Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-18 remain for examination. Claims 1 and 11-12 have been amended. Claims 13-18 have been added. Applicant's arguments filed on 02/05/2026 have been fully considered but they are moot in view of the new ground(s) of rejection necessitated by the amendments. Accordingly, this action has been made final.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-18 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over MIZAWA, et al., U.S. Pub. No. 20250208845 A1 (hereinafter referred to as MIZAWA) in view of FURUYAMA US 20240403159 A1, in further view of GUAJARDO US 20250045410 A1.
As to claim 1, MIZAWA discloses a vulnerability information processing apparatus comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the vulnerability information processing apparatus to (MIZAWA Pa. [0063]) [The server device 1 may be a computer that includes a processor (e.g., a central processing unit (CPU) or a graphics processing unit (GPU)), a main storage device (e.g., a random access memory (RAM) or a read only memory (ROM)), and an auxiliary storage device (e.g., an erasable programmable read only memory (EPROM), a hard disk drive, or a removable medium)]: store, in a software configuration database, configuration information of software that needs to be managed; store, in a vulnerability database, vulnerability information of the software (MIZAWA Pa. [0003]) [system that manages vulnerability of software using a database that stores configuration information on a software product]
It is noted that MIZAWA does not appear explicitly disclose calculate, by a text generation unit, a countermeasure priority for the software based on the configuration information and the vulnerability information.
However, FURUYAMA discloses calculate, by a text generation unit, a countermeasure priority for the software based on the configuration information and the vulnerability information (FURUYAMA Pa. [0097]) [The priority calculation unit 171 calculates the priority of the countermeasure related to the anomaly. Specifically, the priority calculation unit 171 generates the degree of risk of the detected anomaly. The degree of risk is an index relevant to the risk of the detected anomaly. For example, it is assumed that vulnerability is detected in the communication device 200-2. For example, the priority calculation unit 171 may generate the degree of risk according to the number of vulnerabilities. The priority calculation unit 171 may generate the degree of risk according to the type of influence considered when the vulnerability is attacked]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by FURUYAMA to the code programing of MIZAWA would have yield predictable results and resulted in an improved system, namely, a system that would provide storage means that stores configuration information related to each of a plurality of devices included in a system, a first identification means that identifies configuration information
Furthermore, it is noted that the combination of MIZAWA and, FURUYAMA does not appear explicitly disclose generate, by the text generation unit, a text regarding vulnerability of the software for transmission to at least one of a developer and a customer based on the calculated countermeasure priority, wherein the text is at least one of an inquiry text to the developer and a report text to the customer.
However, GUAJARDO discloses generate, by the text generation unit, a text regarding vulnerability of the software GUAJARDO Pa. [0069]) [At 412, the method 400 generates an alarm (e.g., an audio or visual indicator, a text message, a warning or check engine light, etc.) and instructions to a user or driver for having the vulnerability fixed] for transmission to at least one of a developer and a customer based on the calculated countermeasure priority, wherein the text is at least one of an inquiry text to the developer and a report text to the customer (GUAJARDO Pa. [0063]) [At 312, the method 300 (e.g., the test controller) generates a vulnerability entry corresponding to the identified vulnerability and transmits the vulnerability entry to the vulnerability database 252. In some examples, the vulnerability entry (e.g., the vulnerability information vector) may be validated by a validation process prior to being stored in the database. For example, the validation process may be performed by a developer or “other user” (read customer)]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 2, the combination of MIZAWA FURUYAMA and GUAJARDO discloses further comprising: a transmission/reception history database configured to store transmission/reception history with a developer and a customer of the software (FURUYAMA Pa. [0048]) [the operation information may include an operation log, an update history, and the like, relevant to the software related to each of the SW configuration information pieces], wherein the text generation unit calculates the countermeasure priority based on the configuration information, the vulnerability information (FURUYAMA Pa. [0096]) [the monitoring apparatus may calculate
the priority of the countermeasure according to the degree of risk of the anomaly, and implement the countermeasure according to the priority], and the transmission/reception history (FURUYAMA Pa. [0048]) [the operation information may include an operation log, an update history, and the like, relevant to the software related to each of the SW configuration information pieces]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by FURUYAMA to the code programing of MIZAWA would have yield predictable results and resulted in an improved system, namely, a system that would provide storage means that stores configuration information related to each of a plurality of devices included in a system, a first identification means that identifies configuration information related to a first device for which an agent for collecting information is not set, among the plurality of devices (FURUYAMA Pa. [0007])
As to claim 3, the combination of MIZAWA FURUYAMA and GUAJARDO fails to disclose wherein the text generation unit generates the text for the developer or the customer whose the countermeasure priority exceeds a threshold.
However, GUAJARDO discloses wherein the text generation unit generates the text for the developer or the customer whose the countermeasure priority exceeds a threshold (GUAJARDO Pa. [0063]) [At 312, the method 300 (e.g., the test controller) generates a vulnerability entry corresponding to the identified vulnerability and transmits the vulnerability entry to the vulnerability database 252. In some examples, the vulnerability entry (e.g., the vulnerability information vector) may be validated by a validation process prior to being stored in the database. For example, the validation process may be performed by a developer or “other user” (read customer)] [0031] [A deviation larger than a first threshold (e.g., T1) for the corresponding software task may indicate an anomaly.]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 4, the combination of MIZAWA FURUYAMA and GUAJARDO discloses further comprising: a customer product database configured to store customer product information of the software (MIZAWA Pa. [0083]) [he information providing unit 112 generates software information about the final software product based on the module information stored in the storage unit 12 and the distributed database, and provides the software information to the company terminal 2- (0044)- the software modules respectively produced by a plurality of suppliers will be referred to simply as “modules”, and the final software product will be referred to as a “final software product”. In one example, the final software product may be supplied to consumers], wherein the text generation unit calculates the countermeasure priority based on the configuration information, the vulnerability information (FURUYAMA Pa. [0096]) [the monitoring apparatus may calculate the priority of the countermeasure according to the degree of risk of the anomaly, and implement the countermeasure according to the priority], the transmission/reception history, and the customer product information (FURUYAMA Pa. [0048]) [the operation information may include an operation log, an update history, and the like, relevant to the software related to each of the SW configuration information pieces]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 5, the combination of MIZAWA FURUYAMA and GUAJARDO discloses wherein the text is at least one of an inquiry text to the developer and a report text to the customer (GUAJARDO Pa. [0063]) [At 312, the method 300 (e.g., the test controller) generates a vulnerability entry corresponding to the identified vulnerability and transmits the vulnerability entry to the vulnerability database 252. In some examples, the vulnerability entry (e.g., the vulnerability information vector) may be validated by a validation process prior to being stored in the database. For example, the validation process may be performed by a developer or “other user” (read customer)] - (MIZAWA Pa. [0083]) [the validation process may be performed by a developer or other user, an artificial intelligence or other algorithm (e.g., executed by the test controller 224, the VSOC 212, etc., and/or combinations thereof] (MIZAWA Pa. [0038]) [The first software may be software to be finally provided to consumers]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 6, the combination of MIZAWA FURUYAMA and GUAJARDO discloses further comprising: a prompt template with a placeholder, wherein the text generation unit creates a prompt based on at least one of the configuration information and the vulnerability information input to the placeholder and inputs the created prompt into a machine learning model to generate the text (MIZAWA Pa. [0071]) [the vulnerability entry may also include a vulnerability fingerprint. In some examples, a machine learning or deep neural network model may be applied to the execution of the software program on the system under test 220 while the fuzzing inputs are supplied.]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 7, the combination of MIZAWA FURUYAMA and GUAJARDO discloses wherein the text generation unit creates the prompt based on at least one of the configuration information, the vulnerability information, the transmission/reception history, the customer product information, and the countermeasure priority input to the placeholder (GUAJARDO Pa. [0008]) [the vulnerability entry in response to a determination that the vulnerability entry does not match any of the previously detected vulnerabilities and generate an alarm in response to detecting the vulnerability and generate instructions to a user of the device in response to detecting the vulnerability]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 8, the combination of MIZAWA FURUYAMA and GUAJARDO discloses further comprising: a token management unit configured to store the text sent to contact information of the developer or the customer determined by the text generation unit and the response received from the contact information in the transmission/reception history database (GUAJARDO Pa. [0038]) [Content may be stored in the storage system 130 and may be loaded from the storage system 130 into the memory 120 where it may be processed by the controller 105]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 9, the combination of MIZAWA FURUYAMA and GUAJARDO discloses further comprising: a user interface which displays the text and the contact information to security personnel of the software and through which the security personnel inputs instructions (GUAJARDO Pa. [0101]) [Classifier 514 is configured to determine a classification of a scene, e.g. whether the scene detected by sensor 506 is suspicious. Control system 502 is configured to transmit an actuator control command 510 to display 1004 in response to the classification. Display 1004 may be configured to adjust the displayed content in response to the actuator control command 510. For instance, display 1004 may highlight an object that is deemed suspicious by classifier 514.]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by GUAJARDO to the code programing of MIZAWA and FURUYAMA would have yield predictable results and resulted in an improved system, namely, a system that would provide Intrusion Detection Systems (IDSs) for in-vehicle and external networks. (GUAJARDO Pa. [0001])
As to claim 10, the combination of MIZAWA FURUYAMA and GUAJARDO discloses wherein the text generation unit updates the software configuration database or the customer product database based on a content of the response (MIZAWA Pa. [0034]) [it is required to identify a software module that needs handling and immediately update the software module]
As to claims 11 and 12, claims 11 and 20 recite the claimed that contain respectively similar limitations as claim 1, therefore, they are rejected under the same rationale.
As to claim 13, claim 13 recites the claimed that contain respectively similar limitations as claim 6, therefore, it is rejected under the same rationale.
As to claim 14, claim 14 recites the claimed that contain respectively similar limitations as claim 2, therefore, it is rejected under the same rationale.
As to claim 15, claim 15 recites the claimed that contain respectively similar limitations as claim 8, therefore, it is rejected under the same rationale.
As to claim 16, claim 16 recites the claimed that contain respectively similar limitations as claim 9, therefore, it is rejected under the same rationale.
As to claim 17, claim 17 recites the claimed that contain respectively similar limitations as claim 4, therefore, it is rejected under the same rationale.
As to claim 18, claim 18 recites the claimed that contain respectively similar limitations as claim 3, therefore, it is rejected under the same rationale.
Response to Arguments
Examiner’s response
In response to applicant's argument, Examiner respectfully submits that:
that claimed limitation is to be given their broadest reasonable interpretation during prosecution, and the scope of a claim cannot be narrowed by reading disclosed limitations into the claim. See In re Morris, 127 F.3d 1048, 1054, 44 USPQ2D 1023, 1027 (Fed. Cir. 1997); In re Zletz, 893 F.2d 319, 321, 13 USPQ2D 1320, 1322 (Fed. Cir. 1989); In re Prater, 415 F.2d 1393, 1404, 162 USPQ 541,550 (CCPA 1969).
The combination of MIZAWA FURUYAMA and GUAJARDO discloses the claimed limitation of claims 1 and 12-13 as amended.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438. The examiner can normally be reached Monday -Friday 8:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EVANS DESROSIERS/Primary Examiner, Art Unit 2491