CTNF 18/664,075 CTNF 91435 DETAILED ACTION Continued Examination Under 37 CFR 1.114 07-42-04 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 05/08/2026 has been entered. Claims 21, 22, 24 and 24 have been canceled. Claims 1-5, 7-20, 23, and 26-31 pending in the application. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim (s) 1, 4-5, 7-10, and 29-31 are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US 20230072068 A1) in view of Denis (US 20200205006 A1), and in view of Chaoji (US 11424993 B1) . Regarding claim 1, Subramanian teaches a vehicular apparatus for threat detection, the vehicular apparatus comprising: a memory; and a processor coupled to the memory and configured to: (Fig. 3. [0095]-[0096]) receive a wireless transmission; determine that the wireless transmission includes a first potential threat; (Abstract: to track data wirelessly received by said vehicle for identifying the cyber-attack. [0066]: The identification corresponds to the discovery, by the intrusion detection and prevention system IDPS of the at least one attacked vehicle 1, of at least one piece of malicious data among the wirelessly received data. [0015]: The transmission of the report update realized according to the short range communication protocol is propagated/broadcasted from one vehicle to the other.) generate a first threat report based on the determination that the wireless transmission includes the first potential threat, wherein the first threat report includes information associated with the first potential threat; and ([0065]-[0066]: identifying the cyber-attack in said at least one attacked vehicle. The identification corresponds to the discovery, by the intrusion detection and prevention system IDPS of the at least one attacked vehicle, of at least one piece of malicious data among the wirelessly received data and the definition of a report update that characterizes said at least one piece of malicious data.) transmit the first threat report to a network node via a vehicular communications system. ([0069]: This report update is sent to any vehicle in proximity (i.e., within range) thanks to the short range communication protocol enabling a direct communication. [0016]-[0018]: the method comprising the following steps realized after the identification step of the cyber-attack by said at least one attacked vehicle: sending the report update to the central system from the at least one attacked vehicle according to the long range communication protocol, and further sending the report update to the plurality of vehicles of the fleet from the central system according to the long range communication protocol.) Subramanian does not explicitly disclose wherein the first threat report includes a threat score associated with the first potential threat. However, Denis teaches wherein the first threat report includes a threat score associated with the first potential threat. ([0028]: The report comprises a confidence level (e.g., threat score) which is associated with the anomaly detected.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian. One would have been motivated to do so because there are cases of false positives, it is desirable to include a confidence level associated with the anomaly detected. As taught by Denis, [0028]. Subramanian and Denis do not explicitly disclose wherein the threat score is determined based on whether another threat report including the first potential threat was received. However, Chaoji teaches wherein the threat score is determined based on whether another threat report including the first potential threat was received. (Col 14 line 65 – Col 15 line 5: One or more sources that can be used to verify, or strengthen the case, that policies were in fact violated by some devices or clients. For example, with respect to certain types of policy violations, multiple reports or allegations of such violations from respective independent entities (e.g., another threat report including the first potential threat) may serve to increase the confidence level that the violations have in fact occurred.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian. One would have been motivated to do so because one or more sources that can be used to verify, or strengthen the case, that policies were in fact violated by some devices or clients. For example, with respect to certain types of policy violations, multiple reports or allegations of such violations from respective independent entities may serve to increase the confidence level that the violations have in fact occurred. As taught by Chaoji, Col 14 line 65 – Col 15 line 5. Regarding claim 4, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian teaches wherein the first threat report includes confidence information. ([0015]: The transmission of the report update realized according to the short range communication protocol is propagated/broadcasted from one vehicle to the other. [0030]: the intrusion detection and prevention system of each vehicle of the fleet is configured to spot and prioritize any report update received via the short range communication protocol for updating a prevention strategy of the intrusion detection and prevention system.) Regarding claim 5, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 4. Subramanian teaches wherein the confidence information indicates at least one of: the vehicular apparatus determined that the received wireless transmission included the first potential threat; ([0065]-[0066]: identifying the cyber-attack in said at least one attacked vehicle. The identification corresponds to the discovery, by the intrusion detection and prevention system IDPS of the at least one attacked vehicle, of at least one piece of malicious data among the wirelessly received data and the definition of a report update that characterizes said at least one piece of malicious data.) or the vehicular apparatus received a second threat report, the second threat report including an indication of the first potential threat. ([0015]: The transmission of the report update (e.g., include a second threat report) realized according to the short range communication protocol is propagated /broadcasted from one vehicle to the other . [0030]: the intrusion detection and prevention system of each vehicle of the fleet is configured to spot and prioritize any report update received via the short range communication protocol for updating a prevention strategy of the intrusion detection and prevention system.) Regarding claim 7, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian teaches wherein, to transmit the first threat report, the processor is configured to broadcast the first threat report via the vehicular communications system. ([0015]: The transmission of the report update (e.g., include the first threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other.) Regarding claim 8, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian teaches wherein, to transmit the first threat report, the processor is configured to transmit the first threat report to an internet-based service. ([0003]: It is known that all vehicles of a fleet can communicate with a central communication system via Internet. [0016]-[0018]: the method comprising the following steps realized after the identification step of the cyber-attack by said at least one attacked vehicle: sending the report update to the central system from the at least one attacked vehicle according to the long range communication protocol, and further sending the report update to the plurality of vehicles of the fleet from the central system according to the long range communication protocol.) Regarding claim 9, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian teaches wherein the processor is further configured to receive a broadcast message from a wireless device, the broadcast message including a second threat report, and wherein the first threat report is generated based on the second threat report. ([0015]: The transmission of the report update (e.g., include the second threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other (e.g., the first threat report generated based on the second threat report).) Regarding claim 10, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 9. Subramanian teaches wherein the second threat report includes information associated with a second potential threat, and ([0012]: a report update characterising the cyber-attack (e.g. include a second threat). [0015]: The transmission of the report update (e.g., include the second threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other .) wherein the processor is further configured to mitigate the second potential threat based on the information associated with the second potential threat. ([0030]: the intrusion detection and prevention system of each vehicle of the fleet is configured to spot and prioritize any report update received via the short range communication protocol for updating a prevention strategy of the intrusion detection and prevention system. [0051]-[0057]: various prevention actions can be taken.) Same rationale applies to the rejection of claim 29 (method) because it is substantially similar to claim 1 (vehicular apparatus). Same rationale applies to the rejection of claim 30 (method) because it is substantially similar to claim 2 (vehicular apparatus). Same rationale applies to the rejection of claim 31 (method) because it is substantially similar to claim 4 (vehicular apparatus) . 07-21-aia AIA Claim (s) 12 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US 20230072068 A1) in view of Denis (US 20200205006 A1), and in view of Levy (US 2020038947 A1) . Regarding claim 12, Subramanian teaches a wireless vehicular device for threat mitigation, the wireless vehicular device comprising: a memory; and a processor coupled to the memory and configured to: (Fig. 3. [0095]-[0096]) receive a threat report from a network node via a vehicular communications system, wherein the threat report includes information associated with a potential threat, and ([0012]: a report update (e.g. threat report) characterising the cyber-attack (e.g. potential threat). [0015]: The transmission of the report update (e.g., include the threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other .) wherein the network node generates the threat report based on a security detection procedure; and ([0065]-[0066]: identifying the cyber-attack in said at least one attacked vehicle. The identification corresponds to the discovery, by the intrusion detection and prevention system IDPS of the at least one attacked vehicle, of at least one piece of malicious data among the wirelessly received data and the definition of a report update that characterizes said at least one piece of malicious data.) mitigate the potential threat based on the information associated with the potential threat without performing the security detection procedure. ([0030]: the intrusion detection and prevention system of each vehicle of the fleet is configured to spot and prioritize any report update received via the short range communication protocol for updating a prevention strategy of the intrusion detection and prevention system. [0051]-[0057]: various prevention actions can be taken.) Subramanian does not explicitly disclose wherein the threat report includes a threat score associated with the potential threat. However, Denis teaches wherein the threat report includes a threat score associated with the potential threat ([0028]: The report comprises a confidence level (e.g., threat score) which is associated with the anomaly detected.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian. One would have been motivated to do so because there are cases of false positives, it is desirable to include a confidence level associated with the anomaly detected. As taught by Denis, [0028]. Subramanian and Denis do not explicitly disclose determine to mitigate the potential threat based on the threat score; and mitigate the potential threat based on the threat score associated with the potential threat. However, Levy teaches determine to mitigate the potential threat based on the threat score; and mitigate the potential threat based on the threat score associated with the potential threat. ([0021]: Based on the enriched data, a prioritized risk assessment is generated for each of one or more connected vehicles. Analytics may be generated based on commonalities among connected vehicles having risk scores above a threshold. Based on the prioritized risk scores, mitigation actions are performed .) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian. One would have been motivated to do so because as connected vehicles become more prominent, more advanced connected vehicle cybersecurity solutions become increasingly desirable. Existing threat detectors are limited. It would therefore be advantageous to provide a solution that would overcome the challenges noted above. Based on the enriched data, a prioritized risk assessment is generated for each of one or more connected vehicles. Analytics may be generated based on commonalities among connected vehicles having risk scores above a threshold. Based on the prioritized risk scores, mitigation actions are performed. As taught by Levy, [0006]-[0007] and [0021]. Regarding claim 14, Subramanian, Denis and Levy teach the wireless vehicular device of claim 12. Subramanian teaches wherein the security detection procedure comprises a process for detecting potential threats in a wireless transmission. (Abstract: to track data wirelessly received by said vehicle for identifying the cyber-attack. [0065]-[0066]: identifying the cyber-attack in said at least one attacked vehicle. The identification corresponds to the discovery, by the intrusion detection and prevention system IDPS of the at least one attacked vehicle, of at least one piece of malicious data among the wirelessly received data and the definition of a report update that characterizes said at least one piece of malicious data.) Regarding claim 15, Subramanian, Denis and Levy teach the wireless vehicular device of claim 12. Denis teaches wherein the wireless vehicular device is not configured to be able to perform the security detection procedure. ([0006]-[0008]: detecting by means of a station an anomaly relating to the vehicle; transmitting to the vehicle a report relating to the anomaly detected (directly or indirectly in relation to the station).) Denis clearly teaches the anomaly detection procedure is done by the station, not the vehicle device . 07-21-aia AIA Claim (s) 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US 20230072068 A1) in view of Denis (US 20200205006 A1), and in view of Chaoji (US 11424993 B1), and further in view of Han (US 20200413264 A1) . Regarding claim 2, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian, Denis and Chaoji do not explicitly disclose wherein the first threat report includes location information for the vehicular apparatus and a time associated with the first potential threat. However, Han teaches wherein the first threat report includes location information for the vehicular apparatus and a time associated with the first potential threat. ([0046]: If a cyber-attack event occurs, the decision data 133 may also include digital data (e.g., threat report) describing information about the cyber-attack event (e.g., a time, a location and description of the cyber-attack event, etc.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian, Denis and Chaoji. One would have been motivated to do so because it is desirable for a cyber-attack report to include various information regarding the cyber-attack event, such as a time, a location and description. As taught by Han, [0046]. Regarding claim 3, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 1. Subramanian, Denis and Chaoji do not explicitly disclose wherein the first threat report is transmitted as a part of another message. However, Han teaches wherein the first threat report is transmitted as a part of another message. ([0046]: The decision data 133 may include digital data that describes whether a cyber-attack event occurs. If a cyber-attack event occurs, the decision data 133 may also include digital data (e.g., threat report) describing information about the cyber-attack event (e.g., a time, a location and description of the cyber-attack event, etc.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian, Denis and Chaoji. One would have been motivated to do so because it is desirable for a cyber-attack decision message to include additional information regarding the cyber-attack event, such as a time, a location and description. As taught by Han, [0046] . 07-21-aia AIA Claim (s) 11 is rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US 20230072068 A1) in view of Denis (US 20200205006 A1), and in view of Chaoji (US 11424993 B1), and further in view of Hayward (US 20230048622 A1) . Regarding claim 11, Subramanian, Denis and Chaoji teach the vehicular apparatus of claim 10. Subramanian teaches wherein, to mitigate the second potential threat, the processor is configured to: block a wireless station associated with the second potential threat; and ([0051]: The primary preventive actions could be to block the IP address (e.g. block the wireless station) that is sending malicious code to execute or carrying out manual attack) determine the wireless transmission includes the first potential threat based at least in part on the information associated with the second potential threat. ([0015]: The transmission of the report update (e.g., include the second threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other .) Subramanian, Denis and Chaoji do not explicitly disclose wherein, to mitigate the second potential threat, the processor is configured to: change a route of the vehicular apparatus to avoid a location associated with the second potential threat. However, Hayward teaches wherein, to mitigate the second potential threat, the processor is configured to: change a route of the vehicular apparatus to avoid a location associated with the second potential threat. ([0145]-[0146]: to facilitate the calculation of a new alternate travel route that avoids the location of the identified anomaly . Controller 340 may execute instructions stored in route calculation routine 359 to facilitate the receipt of an alternate route that avoids the location of the identified anomaly.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian, Denis and Chaoji. One would have been motivated to do so because it is desirable to facilitate additional or alternative corrective actions when an anomaly (e.g., abnormal condition, etc.) is identified. Controller may execute instructions stored in route calculation routine to facilitate the calculation of a new alternate travel route that avoids the location of the identified anomaly. As taught by Hayward, [0145] . 07-21-aia AIA Claim (s) 13 is rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US 20230072068 A1) in view of Denis (US 20200205006 A1), and in view of Levy (US 2020038947 A1), and further in view of Hayward (US 20230048622 A1) . Regarding claim 13, Subramanian, Denis and Levy teach the wireless vehicular device of claim 12. Subramanian teaches wherein, to mitigate the second potential threat, the processor is configured to: block a wireless station associated with the second potential threat; and ([0051]: The primary preventive actions could be to block the IP address (e.g. block the wireless station) that is sending malicious code to execute or carrying out manual attack) determine the wireless transmission includes the first potential threat based at least in part on the information associated with the second potential threat. ([0015]: The transmission of the report update (e.g., include the second threat report) realized according to the short range communication protocol is propagated / broadcasted from one vehicle to the other .) Subramanian, Denis and Levy do not explicitly disclose wherein, to mitigate the second potential threat, the processor is configured to: change a route of the vehicular apparatus to avoid a location associated with the second potential threat. However, Hayward teaches wherein, to mitigate the second potential threat, the processor is configured to: change a route of the vehicular apparatus to avoid a location associated with the second potential threat. ([0145]-[0146]: to facilitate the calculation of a new alternate travel route that avoids the location of the identified anomaly . Controller 340 may execute instructions stored in route calculation routine 359 to facilitate the receipt of an alternate route that avoids the location of the identified anomaly.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into Subramanian, Denis and Levy. One would have been motivated to do so because it is desirable to facilitate additional or alternative corrective actions when an anomaly (e.g., abnormal condition, etc.) is identified. Controller may execute instructions stored in route calculation routine to facilitate the calculation of a new alternate travel route that avoids the location of the identified anomaly. As taught by Hayward, [0145] . Allowable Subject Matter 12-151-07 AIA 07-97 12-51-07 Claim s 16-20, 23, and 26-28 are allowed. 13-03-01 AIA The following is a statement of reasons for the indication of allowable subject matter: Independent claim 16 has been amended by incorporating the previously indicated allowable subject matters recited in claim 25 and the intervening claims . Response to Arguments Applicant’s arguments, see pages 9-12 of the Remarks, filed on 05/08/2026, with respect to the rejection(s) of independent claims 1 and 29, claim 12 and their dependent claims under 35 U.S.C. § 103 have been fully considered but are moot in view of new ground(s) of rejection. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZI YE whose telephone number is (571)270-1039. The examiner can normally be reached Monday - Friday, 8:00am - 4:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 5712723865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ZI YE/Primary Examiner, Art Unit 2455 Application/Control Number: 18/664,075 Page 2 Art Unit: 2455 Application/Control Number: 18/664,075 Page 3 Art Unit: 2455 Application/Control Number: 18/664,075 Page 4 Art Unit: 2455 Application/Control Number: 18/664,075 Page 5 Art Unit: 2455 Application/Control Number: 18/664,075 Page 6 Art Unit: 2455 Application/Control Number: 18/664,075 Page 7 Art Unit: 2455 Application/Control Number: 18/664,075 Page 8 Art Unit: 2455 Application/Control Number: 18/664,075 Page 9 Art Unit: 2455 Application/Control Number: 18/664,075 Page 10 Art Unit: 2455 Application/Control Number: 18/664,075 Page 11 Art Unit: 2455 Application/Control Number: 18/664,075 Page 12 Art Unit: 2455 Application/Control Number: 18/664,075 Page 13 Art Unit: 2455 Application/Control Number: 18/664,075 Page 14 Art Unit: 2455 Application/Control Number: 18/664,075 Page 15 Art Unit: 2455 Application/Control Number: 18/664,075 Page 16 Art Unit: 2455 Application/Control Number: 18/664,075 Page 17 Art Unit: 2455