DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1, 4-31 are currently pending in this application.
Claims 1, 4-5, and 20 are amended as filed on 11/26/2025.
Claims 2-3 are canceled as filed on 11/26/2025.
Claim 31 is new as filed on 11/26/2025.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 and 4-30 are rejected under 35 U.S.C. 103 as being unpatentable over James et al. (Pre-Grant Publication No. US 2018/0293809 A1), hereinafter James, in view of Titonis et al. (Pre-Grant Publication No. US 2013/0097706 A1), hereinafter Titonis, and in further view of Qiao et al. (Pre-Grant Publication No. US 2020/0274851 A1), hereinafter Qiao.
2. With respect to claim 1, James taught a system, comprising: a vehicle (0001) comprising a plurality of network zones (0059, where the different vehicle systems are the different network zones under broadest reasonable interpretation), each network zone comprising a plurality of end points (0050 & 0053, where the different sensors are different end points); and a controller, comprising: a log monitoring component configured to interpret log data associated with at least one of the plurality of end points (0024, where the event data is received via vehicle logs in accordance with 0012); a log analysis component configured to detect a risk event in response to the log data (0022, where the systems’ combined data can be seen in 0061 & 0038 and where the detected risk event can be seen by the triggered events under broadest reasonable interpretation as the triggers could be interpreted as risks for the systems).
However, while it could be argued that the log data of James was a log corpus and that the triggered events could be interpreted as risk event data, for a more explicit showing, it is contented that James did not explicitly state that the log data was a log corpus and a risk response component configured to perform a risk response operation in response to the detected risk event. On the other hand, Titonis did teach that the log data was a log corpus (claim 19) and a risk response component configured to perform a risk response operation in response to the detected risk event (0207, where the response can be seen in, at least, 0179 & 0309). Both of the systems of James and Titonis are directed towards reacting to monitored log data and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of James, to specifically utilize a log corpus and risk response, as taught by Titonis, to utilize regularly used log monitoring techniques that were contemporary to the time of the invention.
However, James did not explicitly state that the network zones comprised a first network zone and a second network zones, wherein the first network zone and the second network zone have distinct network types comprising at least two members selected from the group consisting of: an ethernet network, controller area network, and a local interconnect network; wherein the log analysis including interpretation of the data wherein the data is associated with a plurality of end points including a first end point on the first network zone and a second endpoint on the second network zone. On the other hand, Qiao did teach that the network zones comprised a first network zone and a second network zones, wherein the first network zone and the second network zone have distinct network types (0019) comprising at least two members selected from the group consisting of: an ethernet network, controller area network, and a local interconnect network (0029); wherein the log analysis including interpretation of the data wherein the data is associated with a plurality of end points including a first end point on the first network zone and a second endpoint on the second network zone (0025-0026, where the collection of security data is the data and 0022, where the sensors are the end points). Both of the systems of James and Qiao are directed towards reacting to monitored log data and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of James, to specifically utilize a different network zone types, as taught by Qiao, to utilize standard automotive network techniques that were contemporary to the time of the invention.
5. As for claim 4, it is rejected on the same basis as claim 1. In addition, James taught wherein the log corpus comprises a first log data associated with the first end point, and a second log data associated with the second end point (fig 1, where each of the systems present log data in accordance with 0012).
6. As for claim 5, it is rejected on the same basis as claim 1. In addition, James taught wherein the log corpus comprises a combined log data for both the first end point and the second end point (0061).
7. As for claim 6, it is rejected on the same basis as claim 1. In addition, James taught wherein the log corpus comprises a combined log data for a plurality of the plurality of end points (0061).
8. As for claim 7, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by implementing a log analysis user interface in response to the detected risk event (0153).
9. As for claim 8, it is rejected on the same basis as claim 7. In addition, Titonis taught wherein the risk response component is further configured to perform at least one of: providing a visualization on the log analysis user interface in response to the detected risk event; providing a notification on the log analysis user interface in response to the detected risk event; providing a risk analysis interface on the log analysis user interface in response to the detected risk event; or providing a suggested action executable object on the log analysis user interface in response to the detected risk event (0153, where this at least, teaches the presentation limitation).
10. As for claim 9, it is rejected on the same basis as claim 7. In addition, Titonis taught wherein the risk response component is further configured to perform at least one of: providing a risk severity description on the log analysis user interface in response to the detected risk event; providing a risk type description on the log analysis user interface in response to the detected risk event; or providing a risk confidence description on the log analysis user interface in response to the detected risk event (0153, where this, at least teaches the risk type limitation).
11. As for claim 10, it is rejected on the same basis as claim 7. In addition, Titonis taught wherein the risk response component is further configured to perform at least one of: providing a risk severity visualization on the log analysis user interface in response to the detected risk event; providing a risk type visualization on the log analysis user interface in response to the detected risk event; or providing a risk confidence visualization on the log analysis user interface in response to the detected risk event (0153, where this, at least teaches the risk type limitation).
12. As for claim 11, it is rejected on the same basis as claim 7. In addition, Titonis taught wherein the risk response component is further configured to perform at least one of: providing a risk scope description on the log analysis user interface in response to the detected risk event; or providing a risk impact description on the log analysis user interface in response to the detected risk event (fig 8D, where this at least teaches the risk scope limitation).
13. As for claim 12, it is rejected on the same basis as claim 7. In addition, Titonis taught wherein the risk response component is further configured to perform at least one of: providing a risk scope visualization on the log analysis user interface in response to the detected risk event; or providing a risk impact visualization on the log analysis user interface in response to the detected risk event (fig 8D, where this at least teaches the risk scope limitation).
14. As for claim 13, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the log corpus is stored on a cloud server at least selectively communicatively coupled to the vehicle (0109).
15. As for claim 14, it is rejected on the same basis as claim 1. In addition, James taught wherein the log corpus is stored, at least in part, on a memory positioned on an end point of the vehicle (0036).
16. As for claim 15, it is rejected on the same basis as claim 1. In addition, James taught wherein the log corpus comprises at least one parameter selected from: a network monitoring parameter; a network communication; a fault code; a fault processing value; a flow monitoring parameter; a flow processing parameter; an electronic control unit status value; an event detection value; an operating condition value; a data string value; or metadata associated with any one or more of the foregoing (0019, where this, at least, teaches the detected event limitation).
17. As for claim 16, it is rejected on the same basis as claim 1. In addition, James taught wherein the risk event comprises at least one of a security event, a hazard event, a service event, or a mission event (0019, where the degree of braking, at least, teaches the hazard event limitation).
18. As for claim 17, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by providing a notification to an external device (0144).
19. As for claim 18, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by providing an alert to an external device (0144).
20. As for claim 19, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the risk response component is further configured to perform the risk response operation by determining a communication policy update in response to the detected risk event, and communicating the communication policy update to at least one of: a log analysis user interface; an external device; or the vehicle (0024).
21. As for claim 20, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by determining an automated intrusion response in response to the detected risk event, and communicating the automated intrusion response to a log analysis user interface (0017).
22. As for claim 21, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the log analysis component is further configured to detect the risk event in response to detecting a signal value in the log corpus (0017, where the alert teaches a signal value under broadest reasonable interpretation).
23. As for claim 22, it is rejected on the same basis as claim 22. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by: implementing a log analysis user interface in response to the detected risk event; and update the signal value in response to user interactions with the log analysis user interface; and wherein the log analysis component is further configured to utilize the updated signal value to detect subsequent risk events (0432, where the reconfiguring teaches updating the values and thresholds under BRI).
24. As for claim 23, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the log analysis component is further configured to detect the risk event in response to detecting a pattern value in the log corpus (0097).
25. As for claim 24, it is rejected on the same basis as claim 23. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by: implementing a log analysis user interface in response to the detected risk event; and update the pattern value in response to user interactions with the log analysis user interface; and wherein the log analysis component is further configured to utilize the updated pattern value to detect subsequent risk events (0097 & 0432).
26. As for claim 25, it is rejected on the same basis as claim 1. In addition, James taught wherein the log analysis component is further configured to detect the risk event in response to detecting an operational event value in the log corpus (0029, the observation points. See also, the triggered events of 0019).
27. As for claim 26, it is rejected on the same basis as claim 25. In addition, James taught wherein the risk response component is further configured to perform the risk response operation by: implementing a log analysis user interface in response to the detected risk event; and update the operational event value in response to user interactions with the log analysis user interface; and wherein the log analysis component is further configured to utilize the updated operational event value to detect subsequent risk events (0029, the observation points. See also, the triggered events of 0019).
28. As for claim 27, it is rejected on the same basis as claim 25. In addition, James taught wherein the operation event value comprises at least one value selected from: a vehicle operating condition; a flow operating condition; an electronic control unit operating condition; or a network operating condition (0019, where this, at least, the vehicles operating condition limitation).
29. As for claim 28, it is rejected on the same basis as claim 1. In addition, Titonis taught wherein the log analysis component is further configured to detect the risk event in response to detecting a message value in the log corpus (0106-0107, the requests).
30. As for claim 29, it is rejected on the same basis as claim 28. In addition, Titonis taught wherein the risk response component is further configured to perform the risk response operation by: implementing a log analysis user interface in response to the detected risk event; and update the message value in response to user interactions with the log analysis user interface; and wherein the log analysis component is further configured to utilize the updated message value to detect subsequent risk events (0432, the reconfiguring).
31. As for claim 30, it is rejected on the same basis as claim 28. In addition, Titonis taught wherein the message value comprises at least one value selected from: a message source value; a message content value; a message frequency value; or a message occurrence value (0101, where this, at least, teaches the source limitation).
32. As for claim 31, it is rejected on the same basis as claim 1. In addition, Qiao taught wherein the risk response component is further configured to perform the risk response operation by determining an automated intrusion response in response to the detected risk event, and communicating the automated intrusion response to a second vehicle distinct from the vehicle (0046).
Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
(a) Yousif et al. (Patent No. US 11,477,704 B2), claim 1.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH L GREENE whose telephone number is (571)270-3730. The examiner can normally be reached Monday - Thursday, 10:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R. Taylor can be reached at 571 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH L GREENE/Primary Examiner, Art Unit 2443