Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
This action is in response to applicant’s original disclosure filed on 11/18/2024. Claims 1-40 are pending.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1 is rejected on the ground of non-statutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11,048,797 and 797’ hereinafter. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are drawn to the following:
(18/950983) A device for use in a vehicle with multiple Electronic Control Units (ECUs) that communicate over a first vehicle bus that comprises Control Area Network (CAN) bus using CAN frames that are composed of first and second parts, where the first part is transmitted to the first vehicle bus before the second part, the device comprising: a software and a processor for executing the software; a first connector for connecting to a data source that is not a vehicle bus, a first transceiver that is controlled by the processor and is coupled to the first connector, for transmitting first data to, and for receiving second data from, the data source via the first connector; a second connector, for connecting to the first vehicle bus; a second transceiver that is controlled by the processor and is coupled to the second connector, for transmitting third data to, and for receiving fourth data from, the first vehicle bus via the second connector; and a single enclosure housing the first connector, the second connector, the first transceiver, the second transceiver, and the processor, wherein the processor is configured to: receive from the data source, by the first transceiver via the first connector, a first part of a first frame that is composed of first and second parts; transmit to the first vehicle bus, by the second transceiver via the second connector, the received first part of the first frame; receive from the data source, by the first transceiver via the first connector, the second part of the first frame that is composed of first and second parts; check while receiving the second part, the received first part for compliance with a rule; responsive to the first part complying with the rule, transmit to the first vehicle bus, by the second transceiver via the second connector, the received second part of the first frame; and responsive to the first part not complying with the rule, transmit to the first vehicle bus, by the second transceiver via the second connector, data other than the second part of the first frame, for corrupting or preventing the first frame on the first vehicle bus, so that the first frame is rendered ineligible to be properly received by at least one of the multiple ECUs connected to the first vehicle bus; maps to (797’) A device for use with frames that are composed of first and second parts, for connecting to a first vehicle bus in a vehicle, the first vehicle bus carrying the frames for communicating between multiple Electronic Control Units (ECUs) connected thereto where the first part is transmitted to the first vehicle bus before the second part, the device comprising: a port for receiving a first frame that is composed of first and second parts from a serial data source; a first connector for connecting to the first vehicle bus; a first transceiver coupled to the first connector for transmitting frames to the first vehicle bus; a processor coupled to control the first transceiver and to the port for receiving at least part of the first frame therefrom; and a single enclosure for housing the port, the first connector, the first transceiver, and the processor, wherein the processor is operative for checking the first part of the first frame received from the port for compliance with a rule while receiving the second part of the first frame from the port, wherein responsive to the first part of the first frame complying with the rule, the device is configured to forward the first and second parts of the first frame to the first vehicle bus by the first transceiver, wherein responsive to the first part not complying with the rule, the device is configured to transmit data other than the second part to the first vehicle bus by the first transceiver, for corrupting or preventing the first frame on the first vehicle bus so that the first frame is rendered ineligible to be properly received by any of the multiple ECUs connected to the first vehicle bus, wherein the serial data source is distinct from the first vehicle bus, and wherein the port is distinct from the first connector.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-40 are rejected under 35 U.S.C. 103 as being unpatentable over LITICHEVER (WO 2013/144962) in view of Juergen (WO 2015/008114).
As to claim 1, LITICHEVER teaches a device for use in a vehicle with multiple Electronic Control Units (ECUs) that communicate over a first vehicle bus that comprises Control Area Network (CAN) bus using CAN frames that are composed of first and second parts (i.e., ...teaches on page 17 lines 5-15 the following: “the security system of the invention has at least two bus 105 interfaces and can filter messages in each direction. The filtering is done in any appropriate way, for instance, according to the message's properties (such as message headers, data, etc.)”),
where the first part is transmitted to the first vehicle bus before the second part, the device comprising: a software and a processor for executing the software (i.e., …illustrates in figure 10 a processing unit with instruction for filtering CAN bus messages.”);
a first connector for connecting to a data source that is not a vehicle bus (i.e., …illustrates in figure 10, figure element 1408 a computer connected (e.g., not a vehicle bus)), a first transceiver that is controlled by the processor and is coupled to the first connector, for transmitting first data to, and for receiving second data from, the data source via the first connector (i.e. …illustrates in figure 10, a transceiver with a connector to a vehicle bus);
a second connector, for connecting to the first vehicle bus (i.e., …illustrates in figure 10 a connector to a vehicle bus);
a second transceiver that is controlled by the processor and is coupled to the second connector (i.e., …illustrates in figure 10, a transceiver), for transmitting third data to, and for receiving fourth data from, the first vehicle bus via the second connector (i.e., …illustrates in figure 10. a transceiver for transmitting data to a bus);
and a single enclosure housing the first connector, the second connector, the first transceiver, the second transceiver, and the processor, wherein the processor is configured to (I.e., …teaches on page 19 lines 10-25 the following: “All ECUs with external communication interfaces 104 are protected by stand-alone communication filter/proxy protection devices 703. …the security system 703 is a stand-alone system or device. The security system 703 has at least two communication interfaces and may additionally have a configuration port.” …teaches in fig. 8 the following: “the security system (communication filter/proxy) connected serially to an existing gateway, according to an embodiment of the present invention;” …teaches in page 21 lines 20-28the following: “. The security system 703 has at least two communication ports 901 and 903, one 903 connected to the physical layer driver 904 and the other 901 connected to the rest of the ECU's logic 900 (e.g. ECU's controller) using its native physical layer (e.g. Complementary Metal Oxide (CMOS) or Transistor Transistor Logic (TTL)). The physical layer driver 904 is connected to the communication bus 105.” …figure 10 illustrates the two transceiver with connectors.):
receive from the data source, by the first transceiver via the first connector, a first part of a first frame that is composed of first and second parts (i.e., …teaches in page 22 lines 15-25 the following: “for simplicity's sake the message flow is depicted in some embodiments herein as if a simple rule based filter is used, although a more complex rule based filter can be applied and is encompassed by the present invention. For example, multiple rules can be applied to the same message.”);
transmit to the first vehicle bus, by the second transceiver via the second connector, the received first part of the first frame (i.e., …teaches on page 23 lines 10-20 the following: “The message handler 1801 includes (1) a message receiving unit for receiving a message to its input buffer 1302 from the communication bus 105; and (2) a message transmission unit for transmitting a message from its output buffer 1303 to the communication bus 105.”);
receive from the data source, by the first transceiver via the first connector, the second part of the first frame that is composed of first and second parts (i.e., …teaches on page 23 lines 10-20 the following: “The message handler 1801 includes (1) a message receiving unit for receiving a message to its input buffer 1302 from the communication bus 105; and (2) a message transmission unit for transmitting a message from its output buffer 1303 to the communication bus 105.” …teaches on page 25 lines 5-15 the following: “Each message arriving from a physical interface I/O 1800 to the physical interface 1602 through the transceiver 1301 goes into the routing component 1603. The routing component can determine the message's inner headers (such as message source or any other information about the message) and then decides towards which destination to send the message, according to its routing algorithm”.);
check while receiving the second part, the received first part for compliance with a rule (i.e., …teaches page 23 line 15-20 the following: “Messages arriving into message handler 1801” …teaches on page 24 lines 15-20 the following: “The filter element 1304 then checks the legality of the message (by the message analyzer) in step 3205. If the message is illegal, it will be discarded in step 3206. If the message is legal, it is sent to its destination (which can be the opposite message handler 1801) in step 3207.”. …teaches on page 25 lines 5-15 the following: “Each message arriving from a physical interface I/O 1800 to the physical interface 1602 through the transceiver 1301 goes into the routing component 1603. The routing component can determine the message's inner headers (such as message source or any other information about the message) and then decides towards which destination to send the message, according to its routing algorithm”.);
responsive to the first part complying with the rule, transmit to the first vehicle bus, by the second transceiver via the second connector, the received second part of the first frame (i.e. …teaches on page 27 lines 15-30 the following: “A message arrives from the proxy interface input 2000 of the message handler 1801, and goes into the rule selector 2100 of the message classification unit (also referred to as classifier), which according to the message properties (such as headers, source, destination, data, or any other properties) sends it to the proper rule 2102 in the message analyzer unit . If no proper rule is found, the rule selector rejects the message according to its policy (possible policies are described below). The appropriate rule 2102 (of the plurality of rules 2102) which receives the message checks it more thoroughly and decides whether the message should be allowed or not, or should be modified. The action upon the result of a rule 2102 is part of the message analyzer's unit. If the message should be allowed, the rule 2102 passes the message to the proxy interface output 2002 connected to the message transmission unit of the message handler 1801.”);
and responsive to the first part not complying with the rule (I.e., …teaches on page 28 lines 5-20 the following: “If the message should be changed, the rule 2102 (of the analyzer) can make the necessary changes and pass the message to the proxy interface output 2002 connected to the message transmission unit. In some embodiments, if the message should not be allowed, the rule selector 2100 is notified and it chooses the next proper rule 2102 for the message or rejects the message according to its policy. If no more proper rules 2102 are found, the rule selector 2100 acts according to its policy in such case. The rule selector 2100 policy may include, but is not limited to, discarding the message, notifying the sender, or performing any preconfigured action.”),
transmit to the first vehicle bus, by the second transceiver via the second connector (i.e., …illustrates in figure 10 a second transceiver transmitting data).
LITICHEVER does not expressly teach:
data other than the second part of the first frame, for corrupting or preventing the first frame on the first vehicle bus, so that the first frame is rendered ineligible to be properly received by at least one of the multiple ECUs connected to the first vehicle bus.
In this instance the examiner notes the teachings of prior art reference Juergen.
With regards to applicant’s claim limitation element of, “data other than the second part of the first frame, for corrupting or preventing the first frame on the first vehicle bus, so that the first frame is rendered ineligible to be properly received by at least one of the multiple ECUs connected to the first vehicle bus”, teaches on page 7, lines 20-30 the following: “In S340, when the first information matches with the third information, and the second information does not match with the fourth information, it is converted the current message 210 into an erroneous message 210 by causing the body 212 of the current message 210 to be altered while the current message 210 is being broadcasted on the bus 200. Possibly, in one embodiment, it may be altered at least part of the body 212 of the current message 210.”, Teaches on page 7 lines 1-5 the following: “, the first and second communication apparatuses 100i , 100.sub.2, 100.sub.3 are further adapted to receive erroneous message 210 broadcasted on the bus 200. For example, in one embodiment, the first and second communication apparatuses 100i , 100.sub.2, 100.sub.3 may be further adapted to discard the processing of a received erroneous message 210.”. Teaches on page 11 lines 25-30 the following: “wherein the message destroyer is further adapted to alter at least part of the body of the current message.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 2, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the vehicle is an autonomous or self-driving car (i.e., teaches on page 4 line 10-20 the following: “vehicle to vehicle (V2V)”),
wherein the processor is a Central Processor Unit (CPU), a controller, a Field-Programmable Gate Array (FPGA), or an Application Specific Integrated Circuit (ASIC) (i.e., …teaches on page 9 lines 1-5 the following: “computer-based equipment”), and wherein the check comprises real-time detecting of malicious messages (i.e., …teaches on page 8 lines 25-28 the following: “protect any electronic system comprising a CAN Bus against malicious messages.”).
As to claim 3, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the data source comprises a serial data source that sends data according to a protocol of a second vehicle bus (i.e., …teaches on page 17 lines 15-20 the following: “communication protocols over one or more of its physical interfaces”).
As to claim 4, the system of LITICHEVER and Juergen as applied to claim 3 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 3, wherein the first vehicle bus and the data source use different protocols, and wherein the device is further configured to convert between the different protocols (i.e., …teaches on page 20 line 25-28 the following: “converting protocols connecting the buses”).
As to claim 5, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, further comprising a buffer in the enclosure that is coupled for sequentially storing a group of bits from the first transceiver (i.e., …teaches on page 23 lines 10-20 the following: “receiving a message to its input buffer 1302 from the communication bus”), wherein the device is further configured to store in the buffer the first part of the first frame (i.e., …teaches on page 23 lines 10-20 the following: “receiving a message to its input buffer 1302 from the communication bus”), and wherein the checking comprises checking the bits stored in the buffer (i.e., …teaches on page 23 lines 25-30 the following: “it inspects it and decides whether to send it”).
As to claim 6, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the processor is further configured to:
receive from an ECU connected to the first vehicle bus, by the second transceiver via the second connector, a received first part of a second frame that is composed of first and second parts (i.e., …illustrates in figure 10 a second transceiver receiving data from a CAN bus. The examiner notes that the ECUs are connected to the CAN bus.);
transmit to the data source, by the first transceiver via the first connector, the first part of the second frame (i.e., …illustrates in figure 10 a second transceiver receiving data from a CAN bus. The examiner notes that the ECUs are connected to the CAN bus.);
receive from the ECU connected to the first vehicle bus, by the second transceiver via the second connector, the second part of a second frame (i.e., …illustrates in figure 10 a second transceiver with a second connector for transmitting and receiving data);
check while receiving the second part of the second frame, the received first part for compliance with the rule (i.e., …teaches on page 23 lines 25-30 the following: “it inspects it and decides whether to send it”);
and responsive to the first part of the second frame complying with the rule (i.e., …teaches on page 23 lines 25-30 the following: “it inspects it and decides whether to send it”), transmit to the data source, by the first transceiver via the first connector, the second part of the second frame (i.e., …teaches on page 23 lines 25-30 the following: “it inspects it and decides whether to send it”).
As to claim 7, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the CAN bus comprises a Control Area Network-Flexible Data-rate (CAN-FD) standard (i.e., …teaches on page 34 the 25-30 following: “Similarly to CAN bus 105, it is a simple protocol used by controllers. Additionally, several other control protocols with similar characteristics exist such as FlexRay,”), and wherein the second transceiver comprises a CAN-FD transceiver (i.e.., …illustrates in figure 10 a CAN transceiver).
As to claim 8, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, further comprising in the enclosure a gateway or a bridge coupled between the first and second connectors (i.e., …illustrates in figure 10 a standalone enclosure coupled between connectors).
As to claim 9, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 1, further configured to convert, a first series of bits that use first logical data levels to a CAN frame received from the data source by the first transceiver via the first connector.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 15-25 the following: “the message destroyer 150 may further be adapted to alter at least part of the body 212 of the current message 210. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 10, the system of LITICHEVER and Juergen as applied to claim 9 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 9, wherein the bits are carried using first logical data levels that are CMOS or TTL levels (i.e., …teaches on page 21 lines 20-30 the following: “Transistor Transistor Logic (TTL)).”).
As to claim 11, the system of LITICHEVER and Juergen as applied to claim 9 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 9, wherein the first series of bits are carried over an interconnection protocol that is a Serial Peripheral Interface (SPI), Inter-Integrated Circuit (I2C), Universal Asynchronous Receiver/Transmitter (UART), or Peripheral Component Interconnect (PCI) (i.e., …teaches on page 26 lines 25-30 the following: “which can be any data interface (e.g. Universal Asynchronous Receiver Transmitter (UART)”).
As to claim 12, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER does not expressly teaches a device according to claim 1, wherein the first vehicle bus is carrying data as dominant (‘0’) or recessive (‘1’) bits.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 10-15 the following: “the series of dominant bits may be sent in continuous way or in a staggered way”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 13, the system of LITICHEVER and Juergen as applied to claim 12 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 12, wherein the corrupting of the second part of the first frame is by changing at least one bit in the second part of the first frame, and corrupting of the second part of the first frame by changing one or more bits from recessive to dominant bits.
In this instance the examiner notes the teachings of prior art reference Juergen.
With regards to applicant’s claim limitation element of, “wherein the corrupting of the second part of the first frame is by changing at least one bit in the second part of the first frame”, Juergen teaches on page 6, lines 15-25 the following: “the message destroyer 150 may further be adapted to alter at least part of the body 212 of the current message 210. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
With regards to applicant’s claim limitation element of, “and corrupting of the second part of the first frame by changing one or more bits from recessive to dominant bits”, Juergen teaches on page 6, lines 10-15 the following: “the series of dominant bits may be sent in continuous way or in a staggered way”,
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 14, the system of LITICHEVER and Juergen as applied to claim 13 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 13, wherein the corrupting of the second part of the first frame is by changing multiple non-consecutive bits in the second part of the first frame.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 15-25 the following: “the message destroyer 150 may further be adapted to alter at least part of the body 212 of the current message 210. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure bus communication, wherein the suspicious message mitigation process helps facilitate bus security and makes it easier to mitigate unauthorized bus messages.
As to claim 15, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 1, wherein the corrupting of the second part of the first frame comprises changing at least one bit in a field in the first frame.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 15-25 the following: “the message destroyer 150 may further be adapted to alter at least part of the body 212 of the current message 210. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 16, the system of LITICHEVER and Juergen as applied to claim 15 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 15, wherein the field is Cyclic Redundancy Check (CRC).
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 15-25 the following: “.. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 17, the system of LITICHEVER and Juergen as applied to claim 16 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 16, wherein the corrupting of the second part of the first frame comprises inserting a CAN stuffing error to the first frame.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 6, lines 15-25 the following: “the message destroyer 150 may further be adapted to alter at least part of the body 212 of the current message 210. For example, by altering the CRC sequence contained in the body 212 of the illegal message 210, the received CRC sequence would be different from the calculated CRC sequence and thus a CRC error associated with the currently broadcasted message 210 would be detected on the bus 200. Same alteration could be made on other fields of the body 212 of the illegal message 210 in order for the convert it into an erroneous message 210.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 18, the system of LITICHEVER and Juergen as applied to claim 17 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 17, wherein the communication over the first vehicle bus uses, or is based on, the Control Area Network (CAN) or Control Area Network-Flexible Data-rate (CAN-FD) standard (i.e., …teaches on page 34 the 25-30 following: “Similarly to CAN bus 105, it is a simple protocol used by controllers. Additionally, several other control protocols with similar characteristics exist such as FlexRay,”).
As to claim 19, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 15, wherein the communication over the first vehicle bus uses, or is based on, the Control Area Network (CAN) or Control Area Network-Flexible Data-rate (CAN-FD) standard (i.e., …teaches on page 34 the 25-30 following: “Similarly to CAN bus 105, it is a simple protocol used by controllers. Additionally, several other control protocols with similar characteristics exist such as FlexRay”).
As to claim 20, the system of LITICHEVER and Juergen as applied to claim 19 teaches vehicle security, specifically LITICHEVER does not expressly teach a device according to claim 19, wherein the corrupting of the second part of the first frame comprises inserting a CAN Error Frame that comprises an Active Error Frame, or wherein the changed bit is an Error Flag or an Error Delimiter.
In this instance the examiner notes the teachings of prior art reference Juergen.
Juergen teaches on page 5, lines 15-25 the following: “in CAN system for instance, any five corrupted single bits per message 210 may be detected thanks to a fifteen bit Cyclic Redundancy Check (CRC) with a Hamming distance of six. Other error handling techniques are also available such as read-after-write error detection or parity bit check which basically disregards erroneous messages 210 once they have been detected”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of LITICHEVER with the teachings of Juergen by having their system comprise a suspicious message mitigation process. One would have been motivated to do so to provide a simple and effective means to secure vehicle bus communication, wherein the suspicious message mitigation process helps facilitate robust security and makes it easier to mitigate unauthorized bus messages.
As to claim 21, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, further comprising a message delay component coupled to the first connector or to the first transceiver for delaying, by a time interval, the received first part before being transmitted to the first vehicle bus (i.e., …teaches on page 9 lines 15-25 the following: “(2) limit the rate that such messages can be delivered to the appropriate transmission unit to predetermined value per time unit”).
As to claim 22, the system of LITICHEVER and Juergen as applied to claim 21 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 21, wherein the first part is delayed until the checking, by the processor, of the first part is completed (i.e., …teaches on page 9 lines 15-25 the following: “(2) limit the rate that such messages can be delivered to the appropriate transmission unit to predetermined value per time unit”).
As to claim 23, the system of LITICHEVER and Juergen as applied to claim 21 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 21, further configured for sensing, by a second transceiver, whether the first vehicle bus is busy or free, and wherein the first part is delayed by the message delay component until the second vehicle bus is sensed to be free (i.e., …teaches on page 9 lines 15-25 the following: “(2) limit the rate that such messages can be delivered to the appropriate transmission unit to predetermined value per time unit”).
As to claim 24, the system of LITICHEVER and Juergen as applied to claim 21 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 21, wherein the time interval is fixed (i.e., …teaches on page 9 lines 15-25 the following: “(2) limit the rate that such messages can be delivered to the appropriate transmission unit to predetermined value per time unit”).
As to claim 25, the system of LITICHEVER and Juergen as applied to claim 21 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 21, wherein message delay component is coupled be controlled by the processor, and the time interval is controlled in response to a value in a field of in the first frame, or wherein the time interval is controlled in response to a length of the first part or of the first frame (i.e., …teaches on page 29 line 25-30 the following: “When the time arrives, the timing task of the rule 2300 transfers the message waiting”).
As to claim 26, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the first transceiver is operative to receive or to transmit using fast bit sampling for avoiding loss of bits timing, or wherein the first transceiver is operative to receive or to transmit using batch bits sampling (i.e., …teaches on page 17 lines 1-10 the following: “the rate of the messages, can be configured…”).
As to claim 27, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, for use with a first and second baud rate used by the second transceiver for the receiving from, or the transmitting to, the first vehicle bus, and wherein the processor is coupled for controlling the second transceiver to use the first or the second baud rate (i.e., …teaches on page 17 lines 1-10 the following: “the rate of the messages, can be configured”).
As to claim 28, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the first part of the first frame comprises two or more bytes, and wherein the checking comprises checking two or more non-consecutive bytes or two or more non-consecutive bytes in the first part of the first frame (i.e., ...teaches on page 28 lines 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. An example of a filtering logic can be checking that the message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 29, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, further configured for receiving the rule using a connection for receiving the rule from an operator or a logic circuit designer (i.e., …teaches on page 23 lines 5-15 the following: “the security system 703 can be configured by an external device (e.g. configuration / diagnostics computer) 1408, through an out of band (OOB) interface such as a serial connection (e.g. RS-232). The configuration affects the security system's 703 behavior, the messages it lets through, changes or blocks, and any other of its configurable properties. The new configuration can be saved so next time the security system 703 resets, the new configuration will run at startup.”);
and for storing the rule (i.e., …teaches on page 23 lines 5-15 the following: “… new configuration can be saved so next time the security system 703 resets, the new configuration will run at startup.”).
As to claim 30, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the first part comprises a field of the first frame, and wherein the rule applies to the field content (i.e., …teaches on page 28 line 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. Such logic may include but is not limited to, properties of the message, message's headers, message's content, message length, the filter state, timings of the message or any other parameters or properties ...”).
As to claim 31, the system of LITICHEVER and Juergen as applied to claim 30 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 30, wherein the field consists of, or comprises, a frame header, an identification of a frame sender, a flag, or an identification of the frame type (i.e., …teaches on page 17 lines 10-15 the following: “message's properties (such as message headers, data, etc.)”).
As to claim 32, the system of LITICHEVER and Juergen as applied to claim 30 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 30, further for use with a list of field data associated with the field content, wherein the checking comprises comparing the first part to the list (i.e., ...teaches on page 28 lines 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. Such logic may include but is not limited to, properties of the message, message's headers, message's content, message length, the filter state, timings of the message or any other parameters or properties or any combination of these properties, in a whitelist or blacklist manner. An example of a filtering logic can be checking that the message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 33, the system of LITICHEVER and Juergen as applied to claim 30 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 30, wherein the transmitting of a signal is responsive to the first part being identical to one of the field data in the list (i.e., ...teaches on page 28 lines 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. Such logic may include but is not limited to, properties of the message, message's headers, message's content, message length, the filter state, timings of the message or any other parameters or properties or any combination of these properties, in a whitelist or blacklist manner. An example of a filtering logic can be checking that the message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 34, the system of LITICHEVER and Juergen as applied to claim 30 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 30, wherein the transmitting of the signal is responsive to the first part being not found in any of the field data in the list (i.e., ...teaches on page 28 lines 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. Such logic may include but is not limited to, properties of the message, message's headers, message's content, message length, the filter state, timings of the message or any other parameters or properties or any combination of these properties, in a whitelist or blacklist manner. An example of a filtering logic can be checking that the message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 35, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein each of the first ECU and the multiple ECUs is identified in the communication over the respective vehicle bus using an address (i.e., ...teaches on page 28 lines 15-25 the following: “… message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 36, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein each of the frames received from the first connector comprises the address of the respective sending ECU (i.e., ...teaches on page 28 lines 15-25 the following: “… message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 37, the system of LITICHEVER and Juergen as applied to claim 36 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 36, further for use with a list of field data associated with the field content, wherein the list of field data comprises a list of addresses of part of, or all of, the ECUs connected to the respective vehicle bus (i.e., ...teaches on page 36 lines 20-30 the following: “an ECU 75 means authenticating the authentication unit coupled with it. …each authentication unit is configured with a list of all the authentication units in the system 101”).
As to claim 38, the system of LITICHEVER and Juergen as applied to claim 37 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 37, wherein the transmitting of part of the first frame to the first vehicle bus is responsive to the address of the first ECU being included in the list of addresses (i.e., ...teaches on page 28 lines 15-25 the following: “A rule 2102 can contain any filtering logic to decide whether a message is legal or not. Such logic may include but is not limited to, properties of the message, message's headers, message's content, message length, the filter state, timings of the message or any other parameters or properties or any combination of these properties, in a whitelist or blacklist manner. An example of a filtering logic can be checking that the message destination is 'y', the ID of the message is between 'xx' to 'zz', the message data length is 3 and the first two bytes of the message are 'aa' and 'bb'.”).
As to claim 39, the system of LITICHEVER and Juergen as applied to claim 1 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 1, wherein the rule applies to the first frame length or to a timing property of the first frame (i.e., …teaches on page 17 lines 1-10 the following: “the rate of the messages, can be configured…”).
As to claim 40, the system of LITICHEVER and Juergen as applied to claim 39 teaches vehicle security, specifically LITICHEVER teaches a device according to claim 39, wherein the timing property comprises the frame sending time, or frames transmission rate (i.e., …teaches on page 41 lines 15-20 the following: “2) limit the rate that such messages can be delivered to the appropriate transmission unit to predetermined value per time unit…”).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/Examiner, Art Unit 2497