CONTROL APPARATUS CONTROLLING A TARGET BY DETERMINING ABNORMALITY OF CONTROL PROCESSING

§103 §112

DETAILED ACTION This is a response to applicant’s submissions filed on 9/17/2025. Claims 10, 13, 15-17, 19-20, 23-24 and 27-30 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed on 9/17/2025 have been fully considered but they are not persuasive. It is noted that applicant’s amendments to the claims, as best understood, have overcome the previous rejections under 35 U.S.C. § 101. It is noted that applicant’s amendments to the claims have overcome the previous rejections under 35 U.S.C. § 102. In response to applicant’s argument that paragraph 56 discloses the degree of priority for each monitoring type is determined at step S702 (applicant’s remarks; p. 18), the examiner respectfully disagrees. Paragraph 56 discloses, at step S702, the priority of a monitoring method is determined. Paragraph 66 further discloses that figure 8 is the processing flow of step S702. Neither step S702 nor figure 8 appear to disclose determining the degree of priority for each monitoring type in accordance with paragraph 67. The priority for each monitoring type does not appear to be determined until the system executes steps S703, S705 and S707. See objection below. In response to applicant’s argument that the security protocol of Filipek is different from the “monitoring method and priority of the process monitoring circuitry, the communications monitoring circuitry, and the memory monitoring circuitry” (applicant’s remarks; p. 22), it is noted that Filipek is not relied upon for determining the monitoring method and priority of the process monitoring circuitry, the communications monitoring circuitry, and the memory monitoring circuitry. Rather, it is the processing system of Colombo that sets error trigger enable bits to determine when the system will respond to combinations of error signals produced by the process, communications, and memory monitoring circuits, and prioritizes them into safety critical and minor errors. See rejection below. Specification The title of the invention submitted on 9/17/2025 is acceptable. Amendments to the specification were received on 9/17/2025. The disclosure is objected to because of the following informalities: In paragraph 15, lines 1-3, “which communications data with a control object or target” should read “which communicates data with a control object or target”. This appears to be a typographical error. In paragraph 27, line 4, “may be added to” should read “may be added In paragraph 41, lines 5-6, “state during communicating with” should read “state of communicating”. This appears to be a typographical error. In paragraph 41, line 11, “relatively to a process work-load” should read “relative to a process work-load”. This appears to be a typographical error. Paragraph 67, lines 1-3, disclose the monitoring management unit determines, at step S801, the degree of priority for each monitoring type and determines a monitoring method. However, figure 8, step S801, discloses only determining a combination of monitoring methods. It appears that the priority of monitoring methods is not established until steps S703, S705 and S707 are executed in figure 7. It is unclear when the degree of priority for each monitoring type is determined because the specification does not appear to match the drawings. Appropriate correction is required. Claim Objections Claims 10, 19 and 30 are objected to because of the following informalities: In claims 10 and 30, line 3, “executing control processing to the control target” should “executing control processing of the control target”. This appears to be a typographical error. In claims 10 and 30, lines 33-34 and 36-37, respectively, “preforms an abnormality response processing” should read “performs an abnormality response process”. This appears to be a typographical error. Claims 10 and 30 should both be limited to a single colon, because using multiple colons in a single sentences is grammatically incorrect, which makes it confusing to determine the relationships between limitation. Claim 19, lines 3-4, contain amendments that are in improper form. The claim was previously limited to assigning priority to the process monitoring circuitry when the motor vehicle is running. The text of any added subject matter must be shown by underlining the added text. The text of any deleted matter must be shown by strike-through except that double brackets placed before and after the deleted characters may be used to show deletion of five or fewer consecutive characters. The text of any deleted subject matter must be shown by being placed within double brackets if strike-through cannot be easily perceived. Claim 19, lines 12-13, contain amendments that are in improper form. The claim was previously limited to determining the monitoring method of the control processing in the process monitoring circuitry. The text of any added subject matter must be shown by underlining the added text. The text of any deleted matter must be shown by strike-through except that double brackets placed before and after the deleted characters may be used to show deletion of five or fewer consecutive characters. The text of any deleted subject matter must be shown by being placed within double brackets if strike-through cannot be easily perceived. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 10, 13, 15-17, 19-20, 23-24, and 27-30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding claims 10 and 30, lines 33-35 and 36-38, respectively, the limitation “[performs] an abnormality response processing including … functional degeneracy of the control apparatus” renders the claim indefinite because it is unclear how the control apparatus functions are degenerated. Paragraph 3 discloses that conventional systems degenerate functions by means of a fail-safe, therefore, for the purposes of examination, it will be assumed that the abnormality response processing may include activating a fail-safe system of the vehicle. Regarding claims 10 and 30, lines 26-27, the limitation “a process work-load state” renders the claims indefinite because it is unclear if it is the same state of a process work-load recited in line 21. For the purposes of examination, it will be assumed that each claim is directed to a single process work-load state. Regarding claims 13, line 3, the limitation “a process work-load state” renders the claim indefinite because it is unclear if it is the same state of a process work-load recited in claim 10, line 21. For the purposes of examination, it will be assumed that the claims are directed to the same process work-load state. Regarding claims 15-17, 19-20 and 23-24, lines 5-6, the limitation “the state of a process work-load” renders the claims indefinite because it is unclear if it is the same state of the process work-load recited in claims 10 and 30, line 21. For the purposes of examination, it will be assumed that the dependent claims are directed to the same process work-load state recited in their respective parent claims. Claims 13, 15-17, 19-20, 23-24 and 27-29 are rejected as being dependent on a rejected claim and for failing to cure the deficiencies listed above. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 10, 13, 15-17, 19, 23-24, 27 and 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Columbo in view of Filipek et al. (US 2021/0026958), hereinafter Filipek. Regarding claims 10, 13 and 30, as best understood, Colombo discloses a control apparatus which performs communications with a control target, the control apparatus, comprising: a controller (Colombo; fig. 3: processing system 10a) for executing control processing to the control target (Colombo; para. 4: in FIG. 1 are shown three processing systems 10.sub.1, 10.sub.2 and 10.sub.3 connected through a suitable communication system … Typically, the processing systems 10 are located at different positions of the vehicle and may include, e.g., an Engine Control Unit (ECU), a Transmission Control Unit (TCU), an Anti-lock Braking System (ABS), a body control modules (BCM), and/or a navigation and/or multimedia audio system); a communications circuitry for transmitting and receiving communications data with respect to the control target (Colombo; fig. 3: communication interface 106); a storage circuitry for storing a memory of a control value in the controller, and that of the control processing therein (Colombo; fig. 3: memory 104); a process monitoring circuitry for monitoring the control processing of the controller (Colombo; para. 41: a processing unit 102 configured to generate an error signal ERR2 in response to a hardware and/or software failure); a communications monitoring circuitry for monitoring communications data of the communications circuitry (Colombo; para. 41: a communication interface 106 configured to generate an error signal ERR3, corresponding to a hard error signal indicative of a hardware failure and/or a soft error signal indicative of a data transmission error); a memory monitoring circuitry for monitoring a memory of the storage circuitry (Colombo; para. 41: a memory 104 supporting an error detection and/or correction function, which generates an error signal ERR1 when the data read from the memory 104 contain errors and/or when data could not be written to the memory); and an abnormality determination circuitry for determining whether or not the control processing of the controller is abnormal, from a monitoring result of the process monitoring circuitry, that of the communications monitoring circuitry and that of the memory monitoring circuitry (Colombo; paras. 46-47: the various error signals ERR are provided to a fault collection circuit 108 … configured to generate an error trigger signal), wherein the control apparatus is a control apparatus of a motor vehicle control system for controlling running of a motor vehicle (Colombo; para. 4: the processing systems 10 are located at different positions of the vehicle and may include, e.g., an Engine Control Unit (ECU)), and the control apparatus further comprises: a monitoring management circuitry (Colombo; paras. 51-52: the fault collection circuit 108 includes also an error trigger generator circuit 1084. Specifically, the error trigger generator circuit 1084 is configured to generate the error trigger signal ET as a function of the content of the error bits EB of the register 1080 … the behavior of the error trigger generator circuit 1084 may also be programmable, e.g. by setting one or more configuration bits in the register 1080) for determining a degree of priority of the process monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), a degree of priority of the communications monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106 [para. 41 discloses the resource may be a communication interface], etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), and a degree of priority of the memory monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), wherein the monitoring management circuitry determines, in accordance with the degrees of priority of the process monitoring circuitry, communications monitoring circuitry, and the memory monitoring circuitry, whether to perform monitoring on only the communications monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106 [para. 41 discloses the resource may be a communication interface], etc.), monitoring on only the process monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), monitoring on only the memory monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.), or a combination of monitoring on the communications monitoring circuitry, the process monitoring circuitry and the memory monitoring circuitry (Colombo; paras. 111-113: the circuit 1094 may be configured to: select only a subset of the error signals ERR and/or combine a plurality of error signals ERR, thereby reducing the number of signals ERR′ provided to the routing circuit 1084; and/or mask given errors ERR, i.e. these errors are never signaled to the circuit); and the monitoring management circuitry determines a monitoring method of the communications data in the communications monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106 [para. 41 discloses the resource may be a communication interface], etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), a monitoring method of the control processing in the process monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), and a monitoring method of the memory of the control value in the memory monitoring circuitry and that of the control processing therein, which are determined to be monitored (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP), wherein when the abnormality is determined, the abnormality determination circuitry performs an abnormality response process including at least one of a changeover of a communications line, a changeover to a standby control apparatus, and functional degeneracy of the control apparatus (Colombo; para. 70: the fault collection circuit 108 generates again an error signal ET as a function of one or more internal error signal ERR (i.e. internal with respect to the processing system 10a) … the combined error signal ET is provided to a plurality of external devices, such as device 301, 302 and 303 … these devices 30 may be configured to perform different operations in response to different errors. For example, the device 301 may restart the processing system 10a in a down-grade/safety state, or may switch off the processing system 10a and switch to a redundant processing system 10a.). Colombo does not appear to explicitly disclose a state management circuitry for acquiring any one state among a control state of the controller, a control state of the motor vehicle control system, a neighboring environment state of the motor vehicle, location information of the motor vehicle, a communications state with respect to the motor vehicle, a state of a driver within the motor vehicle, a state of a process work-load in the controller and an attack state of the motor vehicle control system; and determining the degree of priority in accordance with the determined state. Filipek, in the same field of endeavor (vehicle cybersecurity), discloses a state management circuitry for acquiring any one state among a control state of the controller, a control state of the motor vehicle control system, a neighboring environment state of the motor vehicle, location information of the motor vehicle, a communications state with respect to the motor vehicle, a state of a driver within the motor vehicle, a state of a process work-load in the controller and an attack state of the motor vehicle control system (Filipek; para. 15: The system 100 may utilize various vehicle inputs 103 or electronic control unit (ECU) state inputs 103 utilized to update the security state. In one example, the system 100 may identify the state of the key (or fob)/ignition. For example, the system 100 may determine if the ignition is on/off, the battery is on/off, adaptive cruise control (ACC) is on/off. Another input may be the ECU resource utilization. Other inputs may include the geographic location of the car (e.g., global positioning system (GPS) location), vehicle speed, vehicle acceleration, wireless signal environment (SSIDs, Bluetooth, Nearfield Communication, etc.), proximity to other vehicles (e.g., radar or proximity data collected from various cameras, radar sensors, Lidar sensors, etc.), user-chosen vehicle mode, the number of passengers (e.g., passenger data based on seat-belt data or weight sensor data), specific drivers (occupant data identifiers based on phone pairing, key fob, etc.), synchronized activity schedule data (e.g., identify appointments, meetings, scheduled activities, etc.), time of data, autonomous driving mode (e.g., full autonomous driving, semi-autonomous driving (steering and speed, or some braking situations, etc.), etc. For example, the GPS location may be associated with a work location, home location, familiar location (e.g., family or friends house), etc. The security protocol may adjust based on the location of the vehicle.). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, with a reasonable expectation of success, to have modified the fault collection circuit of Colombo to monitor and prioritize errors based on vehicle state, as disclosed by Filipek, with the motivation of adapting the vehicle security posture to optimize resource utilization versus security (Filipek; para. 12). Regarding claims 15-17 and 19, as best understood, Colombo, as modified, discloses the monitoring management circuitry assigns the degree of priority of the communications monitoring circuitry higher than another monitoring circuitry, when the control apparatus is communicating according to the state management circuitry (Filipek; para. 44: the vehicle may adapt security protocols to allow for faster wireless communication and responsive performance due to the demand for video streaming or interactive gaming. The preconditions (e.g., inputs from vehicle sensor or other inputs) may include that the vehicle is traveling along the highway and in a security mode similar to those adapted from the fourth use case scenario's postconditions. The security posture of the fifth use case scenario may be that the wireless filtering is updated to prioritize video streaming as a “fast pass” rule. Furthermore, the infotainment unit may have host-based protections that are removed to allow for optimal performance, such as control flow integrity being disabled and runtime memory integrity checking being halted.); the monitoring management circuitry determines, in accordance with the state of a process work-load according to the state management circuitry in the control apparatus (Filipek; para. 15: The system 100 may utilize various vehicle inputs 103 or electronic control unit (ECU) state inputs 103 utilized to update the security state … Another input may be the ECU resource utilization.), whether to perform monitoring on only the communications monitoring circuitry (Colombo; paras. 41 and 54: enabling ETE3 determines the monitoring method is communication hardware failure and/or a soft error signal indicative of a data transmission error), monitoring on only the communications monitoring circuitry and the process monitoring circuitry, monitoring on only the communications monitoring circuitry and the memory monitoring circuitry, and monitoring on the communications monitoring circuitry, the process monitoring circuitry and the memory monitoring circuitry; and the monitoring management circuitry determines a monitoring method of communications data in the communications monitoring circuitry. Regarding claims 23-24, as best understood, Colombo, as modified, discloses the monitoring management circuitry assigns the degree of priority of the memory monitoring circuitry higher than another monitoring circuitry, when the motor vehicle is stopping according to the state management circuitry (Filipek; para. 35: the vehicle may lock down security in anticipation of overnight storage at home. The vehicle system may have several preconditions for this scenario, including that the vehicle is “off” (e.g., the ignition is turned off) … runtime memory integrity checking [is] set to a high level [i.e., memory integrity checking priority is higher than ZigBee and other smart-home communication interfaces which are disabled]); the monitoring management circuitry determines, in accordance with the state of a process work-load according to the state management circuitry in the control apparatus (Filipek; para. 15: The system 100 may utilize various vehicle inputs 103 or electronic control unit (ECU) state inputs 103 utilized to update the security state … Another input may be the ECU resource utilization.), whether to perform monitoring on only the memory monitoring circuitry (Colombo; paras. 41 and 54: enabling ETE1 determines the monitoring method is when the data read from the memory contain errors and/or when data could not be written to the memory), monitoring on only the memory monitoring circuitry and the communications monitoring circuitry, monitoring on only the memory monitoring circuitry and the process monitoring circuitry, and monitoring on the memory monitoring circuitry, the communications monitoring circuitry and the process monitoring circuitry; and the monitoring management circuitry determines the monitoring method of the memory of the control value in the memory monitoring circuitry and that of control processing therein (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Regarding claim 27, as best understood, Colombo discloses the abnormality determination circuitry compares a normal value of a monitoring value of a monitoring subject among the process monitoring circuitry, the communications monitoring circuitry and the memory monitoring circuitry with the monitoring value of the monitoring subject and the abnormality determination circuitry performs determination so that the control apparatus is abnormal, when the respective normal values are not coincident with each other (Colombo; paras. 50-51: the fault collection circuit 108 includes a register 1080. Specifically, in the embodiment considered, the register 1080 includes one or more error bits EB for storing the value of the error signals ERR. For example, considering the exemplary case of three error signals ERR1 . . . ERR3, the register 1080 may include a corresponding number of error bits EB … the error trigger generator circuit 1084 is configured to generate the error trigger signal ET as a function of the content of the error bits EB of the register 1080 [i.e., when an error bit is set, and therefore does not match the normal/unset value of itself or the other error bits, an error is signaled]). Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Colombo in view of Filipek as applied to claims 10 and 30 above, and further in view of Boutnaru (US 2018/0189498). Regarding claim 20, as best understood, Colombo, as modified, discloses the monitoring management circuitry determines, in accordance with the state of a process work-load according to the state management circuitry in the control apparatus (Filipek; para. 15: The system 100 may utilize various vehicle inputs 103 or electronic control unit (ECU) state inputs 103 utilized to update the security state … Another input may be the ECU resource utilization.), whether to perform (Colombo; paras. 51-52: the fault collection circuit 108 includes also an error trigger generator circuit 1084. Specifically, the error trigger generator circuit 1084 is configured to generate the error trigger signal ET as a function of the content of the error bits EB of the register 1080 … the behavior of the error trigger generator circuit 1084 may also be programmable, e.g. by setting one or more configuration bits in the register 1080) monitoring on only the process monitoring circuitry (Colombo; paras. 41 and 54: enabling ETE2 determines the monitoring method is processing hardware and/or software failure), monitoring on only the process monitoring circuitry and the communications monitoring circuitry, monitoring on only the process monitoring circuitry and the memory monitoring circuitry, and monitoring on the communications monitoring circuitry, the process monitoring circuitry and the memory monitoring circuitry; and the monitoring management circuitry determines a monitoring method of control processing in the process monitoring circuitry (Colombo; para. 54: by setting the error trigger enable bits ETE, the processing system 10a may be configured to signal only safety critical errors via the signal ET to the error pin/pad EP (such as uncorrectable data read errors, hardware failure of the processing unit 102 and/or one of the resources 106, etc.). Conversely, minor errors, which do not influence the safety of the system may not be signaled to the error pin/pad EP). It is unclear if Colombo, as modified, explicitly discloses the monitoring management circuitry assigns the degree of priority of the process monitoring circuitry higher than another monitoring circuitry, when the motor vehicle is running according to the state management circuitry. Boutnaru, in the same field of endeavor (vehicle cybersecurity), discloses monitoring management circuitry assigns a degree of priority of process monitoring circuitry higher than another monitoring circuitry, when a motor vehicle is running according to state management circuitry (Boutnaru; paras. 60-62: the weighted tasks with the highest scores may represent the tasks that may be most vulnerable to malicious attack or that would create the most damage in response to a malicious attack [e.g., interrupting a processing task associated with a driving task such as lane keeping would result in more damage than modifying a destination in memory or interrupting audio streaming] … A threshold may be generated based on the amount of device resources (e.g., processor cycles, available memory, network bandwidth) available for monitoring. A monitoring policy may then be generated based at least in part on the resulting score of the weighted tasks in response to a comparison against the available resources.). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, with a reasonable expectation of success, to have modified the fault collection circuit of Colombo, as modified, to disable memory and/or communications monitoring when the vehicle is running, as disclosed by Boutnaru, with the motivation of minimizing the impact of the monitoring on performance of the vehicle thereby improving monitoring for security breaches, resource unavailability, or error detection (Boutnaru; para. 11). Claim(s) 28-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Colombo in view of Filipek as applied to claims 10 and 30 above, and further in view of Galula et al. (US 2020/0216097), hereinafter Galula. Regarding claims 28-29, as best understood, Colombo, as modified, discloses the state management circuitry determines that a cyber-security attack is received (Filipek; para. 13: vehicle detects a cyber-attack by an in-vehicle HIDS (Host-based Intrusion Detection System), or a NIDS (Network-based Intrusion Detection System)), whereby, the monitoring management circuitry assigns a degree of priority of the communications monitoring circuitry higher than another monitoring circuitry, the monitoring management circuitry assigns a degree of priority of the process monitoring circuitry higher than another monitoring circuitry, or the monitoring management circuitry assigns a degree of priority of the memory monitoring circuitry higher than another monitoring circuitry (Filipek; para. 14: the controller 101 may … prioritize a security service… when a certain aspect of the vehicle is attacked). Colombo, as modified, does not appear to explicitly disclose the state management circuitry determines that a communications attack state is received when abnormality is determined by the abnormality determination circuitry in accordance with the monitoring result of the communications monitoring circuitry, the state management circuitry takes on a process attack state when abnormality is determined by the abnormality determination circuitry in accordance with the monitoring result of the process monitoring circuitry, and the state management circuitry takes on a memory attack state when abnormality is determined by the abnormality determination circuitry in accordance with the monitoring result of the memory monitoring circuitry. Galula, in the same field of endeavor (vehicle cybersecurity), discloses state management circuitry takes on a communications attack state when abnormality is determined by an abnormality determination circuitry in accordance with a monitoring result of communications monitoring circuitry (Galula; paras. 96-97: a monitoring system may keep track of the communication and look for deviations from the specifications of the system. For example, a monitoring system may look for at least one of: application that is associated with the communication, protocol that is used, the rate of the communication, services (e.g., SOME/IP service IDs) that are used, clients that are associated with the communication (e.g., IP and/or MAC addresses and/or SOME/IP client IDs). In some embodiments, a monitoring system may detect violations in the communication), the state management circuitry takes on a process attack state when abnormality is determined by the abnormality determination circuitry in accordance with a monitoring result of process monitoring circuitry (Galula; para. 48: security layer 210 detects an attack … for example detection of a “dirty” system call, or an unexpected access to system resources. A dirty system call may generally be any unexpected call to a function made by a process (e.g., executable code 220 when executed)), and the state management circuitry takes on a memory attack state when abnormality is determined by the abnormality determination circuitry in accordance with a monitoring result of memory monitoring circuitry (Galula; para. 46: verification includes examining, e.g., by security layer 210, a memory of a running process and selectively detecting modifications to regions of the examined memory … security layer 210 may ignore changes in address range 2049-4096 but may alert or even stop execution of code in ECU 202 if changes to code in address range 0-2048 are identified or detected). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, with a reasonable expectation of success, to have modified the fault collection circuit of Colombo, as modified, to identify different types of cyber-attacks, as disclosed by Galula, with the motivation of enabling a system and method to select an optimal mode of operation that combines, or is based on considerations related to, security, performance, efficiency and cost thereby improving cyber-security (Galula; para. 37). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH THOMPSON whose telephone number is (571)272-3660. The examiner can normally be reached Mon-Thurs 9:00AM-3:00PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Erin Bishop can be reached at (571)270-3713. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JOSEPH THOMPSON/Examiner, Art Unit 3665 /DONALD J WALLACE/Primary Examiner, Art Unit 3665