TECHNIQUES FOR MITIGATING MANIPULATIONS OF AN ONBOARD NETWORK OF A VEHICLE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Remarks This action is in response to communications filed on 10/31/2025, claim(s) 14 is cancelled and claims 13, 24 and 25 are amended per Applicant's request. Therefore, claims 13 and 15-25 are presently pending in the application and have been considered as follows. Examiner Note In light of applicants amendment the examiner hereby withdraws his previous 35 USC 112(b) rejection of claims 18-20 and 24. Response to Arguments Applicant's arguments filed 10/31/2025 have been fully considered but they are not persuasive. -The applicants’ remarks on 7-8 with respect to: “In particular, Sakata's teaching of "restoration" is inapplicable to the amended claims because Sakata's "restoration" is a manual act performed by an authorized person (e.g., at a service station) to reverse a permanent vehicle shutdown.” “This is in contrast with the claimed second countermeasure, which is an automated, technical step performed by the system itself to restore a functional scope and enable continued operation. Thus, Sakata teaches away from the claimed invention by opting for a complete system capitulation in the face of a persistent attack, rather than implementing a technical resiliency and recovery cycle. Therefore, the motivation to combine Filipek with Sakata is absent..” “In addition, Applicant submits that the amended claims would not have been obvious even if combining the asserted references were proper. In particular, the asserted prior art, even if combined, fails to teach the newly specified limitation of dynamically selecting a countermeasure based on whether the anomaly has appeared repeatedly. This feature provides a specific technical improvement: an adaptive, intelligent response that is more than just Sakata’s linear, time-based escalation. It allows the system to choose from a plurality of available countermeasures based on the anomaly's history, a concept not taught or suggested by the cited art.” Have been carefully considered but are non-persuasive; The examiner respectfully disagrees and notes that the rejection is based on the combination of both Filipek and Sakata. Filipek was used to show that a variety of countermeasures and responses can be implemented based on what is occurring and Sakata was cited only to show that selecting a second countermeasure distinct from the first countermeasure based on a frequency of an error occurrence (e.g. anomaly. Implementing a first countermeasure which transfers the vehicle and/or at least one component of the vehicle, into a predetermined safe state, the first countermeasure being selected based on the signature and implementing a second countermeasure to at least partially restore a functional scope of the vehicle;– Para. 0016, 0024-0027 of Filipek states a database including various options (e.g. countermeasures) of how to respond based on a type of attack and scenario (e.g. signature). The countermeasures include scenarios in which it is determined to degrade the operation of a vehicle to put it into a safe state such as turning off the attack software or slowing down the vehicle. Filipek discloses the vehicle uses the context to determine the appropriate action. Filipek further discloses that a reboot (e.g. second countermeasure that will restore functional scope ) of the system or attacked component may happen once it is safe to do so. While it is clear that countermeasure are dynamically chosen based on the attack and the context of the vehicle and these are performed autonomously, it is not clear of the selection and timing of the countermeasure (e.g. a 1st countermeasure is performed followed by a clear 2nd countermeasure after the first). However, Sakata was used for this purpose. Selection and appear of anomaly – Para. 0015-0017, 0055-0057 of Sakata shows selection of countermeasures based on frequency of error. For example an alert (e.g. first countermeasure) is generated based on detection of a first error (e.g. anomaly) and if this error exceeds a threshold (e.g. appeared repeatedly) power of the vehicle is turned off (e.g. a second countermeasure). Thus the combination would provide a system under attack that places the system in a safe state based on a variety of countermeasures available, as the system uses context for triggering countermeasure the system would monitor the frequency of a particular anomaly, and implement a second countermeasure for rebooting when the context allows it to thus improving on the implementation of countermeasures which further enhances the safety of the autonomous vehicle. Thus, the applicant argument is considered non-persuasive. Additional arguments are also considered to be non-persuasive for the reasons indicated above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 13, 15-18 and 21-25 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210026958 to FILIPEK et al. (hereinafter “Filipek .”) in view of US 20220157090 to SAKATA (hereinafter “Sakata”) Claim 13 Filipek teaches a method for mitigating manipulations of an onboard network of a vehicle, the method comprising the following steps: receiving a signature of an anomaly prevailing in the onboard network; [e.g. Filipek; Abstract, Para. 0007, 0013, 0022-0025 – Filipek discloses receiving detailed data (e.g. signature) of an attack (e.g. anomaly) via a Host-Based Intrusion Detection System (HIDS) of a vehicle. ] implementing a first countermeasure which transfers the vehicle and/or at least one component of the vehicle, into a predetermined safe state, the first countermeasure being selected based on the signature; ; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] implementing a second countermeasure to at least partially restore a functional scope of the vehicle; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses countermeasures to reboot the affected system/component (e.g. restoring a functional scope).]and wherein the first and/or the second countermeasure for the prevailing anomaly is selected dynamically from various available countermeasures based on status information with respect to the vehicle and/or the prevailing anomaly. [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, rebooting, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack and context of the vehicle.] While Filipek teaches the method of claim 13 Filipek and Filipek clearly discloses various countermeasures being implemented based on context , Filipek fails to explicitly teach the timing of the countermeasure based whether an anomaly has appeared frequently. More specifically Filipek fails to teach however, Sakata teaches: wherein the status information indicates whether the prevailing anomaly has appeared repeatedly, and [e.g. Sakata; Abstract, Para. 0015-0017, 0055-0075 – Sakata discloses a security measure(e.g. countermeasure) against a cyber-attack on vehicles by disabling power of a vehicle under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] wherein the selection of the first and/or the second countermeasure is based on whether the anomaly has appeared repeatedly. [e.g. Sakata; Abstract, Para. 0015-0017, 0055-0075 – Sakata discloses a security measure (e.g. countermeasure) against a cyber-attack on vehicles by disabling power of a vehicle (e.g. countermeasure) under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by Filipek with the advantage of improving the possibility of detecting a cyber-attack as disclosed in paragraph 0018. Furthermore, implementing the staged restoration process would provide immediate safety protection and recovery, as Filipek clearly discloses both stopping a vehicle from moving in step 311 which would put the vehicle in a safe condition for reboot and then rebooting the attack ECU(s) or all ECU(s) when it is safe to do so and determining the vehicle context. Claim 15: Filipek as modified by Sakata teaches the method as recited in claim 13, wherein the status information indicates how frequently an anomaly having the signature has appeared. [e.g. Sakata; Abstract, Para. 0015-0017, 0055-0075 – Sakata discloses tracking the number of occurrence of error logs to indicate an anomaly. ] Claim 16: Filipek teaches the method as recited in claim 13, wherein different first and/or second countermeasures are selected in various situations, which are identified by the status information. [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack and vehicle context.] Claim 17: While Filipek teaches the method of claim 13 Filipek and Filipek clearly discloses various countermeasures, Filipek fails to explicitly that a second countermeasure is performed. More specifically Filipek fails to teach however, Sakata teaches: wherein a certain first and/or second countermeasure is selected in response to a first detection of an anomaly having a specific signature, and a different first and/or second countermeasure in response to a further detection of the anomaly having the specific signature; [e.g. Sakata; Abstract, Para. 0055-0075 – Sakata discloses a first time alert for an anomaly and if the anomaly persists disabling power to the vehicle. ] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by Filipek with the advantage of improving the possibility of detecting a cyber-attack as disclosed in paragraph 0018. Furthermore, implementing the staged restoration process would provide immediate safety protection and recovery, as Filipek clearly discloses both stopping a vehicle from moving in step 311 which would put the vehicle in a safe condition for reboot and then rebooting the attack ECU(s) or all ECU(s) when it is safe to do so and determining the vehicle context. Claim 21: Filipek teaches the method as recited in claim 13, wherein the first countermeasure includes one or more of the following: at least partially deactivating or blocking a first component of the onboard network, in which the prevailing anomaly has appeared; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] activating a component or a function which is affected by the prevailing anomaly; shifting a function of a first component in which the prevailing anomaly has appeared, to a second component; changing a configuration of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] changing an operating mode of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] transmitting a warning that a signature of an anomaly was detected. Claim 22: Filipek and Sakata teaches the method as recited in claim 13, wherein the second countermeasure includes one or more of the following: resetting a software of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] [e.g. Sakata; Abstract, Para. 0055-0075 – Sakata discloses a security measure against a cyber-attack on vehicles by disabling power of a vehicle under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] updating a software of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network; reactivating a first component or lifting a blockade of a first component of the onboard network, in which the prevailing anomaly has appeared; [e.g. Sakata; Abstract, Para. 0055-0075 – Sakata discloses a security measure against a cyber-attack on vehicles by disabling power of a vehicle under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] shifting a function back from a second component to a first component in which the prevailing anomaly has appeared; changing a configuration of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network; [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] [e.g. Sakata; Abstract, Para. 0055-0075 – Sakata discloses a security measure against a cyber-attack on vehicles by disabling power of a vehicle under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] and changing an operating mode of a first component of the onboard network in which the prevailing anomaly has appeared, and/or of further components of the onboard network. [e.g. Filipek; Abstract, Fig. 3, Para. 0007, 0013, 0022-0027 – Filipek discloses various countermeasures such as degradation, disabling, etc., to place vehicle in a safe state based on a security response database indicating responses based on type of attack.] [e.g. Sakata; Abstract, Para. 0055-0075 – Sakata discloses a security measure against a cyber-attack on vehicles by disabling power of a vehicle under attack and restoration based on tracking the frequency of error logs that indicate an anomaly and a potential cyberattack. ] Claim 23: Filipek teaches the method as recited in claim 13, wherein the method is carried out by one or more components within the vehicle. [e.g. Filipek; Abstract, Para. 0007, 0013, 0022-0025 – Filipek discloses receiving detailed data (e.g. signature) of an attack (e.g. anomaly) via a Host-Based Intrusion Detection System (HIDS) of a vehicle. ] Regarding claims 16-18 they are device and manufacture claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons. Claims 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210026958 to FILIPEK et al. (hereinafter “Filipek .”) in view of US 12258027 to Le Henaff (hereinafter “Le Henaff”) Claim 18 While Filipek and Sakata teaches the method of claim 13 the combination fails to explicitly teach an intent for response time for a countermeasure. More specifically the combination fails to teach however, Sakata teaches: wherein the first countermeasure is intended to be carried out within a first predetermined time interval after an anomaly is detected, the predetermined time interval being 20 seconds or less.; [e.g. Le Henaff; Abstract, Col 9 Ln 29 – Col 10 Ln 54, Col 36 Ln 19-40 – Le Henaff discloses various configurable times to respond to a fault in a vehicle with a countermeasure. ] wherein the first countermeasure is intended to be carried out within a first predetermined time interval after an anomaly is detected, the predetermined time interval being 2 seconds or less.; [e.g. Le Henaff; Abstract, Col 9 Ln 29 – Col 10 Ln 54, Col 36 Ln 19-40 – Le Henaff discloses various configurable times to respond to a fault in a vehicle with a countermeasure. ] wherein the first countermeasure is intended to be carried out within a first predetermined time interval after an anomaly is detected, the predetermined time interval being 20 ms or less.; [e.g. Le Henaff; Abstract, Col 9 Ln 29 – Col 10 Ln 54, Col 36 Ln 19-40 – Le Henaff discloses various configurable times to respond to a fault in a vehicle with a countermeasure. ] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by Filipek and Sakata as it would be obvious to apply a known technique (e.g. threshold based fault response timing) to yield the predictable result (e.g. improved vehicle safety). Furthermore, it is noted that Le Henaff does not explicitly disclose a response time as short as 20 ms however this is a design choice as Le Henaff clearly discloses examples of multiple configurable times and one of ordinary skill in the art would realize the a short response time would be an option based on the magnitude of the fault. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841. The examiner can normally be reached Monday through Friday between 8:00 AM to 4:00 PM CST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432