Prosecution Insights
Last updated: July 17, 2026
Application No. 18/782,243

METHOD FOR SAFEGUARDING A VEHICLE WITH VEHICLE SECURITY TECHNOLOGY

Final Rejection §103
Filed
Jul 24, 2024
Priority
Aug 25, 2023 — DE 10 2023 208 139.3
Examiner
HAJIABBASI, AMIR MAHDI
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Robert Bosch GmbH
OA Round
2 (Final)
86%
Grant Probability
Favorable
3-4
OA Rounds
7m
Est. Remaining
95%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allowance Rate
24 granted / 28 resolved
+27.7% vs TC avg
Moderate +9% lift
Without
With
+8.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
9 currently pending
Career history
39
Total Applications
across all art units

Statute-Specific Performance

§103
87.0%
+47.0% vs TC avg
§112
8.7%
-31.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 28 resolved cases

Office Action

§103
CTFR 18/782,243 CTFR 99716 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claim 1-4, 7-11 are pending. Claims 1, 8, and 9 are independent. Claims 1-3, 7-9 have been amended. Claims 10 and 11 are new. Claims 5 and 6 have been canceled. Amendments to the claims have been accepted. Response to Arguments 07-38-01 AIA Applicant’s arguments, see p.7 (p.1 of Remarks) , filed 03/09/2026 , with respect to 35 U.S.C. § 101 have been fully considered and are persuasive. The rejection of claim 9 of 12/11/2025 has been withdrawn. 07-38-01 AIA Applicant’s arguments, see p.10 (p.4 of Remarks) , filed 03/09/2026 , with respect to the rejection of claims 5 and 6 under 35 U.S.C. § 103 have been fully considered and are persuasive. The rejection of claims 5 and 6 of 12/11/2025 has been withdrawn. 07-38-02 AIA Applicant’s arguments, see pp. 7-10 (pp. 1-4 of Remarks) , filed 03/09/2026 , with respect to the rejection(s) of claim(s) 1, 8, and 9 under 35 U.S.C. § 102(a)(1) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of 35 U.S.C. § 103 (Filipek in view of Morita) . 07-38-02 AIA Applicant’s arguments, see p.10 (p.4 of Remarks) , filed 03/09/2026 , with respect to the rejection(s) of claim(s) 2-4 under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of 35 U.S.C. § 103 (Filipek in view of Morita and Park) . 07-38-02 AIA Applicant’s arguments, see pp.10-11 (pp.4-5 of Remarks) , filed 03/09/2026 , with respect to the rejection(s) of claim(s) 7 under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of 35 U.S.C. § 103 ( Filipek in view of Morita and Costa ) . Applicant’s arguments with respect to claim(s) 10-11 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument . Claim Rejections - 35 USC § 103 07-103 AIA The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. 07-21-aia AIA Claim (s) 1, 8-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Filipek (FILIPEK et al., US 20210026958 A1, cited in prior office action) in view of Morita (MORITA et al., US 20200242247 A1, cited in prior office action) . Regarding Claim 1, and substantially claims 8 and 9, Filipek teaches a method for safeguarding a vehicle with vehicle security technology, comprising the following steps: detecting, by a detection module an attack on the vehicle, wherein the detection module provides a description of the attack ( ¶23 teaches an HIDS detecting an attack and the ECU it's a part of reporting it to the cybersecurity controller with detailed information (description ) of the attack. ¶22 teaches the driving situation analysis controller predicting the vehicle environment in the near information and sending the information to determine a responsive action ); evaluating, by a decision module, the description of the attack, wherein the decision module assesses at least one measure against the attack based on a personal safety requirement and an attack security requirement, wherein the personal safety requirement represents a safety of at least one occupant of the vehicle or at least one road user ( ¶25, "For example, the vehicle sensors may utilize GPS location or speed signal data to determine that the vehicle is driving on a freeway at a high speed. The system may have various use cases scenarios or thresholds to determine if the vehicle is in a safe driving environment to reboot the vehicle system in the scenario of a cyber-attack .", ¶15 teaches that information can include passenger data ), and the attack security requirement represents a security against attacks on the vehicle ( ¶16, ¶17 teaches identifying how the security system of the vehicle may be configured to detect, prevent, mitigate, or respond to attacks ); and implementing, by an implementation module, the at least one measure based on the instructions, wherein the implementation module coordinates the instructions ( ¶31, "Thus, a security protocol or posture may be identified that lists out the various actions that need to be implemented in response to the vehicle state inputs. At step 409, the system may send the security posture update to be executed by the cybersecurity controller 101. Thus, the cybersecurity controller 101 may send various commands to other controllers to activate or deactivate certain functions or modify the state of security-related services. For example, based on the desired security posture, the system may request the Wi-Fi, cellular, or Bluetooth controller to be activated or deactivated, intrusion detection algorithms may be enabled, disabled, or reconfigured, or general firewall rules are updated." ). Filipek does not teach but, in an analogous art, Morita teaches that evaluating the description of the attack includes providing or assessing the at least one measure via an attack security controller of the decision module (Fig. 2, Step 201-203, ¶38, ¶47, ¶53: On the acquisition of log information, the security suspiciousness verification section (attack security controller of the decision module ) verifies the existence of an abnormality of the car's security. Fig. 11: The measure for coping with the attack on the vehicle is dependent on the existence of the security abnormality (provides the measure)) , wherein the attack security controller provides or assesses the at least one measure based on the description of the attack while taking into account the attack security requirement ( ¶47, ¶53: Based on whether the log information (description of the attack) contains an abnormality degree that is larger than the threshold amount (taking into account the attack security requirement), the determination is made ); providing or assessing the at least one measure via a personal safety controller of the decision module (Fig. 2, Step 201, Step 204, Step 209, ¶54, ¶62: On the acquisition of log information, the safety abnormality verification section (personal safety controller of the decision module ) verifies the existence of an abnormality of the car's safety. Fig. 11: The measure for coping with the attack on the vehicle is dependent on the existence of the safety abnormality (provides the measure)) , wherein the personal safety controller provides or assesses the at least one measure based on the description of the attack while taking into account the personal safety requirement ( ¶57: Based on whether the log information (description of the attack) contains an abnormal state ID that has the same value and a safety abnormality ID (taking into account the personal safety requirement), the determination is made ); and providing instructions for implementing the at least one measure via a mediator module of the decision module (¶29-¶32, the coping content determination section determines which measure (coping with security or coping with safety ) is to be prioritized and what the measures are, where each measure has corresponding operations (instructions ) that are sent to the ECUs), wherein the mediator module communicates with the attack security controller and the personal safety controller to provide the instructions while taking into account the attack security requirement and the personal safety requirement (Fig. 11, ¶30-¶32, the coping content determination section makes its decision based on (communicates with ) calculations and judgments made by the security suspiciousness verification section (attack security controller, attack security requirement ) and the safety abnormality verification section (personal safety controller, personal safety requirement) . One of ordinary skill in the art prior to the effective filing date of the claimed invention could modify the method of Filipek to integrate the mediation of Morita, as both Filipek and Morita deal with determining which actions can be performed to mitigate security and safety issues in a vehicle environment responsive to a cyberattack, and Morita gives additional steps one could use on the security and sensor data for prioritization by separate components of a vehicle control system. It would be obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify Filipek using Morita to mediate between the requirements demanded of both the attack security controller and the personal safety controller because it allows for coping both for security issues and safety issues cause by an attack (Morita, ¶5) , but also for prioritizing either security or safety remediation based on the allowable time left to fix the issue if needed (Morita, Fig. 3, Step 304-306). Regarding Claim 10, Filipek in view of Morita teaches the method according to claim 1. Morita further teaches determining, by the decision module, a predetermined maximum permissible time before a safety hazard associated with the attack on the vehicle occurs ( Fig. 3, Step 302, ¶77, ¶78: The preliminary (predetermined) allowable time for safety coping with the detected safety abnormality is acquired before being adjusted (determining a maximum permissible time) depending on possible safety hazards, such as travelling in the rain requiring the allowable time to become shorter ); and identifying, by the decision module after determining the predetermined maximum permissible time, the at least one measure from among a plurality of measures that can be implemented within the predetermined maximum permissible time, wherein instructions for implementing the at least one measure are generated based on the identifying ( ¶104, "That is, if the total value of the predicted coping time is equal to or smaller than the allowable safety coping time for the safety coping in step 304, and it is judged that execution of the security coping is prioritized in step 306, the coping content determination section 18 determines the coping content in accordance with the judgement field 111." ) (see claim 1 for motivation to combine). Regarding Claim 11, Filipek in view of Morita teaches the method according to claim 10. Morita further teaches identifying, by the decision module after determining the predetermined maximum permissible time, at least one further measure from the plurality of measures that cannot be implemented within the predetermined maximum permissible time, wherein the at least one measure is implemented and the at least one further measure is not implemented ( ¶104, "Meanwhile, if it is judged that the total value of the predicted coping time is larger than the allowable time for the safety coping in step 304, and if it is judged that execution of the safety coping is prioritized in step 305, the coping content determination section 18 determines the coping content in accordance with the judgement field 112. In this case, the coping content determination section 18 executes the safety coping to cope with the safety abnormality indicated by the abnormal state ID 601 of the log information 29… One of the security coping and the safety coping whichever the execution priority is higher within the allowable coping time is executed. Then existence of the abnormality occurrence is monitored for a predetermined monitor time. If the abnormality no longer occurs, execution of the other coping may be omitted .", both measures cannot be implemented within the allowable time, one is implemented, the other can be omitted if it no longer is problem after the maximum permissible time has passed ) (see claim 1 for motivation to combine) . 07-22-aia AIA Claim (s) 2-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Filipek in view of Morita as applied to claim 1 above, and further in view of Park (PARK et al., US 20170270295 A1, cited in prior office action) . Regarding claim 2, Filipek in view of Morita teaches the method according to claim 1. Filipek in view of Morita does not teach but, in an analogous art, Park teaches monitoring the vehicle using at least one sensor, wherein the at least one sensor registers a plurality of events in the vehicle, wherein at least one event of the plurality of events are specific to a possible presence of the attack on the vehicle ( ¶34, "The local security device 101 can further include sensors 150 suitable to aid in the detection of abnormal system behavior indicative of a probable cyber security attack ", ¶152, "In the rules examples above, the monitored values (e.g., location with respect to the flight path and the speed) are evaluated for cyber-attacks by the local security device 101 onboard the vehicle." ). It would be obvious to one of ordinary skill prior to the effective filing date of the claimed invention to modify Filipek in view of Morita using Park to monitor the vehicle using a sensor for detecting an event regarding a probably cyber security attack because it allows the comparison of data from those sensors with expected system states to evaluate the system ( Park, ¶39 ). Regarding claim 3, Filipek in view of Morita and Park teaches the method according to claim 2. Park further teaches the detecting further includes the following step: filtering the plurality of events to provide a selection of the plurality events as qualified events, wherein the qualified events are determined by a filter by using at least one defined criterion, wherein the at least one defined criterion is specific to the possible presence of the attack on the vehicle ( Park, ¶84 teaches that the sensor values are compared against a threshold (filtered by a defined criterion) to determine if a rule match regarding the enaction of cybersecurity policies has its conditions met ) (see claim 2 for motivation to combine). Regarding claim 4, Filipek in view of Morita and Park teaches the method according to claim 3. Park further teaches that the detecting further includes the following step: analyzing the qualified events, via a recognition module, in order to classify each qualified event as an attack via the recognition module based on at least one defined attack signature and/or a deviation from an expected behavior ( ¶85-¶86 teaches using the rule match as a form of analysis of the events. ¶34 teaches detecting that the system behavior is abnormal. ¶164, "A control device 105 operably coupled with the local security devices 101 can monitor for anomalies in the characteristics of the containers and alert operators or port managers to a detected threat, thus allowing for corrective actions including manual intervention from a human." ) (see claim 2 for motivation to combine) . 07-22-aia AIA Claim (s) 2-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Filipek in view of Morita as applied to claim 1 above, and further in view of Costa (Jales Costa et al., US 20200017116 A1, cited in prior office action) . Regarding Claim 7 , Filipek in view of Morita teaches the method according to claim 1. Filipek in view of Morita does not teach but, in an analogous art, Costa teaches monitoring and coordinating the instructions via a response controller of the implementation module, wherein the response controller is connected to at least one actuator in order to implement the at least one measure with the at least one actuator ( ¶39, in response to an anomaly, interventions can be made, such as inputting pre-defined fallback signals to the actuators of the vehicle being driven to perform safety procedures such as decelerating to a safe speed or bringing the vehicle to a stop. ¶19, "Processor(s) 202 include one or more processors or controllers that execute instructions stored in memory device(s) 204 and/or mass storage device(s) 208 .", ¶32, "Referring to FIG. 4, the illustrated method 400 may be executed by the controller 102 of a vehicle, such as the autonomous vehicle of FIG. 1 using the anomaly detection module 110d." ). It would be obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify Filipek in view of Morita using Costa to monitor and coordinate the provided instructions via a controller connected to an actuator to implement the protective measure because actuators are what allow control over the vehicle ( Costa, ¶34, "The method 400 further include detecting 404 features in the sensor outputs such as obstacles, road surfaces, road signs, pedestrians, other vehicles, or the like. Vehicle control signals are then generated 406 for actuators 112 of the vehicle in order to traverse a trajectory determined according to the features." ) Conclusion 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Grimm (Grimm et al., 'Context-Aware Security for Vehicles and Fleets: A Survey', 2021) teaches being aware of the context of the vehicle, including the vehicle's security status and the status of the passengers and vehicle sensors, for determining how to handle a cyber-attack on the vehicle. Haga (Haga et al., US 10328874 B2) teaches providing or assessing the at least one measure via a personal safety controller of the decision module ( 9:46-50, "The level interpreting unit 120 also notifies the vehicular safety state instruction unit 150 of instructions (execution instructions for anomaly handling processing) to transition to a safe state in accordance with the security level indicated by level information ", the level interpreting unit (personal safety controller of the decision module ) notifies the vehicular safety state instruction unit (mediator module ) of the execution instructions (measure) ), wherein the personal safety controller provides or assesses the at least one measure based on the description of the attack while taking into account the personal safety requirement ( 9:36-38, "The level interpreting unit 120 references the anomaly information indicating the content of the anomaly detection, determines level information indicating a security level ", the security level (taking into account the personal safety requirement, see 15:14-34 for description of security level being escalated on the level of safety affected by the attack ) is determined in view of the anomaly information (description of the attack, see 9:23-27 for additional description of anomaly information) ); and providing instructions for implementing the at least one measure via a mediator module of the decision module (10:15-22, "The vehicular safety state instruction unit 150 executes anomaly handling processing upon having received an instruction from the level interpreting unit 120 (execution instruction for anomaly handling processing)...thereby giving the parts (the ECUs and so forth) within the vehicle instructions" ), wherein the mediator module communicates with the personal safety controller to provide the instructions while taking into account the personal safety requirement ( 9:36-38, 9:46-50 ). Petit (PETIT et al., US 20240137767 A1) teaches sending messages to other vehicles nearby so that they can determine responsive actions to maintain system safety and/or security (¶98). Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL . See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIR MAHDI HAJIABBASI whose telephone number is (703)756-5511. The examiner can normally be reached M-F 7:30-5 EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at (571) 270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /A.M.H./ Amir Mahdi HajiabbasiExaminer, Art Unit 2407 /David Garcia Cervetti/Primary Examiner, Art Unit 2409 Application/Control Number: 18/782,243 Page 2 Art Unit: 2407
Read full office action

Prosecution Timeline

Jul 24, 2024
Application Filed
Dec 11, 2025
Non-Final Rejection mailed — §103
Mar 09, 2026
Response Filed
Jun 04, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682071
Software Security Defect Prediction Methods and Devices
2y 5m to grant Granted Jul 14, 2026
Patent 12682045
FAULT-ATTACK ANALYSIS DEVICE AND METHOD
2y 7m to grant Granted Jul 14, 2026
Patent 12670266
SECURE MULTI-PARTY COMPUTATION
2y 9m to grant Granted Jun 30, 2026
Patent 12664270
CONNECTED ASSET RISK MANAGEMENT
2y 3m to grant Granted Jun 23, 2026
Patent 12647447
PREDICTIVE MODELS FOR EXTENDED DETECTION AND RESPONSE (XDR) SYSTEMS
2y 9m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
86%
Grant Probability
95%
With Interview (+8.9%)
2y 6m (~7m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 28 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month