Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 4/10/2020. Claim 1 is independent. Claims 1-11 are currently pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim1 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al. (US 20200211301 A1), hereinafter Zhang, in view of Baltes et al. (US 20200034574 A1), hereinafter Baltes, further in view of JEAN-LUC et al. (FR 3025035 A1), hereinafter JEAN-LUC.

	Regarding claim 1, Zhang teaches [a] vehicular control apparatus used in an onboard system having a plurality of information processors mutually connected via a communication bus (para. 0003 and 0033, plurality ECUs each of which may include a CPU, … CAN bus), comprising:
	a storage section for storing information (para. 0120, several storages for storing variety of information); and
	an arithmetic section for executing a process based on the information stored in the storage section (para. 0120, receive the risk assessment (e.g., the identified risk, a severity of the risk, etc.) for a vehicle from anomaly/incident detection and response module 1016, and determine an action to be performed at the vehicle to mitigate a safety/security risk based on the risk assessment. The determination can be based on applying a set of rules to the identified risk and the severity of the risk, and the rules can come from various sources. For example, as shown in FIG. 10, control operation dispatch module 1018 can receive rules defined in risk management policy storage 1026 and transportation asset management policy storage 1032, and apply the rules to determine the action. Referring back to the vehicle compartment access example above, transportation asset management policy storage1032 may provide rules that specify that the compartment of a vehicle stores critical electronic components, and authorization is needed before granting access to the compartment. Risk management policy storage1026 can define a set of operations to determine whether to authorize access to the compartment (e.g., requesting credential information from the requester). Both safety and security are considered).
the information contains first management information relating to a security abnormality as a communication data abnormality owing to security attack from outside the onboard system, and second management information relating to a safety abnormality as a communication data abnormality owing to an abnormality in the onboard system (para. 0117, 0118 and 0120, … detect potential cyber security attacks; …identification of the safety [of the vehicle] and/or security [attack from outside] risk);
if the communication data abnormality in the onboard system is detected, the arithmetic section determines a coping content to the detected communication data abnormality based on the first management information and the second management information (para. 0120, 0123 and 0124, [t]hreat mitigation module 1146 can detect security and/or safety risks from the operation condition, and perform one or more operations to mitigate the security and/or safety risks. For example, threat mitigation module 1146 can determine, based on the speed sensor data and LiDAR data, that there is a high risk that the vehicle will collide with an obstacle in its current trajectory, and can control ECUs 1110 to automatically apply the brakes on the vehicle. As another example, threat mitigation module 1146 can determine that an attempt to open the cabin door is detected based on ACM 1142 and the passenger cabin door sensor data, and that the person seeking to open the cabin door is not authorized to access the cabin. In such situations, threat mitigation module 1146 can control actuators 1112 to, for example, lock the cabin door. OTA update module 1148 can receive update information from a remote server (e.g., a management service server) to update, for example, rules and patterns for security/safety threat detection).
Zhang may not explicitly disclose the first management information contains first limit condition information indicating a first limit condition for executing a security coping with the security abnormality (in particular, in term of limit/threshold). However, in an analogous art, Baltes teaches the first management information contains first limit condition information indicating a first limit condition for executing a security coping with the security abnormality (para. 0003, [a]ccording to a first aspect of the invention, there is provided a method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities, wherein the cybersecurity attack schema models various avenues of exposing the cybersecurity vulnerability, wherein the cybersecurity attack schema includes a plurality of malicious actions that can be performed, and wherein exposure of the cybersecurity vulnerability allows for potentially malicious damage to a targeted object; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics using a cybersecurity attack schema iteration process; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics; para. 0061 and 0062, it may be determined to carry out remedial action for those cybersecurity vulnerabilities whose cybersecurity priority level is at or exceeds a threshold cybersecurity level. This determination may be made by a processor at server 82 or computer 18. In other embodiments, each of the cybersecurity vulnerabilities may have their cybersecurity priority levels compared to the other cybersecurity vulnerabilities and, then, based on the levels, a determination may be made as to which order the cybersecurity vulnerabilities will be addressed (e.g., addressing the cybersecurity vulnerabilities with the highest cybersecurity priority level first)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Zhang and Baltes because it enables prioritization and remediation of cybersecurity vulnerabilities that may be present under particular computer systems. The present system and methods discussed herein can be used to protect one or more computer-based modules and/or electrical systems (i.e., targeted objects or systems) from theft, damage, or other malicious activity. The targeted object (i.e., the module or system that may have a cybersecurity vulnerability exposed) may have multiple cybersecurity vulnerabilities that can be exposed and/or utilized via one or more malicious actions by a malicious actor. According to at least some embodiments, the systems and methods herein enable prioritization of a targeted object's cybersecurity vulnerabilities and can provide for remedying such cybersecurity vulnerabilities according to their respective priority (para. 0025).
The combination of Zhang and Baltes may not explicitly disclose the second management information contains second limit condition information indicating a second limit condition for executing a safety coping with the safety abnormality (in particular, in term of limit/threshold). However, in an analogous art, JEAN-LUC teaches the second management information contains second limit condition information indicating a second limit condition for executing a safety coping with the safety abnormality (p.4/11 para. 2, According to the invention, the monitoring module 10 then comprises a tripping unit 13, arranged to firstly detect, from one or more predetermined tripping conditions which relate to one or more internal variables 6, the occurrence of an event called "alert event", which corresponds to a predefined life situation of the vehicle 2 or the embedded system4, and here more particularly to a life situation (of the vehicle 2 or the embedded system 4) which is deemed dangerous or abnormal (typically because said life situation corresponds to a malfunction of the onboard system 4, or a vehicle behavior anomaly, which causes or is likely to cause a loss of control of the vehicle and / or endangering the occupants of said vehicle or other road users, and / or possibly damage to the vehicle), and secondly to identify the moment, d it "start time" tdécl, at which said alert event occurred; p.4/11 para. 3, in terms of threshold).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Zhang, Baltes and JEAN-LUC because it is possible to envisage defining a particular abnormal life situation (a warning event) of the type "vehicle in understeer with the impossibility of automatically correcting the trajectory due to power failure" which would correspond to at the simultaneous combination on the one hand of a first elementary warning event of the type "loss of grip in understeer", which would be characterized by certain conditions on the internal variables 6 which represent the yaw rate of the vehicle and the angular position of the driving wheel, and secondly a second elementary alert event of "power loss of the assistance motor" which would be characterized by the passage and / or the maintenance of the internal variable measuring the battery voltage below a predetermined low threshold (p.4/11 para. 3).

Allowable Subject Matter
	Claims 2-11 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the
limitations of the base claims and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/ 	Examiner, Art Unit 2437 



/MATTHEW SMITHERS/           Primary Examiner, Art Unit 2437