Office Action Predictor
Last updated: April 15, 2026
Application No. 18/522,868

VEHICLE NETWORK SECURITY SYSTEM AND METHOD

Final Rejection §102§103
Filed
Nov 29, 2023
Examiner
ABDULLAH, SAAD AHMAD
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
Kia Corporation
OA Round
2 (Final)
77%
Grant Probability
Favorable
3-4
OA Rounds
2y 12m
To Grant
99%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allow Rate
54 granted / 70 resolved
+19.1% vs TC avg
Strong +35% interview lift
Without
With
+35.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 12m
Avg Prosecution
42 currently pending
Career history
112
Total Applications
across all art units

Statute-Specific Performance

§101
5.0%
-35.0% vs TC avg
§103
61.6%
+21.6% vs TC avg
§102
19.8%
-20.2% vs TC avg
§112
6.5%
-33.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 70 resolved cases

Office Action

§102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the application US 18/522,868 filed on 11/29/2023. Claims 1-20 have been examined and are pending in this application. Information Disclosure Statement The information disclosure statement (IDS), submitted on 11/29/2023 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-2, 4-12 and 14-20 are rejected under 35 U.S. C. 102(a)(2) as being anticipated by Levi (US 2022/0046114 A1). Regarding Claim 1 Levi discloses: A vehicle network security system comprising: an Ethernet switch configured to receive and decrypt encrypted data from a first vehicle controller (Levi ¶163-172: teaches an Ethernet switch (authenticator device) that receives encrypted data frames from a first vehicle controller (supplicant/client device) over a secure LAN segment. The Ethernet switch implements MAC Security (MACsec) as specified in IEEE 802.1AE, which includes decryption of the encrypted Ethernet frames using GCM-AES-128 or GCM-AES-256 cipher suites. Additionally, the switch uses IEEE 802.1X port-based network access control to authenticate and authorize the client device, thereby enabling the switch to receive and decrypt encrypted data from a vehicle controller before forwarding it in the network.); and a gateway configured to determine whether or not to transmit the decrypted data according to whether there is an error in the decrypted data when the decrypted data is received from the Ethernet switch (Levi ¶176-188: Teaches a gateway device configured to receive decrypted data from the Ethernet switch and to verify the integrity of the decrypted data by performing error detection and validation checks. The gateway uses error-detection schemes such as cyclic redundancy checks (CRC), parity bits, checksums, or message authentication codes (MAC) to determine whether the decrypted data contains errors. Based on the outcome of this error detection, the gateway decides whether to forward (transmit) the decrypted data onward in the vehicle network or to block/discard it if errors are detected, thus controlling the transmission of data according to the integrity of the decrypted information received from the Ethernet switch.). Regarding Claim 2 Levi discloses: The vehicle network security system of claim 1, wherein Media Access Control Security (MACsec) is applied to the first vehicle controller and the Ethernet switch (Levi ¶159, 167-168: teaches that Media Access Control Security (MACsec), is applied to both the Ethernet switch and the first vehicle controller. This ensures secure communication by protecting data confidentiality and preventing unauthorized modifications on the Ethernet link between the first vehicle controller and the Ethernet switch.). Regarding Claim 4 Levi discloses: The vehicle network security system of claim 1, wherein the Ethernet switch is configured to determine whether an integrity check value of the decrypted data is successfully verified (Levi ¶176-181: teaches that integrity verification of data frames in a network device, such as an Ethernet switch, is performed by calculating and comparing error detection codes like cyclic redundancy checks (CRC) or message authentication codes (MAC). Specifically, the Ethernet switch calculates an integrity check value on the decrypted data and compares it to the received check value. If the values match, the integrity check is deemed successful; otherwise, the data is considered corrupted. This error detection mechanism enables the Ethernet switch to determine whether the integrity check value of the decrypted data is successfully verified.). Regarding Claim 5 Levi discloses The vehicle network security system of claim 4, wherein the Ethernet switch is configured to discard the decrypted data and transmit discarded data information to the first vehicle controller when it is determined that the integrity check value of the decrypted data is not successfully verified (Levi ¶181, 190-192 and 209: teaches that when the Ethernet switch determines that the integrity check value of the decrypted data is not successfully verified such as detecting a CRC error or failed MAC verification, the switch discards the corrupted or invalid data frame to prevent propagation of errors. Additionally, Levi describes that the Ethernet switch or associated network security devices may transmit notification or error information back to the originating device (e.g., the first vehicle controller) regarding the discarded data, thereby informing the sender of the integrity failure and resulting discard.). Regarding Claim 6 Levi discloses: The vehicle network security system of claim 4, wherein the Ethernet switch is configured to transmit the decrypted data to the gateway when it is determined that the integrity check value of the decrypted data is successfully verified (Levi ¶167-170: teaches that the Ethernet switch performs an integrity check on decrypted data frames using MACsec protocols and, upon successful verification, forwards the verified data to the gateway for further processing.). Regarding Claim 7 Levi discloses: The vehicle network security system of claim 1, wherein the gateway is configured to discard the decrypted data and transmit discarded data information to the first vehicle controller when there is an error in the decrypted data (Levi ¶16 and 180: teaches that network devices use error detection methods such as checksums and cyclic redundancy checks (CRC) to verify data integrity. When an error is detected in a received packet, the device discards the corrupted data to prevent network congestion or failure. Additionally, mechanisms exist to handle or notify upstream devices of discarded packets, which corresponds to the gateway discarding decrypted data and transmitting discarded data information to the first vehicle controller.). Regarding Claim 8 Levi discloses: The vehicle network security system of claim 1, wherein the gateway is configured to transmit the decrypted data to the Ethernet switch when it is determined that there is no error in the decrypted data (Levi ¶121, 128, 176-180: teaches that the gateway checks for errors in received Ethernet frames using techniques like CRC and checksum, and when no errors are detected, the gateway forwards (transmits) the decrypted data to the Ethernet switch or next network component. This directly corresponds to the claimed limitation of transmitting decrypted data only when it is error-free.). Regarding Claim 9 Levi discloses: The vehicle network security system of claim 8, wherein the Ethernet switch is configured to encrypt the decrypted data and transmit encrypted data to a second vehicle controller when the decrypted data is received (Levi ¶163-170: teaches an Ethernet switch acting as an authenticator that uses IEEE 802.1X for port-based access control and employs IEEE 802.1AE (MACsec) to encrypt data frames before transmitting them, thereby disclosing the switch encrypting decrypted data and sending encrypted data to another device. This directly maps to the claimed limitation of the Ethernet switch encrypting received data and forwarding the encrypted data to a second vehicle controller.). Regarding Claim 10 Levi discloses: The vehicle network security system of claim 9, wherein the second vehicle controller is configured to receive and decrypt the encrypted data, and generate a vehicle control signal based on the decrypted data (Levi ¶163-171: teaches secure encrypted communication over Ethernet networks using IEEE 802.1X for authentication and IEEE 802.1AE (MACsec) or IPsec for encryption and integrity, enabling a device like a second vehicle controller to receive encrypted data, decrypt it, and process it accordingly. This directly maps to the claim limitation of decrypting received encrypted data and generating control signals based on it.). Regarding Claim 11 Claim 11 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 11 is similar in scope to claim 1 and is therefore rejected under similar rationale. Regarding Claim 12 Claim 12 is directed to a method corresponding to the computer-implemented method in claim 2. Claim 12 is similar in scope to claim 2 and is therefore rejected under similar rationale. Regarding Claim 14 Claim 14 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 14 is similar in scope to claim 4 and is therefore rejected under similar rationale. Regarding Claim 15 Claim 15 is directed to a method corresponding to the computer-implemented method in claim 5. Claim 15 is similar in scope to claim 5 and is therefore rejected under similar rationale. Regarding Claim 16 Claim 16 is directed to a method corresponding to the computer-implemented method in claim 6. Claim 16 is similar in scope to claim 6 and is therefore rejected under similar rationale. Regarding Claim 17 Claim 17 is directed to a method corresponding to the computer-implemented method in claim 7. Claim 17 is similar in scope to claim 7 and is therefore rejected under similar rationale. Regarding Claim 18 Claim 18 is directed to a method corresponding to the computer-implemented method in claim 8. Claim 18 is similar in scope to claim 8 and is therefore rejected under similar rationale. Regarding Claim 18 Claim 19 is directed to a method corresponding to the computer-implemented method in claim 9. Claim 19 is similar in scope to claim 9 and is therefore rejected under similar rationale. Regarding Claim 20 Claim 20 is directed to a method corresponding to the computer-implemented method in claim 10. Claim 20 is similar in scope to claim 10 and is therefore rejected under similar rationale. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Levi (US 2022/0046114 A1), in further view of Kalintsev (US 8,955,130 B1). Regarding Claim 3 Levi teaches an Ethernet switch that authenticates and decrypts encrypted data from a vehicle controller using MACsec and IEEE 802.1X, and a gateway device that receives the decrypted data, verifies its integrity using error detection techniques, and controls forwarding based on whether errors are detected. However, they do not disclose the following limitation: wherein the gateway includes an Intrusion Detection and Prevention Systems (IDPS). However, in an analogous art, Kalintsev discloses an IDPS system/method that includes: The vehicle network security system of claim 1, wherein the gateway includes an Intrusion Detection and Prevention Systems (IDPS) (Kalintsev Column 1, Line 58 - Column 2, Lin 3; Column 4, Lines 24-41: teaches a gateway with an Intrusion Detection and Prevention System (IDPS) by disclosing a hardware-software complex that monitors the vehicle CAN bus for unauthorized devices and malicious commands, detects intrusions through changes in bus characteristics, and actively blocks or modifies harmful messages to prevent attacks.). Given the teachings of Kalintsev, a person having ordinary skill in the art before the effective filing date of the claimed invention would have found it obvious to modify the teachings of Levi to include an Intrusion Detection and Prevention System (IDPS) in a vehicle gateway to monitor and block malicious activity. Kalintsev discloses a hardware-software complex (HSC) connected to the vehicle’s CAN-bus that detects bugs or unauthorized data transmission and scans for harmful radio-based communications. The system is described as a self-teaching CAN-system used to monitor and block harmful commands in the vehicle, which directly aligns with intrusion detection and prevention functions. Furthermore, Kalintsev teaches that the bus protection module can store details of the intrusion and provide them to a user when queried, which corresponds to logging and reporting capabilities typical of IDPS systems. Because Kalintsev’s HSC monitors data flows, blocks threats, and logs intrusion attempts, it performs the core functions of an IDPS. Thus, incorporating this into the vehicle’s gateway to provide security against unauthorized commands would have been an obvious design choice to a person of ordinary skill in the art (Kalintsev Column 1, Line 58 - Column 2, Lin 3; Column 4, Lines 24-41). Regarding Claim 13 Claim 13 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. THORNBURG US 10,140,783 B2 - teaches a vehicle network system in which a central gateway receives raw data from ECUs over vehicle buses (e.g., CAN or Ethernet), augments the data with availability, classification, and context information (such as power modes, error criteria, and HMI relevance), and publishes the data to publish/subscribe topics hosted by the gateway. The gateway can also send control commands to ECUs and enable remote services outside the vehicle to access or control ECU data via a communication network. Zinner US 2024/0095378 A1 - method for encrypting security-relevant vehicle data by identifying Ethernet communication subscribers via IP addresses and measuring propagation time to determine their physical distance or location relative to a controller or application. Based on the measured distance the system classifies trustworthiness and determines whether to establish a secure connection, optionally applying different security mechanisms depending on the distance. YU US 2023/0236756 A1 describes a device and method involving a buffer manager that handles network frames across multiple ports using a shared buffer memory. For each frame, it allocates a Frame Control Block (FCB) and one or more Buffer Control Blocks (BCBs), enabling queueing operations (enqueue/dequeue) using the FCB without needing to copy the frame. The FCB may include links to other frames, security or safety metadata, and can be updated based on frame processing results. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is 571-272-1531. The examiner can normally be reached on Monday-Friday 9am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, LYNN FIELD can be reached on 571-272-2092. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800- 786-9199 (IN USA OR CANADA) or 571-272-1000. /SAAD AHMAD ABDULLAH/ Examiner, Art Unit 2431 /LYNN D FEILD/ Supervisory Patent Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Nov 29, 2023
Application Filed
May 28, 2025
Non-Final Rejection — §102, §103
Sep 04, 2025
Response Filed
Dec 19, 2025
Final Rejection — §102, §103
Mar 23, 2026
Request for Continued Examination
Apr 09, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592961
QUANTUM-BASED ADAPTIVE DEEP LEARNING FRAMEWORK FOR SECURING NETWORK FILES
2y 5m to grant Granted Mar 31, 2026
Patent 12580886
Network security gateway onboard an aircraft to connect low and high trust domains of an avionics computing infrastructure
2y 5m to grant Granted Mar 17, 2026
Patent 12554871
SYSTEMS, METHODS, AND COMPUTER-READABLE MEDIA FOR SECURE AND PRIVATE DATA VALUATION AND TRANSFER
2y 5m to grant Granted Feb 17, 2026
Patent 12554832
AUTOMATED LEAST PRIVILEGE ASSIGNMENT
2y 5m to grant Granted Feb 17, 2026
Patent 12511372
DATA ACCESSING WITH A VIRTUAL SANDBOX DATABASE
2y 5m to grant Granted Dec 30, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
77%
Grant Probability
99%
With Interview (+35.1%)
2y 12m
Median Time to Grant
Moderate
PTA Risk
Based on 70 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month