DETAILED ACTION
Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This Office Action is responsive to communications filed on February 25, 2021.
Claims 1, 3, 5 and 7 have been amended.
Claims 1-8 have been examined and are pending.

Response to Arguments
Applicants have argued that the cited art fails to disclose or make obvious certain features recited by the amended claims (Remarks, pgs. 5-8). Applicants' arguments have been fully considered but are moot in view of the new ground(s) of rejection as set forth below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3, 5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180218158 A1 - hereinafter "Amano", in view of US 20160381059 A1 - hereinafter "Galula", in view of US 20130191576 A1 - hereinafter "Chiang", and in view of US 20190305962 A1 - hereinafter "Takemori".

With respect to claim 1, Amano teaches,
A vehicular communication system, comprising: - "As illustrated in FIG. 1, the evaluation system 10 includes an evaluation apparatus 101 and an electronic control system 11." [0045]; Fig. 1 "The electronic control system 11 is an in-vehicle network system, which includes an in-vehicle network having a plurality of electronic control units (ECUs) connected to various devices..." [0046]; Fig. 1
a storage unit which stores a first piece of information indicating data scheduled to be transmitted and received on a bus connecting a plurality of electronic control units (ECUs) so that the ECUs can communicate with one another, wherein the first piece of information comprises an expected value of a message scheduled to be transmitted and received on the bus - "The ECUs send and receive frames via an in-vehicle bus (a CAN bus)." [0046]. "More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated). The expected value is a CAN message or information (e.g., an operation) indicated by the transmitted signal that is sent from the rewriting ECU 102 or the rewritten ECU 103 and that is expected as the result of the attack (e.g., the result of the transmission of each of the attack frames). The expected value can be predefined." [0060]; Fig. 2. The storage location of the expected CAN message (first piece of information) is interpreted as a storage unit.
a receiving unit which receives from at least one of the plurality of ECUs information indicating that a software program of the at least one of the plurality of ECUs is updated; - "The signal monitoring unit 204 (receiving unit) observes signals output to signal lines and the like other than the CAN bus 20 by the rewriting ECU 102 and the rewritten ECU 103 and checks the signal content...For example, by observing the signal, the signal monitoring unit 204 can determine whether the rewritten ECU 103 has completed processing relating to software update (rewriting) by performing a reboot process." [0059]; Fig. 2
an acquiring unit which acquires a second piece of information indicating data being transmitted and received on the bus - "For example, the evaluation unit 206 can determine whether transmission of a particular frame representing the expected value (second piece of information) on the CAN bus 20 is detected by the CAN bus monitoring unit 203 (acquiring unit) within a certain period of time after one or more attack frames indicated by the attack procedure information 105 are transmitted to the CAN bus 20 by the transmitting unit 201a and perform the evaluation so that the result of evaluation varies depending on whether the particular frame has been detected." [0060]; Fig. 2; when the receiving unit has received from the at least one of the plurality of ECUs the information indicating that the software program of the at least one of the plurality of ECUs is updated; and - Logically, CAN bus monitoring unit 203 (acquiring unit) can detect the particular frame (second piece of information) after signal monitoring unit 204 (receiving unit) has observed a signal indicating that rewritten ECU 103 has completed a software update as an attack can always be launched after rewritten ECU 103 has been updated [0059]; Fig. 2.
a determining unit which determines whether or not expected communication is being executed on the bus based on the first piece of information and the second piece of information - "The evaluation unit 206 (determining unit) evaluates the security of the electronic control system 11 on the basis of the result of determination obtained through More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated)..." [0060]; Fig. 2. Thus, the evaluation unit determines whether a particular frame (second piece of information) transmitted by an ECU on the CAN bus is an expected frame (first piece of information); when the receiving unit has received from the at least one of the plurality of ECUs the information indicating that the software program of the at least one of the plurality of ECUs is updated, - Logically, evaluation unit 206 (determining unit) can determine whether a particular frame transmitted by an ECU is an expected frame after signal monitoring unit 204 (receiving unit) has observed a signal indicating that rewritten ECU 103 has completed a software update as an attack can always be launched and evaluated after rewritten ECU 103 has been updated [0059]; Fig. 2; and determines whether or not transmission of warning information is necessary; and - "The evaluator unit (determining unit) may evaluates the electronic control system so that a result of evaluation of the electronic control system varies in accordance with whether the monitor has detected reception of the particular frame within a predetermined period of time after transmission of the attack frame from the transmitter to the bus." [0038]. "In addition, the result of evaluation may be output to the outside of the evaluation apparatus 101 (for example, the result of evaluation may be displayed, or the information regarding the result of evaluation may be transmitted). For example, the evaluation unit 206 may output, as the result of evaluation, the information as to whether the electronic control system to be evaluated has attack tolerance." [0152]
 wherein the first piece of information comprises...a periodicity...of transmission of the message;
However, in analogous art for in-vehicle networks, Galula teaches:
"A deviation from an expected repetition period or from a model may be regarded by an embodiment as an indication for an anomaly. A deviation from an expected repetition period may be identified or detected, e.g., by an SEU 40, by comparing a repetition period, a time interval between messages or other timing aspects measured for messages to data in a model (first information). For example, in order to determine whether or not at least one of first and a second messages is related to an anomaly, an SEU 40 may compare the time between the two messages (e.g., the time difference between receiving, by the SEU 40, the first message and the second message) to a time interval in a model (first information)." [0061]
"For example, a node in an in-vehicle may typically transmit a messages according to a relatively constant time interval (e.g., once every second or 100 ms). At specific times or under specific conditions, the node may deviate from its regular, constant or normal interval. The time intervals between messages sent by a node may be known to, or determined by, an embodiment and may be recorded, or included in, a timing or other model such that they may be used in order to determine, detect or identify anomalies as described." [0062]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano with Galula's teachings because doing so would provide Amano's system with the ability to detect or identify anomalies in an in-vehicle network, as suggested by Galula [0062].
Amano et al. do not explicitly teach a determining unit which determines whether or not diagnosis registration is necessary; a setting unit which sets a flag based on the results of the determination performed by the determining unit and performs diagnosis registration upon determination by the determining unit that diagnosis registration is necessary;
However, in analogous art for software deployment, Chiang teaches:
"Next, the CPU refers to the self-diagnosis necessity judgment table 234 (FIG. 10) (S1102) and judges whether the self-diagnosis after the update of the ENC firmware to the optimum revision is necessary or not (S1140). If a combination of the current revision and the optimum revision is any one of "A," "B," and "C," the CPU determines that the self-diagnosis is necessary; and then the CPU sets the self-diagnosis flag to on (S1106), On the other hand, if a combination of the current revision and the optimum revision is not any of "A," "B," or "C," the CPU determines that the self-diagnosis is unnecessary; and then the CPU sets the self-diagnosis flag to off (S1108)." [0095]; Figs. 10-11
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano and Galula with Chiang's teachings because doing so would provide Amano/Galula's system with the ability to ensure proper operation of a computer system when firmware is updated, as suggested by Chiang [0001].
Amano et al. do not explicitly teach wherein the receiving unit receives the first piece of information from a server.
However, in analogous art for software deployment, Takemori teaches:
"In FIG. 1, the car 1001 includes a data security device 1010 (receiving unit) and a plurality of ECUs 1020." [0028]; Fig. 1
"(Step S102) The server device 2000 transmits the ECU code applied to the ECU 1020, the expected value (first piece of information) of the ECU code, and the electronic signature to the data security device 1010 through the communication unit 2011. The data security device 1010 receives the ECU code, the expected value of the ECU code, and the electronic signature transmitted from the server device 2000." [0057]; Fig. 5
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano, Galula and Chiang with Takemori's teachings because doing so would provide Amano/Galula/Chiang's system with the ability to improve the reliability of an update program to be applied to an ECU of an in-vehicle control system of a car, as suggested by Takemori [0007].

With respect to claims 3 and 7, Amano teaches,
the acquiring unit acquires, as the second piece of information, an expected value of a message being transmitted and received on the bus, - "For example, the evaluation unit 206 can determine whether transmission of a particular frame representing the expected value (second piece of information) on the CAN bus 20 is detected by the CAN bus monitoring unit 203 (acquiring unit) within a certain period of time after one or more attack frames indicated by the attack procedure information 105 are transmitted to the CAN bus 20 by the transmitting unit 201a and perform the evaluation so that the result of evaluation varies depending on whether the particular frame has been detected." [0060]; Fig. 2;
and the determining unit compares the first piece of information with the second piece of information and, - "The evaluation unit 206 (determining unit) evaluates the security of the electronic control system 11 on the basis of the result of determination obtained through monitoring performed by the monitoring unit 200 (the CAN bus monitoring unit 203 and the More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated)..." [0060]; Fig. 2. Thus, the evaluation unit determines whether a particular frame (second piece of information) transmitted by an ECU on the CAN bus is an expected frame (first piece of information); when the pieces of information differ from each other, determines that expected communication is not being executed on the bus. - "More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated)..." [0060]. Thus, if the particular frame and the expected frame are different, than the defense function has not been properly activated.
Galula teaches the acquiring unit acquires, as the second piece of information...a periodicity...of transmission of the message. "A deviation from an expected repetition period or from a model may be regarded by an embodiment as an indication for an anomaly. A deviation from an expected repetition period may be identified or detected, e.g., by an SEU 40, by comparing a repetition period, a time interval between messages or other timing aspects (second information) measured for messages to data in a model. For example, in order to determine whether or not at least one of first and a second messages is related to an anomaly, an SEU 40 may compare the time between the two messages (second information) (e.g., the time difference between receiving, by the SEU 40, the first message and the second message) to a The time intervals between messages sent by a node may be known to, or determined by, an embodiment and may be recorded, or included in, a timing or other model such that they may be used in order to determine, detect or identify anomalies as described." [0062]

With respect to claim 5, Amano teaches,
A vehicular communication system, comprising: - "As illustrated in FIG. 1, the evaluation system 10 includes an evaluation apparatus 101 and an electronic control system 11." [0045]; Fig. 1 "The electronic control system 11 is an in-vehicle network system, which includes an in-vehicle network having a plurality of electronic control units (ECUs) connected to various devices..." [0046]; Fig. 1
[[a receiving unit which receives from a server]] a first piece of information indicating data scheduled to be transmitted and received on a bus connecting a plurality of electronic control units (ECUs) so that the ECUs can communicate with one another, wherein the first piece of information comprises an expected value of a message scheduled to be transmitted and received on the bus; - "The ECUs send and receive frames via an in-vehicle bus (a CAN bus)." [0046]. "More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has The expected value is a CAN message or information (e.g., an operation) indicated by the transmitted signal that is sent from the rewriting ECU 102 or the rewritten ECU 103 and that is expected as the result of the attack (e.g., the result of the transmission of each of the attack frames). The expected value can be predefined." [0060]; Fig. 2. 
a storage unit which stores the first piece of information; - The storage location of the expected CAN message (first piece of information) is interpreted as a storage unit.
an acquiring unit which acquires a second piece of information indicating data being transmitted and received on the bus - "For example, the evaluation unit 206 can determine whether transmission of a particular frame representing the expected value (second piece of information) on the CAN bus 20 is detected by the CAN bus monitoring unit 203 (acquiring unit) within a certain period of time after one or more attack frames indicated by the attack procedure information 105 are transmitted to the CAN bus 20 by the transmitting unit 201a and perform the evaluation so that the result of evaluation varies depending on whether the particular frame has been detected." [0060]; Fig. 2; when a software program of at least one of the plurality of ECUs is updated; - Logically, CAN bus monitoring unit 203 (acquiring unit) can detect the particular frame (second piece of information) after rewritten ECU 103 has completed a software update as an attack can always be launched after rewritten ECU 103 has been updated [0059]; Fig. 2.
a determining unit which determines whether or not expected communication is being executed on the bus based on the first piece of information and the second piece of information. - "The evaluation unit 206 (determining unit) evaluates the security of the electronic control system 11 on the basis of the result of determination obtained through More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated)..." [0060]; Fig. 2. Thus, the evaluation unit determines whether a particular frame (second piece of information) transmitted by an ECU on the CAN bus is an expected frame (first piece of information); and determines whether or not transmission of warning information is necessary; and - "The evaluator unit (determining unit) may evaluates the electronic control system so that a result of evaluation of the electronic control system varies in accordance with whether the monitor has detected reception of the particular frame within a predetermined period of time after transmission of the attack frame from the transmitter to the bus." [0038]. "In addition, the result of evaluation may be output to the outside of the evaluation apparatus 101 (for example, the result of evaluation may be displayed, or the information regarding the result of evaluation may be transmitted). For example, the evaluation unit 206 may output, as the result of evaluation, the information as to whether the electronic control system to be evaluated has attack tolerance." [0152]
Amano does not explicitly teach wherein the first piece of information comprises...a periodicity...of transmission of the message;
However, in analogous art for in-vehicle networks, Galula teaches:
"A deviation from an expected repetition period or from a model may be regarded by an embodiment as an indication for an anomaly. A deviation from an expected repetition period may be identified or detected, e.g., by an SEU 40, by comparing a repetition period, a time first information). For example, in order to determine whether or not at least one of first and a second messages is related to an anomaly, an SEU 40 may compare the time between the two messages (e.g., the time difference between receiving, by the SEU 40, the first message and the second message) to a time interval in a model (first information)." [0061]
"For example, a node in an in-vehicle may typically transmit a messages according to a relatively constant time interval (e.g., once every second or 100 ms). At specific times or under specific conditions, the node may deviate from its regular, constant or normal interval. The time intervals between messages sent by a node may be known to, or determined by, an embodiment and may be recorded, or included in, a timing or other model such that they may be used in order to determine, detect or identify anomalies as described." [0062]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano with Galula's teachings because doing so would provide Amano's system with the ability to detect or identify anomalies in an in-vehicle network as suggested by Galula [0062].
Amano et al. do not explicitly teach a receiving unit which receives from a server a first piece of information.
However, in analogous art for software deployment, Takemori teaches:
"In FIG. 1, the car 1001 includes a data security device 1010 (receiving unit) and a plurality of ECUs 1020." [0028]; Fig. 1
"(Step S102) The server device 2000 transmits the ECU code applied to the ECU 1020, the expected value (first piece of information) of the ECU code, and the electronic signature generated by the cryptographic processing unit 2016 to the data security device 1010 through the communication unit 2011. The data security device 1010 receives the ECU code, the expected value of the ECU code, and the electronic signature transmitted from the server device 2000." [0057]; Fig. 5
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano and Galula with Takemori's teachings because doing so would provide Amano/Galula's system with the ability to improve the reliability of an update program to be applied to an ECU of an in-vehicle control system of a car, as suggested by Takemori [0007].
Amano et al. do not explicitly teach a determining unit which determines whether or not diagnosis registration is necessary; a setting unit which sets a flag based on the results of the determination performed by the determining unit and performs diagnosis registration upon determination by the determining unit that diagnosis registration is necessary;
However, in analogous art for software deployment, Chiang teaches:
"Next, the CPU refers to the self-diagnosis necessity judgment table 234 (FIG. 10) (S1102) and judges whether the self-diagnosis after the update of the ENC firmware to the optimum revision is necessary or not (S1140). If a combination of the current revision and the optimum revision is any one of "A," "B," and "C," the CPU determines that the self-diagnosis is necessary; and then the CPU sets the self-diagnosis flag to on (S1106), On the other hand, if a combination of the current revision and the optimum revision is not any of "A," "B," or "C," the CPU determines that the self-diagnosis is unnecessary; and then the CPU sets the self-diagnosis flag to off (S1108)." [0095]; Figs. 10-11
.

Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Amano, Galula, Chiang and Takemori, in view of US 20170228236 - hereinafter "Nakahara".

With respect to claims 2 and 6, Amano teaches,
wherein the storage unit stores, [[within a prescribed time after an accessory power supply or an ignition power supply is turned on,]] the first piece of information indicating data scheduled to be transmitted and received on the bus, - "The ECUs send and receive frames via an in-vehicle bus (a CAN bus)." [0046]. "More specifically, the evaluation unit 206 compares all or some of the results of determination made by the monitoring unit 200 with an expected value at the time of transmitting the CAN message on the basis of the attack procedure information 105 and determines whether the attack is successful (e.g., whether the defense function against attack has been properly activated). The expected value is a CAN message or information (e.g., an operation) indicated by the transmitted signal that is sent from the rewriting ECU 102 or the rewritten ECU 103 and that is expected as the result of the attack (e.g., the result of the transmission of each of the attack frames). The expected value can be predefined." [0060]; Fig. 2. The storage location of the expected CAN message (first piece of information) is interpreted as a storage unit.
and the acquiring unit acquires the second piece of information being transmitted and received on the bus within the prescribed time. - "For example, the evaluation unit 206 can determine whether transmission of a particular frame representing the expected value (second piece of information) on the CAN bus 20 is detected by the CAN bus monitoring unit 203 (acquiring unit) within a certain period of time after one or more attack frames indicated by the attack procedure information 105 are transmitted to the CAN bus 20 by the transmitting unit 201a and perform the evaluation so that the result of evaluation varies depending on whether the particular frame has been detected." [0060]; Fig. 2. Logically, operation of the evaluation unit would require a power supply to be on. The period of time within which the evaluation unit operates is interpreted as the prescribed time.
Amano et al. do not explicitly teach storing within a prescribed time after an accessory power supply or an ignition power supply is turned on, the first piece of information.
However, in analogous art for updating vehicle software, Nakahara teaches:
"The operator turns ON the power source (for example, the ignition 3) of the vehicle control device 1. After that, the operator connects the reprogramming device 2 to the vehicle and starts reprogramming (processing for updating the control program). The reprogramming device 2 issues a command that instructs the vehicle control device 1 to update control programming. When the operation unit 11 receives the command, a mode of the operation unit 11 is changed to a reprogramming mode." [0027]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano, Galula, Chiang and Takemori with Nakahara's teachings because doing so would provide Amano/Galula/Chiang/Takemori's system with the .

Claims 4 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Amano, Galula, Chiang and Takemori, in view of US 20160019389 A1 - hereinafter "Yan".

With respect to claims 4 and 8, Amano et al. does not explicitly teach the following limitations which, in analogous art for vehicle security, are taught by Yan.
For example, Yan teaches:
wherein the storage unit stores, as the first piece of information, unnecessary data that does not need to be transmitted and received on the bus, - "First, the OBD-II CAN message screening system 200 establishes (S200) an inbound OBD-II CAN message whitelist and an outbound OBD-II CAN message blacklist. CAN message commands appearing in the whitelist are deemed to be safe and would not cause harm to the vehicle or the driver of the vehicle. CAN message commands (first piece of information) appearing in the blacklist are deemed to be sensitive, e.g., containing private information whose leakage may be detrimental to the vehicle safety and may cause harm to the vehicle or the driver of the vehicle. Such whitelist and blacklist can be pre-installed in the OBD-II CAN message screening system 200 and updated using the mobile application 100 periodically or whenever required." [0023]; Fig. 2.
the acquiring unit acquires the unnecessary data as the second piece of information, - "Upon receipt of a CAN message command (S201), the OBD-II CAN message screening system 200 checks whether the CAN message command is an inbound or outbound CAN message command (S202)." [0023]; Fig. 2
and the determining unit compares the first piece of information with the second piece of information and, when the pieces of information are equal to each other, determines that expected communication is not being executed on the bus. - "If the CAN message command is an outbound CAN message command, the OBD-II CAN message screening system 200 compares the OBD-II CAN message command with the blacklist (S205). If a match is found in the blacklist (S211--Yes), this message command is deemed to be carrying sensitive information and the OBD-II CAN message screening system 200 prevents the outbound OBD-II CAN message command from being sent out and sends (S212) alerts to the mobile application 100." [0023]; Fig. 2
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Amano, Galula, Chiang and Takemori with Yan's teachings because doing so would provide Amano/Galula/Chiang/Takemori's system with the ability to improve vehicle safety by detecting CAN bus message attacks, as suggested by Yan [0002].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see the accompanying PTO-892 for the respective patent number(s) of published application(s) cited above).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEOFFREY R ST LEGER whose telephone number is (571)270-7720.  The examiner can normally be reached on M-F (IFP) ~9:00-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 
/GEOFFREY R ST LEGER/Primary Examiner, Art Unit 2192