Office Action Predictor
Last updated: April 15, 2026
Application No. 18/273,338

Electronic Control Device, On-Vehicle Control System, and Redundant Function Control Method

Final Rejection §103
Filed
Jul 20, 2023
Examiner
VELEZ-LOPEZ, MARIO M
Art Unit
2118
Tech Center
2100 — Computer Architecture & Software
Assignee
Hitachi Astemo, LTD.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
2y 11m
To Grant
80%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allow Rate
311 granted / 417 resolved
+19.6% vs TC avg
Minimal +5% lift
Without
With
+5.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
20 currently pending
Career history
437
Total Applications
across all art units

Statute-Specific Performance

§101
11.6%
-28.4% vs TC avg
§103
60.1%
+20.1% vs TC avg
§102
10.9%
-29.1% vs TC avg
§112
7.9%
-32.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 417 resolved cases

Office Action

§103
DETAILED ACTION The present office action is responsive to the applicant’s filling an amendment on 12/02/2025. The application has claims 1, 4-9 present. Claims 3 has been canceled and claims 1, 4, 5, 8 and 9 have been amended. All the claims present have been examined. Previous rejections have been withdrawn as necessitated by the claim amendments. This action is made Final. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner Notes Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner. The entire reference is considered to provide disclosure relating to the claimed invention. The claims & only the claims form the metes & bounds of the invention. Office personnel are to give the claims their broadest reasonable interpretation in light of the supporting disclosure. Unclaimed limitations appearing in the specification are not read into the claim. Prior art was referenced using terminology familiar to one of ordinary skill in the art. Such an approach is broad in concept and can be either explicit or implicit in meaning. Examiner's Notes are provided with the cited references to assist the applicant to better understand how the examiner interprets the applied prior art. Such comments are entirely consistent with the intent & spirit of compact prosecution. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 4, 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over SENDA SHUICHIRO et al (WO2020246031A1) as provided by the IDS, in view of Kim (US 20180307841) and in view of Durham et al. (US 20060005245), in view of Mitomo et al. (US 20050091513 A1). In regards to claims (1, 8 and 9) Senda teaches an electronic control device mounted on an on-vehicle control system that performs travel control of an automobile and communicatively connected to a plurality of control devices including a first control device and a second control device (see para 16-18: teaches controlling devices 110 and 120 and a switching mechanism), the electronic control device comprising: an attack determination unit that determines presence or absence of a security attack in each control device of the plurality of control devices (see para 21-22: determining an attack on the controllers); a redundant system execution determination unit that determines, based on a result of determination by the attack determination unit, whether to cause the second control device to alternatively execute a redundant function similar to the function performed by the first control device or a part of the function (see para 21-24: teaches based on determination switching states which for which the unaffected control unit operates). Senda doesn’t specifically teach and a function monitoring unit that monitors an operation of each of the control devices and determines whether substitution of the function by each of the control devices is necessary, wherein when the function monitoring unit determines that substitution of the function by the first control device is necessary, the redundant system execution determination unit is configured to: in a case where the attack determination unit determines that there is no security attack in the first control device, cause the second control device to execute the redundant function corresponding to the function. Kim teaches a function monitoring unit that monitors an operation of each of the control devices and determines whether substitution of the function by each of the control devices is necessary, wherein when the function monitoring unit determines that substitution of the function by the first control device is necessary, the redundant system execution determination unit is configured to: in a case where the attack determination unit determines that there is no security attack in the first control device, cause the second control device to execute the redundant function corresponding to the function (see abstract and at least para 7-9, 21-24: teaches detecting security attacks and a redundant secondary control which mirrors the processes of a first control system. Provides security aware techniques with conditional substitutions). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use these teachings of Kim and combine it with the teachings of Senda, since a person would have recognized the benefit for providing improved means for security awareness and redundant control (see abstract). Senda doesn’t specifically teach in a case where the attack determination unit determines that there is a security attack in the first control device, cause predetermined security processing to be performed on the first control device without substituting the second control device for the redundant function corresponding to the function. Durham teaches in a case where the attack determination unit determines that there is a security attack in the first control device, cause predetermined security processing to be performed on the first control device without substituting the second control device for the redundant function corresponding to the function (see abstract and at least para 13-14, 17-18, 52-54: teaches detecting an attack and isolating however remaining with function even during a remediation phase which works to fix the issue). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use these teachings of Durham and combine it with the teachings of Senda, since a person would have recognized the benefit for the system to continue working in a “safe mode” (remediation phase) while working to fix the issue without having to completely stop the controlling process. Senda doesn’t specifically teach an infringement estimation degree calculation unit that calculates an infringement estimation degree indicating a possibility that a security attack has occurred in each of the control devices. the infringement estimation degree calculation unit being configured to calculate and update the infringement estimation degree by using abnormality detection information received by the electronic control device and to hold the updated infringement estimation degree in an infringement estimation degree database, wherein the attack determination unit determines presence or absence of the security attack in each of the control devices based on the infringement estimation degree calculated by the infringement estimation degree calculation unit, the attack determination unit determining that a control device is attacked when the infringement estimation degree exceeds a predetermined threshold. Mitomo teaches an infringement estimation degree calculation unit that calculates an infringement estimation degree indicating a possibility that a security attack has occurred in each of the control devices. the infringement estimation degree calculation unit being configured to calculate and update the infringement estimation degree by using abnormality detection information received by the electronic control device and to hold the updated infringement estimation degree in an infringement estimation degree database, wherein the attack determination unit determines presence or absence of the security attack in each of the control devices based on the infringement estimation degree calculated by the infringement estimation degree calculation unit, the attack determination unit determining that a control device is attacked when the infringement estimation degree exceeds a predetermined threshold. (see at least FIG. 21 and para 25, 54, 58, 82, 85-86, 139-142, 163-168, 180, 188: “When the total weight after addition exceeds the report output threshold value of an unauthorized access scenario, the event series check unit 135 determines that an unauthorized access will happen with a high possibility, and notifies the detected scenario output unit 137 of this matter.” -e.g., see, [0188]; herein, when a threshold value is exceeded, it’s “a high possibility” that an unauthorized access (e.g., an attack) will happen. See also para 25, 54, 58, 82, [0085-86], [0139-142]: teaches database definition unauthorized access data. See also, Fig. 14, [0164]-[0168]; herein, event transitions are defined as initial, middle and final states; events are considered as transition conditions for state transitions and events can be compared with scenarios (e.g., comparison results) and can be determined the remaining steps based on the state of the event.; see also: “When the ongoing scenario reaches a middle stage of the unauthorized access scenario, on the other hand, it can be determined that there is a very strong possibility that an attack will finally happen.” -e.g., see, [0180]; herein, middle state to final state can be considered “a number of remaining steps”; see also, Fig. 21). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Senda with the teaching of Mitomo in order to enable timely and accurate responses to threats, enhancing the vehicle’s security and operational resilience. In regards to claim 4, Senda teaches detecting and discerning attacks on the controllers (see at least para 16, 21-24), however they don’t specifically teach further comprising: a data communication unit that receives abnormality detection information indicating a security abnormality detected by the first control device, wherein the infringement estimation degree calculation unit calculates the infringement estimation degree in the first control device based on the abnormality detection information received by the data communication unit. Mitomo teaches a data communication unit that receives abnormality detection information indicating a security abnormality detected by the first control device, wherein the infringement estimation degree calculation unit calculates the infringement estimation degree in the first control device based on the abnormality detection information received by the data communication unit. (see at least FIG. 21 and para 25, 54, 58, 82, 85-86, 139-142, 163-168, 180, 188: “When the total weight after addition exceeds the report output threshold value of an unauthorized access scenario, the event series check unit 135 determines that an unauthorized access will happen with a high possibility, and notifies the detected scenario output unit 137 of this matter.” -e.g., see, [0188]; herein, when a threshold value is exceeded, it’s “a high possibility” that an unauthorized access (e.g., an attack) will happen. See also para 25, 54, 58, 82, [0085-86], [0139-142]: teaches database definition unauthorized access data. See also, Fig. 14, [0164]-[0168]; herein, event transitions are defined as initial, middle and final states; events are considered as transition conditions for state transitions and events can be compared with scenarios (e.g., comparison results) and can be determined the remaining steps based on the state of the event.; see also: “When the ongoing scenario reaches a middle stage of the unauthorized access scenario, on the other hand, it can be determined that there is a very strong possibility that an attack will finally happen.” -e.g., see, [0180]; herein, middle state to final state can be considered “a number of remaining steps”; see also, Fig. 21). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Senda with the teaching of Mitomo in order to enable timely and accurate responses to threats, enhancing the vehicle’s security and operational resilience. Claim(s) 5 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Senda, Kim, Durham and Mitomo as applied to claims above, and further in view of Rave et al. (US 20190337526). In regards to claim 5, Senda teaches determination of attack and using ECU to function as backup when different attack have been determined (see para 21-24), but doesn’t specifically teach further comprising: attack path information indicating an attack path of a security attack assumed in the on-vehicle control system, wherein when the attack determination unit determines that there is a security attack in the first control device, the redundant system execution determination unit is configured to: specify the attack path that which is likely to be affected by the security attack based on the attack path information, and determine whether the second control device exists on the specified attack path; and cause the second control device to execute the redundant function when the second control device does not exist on the attack path, and does not cause the second control device to alternatively execute the redundant function when the second control device exists on the attack path. Rave teaches attack path information indicating an attack path of a security attack assumed in the on-vehicle control system, wherein when the attack determination unit determines that there is a security attack in the first control device, the redundant system execution determination unit is configured to: specify the attack path that which is likely to be affected by the security attack based on the attack path information, and determine whether the second control device exists on the specified attack path; and cause the second control device to execute the redundant function when the second control device does not exist on the attack path, and does not cause the second control device to alternatively execute the redundant function when the second control device exists on the attack path (see FIG. 1-2 and at least para 36-39, 60-65, 79: teaches when a security attack is determined causing a secondary EUC which is separate and not connected to external communications, to take control, execute redundant functions in place of the first ECU). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use these teachings of Rave and combine it with the teachings of Senda, since a person would have recognized the benefit for enhancing the system by implementing a security measure which makes sure the backup controller will not be compromised when used and providing redundant functions based on attack and thus improving security against attacks. In regards to claim 7, Senda doesn’t specifically mention wherein the second control device that alternatively executes the redundant function can include an own electronic control device. Rave teaches wherein the second control device that alternatively executes the redundant function can include an own electronic control device. (see FIG. 1-2 and at least para 36-39, 60-65, 79: teaches a secondary EUC which is separate, to take control, execute redundant functions in place of the first ECU). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use these teachings of Rave and combine it with the teachings of Senda, since a person would have recognized the benefit for enhancing the system by implementing a security measure which makes sure the backup controller will not be compromised when used and providing redundant functions based on attack. Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Senda, Kim, Durham and Mitomo as applied to claims above, and further in view of Ishigooka et al. (20180257662). In regards to claim 6, Senda teaches determination of attack and using ECU to function as backup when different attack have been determined (see para 21-24), but doesn’t specifically teach wherein a candidate of the second control device that can alternatively execute the corresponding redundant function is predefined for each function by the first control device, the electronic control device further comprises a rearrangement management unit that manages which of the defined candidates the redundant function is alternatively executed when the redundant system execution determination unit determines to cause the second control device to alternatively execute the redundant function corresponding to the function by the first control device. Ishigooka teaches wherein a candidate of the second control device that can alternatively execute the corresponding redundant function is predefined for each function by the first control device, the electronic control device further comprises a rearrangement management unit that manages which of the defined candidates the redundant function is alternatively executed when the redundant system execution determination unit determines to cause the second control device to alternatively execute the redundant function corresponding to the function by the first control device (see at least para 150-156: teaches causing a controlling device to execute redundant function in substitution of another and having candidate control device which are capable of executing a redundant function in place of another). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use these teachings of Ishigooka and combine it with the teachings of Senda, since a person would have recognized the benefit for enhancing the system by implementing a security measure which makes sure there are other controlling devices that can execute a redundant function when needed as backup controller and making sure to provide redundant functions based on attack with alternative controllers and thus improving continued operation. Response to Arguments Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARIO M VELEZ-LOPEZ whose telephone number is (571)270-7971. The examiner can normally be reached on M-F 10:30am-5:30pm ET. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Scott Baderman, can be reached at telephone number 571-272-3644. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /MARIO M VELEZ-LOPEZ/ Examiner, Art Unit 2118 /SCOTT T BADERMAN/Supervisory Patent Examiner, Art Unit 2118
Read full office action

Prosecution Timeline

Jul 20, 2023
Application Filed
Feb 20, 2025
Response after Non-Final Action
Sep 06, 2025
Non-Final Rejection — §103
Dec 02, 2025
Response Filed
Jan 08, 2026
Final Rejection — §103
Apr 14, 2026
Notice of Allowance
Apr 14, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12585242
SUPPORT STRUCTURES TECHNIQUES FOR ADDITIVE FABRICATION AND RELATED SYSTEMS AND METHODS
2y 5m to grant Granted Mar 24, 2026
Patent 12584668
AIR CONDITIONING SYSTEM, REFRIGERANT STATE DETECTION METHOD AND COMPUTER-READABLE STORAGE MEDIUM
2y 5m to grant Granted Mar 24, 2026
Patent 12585864
ANNOTATING DOCUMENTS ON A MOBILE DEVICE
2y 5m to grant Granted Mar 24, 2026
Patent 12576507
APPARATUS AND METHOD FOR PRINTING A CONTOURED SURFACE
2y 5m to grant Granted Mar 17, 2026
Patent 12566660
GUARDBANDS IN SUBSTRATE PROCESSING SYSTEMS
2y 5m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
80%
With Interview (+5.0%)
2y 11m
Median Time to Grant
Moderate
PTA Risk
Based on 417 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month