DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on August 30, 2021, is in compliance with the provisions of 37 CFR 1.97 and has been considered by the Examiner.

Specification
The disclosure is objected to because of the following informalities:  
Table 2 in the specification (located in between paragraphs [0055] and [0056]) does not comply with the formatting and margins requirements specified in 37 C.F.R. 1.52 and 37 C.F.R. 1.58.  The table is currently formatted such that it is not completely contained on the page and extends off one side of the page.  
Appropriate correction is required.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description:
Paragraph [0038] contains references to labels “304” and “306” in Figure 3.  However, there are no labels designated “304” and “306” shown in Figure 3.  
Paragraph [0039] contains references to label “308” in Figure 3.  However, there are no labels designated “308” shown in Figure 3.

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Status of Claims
Claims 1-20 are pending and are rejected under 35 U.S.C. § 103.
Claims 1-20 are also rejected due to non-statutory double patenting.
Claims 8 and 20 are objected to due to minor informalities.

Claim Objections
Claims 8 and 20 are objected to because of the following informalities:
Claim 8 contains the limitation “receive a value associated … order defined in the execution flow.”  There is insufficient antecedent basis for this limitation in the claim.  It appears the limitation should read “receive a value associated … order defined in an execution flow.”  
Claim 20 refers to the “method according to claim 1.”  There appears to be a typographical error since the claim limitations in claim 20 are similar to the limitations in claim 6, which also refers to claim 1.  It appears the claim should reference independent claim 15 and recite the “system according to claim 15.”
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Double Patenting - U.S. Patent No. 11,144,375
Claims 1-5, 7-12, and 14-19 are rejected on the grounds of nonstatutory double patenting as being unpatentable over claims 1-3, 5-10, 12-16, and 18-20 of U.S. Patent No. 11,144,375 (issued to application 16/155229).  Although the claims at issue are not identical, they are not patentably distinct from each other.  
Independent claims 1, 8, and 15 of the instant application contain limitations which are nearly identical to limitations recited by independent claims 1, 8, and 14 of U.S. Patent No. 11,144,375.  Independent claims 1, 8, and 15, respectively, of the instant application recite broader limitations than what is recited in independent claims 1, 8, and 14 of U.S. Patent No. 11,144,375, which fall entirely within the scope of claims 1, 8, and 15, respectively, of the instant application.  
Claims 2, 9, and 16 of the instant application contain limitations which are similar to limitations included in claims 2, 9, and 15 of U.S. Patent No. 11,144,375.  
Claims 3, 10, and 17 of the instant application contain limitations which are similar to limitations included in claims 1, 3, 8, 10, 14, and 16 of U.S. Patent No. 11,144,375.
Claims 4-5, 11-12, and 18-19 of the instant application contain limitations which are similar to limitations included in claims 5-6, 12-13, and 18-19 of U.S. Patent No. 11,144,375.  
Claims 7 and 14 of the instant application contain limitations which are similar to limitations included in claims 7 and 20 of U.S. Patent No. 11,144,375.  
Therefore, claims 1-5, 7-12, and 14-19 in the instant application are anticipated by claims 1-3, 5-10, 12-16, and 18-20 in U.S. Patent No. 11,144,375.

Double Patenting - U.S. Patent No. 11,138,085
Claims 1-2, 4-6, 8-9, 11-13, 15-16, and 18-20 are rejected on the grounds of nonstatutory double patenting as being unpatentable over claims 1, 3-4, 13-15, and 22 of U.S. Patent No. 11,138,085 (issued to application 16/155199).  Although the claims at issue are not identical, they are not patentably distinct from each other.  
Independent claims 1, 8, and 15 of the instant application contain limitations which are similar to limitations included in independent claims 1, 13, and 22 of U.S. Patent No. 11,138,085.  Dependent claims 2, 6, 9, 13, 16, and 20 of the instant application also contain limitations which are similar to limitations included in independent claims 1, 13, and 22 of U.S. Patent No. 11,138,085.  Claims 1-2, 6, 8-9, 13, 15-16, and 20 of the instant application recite broader limitations than what is recited in independent claims 1, 13, and 22 of U.S. Patent No. 11,138,085, which fall entirely within the scope of claims 1-2, 6, 8-9, 13, 15-16, and 20 of the instant application.  
Claims 4-5, 11-12, and 18-19 of the instant application contain limitations which are similar to limitations included in claims 3-4 and 14-15 of U.S. Patent No. 11,138,085.  
Therefore, claims 1-2, 4-6, 8-9, 11-13, 15-16, and 18-20 in the instant application are anticipated by claims 1, 3-4, 13-15, and 22 in U.S. Patent No. 11,138,085.


Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. § 102 and § 103 (or as subject to pre-AIA  35 U.S.C. § 102 and § 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3, 5-6, 8-10, 12-13, 15-17, and 19-20

Claims 1-3, 5-6, 8-10, 12-13, 15-17, and 19-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Zhu et al. (U.S. Patent Publication No. 2017/0328729) in view of Proudler (U.S. Patent Publication No. 2002/0023212) in further view of Djabarov et al. (U.S. Patent No. 7,970,946) and Walker et al. (U.S. Patent Publication No. 2017/0180341).

Claim 1
Regarding claim 1, Zhu discloses:
A method of verifying execution sequence integrity of an execution flow, the method comprising: 
receiving, by a processor of an automated device, a value associated with each function of a plurality of functions that are to be performed by the automated device in a particular order defined in the execution flow (Zhu: ¶ [0003] (A plurality of sensors are coupled to the vehicle and are controlled by a plurality of parameters, and the vehicle is configured to operate in an autonomous mode in which the computer system controls the vehicle in the autonomous mode based on data obtained by the plurality of sensors. The method also includes obtaining, using the computer system in the vehicle, perceived environment data that relates to the current state of the vehicle in the environment as perceived by at least one of the plurality of sensors.)).

Zhu teaches a computer system that controls an autonomous vehicle and receives perceived environment data from sensors relating to the current state of the vehicle.  The autonomous vehicle corresponds to the “automated device” in the claim.  Zhu further teaches comparing the perceived environment data to ground truth data to determine if adjustments are needed.  However, Zhu does not explicitly teach combining the sensor data values in a particular order defined in the execution flow and applying a hashing algorithm to the resulting combination value as described in the claim.

Further regarding claim 1, Zhu does not explicitly disclose, but Proudler teaches:
receiving, by a processor of an automated device, a value associated with each function of a plurality of functions that are to be performed by the automated device in a particular order defined in the execution flow (Proudler: ¶ [0082]-[0083]); 
combining the values in accordance with the particular order defined in the execution flow to generate a combination value (Proudler: ¶ [0082]-[0083]); and 
applying a hashing algorithm to the combination value to generate a temporary hash value (Proudler: ¶ [0082]-[0083]).

Proudler teaches logging a sequence of values (including input, output, and execution data) by concatenating the existing value of the sequence (function) with newly appended values and passing the data through a hash algorithm (Proudler: ¶ [0082]-[0083]).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to utilize a similar process of processing received data such as taught by Proudler in conjunction with the computer system taught by Zhu.  One of ordinary skill in the art would be motivated to apply the teachings of Proudler to the teachings of Zhu in order to ensure the integrity of data from the various sensors and the computing platform to ensure the computing platform is functioning as expected (Proudler: ¶ [0005]-[0006]).

Further regarding claim 1, Zhu in view of Proudler does not explicitly disclose, but Djabarov teaches:
applying a hashing algorithm to the combination value to generate a temporary hash value (Djabarov: Col. 7, Lines 20-55 (generation of hash value by combining event field values)); and
searching a data store for a return code associated with the temporary hash value (Djabarov: Col. 8, Lines 23-31 (received hash values are stored and compared to later received hash values to determine if anything changed));

Djabarov teaches combining event field values to generate a hash value that can be transmitted to a server (Djabarov: Col. 7, Lines 20-55).  Djabarov further teaches storing received hash values and comparing received hash values to stored hash values to determine if anything has changed (Djabarov: Col. 8, Lines 23-31).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to utilize a similar process of authentication and processing of received data as taught by Djabarov in conjunction with the computer system taught by Zhu in view of Proudler.  One of ordinary skill in the art would be motivated to apply the teachings of Djabarov to the teachings of Zhu in view of Proudler in order to ensure the integrity of data from the various sensors and to determine whether the sensor data has changed compared to previously received sensor data (Djabarov: Col. 8, Lines 23-31).

Further regarding claim 1, Zhu in view of Proudler and Djabarov does not explicitly disclose, but Walker teaches:
generating a fault notification in response to the return code indicating that the temporary hash value is incorrect (Walker: ¶ [0034]; ¶ [0085] (attestation data and log data are reported to management system, which can detect any issues with the log data and generate automated alerts or tasks to assist in remediation of any issues)). 

Zhu in view of Proudler and Djabarov teaches use of a computer system to receive data from sensors (Zhu: ¶ [0003]), but does not explicitly teach generation of a fault notification as described in the claim.  Walker teaches an attestation device which can be a sensor device that can record environmental conditions in log data (Walker: ¶ [0026]) and send that log data to a management system (Walker: ¶ [0031]; ¶ [0037]).  The management system corresponds to the “processor of the automated device” in the claim.  Walker further teaches that the attestation device can be used in a vehicle (Walker: ¶ [0014]) and that the management system can detect any issues with the log data and generate automated alerts or tasks to assist in remediation of any issues (Walker: ¶ [0034]; ¶ [0085]).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to utilize a similar process of monitoring and fault notification as taught by Walker in conjunction with computer system in the autonomous vehicle taught by Zhu in view of Proudler and Djabarov.  One of ordinary skill in the art would be motivated to apply the teachings of Walker to the teachings of Zhu in view of Proudler and Djabarov as a way of implementing the evaluation of sensor data indicated by Zhu and in order to provide a mechanism to correct detected discrepancies in the sensor data (i.e., perceived environment data vs. ground truth data). 

Claims 2-3 and 5-6
Regarding claim 2, Zhu in view of Proudler, Djabarov, and Walker discloses:
The method of claim 1, wherein the combination value is generated by concatenating the values in accordance with the particular order defined in the execution flow (Proudler: ¶ [0082]-[0083]; and Djabarov: Col. 7, Lines 20-55 (generation of hash value by combining event field values includes concatenation of values)). 

Regarding claim 3, Zhu in view of Proudler, Djabarov, and Walker discloses:
The method according to claim 1, wherein the plurality of functions are to be performed by one or more sensors of the automated device, the sensors comprising at least one of 
an image sensor (Zhu: Figure 1; ¶ [0037]; ¶ [0065]-[0068] (camera)), 
a lidar sensor (Zhu: Figure 1; ¶ [0031]; ¶ [0036]; ¶ [0072] (use of LIDAR)), 
a radar sensor (Zhu: Figure 1; ¶ [0035]), 
an audio sensor (Zhu: Figure 1; ¶ [0049] (microphone)), 
an optics sensor (Zhu: Figure 1; ¶ [0037]; ¶ [0065]-[0068] (camera)), 
an inertial measurement unit, a gyroscope, an accelerometer, and a geolocation sensor (Zhu: Figure 1; ¶ [0031]; ¶ [0033]-[0034]).

Regarding claim 5, Zhu in view of Proudler, Djabarov, and Walker discloses:
The method according to claim 1, wherein the processor is configured to monitor all functions of the plurality of functions that are to be performed by the automated device (Proudler: ¶ [0083] (logging of input, output and execution data (or a subset of this data)); Walker: ¶ [0014]; ¶ [0037]; ¶ [0041] (attestation/sensor devices transmit information to a management system, which functions as a global monitor for all attestation devices in the system)).

Regarding claim 6, Zhu in view of Proudler, Djabarov, and Walker discloses:
The method according to claim 1, wherein the processor comprises two or more monitors that are configured to monitor different subsets of said functions that are to be performed by the automated device (Proudler: ¶ [0083] (logging of input, output and execution data (or a subset of this data)); Walker: ¶ [0014]; ¶ [0037]; ¶ [0041] (attestation/sensor devices transmit information to a management system, which functions as a global monitor for all attestation devices in the system)). 


Claims 8-10 and 12-13
Claims 8-10 and 12-13 describe limitations for a computer program product which are similar to the limitations for the method in claims 1-3 and 5-6, respectively, and are rejected under 35 U.S.C. § 103 for the same reasons as detailed above.

Claims 15-17 and 19-20
Claims 15-17 and 19-20 describe limitations for a system which are similar to the limitations for the method in claims 1-3 and 5-6, respectively, and are rejected under 35 U.S.C. § 103 for the same reasons as detailed above.


Claims 4, 11, and 18
Claims 4, 11, and 18 are rejected under 35 U.S.C. § 103 as being unpatentable over Zhu et al. (U.S. Patent Publication No. 2017/0328729) in view of Proudler (U.S. Patent Publication No. 2002/0023212) in further view of Djabarov et al. (U.S. Patent No. 7,970,946), Walker et al. (U.S. Patent Publication No. 2017/0180341), and Ben-Noon et al. (U.S. Patent Publication No. 2017/0093866).

Claim 4
Regarding claim 4, Zhu in view of Proudler, Djabarov, and Walker does not explicitly disclose, but Ben-Noon teaches:
The method according to claim 1, wherein the fault notification comprises halting operation of the automated device (Ben-Noon: ¶ [0156]-[0157] (Security unit (SEU) may validate data flows, identify suspicious flows and block, prevent, or interrupt suspicious or undesirable flows.)). 

Zhu in view of Proudler, Djabarov, and Walker teaches the management system detecting issues and generating automated alerts (Walker: ¶ [0085]), but does not explicitly teach halting operation of the automated device.  Ben-Noon teaches validating data flows from sensors in a vehicle, identifying suspicious flows and blocking, preventing, or interrupting suspicious or undesirable flows (Ben-Noon: ¶ [0012]; ¶ [0156]-[0157]).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to block or otherwise prevent suspicious or undesirable flows as taught by Ben-Noon in conjunction with a determination of changed or invalid log data communicated between the sensors and computer system taught by Zhu in view of Proudler, Djabarov, and Walker.  One of ordinary skill in the art would be motivated to apply the teachings of Ben-Noon to the teachings of Zhu in view of Proudler, Djabarov, and Walker in order to protect the sensors from potential unauthorized access (Ben-Noon: ¶ [0011]) and/or to prevent the propagation of invalid data.

Claim 11
Claim 11 describes limitations for a computer program product which are similar to the limitations for the method in claim 4, and is rejected under 35 U.S.C. § 103 for the same reasons as detailed above.

Claim 18
Claim 18 describes limitations for a system which are similar to the limitations for the method in claim 4, and is rejected under 35 U.S.C. § 103 for the same reasons as detailed above.

Claims 7 and 14
Claims 7 and 14 are rejected under 35 U.S.C. § 103 as being unpatentable over Zhu et al. (U.S. Patent Publication No. 2017/0328729) in view of Proudler (U.S. Patent Publication No. 2002/0023212) in further view of Djabarov et al. (U.S. Patent No. 7,970,946), Walker et al. (U.S. Patent Publication No. 2017/0180341), and Steffey et al. (U.S. Patent Publication No. 2020/0019717).

Claim 7
Regarding claim 7, Zhu in view of Proudler, Djabarov, and Walker does not explicitly disclose, but Steffey teaches:
The method according to claim 1, further comprising: in response to not locating a return code associated with the temporary hash value in the data store: 
creating a new entry in the data store for the temporary hash code (Steffey: ¶ [0054]-[0055] (results of the authentication and the hash code can be stored to the log as part of background process)), 
adding the temporary hash code to the new entry (Steffey: ¶ [0054]-[0055] (results of the authentication and the hash code can be stored to the log as part of background process)), 
receiving a user-provided return code that is associated with the temporary hash value (Steffey: ¶ [0054]-[0055] (Hash codes are compared and, if different, the end user can be prompted to download the file again and hash codes can be compared again.)), and 
adding the user-provided return code to the data store so as to be associated with the new entry (Steffey: ¶ [0054]-[0055] (results of the authentication and the hash code can be stored to the log as part of background process)). 

Zhu in view of Proudler, Djabarov, and Walker teaches storing received data, but does not explicitly teach creating a new entry and receiving a user-provided return code as described in the claim.  Steffey teaches comparing hash codes for a file download and, if different, the end user can be prompted to download the file again and hash codes can be compared again to eliminate verification failures.  The results of the authentication and the hash code can be stored to a log (Steffey: ¶ [0054]-[0055]).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to a similar process of authentication as taught by Steffey in conjunction with a determination of changed or invalid data communicated between the sensors and management system (monitor) taught by Zhu in view of Proudler, Djabarov, and Walker.  One of ordinary skill in the art would be motivated to apply the teachings of Steffey to the teachings of Zhu in view of Proudler, Djabarov, and Walker in order to ensure the integrity of data from the sensors and to eliminate verification failures caused by the transfer of the data due to a slow or low quality connection (Steffey: ¶ [0054]).

Claim 14
Claim 14 describes limitations for a computer program product which are similar to the limitations for the method in claim 7, and is rejected under 35 U.S.C. § 103 for the same reasons as detailed above.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anthony J. Amoroso whose telephone number is 571-270-3665.  The examiner can normally be reached on Monday - Friday (9:00 am - 6:00 pm).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on 571-272-3655.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANTHONY J AMOROSO/Primary Examiner, Art Unit 2113