Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The rejections of the Non-Final office action mailed 4/4/2022, have been overcome by the applicant’s arguments and the Examiner’s amendment (see below). 

Examiner’s Amendment
 	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in an interview with Jared L. DuJack (Reg. No. 72646), Attorney of Record, on 7/20/2022.

The application has been amended as follows:

1. (Currently Amended) A computer-implemented method for automatically analyzing and designing a physical system architecture of a safety-critical system stored in a memory, comprising: 
 incrementally modifying a physical system analysis model representing the physical system architecture of said safety-critical system until calculated failure rates of failure modes of said physical system analysis model are less or equal to failure rates of corresponding failure modes of a functional system analysis model representing a functional system architecture of said safety-critical system to ensure that the resulting physical system architecture satisfies safety and reliability requirements defined in the functional system architecture and to minimize costs due to changes; 
wherein the functional system architecture represents functions of the safety-critical system and their interaction, 
wherein the physical system architecture comprises hardware components, software components and/or embedded software components represented in said physical system analysis model, 
wherein for each function of the functional system architecture a component fault tree, CFT, element is specified having input failure modes and/or output failure modes, 
wherein for each failure mode, a failure rate is specified which represents a corresponding safety or reliability requirement of said safety-critical system, wherein a failure rate λ of a respective output failure mode of the functional system analysis model comprises a tolerable hazard rate threshold of the respective failure, and if λ value is defined, input failure modes represent requirements for signals transmitted via connected ports in form of a maximum tolerable hazard rate, and
wherein for each function of the functional system architecture represented by the functional system analysis model associated elements within the physical system architecture represented by the physical system analysis model adapted to implement the respective function are specified. 

8. (Currently Amended) The method according to claim 1, wherein a quantitative fault tree analysis, FTA, is performed for each output failure mode of the physical system analysis model consisting of including the generated component fault tree, CFT, elements to calculate [[a]] the failure rate of the respective output failure mode.

10. (Currently Amended) The method according to claim 1, wherein the physical system analysis model representing the physical system architecture of said safety-critical system and the functional system analysis model representing the functional system architecture of said safety-critical system are modeled in an architecture description language and stored in [[a]] the memory.

Claim 12. (canceled) 

Claim 13. (Currently Amended) A computer program product, comprising a non-transitory computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement the method according to claim 1.

Reasons for Allowance
The following is a statement of reasons for the indication of allowable subject matter:  
1.	Zeller et al. (NPL: ALFRED; A Methodology to Enable Component Fault Trees for Layered Architectures, 2015) teaches a methodology that can divide safety analysis models into different layers of a systems architecture to enable component fault trees on different layers of an architecture. These dependencies are then used to generate safety evidence for the entire system and over all different architecture layers.
2.	Rupanov et al. (NPL: Employing early model-based safety evaluation to iteratively derive E/E architecture design, 2014) teaches an iterative architecture design and refinement process that is centered around safety requirements and model-based analysis of safety-related metrics. This process simplifies identification of the most sensitive parts of the architecture, selection of the best suitable safety mechanisms to reduce there by failure rate on the system level and improve the metrics defined by the standard.
3.	Muller at el (NPL: The hazard analysis profile: linking safety analysis and SysML, 2016) teaches an approach, tailored to early stages of system design, introduces a “Hazard Analysis” SysML profile accompanied by a procedure for its application within a model-based safety analysis. It provides a preliminary hazard analysis and facilitates the systematic identification of safety-critical functions and components.



These references taken either alone or in combination with the prior art of record fail to disclose instructions, including:
Claim 1: “wherein for each failure mode, a failure rate is specified which represents a corresponding safety or reliability requirement of said safety-critical system, wherein the failure rates X of output failure modes of the functional system analysis model comprise tolerable hazard rate thresholds of the respective failures, and if X value is defined, input failure modes represent requirements for signals transmitted via the connected ports in form of a maximum tolerable hazard rate,”
in combination with the remaining elements and features of the claimed invention. The dependent claims are allowable for at least their dependence on independent claims. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 


Conclusion
Claims 1, 5-11 and 13-15 are allowed.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHUEN-MEEI GAN whose telephone number is (469)295-9127. The examiner can normally be reached Monday-Friday 9:00 am to 4:00 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rehana Perveen can be reached on 571-272-3676. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHUEN-MEEI GAN/Primary Examiner, Art Unit 2148