DETAILED ACTION
Claims 16-35 are presented on 07/22/2024 for examination on merits. Claims 16 and 28 are independent base claims. Claims 1-15 are canceled by preliminary amendment.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would appreciate Applicant if a clean copy of the claims is provided to facilitate the prosecution which otherwise requires extra time for editing the marked-up claims from OCR.
Please submit two sets of claims:
Set #1 as in a typical filing which includes indicators for the status of claim and all marked amendments to the claims; and
Set #2 as an appendix to the Arguments/Remarks for a clean version of the claims which has all the markups removed for entry by the Examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
First,
Claims 16-35 are rejected on the ground of nonstatutory double patenting as being unpatentable over 1-20 of US Patent No. 10,375,092 B2 (hereinafter “USPAT 092”).
Regarding claim 16, USPAT 092 anticipates:
A system for providing controller security, the system comprising:
a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform security operations (USPAT 092 CLM. 1: a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform operations) comprising:
receiving operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices (USPAT 092 CLM. 1: receiving, at a server system, operation information for a plurality of instances of an ECU, the plurality of instances being installed across a plurality of devices, and the operation information comprising malware reports that identify malware on the plurality of instances of the ECU);
statistically analyzing the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the controller (USPAT 092 CLM. 1: statistically analyzing, by the server system, the received operation information), the identified operation comprising at least one of (note that optional limitations are recited hereafter):
a processor operation (USPAT 092 CLM. 1: the received operation information that is outside of determined normal operations of the ECU, which is a processor operation);
a memory operation (Omitted as an optional limitation); or
an input/output operation (Omitted as an optional limitation);
identifying one or more anomalous controller behaviors based on the statistical analysis (USPAT 092 CLM. 1: identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis); and
identifying information regarding the one or more anomalous controller behaviors on the controller as a potential security threat (USPAT 092 CLM. 1: providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as a potential security threat. Note that the providing of threat information includes the identification of the threat as a potential security threat inherently).
Independent claim 28 is rejected for the same reason as claim 16, because it recites the same limitations.
Regarding dependent claims 17-27 and 29-35 of the present application, they are obvious variants of the same subject matter as found in the reference application, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.
Secondly,
Claims 16-35 are rejected on the ground of nonstatutory double patenting as being unpatentable over 1-20 of US Patent No. US 11012451 B2 (hereinafter “USPAT 451”).
Regarding claim 16, USPAT 451 anticipates:
A system for providing controller security, the system comprising:
a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor (USPAT 451, CLM. 1: a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor), cause the processor to perform security operations comprising:
receiving operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices (USPAT 451, CLM. 1: receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices);
statistically analyzing the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the controller (USPAT 451, CLM. 1: statistically analyzing, by the server system, the received operation information), the identified operation comprising at least one of (note that optional limitations are recited hereafter):
a processor operation (USPAT 451, CLM. 1: an operation as identified from the received operation information is a process operation inherently because the received operation is defined by information for a plurality of instances of a controller);
a memory operation; or
an input/output operation;
identifying one or more anomalous controller behaviors based on the statistical analysis (USPAT 451, CLM. 1: identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis); and
identifying information regarding the one or more anomalous controller behaviors on the controller as a potential security threat (USPAT 451, CLM. 1: providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as a potential security threat. Note that here the action of providing information is the same as identifying the information).
Independent claim 28 is rejected for the same reason as claim 16, because it recites the same limitations.
Regarding dependent claims 17-27 and 29-35 of the present application, they are obvious variants of the same subject matter as found in the reference application, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 16-17 and 28-29 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Sonalker (US 20160188396 A1; hereinafter “Sonal”).
As per claim 16, Sonal teaches a system for providing controller security, the system comprising:
a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor (Sonal, par. 0006-0007 and 0022: the vehicle ECU is programmed to implement an anomaly detector), cause the processor to perform security operations comprising:
receiving operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices (Sonal, par. 0028: receiving information such as statistics for all messages on CAN bus which connects multiple ECUs; see par. 0030 and 0041);
statistically analyzing the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the controller (Sonal, par. 0028 and FIG. 2: temporal analysis of received messages including computing statistics for all messages …based on the statistics generated in operation 28; see also par. 0043-0046 for labeling a temporal pattern of messages on the CAN bus for anomaly if the statistics comparison indicates a statistically significant deviation; such as a statistically significant deviation [is] greater than the allowable limit; par. 0013), the identified operation comprising at least one of (note that optional limitation is recited hereafter):
a processor load or usage (Sonal, par. 0046-0047: the monitoring and detecting techniques apply to microprocessor or microcontroller of an embedded system such as the illustrative ECU 10; par. 0024: For example, if the anomalous events are traced to a particular ECU or ECU operations, then a warning generated to indicate that the ECU is compromised; see par. 0043: detecting an abnormal operation based on the timing analysis by using statistics of message rate of arrival. For example, if messages are arriving faster than expected, it may DoS overloading the ECU);
a memory operation (note that this optional limitation is omitted); or
an input/output operation (Sonal, par. 0043: the statistical analysis of the incoming rate of CAN bus message. In Sonalker, the queues for analysis are flushed and refilled with I/O messages on the CAN bus or a type of input/output operations; par. 0044. As such, Sonalker at least teaches determining an abnormal operation based on the identified operation of CAN bus messages going through a queue of input/output operations);
identifying one or more anomalous controller behaviors based on the statistical analysis (Sonal, par. 0013: an anomaly is a statistically significant deviation from normal CAN bus behavior as gleamed from CAN bus message traffic. “Statistically significant” means that the deviation from normal CAN bus behavior is …greater than the allowable limit); and
identifying information regarding the one or more anomalous controller behaviors on the controller as a potential security threat (Sonal, par. 0024: issues an anomalous event alert if the detected anomalous messages meet some alert criterion. For example, if the anomalous events are traced to a particular ECU, then a warning that the ECU is compromised).
As per claim 17, Sonal teaches a system of claim 26, and also teaches: wherein the statistically analyzing comprises analyzing at least one of (note that optional limitation is recited hereafter):
a process sequence, a function sequence, a network packet, a process frequency, a function frequency, a device context, a system context, or a resource usage (Sonal, par. 0020: analyzes CAN bus traffic on a per-message basis, which is essentially an analysis of one or more network packets).
Regarding claims 28-29, they each recite the same limitations as claims 26-27, respectively, and therefore claims 28-29 are rejected using the same rationales.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 18-19, 21-26, and 30-34 are rejected under 35 U.S.C. 103 as being unpatentable over Sonal, as applied to claim 16, in view of Haga (US 20180295147 A1; the date of provisional application 12/16/2015 is relied upon for this Office Action).
As per claim 18, Sonal teaches the system of claim 16, but does not explicitly disclose a common controller type (such as a type of brake controller) found in the plurality of instances of the controller. This aspect of the claim is identified as a further difference.
In a related art, Haga teaches:
wherein the plurality of instances of the controller are of a common controller type (Haga, par. 0042 and 0044: vehicles including the same type of ECU, for example; Haga discloses instances of the controller are of a common controller type such as brake ECUs; see par. 0070-0071: Connected to the bus 20 are chassis-related ECUs associated with control of the behavior of the vehicle and the like, such as “turning” and “stopping”, including the ECU (brake ECU) 200 and the ECU (steering ECU) 201 connected to the brake 210 and the steering 211, respectively).
Sonal and Haga are analogous art, because they are in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Haga to Sonal to classify instances of the controller by type. For this combination, the motivation would have been to improve the level of security for related controllers of the same type.
As per claim 19, the references as combined above teach the system of claim 18, and Haga thereof also teaches: wherein the determined normal operations of the controller comprise determined normal operations for the common controller type (Haga, par. 0084 and 0096: the normal state).
As per claim 21, Sonal teaches the system of claim 16. However, Sonal does not explicitly disclose wherein the security operations further comprise performing steps of generating a security policy or modifying a security policy. This aspect of the claim is identified as a further difference.
In a related art, Haga teaches:
wherein the security operations further comprise performing at least one of (note that optional limitation is recited hereafter):
generating a security policy or modifying an existing security policy (Haga, par. 0047 and 0113: a rule … for detecting a same anomaly as an anomaly on the on-board network).
Sonal and Haga are analogous art, because they are in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Haga to Sonal to include generating a security policy or modifying a security policy. For this combination, the motivation would have been to improve the level of security with related policies.
As per claim 22, Haga in the above combination teaches system of claim 16, and also teaches wherein the security operations further comprise modifying an existing security policy by performing at least one of (note that optional limitation is recited hereafter):
altering a process map that is part of the security policy (Haga, FIG. 8 shows a process map that is part of the existing security policy that defines alert levels and at what level a notification should be sent; see details in par. 0107-0109; see also par. 0134-0135 for modification of alert levels that may be raised and lowered).
It is noted that the following optional limitations are omitted in this Office Action:
removing information corresponding to the one or more anomalous controller behaviors from one or more whitelists that are part of the security policy;
removing function mappings corresponding to the one or more anomalous controller behaviors from one or more whitelists that are part of the existing security policy;
removing an IP address corresponding to the one or more anomalous controller behaviors from one or more whitelists that are part of the existing security policy; removing a network port corresponding to the one or more anomalous controller behaviors from one or more whitelists that are part of the existing security policy;
removing a payload content type corresponding to the one or more anomalous controller behaviors from one or more whitelists that are part of the existing security policy.
As per claim 23, Sonal teaches the system of claim 16. However, Sonal does not explicitly disclose steps for modifying an existing security policy and pushing out the modified security policy to at least one of the plurality of instances of the controller having the existing security policy. This aspect of the claim is identified as a further difference.
In a related art, Haga teaches:
wherein the security operations further comprise:
modifying an existing security policy (Haga teaches an existing security policy that maps the alert level which is varied in accordance with the cumulative vehicle parameters as shown in FIGS. 12A-12D and par. 0134-0139); and
pushing out the modified security policy to at least one of the plurality of instances of the controller having the existing security policy (Haga, par. 0143-0145: the anomaly detection server 80 decides an alert level, which is varied, and transmits to ECUs and ECU vendors; see also par. 0156: the update processing unit 940 updates [the detection rules] or the fraud detection information indicating rules or an algorithm for fraud detection; see also par. 0157 for updating the fraud detection rules at S307 of FIG. 13).
Sonal and Haga are analogous art, because they are in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Haga to Sonal to include policy updates on instances of the controller. For this combination, the motivation would have been to improve the level of security with updated policies.
As per claim 24, Sonal teaches the system of claim 16. However, Sonal does not explicitly disclose the aspect of identifying the operation that is outside of determined normal operations of the controller comprises determining that the operation deviates from a behavioral baseline by a threshold number of standard deviations. This aspect of the claim is identified as a further difference.
In a related art, Haga teaches:
wherein identifying the operation that is outside of determined normal operations of the controller comprises determining that the operation deviates from a behavioral baseline by a threshold number of standard deviations (Haga, par. 0084 and 0152: determine that a frame is anomalous in the case in which the anomaly level exceeds a predetermined threshold value).
Sonal and Haga are analogous art, because they are in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Haga to Sonal to determine that the operation deviates from a behavioral baseline by a threshold number of standard deviations. For this combination, the motivation would have been to improve the level of security with a use of threshold for computing the deviation.
As per claim 25, Sonal teaches the system of claim 16; however, Sonal does not explicitly disclose malware report that identifies malware on at least one of the plurality of instances of the controller. This aspect of the claim is identified as a further difference.
In a related art, Haga teaches:
wherein the operation information comprises at least one malware report that identifies malware on at least one of the plurality of instances of the controller (Haga, par. 0111-0112: The frame interpreting unit 902 reports the information in each field of the received frame to the fraudulent frame detection unit 903; see par. 0113-0115 for information indicating rules … for determining whether or not a frame is fraudulent and the forwarding destination to which the ECU is connected).
Sonal and Haga are analogous art, because they are in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Haga to Sonal to report the identified malware found at the controller. For this combination, the motivation would have been to improve the level of security with a reporting function.
As per claim 26, the references as combined above teach the system of claim 25, and Haga also teaches:
wherein the identified malware is associated with the one or more anomalous controller behaviors (Haga, par. 0095: analyzes the specifications related to CAN frames while checking the behavior of the vehicle. This analysis [of] behavior is carried out by repeated trial and error until the specifications related to the CAN frame of a desired attack message are revealed; par. 0105: the behavior of a vehicle [is], such as “running”, “turning”, and “stopping”, for example).
blocking the identified malware (note that this optional limitation is omitted in this Office Action); or
preventing the one or more anomalous controller behaviors (Haga, par. 0023: proactively discover vehicle security vulnerabilities, such as a vulnerable ECU or network interface, based on any of the anomalies, data… as well as suggest and prioritize remediation and mitigation activities).
Regarding claims 30 and 31, they recite similar limitations to claims 21 and 22, respectively, and they are rejected for the same rationale.
Regarding claims 32-34, they recite the same corresponding limitations of claims 23 and 25-26, respectively. As such, and claims 32-34 are similarly rejected using the same rationales.
Claims 20 is rejected under 35 U.S.C. 103 as being unpatentable over Sonal, as applied to claim 16, in view of Baril (US 20150254172 A1).
As per claim 20, Sonal teaches the system of claim 16, but does not explicitly disclose the operation information includes at least two of specific processes. This aspect of the claim is identified as a further difference.
In a related art, Baril teaches:
wherein the operation information from which the operation is identified includes at least two of (Note that optional limitations are recited hereinafter): a process sequence (note: selected for examination); a function sequence; network packet information; a process call frequency; a function call frequency; device or system contextual information; or a computer resource usage (note: selected for examination). Baril discloses the at least two as: a process sequence (par. 0009 and 0085-0086: a set of execution sequences; a test implements the function sequences that were observed in a production environment) and a computer resource usage (par. 0009 and 0089: a usage model for the application; memory usage 116, process usage 118, and network usage 120).
Sonal and Baril are analogous art, because they are in a similar field of endeavor in improving anomaly detection of network devices. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine modify Sonal’s system with Baril’s testing system to detect anomalies from at least two features of the operations. For this combination, the motivation would have been to improve the accuracy of the testing system monitoring at least two processes or functions.
Claims 27 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Sonal and Haga, as applied to claim 26 and 34, respectively, and further in view of Allouche (US 20170200323 A1).
As per claim 27, the combination of Sonal and Haga teach the system of claim 26, wherein the security operations further comprise:
modifying a security policy (Haga, par. 0143-0145: the anomaly detection server 80 decides an alert level, which is varied, and transmits to ECUs and ECU vendors; see also par. 0156: the update processing unit 940 updates [the detection rules]); and
deploying the modified security policy to at least one of the plurality of instances of the controller (Haga, par. 0111-0112: fraudulent frame detection unit 903; see par. 0113-0115 for the forwarding destination to which the ECU is connected).
However, Sonal and Haga as combined above do not explicitly disclose blocking the identified malware; or preventing the one or more anomalous controller behaviors. This aspect of the claim is identified as a further difference.
In a related art, Allou teaches:
wherein the modified security policy is configured to cause the at least one of the plurality of instances of the controller to perform at least one of (note that optional limitation is recited hereafter):
blocking the identified malware; or preventing the one or more anomalous controller behaviors (Allou, par. 0023: rules for identifying a particular service shop as the source of an anomaly where multiple vehicles from among vehicles 102 that were recently serviced by the same service shop all began shortly thereafter to exhibit an anomaly with respect to the same third party ECU; see also par. 0022 and 0027 for the use of a global anomaly detector (GAD) 114 configured for detecting anomalies associated with any of the vehicles among vehicles 102):
Allou is analogous art to the claimed invention in a similar field of endeavor in improving anomaly detection of automotive controllers. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Soanl-Haga system to determine how to prevent the one or more anomalous controller behaviors. For this combination, the motivation would have been to improve the level of security with a mitigation method.
Regarding claim 35, it recites the same limitations as claim 27. Therefore, claim 35 is rejected the same as claim 27.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953. The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862. The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.
/Don G Zhao/Primary Examiner, Art Unit 2493 12/17/2025
Prosecution Insights