METHOD FOR MONITORING A COMPONENT OF AN EFFECT CHAIN

3Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action 1. This action is responsive to communication filed on: 17 December 2025 with acknowledgement of an original application filed on 1 September 2022 and that this application is a continuation of a German application filed 3 September 2021. 2. Claims 1-15 are currently pending. Claims 1, 14, and 15, are independent claims. Response to Arguments 3. Applicant's argument filed 17 December 2025 has been fully considered however it is not persuasive. I) In response to Applicant’s argument beginning on page 6, “The claims recite the feature of the certificate enclave is configured to determine whether the data was received within a predetermined time interval following output of the certificate, the check result indicating whether the data was received within the predetermined time interval. In contrast, Stein et al. discloses checking whether a certificate remains valid for a predetermined duration where expiration of the certificate enclave triggers reissuance. This is different from the present claims in which the certificate enclave determines whether data from a component is received within a predetermined time interval following output of the certificate, and produces a check result indicating whether that condition is met. That is, in Stein et al, the timing condition relates solely to certificate validity, not to timing of data reception following certificate issuance”. The Examiner disagrees with argument. The Examiner notes the previous rejection as cites the Abstract, paragraphs 25 and 161 of Stein. The Examiner notes paragraph 25 does state “Expiration of the identity certificate of the automotive devices after a certain time may force periodic re-issue of the identity certificate thus verifying that the identity certificate is updated with the latest security and/or operational performance characteristics of each automotive device”. Also, paragraph 161 of Stein states: “However, the identity certificate may be valid for a predefined time period such that upon expiration of the predefined time period the identity certificate may be rejected by the other automotive device(s) 202. The time stamp included in the identity certificate may be used by the other automotive device(s) 202 to enforce the validity of the identity certificate”. However, the Abstract states the following: “A computerized method of evaluating authenticity of automotive devices, comprising a local authorization entity (AE) adapted to manage identity authentication for a group of automotive devices located in an associated geographical area. The local AE provides, to a first automotive device of the group, an AE identity certificate comprising an encryption key of the local AE and signed with a higher level AE's encryption key. The first automotive device uses the higher level AE's encryption key to decrypt the AE identity certificate and retrieve the local AE's encryption key. The first automotive device uses the local AE's encryption key to verify an identity certificate created by the local AE for a second automotive device of the group. The first automotive device establishes a session with the second automotive device according to an identity posture score extracted from the identity certificate of the second automotive device”. The Examiner notes paragraphs 62 and 155 states the following: “[0062] … The identity security attributes may further include a time period since the most recent identity certificate was created for the automotive device by one of the AEs. A long time period since the most recent identity certificate creation may indicate the identity of the automotive device is not frequently verified and may lead to a lower identity posture score. In contrast, frequent identity certificate creation for the automotive device may be ranked with a significantly high identity posture score … [0155] In another example, assuming a certain identity security attribute describes the time period since the most recent creation of the identity certificate for the automotive device 202A by one of the AEs of the identity authorization system 100. Based on the time period, the AE 118(1) may calculate the identity posture score for the for the certain identity security attribute. The time period may indicate a frequency of evaluation of the identity posture of the automotive device 202A by the identity authorization system 100. Frequent evaluation may be indicative of a reliable, legitimate automotive device while infrequent evaluation may be indicative of a less reliable and potentially compromised automotive device. The identity posture score assigned by the AE 118(1) for the certain identity security attribute may therefore be proportional to the time period indicated by the certain identity security attribute. The shorter the time period is, the higher may be the identity posture score assigned for the certain identity security attribute and vice versa. For example, assuming the time period since the most recent identity certificate creation is significantly long, for example, 6 months, the AE 118(1) may assign a low identity posture score for the certain identity security attribute. In contrast, assuming the time period since the most recent verification of the automotive device 202B ID is short, for example, a day, the AE 118(1) may assign a high identity posture score for the certain identity security attribute.”. Stein teaches ‘the time period since the most recent identity certificate creation is measured and utilized to assign a posture score’. The Examiner interprets this equivalent to determine if the data was received in a predetermined time interval. Therefore, the Applicant’s argument is not persuasive. Claim Rejections – 35 USC § 103 4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claims 1-7, 9-11, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Goldberg U.S. Patent Application Publication 2019/0106117 (hereinafter ‘117) in view of Scarlata et al. U.S. Patent Application Publication No. 2017/0353319 (hereinafter ‘319) in further view of Stein et al. U.S. Patent Application Publication No. 2021/0044967 (hereinafter ‘967). As to independent claim 1, “A system for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, comprising: a computer platform, including: a processor; one or more memory blocks” is taught in ‘117 the Abstract and paragraph 5, note the system and method is directed to monitoring the status a vehicle as well as monitoring components (i.e. vehicle controller) to determine if a failure mode exists; the following is not explicitly taught in ‘117: “one or more processing enclaves, wherein: the computer platform is configured to receive data from the component” however ‘319 teaches a computing environment including an attestation system that can be utilized in various host devices (i.e. motor vehicles) with one or more secure enclaves in paragraphs 15 and 22; “the one or more enclaves includes a certificate enclave configured to create a certificate for the component” however ‘319 teaches enclaves for providing keys, quotes, certificates in paragraphs 25-26; “the certificate is sent to the component, the certificate enclave configured to check the data based on the certificate, to output a check result” however ‘319 teaches verifying certificates by a secure enclave and providing the quote to a backend service in paragraphs 26-27; “and a trigger device configured to trigger a security action based on the check result” however ‘319 teaches providing the quote to a backend service which can provide a level of service (i.e. deny / which is interpreted equivalent to ‘a security action’) in paragraph 27; It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117 to include a means to utilize enclaves and certificates to check a component. One of ordinary skill in the art would have been motivated to perform such a modification to establish secure communication and trust between components and of a system see ‘319 paragraph 3.the following is not explicitly taught in ‘117 and ‘’319: “wherein the certificate enclave is configured to determine whether the data was received within a predetermined time interval following output of the certificate, the check result indicating whether the data was received within the predetermined time interval” however ‘967 teaches a computerized method of evaluating authenticity of automotive devices (i.e. components) that evaluates certificates to determine if the device (i.e. component) is configured with a certificate that is received during a valid period of time before receiving data from the automotive device (component) in the Abstract, paragraphs 25, 51, 155, and 161. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117 and ‘317 to include a means to only utilize data within a predetermined output of the certificate. One of ordinary skill in the art would have been motivated to perform such a modification because it is important for automotive devices during communication session such as autonomous driving systems to evaluate the identity posture (time or certificate receipt) of other automotive devices to prevent the use of data from a malicious device or compromised automotive device see ‘967 paragraphs 166-167. As to dependent claim 2, “The system as recited in claim 1, wherein the one or more enclaves include a processing unit enclave, which is configured to implement a processing unit” is taught in ‘319 paragraph 22. As to dependent claim 3, “The system as recited in claim 2, wherein the processing unit is configured to provide a lockstep function” is shown in ‘117 paragraphs 21-22. As to dependent claim 4, “The system as recited in claim 1, wherein the one or more enclaves include a time trigger enclave, which is configured to provide a time trigger function” is disclosed in ‘117 paragraph 22. As to dependent claim 5, “The system as recited in claim 1, wherein the one or more enclaves include a watchdog enclave, which configured to provide a watchdog function” is taught in ‘117 paragraphs 22 and 31. As to dependent claim 6, “The system as recited in claim 1, wherein the one or more enclaves include an authentication management enclave, which is configured to provide an authentication management function” is shown in ‘319 the Abstract and paragraph 15. As to dependent claim 7, “The system as recited in claim 6, wherein the authentication management enclave is configured to provide a key management function” is disclosed in ‘319 paragraph 28. As to dependent claim 9, “The system as recited in claim 1, wherein the one or more enclaves include a test generator enclave, which is configured to provide a test generator function for testing the component, for testing the component during runtime” is taught in ‘117 paragraph 39. As to dependent claim 10, “The system as recited in claim 1, wherein the one or more enclaves include a memory enclave, which is set up to provide a memory function for storing cryptographic data” is shown in ‘319 paragraph 66. As to dependent claim 11, “The system as recited in claim 1, wherein the computer platform is an ASIC” is disclosed in ‘117 paragraph 46. As to independent claim 14, “A method for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, using a system including a computer platform, the computer platform including: a processor, one or more memory blocks” is taught in ‘117 the Abstract and paragraph 5, note the system and method is directed to monitoring the status a vehicle as well as monitoring components (i.e. vehicle controller) to determine if a failure mode exists; the following is not explicitly taught in ‘117: “an input configured to receive output data output from the component” however ‘319 teaches a computing environment including an attestation system that can be utilized in various host devices (i.e. motor vehicles) with one or more secure enclaves in paragraphs 15 and 22; “computer-executable instructions executable by the processor to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave configured to create a certificate for the component of the effect chain” however ‘319 teaches enclaves for providing keys, quotes, certificates in paragraphs 25-26; “an output configured to output the certificate to the component, the certificate enclave being configured to check the output data received following the output of the certificate, based on the certificate, to output a check result” however ‘319 teaches verifying certificates by a secure enclave and providing the quote to a backend service in paragraphs 26-27; “and a trigger device configured to trigger a security action based on the check result” however ‘319 teaches providing the quote to a backend service which can provide a level of service (i.e. deny / which is interpreted equivalent to ‘a security action’) in paragraph 27; “the method comprising the following steps: creating a certificate for the component of the effect chain using the certificate enclave; outputting the certificate to the component using the output” however ‘319 teaches enclaves for providing keys, quotes, certificates in paragraphs 25-26; “receiving output data output by the component by way of the input; checking the output data received following output of the certificate, based on the certificate, using the certificate enclave, to output a check result” however ‘319 teaches verifying certificates by a secure enclave and providing the quote to a backend service in paragraphs 26-27; “and triggering a security action based on the check result, using the trigger device” however ‘319 teaches providing the quote to a backend service which can provide a level of service (i.e. deny / which is interpreted equivalent to ‘a security action’) in paragraph 27; It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117 to include a means to utilize enclaves and certificates to check a component. One of ordinary skill in the art would have been motivated to perform such a modification to establish secure communication and trust between components and of a system see ‘319 paragraph 3.the following is not explicitly taught in ‘117 and ‘’319: “wherein the certificate enclave is configured to determine whether the data was received within a predetermined time interval following output of the certificate, the check result indicating whether the data was received within the predetermined time interval” however ‘967 teaches a computerized method of evaluating authenticity of automotive devices (i.e. components) that evaluates certificates to determine if the device (i.e. component) is configured with a certificate that is received during a valid period of time before receiving data from the automotive device (component) in the Abstract, paragraphs 20, 61, 155, and 161. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117 and ‘317 to include a means to only utilize data within a predetermined output of the certificate. One of ordinary skill in the art would have been motivated to perform such a modification because it is important for automotive devices during communication session such as autonomous driving systems to evaluate the identity posture (time or certificate receipt) of other automotive devices to prevent the use of data from a malicious device or compromised automotive device see ‘967 paragraphs 166-167. As to independent claim 15, this claim is directed to a non-transitory machine-readable storage medium executing the method of claim 14; therefore, it is rejected along similar rationale. 6. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Goldberg U.S. Patent Application Publication 2019/0106117 (hereinafter ‘117) in view of Scarlata et al. U.S. Patent Application Publication No. 2017/0353319 (hereinafter ‘319) in further view of Stein et al. U.S. Patent Application Publication No. 2021/0044967 (hereinafter ‘967) in further view of Kim et al. U.S. Patent Application Publication No. 2017/0134176 (hereinafter ‘176). As to dependent claim 8, the following is not explicitly taught in ‘117, ‘967, and ‘319: “The system as recited in claim 7, wherein the key management function is configured to provide a PUF for key management” however ‘176 teaches utilizes a PUF for key management in paragraph 55. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117, ‘967, and ‘319 to utilize enclaves a PUF. One of ordinary skill in the art would have been motivated to perform such a modification to generate an identifier of a device for security and/or authentication see ‘176 paragraphs 2-5. 7. Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Goldberg U.S. Patent Application Publication 2019/0106117 (hereinafter ‘117) in view of Scarlata et al. U.S. Patent Application Publication No. 2017/0353319 (hereinafter ‘319) in further view of Stein et al. U.S. Patent Application Publication No. 2021/0044967 (hereinafter ‘967) in further view of Sorensen et al. U.S. Patent Application Publication No. 2021/0288822 (hereinafter ‘822). As to dependent claim 12, the following is not explicitly taught in ‘117, ‘967, and ‘319: “The system as recited in claim 1, wherein the input is configured to receive configuration data for configuring the computer platform, the processor being set up to configure the computer platform based on the configuration data, during runtime” however ‘822 teaches sending configuration data during runtime in paragraph 59 and 151. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a vehicle controller safety monitor that utilizes communication between components and networks taught in ‘117, ‘967, and ‘319 to send configuration data (i.e. signed configuration data) during runtime. One of ordinary skill in the art would have been motivated to perform such a modification because vehicle security information should utilize cryptographic signing techniques for processes interacting with a vehicle see ‘822 paragraph 2 As to dependent claim 13, “The system as recited in claim 12, wherein the processor is set up to configure the computer platform based on the configuration data only if the configuration data are signed with a valid signature” is taught in ‘822 paragraph 113. Conclusion THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 8. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842. The examiner can normally be reached Monday-Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ELLEN TRAN/Primary Examiner, Art Unit 2433 10 February 2026