiers in which each classifier is created by means of a vector sampled randomly and independently from the input vector, and each tree provides a unit vote for the most popular class to classify an input vector. The classification of data is performed by taking the majority voted class from all the tree predictors in the forest… Jamming attack detection block 132 provides this classification decision Ŷ as the jamming attack detection output to Subsystem C 140.” See also [0031]; “Injection attack detection 134 may receive the group of injection attack parameters 124, including ownship latitude (LatR), ownship longitude (LonR), transmitter latitude (LatT), transmitter longitude (LonT), velocity difference (Δv), doppler shift (Δf), and received signal strength (RSS). Injection attack detection 134 uses its received parameters to provide Subsystem C 140 with a binary decision about presence or absence of the attack.”); applying a weighting factor to each of the scores (see at least [0034]; “In the Bayesian models used in Subsystem C 140, prior knowledge of the attacks is used to compute the posterior probability distribution of the attacks when a new ADS-B message is received.” This computation is performed in equation 28, where the prior probability distribution PriorAtt is used to scale the computed attack probability and thus can be described as a weighting factor.); and combining the weighted scores to obtain a confidence level predicting whether the ADS-B waveform is a valid ADS-B waveform containing accurate ADS-B track information, or a spoofed waveform containing inaccurate or specious ADS-B track information (see at least [0033]; “Subsystem C 140 may implement Bayesian inference processing for each type of attack. Subsystem C 140 may use Bayesian models to calculate the probability that each type of attack will happen, to calculate the probability of detection, or provide other calculations. Subsystem C 140 uses Bayesian methodologies to generate an estimate of the probability of detection, probability of false alarm, and accuracy of the attack based on past and present data.” See also [0038]; “Subsystem D 150 may implement decision-making and provide an ADS-B system output 160, which may include the ADS-B cyber-attack type and probability. Subsystem D 150 may receive the output from Subsystem C 140 from all three detection algorithms, including attack type, attack rate, PostAtt, and the attack presence probability, ATProb. Subsystem D 150 synthesizes (e.g., analyzes and combines) the information, and provide an attack type and probability of attack as ADS-B system output 160.”). wherein applying the plurality of detection tests includes applying to the digital data reported by the ADS-B track at least one of: an ADS-B rules-based analysis (see at least [0021]; “Bad packet ratio (BPR): BPR is a parameter that is calculated by various systems that transmit or receive information. For example, ADS-B systems may use data error detection techniques to verify whether the received packet has not been corrupted, such as a cyclic redundancy check (CRC). In an example, when the data error detection technique shows that a packet is corrupted, this packet is dropped, a running count of the number of bad packets is incremented, and the BPR is updated as the ratio of the number of bad packets to the total number of packets. A high Blit can indicate various transmission issues, including cyber-attacks.”); a multi-band detection analysis; and a track origination detection analysis. Regarding claim 13, Manesh discloses the method of claim 11. Manesh further discloses: wherein extracting data from the ADS-B waveform includes determining a detection power at which the ADS-B waveform was detected (see at least Table 1 and [0015]; “Received signal strength (RSS): This parameter has a correlation with the great circle distance, which is calculated from the coordinates of the ownship and the transmitter. RSS is given by the Friis transmission equation as follows…”), and wherein applying the plurality of detection tests includes applying a power level analysis to the detection power (see at least [0032]; “Modification attack detection 136 may receive the group of message modification attack parameters 126, including received signal strength (RSS), bad packet ratio (BPR), rate of climb (cr), rate of turn (tr), speed rate (vr), and displacement rate (dr). Similar to the neural network algorithm for injection attack detection 134, the neural network of the modification attack detector 136 provides an output determination as to whether the signal under consideration is modified or not.”). Regarding claim 17, Manesh discloses the method of claim 11. Manesh further discloses: wherein applying a weighting factor to each of the validity scores includes selecting a set of weighting factors from a weighting factor library, and applying the weighting factors of the selected set to the scores (see at least [0034]; “In the Bayesian models used in Subsystem C 140, prior knowledge of the attacks is used to compute the posterior probability distribution of the attacks when a new ADS-B message is received… PriorAtt is the prior probability distribution, and PostAtt is the posterior probability distribution. The maximum value of PostAtt is considered as the attack rate and taken as PriorOcc for the next iteration.” Examiner maps all values of PostAtt to the plurality of sets of weighting factors, selecting maximum value of PostAtt to selecting a set of weighting factors, and use of the selected value in the subsequent Bayesian analysis to applying the weighting factor to the selected set of scores.). Regarding claim 18, Manesh discloses the method of claim 11. Manesh further discloses: wherein applying the plurality of detection tests to the extracted data includes selecting a plurality of detection tests from a detection test library (see at least [0029]; “Subsystem B 130, the attack detection subsystem, may implement attack detection using various attack detection blocks based on parameters received from Subsystem A 120.”), and applying the selected detection tests to the data extracted from the ADS-B waveform (see at least [0029]; “Subsystem B 130 may include three machine learning algorithms, including jamming attack detection 132, injection attack detection 134, and modification attack detection 136. In an embodiment, a random forest algorithm is used for jamming attack detection 132, and neural networks are used for injection attack detection 134, and modification attack detection 136. Each of the detection blocks 132-136 classify the incoming signals in real-time based on the provided characteristics of the signal.”). Regarding claim 19, Manesh discloses the method of claim 11. Manesh further discloses: further comprising generating display data according to apparent ADS-B tracks encoded in a plurality of detected ADS-B waveforms and their associated confidence levels, and forwarding the display data to a "situational awareness" display (SA) (see at least [0039]; “The ADS-B system output 160 may include identification of one or more warnings, alerts, and attacks. The ADS-B system output 160 may be associated with specific visible, audible, tactile, or other indicators. For example, ADS-B system output 160 may be used to notify an air controller by using red, yellow, and green visual indicators to indicate one or more attack types, attack probabilities, attack severities, and other attack information.”). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 4-5 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Manesh in view of Stayton et al. (US-20120041620-A1; hereinafter Stayton). Regarding claim 4, Manesh discloses the apparatus of claim 1. However, Manesh does not explicitly disclose: wherein: the one or more antennae includes at least two antennae; the data extracted from the ADS-B waveform further includes detection power levels at which the ADS-B waveform was detected by each of the at least two antennae; and the plurality of detection tests includes an antenna diversity analysis applied to the detection power levels. Manesh is directed to detecting cyber-attacks in ADS-B systems, and Stayton is directed to detecting spoofing in systems such as ADS-B systems. Stayton teaches: wherein: the one or more antennae includes at least two antennae; the data extracted from the ADS-B waveform further includes detection power levels at which the ADS-B waveform was detected by each of the at least two antennae; and the plurality of detection tests includes an antenna diversity analysis applied to the detection power levels (see at least [0054] – [0060]; “FIG. 7 illustrates a method according to certain embodiments of the present invention. The method includes, at 710, receiving, on a device, a signal providing a report for an aircraft. The device can be located in own aircraft. The report can be or include a position report. The signal can include or encode an ADS-B message… The method of FIG. 7 also includes, at 720, determining, with the device, a first parameter for the aircraft from information in the report. The method can further include, at 730, determining, with the device, a second parameter for the aircraft from at least one signal characteristic of the signal. The method, as illustrated in FIG. 7, additionally includes, at 740, determining, with the device, a validity status of the report based on comparing the first parameter and the second parameter. Determining the validity status based on the comparing can include, at 742, determining that the report is valid when a difference between the first parameter and the second parameter is less than a predetermined threshold. The validity here can refer to whether or not the report is a spoof report for a non-existent aircraft… The signal characteristic can be or include at least one of the following: radio frequency power level of the signal; differential time measurement of receipt of the signal; or Doppler frequency change of the signal. RF power level can be used in various ways. For example, RF power level can be used in terms of an expected power level with respect to range. Additionally, or alternatively, however, RF power level can be used with respect to a comparison of the signal strength received by a top antenna and a bottom antenna. If an aircraft is above own aircraft, the top antenna is expected to have a higher signal strength then the bottom antenna, for example, particularly when the aircraft is reported to be close (for example, within one mile) to own aircraft.”). Both Manesh and Stayton teach a plurality of methods to detect spoofing or attacks on ADS-B messages. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the metrics used in Manesh to include comparing the received power in top and bottom antennas as taught by Stayton. One of ordinary skill would be motivated to include this antenna power comparison in order to detect spoofing by determining the signal’s direction of origin and comparing to the believed position of the transmitting aircraft, as recognized by Stayton (see Stayton at least [0054] – [0060]). Regarding claim 5, Manesh discloses the apparatus of claim 1. Manesh further discloses [note that what Manesh does not teach is strike-through]: wherein the data extracted from the ADS-B waveform further includes a Doppler offset (see at least Table 1 and [0017]; “Doppler shift, Δf: This parameter is the difference between the frequency of the received signal, fR, and the frequency of the transmitted signal, f0, which is 1090 MHz in 1090ES mode. This parameter is calculated as Δf=fR−f0.”), and wherein the plurality of detection tests includes using the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track (see at least [0031]; “Injection attack detection 134 may receive the group of injection attack parameters 124, including ownship latitude (LatR), ownship longitude (LonR), transmitter latitude (LatT), transmitter longitude (LonT), velocity difference (Δv), doppler shift (Δf), and received signal strength (RSS). Injection attack detection 134 uses its received parameters to provide Subsystem C 140 with a binary decision about presence or absence of the attack.”). However, Manesh does not explicitly teach comparing the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track. Stayton teaches: wherein the data extracted from the ADS-B waveform (see at least [0054]; “The signal can include or encode an ADS-B message.”) further includes a Doppler offset (see at least [0059]; “The signal characteristic can be or include at least one of the following: radio frequency power level of the signal; differential time measurement of receipt of the signal; or Doppler frequency change of the signal.”) and wherein the plurality of detection tests includes comparing the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track (see at least [0056] – [0057]; “The method, as illustrated in FIG. 7, additionally includes, at 740, determining, with the device, a validity status of the report based on comparing the first parameter and the second parameter. Determining the validity status based on the comparing can include, at 742, determining that the report is valid when a difference between the first parameter and the second parameter is less than a predetermined threshold. The validity here can refer to whether or not the report is a spoof report for a non-existent aircraft. The first parameter and/or the second parameter can include a bearing of the aircraft with respect to own aircraft.”). Both Manesh and Stayton use Doppler and heading information to detect spoofing or cyber-attacks in ADS-B signals. Stayton explicitly performs a comparison between the various sources of information, while Manesh uses the information as inputs to a neural network. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, based on the teachings of Stayton, that the invention of Manesh either does or easily could perform a comparison between the gathered information to determine the presence of a cyber-attack. Regarding claim 14, Manesh teaches the method of claim 11. However, Manesh does not explicitly disclose: wherein extracting the data from the ADS-B waveform includes determining detection power levels at which the ADS-B waveform was detected by at least two antennae, and wherein applying the plurality of detection tests includes applying an antenna diversity analysis to the detection power levels. Manesh is directed to detecting cyber-attacks in ADS-B systems, and Stayton is directed to detecting spoofing in systems such as ADS-B systems. Stayton teaches: wherein extracting the data from the ADS-B waveform includes determining detection power levels at which the ADS-B waveform was detected by at least two antennae, and wherein applying the plurality of detection tests includes applying an antenna diversity analysis to the detection power levels (see at least [0054] – [0060], quoted above regarding claim 4). Both Manesh and Stayton teach a plurality of methods to detect spoofing or attacks on ADS-B messages. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the metrics used in Manesh to include comparing the received power in top and bottom antennas as taught by Stayton. One of ordinary skill would be motivated to include this antenna power comparison in order to detect spoofing by determining the signal’s direction of origin and comparing to the believed position of the transmitting aircraft, as recognized by Stayton (see Stayton at least [0054] – [0060]). Regarding claim 15, Manesh teaches the method of claim 11. Manesh further discloses [note that what Manesh does not teach is strike-through]: wherein extracting the data from the ADS-B waveform includes determining a Doppler offset (see at least Table 1 and [0017]; “Doppler shift, Δf: This parameter is the difference between the frequency of the received signal, fR, and the frequency of the transmitted signal, f0, which is 1090 MHz in 1090ES mode. This parameter is calculated as Δf=fR−f0.”), and wherein applying the plurality of detection tests includes using the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track (see at least [0031]; “Injection attack detection 134 may receive the group of injection attack parameters 124, including ownship latitude (LatR), ownship longitude (LonR), transmitter latitude (LatT), transmitter longitude (LonT), velocity difference (Δv), doppler shift (Δf), and received signal strength (RSS). Injection attack detection 134 uses its received parameters to provide Subsystem C 140 with a binary decision about presence or absence of the attack.”). However, Manesh does not explicitly teach comparing the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track. Stayton teaches: wherein extracting the data from the ADS-B waveform (see at least [0054]; “The signal can include or encode an ADS-B message.”) includes determining a Doppler offset (see at least [0059]; “The signal characteristic can be or include at least one of the following: radio frequency power level of the signal; differential time measurement of receipt of the signal; or Doppler frequency change of the signal.”), and wherein applying the plurality of detection tests includes comparing the Doppler offset with velocities, headings, and/or changes thereof that are reported by the apparent ADS-B track (see at least [0056] – [0057]; “The method, as illustrated in FIG. 7, additionally includes, at 740, determining, with the device, a validity status of the report based on comparing the first parameter and the second parameter. Determining the validity status based on the comparing can include, at 742, determining that the report is valid when a difference between the first parameter and the second parameter is less than a predetermined threshold. The validity here can refer to whether or not the report is a spoof report for a non-existent aircraft. The first parameter and/or the second parameter can include a bearing of the aircraft with respect to own aircraft.”). Both Manesh and Stayton use Doppler and heading information to detect spoofing or cyber-attacks in ADS-B signals. Stayton explicitly performs a comparison between the various sources of information, while Manesh uses the information as inputs to a neural network. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, based on the teachings of Stayton, that the invention of Manesh either does or easily could perform a comparison between the gathered information to determine the presence of a cyber-attack. Regarding claim 16, Manesh in view of Stayton teaches the method of claim 15. Manesh further discloses: wherein determining the Doppler offset includes estimating the Doppler offset from baseband waveform samples over a duration of a pulse train (see at least [0017]; “Doppler shift, Δf: This parameter is the difference between the frequency of the received signal, fR, and the frequency of the transmitted signal, f0, which is 1090 MHz in 1090ES mode. This parameter is calculated as Δf=fR−f0.”). Claims 9-10 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Manesh in view of Ballestros et al. (US-20170236425-A1; hereinafter Ballestros). Regarding claim 9, Manesh discloses the apparatus of claim 8. However, Manesh does not explicitly teach: wherein generating the display data includes associating annotations with the apparent ADS-B tracks, said annotations being indicative of the confidence levels associated with the apparent ADS-B tracks. Manesh discloses detecting cyber-attacks targeting ADS-B messages, and Ballestros is directed to determining whether ADS-B messages are truthful or not. Ballestros teaches: wherein generating the display data includes associating annotations with the apparent ADS-B tracks, said annotations being indicative of the confidence levels associated with the apparent ADS-B tracks (see at least [0038]; “The system 1 may be configured so that only those verified ADS-B messages are sent to the ADS-B system 7, or all the ADS-B messages are sent to the ADS-B system 7 but each of them labeled as TRUTHFUL or UNTRUTHFUL for the flight crew's information. The information is shown to the flight crew by means of a visual representation in a screen 9.”). Manesh visually displays data indicating confidence levels in ADS-B messages but does not explicitly disclose associating the annotations with the specific ADS-B tracks. Ballestros similarly visually displays data indicating confidence levels in ADS-B messages, with annotations associated with each message. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the display used in Manesh to include association with the tracks from which the confidence levels are derived, as taught by Ballestros. One of ordinary skill would be motivated to include this associated information in order to provide relevant information to the flight crew, as recognized by Ballestros (see Ballestros at least [0038]). Regarding claim 10, Manesh discloses the apparatus of claim 8. However, Manesh does not explicitly teach: wherein generating the display data includes excluding from the display data apparent ADS-B tracks having confidence levels associated therewith that are below a specified minimum confidence level. Ballestros teaches: wherein generating the display data includes excluding from the display data apparent ADS-B tracks having confidence levels associated therewith that are below a specified minimum confidence level (see at least [0038]; “The system 1 may be configured so that only those verified ADS-B messages are sent to the ADS-B system 7, or all the ADS-B messages are sent to the ADS-B system 7 but each of them labeled as TRUTHFUL or UNTRUTHFUL for the flight crew's information. The information is shown to the flight crew by means of a visual representation in a screen 9.”). Both Manesh and Ballestros verify the authenticity of ADS-B messages. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system used in Manesh to include a visual representation of the verified messages, as taught by Ballestros. One of ordinary skill would be motivated to include such a display in order to provide relevant information to the flight crew, as recognized by Ballestros (see Ballestros at least [0038]). Regarding claim 20, Manesh discloses the method of claim 19. However, Manesh does not explicitly teach: wherein generating the display data includes associating annotations with the apparent ADS-B tracks, said annotations being indicative of the confidence levels associated with the ADS-B tracks. Manesh discloses detecting cyber-attacks targeting ADS-B messages, and Ballestros is directed to determining whether ADS-B messages are truthful or not. Ballestros teaches: wherein generating the display data includes associating annotations with the apparent ADS-B tracks, said annotations being indicative of the confidence levels associated with the ADS-B tracks (see at least [0038]; “The system 1 may be configured so that only those verified ADS-B messages are sent to the ADS-B system 7, or all the ADS-B messages are sent to the ADS-B system 7 but each of them labeled as TRUTHFUL or UNTRUTHFUL for the flight crew's information. The information is shown to the flight crew by means of a visual representation in a screen 9.”). Regarding claim 21, Manesh discloses the method of claim 19. However, Manesh does not explicitly teach: wherein generating the display data includes excluding from the display data apparent ADS-B tracks having confidence levels associated therewith that are below a specified minimum confidence level. Ballestros teaches: wherein generating the display data includes excluding from the display data apparent ADS-B tracks having confidence levels associated therewith that are below a specified minimum confidence level (see at least [0038]; “The system 1 may be configured so that only those verified ADS-B messages are sent to the ADS-B system 7, or all the ADS-B messages are sent to the ADS-B system 7 but each of them labeled as TRUTHFUL or UNTRUTHFUL for the flight crew's information. The information is shown to the flight crew by means of a visual representation in a screen 9.”). Both Manesh and Ballestros verify the authenticity of ADS-B messages. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system used in Manesh to include a visual representation of the verified messages, as taught by Ballestros. One of ordinary skill would be motivated to include such a display in order to provide relevant information to the flight crew, as recognized by Ballestros (see Ballestros at least [0038]). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ashley B. Raynal whose telephone number is (703)756-4546. The examiner can normally be reached Monday - Friday, 8 AM - 4 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vladimir Magloire can be reached at (571) 270-5144. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ASHLEY BROWN RAYNAL/Examiner, Art Unit 3648 /VLADIMIR MAGLOIRE/Supervisory Patent Examiner, Art Unit 3648