DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 12/13/2018, claims 1-15 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/219,044.

First set of rejections:
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-3, and 8-15 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Djordjevic (US2010/0146174).
Regarding claim 1, Djordjevic discloses a device for enabling a first transportation vehicle component of a transportation vehicle, the device comprising [¶7, the master/slave 
 at least one interface  for communication with a second transportation vehicle component of the transportation vehicle, wherein the second transportation vehicle component is part of a secured cluster of transportation vehicle components of the transportation vehicle  [¶7, The method serves to protect against external interventions into a master/slave bus( interface for commutation) system.  The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master(secured cluster) for outputting an authentic command]; and
a control module for: controlling the at least one interface, receiving at least one message from the second transportation vehicle component via the at least one interface [¶7, The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master for outputting an authentic command( message).  The authentic command instructs the slave to carry out a function]; and
legitimating the second transportation vehicle component based on the at least one message received by the second transportation vehicle component [¶7, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result]; and
 enabling the first transportation vehicle component in response to the at least one received message implying that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components, and in response to the legitimation of the second transportation vehicle component being successful [ ¶7, The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master for outputting an authentic command.  The authentic command instructs the slave to carry out a function.  According to the invention, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result], and [¶11, According to one embodiment of the method according to the invention, a slave actuator drive (first component), which is driven by the authorized master (enabled second component) moves an opening and closing part between an open position and a closed position (enabling the first component).  In this context, the opening and closing part clears an opening into the passenger compartment of the vehicle, while in the closed position the opening is closed by the opening and closing part]
Regarding claim 2, Djordjevic discloses wherein the control module legitimates the second transportation vehicle component based on a challenge-response authentication method [¶7, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result]. 
Regarding claim 3, Djordjevic discloses wherein the control module legitimates the second transportation vehicle component by a plausibility check of the contents of the at least one message [¶7, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result].
Regarding claim 8, Djordjevic discloses, wherein the receipt of the at least one message from the second transportation vehicle component implies that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components [¶7, The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master for outputting an authentic command.  The authentic command instructs the slave to carry out a function.  According to the invention, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result], and [¶11, According to one embodiment of the method according to the invention, a slave actuator drive (first component), which is driven by the authorized master (enabled second component) moves an opening and closing part between an open position and a closed position (enabling the first component).  In this context, the opening and closing part clears an opening into the passenger compartment of the vehicle, while in the closed position the opening is closed by the opening and closing part]
Regarding claim 9, Djordjevic discloses, wherein the at least one received message implies that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components, in response to the at least one received message implying that the second transportation vehicle component has a predefined condition, or in response to the at least one received message implying that a predefined action is being executed by the second transportation vehicle component [ ¶7, The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master for outputting an authentic command.  The authentic command instructs the slave to carry out a function.  According to the invention, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result], and [¶11, According to one embodiment of the method according to the invention, a slave actuator drive (first component), driven by the authorized master (enabled second component) moves an opening and closing part between an open position and a closed position (enabling the first component).  In this context, the opening and closing part clears an opening into the passenger compartment of the vehicle, while in the closed position the opening is closed by the opening and closing part]
Regarding claim 10, Djordjevic discloses, wherein the first transportation vehicle component is not part of the secured cluster of transportation vehicle components, and/or wherein the secured cluster enables the second transportation vehicle component without involving the first transportation vehicle component or the device [¶2, the invention relates to a method for protecting against external interventions into a master/slave bus system having at least one slave( not secured) and at least one authorized master( secured) for outputting an authentic command which instructs the slave to carry out a function.  The invention also relates to a master/slave bus system].
Regarding claim 11, Djordjevic discloses, wherein the secured cluster of transportation vehicle components comprises at least one other device for enabling a first transportation vehicle component of a transportation vehicle, and/or wherein the device together with the secured cluster of transportation vehicle components forms a further secured cluster of transportation vehicle components [ ¶7, The master/slave bus system which is provided, in particular, for a motor vehicle contains at least one slave and at least one authorized master for outputting an authentic command.  The authentic command instructs the slave to carry out a function.  According to the invention, the authenticity of a command which has been transmitted over the bus is checked.  The execution of the function is enabled only in the event of a positive check result], and [¶11, According to one embodiment of the method according to the invention, a slave actuator drive (first component), which is driven by the authorized master (enabled second component) moves an opening and closing part between an open position and a closed position (enabling the first component).  In this context, the opening and closing part clears an opening into the passenger compartment of the vehicle, while in the closed position the opening is closed by the opening and closing part]
Regarding claim 12, Djordjevic discloses, wherein the at least one message, on which the enabling of the first transportation vehicle component is based, is at least a message which is used for the normal operation of the first transportation vehicle component or for the normal operation of the second transportation vehicle component, and/or wherein the at least one message, on which the enabling of the first transportation vehicle component is based, is at least a message which is not received solely for the purpose of enabling the transportation vehicle component via the at least one interface, or which is not sent from the second transportation vehicle component solely for the purpose of enabling the first transportation vehicle component [¶11, According to one embodiment of the method according to the invention, a slave actuator drive( first component), which is driven by the authorized master( enabled second component) moves an opening and closing part between an open position and a closed position( enabling the first component)( normal operation).  In this context, the opening and closing part clears an opening into the passenger compartment of the vehicle, while in the closed position the opening is closed by the opening and closing part].
Claims 13, 14, and 15 are interpreted and rejected for the same rational set forth in claim 1.

Claim Rejections - 35 USC § 103

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 4-5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over US application no. 2010/0146174 issued to Djordjevic and in view of US Patent No. 2009/021703 issued to Kuhls .
Regarding claim 4, Djordjevic does not disclose, however, Kuhls discloses  wherein the control module legitimates the second transportation vehicle component based on cryptographically protected messages from the second transportation vehicle component[ ¶6, it is provided that the master security module exchanges a secret symmetrical communication key with the client security modules to encrypt the communication between the master 
security module and the client security module, preferably an AES key.

 
Regarding claim 5, Djordjevic does not disclose, however, Kuhls discloses, wherein the cryptographically protected messages are cryptographically signed, wherein the cryptographically protected messages are 13676941_1.docx31cryptographically encrypted, and/or wherein the cryptographically protected messages comprise a calculated value based on a cryptographic key¶6, it is provided that the master security module exchanges a secret symmetrical communication key with the client security modules to encrypt the communication between the master security module and the client security module, preferably an AES key], and [Abstract, signed message].
		It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Djordjevic with the teaching of Kuhls in order to checks the signed message received from the master security module as to whether it comes from an authorized master security module which leads to an additional increase in the security against manipulation [Kuhls, Abstract, ¶9]. 
Regarding claim 7, Djordjevic does not disclose, however, Kuhls discloses, wherein the secured cluster is an immobilizer cluster of the transportation vehicle, or wherein the secured cluster is an anti-theft cluster of the transportation vehicle[¶21,  In a development of this embodiment the provision of the corresponding diagnostic message of at least one of the second control apparatuses having the client security module, or a third control apparatus without activating an immobilizer after the vehicle has been turned off.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Djordjevic with the teaching of Kuhls in order for activating an immobilizer after the vehicle has been turned off, which leads to an additional increase in the security against manipulation[Kuhls, ¶¶9, 21].


Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US application no. 2010/0146174 issued to Djordjevic and in view of US Patent No. 2009/021703 issued to Kuhls and further in view of US Patent No. 2008/0192929 issued to Knechtel .
Regarding claim 6, Djordjevic and Kuhls do not disclose, however, Knechtel discloses, wherein the control module stores cryptographic information about previously received cryptographically protected messages of the second transportation vehicle component, and wherein the control module legitimates the second transportation vehicle component in response to the cryptographically protected messages, which have been received via the at least one interface within a predefined time interval before the transportation vehicle component was enabled, being in accordance with the stored cryptographic information[¶5, a security unit (secure communication unit), e.g. for a vehicle, aircraft, ship, or the like, that has at least one cryptography module (crypto unit) with which cryptographic codes are generated, stored, managed and/or processed], and [¶7,… The cryptography module also securely and rapidly executes cryptographic operations and stores data], and [¶14… security can be ensured especially during time-critical situations in the vehicle…].



Second set of rejections:
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-6, and 8-15 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Knechtel (US2008/0192929).

Regarding claim 1, Knechtel discloses A device for enabling a first transportation vehicle component of a transportation vehicle, the device comprising[ see FIGS 1 and 2, SCU, ECU, ¶7, isolation of the modules that are connected to the communications module should a module become compromised…]; and
at least one interface  for communication with a second transportation vehicle component of the transportation vehicle, wherein the second transportation vehicle component is part of a secured cluster of transportation vehicle components of the transportation vehicle [¶5, data bus, on-board network system][¶2, Such a system (e.g. a vehicle) customarily has a plurality of electrical or electronic components, where the components or their control units can be connected to one another via a communications network, thereby forming an interconnected communications system.  A communications network within the context of the invention refers especially to a bus system, e.g. a bus system in an automobile…Today, equipment of this type (e.g. motor vehicles) have at their disposal a plurality of controllers that can be configured as programmable control devices and that are to an ever-increasing extent being interconnected with their environment…], and [¶6, the security unit( second component in secured cluster) of the invention can be intended, e.g. for an interconnected communications system, e.g. for a vehicle, aircraft, ship, etc., or can be integrated into such a communications system.  Such an interconnected communications system can be composed of a plurality of controllers for individual electrical and/or electronic components (first components) that are connected to one another via a communications network, e.g. a bus. It is also possible for the security unit of the invention to be connected to the remaining controllers via the communications network.  Furthermore, the security unit can be equipped with an internal communications module to allow the security unit to communicate with one or more controllers (electronic controller) of the interconnected communications system.], and [¶5]; and
 a control module for: controlling the at least one interface, receiving at least one message from the second transportation vehicle component via the at least one interface [¶5, a security unit (secure communication unit), e.g. for a vehicle, aircraft, ship, or the like, that coordination module for the coordination of individual modules within the security unit.  The cryptography module integrated into the security unit generates cryptographic codes, e.g. symmetrical or asymmetrical codes.  In this manner, data received from another module` via an interface can be encrypted and/or signed], and [¶10, the security unit has at least one external communications module for communication between the security unit and one or more external devices.  An external device is a device that is not integrated into the interconnected communications system.  The security unit is therefore equipped with the (additional) communications module for communicating with systems outside the interconnected communications system, with the module being programmed via the cryptography module following authentication].
legitimating the second transportation vehicle component based on the at least one message received by the second transportation vehicle component [¶5, the cryptography module integrated into the security unit generates cryptographic codes, e.g. symmetrical or asymmetrical codes.  In this manner, data received from another module via an interface can be encrypted and/or signed. In addition, with the cryptography module, data received from another module via an interface can be decoded and/or signatures verified or analyzed. ]; and
 enabling the first transportation vehicle component in response to the at least one received message implying that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components, and in response to the legitimation of the second transportation vehicle component being successful [¶7,… The cryptography module also securely and rapidly executes cryptographic operations and stores data.  The coordination module ensures the fail-safe and efficient management of the described isolation of the modules (this enables the first component) that are connected to the communications module should a module become compromised (this enables the second component when it finds out the first component becomes compromised), with the isolation of the compromised module being effected by blocking access to the communications module.], and [¶6].
Regarding claim 2, Knechtel discloses wherein the control module legitimates the second transportation vehicle component based on a challenge-response authentication method[¶5, data received from another module via an interface can be encrypted and/or signed.  In addition, with the cryptography module, data received from another module via an interface can be decoded and/or signatures verified or analyzed]
Regarding claim 3, Knechtel discloses, wherein the control module legitimates the second transportation vehicle component by a plausibility check of the contents of the at least one message [¶5, data received from another module via an interface can be encrypted and/or signed. Examiner Note: since the data is encrypted and singed, the component believes the contents are legit].
Regarding claim 4, Knechtel discloses, wherein the control module legitimates the second transportation vehicle component based on cryptographically protected messages from the second transportation vehicle component[¶5, data received from another module via an interface can be encrypted and/or signed].
Regarding claim 5, Knechtel discloses, wherein the cryptographically protected messages are cryptographically signed, wherein the cryptographically protected messages are 13676941_1.docx31cryptographically encrypted, and/or wherein the cryptographically protected messages comprise a calculated value based on a cryptographic key [¶5, data received from another module via an interface can be encrypted and/or signed].
Regarding claim 6, Knechtel discloses, wherein the control module stores cryptographic information about previously received cryptographically protected messages of the second transportation vehicle component, and wherein the control module legitimates the second transportation vehicle component in response to the cryptographically protected messages, which have been received via the at least one interface within a predefined time interval before the transportation vehicle component was enabled, being in accordance with the stored cryptographic information[¶5, a security unit (secure communication unit), e.g. for a vehicle, aircraft, ship, or the like, that has at least one cryptography module (crypto unit) with which cryptographic codes are generated, stored, managed and/or processed], and [¶7,… The cryptography module also securely and rapidly executes cryptographic operations and stores data], and [¶14… security can be ensured especially during time-critical situations in the vehicle…].
Regarding claim 8, Knechtel discloses, wherein the receipt of the at least one message from the second transportation vehicle component implies that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components [¶7,… The cryptography module also securely and rapidly executes cryptographic operations and stores data.  The coordination module ensures the fail-safe and efficient management of the described functions, and isolation of the modules (this enables the first component) that are connected to the communications module should a module become compromised (this enables the second component when it finds out the first component becomes compromised), with the isolation of the compromised module being effected by blocking access to the communications module.], and [¶6].
Regarding claim 9, Knechtel discloses, wherein the at least one received message implies that the second transportation vehicle component has been enabled based on the secured cluster of transportation vehicle components, in response to the at least one received message implying that the second transportation vehicle component has a predefined condition, or in response to the at least one received message implying that a predefined action is being executed by the second transportation vehicle component[ ¶7,… The cryptography module also securely and rapidly executes cryptographic operations and stores data.  The coordination module ensures the fail-safe and efficient management of the described functions, and isolation of the modules (this enables the first component) that are connected to the communications module should a module become compromised (this enables the second component when it finds out the first component becomes compromised), with the isolation of the compromised module being effected by blocking access to the communications module.], and [¶6].
Regarding claim 10, Knechtel discloses, wherein the first transportation vehicle component is not part of the secured cluster of transportation vehicle components, and/or wherein the secured cluster enables the second transportation vehicle component without involving the first transportation vehicle component or the device[ see FIGs.1 and 2 and corresponding text, security unit SCU, ECU]
Regarding claim 11, Knechtel discloses, wherein the secured cluster of transportation vehicle components comprises at least one other device for enabling a first transportation vehicle component of a transportation vehicle, and/or wherein the device together with the secured cluster of transportation vehicle components forms a further secured cluster of transportation vehicle components [see FIGs.1 and 2 and corresponding text, security unit SCU, ECU].
Regarding claim 13, Knechtel discloses, wherein the at least one message, on which the enabling of the first transportation vehicle component is based, is at least a message which is used for the normal operation of the first transportation vehicle component or for the normal operation of the second transportation vehicle component, and/or wherein the at least one message, on which the enabling of the first transportation vehicle component is based, is at least a message which is not received solely for the purpose of enabling the transportation vehicle component via the at least one interface, or which is not sent from the second transportation vehicle component solely for the purpose of enabling the first transportation vehicle component [¶2,  Such a system (e.g. a vehicle) customarily has a plurality of electrical or electronic components, where the components or their control units can be connected to one another via a communications network, thereby forming an interconnected communications system.  A communications network within the context of the invention refers especially to a bus system, e.g. a bus system in an automobile, an aircraft, or a ship, or a bus system or network for machines in production lines or for remotely controlled systems.  Today, equipment of this type (e.g. motor vehicles) have at their disposal a plurality of controllers that can be configured as programmable control devices and that are to an ever-increasing extent being interconnected with their environment.  For this reason, efforts are being made to ensure the integrity and authenticity of data from such control devices.
Claims 13, 14, and 15 are interpreted and rejected for the same rational set forth in claim 1.

Claim Rejections - 35 USC § 103

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over US application no. 2008/0192929 issued to Knechtel and in view of US Patent No. 2009/021703 issued to Kuhls .
Regarding claim 7, Knechtel does not explicitly disclose, however, Kuhls discloses  wherein the secured cluster is an immobilizer cluster of the transportation vehicle, or wherein the secured cluster is an anti-theft cluster of the transportation vehicle [¶21,  In a development of this embodiment the provision of the corresponding diagnostic message of at least one of the second control apparatuses having the client security module, or a third control activating an immobilizer after the vehicle has been turned off.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Knecgtel with the teaching of Kuhls in order  for activating an immobilizer after the vehicle has been turned off, which leads to an additional increase in the security against manipulation[Kuhls, ¶¶9, 21].

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497