DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments

Applicant's arguments filed 2/2/2021 have been fully considered but they are not persuasive.
As to Applicant’s argument that, “There is absolutely nothing in this passage of Stewart that even remotely hints at establishing a secure connection between the electronic device and a configurator device as part of the revoking of the credential
As to Applicant’s argument that, “Thus, In re Larson upheld an obviousness rejection where a cited reference teaches a brake disc rigidly to a clamping means, which the court found to be an obvious design choice of being integral. In the present case, there is absolutely no evidence whatsoever that the credential issuing device of Stewart is anywhere associated physically with the vehicle” (Remarks, p. 12), the Examiner respectfully disagrees. The Applicant has provided no support for the contention that In re Larson can only be applied in instances concerning brake discs rigidly secured to a clamping means. The Examiner continues to believe the case law is applied correctly. While Stewart does not explicitly recite the location of the credential issuing device, Stewart indicates that the credential issuing device can be portable and the member device can be placed in a cradle of the credential issuing device, such as inside a vehicle (Stewart, [0065-0066]). There is no limitation on what constitutes the credential issuing device including portable devices which could equally be part of the vehicle (Stewart, [0113]). The Applicant has not argued that Stewart as modified does not teach “a provisioning device” as claimed, but is arguing that a particular placement of a provisioning device, that is portable, is a patentable distinction. Therefore, the rejection is maintained.
As to Applicant’s argument that, “The Office Action took the position that revoking the credential explicitly would be performed by a user. However, note that [0124] of Stewart refers to revoking a credential, whereas claim 18 refers to a user activation of a control item in a user interface indicating the termination of the access of the service, which is different from revoking a credential” (Remarks, pp. 14-15), the Examiner respectfully disagrees. Applicant's arguments fail to comply with 37 CFR 1.111(b) .

Response to Amendment

Claims 1, 5, and 14 have been cancelled.
Claims 2-4, 6-13, and 15-23 are pending.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 2-5, 7, 10, 15, 16, and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2005/0125669 to Stewart et al. (hereinafter Stewart) in view of US PG Pub. No. 2012/0221695 to Rose et al. (hereinafter Rose).

As to claim 7, Stewart teaches:

b.	Establishing, by the electronic device using the configuration information, a connection with the network of the vehicle to access a service (member device uses credential(s) to open a secure communication channel with the vehicle) (Stewart, [0112]).
Stewart teaches revocation of credentials based on at least an expiration of a time period, but does not expressly mention revoking in response to termination of access. However, in an analogous art, Rose teaches:
c.	Revoking the credential in response to a termination of the access of the service (termination of logical access results in the revocation of credentials) (Rose, [0015-0016]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart with revocation of credentials of Rose in order to better protect both physical and logical resources by requiring a user to re-authenticate after termination of services as suggested by Rose (Rose, [0023]).
Stewart as modified further teaches:
d.	Establishing a secure connection between the electronic device and a configurator device (prospective member device establishes communication with 
e.	Receiving, by the electronic device over the secure connection, revocation information from the configurator device, the revocation information for revoking the credential (receiving a certificate revocation list) (Stewart, [0052]).
f.	In response to the revocation information received over the secure connection, deleting the credential or marking the credential as invalid (adding revoked credential to certificate revocation list) (Stewart, [0052]).

As to claim 2, Stewart as modified teaches the configuration information comprises service information relating to the service accessible by the electronic device (credentials needed to access at least one of the services) (Stewart, [0017 and 0038]).

As to claims 3 and 20, Stewart as modified teaches using, by the electronic device, the service information to access an application of the vehicle, the application providing the service (application specific information is included in the credential package) (Stewart, [0096-0099]).

As to claim 4, Stewart as modified teaches revoking the service information in response to the termination of the access of the service (termination of logical access results in the revocation of credentials and related data) (Rose, [0015-0016] and Stewart, [0124]).



As to claims 10 and 16, Stewart as modified teaches:
a.	Receiving, by the electronic device, bootstrapping information (information provided to member device to bootstrap a secure communication channel) (Stewart, [0057]).
b.	Using, by the electronic device, bootstrapping information to establish a secure connection with a provisioning device, wherein the configuration information relating to network connectivity is received over the secure connection with the provisioning device (provisioning information is transmitted over the secure connection as part of the secure credential infrastructure process) (Stewart, [0034, 0052, 0057, and 0112]).

As to claim 15, Stewart teaches:
a.	A wireless network (Stewart, [0030]).

c.	Establish a connection with an electronic device over the wireless network, by the electronic device using the configuration information, the connection based on the electronic device establishing connectivity with the vehicle using a credential received by the electronic device as part of a provisioning procedure (member device uses credential(s) to open a secure communication channel with the vehicle) (Stewart, [0112]).
d.	Provide access to the service over the connection (member device uses credential(s) to open a secure communication channel with the vehicle) (Stewart, [0112]).
Stewart teaches revocation of credentials based on at least an expiration of a time period, but does not expressly mention revoking in response to termination of access. However, in an analogous art, Rose teaches:
e.	Revoke the credential in response to a termination of the access to the service (termination of logical access results in the revocation of credentials) (Rose, [0015-0016]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart with revocation of credentials of Rose in order to better protect both physical and logical resources by requiring a user to re-authenticate after termination of services as suggested by Rose (Rose, [0023]).

f.	A provisioning device to provide the credential to the electronic device as part of the provisioning procedure (prospective member device establishes communication with the credential issuing device (configurator device)) (Stewart, [0034]).

As to claim 18, Stewart teaches:
a.	A communication interface (prospective member device) (Stewart, [0054]).
b. 	Receive configuration information relating to network connectivity with a network of a vehicle, the configuration information including a credential (prospective member device is provisioned with a credential wirelessly) (Stewart, [0054 and 0063]).
c.	Establish, using the configuration information, a connection with the network of the vehicle to access a service (member device uses credential(s) to open a secure communication channel with the vehicle) (Stewart, [0112]).
Stewart teaches revocation of credentials based on at least an expiration of a time period, but does not expressly mention revoking in response to termination of access. However, in an analogous art, Rose teaches:
d.	Revoke the credential in response to a termination of the access of the service (termination of logical access results in the revocation of credentials) (Rose, [0015-0016]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart with 
Stewart as modified further teaches based on user activation of a control item in a user interface indicating the termination of the access of the service (explicit revocation of the credential either by the user or vehicle owner) (Stewart, [0124]).
e.	Establishing a secure connection with a configurator device (prospective member device establishes communication with the credential issuing device (configurator device) as part of the secure credential infrastructure process) (Stewart, [0034, 0052, and 0112]).
f.	Receiving, at the electronic device over the secure connection, revocation information from the configurator device, the revocation information for revoking the credential (receiving a certificate revocation list) (Stewart, [0052]).
g.	In response to the revocation information received over the secure connection, deleting the credential or marking the credential as invalid (adding revoked credential to certificate revocation list) (Stewart, [0052]).

As to claim 19, Stewart as modified teaches obtain[ing] a new credential in response to the vehicle crossing a border between different geographical regions (automatically start provisioning credentials in response to a change of environment) (Stewart, [0063]). 



As to claim 22, Stewart as modified teaches:
a.	Establish a secure connection with the electronic device for revoking the credential (prospective member device establishes communication with the credential issuing device (configurator device) as part of the secure credential infrastructure process) (Stewart, [0034, 0052, and 0112]).
b.	Send, over the secure connection, revocation information to the electronic device to cause the revoking of the credential at the electronic device (receiving a certificate revocation list) (Stewart, [0052]).

Claim 6 and claim 23 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2005/0125669 to Stewart et al. (hereinafter Stewart) in view of US PG Pub. No. 2012/0221695 to Rose et al. (hereinafter Rose) as applied to claim 7 and claim 18 respectively above, and further in view of US PG Pub. No. 2007/0101146 to Louch et al. (hereinafter Louch) in view of US PG Pub. No. 2008/0027602 to Yeap et al. (hereinafter Yeap).


a.	Querying, by the electronic device, a server system to determine a cause of the revoking of the credential (upon verification failure, the user receives a CRL with the reasons for the revocation) (Louch, [0034]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart as modified with notifying the user with the reason for the revocation in order to initiate a security action as suggested by Louch (Louch, [0034]).
Stewart as modified does not expressly mention a reason for the revocation is a stolen vehicle. However, in an analogous art, Yeap teaches:
b.	Determining, by the electronic device based on a response to the querying, whether the revoking of the credential is in response to the vehicle being stolen (the revocation of the certificate is the result of the vehicle being stolen) (Yeap, Abstract, [0063]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart as modified with revoking a certificate in response to a stolen vehicle of Yeap in order to deter thefts of vehicles as suggested by Yeap (Yeap, [0003]).

Claims 8, 9, and 11-13, and claim 17 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2005/0125669 to Stewart et al. (hereinafter Stewart)  as applied to claim 7 and claim 16 respectively above, and further in view of US PG Pub. No. 2017/0265448 to McCann et al. (hereinafter McCann).

As to claims 8 and 11, Stewart as modified does not expressly mention the Wi-Fi Alliance Device Provisioning Protocol. However, in an analogous art, McCann teaches the configuration information comprises a Device Provisioning Protocol (DPP) information (provisioning a device with credentials utilizing DPP) (McCann, [0014]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart as modified with McCann’s use of DPP in order to make the provisioning process more streamlined as suggested by McCann (McCann, [0014]).

As to claim 9, Stewart as modified teaches the configuration information is included in a DPP Connector (McCann, [0172]).

As to claim 12, Stewart as modified teaches the provisioning device is part of the vehicle (credential issuing device is part of the credential issuing system) (Stewart, [0123]). While Stewart as modified does not expressly mention the provisioning device is part of the vehicle, including the credential issuing device in the vehicle is obvious to one of ordinary skill (In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965))



As to claim 17, Stewart as modified does not expressly scanning for bootstrapping information. However, in an analogous art, McCann teaches a code detectable by a camera of the electronic device to obtain the bootstrapping information (QR code scanned for bootstrapping information) (McCann, [0037]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the credential provisioning of Stewart as modified with McCann’s use of QR codes for bootstrapping information in order to make the provisioning process more streamlined as suggested by McCann (McCann, [0014]).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM S POWERS whose telephone number is (571)272-8573.  The examiner can normally be reached on M-F 7:30-17:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on 571 270 3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/WILLIAM S POWERS/           Primary Examiner, Art Unit 2419