IN-VEHICLE DEVICE, PROGRAM, AND INFORMATION PROCESSING METHOD

§101 §103

Notice of Pre-AIA or AIA Status The present application is being examined under the pre-AIA first to invent provisions. DETAILED ACTION This action is in response to application filed 11/24/2025. Claim 1-8, 10-15 is pending in this application. Response to Arguments Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/24/2025 has been placed in record and considered by the examiner. Claim Rejections - 35 USC § 101 The 35 U.S.C. 101 rejection for claim 13 presented on the previous Office Action is withdrawn in view of applicant’s amendments. Claim Objections Claims 10-12 are objected to because of the following informalities: Claims 10-12 depend on cancelled claim 9. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-2, 5, 7-8, 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Moriya (US 2020/0186556 A1) in view of Tamura et al. (US 2021/0237665 A1) in further view of MaedaII et al. (US 2018/0167360 A1). Regarding claim 1, Moriya discloses an in-vehicle device to be connected to an in-vehicle Electronic Control Unit ("ECU") mounted on a vehicle such that communication is available ([0019]: The in-vehicle apparatus 1 is exemplarily an ECU controlling individual units of a vehicle. The software execution unit 2 executes software controlling devices to be controlled (actuators and the like) and software implementing various driving support functions, and thereby, provides a control function of the vehicle), the device comprising: a control unit performing processing relevant to transmission data transmitted from the in-vehicle ECU ([0019]: The intrusion detection unit 11 and the communication history collection unit 12 are connected to a bus 13 of a network, and constitute a monitoring apparatus 3 which monitors messages flowing on the bus 13 and records history information as needed. [0023]: The acquisition unit 15 is connected to the bus 13, and sequentially receives messages which another in-vehicle apparatus sends to the bus 13.), wherein the control unit receives the transmission data transmitted from the in- vehicle ECU, registers the received transmission data in association with a reception time point of the transmission data in a chronological database ([0023]: the acquisition unit 15 has a data value buffer 16 for temporarily storing data values included in the messages, and a reception time point buffer 17 for temporarily storing reception time points of the messages. Each of the data value buffer 16 and the reception time point buffer 17 has a predetermined number of data storage areas (three in the example of FIG. 2), stores data regarding a predetermined number of continuous messages that have an identical identifier in an FIFO manner. Every time when receiving a message sent to the bus 13, the acquisition unit 15 stores a data value included in the received message and a reception time point of the message in the data value buffer 16 and the reception time point buffer 17), specifies abnormal transmission data from the transmission data registered in the chronological database, and registers information relevant to the specified abnormal transmission data in an abnormality history database ([0026], [0029]: when any of the difference between the data values and the difference between the reception time points do/does not satisfy the predefined condition(s), determines that the received message is abnormal data. When determining that the received message is abnormal, the first determination unit 21 outputs an abnormality report indicating that the received message is abnormal to the communication history collection unit 12. The first determination unit 21 and the presence or absence of the suspiciousness report output from the second determination unit 22, and outputs the calculation result to the recording unit 26. Specifically, when the abnormality report or the suspiciousness report is input into the logical sum calculator 25, the logical sum calculator 25 outputs a signal for instructing the recording unit 26 to record history information). However, Moriya does not disclose wherein the control unit specifies transmission data having attackability among the abnormal transmission data registered in the abnormality history database, and registers information relevant to the specified transmission data having attackability in an attack detection database. In an analogous art, Tamura discloses wherein the control unit specifies transmission data having attackability among the abnormal transmission data registered in the abnormality history database ([0288]: First, obtainer 402 receives the anomaly detection result from detector 401, and stores the received anomaly detection result in storage 404 (S201), and registers information relevant to the specified transmission data having attackability in an attack detection database ([0289]: processor 403 determines whether or not the sorted plurality of anomaly detection results match a predetermined attack order (S204). Information indicating the predetermined attack order may be stored in storage 404 in advance). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya to comprise “wherein the control unit specifies transmission data having attackability among the abnormal transmission data registered in the abnormality history database, and registers information relevant to the specified transmission data having attackability in an attack detection database” taught by Tamura. One of ordinary skilled in the art would have been motivated because it would have enabled the vehicle system may be capable of appropriately determining that an anomaly occurring along the predetermined penetration route is a malicious attack (Tamura, [0076). However, Moriya-Tamura does not disclose wherein the attackability is determined by a logical combination of abnormality condition in transmission data, the logical combination including a high transmission frequency and a rapid change in the signal. In an analogous art, MaedaII discloses wherein the attackability is determined by a logical combination of abnormality condition in transmission data, the logical combination including a high transmission frequency ([0043]: the transmission period examination parameter associated with the allowable range of the transmission period is updated based on the judgement result in terms of the frequency of frame transmission. For example, by changing the allowable range of the transmission period in the transmission period examination parameter to a narrower range in response to a detection of an abnormal frequency of transmission, there is a possibility that it is possible to properly detect an attack frame) and a rapid change in the signal ([0042]: the plurality of examination parameters may include the data examination parameter, the data examination parameter may include a threshold value indicating an upper limit of an allowable range in which the data stored in the data field is allowed to change, in the executing of the examination, in a case where a change in the data stored in the data field of the frame received by the receiver is greater than the threshold value in the data examination parameter, it may be judged that the frame is an attack frame). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya-Tamura to comprise “wherein the attackability is determined by a logical combination of abnormality condition in transmission data, the logical combination including a high transmission frequency and a rapid change in the signal” taught by MaedaII. One of ordinary skilled in the art would have been motivated because it would have enabled to detect an attack frame which is an invalid frame transmitted in a network used in communication by an electronic control unit installed in a vehicle (MaedaII, [0001). Regarding claim 2, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 1, wherein the control unit determines whether the transmission data received from the in-vehicle ECU is normal, registers the transmission data determined as normal in the chronological database (Moriya, fig. 3, [0007]: an acquisition unit that sequentially receives messages on the network, and stores, in a buffer, data values and reception time points of a predetermined number of received continuous messages for each of identifiers that the messages have. Note: normal messages are stored on buffer), and registers the transmission data determined as abnormal in the abnormality history database (Moriya, [0007]: when the second determination unit determines that the received message is the suspicious message, records, as a history, information including a data value and a reception time point of the suspicious message and data values and reception time points of a predetermined number of messages that have an identical identifier to an identifier of the suspicious message and are received before and after reception of the suspicious message). Regarding claim 5, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 1, wherein the control unit extracts a plurality of transmission data by using a predetermined search formula for the chronological database, and specifies the abnormal transmission data on the basis of an extraction result of the plurality of transmission data (Moriya, claim 1, [0007]: calculation unit that refers to the buffer to calculate a difference between data values of two continuous messages having an identical identifier; a second calculation unit that refers to the buffer to calculate a difference between reception time points of two continuous messages having an identical identifier… when the difference calculated by the first calculation unit or the second calculation unit does not satisfy a predetermined condition for determining abnormality is an abnormal message). Regarding claim 7, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 5, wherein in a period including the reception time point of the transmission data, the search formula for the chronological database includes a search condition relevant to at least one of a transmission frequency in a plurality of associated transmission data and a change degree of contents included in a payload (Moriya, [0026]: specifications of the devices include transmission cycles of periodically transmitted messages, transmission conditions of the messages, least transmission intervals of the messages, a range of data values included in the messages, a range of change amounts of the data values, the presence or absence of change in data values between continuous messages, and the like. These conditions are predefined for each of identifiers of messages. For example, the first determination unit 21 determines whether or not each of the difference between the data values calculated by the first calculation unit 18 and the difference between the reception time points calculated by the second calculation unit 19 satisfies the conditions of the data values and the conditions of the transmission intervals which conditions are predefined, and when any of the difference between the data values and the difference between the reception time points do/does not satisfy the predefined condition(s), determines that the received message is abnormal data). Regarding claim 8, Moriya-Tamura-MaedaII discloses the in-vehicle device according to any one of claim 1, wherein the control unit generates report information on the basis of the information registered in the chronological database and the abnormality history database, and outputs the generated report information to an external server outside the vehicle (Moriya, [0029]: The logical sum calculator 25 obtains a logical sum of the presence or absence of the abnormality report output from the first determination unit 21 and the presence or absence of the suspiciousness report output from the second determination unit 22, and outputs the calculation result to the recording unit 26. [0056]: the monitoring apparatus 3 may transmit the history information to the external server periodically or in response to requests from the external server). Regarding claim 10, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 9, wherein the control unit specifies the transmission data having attackability for the abnormality history database by using a search formula configured by combining a plurality of search conditions included in the search formula for the chronological database (MaedaII, [0155]: determine whether each of a plurality of predefined conditions is satisfied or not for a frame received from the receiver 410, the updater 420 has check functions corresponding to respective conditions, and the updater 420 determines which one of a plurality of examination parameters stored in the storage 430 is to be subjected to updating depending on a judgement result of each check function, and the updater 420 updates the examination parameter… the frequency-of-transmission check function judges that the condition is satisfied for one frame, the updater 420 may update the threshold value in the plurality of examination parameters used as contents of examinations on frames having the same ID as the ID of the one frame such that the corresponding allowable range is narrowed. Furthermore, when a predetermined condition is satisfied for a frame received by the receiver 410, the updater 420 may judge that this frame is an attack frame). The same rationale applies as in claim 1. Regarding claim 11, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 9, wherein the control unit implements a countermeasure for the specified transmission data having attackability, and registers information relevant to the implemented countermeasure in association with the transmission data having attackability in the attack detection database (Tamura, [0296]: controller 120 receives the information including the determination result from external apparatus 150 via in-vehicle apparatus 110, and changes or maintains the communication method with the exterior, the defense method with respect to malicious attacks, and the storage method for logs, according to the information including the determination result). The same rationale applies as in claim 1. Regarding claim 12, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 9, wherein the control unit outputs the information registered in the attack detection database to the external server outside the vehicle (Tamura, [0294]: Then, according to the depth of penetration of the tentatively-determined malicious attack, controller 120 changes the communication method with the exterior, the defense method with respect to malicious attacks, and the storage method for logs. Controller 120 then transmits the logs to external apparatus 150 according to the changed communication method). The same rationale applies as in claim 1. Regarding claims 13 and 14; the claims are interpreted and rejected for the same reason as set forth in claim 1. Claims 3 are rejected under 35 U.S.C. 103 as being unpatentable over Moriya in view of Tamura in view of MaedaII, as applied to claim 2, in view of Tanabe et al. (US 2017/0078884 A1). Regarding claim 3, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 2. However, Moriya-Tamura-MaedaII does not disclose wherein when the transmission data received from the in-vehicle ECU is included in a normal data list set in advance, the control unit determines that the transmission data is normal. In an analogous art, Tanabe discloses wherein when the transmission data received from the in-vehicle ECU is included in a normal data list set in advance, the control unit determines that the transmission data is normal ([0157]: Gateway device 300 is disposed between first CAN bus 200a and second CAN bus 200b in order to prevent an increase in the communication traffic, for example. White list 310 is held in gateway device 300. In the white list, a message of which transfer to a different CAN system via gateway device 300 is permitted in advance, a transfer direction of the message (a transmission direction of the message such as “from first CAN bus 200a to second CAN bus 200b” or “from second CAN bus 200b to first CAN bus 200a”), and a CANID of a message are held (stored) by being associated with each other). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya-Tamura-MaedaII to comprise “wherein when the transmission data received from the in-vehicle ECU is included in a normal data list set in advance, the control unit determines that the transmission data is normal” taught by Tanabe. One of ordinary skilled in the art would have been motivated because it would have enabled to list messages that are permitted on advance (Tanabe, [0157]). Claims 4 are rejected under 35 U.S.C. 103 as being unpatentable over Moriya in view of Tamura in view of MaedaII, as applied to claim 2, in view of Haga et al. (US 2020/0137099 A1). Regarding claim 4, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 2. However, Moriya-Tamura-MaedaII does not disclose wherein when an error is detected in at least one of an authorization code, an inspection code, and a form included in the transmission data received from the in-vehicle ECU, the control unit determines that the transmission data is abnormal. In an analogous art, Haga discloses wherein when an error is detected in at least one of an authorization code, an inspection code, and a form included in the transmission data received from the in-vehicle ECU, the control unit determines that the transmission data is abnormal ([0157]: As for CAN frames for which a rule #3 is defined as the detection rule, the abnormality detection processor 104 of the automated driving DCU 100 performs an abnormality detection by checking a message authentication code of each CAN frame. In the case of the rule #3, it is reassumed that the automated driving DCU 100 has acquired in advance a shared MAC key for use in authentication. That is, in this case, if the message authentication code is equal to the MAC key, the abnormality detection processor 104 determines that the CAN frame is valid, but otherwise the abnormality detection processor 104 determines that the CAN frame is abnormal). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya-Tamura-MaedaII to comprise “wherein when an error is detected in at least one of an authorization code, an inspection code, and a form included in the transmission data received from the in-vehicle ECU, the control unit determines that the transmission data is abnormal” taught by Haga. One of ordinary skilled in the art would have been motivated because it would have enabled to determine valid CAN frame based on the message authentication code (Haga, [0157]). Claims 6 are rejected under 35 U.S.C. 103 as being unpatentable over Moriya in view of Tamura in view of MaedaII, as applied to claim 5, in view of Maeda et al. (US 2020/0389475 A1). Regarding claim 6, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 5. However, Moriya-Tamura-MaedaII does not disclose wherein the control unit cyclically performs extraction processing of the transmission data using a search formula for the chronological database, and a cycle of cyclically extraction processing is longer than a reception frequency of the transmission data transmitted from the in-vehicle ECU. In an analogous art, Maeda discloses wherein the control unit cyclically performs extraction processing of the transmission data using a search formula for the chronological database ([0099]: matching with a pattern where a data value is a constant difference or ratio as to a data value of a message of another particular ID is performed by calculating the difference or ratio between the data value in the received message and the data value of the message of another particular ID received at a corresponding cycle and performing determination based on whether or not the results of calculation match the difference or ratio notified from the communication pattern identifying unit 374), and a cycle of cyclically extraction processing is longer than a reception frequency of the transmission data transmitted from the in-vehicle ECU ([0154]: an arrangement may be made where when the first message is received within the margin of the planned reception time T, information relating to the received message is stored in the reference message candidate storing unit 378 b as a reference message candidate, and thereafter, each time a message is received within the margin of the planned reception time T). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya-Tamura-MaedaII to comprise “wherein the control unit cyclically performs extraction processing of the transmission data using a search formula for the chronological database, and a cycle of cyclically extraction processing is longer than a reception frequency of the transmission data transmitted from the in-vehicle ECU” taught by Maeda. One of ordinary skilled in the art would have been motivated because it would have enabled for detecting communication of an unauthorized message on an onboard network (Maeda, [0002). Claims 15 are rejected under 35 U.S.C. 103 as being unpatentable over Moriya in view of Tamura in view of MaedaII, as applied to claim 1, in view of Kishikawa et al. (US 2018/0302422 A1). Regarding claim 15, Moriya-Tamura-MaedaII discloses the in-vehicle device according to claim 1. However, Moriya-Tamura-MaedaII does not disclose wherein transmission data having attackability is classified and a content of the transmission data is identified. In an analogous art, Kishikawa wherein transmission data having attackability is classified and a content of the transmission data is identified ([0200]: A combination of unauthorized activity determination results, intrusion determination results, and MAC verification results enables classifying unauthorized states (abnormality of data frames of a particular ID, data frames with a high degree of abnormality, an ECU regarding which the probability of being abnormal is high, abnormality in the relation between data frames of different IDs, etc.) into multiple classifications, and performing appropriate handling for each of these). Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Moriya-Tamura-MaedaII to comprise “wherein transmission data having attackability is classified and a content of the transmission data is identified” taught by Kishikawa. One of ordinary skilled in the art would have been motivated because it would have enabled performing appropriate handling for abnormal data frames (Kishikawa, [0200]). Additional References The prior art made of record and not relied upon is considered pertinent to applicants disclosure. Takeda et al., US 2019/0031202 A1: Vehicle Control System, Vehicle Control Method, and Vehicle Control Program. Kodama et al., US 2019/0084580 A1: Communication System. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUAN C TURRIATE GASTULO whose telephone number is (571)272-6707. The examiner can normally be reached Monday - Friday 8 am-4 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian J Gillis can be reached at 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /J.C.T/Examiner, Art Unit 2446 /BRIAN J. GILLIS/Supervisory Patent Examiner, Art Unit 2446