Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Joseph Kendrick, on 3/6/2021. 
The application has been amended as follows:

Amendments to the Claims
Amendment to claim 1 as follows:

Claim 1, line 3, before [processor], insert –-hardware--

Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d) (This application is a DIV of 15/970,521 05/03/2018 PAT 10715511), which papers have been placed of record in the file.

Amendments to the Specification
Please amend first paragraph at page 1 of the specification as following:
--[0001] This application is a Divisional patent application claiming priority to, and the benefit of, U.S. Patent Application No. 15/970,521 titled, now U.S. Patent No. 10,715,511, “SYSTEMS 

Drawings
The drawings filed on 6/5/20 are acknowledged.  

Allowable Subject Matter
Claims 1-11 are allowed.
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 1302.14).
The following is an examiner's statement of reasons for allowance: 

Claim 1 recites, a data service system for providing to a vehicle access to data services, the data service system comprising:
a processor in communication with a network interface; a private key vault device coupled to the processor;
a vehicle data service protocol executed by the processor, wherein the vehicle data service protocol establishes a communication session for data service exchanges with a vehicle communication manager onboard the vehicle via the network interface;
wherein the vehicle data service protocol includes a session validation sequence that causes the processor to:

wherein the session reply message includes a public operational authentication key, a public operational encryption key, and is signed using a subscriber validation private key associated with an embedded public key stored within the vehicle communication manager.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Zhang et al., 2016/0072781 discloses,
[0030] Overall, the first communication port 110 receives signals 144 comprising authentication request data 146 representative of requests for authentication from one or more of the network devices 152.  The signals may also contain security keys communicated from one or more of the in-vehicle devices 152 for selective distribution by the gateway logic 130 to others of the in-vehicle devices 152.  The authentication proxy and gateway logic 130 selectively authenticates the network devices 152 based on the authentication request data in accordance with the authentication capability of the associated requesting device.  Once authenticated, the devices may be able to share security keys with other authenticated devices, and further may also receive from the gateway logic security keys of other previously authenticated devices.  The authentication proxy logic adapts its authentication and key distribution response in accordance with the particular communication and processing capabilities of the authentication-requesting device.  For some devices such as the second set (Type C) of associated network devices 170 capable of only transmitting signed or otherwise encrypted messages representative of a measure of the parameter being sensed, for example, the authentication proxy logic intercepts the messages and interprets them as authentication requests if the device is not already authenticated.  The authentication proxy and gateway logic selectively generates a cryptographic key set responsive to the authentication proxy logic authenticating the network devices based on the authentication request data in accordance with the particular authentication capability of the requesting device.  Thereafter, the authentication proxy logic selectively distributes the cryptographic key set to selected one or more of the network devices. [0046] In accordance with the embodiments herein, differentiated secure communications among heterogeneous electronic devices is provided first by authentication of in-vehicle devices having unequal capabilities such as for example having different communication and processing capabilities.  In an example embodiment, a connected vehicle gateway device 310 is operable to function as the onboard authentication proxy logic 130 (FIG. 1) and includes onboard key server logic for authenticating other in-vehicle devices, and serves as the vehicle's interface with external networks.  The original connected vehicle gateway on a vehicle is authenticated by the device or vehicle manufacturer during device or vehicle manufacturing process.  New connected vehicle gateway device 310 installed on a vehicle can be either pre-authenticated or authenticated by an off-board authentication server when it can access the off-board authentication server.  As a result of successful authentication, the connected vehicle gateway device 310 acquires all the necessary security materials it will need to communicate with other in-vehicle devices and to provide the onboard authentication proxy and the onboard key server function.


    PNG
    media_image1.png
    408
    582
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    794
    567
    media_image2.png
    Greyscale
s.

    PNG
    media_image3.png
    561
    797
    media_image3.png
    Greyscale

    PNG
    media_image4.png
    550
    808
    media_image4.png
    Greyscale

    PNG
    media_image5.png
    458
    848
    media_image5.png
    Greyscale


Ujiie et al., 2016/0315766 discloses, 
[0196] The onboard network system including a master ECU 31400 (key managing device) which is a partial modification of the above-described master ECU 30400 will be described below.  The master ECU 31400 is basically the same as the master ECU 30400, but the method of confirming the order of responses that the ECUs return after having transmitted the survival confirmation frame as a request differs.  That is to say, the master ECU 31400 has a function of confirming the order of responses (serial ID notification frames) received from the ECUs by communication with a server that is external from the onboard network system (outside of the vehicle).  This server is a computer that manages information indicating the order of CAN-IDs in the serial ID notification frames transmitted as responses to the survival confirmation frame.    [0204] In the onboard network system according to the modification of the third embodiment, the master ECU 31400 communicates with an external server in a case where the vehicle is in a particular state such as a stopped state or the like, and causes the server to determine whether the order of frames that the ECUs transmit is suitable, thereby verifying whether or not the security state of the shared keys is appropriate.  In a case where the configuration of the onboard network system has been changed, the order of frames transmitted by the ECUs changes as compared to before, so this is determined to be an error by the server.  In a case where the security state is inappropriate (a case where determination of an error has been made), safety can be secured by notification and the like.  The external server can collect information of the serial IDs of the ECUs from the master ECU 31400 in the onboard network system installed in multiple vehicles and confirm the integrity, so the security state of the shared keys can be inspected more appropriately.    [0216] (11) The shared keys shared between the master ECU (key managing device) and other multiple ECUs (keys shared before transmission of session keys) shown in the above-described embodiments may be shared keys in a shared key encryption system (secret keys), or alternatively may be a key pair (public key and secret key) in a public key encryption system.  That is to say, it is sufficient for a first-type electronic control unit (master ECU) serving as the key managing device, and one or more second-type electronic control units (ECUs other than the master ECU) mutually storing sharked keys that are the same or are a 


    PNG
    media_image6.png
    369
    582
    media_image6.png
    Greyscale


    PNG
    media_image7.png
    544
    852
    media_image7.png
    Greyscale


Therefore independent claim 1 is allowable over the prior arts of record.  Consequently, independent claim 1 and its dependent claims 2-11 are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571) 272-3973.  The examiner can normally be reached on Monday-Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin, can be reached at (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/HARESH N PATEL/Primary Examiner, Art Unit 2493