DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 22 January 2021 have been fully considered but they are persuasive only in part.
First, regarding the rejection under 35 U.S.C. 103, applicant argues:
“The Office Action asserted that Buchenscheit discloses a ‘triple’ of a ‘signature’, a ‘public key certificate’, and a ‘public key’ that is included in the “public key certificate”. However, the ‘triple’ in Buchenscheit does not correspond to the trip[le] recited in claim 1, as further discussed below.
“Claim 1 recites a triple that is generated using a ‘device secret’. However, the items in the “triple” as seen in Buchenscheit are generated by different entities and thus cannot be generated using a ‘device secret’ by a computing device of a vehicle.” (Emphasis added)

The examiner agrees, in part, with applicant’s characterization of Buchenscheit et al. (IEEE 2009), but believes the description of what the Office action asserted is incomplete, and disagrees with the “cannot” logic of applicant’s statement.
That is, there is nothing in claim 1 that apparently refers to how any “items in” the triple are (e.g., individually) generated, or that precludes any “items in” the triple from being generated by different entities, for example, as long as the triple itself, as a whole (as the new combination of the three possibly old items
Moreover, regarding what the Office action asserted, the Office action of 22 October 2020 specifically indicated at paragraph 33:
“Buchenscheit et al. (IEEE 2009) may not reveal that the emergency vehicle receives a command from a host computer or that a new device secret is stored in response to the command, and that the triple is generated using the device secret.”

The examiner relied on Kounga et al. (EP, ‘813) for showing this aspect of the claims in paragraph 37 of the Office action dated 22 October 2020, with the device secret being previously indicated as being the unique secret value “sk” and/or the random number “ai” e.g., that the tamper resistant black box BBk does not disclose:
“37.	generating, by the computing device using the new device secret, a triple comprising an identifier, a certificate, and a public key [e.g., the certificate Certi, the signing of the certificate and/or the message, signed with the private key, being the identifier, and the certificate Certi including the public key gKi e.g., in the embodiment of paragraph [0090]];” (Emphasis added)

As to “generating the triple”, the emergency vehicle in Buchenscheit et al. (IEEE 2009) expressly signs the message with an identifying message signature which becomes (in the examiner’s stated interpretation) an/the identifier.  Applicant is correct that the emergency vehicle in Buchenscheit et al. (IEEE 2009) indeed receives the public key certificate from a trusted CA.  But the received public key certificate is only a double (containing a certificate and a public key), not a triple, when it is issued by the CA in that it lacks the emergency vehicle’s message signature as the identifier.  When the emergency vehicle subsequently attaches the public key certificate (double) to a adds the indicated identifier to the message by signing the same message, the emergency vehicle then generates a [new] triple that did not previously exist, in part from the double that had previously been issued by the trusted CA (e.g., that is, the “triple” did not yet exist before the emergency vehicle signed the message that was made to contain the public key certificate, and so the triple was generated e.g., from two old things and one new thing).
Moreover, the manner in which the (CA issued) certificate is used in the message of the primary reference is modified by Kounga et al. (EP, ‘813), where the CA sends a certificate (CertCA in FIG. 2) containing requisite trusted information (e.g., V, etc.) signed by the CA to a tamper resistant black box BBk of the vehicle, and the black box BBk then re-generates the requisite trusted information (e.g., including V signed by the CA; paragraph [0069]) into a (new) signed (public key) certificate Certi of a message (FIG. 2) for broadcast to other vehicles (see e.g., embodiment introduced at paragraph [0090]).  Accordingly, even if the certificate was initially issued by the CA in Buchenscheit et al. (IEEE 2009), it would have obviously been re-generated, and re-issued, as Certi, by the black box (BBk) of the emergency vehicle, as taught by Kounga et al. (EP, ‘213), e.g., so that (e.g., emergency) vehicles could (e.g., in large measure) manage their certificates by themselves, even while allowing authenticity of their transmitted messages to be verified.
Here the examiner merely notes that applicant apparently does not claim in claim 1 that the certificate is generated or that the key is generated, e.g., by the computing device, but rather claims that a triple (a new combination of three possibly old things) is generated e.g., by the computing device.  It is well known that a new combination of 
In this respect, while applicant apparently does not separately argue independent claim 12, claim 12 requires that the certificate, not the triple, is generated using the device secret, and this is shown e.g., by Kounga et al. (EP, ‘813) at Steps 1 and 2 in FIG. 2[1], and is described e.g., at paragraph [0036].  That is, a certificate CertCA(V,…) containing V, etc. is issued/signed by the Certificate Authority (CA), and then the black box BBk generates a certificate Certi, e.g., Certi(V [signed by the CA],pubTi,…), as well as the public/private key pair based on e.g., the certificate from CA, the secret sk
As to claim 20, the indefiniteness in the claim precludes the examiner from fully knowing the applicant’s intent in what is meant by “the private identifier”, with the examiner believing (after specific search) that this is not a term of art.  The examiner cannot import the limitations from claim 19 into claim 20, since applicant has apparently changed the dependency of claim 20 to exclude claim 19 (from which it previously depended), but, as the claims are currently understood, the examiner believes the combined limitations of claims 19 and 20 (with the private identifier defined as in claim 19) are not shown by the prior art of record.
Accordingly applicant’s arguments are not persuasive in these respects.
Second, applicant’s amendments in large measure cure or obviate the issues previously raised by the examiner under 35 U.S.C. 112(b), as well as for claim 19 under 35 U.S.C. 112(a)2, with the examiner accepting applicant’s assertions that the terms “identifier”, “certificate”, and “public key” are broad (and not indefinite) terms e.g., that may overlap3 one another (e.g., a public key certificate may be considered to be or include [“compris[e]”] an identifier by reason of it having a name and/or a signature that identifies e.g., an issuer of the certificate, to be or include a certificate, and to be or include a public key by reason if it having a public key).  Similarly, the examiner accepts applicant’s assertions that the terms “status” and “class” as related to vehicles are broad (and not indefinite) terms.
Third, upon consultation, applicant’s arguments regarding the rejection under 35 U.S.C. 101 of claims 1 to 4, 7 to 14, and 16 to 18 are not persuasive.  In particular, applicant asserts:
“When the claimed invention is viewed as a whole. it is apparent that the claimed invention is a computer implemented technique in a system of vehicles. Thus, it is improper to assert that the claimed invention is directed to a mental process in the human mind.” (Emphasis added)

However, claim limitations that that generally link the use of the judicial exception to a particular technological environment or field of use (e.g., use in a system of vehicles) do not meaningfully limit the claim.  See, e.g., Bilski v. Kappos, 561 U.S. 593, 612, 95 USPQ2d 1001, 1010 (2010) ("Flook established that limiting an abstract idea to one field of use or adding token postsolution components did not make the concept patentable") (citing Parker v. Flook, 437 U.S. 584, 198 USPQ 193 (1978)), and per the 2019 PEG cannot integrate the idea into a practical application.4
Moreover, while applicant indicates that the claims cover computer-implemented techniques, merely implementing the abstract idea on a computer, or using the 
The examiner therefore believes that the idea recited in the claims can be performed as a mental process in the human mind, as detailed (e.g., with a new example) below, and the claims are thus directed to a judicial exception without being integrated into a practical application or reciting significantly more than the judicial exception.
Accordingly, applicant’s arguments are not persuasive in this respect.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 19 and 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
In claim 20, applicant claims a storage medium, but then applicant also claims an apparent act (the generation of the triple) that is perhaps performed by other (non-medium?) devices that use specified “operations” (as recited in lines 2 to 6).  It is unclear what performs these specified operations (e.g., are these operations which are performed by the computing device of the first vehicle executing the medium stored 
In claim 20, line 5, “the private identifier” apparently has no proper antecedent basis and is unclear.
In claim 20, line 6, “the private key” apparently has no proper antecedent basis and is unclear.
[Claim 19, now depending from claim 20, is rejected under 35 U.S.C. 112(b) by/for reason of it dependency from claim 20.]
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 to 4, 7 to 14, and 16 to 18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claim(s) 1 to 4, 7 to 14, and 16 to 18, while (each) reciting a statutory category of invention defined in 35 U.S.C. 101 (a useful process, machine, manufacture, or composition of matter), is/are directed to an abstract idea, which is a judicial exception, the recited abstract idea being that of verifying the identity of a first vehicle using a triple or certificate that has been generated using a device secret and then sent to a second vehicle, e.g., by receiving a command from a host device; in response to receiving the command, storing a device secret; generating, using the device secret, a triple comprising an identifier, a certificate, and a public key; and sending the triple to a 
This abstract idea falls within the grouping(s) of mathematical concepts, mental processes, and/or certain methods of organizing human activity, distilled from case law, because the verifying of the identity could be practically performed in the human mind as a mental process.  
For example, when the device “secret” need no longer be “new” and could be shared with another party or multiple parties, two friends Tom and Jerry may be renting two cars to meet at Island Beach, with Tom saying, “Hey, I rented a silver Honda CRV for the next two weeks”, and Jerry saying, “Well Tom, I don’t have my Nissan Versa Note yet, but how am I ever going to find you once I get there?  There are probably going to be a dozen or more silver CRVs in the parking lot!”  To which, Tom can reply, “Jerry, I’m in the CRV right now.  My license plate number is New Jersey5 IBY-949.  Do you think you can remember that, just in case?  As soon as you can, write a coded message down on a piece of paper to help you remember, write ‘UPN 1 NJ IBY-949’.  The first three letters are my name in capital code, adding one alphabet position to each letter as indicated by the code symbol “1”, so that if someone finds your message they won’t know the license plate number is mine, but please don’t share the license plate number with anyone either, it is a key for anyone who wants to find me publicly - I’ll try to park close to the beach.  And make sure you bring the coded license plate number message to your car before you leave.  That’s an order!”  And Jerry could subsequently write down the coded license plate number message on a piece of paper, and carry it to his vehicle as instructed by Tom, for use when he arrives at the beach inside his Nissan Versa Note, in order to verify the identity of Tom’s car, so that he can park his Nissan Versa Note near Tom’s CRV.  And then, upon arriving at the beach, Jerry could leave a note on Tom’s windshield, “UPN, its KFSSZ, my license plate, coded as by your example, is WB UPV-835, I’ll be near my car for the next hour.  Hope to see you soon!”
In the above scenario, for example, Tom and Jerry’s brains are the computing device(s) with at least one processor, the command is to write down the information, the host device may be Tom’s cell phone (or Tom), the device secret is the information Tom gives about the rental car license plate number that Jerry hears on the phone and dutifully memorizes before writing it down, the identifier is “Tom” (or “Upn”), the certificate is the paper on which the license plate number is written by Jerry, and the public key is the capital code rule, etc., with Jerry, as a controller/driver/brain of the Nissan Versa Note (the second vehicle) and being part of/inside of it for the trip, recognizing the CRV (the first vehicle) based on the coded license plate number message information from Tom that he wrote down.
Additionally, the abstract idea is not integrated by the recitation of additional elements into a practical application because merely using a computer as a tool to perform an abstract idea is not integrating the idea into a practical application of the idea, and e.g., no (other) machine, transformation, improvement to the functioning of a computer or an existing technological process or technical field, or meaningful application of the idea, beyond generally linking the idea to a technological environment or adding insignificant extra-solution activity, is recited in or encompassed by the claims.  Moreover, the claim(s) does/do not include additional elements/limitations/steps that are, individually or in ordered combination, sufficient to amount to significantly more than the judicial exception because the elements/limitations/steps are recited at a high level of generality (e.g., a host device, a system, a first vehicle, a second vehicle, an action, etc.) and are used e.g., for data/information gathering only or for other activities that are well-understood, routine, and conventional activity in the industry, and Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 110 USPQ2d 1984 (2014); buySAFE, Inc. v. Google, Inc., 765 F.3d. 1350, 112 USPQ2d 1093 (Fed. Cir. 2014), OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 115 USPQ2d 1090 (Fed. Cir. 2015); see also the 2019 PEG Advanced Module at pages 89, 145, etc.) do not add a meaningful limitation to the abstract idea because they would be routine (and conventional) in any computer implementation of the idea. 
Moreover, limiting or linking the use of the idea to a particular technological environment (e.g., verifying the identity of a vehicle, e.g., in a system of vehicles) is not enough to transform the abstract idea into a patent-eligible invention (Flook[6]) e.g., because the preemptive effect of the claims on the idea within the field of use (e.g., within vehicles) would be broad.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 to 7, 10 to 13, 15 to 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Buchenscheit et al. (“A VANET-based emergency vehicle warning system”, 2009 IEEE Vehicular Networking Conference (VNC), Date of .
Buchenscheit et al. (IEEE 2009) reveals:
per claim 1, a method comprising:
generating, by the computing device of a first vehicle [e.g., the “emergency vehicle” in the VANET-based emergency vehicle warning system; page 28-4-1-4, right column, first full paragraph] a triple comprising an identifier, a certificate, and a public key [e.g., the message signature as an identifier, the public key certificate as the certificate, and the public key in the public key certificate as the public key; page 28-4-1-4, right column, first full paragraph; wherein the message, as the “lightweight immediate warning message” of Section III., D., additionally includes both an “id” and an “EV code” as public identifiers]; and
sending, by the computing device, the triple to a second vehicle [e.g., sending a signature of a digitally signed message together with “a corresponding public key certificate” which obviously included all parts of a conventional certificate including a signature as an identifier, a public key, etc.; page 28-4-1-4; wherein the message, as the “lightweight immediate warning message” of Section III., D., additionally includes both an “id” and an “EV code” as public identifiers], wherein the second vehicle is configured to verify an identity of the first vehicle using the triple [e.g., by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; so that road users can receive and display detailed warnings (FIG. 4), be provided with audible feedback, etc. and traffic lights may initiate a specific switching procedure, e.g., to provide the right of way to the emergency vehicle (e.g., last full paragraph of Section B. System Overview];
Buchenscheit et al. (IEEE 2009) may not reveal that the emergency vehicle receives a command from a host computer or that a device secret is stored in response to the command, and that the triple (or certificate) is generated using the device secret.
However, in the context/field of authentication methods for vehicular ad hoc networks (VANET) allowing a first terminal (vehicle) to be authenticated by a second terminal (vehicle)7, Kounga et al. (EP, ‘813) teaches e.g., at paragraphs [0020]ff, [0040]ff, [0059]ff, [0090]ff, etc. and in original claims 11 to 14 that a tamper resistant black box BBk as a separate part of each (first terminal) vehicle Ck initially receives a “secret value Sk” (or sk) that is “securely transferred to” (paragraph [0038]; see also paragraphs [0035], [0061], etc.) the black box BBk obviously by command of/from a programming host system (e.g., obviously, a conventional external device or flash programmer used during manufacture and/or during maintenance of the black box/vehicle, e.g., that provides the black box with its initial/renewed functionality and/or values, including its initial secret value Sk; paragraphs [0035], [0042], etc.), and then in each time interval Ti (e.g., as obviously determined by a host clock system), the black box BBk chooses a random integer ai “that it never discloses” (paragraph [0064]) and the black box BBk subsequently generates (for the interval Ti) private and public keys (Ki and gKi, respectively) according to Equations (4) and (5), respectively, based on both the secret value and the random number, and also generates and signs a certificate i which other vehicles will be able to trust (e.g., and that is valid for the time interval Ti, includes/contains the public key, etc., and that is generated based on a certificate CertCA from a CA that contains a signed check value V supplied by the manufacturer; FIG. 2) with the private key Ki (paragraph [0038]).  Then, for communication with other vehicles as described e.g., for example at paragraphs [0090]ff and/or original claims 11 to 14 and/or FIG. 5, etc. the black box BBk signs the message(s) to be broadcast by the [own] vehicle Ck, and then sends the signed message and Certi to the [own] vehicle Ck which then broadcasts the signed message along with Certi (that contains the public key gKi, etc., and is signed with Ki by the black box BBk) to other cars Ck’ (second terminals), e.g., such as shown in FIG. 5.  Then, in an embodiment, as indicated at paragraph [0092], “the [other] cars that will check the validity of the messages sent by [the vehicle] Ck will use [the public key] gKi to verify the signature [e.g., in the certificate, and in the message as described at embodiments of paragraphs [0022] and [0090]] on the messages”, e.g., in order to verify that Certi was correctly signed by the black box BBk.  They will compute V* (paragraph [0072]) and compare it with V supplied by the manufacturer to verify that the public key (e.g., gKi) in the certificate is bound to the hash-code value V signed by a trusted authority (CA) and the manufacturer’s secret value K, in order to thus authenticate the public key.  And in particular she reveals:
per claim 1, receiving, by a computing device of a first vehicle, a command from a host device [e.g., the obvious programming command by the programming host system by which each black box BBk is made to receive its own “secret value Sk” during manufacturing and/or servicing; and the obvious clock signal as a command from a host clock system in the black box/vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai chosen and used in the black box to generate the private/public keys (which are updated every certain interval Ti such as one year) to be changed];
in response to receiving the command, storing a device secret in memory [e.g., either the secret value Sk stored during manufacture and/or during maintenance of the vehicle in the black box BBk; or the (new) random number “ai”, that the black box BBk “does not disclose” (paragraph [0082]), obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generating, by the computing device using the device secret [e.g., generating, using sk, ai, etc. as the device secret used in the black box BBk, the vehicle’s public and private keys, with the certificate Certi including the public key gKi as at paragraph [0091] and thus also being generated from the device secret, and with the message being signed by the private key and thus also being generated (in part) from the device secret], a triple comprising an identifier, a certificate, and a public key [e.g., an identifier comprising either i) the signature (signing) of the certificate Certi, ii) the signature (signing, by BBk or Ck) of the message, e.g., signed with the private key, or iii) the certificate Certi; a certificate comprising the certificate Certi; and a public key comprising (for example) the public key pubTi or gKi e.g., in the embodiment of (introduced at) paragraph [0090]8]
It would have been obvious at the time the application was filed to implement or modify the Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method i) so that, in order for the emergency vehicle to sign warning messages (e.g., containing id, EV code, pEV, REV, vEV, etc.; page 28-4-1-4) asserting the sender as an emergency vehicle, etc. and attach a public key certificate as desired by Buchenscheit et al. (IEEE 2009) at page 28-4-1-4, both a certificate (e.g., CertCA in FIG. 2) from a CA including e.g., the check value V (e.g., from the manufacturer), etc. and a secret key sk (and/or ai) would have been “securely transferred to” and stored in a tamper resistant black box BBk (FIG. 2) of the (emergency) vehicle during manufacture and/or (renewal) maintenance, in the manner taught by Kounga et al. (EP, ‘813), e.g., for example, obviously based on commands provided initially (from a programming host system) when the black box was made/flashed, or during maintenance, and/or then i (e.g., which other vehicles could trust, signed with the private key, and containing the signed trusted information including e.g., V, etc. from the CA certificate CertCA) would have been generated by the black box (BBk) in the (emergency) vehicle (FIG. 2 in Kounga et al. (EP, ‘813)) from the secret values, and then the (public key) certificate Certi and the public key would have been sent in signed warning messages (containing id, EV code, etc.) to other vehicles, in order to allow authentication of the messages by other vehicles as desired by Buchenscheit et al. (IEEE 2009) and as taught by Kounga et al. (EP, ‘813) at paragraph [0035], etc., in order that the private key (Ki) would have been used for the emergency vehicle (having the black box BBk) to sign the certificate and/or the message(s), as taught by Kounga et al. (EP, ‘813) and Buchenscheit et al. (IEEE 2009), in order that the public key in the public key certificate (e.g., for example, in Certi in FIG. 2 of Kounga et al. (EP, ‘813) and in the embodiment introduced at paragraph [0090]), which was sent/disseminated by the emergency vehicle for the purpose of being used (by receiving vehicles) to verify the signature/identity of the emergency vehicle and decrypt/process the message in Buchenscheit et al. (IEEE 2009), would have been uniquely generated (for each emergency vehicle) using the secret key sk, etc., in order that (receiving) vehicles that received the public key certificate (e.g., obviously now Certi containing V, pubTi, gKi, Hi, etc. as taught by Kounga (EP, ‘813); see e.g., paragraph [0071], “its public key certificate Certi”) in the digitally signed message k which generated the message respected the security requirements defined by trusted car manufacturers, as taught by Kounga et al. (EP, ‘813), in order to allow e.g., (emergency) vehicles to manage their own certificates by themselves (e.g., their Certi e.g., for each time interval Ti,) and to eliminate or avoid some certificate management problems at the CA side, as taught by Kounga et al. (EP, ‘813), as combining prior art elements according to known methods to yield predictable results (KSR), and as a use of a known technique to improve similar devices (methods, or products) in the same way (KSR).
As such, the implemented or modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method would have rendered obvious:
per claim 1, generating, by the computing device using the device secret [e.g., by the black box BBk using sk, ai, etc. as the (stored) device secret in Kounga et al. (EP, ‘813) for generating the private and public keys, Certi, etc.], a triple comprising an identifier, a certificate, and a public key [e.g., the triple generated in Kounga et al. (EP, ‘813) by the vehicle including the black box BBk, as the triple used by the emergency vehicle in Buchenscheit et al. (IEEE 2009) when it sends/disseminates the signed message with the public key certificate, where i) the message (or certificate) signature, the vehicle id in the message, and/or the EV code in the message is the identifier, ii) the public key certificate (e.g., Certi) is the certificate, and iii) the public key (e.g., gKi or pubTi) in the public key certificate is the public key]
sending, by the computing device, the triple to a second vehicle [e.g., sending the public key certificate in the signed message to receiving vehicles at page 28-4-1-4, right column, first full paragraph, of Buchenscheit et al. (IEEE 2009), where i) the message (or certificate) signature, the vehicle id in the message, and/or the EV code in the message is the identifier, ii) the public key certificate (e.g., Certi) is the certificate, and iii) the public key (e.g., gKi or pubTi) in the public key certificate is the public key], wherein the second vehicle is configured to verify an identity of the first vehicle using the triple [e.g. as taught at page 28-4-1-4, right column, first full paragraph, in Buchenscheit et al. (IEEE 2009); and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
per claim 2, wherein the device secret is:
received from the host device [e.g., as in the case of the secret value Sk in Kounga et al. (EP, ‘813) e.g., during vehicle manufacture and/or maintenance, obviously from a programming host system]; or
generated by the computing device after receiving the command from the host device [e.g., as in the case of the random integer ai in Kounga et al. (EP, ‘813) that it never discloses, obviously generated at each (new) time interval Ti after receiving an obvious host system clock signal];
per claim 3, wherein the device secret is associated with a predetermined status or class of the first vehicle [e.g., the vehicle in Kounga et al. (EP, ‘813) having a black box BBk manufactured by the manufacturer of the black box who provided the secret value Sk not used by any other car in that class; paragraph [0059]; and the emergency vehicle (provided with the secret value Sk) in Buchenscheit et al. (IEEE 2009)];
per claim 4, wherein the second vehicle is configured to perform an action in response to verifying the identity of the first vehicle [e.g., in Buchenscheit et al. (IEEE 2009), to display a detailed warning, provide audible feedback, etc.];
per claim 5, wherein the action is at least one of presenting an alert on a user display of the second vehicle [e.g., displaying the detailed warning (FIGS. 6 to 8), in Buchenscheit et al. (IEEE 2009)], changing a path of navigation or speed of the second vehicle [e.g., by stopping in FIG. 6, by driving right in FIGS. 7 and 8, etc. in Buchenscheit et al. (IEEE 2009)], or activating a brake system of the second vehicle [e.g., by stopping in FIG. 6, in Buchenscheit et al. (IEEE 2009)];
per claim 6, further comprising sending, by the computing device, the triple to a traffic control system, wherein the traffic control system is configured to:
verify the identity of the first vehicle using the triple [e.g., in Buchenscheit et al. (IEEE 2009), from the sent warning message initiating an action for emergency vehicle preemption control of the traffic light; e.g., Section IV., C.]; and
in response to verifying the identity of the first vehicle, change a state of the traffic control system to allow passage of the first vehicle [e.g., Section IV., C. in Buchenscheit et al. (IEEE 2009) with the EmergencyVehicleWarning-Plugin and the TrafficLight-Plugin deviating only in the action they initiate];
per claim 7, wherein the device secret replaces, in the memory, a previously-stored device secret [e.g., for Sk in Kounga et al. (EP, ‘813), at maintenance of the vehicle, when the secret can be renewed (paragraph [0042]); see also paragraph [0035], “Black boxes in one embodiment store security parameters that can be updated regularly, e.g. once a year when the car is undergoing maintenance.”];
per claim 10, further comprising, after the second vehicle has verified the identity of the first vehicle:
encrypting, by the computing device using a private key, a message [e.g., page 28-4-1-4, right column, first full paragraph, in Buchenscheit et al. (IEEE 2009), using private keys to sign and public keys to decrypt/verify, as taught by Kounga et al. (EP, ‘813), as is/was conventional and well-known], wherein the private key and the public key are an associated pair generated using the device secret [e.g., as taught by Kounga et al. (EP, ‘813)]; and
sending, by the computing device, the encrypted message to the second vehicle [e.g., sending the emergency vehicle’s message to the other vehicles, in Buchenscheit et al. (IEEE 2009)], wherein the encrypted message includes a freshness;
per claim 11, wherein the message includes configuration data [e.g., the emergency vehicle warning message includes id, EV code, pEV, REV, vEV, etc. in Buchenscheit et al. (IEEE 2009) (page 28-4-1-4) and used to generate the detailed warnings (FIG. 4)], the second vehicle is configured to perform an action in response to receiving the message [e.g., display the detailed warning in Buchenscheit et al. (IEEE 2009); FIGS. 6 to 8], and the action is performed by the second vehicle in conformance with the configuration data [e.g., the warning, with instructions to the driver, is displayed, the volume of radio and entertainment systems is turned down, and audible feedback is provided, in Buchenscheit et al. (IEEE 2009)]
per claim 12, a system for use in a first vehicle, the system comprising:
at least one processor [e.g., obviously for running the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles as taught by Kounga et al. (EP, ‘813)]; and
memory containing instructions [e.g., obviously for storing the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles, with the stored security parameters, obviously including (secret) values and keys, as taught by Kounga et al. (EP, ‘813)] configured to instruct the at least one processor to:
receive a command from a host device [e.g., in Kounga et al. (EP, ‘813), the obvious programming command by the programming host system by which each black box is made to receive its own “secret value Sk” during manufacturing and/or servicing; and the clock command from a host clock system in the black box/vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai used in the black box to generate the private/public keys to be changed];
in response to receiving the command, store a device secret [e.g., in Kounga et al. (EP, ‘813), either the secret value Sk stored during manufacture and/or during maintenance of the vehicle; or the random number “ai” obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generate, using the device secret, a certificate [e.g., in Kounga et al. (EP, ‘813), the certificate Certi including the public key gKi e.g., in the embodiment of (introduced at) paragraph [0090] generated by the black box BBk (see e.g., paragraph [0036] and Step 1 in FIG. 2), based on the secret value, random number, etc.; and in Buchenscheit et al. (IEEE 2009), the public key certificate as the certificate to be sent in the signed message to other vehicles; page 28-4-1-4, right column, first full paragraph]; and
send the certificate to a second vehicle [e.g., to the vehicle to which the emergency vehicle warning is to be sent/disseminated, in Buchenscheit et al. (IEEE 2009), and to the second terminal (vehicle) in Kounga et al. (EP, ‘813)], wherein the second vehicle is configured to verify an identity of the first vehicle using the certificate [e.g., in Buchenscheit et al. (IEEE 2009), by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
per claim 13, wherein the device secret is:
received from the host device [e.g., as in the case of the secret value Sk in Kounga et al. (EP, ‘813) e.g., during vehicle manufacture and/or maintenance, obviously from a programming host system]; or 
generated by the system after receiving the command from the host device [e.g., as in the case of the random integer ai in Kounga et al. (EP, ‘813) that it never discloses, generated at each (new) time interval Ti after receiving an obvious host system clock signal];
per claim 15, wherein the second vehicle is configured to perform an action in response to verifying the identity of the first vehicle, and wherein the action is at least one of presenting an alert on a user display of the second vehicle [e.g., displaying the detailed warning (FIGS. 6 to 8), in Buchenscheit et al. (IEEE 2009)], changing a path of navigation or speed of the second vehicle [e.g., by stopping in FIG. 6, by driving right in FIGS. 7 and 8, etc. in Buchenscheit et al. (IEEE 2009)], or activating a brake system of the second vehicle [e.g., by stopping in FIG. 6, in Buchenscheit et al. (IEEE 2009)];
per claim 16, wherein the device secret is associated with a predetermined status or class of the first vehicle [e.g., the vehicle in Kounga et al. (EP, ‘813) having a black box BBk manufactured by the manufacturer of the black box who provided the secret value Sk not used by any other car in that class; paragraph [0059]; and the emergency vehicle (provided with the secret value Sk) in Buchenscheit et al. (IEEE 2009)];
per claim 17, a non-transitory computer storage medium storing instructions [e.g., obviously for storing the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles, with the stored security parameters, obviously including (secret) values and keys, as taught by Kounga et al. (EP, ‘813)]which, when executed on a computing device of a first vehicle, cause the computing device to at least:
receive a command from a host device [e.g., in Kounga et al. (EP, ‘813), the obvious programming command by the programming host system by which each black box is made to receive its own “secret value Sk” during manufacturing and/or servicing; and the clock command from a host clock system received from an obvious processor in the black box/vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai used in the black box to generate the private/public keys to be changed];
in response to receiving the command, store a device secret in memory [e.g., in Kounga et al. (EP, ‘813), either the secret value Sk stored during manufacture and/or during maintenance of the vehicle; or the random number “ai” obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generate, using the device secret, a triple comprising an identifier, a certificate, and a public key [e.g., in Kounga et al. (EP, ‘813), generating the keys, etc., with the signing (signature) of the certificate and/or the message, signed with the private key, being the identifier, the certificate Certi being the certificate, and the public key gKi being the public key e.g., in the embodiment of (introduced at) paragraph [0090]; and in Buchenscheit et al. (IEEE 2009), the signature as an identifier, the public key certificate as the certificate, and the public key in the public key certificate as the public key; page 28-4-1-4, right column, first full paragraph]; and
send the triple to a second vehicle [e.g., to the vehicle to which the emergency vehicle warning is to be sent/disseminated, in Buchenscheit et al. (IEEE 2009), and to the second terminal (vehicle) in Kounga et al. (EP, ‘813)], wherein the second vehicle is configured to verify the identity of the first vehicle using the triple [e.g., in Buchenscheit et al. (IEEE 2009), by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
per claim 20, depending from claim 17, wherein generating the triple is generated using operations comprising: 
receiving a message from the host device [e.g., the value V in the certificate CertCA from the CA, that is stored by a processor of the black box BBk (as a host device) in a memory location of the black box BBk in Kounga et al. (EP, ‘813)]; 
concatenating the message with the public key to provide first data [e.g., as in FIG. 2, Step 2, of Kounga et al. (EP, ‘813), where V and pubTi are concatenated in the certificate Certi by the black box BBk for transmission to the vehicle Ck]; 
encrypting the first data using the private identifier to provide second data [e.g., signing9 Certi by the black box BBk with the private key Ki, once per time interval, in FIG. 5 of Kounga et al. (EP, ‘813), to send the signed certificate (and to thus provide the certificate Certi as second data in a signed message) to the vehicle Ck in instances when (as in FIG. 5) privTi is provided to the vehicle Ck by the black box BBk for the vehicle Ck encrypting its own messages, and when Ki is not disclosed (to the vehicle Ck) by the black box BBk]; and 
encrypting the second data using the private key to provide the certificate [e.g., in FIG. 5 of Kounga et al. (EP, ‘813) when the vehicle Ck then signs the certificate (Certi) with privTi to send it to other vehicles Ck’] as a vehicle-signed certificate which provides “the certificate” to other vehicles].
Claims 8, 9, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Buchenscheit et al. (“A VANET-based emergency vehicle warning system”, 2009 IEEE Vehicular Networking Conference (VNC), Date of Conference: 28-30 Oct. 2009, Paper No. 28-4-1, 8 pages) in view of Kounga et al. (European, EP 2003813) as applied to claims 1, 12, and 17 above, and further in view of Komano et al. (2019/0056925).
Buchenscheit et al. (IEEE 2009) as implemented or modified in view of Kounga et al. (EP, ‘813) has been described above.
The implemented or modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method may not reveal the details by which the secret value Sk and other security parameters were securely transferred to and then updated regularly in (e.g. once a year when the car is undergoing maintenance; paragraph [0035] in Kounga et al. (EP, ‘813), e.g., when Sk was being “renewed” (paragraph [0042] which the examiner understands to encompass “being made new again”, e.g., a new secret value)) the black box BBk, although the examiner understands that secure firmware (including code, values, etc.) loading and/or updating was well-known in the art at the time the application was filed.
However, in the context/field of securely updating firmware for terminals (20) in a vehicle having a number of terminals connected by a bus, Komano et al. (‘925) teaches that (during an update control process), a terminal provides its identifier (ID) and stored 
It would have been obvious at the time the application was filed to implement or further modify the Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method so that, for securely transferring to and then regularly updating security parameters (including the secret value Sk, etc.) in the vehicle’s black box as desired by Kounga et al. (EP, ‘813) as firmware, message authentication codes (MAC) as taught by Komano et al. (‘925) would have been conventionally used together with a secret key shared in advance in Kounga et al. (EP, ‘813) in order to (transfer to and then) regularly update the firmware (security parameters, secret value, code, etc.) in the black box (e.g., once a year when the car is undergoing maintenance; paragraph [0035] in Kounga et al. (EP, ‘813)), using the MAC technique taught in FIG. 3 of Komano et al. (‘925), in order to effect the secure (transfer and) regular updating (together with its verification) of the secret value Sk, etc. as secure parameters, as specifically desired by Kounga et al. (EP, ‘813), and as a use of a known technique to improve similar devices (methods, or products) in the same way (KSR).
As such, the implemented or further modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method would have rendered obvious:
per claim 8, further comprising storing a secret key used to communicate with the host device, wherein the secret key is used as an input to a message authentication code to generate the device secret [e.g., in order to “securely transfer[]” the secret value Sk to the black box in Kounga et al. (EP, ’813), and then regularly update the black box’s security parameters, etc.  as taught at paragraph [0035], [0038], [0061], etc. during manufacture and once a year maintenance, it would have been obvious to one of ordinary skill in the art that a secure connection between the black box and a distribution server would have been effected as taught by Komano et al. (‘925), with the communication verification occurring by means of the “message authentication code” using a secret key that was shared in advance between the vehicle terminal (black box) and server, as taught by Komano et al. (‘925)];
per claim 9, wherein the command is authenticated using the secret key, the method further comprising sending, by the computing device to the host device, a confirmation that the device secret has been stored [e.g., the update result at S105 and S106 in FIG. 3 of Komano et al. (‘925), indicating that the firmware in the terminal (BBk) had been updated, e.g., including a renewed (updated) secret value Sk];
per claim 14, further comprising memory storing a secret key for communications with the host device [e.g., the secret key shared in advance in Komano et al. (‘925); paragraphs [0028], [0052], etc.], wherein the instructions are further configured to instruct the at least one processor to use the secret key as an input to a message authentication code [e.g., for the verification at paragraph [0052] in Komano et al. (‘925)] to generate the device secret [e.g., so that the firmware update would be verified as stored, and by the firmware update the renewed Sk would be made available to be generated e.g., in the RAM of the black box for generating (by mathematical calculation that employed Sk as in input) the private and public keys];
per claim 18, wherein storing the device secret in memory comprises replacing a previously-stored device secret with the device secret [e.g., to “update[]” the security parameters obviously including the (e.g., “renewed”) secret value Sk, as taught at paragraphs [0035], [0038], [0042], [0061], etc. in Kounga et al. (EP, ‘813)], and wherein the instructions further cause the computing device to send the identifier to the host device [e.g., the next time (e.g., next year) that the (black box) firmware is to be updated e.g., at S101 in FIG. 3 of Komano et al. (‘925)];
Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
For example only, Raya et al. (IEEE 2006) is cited at paragraph [0002] of Kounga et al. (EP, ‘813) as prior art being improved upon and shows in FIG. 4 a (conventional) vehicle safety message transmitted in a VANET that included {Position, speed, acceleration, direction, time, safety events} as well as {Signer’s digital signature, signer’s public key, CA’s certificate of PK}.  This conventional safety message is similar to the emergency vehicle’s warning message in Buchenscheit et al. (IEEE 2009) that included e.g., { id, EV code, pEV, REV, vEV
Kumar et al. (JCSS 2015) reveals the use of time-limited certificates issued to vehicles by a CA as part of PKI in a VANET.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David A Testardi whose telephone number is (571)270-3528.  The examiner can normally be reached on Monday - Friday, 8:30am - 5:30pm E.T.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/D.A.T/Examiner, Art Unit 3667                                                                                                                                                                                                        
/ANNE MARIE ANTONUCCI/Primary Examiner, Art Unit 3667                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 FIG. 2 from Kounga et al. (EP, ‘813) is reproduced below/on the next page:
        
        
    PNG
    media_image1.png
    655
    1040
    media_image1.png
    Greyscale

        2 Regarding the amended claim language of claim 19, see e.g., paragraph [0157] of the published specification, together with e.g., FIGS. 6 and 7.
        3 Even completely, like a “public key” and a “public key certificate”, e.g., when the “public key” exists within the “certificate”.
        4 See Regarding the 2019 PEG Federal Register notice (Federal Register, Vol. 84, No. 4, Monday, January 7, 2019, pages 50 to 57), see also http://ptoweb.uspto.gov/patents/exTrain/documents/101-2019-peg-advanced-module.pptx and https://www.uspto.gov/sites/default/files/documents/peg_oct_2019_update.pdf . For example, see page 20 of the Advanced Module which indicates:
        “Limitations that are not indicative of integration into a practical application:
        • Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f)
        • Adding insignificant extra-solution activity to the judicial exception - see MPEP 2106.05(g)
        • Generally linking the use of the judicial exception to a particular technological environment or field of use – see MPEP 2106.05(h)”
        5 E.g., as a status or class of vehicle.
        6 See e.g., Bilski v. Kappos, 561 U.S. 593 (“Flook established that limiting an abstract idea to one field of use . . . did not make the concept patentable.”)
        7 And improving on conventional techniques such as disclosed by Raya et al. (IEEE 2006), cited at paragraph [0002] in Kounga et al. (EP, ‘813) and cited herewith.  See “Prior Art” section near the end of this Office action for a description of Raya et al. (IEEE 2006).
        8 See, for example, FIG. 2 in Kounga et al. (EP, ‘813), reproduced below/on the next page, where the black box BBk generates the certificate Certi for the vehicle Ck from the certificate CertCA(V,…) received from the Certificate Authority (CA):
        
    PNG
    media_image1.png
    655
    1040
    media_image1.png
    Greyscale

        9 Digitally signing a message (certificate) includes encrypting the message (certificate), as is well-known.  Reference may be had to the Wikipedia article, “Digital signature”, if desired.