DETAILED ACTION
This Office Action is in response to the communication filed on MM/DD/YYYY.
Claims 1-20 are pending.
Claims 1-20 are rejected.
The Examiner cites particular sections in the references as applied to the claims below for the convenience of the applicant(s). Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant(s) fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 1 line 5 reads “, to perform intrusion…” should read “,
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to Abstract Idea without significantly more. The claim(s) recite(s) receiving messages and performing intrusion detection this is classified as abstract idea under Section I© of the 2019 Revised Patent Subject Matter Eligibility Guidance published in the Federal Register (84 FR 50) on January 7, 2019, see (c) Mental processes—concepts performed in the human mind (including an observation, evaluation, judgment, opinion). This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because “signal processing system” does not add significantly more.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The claims are generally narrative and indefinite, failing to conform with current U.S. practice. They appear to be a literal translation into English from a foreign document and are replete with grammatical and idiomatic errors. For example:
Intrusion detection is performed based on a first and second type of message.
It is not clear is the type of message is the trigger for performing the intrusion detection, or if the type of message determines whether the message is identifies as an intrusion.
The “first message” is based on a first communication scheme (claim 1 line 3) and the “first message” is then based on a second communication scheme (claim 1 line 5).
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-7, 9, 12-15 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Yasmin (C.N. 112997467), in view of alternate embodiments of Yasmin (C.N. 112997467).
Regarding claims 1, 14 and 18,
Yasmin discloses: A signal processing system comprising:
a signal processing device comprising an integrated intrusion detection processor configured to, in response to receiving a first message based on a first communication scheme, perform intrusion detection based on a first type of the first message, and in response to receiving a second message based on a second communication scheme, to perform intrusion detection on the second message; and (Yasmin [Page 15, Paragraph 4-6; Page 23, Paragraph 4-5 and page 24, paragraph 1-3; Figure 6a] teaches determining whether data traffic is an attack using a first and second monitoring component where both components generate and then combine reports which are used to determine whether traffic is an attack. This happens in response to each data packet)
a second signal processing device comprising a first intrusion detection processor configured to, in response to receiving the first message based on the first communication scheme, perform intrusion detection based on a second type of the first message, (Yasmin [Page 15-16; Page 22-23 Paragraph 4] teaches first and second processing devices where the first device passes the first report to the second device and in response the second device performs additional intrusion detection to generate the second report)
The main embodiment of Yasmin does not explicitly disclose: wherein in response to receiving a first message based on the second communication scheme from an external source, the integrated intrusion detection processor in the signal processing device is configured to perform the intrusion detection based on the first type of the first message after inspecting a header and payload based on the second communication scheme.
However, alternate embodiments discloses: wherein in response to receiving a first message based on the second communication scheme from an external source, the integrated intrusion detection processor in the signal processing device is configured to perform the intrusion detection based on the first type of the first message after inspecting a header and payload based on the second communication scheme. (Yasmin [Page 22-23, paragraph] teaches inspecting the header and payload of the data packet to determine is a packet is normal)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the different embodiments of Yasmin before him or her, to combine the embodiments of Yasmin to include the header inspection because it will determination of whether a packet is normal
The motivation for doing so would be [“Ethernet IDS will detect it as a normal packet based on the IP header”] (Paragraph 23 by Yasmin)].
Therefore, it would have been obvious to combine the embodiments of Yasmin to obtain the invention as specified in the instant claim.
Claim 14 additionally discloses: wherein the second signal processing device is configured to receive a first message including an in-vehicle sensor signal based on the first communication scheme and perform intrusion detection on the first message, and to transmit the first message, for which the intrusion detection has been completed, based on the second communication scheme. (Yasmin [Page 15-16; Page 22-23 Paragraph 4] teaches first and second processing devices where the first device passes the first report to the second device and in response the second device performs additional intrusion detection to generate the second report)
Claim 18 additionally discloses: A vehicle comprising a signal processing system (Yasmin [Abstract] The invention claims an intrusion monitoring system, intrusion monitoring method and related product)
Regarding claims 4 and 17,
Yasmin discloses: The signal processing system of claim 1, wherein the second signal processing device further comprises a second intrusion detection processor configured to, in response to receiving the second message based on the second communication scheme, perform intrusion detection on the second message. (Yasmin [Page 15-16; Page 22-23 Paragraph 4] teaches first and second processing devices where the first device passes the first report to the second device and in response the second device performs additional intrusion detection to generate the second report)
Regarding claim 5,
Yasmin discloses: The signal processing system of claim 1, wherein the second signal processing device is configured to receive a first message including an in-vehicle sensor signal based on the first communication scheme and perform intrusion detection on the first message, and to transmit the first message, for which the intrusion detection has been completed, based on the second communication scheme. (Yasmin [Page 15-16; Page 22-23 Paragraph 4] teaches first and second processing devices where the first device passes the first report to the second device and in response the second device performs additional intrusion detection to generate the second report)
Regarding claims 6 and 15,
Yasmin discloses: The signal processing system of claim 5, wherein the signal processing device is configured to transmit the first message based on the second communication scheme, which is received from the second signal processing device, to an external server. (Yasmin [Page 13, paragraph 2; Page 32 Paragraph 1-4] teaches that the processing device may be an external server)
Regarding claim 7,
Yasmin discloses: The signal processing system of claim 1, wherein the second signal processing device is configured to perform syntax-based intrusion detection based on a format or timing of the first message, and wherein the signal processing device is configured to perform semantic-based intrusion detection based on semantics of the first message. (Yasmin [Page 22 paragraph 2 – Page 24 paragraph 2] teaches detection of intrusion based on the format of the message)
Regarding claim 9,
Yasmin discloses: The signal processing system of claim 1, wherein the second signal processing device is configured to detect whether intrusion is detected in the first message based on a message ID, data length, and signal range of the first message, or a generation period of the first message, and wherein the signal processing device is configured to detect whether intrusion is detected in the first message based on a message sequence, a range of increase or decrease in signal, a signal state, or a signal correlation in the first message. (Yasmin [Page 23, Paragraph 2 – Page 23 Paragraph 2] teaches detecting intrusions based frame data CAN IDS and/or frequency)
Regarding claim 12,
Yasmin discloses: The signal processing system of claim 4, wherein the second signal processing device further comprises: a first accelerator configured to accelerate processing of the first message; and a second accelerator configured to accelerate processing of the second message. (Yasmin [Page 47, Paragraph 1-2] teaches the instructions may be executed by one or more processors, such as one or more digital signal processors (DSPs ), general microprocessors, application specific integrated circuits (ASICs), Field Programmable Logic Array (FPGAs) or other equivalent integrated or discrete logic circuits)
Regarding claim 13,
Yasmin discloses: The signal processing system of claim 1, wherein upon detecting intrusion in the first message or the second message, the integrated intrusion detection processor or the first intrusion detection processor is configured to drop the first message or the second message. (Yasmin [Page 40, Paragraph 5-6] teaches in response to determining data traffic is an attack, blocking the data traffic)
Claims 2-3, 8, 10-11, 16, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yasmin (C.N. 112997467), in view of Galula (U.S. 20170013005).
Regarding claims 2 and 19,
Yasmin discloses: The signal processing system of claim 1, wherein in response to receiving the first message based on the second communication scheme, the integrated intrusion detection processor in the signal processing device is configured to transmit the first message, for which the intrusion detection has been completed, (Yasmin [Page 15-16; Page 22-23 Paragraph 4] teaches first and second processing devices where the first device passes the first report to the second device and in response the second device performs additional intrusion detection to generate the second report)
Yasmin does not explicitly disclose: and a timing exception message related to the first message to the second signal processing device.
However, in the same field of endeavor Galula discloses: and a timing exception message related to the first message to the second signal processing device. (Galula [Abstract, 0010-0011, 0059-0072, 0157-0168] teaches time based anomaly detection in an in-vehicle communication network)
Yasmin and Galula are analogous art because they are from the same field of endeavor in-vehicle intrusion detection.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Yasmin and Galula before him or her, to modify the method of Yasmin to include the time based anomaly detection in an in-vehicle communication network of Galula because it will allow for
The motivation for doing so would be [“determine whether or not a message is anomalous based on a time difference between a reception of a first message from a first network and a reception of a second message from a second network”] (Paragraph 0010-0011 by Galula)].
Therefore, it would have been obvious to combine Yasmin and Galula to obtain the invention as specified in the instant claim.
Regarding claims 3, 16 and 20,
Yasmin in view of Galula discloses: The signal processing system of claim 1, wherein the first intrusion detection processor in the second signal processing device is configured to perform the intrusion detection based on the second type based on a format or timing of the received first message, (Yasmin [Page 15, Paragraph 4-6; Page 23, Paragraph 4-5 and page 24, paragraph 1-3; Figure 6a] teaches determining whether data traffic is an attack using a first and second monitoring component where both components generate and then combine reports which are used to determine whether traffic is an attack. This happens in response to each data packet)
and, in response to receiving the timing exception message from the signal processing device, determine that the timing of the first message is normal while performing the intrusion detection based on the second type. (Galula [0072-0093, 0157-0168, 0301-0302] teaches performing additional actions when the timing is normal)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Galula for similar reasons as cited in claim 2.
Regarding claim 8,
Yasmin does not explicitly disclose: The signal processing device of claim 1, wherein the signal processing device is configured to perform semantic-based intrusion detection based on a correlation between a plurality of first messages received from a plurality of second signal processing devices.
However, in the same field of endeavor Galula teaches: The signal processing device of claim 1, wherein the signal processing device is configured to perform semantic-based intrusion detection based on a correlation between a plurality of first messages received from a plurality of second signal processing devices. (Galula [0037-0041, 0053-0063, 0113-0125, 0128-0134] teaches intrusion detection by comparing a plurality of messages to determine whether the messages are within the expected parameters correlating to abnormal or abnormal messages)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Galula for similar reasons as cited in claim 2.
Regarding claim 10,
Yasmin does not explicitly disclose: The signal processing system of claim 1, wherein in response to a vehicle speed range in the first message exceeding an allowable value, the second signal processing device is configured to detect the first message as a message corresponding to the intrusion detection based on the second type.
However, in the same field of endeavor Galula teaches: wherein in response to a vehicle speed range in the first message exceeding an allowable value, the second signal processing device is configured to detect the first message as a message corresponding to the intrusion detection based on the second type. (Galula [0056-0058, 161-0165, 0230, 0258-0268) teaches determining context for intrusion detection according to vehicle speed)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Galula for similar reasons as cited in claim 2.
Regarding claim 11,
Yasmin does not explicitly disclose: The signal processing system of claim 1, wherein in response to a range of increase or decrease in vehicle speed in the first message exceeding an allowable range of increase or decrease, the signal processing device is configured to detect the first message as a message corresponding to the intrusion detection based on the first type.
However, in the same field of endeavor Galula teaches: wherein in response to a range of increase or decrease in vehicle speed in the first message exceeding an allowable range of increase or decrease, the signal processing device is configured to detect the first message as a message corresponding to the intrusion detection based on the first type. (Galula [0056-0058, 161-0165, 0230, 0258-0268) teaches determining context for intrusion detection according to vehicle acceleration or deceleration)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Galula for similar reasons as cited in claim 2.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure.
Endo 2018-7-13 (US 20190028493) teaches An attack monitoring system comprises a server device; and a plurality of communication devices constituting a wireless communication network, wherein the server device includes an information acquirer that acquires, in a case where an attack is performed on a mobile unit connected to the wireless communication network, attacker information serving as information related to a transmission source of the attack; and an information sharer that causes the plurality of communication devices to share the attacker information, and each of the plurality of communication devices blocks communication transmitted from the transmission source which corresponds to the shared attacker information.
Kim 2021-2-10 (US 20230109507) teaches An intrusion detection system for detecting intrusions in an in-vehicle network includes a message queue module configured to store network messages collected from the in-vehicle network in a message queue, a memory configured to securely store a ruleset comprising a set of detection rules used in a plurality of detection techniques, a rule engine configured to apply the plurality of detection techniques to the collected network messages to detect security events and configured to determine a severity score and a reliability score for each detected security event, and an interface manager configured to transmit detection reports to a remote backend server in response to detection of the security events.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
THOMAS A. CARNES
Examiner
Art Unit 2436
/THOMAS A CARNES/Examiner, Art Unit 2436 /MOEEN KHAN/Primary Examiner, Art Unit 2436