Prosecution Insights
Last updated: July 17, 2026
Application No. 19/037,560

UNIVERSAL INTRUSION DETECTION AND PREVENTION FOR VEHICLE NETWORKS

Non-Final OA §103
Filed
Jan 27, 2025
Priority
Mar 06, 2020 — provisional 62/986,444 +7 more
Examiner
GREENE, JOSEPH L
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Sonatus Inc.
OA Round
1 (Non-Final)
63%
Grant Probability
Moderate
1-2
OA Rounds
2y 6m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 63% of resolved cases
63%
Career Allowance Rate
351 granted / 558 resolved
+4.9% vs TC avg
Strong +37% interview lift
Without
With
+36.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 12m
Avg Prosecution
34 currently pending
Career history
602
Total Applications
across all art units

Statute-Specific Performance

§101
2.3%
-37.7% vs TC avg
§103
90.1%
+50.1% vs TC avg
§102
4.7%
-35.3% vs TC avg
§112
1.8%
-38.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 558 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 1. Claims 1 – 20 are currently pending in this application. Double Patenting Claims 1-20 of this application is patentably indistinct from claims 1 and 4-31 of Application No. 18/235,481. Pursuant to 37 CFR 1.78(f), when two or more applications filed by the same applicant or assignee contain patentably indistinct claims, elimination of such claims from all but one application may be required in the absence of good and sufficient reason for their retention during pendency in more than one application. Applicant is required to either cancel the patentably indistinct claims from all but one application or maintain a clear line of demarcation between the applications. See MPEP § 822. 19/037,560 18/235,481 Claim 1: A system, comprising: a vehicle comprising a plurality of network zones, each network zone comprising a plurality of end points; a controller, comprising: a network monitoring component configured to interpret network communications associated with at least one of the network zones; a network intrusion detection component configured to detect an intrusion event in response to the network communications; and an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event. Claim 1: A system, comprising: a vehicle comprising a plurality of network zones comprising a first network zone and a second network zone, each network zone comprising a plurality of end points, a controller, comprising: a log monitoring component configured to interpret a log corpus associated with at least one of the plurality of end points; a log analysis component configured to detect a risk event in response to the interpretation of the log corpus, wherein the log corpus is associated with a plurality of end points including a first end point on the first network zone, Claim 20: wherein the risk response component is further configured to perform the risk response operation by determining an automated intrusion response in response to the detected risk event, and communicating the automated intrusion response to a log analysis user interface. Accordingly, claims 2-20 are rejected, at least, based on their dependency on claim 1. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Qiao et al. (Pre-Grant Publication No. US 2020/0274851 A1), hereinafter Qiao, and further in view of Litichever et al. (Pre-Grant Publication No. US 2020/0389469 A1), hereinafter Liti. 2. With respect to claim 1, Qiao taught a system, comprising: a vehicle comprising a plurality of network zones (0007, the logical zones), each network zone comprising a plurality of end points (figure 2, where the critical and non-critical component zones contain a plurality of endpoints such as items 230, 250, etc.); a controller, comprising: a network monitoring component configured to interpret network communications associated with at least one of the network zones (0007, the gateway); a network intrusion detection component configured to detect an intrusion event in response to the network communications (0023 & 0033). However, while Qiao did teach performing actions in response to an intrusion (0035), in order to show a more explicit teaching of the limitation, it is provided that Qiao did not explicitly state an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event. On the other hand, Liti did teach an intrusion response component configured to perform an intrusion response operation in response to the detected intrusion event (0600). Both of the systems of Qiao and Liti are directed towards managing security zones in vehicles and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Qiao, to utilize providing direct responses to an intrusion detection, as taught by Liti, in order to remove the overhead of an administrator making the response decisions. 3. As for claim 2, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the plurality of network zones comprise a plurality of ethernet based network zones (0029). 4. As for claim 3, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein a first one of the plurality of network zones comprises an ethernet based network zone, and wherein a second one of the plurality of network zones comprises a controller area network (CAN) based network zone (0029). 5. As for claim 4, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication source value (0044, where the “not allowed” web addresses are blocked addresses, which is a source value in accordance with the applicant’s specification: 0106). 6. As for claim 5, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication frequency description (0077, where detecting a denial of service attack implicitly teaches determining that communication, from a particular entity, has exceed a rate of communication, which is a communication frequence description in accordance with the applicant’s specification: 0106). 7. As for claim 6, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication destination value (0044, where the “not allowed” web addresses are blocked addresses, which is a source value in accordance with the applicant’s specification: 0106). 8. As for claim 7, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the network intrusion detection component is further configured to detect the intrusion event in response to a communication payload value (0032, where the abnormal value teaches the incorrect payload value in accordance with the applicant’s specification: 0106). 9. As for claim 8, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises providing a notification in response to the detected intrusion event (0046, the alert). 10. As for claim 9, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the intrusion response component is further configured to provide the notification in response to a severity of the detected intrusion event (0600, where the identified device teaches the severity of the attack. See also, Qiao: 0046 & 0054, where the type of attack teaches the severity of the detected intrusion under broadest reasonable interpretation). 11. As for claim 10, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the notification is provided to at least one of: an end point on at least one of the network zones; a cloud server; or an external device (0046, where the monitoring system, at least, teaches the external device). 12. As for claim 11, it is rejected on the same basis as claim 8. In addition, Qiao taught wherein the notification comprises at least one of: a severity description, an intrusion type, an intrusion confidence value, an intrusion destination value, or an intrusion source value (0049, where the identified threat, at least, teaches the intrusion type limitation). 13. As for claim 12, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises blocking a communication source in response to the detected intrusion event (0600. See also, Liti: 0053). 14. As for claim 13, it is rejected on the same basis as claim 12. In addition, Qiao taught wherein blocking the communication source comprises communicating an intrusion source value to a vehicle cloud communication controller; and wherein the controller further comprises the vehicle cloud communication controller, the vehicle cloud communication controller configured to manage external communications comprising communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0049, where the management system is cloud based and the addresses can be blocked in accordance with 0044). 15. As for claim 14, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage external communications comprising communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); and wherein the intrusion response operation comprises providing a notification to the vehicle cloud communication controller (0046, where the alert is output to the monitoring system and 0054, where the monitor is part of the management system. Accordingly, the management system is the cloud controller in accordance with 0034). 16. As for claim 15, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy; and wherein the network monitoring component is further configured to interpret network communications associated with at least one of the network zones in response to the communication policy (0034, the applied policies). 17. As for claim 16, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034, the components); wherein the vehicle cloud communication controller is further configured to interpret a communication policy (0034); and wherein the network intrusion detection component is further configured to detect an intrusion event in response to the communication policy (0019). 18. As for claim 17, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy; and wherein the intrusion response component is further configured to perform the intrusion response operation in response to the communication policy (0035). 19. As for claim 18, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the controller further comprises a vehicle cloud communication controller, the vehicle cloud communication controller configured to manage communications between: 1) each one of the plurality of end points on the plurality of network zones, and 2) external devices at least selectively communicatively coupled to the vehicle (0034); wherein the vehicle cloud communication controller is further configured to interpret a communication policy (0034); and the system further comprising at least one of: wherein the network monitoring component is further configured to interpret network communications associated with at least one of the network zones in response to the communication policy; wherein the network intrusion detection component is further configured to detect an intrusion event in response to the communication policy; or wherein the intrusion response component is further configured to perform the intrusion response operation in response to the communication policy (0019, where the intrusion detection, at least, teaches the interpret the network communications limitation). 20. As for claim 19, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the vehicle cloud communication controller is further configured to interpret at least one of a new communication policy or an updated communication policy, and to update the communication policy in response to the at least one of the new communication policy or the updated communication policy (0034). 21. As for claim 20, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the intrusion response operation comprises an update to the communication policy (0034). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (a) BARRETT et al. (Pre-Grant Publication No. US 2019/0394089 A1), 0018, 0028, & 0091. (b) Shalev et al. (Pre-Grant Publication No. US 2019/0260800 A1), 0006, 0009, & 0030. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH L GREENE whose telephone number is (571)270-3730. The examiner can normally be reached Monday - Thursday, 10:00am - 4:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R. Taylor can be reached at 571 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JOSEPH L GREENE/Primary Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

Jan 27, 2025
Application Filed
Jun 29, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682128
CONTROL SYSTEM WITH SECURITY MANAGEMENT DEVICE
3y 7m to grant Granted Jul 14, 2026
Patent 12659743
THIRD-PARTY CONTROL OF HEARING DEVICE, HEARING DEVICE AND RELATED METHODS
4y 0m to grant Granted Jun 16, 2026
Patent 12660134
VEHICULAR DRIVING ASSIST SYSTEM WITH INTEGRATED ADAS AND INFOTAINMENT CIRCUITRY
2y 9m to grant Granted Jun 16, 2026
Patent 12639799
FLIPPER APPARATUS AND OBJECT INSPECTION METHOD USING SAME
5y 5m to grant Granted May 26, 2026
Patent 12608503
SYSTEMS AND METHODS FOR SANITIZING SENSITIVE DATA AND PREVENTING DATA LEAKAGE USING ON-DEMAND ARTIFICIAL INTELLIGENCE MODELS
3y 6m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
63%
Grant Probability
99%
With Interview (+36.7%)
3y 12m (~2y 6m remaining)
Median Time to Grant
Low
PTA Risk
Based on 558 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month