Prosecution Insights
Last updated: July 17, 2026
Application No. 18/612,797

SAFETY AND CONTROL INTERFACE FOR SAFE VEHICLE OPERATION

Non-Final OA §102§103
Filed
Mar 21, 2024
Examiner
POUDEL, SANTOSH RAJ
Art Unit
2115
Tech Center
2100 — Computer Architecture & Software
Assignee
Applied Electric Vehicles Ltd
OA Round
1 (Non-Final)
77%
Grant Probability
Favorable
1-2
OA Rounds
6m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allowance Rate
438 granted / 572 resolved
+21.6% vs TC avg
Strong +32% interview lift
Without
With
+32.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
33 currently pending
Career history
602
Total Applications
across all art units

Statute-Specific Performance

§101
4.7%
-35.3% vs TC avg
§103
83.8%
+43.8% vs TC avg
§102
4.3%
-35.7% vs TC avg
§112
5.3%
-34.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 572 resolved cases

Office Action

§102 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office action is responsive to the communication filed on 03/21/2024. The claims 1- 20 are pending, of which the claim(s) 1, 12, 20 is/are in independent form. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. I) Claim 12 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of co-pending Application No. 18/756312 (reference application, filed on 05/26/2026). Although the claims at issue are not identical, they are not patentably distinct from each other because the co-pending application’s claim renders obvious the claim(s) 1 of the instant application as set forth below. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Instant Application: 18/612797 Co-Pending Application: 18/756312 of 05/26/2026 12. An electronic control unit for controlling operation of a vehicle, the electronic control unit comprising A system comprising:.. a central control unit of the vehicle comprising a first processor configured to execute applications associated with the vehicle; a remote operator via a remote teleoperation device to actuate the one or more subsystems a safety and control interface configured to: receive a request for a service from an application executed by the first processor; and an application processor configured to execute a remote control application that receives the instructions from the remote teleoperation device perform a safety check to determine whether the application is allowed to utilize the service; and the safety processor configured to: arbitrate the requests from the remote control application by determining whether the requests satisfy safety rules for the vehicle.,.. in response to the requests satisfying the safety rules a second processor configured to execute the service or deny the service based on the safety check. the safety processor configured to:…cause the one or more subsystems to perform the at least one operation associated with the instructions. The co-pending application’312’s claim 1 uses safety processor to perform safety check, PHOSITA can clearly understand that this function can be moved to the an application processor as part of the design choice of how to distribute jobs/tasks between two available processors. Thus, claim 12 of the instant application is unpatentable over claim 1 of the co-pending application’312. II) Claim 12 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of co-pending Application No. 18606548 (reference application, filed on 12/18/2025). Although the claims at issue are not identical, they are not patentably distinct from each other because the co-pending application’s claim renders obvious the claim(s) 1 of the instant application as shown below. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Instant Application: 18/612797 Co-Pending Application: 18/606548 of 12/18/2025 12. An electronic control unit for controlling operation of a vehicle, the electronic control unit comprising 1. A system comprising:.. central control unit of the vehicle, the central control unit comprising a first processor configured to execute applications associated with the vehicle; a first processor configured to execute applications associated with the vehicle that output requests to perform operations using the one or more subsystems; a safety and control interface configured to: receive a request for a service from an application executed by the first processor; and a second processor configured to maintain an operating state of the vehicle within a safe operating envelope of the vehicle, wherein the second processor receives the requests from the applications executed by the first processor to perform the operations and outputs commands to the one or more subsystems of the vehicle to perform the operations based on the requests satisfying safety rules for the perform a safety check to determine whether the application is allowed to utilize the service; and perform the operations based on the requests satisfying safety rules for the vehicle a second processor configured to execute the service or deny the service based on the safety check. a vehicle subsystem actuator of a subsystem of the one or more subsystems configured to actuate responsive to receiving at least one of the commands to cause the subsystem to perform at least one of the operations. Therefore, the claim 1 of the co-pending application 18/606548 teaches/suggests each limitation of the claim 12 of the instant application and renders invention thereof obvious to PHOSITA. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: In claims: 1-9 & 12- 20: “safety and control interface”: In Figs. 2 & 4, shown as item 132 having logics and memory 410 as part of the CPU 120 used as an electronic control unit for a vehicle; see paras. 1051, 064, 0066, 20101. Also see dependent clams 10-11. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1- 4, 7, 9- 10, & 12- 14 is/are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Budz et al. (US 20240321024 A1). Regarding claim 1, Budz teaches a system [system 100 of Budz having flow diagram 500/600] comprising: (Figs. 1-2, 5-6 [052]); [a] one or more subsystems [“various systems of a vehicle”, e.g., brakes, door pod etc., of the vehicle] of a vehicle [one of “vehicle 106 and vehicle 108”], each of the one or more subsystems configured to perform an operation of the vehicle (Fig. 1-2, 5-6, [054, 060, 084]); [b] a first processor [processor of the client computing device, e.g., Fig. 5, “client computing device 502” wirelessly communicating and sending command(s) to vehicle(s)] configured to execute applications [“client computing device 502 (e.g., a smartphone configured to execute an application to request the actuation of a system of a vehicle)”] associated with the vehicle ([074, 084, 091, 096]); [c] a safety and control interface [ECU 210 and/or TCU 212/506 of fig. 2 and/or computing system 504/604 of figs. 5-6] configured to: (c1) receive a request [“computing system 504 may be configured to receive the signal 516 that includes a request to actuate a system of a vehicle” or “a signal 520 (e.g., a signal including a vehicle actuation”] for a service [“vehicle actuation” such as wake up or open/lock the door etc., start up, shut down for the vehicle being provided from the mobile phone] from an application [client device’s application that being used by user to send vehicle actuation commands] executed by the first processor; (c2) determine whether [“determination of whether a vehicle actuation command is valid or invalid”, “the ECU (not shown) may perform operations including checking the validity of a vehicle actuation command” and/or “a requesting entity is authorized to actuate one or more systems” of step 712] the application has an application permission to access the service; and (c3) determine whether [“and determining whether a vehicle is in a safe state (e.g., brakes of a vehicle are locked, and a vehicle is not moving) that allows a vehicle to implement a vehicle actuation command”] executing the service would maintain a safety goal [“operational safety”] established for the vehicle ([3004-4009, 069-070, 083-087, 093, 0107, 50110]); and [c] a second processor [“BCM 508/208” and/or any processor used by the door pod 510 to process BCM’s signal 524 and generate signal 526 to control the door latch 512 or processor of the subsystem of the vehicle that process ECU/TCU’s commands] configured to execute [Fig. 7, Step 722, e.g., “determining that a vehicle is in a safe operational state that will allow a vehicle actuation command to be safely implemented by the one or more systems of a vehicle”] the service requested by the application based on the safety and control interface [the output of the safety and control interface is provided to the second processor to actually execute the command sent from the client’s device] determining that the application has the application permission to access the service and [Fig. 7 clearly shows that checking both authentication and safety rule before allowing execution of the commands in Step 722] that executing the service responsive to the request would maintain the safety goal established for the vehicle ([010, 066, 087-088, 015]). Therefore, Budz teaches each limitation of the claim and clearly anticipates the invention of this claim. Regarding claim 2, Budz teaches The system of claim 1, wherein the second processor, in being configured to execute the service, is configured to cause actuation of at least one of the one or more subsystems [e.g., “unlock the door latch 512”, cabin temperature, engine start/off] of the vehicle ([088, 0101], Fig. 5). Regarding claim 3, Budz teaches the system of claim 1, wherein the request includes the application permission ([006, 0106]). Regarding claim 4, Budz teaches the system of claim 3, wherein the application permission is provided to the application for inclusion in the request by an authentication service [“authorization”] ([006, 098]). Regarding claim 7, Budz teaches the system of claim 1, wherein the application permission is implemented to satisfy, at least in part, a safety rule [e.g., rental period of the vehicle is active or expired checking or the vehicle is in “authorized geographic area”] applied to the vehicle ([002, 004, 0100]). Regarding claim 9, Budz teaches the system of claim 1, wherein the safety and control interface [TCU/ECU can see the commands sent by the client to control the function of the BCM] is configured to intercept the request sent from a connection between the first processor [customer’s computing device 502] and the second processor [BCM of the vehicle or the subsystem controlling computer system of the vehicle] ([090], Figs. 5-6 & associated texts). Regarding claim 10, Budz teaches the system of claim 1, wherein the safety and control interface is configured as part of a connection [ the TCU is in between the client and the BCM or the door pod] between the first processor and the second processor ([086-087], Fig. 5). Regarding claim 12, the rejection discussed in claim 1 is incorporated. Thus, only in summary, Budz teaches an electronic control unit [ECU 608] for controlling operation of a vehicle, the electronic control unit comprising: (Figs. 5- 6, [065]); [a] a first processor [processor of the user’s computing device, “client computing device 602”] configured to execute applications [“may access a software application (e.g., a mobile application)”] associated with the vehicle ([091]); [b] a safety and control interface [one or more of the TCU, ECU or BCU] configured to: receive a request [command sent from client, e.g., signal 614/516/520, “client computing device 502 may generate the request and send signal 516 comprising the details of the request”] for a service from an application executed by the first processor; and perform a safety check [Fig. 7, Steps 712 and/or 718] to determine whether the application is allowed to utilize the service (Figs. 5- 7, [084-087]); and [c] a second processor [“BCM 508” and/or computer that process output of the BCK 508 such as door pod 510 to control door latch 512] configured to execute [Steps 718 and 722, “after a vehicle is determined to be in a safe operational state, an engine of a vehicle may be started up and one or more doors of a vehicle may be unlocked”] the service or deny [step 720] the service based on the safety check ([087-088, 0112- 0115], Figs. 5, 7). Thus, Budz clearly anticipates the invention of this claim. Regarding claim 13, Budz teaches the electronic control unit of claim 12, wherein, in being configured to perform the safety check [step 718 of fig. 7], the safety and control interface is configured to determine whether the application has an application permission [authorization or valid/invalid] required to access the service (Fig. 7, [097-0098, 0107]). Regarding claim 14, Budz teaches the electronic control unit of claim 13, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining that the application does not [No in Step 706 or 712] have the application permission required to access the service, discard [“If the message is not from an authorized entity or otherwise invalid, a vehicle systems will not be activated.”] the request and instruct the second processor to deny the service (Fig. 7, [080, 0103]). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 5-6 & 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Budz. Regarding claims 5-6, Budz further teaches the system of claim 1, wherein the safety and control interface is further configured to receive the safety goal (See “brakes of a vehicle are locked” or not, “vehicle is not moving”] ([0110, 077] in step 716 of fig.7 shows safe operation state is checked). However, Budz still fails to explicitly teach when and who provides these safety goals (vehicle not moving, brakes are not locked) checking rules to the computer of the vehicle of Budz so that these safety rules are checked in method of fig. 7. Thus, Budz may not teach its receive the “safety goal” is: Claim 5- “as part of a commissioning process” and Claim 6- “is defined by a manufacturer of the vehicle during the commissioning process”. Nevertheless, Budz implicitly teaches/suggests both of the missing limitations of the claims 5- 6 as well. Specifically, PHOSITA knows that since typical drivers who use the various types (like boats, trucks) of the vehicles (see, para.060) of Budz do not know which safety goals/features are important/not-important to enforce before allowing/disallowing one or more “vehicle actuation command” and also would not know how to program various safety goals, providing/programming such safety goals to the computer(s) of the vehicles during commissioning process by the vehicle manufacturers would have been obvious. The motivation of doing so would have been to allow vehicle manufacturers to be assured that vehicles manufactured by them meet the government’s safety standards and the safety rules will not be bypassed even when the users do not know how to program such safety rules. Regarding claim 11, Budz teaches the system of claim 1 including the safety and control interface [computing system 504/604 or ECU 608] (Fig. 5-6, [085-086]). However, Budz may not explicitly teach “the safety and control interface includes one or more application programming interfaces and exposes the one or more application programming interfaces to the application” as claimed. However Budz implicitly teaches/suggests to the PHOSITA that the safety and control interface includes one or more application programming interfaces and exposes the one or more application programming interfaces to the application as claimed ([085-086], Fig. 5- 6 of Budz show the computing system 504 or ECU 608. PHOSITA knows that the computing system and ECU are well -known to include APIs in order to allow exchanging of data/message/notification to the clients 502 & 514). See MPEP 2144.01. Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Budz in view of Robertson et al. (US 20160004535 A1). Regarding claim 8, Budz teaches the system of claim 7, wherein the safety rule is implemented to satisfy Asafe operation of the vehicle ([0131-0133]). However, Budz may not teach its implementing of the safe operation of the vehicle while processing the actuation commands is to “satisfy Automotive Safety Integrity Level D (ASIL D)” as claimed. Robertson teaches a system with a processor used in high safety-level applications. Specifically, Robertson teaches a system comprising: a safety and control interface configured to perform an operation of the vehicle wherein the safety rule is implemented to satisfy Automotive Safety Integrity Level D (ASIL-D) operation [“when a high-safety function is to be executed, such as when the instruction executed is an instruction associated with a ASIL-C or ASIL-D level function.”] of the vehicle ([018, 021]). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to (1) combine Robertson and Budz because they both related to using a computer system of vehicle for safety goal during remote controlling of the vehicle and (2) modify the safety rule of Budz is implemented to satisfy Automotive Safety Integrity Level D (ASIL-D) operation of the vehicle as in Robertson. Doing so would ensure that high-safety functions to be included for execution in the vehicles of the Budz (Robertson [021]). Claim(s) 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Budz in view of Kafzan (US 20250055871 A1). Regarding claim 15, Budz teaches the electronic control unit of claim 13, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining that the application does have the application permission required to access the service, determine whether [step 716 is based on completing of the steps 706 and step 710] the service is maintains Budz does not teach to determine whether the service is associated with one or more safety goals. That is, Budz’s vehicle does not discriminate the commands as safety related and not safety related as claimed. Kafzan relates to monitoring and inspecting remotely provided commands [“monitored messages”] for transportation vehicle(s) [railway fleet networks] and calculating of the message sensitivity levels by considering safety goals ([006-007, 016]). Specifically, Budz teaches an electronic control unit for controlling operation of a vehicle the electronic control unit comprising: a safety and control interface configured to: receive a request [“An intercepted message/communication… message carried command(s) may accordingly be evaluated”, analogous to Budz’s commands provided from client computing device 502] for a service from an application executed by the first processor; and responsive to determining that the application does have the application permission required to access the service, determine [determining “the inspected message sensitivity level rank is high” or “low” by factoring “operation and/or safety”] whether the service is associated with one or more safety goals ([059-060, 076, 0113-0115], Fig. 4E). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to (1) combine Kafzan and Budz because they both related to performing safety check to the remotely provided requests for service for a vehicle operation and (2) modify the a safety and control interface of Budz to determine whether the received request for service is associated with one or more safety goals responsive to determining that the application does have the permission required to access the service as in Kafzan. Doing so would allow assuring compliance during processing of the received service requests and avoid unnecessary processing burden for low risk (not safety related) service requests thereby saving processing resources of the vehicle(s) (Kafzan [060, 075]). Regarding claim 16, Budz in view of Kafzan teaches/suggests the electronic control unit of claim 15, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining that the service is not associated with the one or more safety goals, instruct [applying the idea of “if the inspected message sensitivity level rank is low, then (b) Flagging the inspected message for review and/or reporting it and allowing to continue to the message's target transportation network management unit” in Budz (e.g., to change “cabin temperature” setting by couple degrees while vehicle is moving as can be clear to PHOSITA) system to continue the command without safety check if they are not related to (having low effect) safety goal to minimize processing burden since the commands do not pose safety threat anyway] the second processor to execute the service (Kafzan [0115] & Budz Fig. 7 [017]). Regarding claim 17, Budz in view of Kafzan teaches/suggests the electronic control unit of claim 15, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining that the service is associated with the one or more safety goals [using idea of “if the inspected message sensitivity level rank is high, then (a) Flagging and blocking the inspected message from reaching the message's target transportation network management unit, until further processing has cleared and released the message” to perform step 718 in Budz since the commands appear high risky/safety related], instruct the second processor to determine whether the one or more safety goals would be maintained if the service is executed (Kafzan [0115] & Budz Fig. 7 [0115-0116]). Regarding claim 18, Budz in view of Kafzan teaches/suggests the electronic control unit of claim 17, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining that the one or more safety goals would be maintained if the service is executed, instruct [step 722 of Budz] the second processor to execute the service (Kafzan [0115] & Budz Fig. 7 [110, 0115-0116]). Regarding claim 19, Budz in view of Kafzan teaches/suggests the electronic control unit of claim 17, wherein, in being configured to perform the safety check, the safety and control interface is configured to, responsive to determining [No in Steps 716 & 718 of Budz] that the one or more safety goals would not be maintained if the service is executed, discard the request and instruct the second processor not to execute the service (Kafzan [0115] & Budz Fig. 7 [0110, 0115-0116]). Regarding claim 20, the rejection of claims 1 & 12 are incorporated. Thus, only in summary, Budz teaches a method comprising: (Fig. 7, [095]); receiving, by a safety and control interface [Figs. 5-6, one or both of the TCU or ECU or the “computing system 504”] of an electronic control unit of a vehicle, a request [“At 702, a vehicle actuation command may be received.”] for a service from an application[“smartphone configured to execute an application to request the actuation of a system of a vehicle” used by the client device 502] ([084, 096]); determining [checking request is valid or not and/or checking the request is authorized request or not], by the safety and control interface, whether [steps 706 and 712] the application has a permission to access the service ([0103-0107, 0137]); responsive to determining that the application has the permission to access the service, determining, by the safety and control interface, whether vehicle can maintain a safety goal ([0107-110]); responsive to determining that the vehicle can maintain vehicle is in a safe operational state, one or more systems of a vehicle may be actuated”] the service, at least in part, by actuating one or more subsystems of the vehicle (Fig. 7, [086-088, 0109-0112]). Budz may not teach “determining, by the safety and control interface, whether the service is associated with a safety goal” as claimed a since Budz appear to checking safety goal for each request. Thus, Budz may not teach the limitation shown with strikethrough emphasis but this limitation is cured by Kafzan as discussed above. Kafzan teaches A method comprising: receiving, by a safety and control interface of an electronic control unit of a vehicle, a request [“given message”] for a service from an application; responsive to determining that the application has the permission to access the service, determining [checking of “message sensitivity level” in fig. 4E], by the safety and control interface, whether the service is associated with a safety goal; responsive to determining that the service is associated with the safety goal [“high” sensitivity message], determining, by the safety and control interface, whether [performing of “further processing” before allowing the message to reach the “target transportation network management unit”] the safety goal would be maintained if the service is executed ([060, 0113-0115]). Thus, Kafzan clearly cures Budz’s deficiency. It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to (1) combine Kafzan and Budz because they both related to performing safety check to the remotely provided requests for service for a vehicle operation and (2) modify the a safety and control interface of Budz to determine whether the service is associated with a safety goal after determining that the application has the permission to access the service and perform checking of whether the safety goal would be maintained if the service is executed as in Budz. Doing so would allow assuring compliance during processing of the received service requests at the vehicles sent from the remote location using client device and avoid unnecessary processing burden for low risk (not safety related) service requests (Kafzan [060, 075]). Accordingly, Budz in view of Kafzan teaches each elements of the claim and renders invention thereof obvious to PHOSITA. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 1) Kato (US 20260034998 A1) teaches autonomous driving vehicle executes the autonomous driving based on the signal and an operation instruction from the operation terminal ([008]). 2) McKendrick et al. (US 20240059322 A1) teaches determining whether it is for the autonomous to implement one or of the updated planned trajectory or the planned behavior ([082]). Contacts Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANTOSH R. POUDEL whose telephone number is (571)272-2347. The examiner can normally be reached Monday - Friday (8:30 am - 5:00 pm). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamini Shah can be reached at (571) 272-2279. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SANTOSH R POUDEL/ Primary Examiner, Art Unit 2115 1 “safety and control interface 132 is configured to implement, at least in part, one or more of the APIs 116” 2 “the safety and control interface 132 includes an authentication module 404” 3 “There may be a determination of whether a vehicle actuation command is valid or invalid. Based on a vehicle actuation command being valid, there may be a determination of whether a requesting entity is authorized to actuate the one or more systems of a vehicle. Based on a requesting entity being authorized to actuate the one or more systems of a vehicle, there may be a determination of whether a vehicle is in a safe operational state that will allow a vehicle actuation command to be safely implemented by the one or more systems of a vehicle” 4 “The BCM and/or the TCU may be configured to determine whether a requesting entity is authorized to actuate the one or more systems of a vehicle.” 5 “At step 716, a system may determine whether a vehicle is in a safe operational state… safe operational state may be performed by one or more systems of a vehicle including one or more ECUs of a vehicle, a BCM of a vehicle, and/or any system of a vehicle that may monitor the state of a vehicle”.
Read full office action

Prosecution Timeline

Mar 21, 2024
Application Filed
Jun 11, 2026
Non-Final Rejection mailed — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12669253
MONITORING HVAC&R PERFORMANCE DEGRADATION USING RELATIVE COP FROM JOINT POWER AND TEMPERATURE RELATIONS
3y 4m to grant Granted Jun 30, 2026
Patent 12663774
ROBOT ACCESS CONTROL AND GOVERNANCE FOR ROBOTIC PROCESS AUTOMATION
2y 11m to grant Granted Jun 23, 2026
Patent 12651278
POWER MANAGEMENT SYSTEM
2y 10m to grant Granted Jun 09, 2026
Patent 12643427
A METHOD FOR DETERMINING A STATUS OF AN ELECTRIC VEHICLE CHARGING STATION
2y 10m to grant Granted Jun 02, 2026
Patent 12643425
DC METER FOR ELECTRICAL VEHICLE CHARGING STATION
2y 11m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
77%
Grant Probability
99%
With Interview (+32.0%)
2y 10m (~6m remaining)
Median Time to Grant
Low
PTA Risk
Based on 572 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month