Obviousness

Obviousness Analysis of US Patent 9173100 under 35 U.S.C. § 103

This analysis assesses the obviousness of US Patent 9173100 by considering combinations of prior art elements that a person having ordinary skill in the art (POSITA) would have been motivated to combine as of the priority date (November 16, 2011).

It is important to note that the provided patent text does not contain a dedicated "Prior Art section" listing specific patent or non-patent documents. Instead, the patent's "Definitions" and introductory sections describe various existing vehicle technologies, communication systems, networking concepts, and security mechanisms that were known in the art at the time of filing. For the purpose of this analysis, these descriptions within the patent itself will serve as the "results from the Prior Art section of this page," representing the common knowledge and existing technologies available to a POSITA.

Identified Elements of Prior Art (as described in US9173100)

1. Vehicle Communication Systems and Networks:

   • Modern vehicles utilize multiple communication systems and networks with both open (e.g., Ethernet, LVDS) and proprietary (e.g., CAN Bus, LIN Bus, OEM Bus) architectures.
   • CAN bus is a serial network for automotive applications, enabling devices to communicate without a host computer and supporting message-based communication with arbitration fields for message priority (e.g., standard CAN 2.0A, extended CAN 2.0B).
   • The CAN specification (ISO 11898) includes high-speed CAN (e.g., for engine, suspension, safety equipment) and low-speed CAN (eg., for less critical components).
   • Well-known networks like Ethernet, Wi-Fi, USB, I2C, RS232, RS485, and FireWire can be implemented in vehicles.
   • Vehicles can include wireless interfaces for long, intermediate, or short-range wireless networks such as cellular (CDMA, GSM, IS-95), 802.X, Wi-Fi, and Bluetooth. These wireless interfaces support various protocols, including WEP, WPA, and WTLS.

2. Vehicle Computational Components:

   • Vehicles include various control units and sensors, such as Engine Control Units (ECUs), Transmission Control Units (TCUs), Anti-lock Braking Systems (ABS), airbag deployment systems, and numerous other sensors (e.g., wheel state, power source, collision, odometer, HVAC).
   • Processing modules can perform, monitor, and control critical and non-critical tasks and operations within a vehicle.

3. General Network Security Concepts and Mechanisms:

   • The patent acknowledges that "A secured connection protocol is needed" for wireless connections in vehicles due to potential security hazards.
   • Security is provided by "gateway/firewall 1512 applying known security algorithms."
   • Firewalls can use techniques like network address translation, network layer/packet filtration, and application-layer firewalls.
   • Wireless security can be implemented using existing 802.11 standards such as Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA), or other known security systems.
   • Common security breach events include viruses, malware, unauthorized access, denial-of-service attacks, spoofing, man-in-the-middle attacks, and identity theft.
   • Warning signals for security breaches can be received from gateways, firewalls, honeypots, network nodes, and network probes.
   • Isolation can be achieved by critical communication security mechanisms, including:
     • Encryption of access restrictions.
     • Disabling ESSID broadcasting or hiding the SSID.
     • MAC ID filtering.
     • Static IP addressing.
     • Implementing IEEE 802.11, 802.11i, and/or 802.1x security.
     • Using protocols like TKIP, EAP, LEAP, PEAP, WPAv1, and/or WPAv2.
     • Using end-to-end encryption.
   • Security breach events can be analyzed by reviewing historical behavior, comparing behavior to templates of attacks, and/or applying rules to historical behavior.

Motivation to Combine

The patent explicitly identifies the problems in the prior art, which serves as a strong motivation for a POSITA to combine known technologies:
"Existing vehicle bus protocols which are largely designed for safety, are generally unsuitable for other non-safety communications, due to low bus bandwidth and transmission speed. There are therefore various needs in the art including improving information flow between vehicle components, leveraging the various communication systems and/or networks in the art to enhance vehicle safety, data security, and/or data processing, and providing remote authorized third party (i.e. peace officers, vehicle manufacturers, vehicle security services, and owners) access to a vehicle's functions and state information while maintaining security against unauthorized parties and components."

This passage clearly highlights:

• The inadequacy of existing vehicle networks for non-safety communications due to bandwidth and speed limitations.
• The need to enhance vehicle safety and data security by leveraging various communication systems.
• The requirement to provide remote authorized access while maintaining security against unauthorized parties and components.

A POSITA, motivated by these articulated needs, would seek to integrate known networking and security solutions into the automotive environment.

Obviousness Argument for Independent Claims 1, 9, and 17

The independent claims describe a vehicle system, method, and computer-readable medium for network security, specifically focusing on isolating computational components in a vehicular wireless network during a security breach.

Combination of Prior Art Elements:

1. Vehicle with Diverse Communication Networks and Computational Components: A POSITA would be aware that modern vehicles (as described in the patent background) already contain numerous ECUs, sensors, processing modules, and communicate over various wired and wireless networks (CAN, LIN, Ethernet, Wi-Fi, Bluetooth).

2. General Network Security Principles and Devices: A POSITA in 2011 would understand fundamental network security concepts such as firewalls, intrusion detection/prevention, and the importance of segmenting networks to contain breaches. The patent explicitly states that security is provided by a "gateway/firewall 1512 applying known security algorithms", and lists numerous "known security algorithms" like WEP, WPA, MAC filtering, SSID hiding, and various encryption methods.

3. Network Controllers and Monitoring: The concept of a network controller or a central processing unit overseeing network operations and receiving alerts from security devices (gateways, firewalls, honeypots, probes) was well-established in general networking.

Motivation and Obviousness:

Given the identified "needs in the art" for enhanced data security in vehicles and the leveraging of diverse communication systems, a POSITA would find it obvious to combine these known elements to create the claimed invention:

• Integration of a Network Controller for Security: Faced with the challenge of securing complex vehicular networks, a POSITA would naturally propose a "microprocessor executable network controller" to manage security functions. This controller would draw upon known security devices (like gateways and firewalls) and receive "warning signals" from them, which is a standard practice in network management and security.
• Applying Known Isolation Techniques to a Vehicular Context: The concept of isolating compromised systems from healthy ones to prevent wider damage is a fundamental principle of cybersecurity. The specific "critical communication security mechanisms" listed in the claims (e.g., encryption, MAC filtering, SSID hiding, WEP, WPA protocols) were all well-known methods for securing wireless networks and controlling access by the priority date. A POSITA, motivated to "maintain security against unauthorized parties and components" in vehicles, would find it obvious to apply these standard isolation techniques within a vehicular wireless network, regardless of whether the components were physically on-board or external but connected wirelessly.
• Analyzing Security Breaches with Known Methods: The claims also include analyzing security breach events by "reviewing historical behavior and comparing the behavior to templates characteristic of differing types of attacks and/or applying rules to the historical behavior." These analytical techniques are standard in intrusion detection and security information management systems and would be an obvious inclusion for a network controller designed to enhance security.

Therefore, the combination of a vehicle incorporating diverse wired and wireless communication systems and computational components with a network controller that implements known network security principles (detection, analysis, and isolation using standard security protocols and mechanisms) would have been obvious to a POSITA seeking to address the clearly articulated "needs in the art" for improved vehicle data security and management.

This obviousness applies to:

• Independent Claim 1 (System Claim): The vehicle system incorporating a network controller to perform isolation using known security mechanisms would be an obvious design choice.
• Independent Claim 9 (Method Claim): The method steps of receiving warning signals, analyzing breaches, and performing isolation using known security mechanisms are logical and obvious operational procedures for enhancing vehicular network security.
• Independent Claim 17 (Computer-Readable Medium Claim): If the system and method are obvious, then storing the instructions for performing that obvious method on a non-transient, tangible computer-readable medium (a common practice in software development and embedded systems) would also be obvious.