DETAILED ACTION
1.	Claims 1-19, 21 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Continued Examination Under 37 CFR 1.114
4.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. 
Response to Arguments
5.	Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.  
Claim Objections
6.1. 	Claims 2-6, 8-13, 15-19, 21 are objected to because of the following informalities:6.2.	As to claim 2; Applicant recites “2.  ….The method of Claim 1, wherein …”;  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
7.1.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

7.2.	Claim 1-5 rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20180217828 to Madrid et al (“Madrid”), in view of US Patent Application No. 20170295016 to Revell et al (“Revell”).

As per claim 1, Madrid discloses a method of encrypting a software package to be delivered to an over-the-air updater device of a given vehicle, the method comprising ([0004]-[0006], a vehicle includes a controller configured to receive encrypted software updates… a vehicle includes a telematics controller, [0001], securing over-the-air (OTA) software updates):
retrieving, by a packaging server from a communication gateway server, information for generating a symmetric key associated with the given vehicle ([0027]-[0028], an encryption keys 128 generated by the update server 112. The update server 112 may generate the encryption keys 128 and the corresponding decryption keys 136 in response to detecting that the software updates 102 are available … the encryption schemes may include symmetric),  

generating, by the packaging server, the symmetric key based on the information for generating the symmetric key associated with the given vehicle retrieved from the communication gateway server ([0027]-[0028], [0039], generate the encryption key 128 and the corresponding decryption key 136 in response to detecting that the software updates 102 are available for the one or more controllers 118 of the vehicle 104. The update server 112 may, accordingly, send the generated decryption key 136 to the update manager 116 of the vehicle 104 as part of the instruction file 134, also see fig. 3 and associated texts);  
encrypting, by the packaging server, the software package using the symmetric key ([0040]); 
transmitting, by the packaging server, the encrypted software package for delivery to the over-the-air updater device of the given vehicle ([0001], [0047]).
Madrid does not explicitly disclose however in the same field of endeavor, Revell discloses  the information including a random key based in part on private device identifiers associated with the given vehicle/user ([0022], receiving a first processing file; extracting combined key data; generating a first random key seed and sending it to the 
wherein the private device identifiers identify the at least one programmable component of the given vehicle ([0102], the identification for the terminal 100 is the IMSI (International Mobile Subscriber Identity), IMEI (International mobile Equipment Identifier) and/or serial number(s) of the terminal 100. … the identification for the terminal 100 is an application identifier provided with an application utilizing the secure communication…).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Revell by including the feature of private device identifiers, in order for Madrid’s system for authenticating using two different communication channels and private identification thereby making it very hard for a scam operator to maliciously identify itself as the security server (Revell, [0145]).

As per claim 2, the combination of Madrid and Revell discloses the method of Claim 1, wherein the information for generating the symmetric key associated with the given vehicle includes a random key generated by the communication gateway server for the given vehicle (Revell, [0019], [0022], [0045]). The motivation regarding the obviousness of claim 1 is also applied to claim 2.



As per claim 4, the combination of Madrid and Revell discloses the method of Claim 3, wherein generating the symmetric key based on the information for generating the symmetric key associated with the given vehicle retrieved from the communication gateway server includes: generating a full secret based on at least the random key, at least one of the one or more public device identifiers, and at least one package identifier determined by the packaging server (Revell, [0022], [0087], [0088]). The motivation regarding the obviousness of claim 1 is also applied to claim 4.

As per claim 5, the combination of Madrid and Revell discloses the method of Claim 4, further comprising generating, by the packaging server, a set of metadata that includes a public key associated with the packaging server and the at least one package identifier determined by the packaging server (Revell, [0092], [0096]). The motivation regarding the obviousness of claim 1 is also applied to claim 5.

7.3.	Claim 6 are rejected under 35 U.S.C. 103 as being unpatentable over Madrid and Revell as applied to claim above, and in view of US Patent Application No. 20150237502 to Schmidt et al (“Schmidt”).

As per claim 6, the combination of Madrid and Revell discloses the invention as described above.  Madrid and Revell do not explicitly disclose however in the same field of endeavor, Schmidt discloses the method of Claim 4, wherein generating the symmetric key based on the information for generating the symmetric key associated with the given vehicle retrieved from the communication gateway server includes combining a public key associated with the packaging server  and a public key associated with the given vehicle using a Diffie-Hellman technique, wherein the full secret is used as an HMAC key value in the Diffie-Hellman technique ([0303], [0310], [0349]). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Schmidt by including the feature of a HMAC key value , in order for Madrid’s system for protecting against unauthorized access of the devices. A hardware security anchor is important to the protection of the system behavior. This is a part of the system which is protected against unauthorized access by hardware measures known to be secure enough for the intended purpose to effectively mitigate risks of attacks against it. It holds, in particular, the RoT for its secure operation. The RoT is an abstract system element which enables a) securing of the internal system operation, and b) exposing properties and/or the identity (individually or as a member of a group such as make and model) of the system to external entities in a secure and authentic way (Schmidt, [0032]).


7.4.	Claims 7-11, 14 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Madrid and Revell as applied to claim above, and  in view of US Patent Application No. 20100128878 to Lee et al (“Lee”).

As per claim 7, the combination of Madrid and Revell discloses the vehicle, comprising: at least one non-transitory computer-readable medium having software stored thereon; and an over-the-air (OTA) updater device of a vehicle, comprising at least one processor and a non-transitory computer-readable medium having computer-executable instructions stored thereon that, in response to execution by the at least one processor, cause the OTA updater device to perform actions comprising (Madrid, [0027]-[0028], [0033]):
wherein the vehicle comprises the OTA updater device and at least one programmable component (Madrid, [0014], [0024], [0030], vehicle controllers may be protected from unauthorized intrusion using a variety of security methods. In one example, a cloud server manager may encrypt the software update files using a public or a private encryption key. Each of the software update files may further be code signed, such that decoding may be performed at the corresponding vehicle controller, rather than, for example, at a telematics control unit (TCU).) ;
receiving an encrypted software update package for updating the software stored on the at least one non-transitory computer-readable medium of the vehicle (Madrid, [0035], [0041], encrypted software updates 102);

Madrid does not explicitly disclose however in the same field of endeavor, Revell discloses wherein the private device identifiers identify the at least one programmable component of the vehicle (Revell, [0102], the identification for the terminal 100 is the IMSI (International Mobile Subscriber Identity), IMEI (International mobile Equipment Identifier) and/or serial number(s) of the terminal 100. … the identification for the terminal 100 is an application identifier provided with an application utilizing the secure communication…).
receiving, from the communication gateway server, a validation token (Revell, [0100]) based on the random key generated by the communication gateway server;
signing the validation token using the private key associated with the OTA updater device (Revell, [0102], [0112]);
transmitting, to the communication gateway server, the signed validation token (Revell, [0102], [0110]);
in response to verification of the signed validation token by the communication gateway server, receiving, from the communication gateway server, the random key, wherein the random key is associated with the encrypted software update package (Revell, [0111], [0154]);
generating a symmetric key based on at least the random key (Revell, [0167]).

Madrid does not explicitly disclose however in the same field of endeavor, Lee discloses transmitting, to a communication gateway server, a partial key based at least on private device identifiers associated with the vehicle, the partial key associated with a random key generated by the gateway server (Lee, [0010], [0067],[0080]). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Revell/Lee by including the feature of a partial key, in order for Madrid’s system for facilitating a user who can play the DRM/secured content for free without extra cost for the playing of the DRM content. Therefore, user can obtain a license, which is a decryption key of the target content, through the watching or listening to the advertisement. And thus, user can play the DRM content for free without extra cost for the playing of the DRM content. In conclusion, on the user's side, it is advantageous in that the cost according to the license purchase of the DRM content is reduced, while an advertizing effect can be enhanced in the advertiser's side. Additionally, a service provider can suggest a new business model to users and advertisers. Accordingly, the DRM content service can be enhanced and the DRM content service can be activated 

As per claim 8, the combination of Madrid, Revell and Lee discloses the vehicle of Claim 7, wherein generating a symmetric key using the random key includes generating a full secret based on at least the random key, one or more public device identifiers associated with the vehicle, and a vehicle identification number (VIN) of the vehicle comprising (Madrid, [0014], [0024], [0028], also see [0030]):

As per claim 9, the combination of Madrid, Revell and Lee discloses the vehicle of Claim 8, wherein the actions further comprise receiving metadata that includes one or more package identifiers associated with the encrypted software update package; and wherein the full secret is further based on at least one of the one or more package identifiers (Revell, [0092], [0094], also see [0096]). The motivation regarding the obviousness of claim 7 is also applied to claim 9.

As per claim 10, the combination of Madrid, Revell and Lee discloses the vehicle of Claim 9, wherein the metadata further includes a public key associated with a packaging server that encrypted the encrypted software update package; and wherein the symmetric key is further based on the full secret, the public key associated with the packaging server, and a public key associated with the OTA updater device (Revell, [0045], [0092], [0096 ]also see [0147], [0154], [0167]). The motivation regarding the obviousness of claim 7 is also applied to claim 10.

As per claim 11, the combination of Madrid, Revell and Lee discloses the vehicle of Claim 7, wherein the actions further comprise registering the OTA updater device with the communication gateway server (Madrid, [0026], [0032]).

As per claim 14, the combination of Madrid, Revell and Lee discloses the non-transitory computer-readable medium having computer-executable instructions stored thereon that, in response to execution by one or more processors of a computing device, cause the computing device to perform actions for verifying an over-the-air (OTA) updater device of a vehicle and sharing information for generating a symmetric encryption key, the actions comprising (Madrid, [0027]-[0028], [0033]):
wherein the vehicle comprises the OTA updater device and at least one programmable component (Madrid, [0014], [0024], [0030], vehicle controllers may be protected from unauthorized intrusion using a variety of security methods. In one example, a cloud server manager may encrypt the software update files using a public or a private encryption key. Each of the software update files may further be code signed, such that decoding may be performed at the corresponding vehicle controller, rather than, for example, at a telematics control unit (TCU).) 
Madrid does not explicitly disclose however in the same field of endeavor, Revell discloses wherein the private device identifiers identify the at least one programmable component of the vehicle (Revell, [0102], the identification for the terminal 100 is the IMSI (International Mobile Subscriber Identity), IMEI (International mobile Equipment Identifier) and/or serial number(s) of the terminal 100. … the identification for the 
generating a random key based on the partial key to be associated with the OTA updater device (Revell, [0019], [0022]); 
storing the random key (Revell, [0050]);
transmitting the random key to a packaging server for use by the packaging server in generating a symmetric key (Revell, [0153]); and
transmitting the random key to the OTA updater device for use by the OTA updater device in generating the symmetric key (Revell, [0154]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Revell by including the feature of private device identifiers, in order for Madrid’s system for authenticating using two different communication channels and private identification thereby making it very hard for a scam operator to maliciously identify itself as the security server (Revell, [0145]).
Madrid does not explicitly disclose however in the same field of endeavor, Lee discloses receiving, from the  OTA updater device of the vehicle, a partial key based at least on private device identifiers of a vehicle (Lee, [0010], [0067],[0080]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Revell/Lee by including the feature of a partial key, in order for Madrid’s system for facilitating a user who can play the DRM/secured content for free without extra cost for the playing of the DRM content. Therefore, user can obtain a license, which is a 

As per claim 21, the combination of Madrid, Revell, and Lee discloses the computer-readable medium of Claim 14, wherein the private device identifiers include at least one of an integrated circuit card identifier (ICCID) of the over-the-air updater device or a serial number of a processor of the over-the-air updater device (Revell, [0102], the identification for the terminal 100 is the IMSI (International Mobile Subscriber Identity), IMEI (International mobile Equipment Identifier) and/or serial number(s) of the terminal 100. … the identification for the terminal 100 is an application identifier provided with an application utilizing the secure communication…). The motivation regarding the obviousness of claim 7 is also applied to claim 21.




 	As per claim 12, the combination of Madrid, Revell and Lee discloses the invention as described above.  Madrid, Revell and Lee do not explicitly disclose however in the same field of endeavor, Schmidt discloses the vehicle of Claim 11, wherein registering the OTA updater device with the communication gateway server includes: transmitting a registration request to the communication gateway server, wherein the registration request includes a public key generated by the OTA updater device using the private key associated with the OTA updater device (Schmidt, [0105], [0340], [0345]-[0346]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Madrid with the teaching of Schmidt by including the feature of a registering, in order for Madrid’s system for protecting against unauthorized access of the devices. A hardware security anchor is important to the protection of the system behavior. This is a part of the system which is protected against unauthorized access by hardware measures known to be secure enough for the intended purpose to effectively mitigate risks of attacks against it. It holds, in particular, the RoT for its secure operation. The RoT is an abstract system element which enables a) securing of the internal system operation, and b) exposing properties and/or the identity (individually or as a member of a group such as make and 

 As per claim 13, the combination of Madrid, Revell, Lee and Schmidt discloses the vehicle of Claim 12, wherein registering the OTA updater device with the communication gateway server further includes receiving a registration certificate from the communication gateway server (Schmidt, [0105], [0339], [0340]). The motivation regarding the obviousness of claim 12 is also applied to claim 13.

As per claim 15, the combination of Madrid, Revell, Lee and Schmidt discloses the computer-readable medium of Claim 14, wherein the actions further comprise: receiving a registration request from the OTA updater device, wherein the registration request includes a public key associated with the OTA updater device; and
storing the public key associated with the OTA updater device (Schmidt, [0105], [0340], [0345], [0352]). The motivation regarding the obviousness of claim 12 is also applied to claim 15.

As per claim 16, the combination of Madrid, Revell, Lee and Schmidt discloses the computer-readable medium of Claim 15, wherein the registration request further includes one or more public device identifiers; and wherein the actions further comprise storing the one or more public device identifiers (Schmidt, [0302], [0340], [0352]). The motivation regarding the obviousness of claim 12 is also applied to claim 16.



As per claim 18, the combination of Madrid, Revell, Lee and Schmidt discloses the computer-readable medium of Claim 15, wherein the actions further comprise: generating a validation token based on the random key; and transmitting the validation token to the OTA updater device (Revell, [0112], [0094]).  The motivation regarding the obviousness of claim 12 is also applied to claim 18.

As per claim 19, the combination of Madrid, Revell, Lee and Schmidt discloses the computer-readable medium of Claim 18, wherein the actions further comprise: receiving a request from the OTA updater device for the random key, wherein the request includes a signed validation token; verifying the signed validation token using the stored public key associated with the OTA updater device; and in response to verifying the signed validation token, transmitting the random key to the OTA updater device (Revell, [0100], [0102], [0110], [0111], [0154]). The motivation regarding the obviousness of claim 12 is also applied to claim 19.
       
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892).
Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195.  The examiner can normally be reached on 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 
/HARUNUR RASHID/Primary Examiner, Art Unit 2497