DETAILED ACTION
Notice of Pre-AIA or AIA Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
2. According to applicant’s arguments filed on 10/20/2025, claims 1, 8 and 14 have been amended hereby acknowledged.
3. Applicant’s arguments with respect to independent claim(s) 1,8 and 14 have been fully considered but are moot based on the new ground of rejection.
4. Applicant argues that prior art of record does not discloses the newly amendment feature of independent claims which recites: “the second restriction applies after the infringement of the one or more rules bypasses the first restriction”.
5. Examiner would like to point out that the new secondary reference Bullman (US Pub.No.2009/0113141) in pra:0023 and para:0037-0038 teaches the above claimed limitation (see, the rejection below).
Double Patenting
6. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
7. Claims 1-3,6,8-9,12 and 14-16 are rejected on the ground of non-statutory obviousness-type double patenting as being unpatentable over claims 20,22-23,27-31 and 34-35 of U.S. Patent No. 11,783,093. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the current application encompass the same subject matter as the patent claims, but with obvious wording [such as Single-chip system, having multiple computing units, in particular computer cores and/or CPUs, at least one input/output unit, a memory unit, and an input/output control unit that coordinates the communication between the computing units and the at least one input/output unit, wherein the single-chip system further has an attack detection unit, produced as hardware, that is connected by means of a hardware signal connection to at least the input/output control unit as a component of the single-chip system and evaluates input signals received from the input/output control unit for a rule infringement in a set of attack detection rules, which rule infringement needs to be logged and/or responded to with at least one measure]. So, the above mentioned claims of the instant application are rejected under non-statutory obviousness-type double patenting rejection.
Claim Rejections - 35 USC § 103
8.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
9.Claim(s) 1-5,7-11,13-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Dahlstrom (US Pub.No.2016/0301671) in view of Chen (US Pub.No.2017/0076116) and further in view of Bullman (US Pub.No.2009/0113141).
10. Regarding claims 1, 8 and 14 Dahlstrom teaches a single-chip system, and a method and a motor vehicle comprising: a memory management unit; and a computing unit configured to: receive a signal; evaluate the signal for determining an infringement of one or more rules based on a set of rules; and based on the evaluation of the signal and upon determination of the infringement of the one or more rules, respond to the infringement of the one or more rules with at least one preconfigured measure (Figs1-2, abstract and Para:0028-0029 teaches the data (e.g., messages) enter the single-chip device 200 through one of the communication interfaces are deposited into or removed from one or more message buffers 205. The processing cores 207 includes a traffic inspection engine 206, which is a software process that applies rules, stored within the on-chip memory, to determine if a message should be transferred across the single-chip device 200, be modified, or be discarded.
The single-chip device 200 also includes a data transfer control logic 208 that provides flow control and sequencing to ensure that a message is discarded, modified, or transferred as instructed by the traffic inspection engine 206.
Fig.3 and Para:0034 teaches the traffic inspection engine 307 is encoded in hardware within the programmable logic blocks 303 and applies rules encoded in logic with the programmable logic blocks 303. Messages are directly gated out onto the other side of the SoC-DSA HAG directly from the programmable logic blocks 303. The method provides increased packet inspection performance based on hardware acceleration. Para:0030 teaches messages (i.e., data) received by the SoC-DSA HAG from an unauthentic SoC-DSA HAG over a communication interface will be ignored to prevent denial of service attacks. Also, the messages received on a communication interface are also constrained to have a fixed format and a fixed length to facilitate message checking by the processing cores 207. The processing cores 207 may also perform hardware monitoring for malicious attacks within the protected boundary);
Dahlstrom teaches all the above claimed limitations, but does not expressly teach evaluate the signal for determining infringement of one or more rules based on a first set of rules and a second set of rules, wherein the first set of rules, associated with the memory access control unit, describes a first restriction to a storage area of the memory unit, and wherein the second set of rules describes a second restriction to data having been accessed in the storage area of the memory unit.
Chen teaches the memory management unit comprising a memory access control unit and a memory unit; receive a signal, the signal describes an event (Fig.5, Para:0010 and Para:0030 teaches an SVM security model wrapper 501 integrated on chip (SOC) 500 for detecting and preventing unauthorize access to a security block which may result in unauthorized access to regions in memory. Para:0030 the security monitor 502 can record the address of the violating attempt in the audit log database 511[ which is the event herein],
evaluate the signal for determining infringement of one or more rules based on a sequential application of a first set of rules and a second set of rules, wherein the first set of rules, associated with the memory access control unit, describes a first restriction to a memory area of the memory unit, and wherein the second set of rules, associated with the memory unit, describes a second restriction to data having been accessed in the memory area of the memory unit (Fig.5 and Para:0030 teaches a block diagram of a system on chip (SOC) 500 with a SVM security model wrapper 501 integrated on chip for detecting and preventing unauthorized access to a security policy decision point (PDP) module 507. While SOC 500 may include any number and variety of different components integrated on a single chip, for example includes a plurality of processor cores 503-504 (e.g., Core0 and Core1) connected with a security monitor 502 across a connection fabric 505 to a security policy decision point module 507 and a security policy enforcement point (PEP) module 508. The security policy decision point module 507 acts as a security gasket to control access to certain memory regions (e.g., D0, D1) in memory 510 so that each processor core (e.g., Core0 503) is only permitted access to a corresponding memory region (e.g., D0) [which is the first rule herein]. Monitored by the security policy decision point to restrict accesses initiated by cores and bus masters to their respective peripherals and memory [i.e., restricting data access to the respective memory, which is the second rule herein].
and based on the evaluation of the signal and upon determination of an infringement of the one or more rules, respond to the infringement of the one or more rules with at least one preconfigured measure (Para:0030-0031 teaches to protect against such improper operations or attacks, the SVM security model wrapper 501 included in the SOC 500 monitor the input/output behavior of the security policy decision point module 507 and security policy enforcement point module 508 to prevent execution of insecure inputs and/or to block insecure output).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Dahlstrom to include evaluate the signal for determining infringement of one or more rules based on a first set of rules and a second set of rules, wherein the first set of rules, associated with the memory access control unit, describes a first restriction to a storage area of the memory unit, and wherein the second set of rules describes a second restriction to data having been accessed in the storage area of the memory unit, as taught by Chen since such a setup will give a predictable result of prevention of unauthorized access to sensitive security information (Para:0004).
Dahlstrom in view of Chen teaches all the above claimed limitations but fails to teach the second restriction applies after the infringement of the one or more rules bypasses the first restriction.
Bullman teaches the second restriction applies after the infringement of the one or more rules bypasses the first restriction (Figs.1-2 and Para:0037-0038 teaches system 100 includes a direct memory access (DMA) controller 120, and the shared memory controller 150 is capable of controlling access to the shared memory 162 by the DMA controller 120. For example, DMA controller 120 may be allowed access to one or more specific regions of the memory 162 [first restriction], and the permissions for DMA controller 120 may be specified in the permission table 210, in the same manner as each of the processors 110-112. Accesses to memory 162 by DMA controller 120 would then be validated by comparing a memory address requested by DMA controller 120 to the permission data for DMA controller 120 (in the permission table 210) corresponding to the memory region containing the requested address. After accessing the specific regions of the memory 162, checking the memory access request would conflict with the read and write permission data in the permission table 210 [second restriction].
Para:0023 teaches storage device (or devices) in shared memory controller 154 further comprises a permission table 210 containing, for each of the plurality of memory regions 1-N, read and write permission data 211-216 for each of the plurality of processors 110-112. The read and write permission data 211-216 for a given processor determine whether that processor is permitted to read or write, respectively, from or to the region of memory to which those read and write permission data correspond [i.e., after accessing the memory specific memory region of the memory 162, checking whether the access request would conflict the read and write permission to the particular/specific memory region, which is the second restriction] .
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Dahlstrom in view of Chen to include the second restriction applies after the infringement of the one or more rules bypasses the first restriction, as taught by Bullman in such a setup the security application includes data that defines a list of security rules for preventing unauthorized access and/or modification of certain applications files and/or other resources within the system.
11. Regarding claims 2 and 15 Dahlstrom in view of Chen teaches the single-chip system, the method and the motor vehicle wherein the computing unit is part of an inspection unit for monitoring a plurality of computing units or a virtual computing component of the single-chip system (Chen: Para:0030 teaches monitoring a plurality of computing units).
12. Regarding claims 3,9 and 16 Dahlstrom teaches the single-chip system, the method and the motor vehicle wherein the second set of rules is either unalterable in hardware or alterable using a secured method according to secret information encoded in the hardware in the single-chip system (Para:0035-0036 teaches the hardware-only transfer method provides less flexibility in updating rule sets associated with the traffic inspection engine 307 than the hardware-enabled transfer method. For example, in the hardware-only transfer method all packet inspection and transfer is performed in hardware, such that a software exploit cannot observe or impact message transport activities).
13. Regarding claims 4, 10 and 17 Dahlstrom in view of Chen teaches the single-chip system, wherein the computing unit is further configured to: determine event data corresponding to a cause of the event, a type of the event, and/or time of the event (Chen:Para:0030 teaches determine event data corresponding to a cause of an event).
14. Regarding claims 5,11 and 18 Dahlstrom teaches the single-chip system, the method and the motor vehicle, wherein the computing unit is further configured to: pre-evaluate the signal transmitted to a further computing unit for filtering the signal (Para:0017,0019 teaches filtering the signal).
15. Regarding claims 7,13 and 20 Dahlstrom in view of Chen teaches the single-chip system, the method and the motor vehicle, wherein the one or more rules are associated with at least one of logging events, filtering information, selection measures, and/or for classifying events (Dahlstrom:Para:0028-0029, Para:0017 and Para:0019 teaches the set of rules comprise rules for filtering information. Chen: Para:0030 teaches rules are associated with logging events).
16. Claims 6,12 and 19 is rejected under 35 U.S.C. 103 as being unpatentable over Dahlstrom (US Pub.No.2016/0301671) in view of Chen (US Pub.No.2017/0076116) and in view of Bullman (US Pub.No.2009/0113141) as applied to claim 1,8 and 14 above and further in view of Hildebrand (US Pub.No.2009/0077417).
17. Regarding claims 6,12 and 19 Dahlstrom in view of Chen teaches all the above claimed limitations but does not expressly teach the single-chip system, the method and the vehicle wherein the computing unit is further configured to: add a chip ID identifier to the event data corresponding to the event on an internal memory device or an external memory device.
Hildebrand teaches the computing unit is further configured to: add a chip ID identifier to the event data corresponding to the event on an internal memory device or an external memory device (Para:0028, Para:0031-0032 teaches checking the chip ID).
Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention was filed to modify the teachings of Dahlstrom in view of Chen to include the computing unit is further configured to: add a chip ID identifier to the event data corresponding to the event on an internal memory device or an external memory device, as taught by Hildebrand such a setup would give predictable result of checking external memory attacks.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431
Prosecution Insights