Prosecution Insights
Last updated: July 05, 2026
Application No. 18/660,678

END-TO-END PROTECTION METHOD

Final Rejection §103
Filed
May 10, 2024
Priority
May 19, 2023 — EU 23174371.7
Examiner
RASHID, HARUNUR
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
STMicroelectronics N.V.
OA Round
2 (Final)
76%
Grant Probability
Favorable
3-4
OA Rounds
1y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
475 granted / 625 resolved
+18.0% vs TC avg
Strong +36% interview lift
Without
With
+36.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
25 currently pending
Career history
653
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
93.0%
+53.0% vs TC avg
§102
2.7%
-37.3% vs TC avg
§112
0.9%
-39.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 625 resolved cases

Office Action

§103
DETAILED ACTION 1. Claims 1-6, 12-20 are pending in this examination. Notice of Pre-AIA or AIA Status 2.1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2.2. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Response to Arguments 3. Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections - 35 USC § 103 4.1. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. 4.2. Claims 1-6, are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20210357344 to Rennig et al (“Rennig”) in view of US Patent Application No. 20210173961 to Young et al (“Young”), in view of “Error Handling of In-vehicle Networks Makes Them Vulnerable” by Cho et al., (Cho) As per claim 1, Rennig discloses an electronical device configured to execute a communication via a communication bus, wherein the electronical device comprises a hardware component different from a processor, and wherein the electronical device is configured to execute directly an protection method of the communication ([0054]-[0057], providing end-to-end data protection in such a bus supported communication system, e.g., relying on a CAN protocol (e.g., CAN FD or CAN XL); wherein the electronical device, during the communication, is configured to receive, to transmit, or to receive and to transmit at least one message comprising a control field data ([0067]-[0070], a flow diagram exemplary of the generation procedure of an E2E protection control field at the sender side. The procedure may be implemented at the master (controller) side and/or at the slave side, also see figs. 3-4 and associated texts); and wherein the end-to end protection method comprises: generating the control field data of the at least one message using data from the message to calculate the control field data and increasing a message counter ([0070]-[0079], a flow diagram exemplary of the generation procedure of an E2E protection control field at the sender side. The procedure may be implemented at the master (controller) side and/or at the slave side, also see figs. 3-4 and associated texts). Rennig does not explicitly disclose however in the same field of endeavor Young discloses, end-to-end protection communication ([0024]); verifying the control field data of the at least one message by: using data from the at least one message to calculate a first version of the control field data; verifying the first version with a second version of the control field data comprised in the at least one message ([0027], In receive operations, the microcontroller 110 and CAN transceiver 120 are configured and connected so that the host 116 can verify the received data frame at the application level by using the CAN protocol CRC 402C that is calculated and verified by the CAN protocol controller 114 when a CAN frame 401 is received. In a first step (1), a CAN frame 401 sent by the CAN transceiver 120 over received data line (RXD) will include a start-of-frame (SOF) field, an arbitration field, a header control field, a data payload field (if present), and a CRC code field 401A. In addition, one or more stuff bits and a stuff count (SB) may be included for CAN FD frames. In a second step (2), the CAN protocol controller 114 calculates a protocol CRC based on the bit stream from the CAN frame 401 that contains SOF, arbitration field, control field and data field (along with any stuff bits and a stuff count). If the calculated protocol CRC matches the CRC code field 401A from the CAN frame 401, the integrity of the frame 401 is verified over the physical media (wire), and the CAN protocol controller proceeds to the third step (3) where the header 402A, payload 402B, and protocol CRC 402A are stored or copied to the buffer memory 116. In selected embodiments, the CAN header 402A, payload 402B, and protocol CRC 402C are stored after removing the start-of-field and any stuff bit data. In this way, the protocol CRC 402C is made available to the host 116 when subsequently processing the data 402B for data integrity since the CPU processing element 101 can read the protocol CRC 402C from the buffer memory or register 116. In particular, the host 116 performs a fourth step (4) where the CRC verification module 103 reads the header 402A and data payload 402B from the buffer memory 116, along with the CRC 402A, and then reconstructs a CAN message 403 from the retrieved header 402A and data payload 402B before calculating a reconstructed CRC 403A. To determine which message/frames require additional integrity checks, the CRC verification module 103 may use a hardware lookup table 104 to quickly identify the frames to be protected by the protocol CRC. To this end, the lookup table 104 can indicate which messages require additional CRC verification by the host 116 and if the CAN frame 403 being reconstructed is a classic or FD. Using the retrieved header 402A and data payload 402B, the CRC verification module 103 Reconstructs the CAN message 403 by calculating a CRC 403A from the header and payload portions and adding the correct number of stuff bits, stuff count and SOF. The host 116 then compares the reconstructed CRC 403A of the reconstructed CAN message 403 with the protocol CRC 402C retrieved from the buffer memory 116 to verify the data if there is a valid match. In the receive use case, the CRC code field 401A is added to the frame 401 by the transmitting node. As a result, when the receiving node host 116 verifies that the reconstructed CRC 403A matches the protocol CRC 402C (which matches the CRC code field 401A), the integrity of the message is checked from transmitting node to receiving node host 116). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rennig with the teaching of Young by including the feature of end-to-end protection, in order for Rennig’s system for protecting the integrity of data communications are extremely difficult at a practical level by virtue of the challenges with meeting the performance requirements and cost constraints for providing data protections across the entire automotive vehicle network. A system, method, and apparatus are provided for processing packets received over Controller Area Network (CAN) interface where a CAN protocol controller computes a CRC value from header and payload values in a received CAN data frame to verify frame integrity of the received CAN data frame across a physical media layer, and then stores the header and payload values and the CRC value in a memory buffer of the CAN protocol controller so that a host core can compute a reconstructed CRC value from the header and payload values retrieved from the memory buffer, and then compare the reconstructed CRC value to the CRC value retrieved from the memory buffer to verify frame integrity of the received CAN data frame at a transaction layer (Young, Abstract). Rennig and Young do not explicitly disclose however in the same field of endeavor Cho discloses, verifying a value of a message counter to a stored value of the message counter if a verification fails, increasing an error counter; and if all verifications succeed, decreasing an error counter (pages 1045-1046, For any detected errors, the perceived node transmits an error frame on the bus and increases one of the two error counters it maintains: Transmit Error Counter (TEC) and Re ceive Error Counter (REC). There are several rules governing theincrease/decrease of these counters, but in essence, a node that de tects an error during transmission increases TEC by 8, whereas if perceived during reception, REC is increased by 1 [3]. Moreover, for any error-free transmission and reception, TEC and REC are decreased by 1, respectively). Furthermore, Cho discloses BitError: Every transmitter compares its transmitted bit with the output bit on the CAN bus. If the two are different, a bit error has occurred, except during arbitration… CRC Error: If the calculated CRC is different from the re ceived CRC, a CRC error is raised. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rennig with the teaching of Young/Cho by including the feature of a counter, in order for Rennig’s system to detect and prevent the bus-off attack. Wepropose a new type of Denial-of-Service (DoS) attack called the bus-off attack which, ironically, exploits the error-handling scheme of in-vehicle networks. That is, their fault-confinement mechanism — which has been considered as one of their major advantages in providing fault-tolerance and robustness — is used as an attack vector. The attacker periodically injects attack mes sages to the in-vehicle network, deceives an uncompromised ECU into thinking it is defective, and eventually forces itself or even the whole network to shut down. In addition to its severe conse quences, the following unique characteristics of the proposed bus off attack differentiate itself from previously known attacks and make it a critical threat which must be countered (Cho, page, 1044). As per claim 2, the combination of Rennig, Young and Cho disclose the electronical device of claim 1, wherein the communication bus is a controller area network bus (Rennig, [0054], [0031], [0034]). As per claim 3, the combination of Rennig, Young and Cho disclose the electronical device of claim 1, wherein the communication bus is a controller area network flexible data-rate bus (Rennig, [0054], [0031]). As per claim 4, the combination of Rennig, Young and Cho disclose the electronical device of claim 1, wherein the communication bus is a controller area network flexible data-rate light bus (Rennig, [0054], [0031], [0132]). As per claim 5, the combination of Rennig, Young and Cho disclose the electronical device of claim 1, wherein the communication bus is a controller area network flexible data-rate XL bus (Rennig, [0054], [0032]). As per claim 6, the combination of Rennig, Young and Cho disclose the electronical device of claim 1, wherein the hardware component is a finite-state-machine (Rennig, [0054], [0031], [0132]). 4.3. Claims 12-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rennig, Young and Cho as applied to claim above, and in view of US Patent Application No. 20180337862 to Sharma et al (“Sharma”). As per claim 12, the combination of Rennig, Young and Cho discloses the invention as described above, including Rennig discloses end-to-end protection method of a communication executed directly by a hardware component of an electronical device adapted to execute the communication via a communication bus, wherein the protection method comprises ([0054]-[0057], providing end-to-end data protection in such a bus supported communication system, e.g., relying on a CAN protocol (e.g., CAN FD or CAN XL); wherein the electronical device, during the communication, is configured to receive, to transmit, or to receive and to transmit at least one message comprising a control field data ([0067]-[0070], a flow diagram exemplary of the generation procedure of an E2E protection control field at the sender side. The procedure may be implemented at the master (controller) side and/or at the slave side, also see figs. 3-4 and associated texts); generating the control field data of at least one message, wherein generating the control field data comprises: using data from the at least one message to calculate the control field data; and increasing a message counter ([0070]-[0079], a flow diagram exemplary of the generation procedure of an E2E protection control field at the sender side. The procedure may be implemented at the master (controller) side and/or at the slave side, also see figs. 3-4 and associated texts ([0077]-[0098], also see [0056]-[0064]). Rennig does not explicitly disclose end-to-end protection communication however in the same field of endeavor Young discloses, end-to-end protection communication ([0024]), performing verification comprising using data from the at least one message to calculate a first update [0027], It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rennig with the teaching of Young by including the feature of end-to-end protection, in order for Rennig’s system for protecting the integrity of data communications are extremely difficult at a practical level by virtue of the challenges with meeting the performance requirements and cost constraints for providing data protections across the entire automotive vehicle network. A system, method, and apparatus are provided for processing packets received over Controller Area Network (CAN) interface where a CAN protocol controller computes a CRC value from header and payload values in a received CAN data frame to verify frame integrity of the received CAN data frame across a physical media layer, and then stores the header and payload values and the CRC value in a memory buffer of the CAN protocol controller so that a host core can compute a reconstructed CRC value from the header and payload values retrieved from the memory buffer, and then compare the reconstructed CRC value to the CRC value retrieved from the memory buffer to verify frame integrity of the received CAN data frame at a transaction layer (Young, Abstract). Rennig and Young do not explicitly disclose however in the same field of endeavor Cho discloses, verifying a value of a message counter to a stored value of the message counter, and if a verification fails, increasing an error counter; and if all verifications succeed, decreasing an error counter (pages 1045-1046, For any detected errors, the perceived node transmits an error frame on the bus and increases one of the two error counters it maintains: Transmit Error Counter (TEC) and Re ceive Error Counter (REC). There are several rules governing theincrease/decrease of these counters, but in essence, a node that de tects an error during transmission increases TEC by 8, whereas if perceived during reception, REC is increased by 1 [3]. Moreover, for any error-free transmission and reception, TEC and REC are decreased by 1, respectively). Furthermore, Cho discloses BitError: Every transmitter compares its transmitted bit with the output bit on the CAN bus. If the two are different, a bit error has occurred, except during arbitration… CRC Error: If the calculated CRC is different from the re ceived CRC, a CRC error is raised. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rennig with the teaching of Young/Cho by including the feature of a counter, in order for Rennig’s system to detect and prevent the bus-off attack. Wepropose a new type of Denial-of-Service (DoS) attack called the bus-off attack which, ironically, exploits the error-handling scheme of in-vehicle networks. That is, their fault-confinement mechanism — which has been considered as one of their major advantages in providing fault-tolerance and robustness — is used as an attack vector. The attacker periodically injects attack mes sages to the in-vehicle network, deceives an uncompromised ECU into thinking it is defective, and eventually forces itself or even the whole network to shut down. In addition to its severe conse quences, the following unique characteristics of the proposed bus off attack differentiate itself from previously known attacks and make it a critical threat which must be countered (Cho, page, 1044). Rennig and Young and Cho do not explicitly disclose first second versions and comparing for verification however in the same field of endeavor, Sharma discloses first second versions and comparing for verification ([0054]-[0056]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rennig with the teaching of Sharma/ Young/Cho by including the feature of versions, in order for Rennig’s system to generate and/or collect Quality of Service (QoS) metrics in SDN systems without adding media latency and media backhaul costs. The present invention is directed to various features relating to communications methods, systems and apparatus. One or more embodiments of the present invention addresses one or more of the various technical problems described above and herein and improves upon the efficiency of SDN systems. The present invention is directed to solving communications centric technological problems, e.g., Internet Protocol communications centric problems. The present invention also provides a new and/or improved system architectures to solve technological problems discussed herein with respect to SDN systems (Sharma,[0005]). As per claim 13, the combination of Rennig, Young, Cho and Sharma disclose the end-to-end protection method of claim 12, wherein the communication bus is a controller area network bus (Rennig, [0054], [0031], [0034]). As per claim 14, the combination of Rennig, Young, Cho and Sharma disclose the end-to-end protection method of claim 12, wherein the communication bus is a controller area network flexible data-rate bus (Rennig, [0054], [0031]). As per claim 15, the combination of Rennig, Young, Cho and Sharma disclose the end-to-end protection method of claim 12, wherein the communication bus is a controller area network flexible data-rate light bus (Rennig, [0054], [0031], [0132]). As per claim 16, the combination of Rennig, Young, Cho and Sharma disclose the end-to-end protection method of claim 12, wherein the communication bus is a controller area network flexible data-rate XL bus (Rennig, [0054], [0032]). As per claim 17, the combination of Rennig, Young, Cho and Sharma disclose the end-to-end protection method of claim 12, wherein the hardware component is a finite-state-machine (Rennig, [0054], [0031], [0132]). As per claim 18, the combination of Rennig, Young, Cho and Sharma discloses a system comprising the first electronical device of claim 1 and at least one second electronical device (Rennig, [0150]-[0160]). As per claim 19, the combination of Rennig, Young, Cho and Sharma discloses the system of claim 18, wherein the at least one second electronical device comprises a second electronical device of the electronical device of claim 1 (Rennig, [0150]-[0160]). As per claim 20, the combination of Rennig, Young, Cho and Sharma discloses the system of claim 18, wherein the at least one second electronical device is configured to execute an end-to-end protection method (Sharma, [0054]-[0056]). The motivation regarding the obviousness of claim 12 is also applied to claim 19. 5.1. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892). 5.2. a). US Patent Application No. 20230106378 to Pese et al., discloses as discloses automotive security concerns are rising, the Controller Area Network (CAN)—the de facto standard of in-vehicle communication protocol—has come under scrutiny due to its lack of encryption and authentication. Several vulnerabilities, such as eavesdropping, spoofing, and replay attacks, have shown that the current implementation needs to be extended. Both academic and commercial solutions for a secure CAN have been proposed, but OEMs have not yet integrated them into their products. The main reasons for this lack of adoption are their heavy use of limited computational resources in the vehicle, increased latency that can lead to missed deadlines for safety-critical messages, as well as insufficient space available in a CAN frame to include a Message Authentication Code (MAC). By making a trade-off between security and performance, this disclosure overcomes the aforementioned problems of a secure CAN. b). US Patent No. 10021222 issued to Mosko et al., discloses one embodiment provides a system in a first node that facilitates efficient packet forwarding. During operation, the system stores, in a storage device in a first node, a static dictionary comprising a mapping between a type and length (TL) string and a byte-aligned compressed replacement string. The system encodes the byte-aligned compressed replacement string based on an encoding technique to generate a bit-aligned encoded replacement string and stores a mapping between the encoded replacement string and the TL string in an encoded dictionary. If the system identifies the TL string in a packet, the system replaces the TL string with the encoded replacement string and transmits the packet to a second node storing the encoded dictionary in a local storage device, thereby facilitating bit-aligned compression of a TL string. c). US Patent Application No. 20130266017 to Akiyoshi et al., discloses a communication system includes a forwarding node processing a received packet in accordance with a process rule in which a matching rule for identifying a flow and a process content applied to a packet coinciding with the matching rule are associated to each other; and a control apparatus including a path calculation unit calculating a packet forwarding path for each flow; and a forwarding control policy management unit managing a packet forwarding control policy applied to the forwarding node; wherein the control apparatus sets a process rule reflecting contents of the forwarding control policy in accordance with the calculated path. Conclusion 6. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. HARUNUR . RASHID Primary Examiner Art Unit 2497 /HARUNUR RASHID/Primary Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

May 10, 2024
Application Filed
Sep 23, 2025
Non-Final Rejection mailed — §103
Jan 23, 2026
Response Filed
May 29, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671466
METHOD AND DEVICE FOR TRANSMITTING AND RECEIVING SIGNAL IN WIRELESS COMMUNICATION SYSTEM
2y 4m to grant Granted Jun 30, 2026
Patent 12632567
MICRO CONTROLLER UNIT AND SECURITY DIAGNOSIS METHOD THEREOF
1y 8m to grant Granted May 19, 2026
Patent 12625985
METHOD FOR DOCUMENTING INFORMATION
4y 6m to grant Granted May 12, 2026
Patent 12625943
USB PERIPHERAL AUTHENTICATION METHOD, EMBEDDED SYSTEM, AND STORAGE MEDIUM
1y 10m to grant Granted May 12, 2026
Patent 12603869
PRIVACY SOLUTION FOR IMAGES LOCALLY GENERATED AND STORED IN EDGE SERVERS
2y 3m to grant Granted Apr 14, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+36.3%)
3y 4m (~1y 2m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 625 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month