DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1 – 20 are currently pending in this application.
Double Patenting
Claims 1-20 of this application is patentably indistinct from claims 1 and 4-31 of Application No. 18/235,481. Pursuant to 37 CFR 1.78(f), when two or more applications filed by the same applicant or assignee contain patentably indistinct claims, elimination of such claims from all but one application may be required in the absence of good and sufficient reason for their retention during pendency in more than one application. Applicant is required to either cancel the patentably indistinct claims from all but one application or maintain a clear line of demarcation between the applications. See MPEP § 822.
19/037,560
18/235,481
Claim 1:
A system, comprising: a vehicle comprising a plurality of network zones, each network zone comprising a plurality of end points;
a controller, comprising: a network monitoring component configured to interpret network communications associated with at least one of the network zones;
a network intrusion detection component configured to detect an intrusion event in response to the network communications;
and an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event.
Claim 1:
A system, comprising: a vehicle comprising a plurality of network zones comprising a first network zone and a second network zone, each network zone comprising a plurality of end points,
a controller, comprising: a log monitoring component configured to interpret a log corpus associated with at least one of the plurality of end points; a log analysis component configured to detect a risk event in response to the interpretation of the log corpus, wherein the log corpus is associated with a plurality of end points including a first end point on the first network zone,
Claim 20:
wherein the risk response component is further configured to perform the risk response operation by determining an automated intrusion response in response to the detected risk event, and communicating the automated intrusion response to a log analysis user interface.
Accordingly, claims 2-20 are rejected, at least, based on their dependency on claim 1.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Qiao et al. (Pre-Grant Publication No. US 2020/0274851 A1), hereinafter Qiao, and further in view of Litichever et al. (Pre-Grant Publication No. US 2020/0389469 A1), hereinafter Liti.
2. With respect to claim 1, Qiao taught a system, comprising: a vehicle comprising a plurality of network zones (0007, the logical zones), each network zone comprising a plurality of end points (figure 2, where the critical and non-critical component zones contain a plurality of endpoints such as items 230, 250, etc.); a controller, comprising: a network monitoring component configured to interpret network communications associated with at least one of the network zones (0007, the gateway); a network intrusion detection component configured to detect an intrusion event in response to the network communications (0023 & 0033).
However, while Qiao did teach performing actions in response to an intrusion (0035), in order to show a more explicit teaching of the limitation, it is provided that Qiao did not explicitly state an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event. On the other hand, Liti did teach an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event (0600). Both of the systems of Qiao and Liti are directed towards managing security zones in vehicles and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Qiao, to utilize providing direct responses to an intrusion detection, as taught by Liti, in order to remove the overhead of an administrator making the response decisions.
3. As for claim 2, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the plurality of network zones comprise a plurality of ethernet based network zones (0029).
4. As for claim 3, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein a first one of the plurality of network zones comprises an ethernet based network zone, and wherein a second one of the plurality of network zones comprises a controller area network (CAN) based network zone (0029).
5. As for claim 4, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication source value (0044, where the “not allowed” web addresses are blocked addresses, which is a source value in accordance with the applicant’s specification: 0106).
6. As for claim 5, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication frequency description (0077, where detecting a denial of service attack implicitly teaches determining that communication, from a particular entity, has exceed a rate of communication, which is a communication frequence description in accordance with the applicant’s specification: 0106).
7. As for claim 6, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication destination value (0044, where the “not allowed” web addresses are blocked addresses, which is a source value in accordance with the applicant’s specification: 0106).
8. As for claim 7, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication payload value (0032, where the abnormal value teaches the incorrect payload value in accordance with the applicant’s specification: 0106).
9. As for claim 8, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises providing a notification in response to the detected intrusion event (0046, the alert).
10. As for claim 9, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the intrusion response component is further configured to provide the notification in response to a severity of the detected intrusion event (0600, where the identified device teaches the severity of the attack. See also, Qiao: 0046 & 0054, where the type of attack teaches the severity of the detected intrusion under broadest reasonable interpretation).
11. As for claim 10, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the notification is provided to at least one of: an end point on at least one of the network zones; a cloud server; or an external device (0046, where the monitoring system, at least, teaches the external device).
12. As for claim 11, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the notification comprises at least one of: a severity description, an intrusion type, an intrusion confidence value, an intrusion destination value, or an intrusion source value (0049, where the identified threat, at least, teaches the intrusion type limitation).
13. As for claim 12, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises blocking a communication source in response to the detected intrusion event (0600. See also, Liti: 0053).
14. As for claim 13, it is rejected on the same basis as claim 12. In addition, Qiao taught wherein blocking the communication source comprises communicating an intrusion source value to a vehicle cloud communication controller; and wherein the controller further comprises the vehicle cloud communication controller, the vehicle cloud communication controller configured to manage external communications comprising communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0049, where the management system is cloud based and the addresses can be blocked in accordance with 0044).
15. As for claim 14, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage external communications comprising communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); and wherein the intrusion response operation comprises providing a notification to the vehicle cloud communication controller (0046, where the alert is output to the monitoring system and 0054, where the monitor is part of the management system. Accordingly, the management system is the cloud controller in accordance with 0034).
16. As for claim 15, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy; and wherein the network monitoring component is further configured to interpret network communications associated with at least one of the network zones in response to the communication policy (0034, the applied policies).
17. As for claim 16, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034, the components); wherein the vehicle cloud communication controller is further configured to interpret a communication policy (0034); and wherein the network intrusion detection component is further configured to detect an intrusion event in response to the communication policy (0019).
18. As for claim 17, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy; and wherein the intrusion response component is further configured to perform the intrusion response operation in response to the communication policy (0035).
19. As for claim 18, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy (0034); and the system further comprising at least one of: wherein the network monitoring component is further configured to interpret network communications associated with at least one of the network zones in response to the communication policy; wherein the network intrusion detection component is further configured to detect an intrusion event in response to the communication policy; or wherein the intrusion response component is further configured to perform the intrusion response operation in response to the communication policy (0019, where the intrusion detection, at least, teaches the interpret the network communications limitation).
20. As for claim 19, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the vehicle cloud communication controller is further configured to interpret at least one of a new communication policy or an updated communication policy, and to update the communication policy in response to the at least one of the new communication policy or the updated communication policy (0034).
21. As for claim 20, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises an update to the communication policy (0034).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
(a) BARRETT et al. (Pre-Grant Publication No. US 2019/0394089 A1), 0018, 0028, & 0091.
(b) Shalev et al. (Pre-Grant Publication No. US 2019/0260800 A1), 0006, 0009, & 0030.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH L GREENE whose telephone number is (571)270-3730. The examiner can normally be reached Monday - Thursday, 10:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R. Taylor can be reached at 571 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH L GREENE/Primary Examiner, Art Unit 2443