Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
Claims 1-20 are pending in this office action.
Priority
Priority is claimed to PCT/CN2022/084290, filed 03/31/2022.
Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 11/08/2024 and 03/17/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Claim Objections
Claim 11 is objected to because of the following informalities:
For claim 11, line 7, there is an extra word “wherein” at the end that needs to be removed/corrected.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
For claims 1, 11 and 20, The instant claims in their last limitation (“forwarding” or “forward” step) utilize “or” to optionally recite limiting phrases “forward[ing] the second data packet or executing a first security instruction based on the second security detection result, wherein the first security instruction is for controlling a vehicle to perform a security operation”. The limitation may be interpreted such that the second part “executing a first security instruction based on the second security detection result” may or may not occur, which renders the claim indefinite in view of the last phrase “wherein the first security instruction is for controlling a vehicle to perform a security operation” because “the first security instruction” is not previously defined nor a definitely occurring element. Also, therefore “the first security instruction” in claims 2-4 and 12-14 raise issues of lack of antecedent basis. And therefore “the second security instruction” in claims 6 and 16 raise similar issues of lack of antecedent basis for “the second security instruction” due to similar reasons as above. Other dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Appropriate corrections are required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Di Pietro et al. (US 2017/0099310 A1, Di Pietro hereinafter), in view of Kim et al. (US 2020/0382528 A1, Kim hereinafter).
For claim 1, Di Pietro teaches a security detection method, comprising: obtaining a first data packet (Fig. 6-7; para 0099-0100 - capturing first data packet);
inputting the first data packet into a first security detection apparatus for security detection, to obtain a first security detection result (para 00100, 0104 - apparatus or mechanism to detect anomaly in the captured packet);
obtaining a second data packet and inputting the second data packet into a second security detection apparatus for security detection when the first security detection result indicates that the first data packet poses a security threat, to obtain a second security detection result (para 0103-0106 - anomaly detection result for the first packet may be used in determining the second packet capture criteria and capturing the second packet accordingly); and
forwarding the second data packet or executing a first security instruction based on the second security detection result, wherein the first security instruction is for controlling a unit to perform a security operation (para 0013-0014, 0016, 0033-0034, 0103-0108 - packets for controlling units in a system, second packets forwarded for deep inspection, and performing further action/operation based on the result of inspecting the second packet).
Di Pietro does not explicitly teach, whereas Kim teaches the first security instruction is for controlling a vehicle (para 0015, 0048-0050, 0089 - packet inspection to detect vehicle intrusion associated with vehicle ECU instructions, and performing further action).
Therefore, based on Di Pietro in view of Kim, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Kim in the system of Di Pietro, in order to apply packet inspection and security remedy techniques to any critical application areas such as vehicle security and attack prevention, thereby improving vehicle safety and security.
For claim 2, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein the forwarding the second data packet or executing a first security instruction based on the second security detection result comprises: sending the second data packet to a first server when the second security detection result indicates that the second data packet poses a security threat (para 0013-0014, 0016, 0033-0034, 0103-0108 - packets for controlling units in a system, second packets forwarded for deep inspection, and performing further action/operation based on the result of inspecting the second packet);
receiving a third security detection result sent by the first server, wherein the third security detection result indicates whether the second data packet poses the security threat; and forwarding the second data packet or executing the first security instruction based on the third security detection result (para 0013-0014, 0057-0058, 0061-0064, 0075 - deep packet inspection and further investigation results as third set of threat results).
For claim 3, Di Pietro in view of Kim teaches the claimed subject matter as discussed above in the method according to claim 2. Di Pietro further teaches wherein the forwarding the second data packet or executing the first security instruction based on the third security detection result comprises: forwarding the second data packet when the third security detection result indicates that the second data packet does not pose the security threat; or executing the first security instruction when the third security detection result indicates that the second data packet poses the security threat (para 0042, 0098 - plurality of packets that are inspected, wherein anomaly either detected or not detected but alert raised and made available or forwarded to pertaining units for further action; para 0013-0014, 0057-0058, 0061-0064, 0075 - deep packet inspection and further investigation results as third set of threat results).
For claim 4, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein the forwarding the second data packet or executing a first security instruction based on the second security detection result comprises: forwarding the second data packet when the second security detection result indicates that the second data packet does not pose a security threat; or executing the first security instruction when the second security detection result indicates that the second data packet poses a security threat (para 0042, 0098 - plurality of packets that are inspected, wherein anomaly either detected or not detected but alert raised and made available or forwarded to pertaining units for further action; para 0103-0106 - anomaly detection result for the first packet may be used in determining the second packet capture criteria and capturing the second packet accordingly; para 0013-0014, 0057-0058, 0061-0064, 0075 - deep packet inspection and further investigation results as third set of threat results).
For claim 5, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein the first security detection apparatus comprises a rule library, a security detection rule is stored in the rule library (para 0015, 0075, 0080, 0082, 0092-0093 - rules and pertaining criteria (rules/conditions) are specified or stored, and the method further comprises: receiving security detection rule update information sent by a second server; and updating the security detection rule in the rule library based on the security detection rule update information (para 0075, 0082, 0083, 0093, 0099 - criteria changed/captured via instructions to update or change the same).
For claim 6, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein the obtaining a first data packet comprises: obtaining the first data packet and a third data packet in a first time period (para 0031, 0047, 0066, 0092-0093); and the method further comprises: inputting the third data packet into the second security detection apparatus for security detection, to obtain a fourth security detection result; and forwarding the third data packet or executing a second security instruction based on the fourth security detection result, wherein the second security instruction is for controlling the vehicle to perform the security operation (para 0042, 0098 - plurality of packets that are inspected, wherein anomaly either detected or not detected but alert raised and made available or forwarded to pertaining units for further action; para 0013-0014, 0057-0058, 0061-0064, 0075 - deep packet inspection and further investigation results as fourth set of threat detection results).
For claim 7, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches forwarding the first data packet (Fig. 6-7; para 0063-0064, 0099-0100 - capturing first data packet and forwarding for further inspection).
For claim 8, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein at least one of the following is true: the first security detection apparatus is a first intrusion detection system (IDS) or a first intrusion detection and prevention system (IDPS); or the second security detection apparatus is a second IDS or a second IDPS (para 0038-0040, 0073 - anomaly or intrusion detection and prevention system).
For claim 9, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein at least one of the following is true: the first security detection apparatus is located in a field programmable gate array (FPGA); or the second security detection apparatus is located in a microcontroller unit (MCU) (Fig. 2; para 0016, 0036, 0038 - microcontroller or computing processors in the security detection process).
For claim 10, Di Pietro in view of Kim teaches the claimed subject matter as discussed above. Di Pietro further teaches wherein at least one of the following is true: the first security detection apparatus is located in a fast forwarding engine; or the second security detection apparatus runs on a main application core (para 0027, 0053, 0068 - main application modules and core architecture component of the application system comprising security detection mechanisms).
As to claim 11, the claim limitations are similar to those in claim 1, except claim 11 is drawn to an apparatus, comprising: at least one processor; and one or more memories coupled to the at least one processor and storing programming instructions for execution by the at least one processor (Di Pietro - Fig. 2-3; para 0032-0034) to cause the apparatus to perform the method of claim 1. Therefore claim 11 is rejected according to claim 1 above.
As to claims 12-19, the claim limitations are similar to those of claims 2-9 respectively. Therefore claims 12-19 are rejected according to claims 2-9 resp. as above.
As to claim 20, the claim limitations are similar to those in claim 1, except claim 20 is drawn to a non-transitory computer-readable storage medium, wherein the computer-readable medium stores program code (Di Pietro - Fig. 2-3; para 0032-0034), and when the program code is run on a computer, the computer is enabled to perform the method according to claim 1. Therefore claim 20 is rejected according to claim 1 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (1) Enderby (US 20080313738) and (2) Aydin (DE 102021003596 A1) are cited to show methods, computer program products and systems pertinent to multi-stage deep packet inspection, and vehicle electronic unit attack detection using packet inspection.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433