DETAILED ACTION
This communication is responsive to the application 16/363,047 filed on 03/29/2019. 
Claims 1-20 are directed towards “Cryptographically Secure Mechanism for Remotely Controlling an Autonomous Vehicle.”
Claims 1-20 have been presented.
Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/10/2020 was filed after the mailing date of the application filed on 03/29/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Oath



The Oath filed on 03/25/2019 complies with all the requirements set forth in MPEP 602 and is therefore accepted.

Drawings
The drawings filed on 03/25/2019 have been accepted.

Claim Objections
Claims 2, 10 and 15 are objected to because of the following informalities:  
Line 1 of claim(s) 2, 10 and 15, claim use of the DICE-RIoT protocol for key generation.  DICE-RIoT should be fully spelled out to the accepted definition, e.g., Device Identity Composition Engine (DICE) – Robust Internet of Things (RIoT)
 Appropriate correction is required.

Claims 8, 14 and 20 are objected to because of the following informalities:  
Line 2 of claim(s) 8, 14 and 20, which recites, “confirming an identify of the first autonomous vehicle…”  appears to contain a typographical error.  “identify” should be corrected to “identity”.  
 Appropriate correction is required.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-6, 9, 11-12, 15 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Canavor et el. (US Pub. 2016/0285864 A1 filed 03/15/2015) in view of Goeringer et al. (US Pub. 2019/0394050 Priority 05/02/2018 Provisional App. 62/665,983). 
As to claim 1, Canavor discloses:
“receiving a message from a first autonomous vehicle, the message including 
a signed body portion and a triple including components selected from the group consisting of a public identifier of the first autonomous vehicle, a public key of the first autonomous vehicle, and a certificate of the first autonomous vehicle (Canavor, fig. 5, pars. 0055, 0057 and 0059; unmanned area vehicle having processor(s) 1302, memory 1306 and wireless communication subsystem 1316 (see fig. 13) receives a message package (correspond to triple), a digital signature/hash, and a digital certificate encoding a public key of a key pair used to digitally sign the message);
“authenticating the message by verifying the certificate of the first autonomous vehicle” (Canavor, par. 0020; The digital certificate may be digitally signed using a private cryptographic key corresponding to the digital certificate of the certificate authority, enabling verification of authenticity of the digital certificate of the unmanned aerial vehicle).

“logging the message into a blockchain storage structure, the blockchain storage structure storing a plurality of blocks, each blocking including the signed body portion.”
However, Goeringer discloses:
“logging the message into a blockchain storage structure, the blockchain storage structure storing a plurality of blocks, each blocking including the signed body portion (Goeringer, fig. 2, pars. 0043, 0047 and 0063; reporting element 208 may compile event data, i.e., timestamped log 204, event message 202, reporting element ID, as a blockchain transaction/database entry, the entire compiled message is signed using keys issued to reporting element, and securely transmitted (using PKI generated Security ID key 228), to one or more nodes of blockchain network/distributed consensus-enabled database, e.g., ledger 212). 
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Canavor with Goeringer in order to leverage a consensus mechanism, i.e., a blockchain or consensus enabled database, to significantly increase the visibility of events and/or logs to greater numbers of stakeholders, but without sacrificing the security or integrity of logs it is and events security, or the reliability of transaction non-repudiation, thereby providing significant advantages over the conventional security systems (Goeringer, par. 0067).
Canavor further discloses:
“executing one or more orders included within the signed body portion” (Canavor,
Par. 0021; an unmanned aerial vehicle may receive a message encoded with a command to perform an operation, e.g., to fly to a specified location and to perform an action at the specified location).

As to claim 3, Canavor and Goeringer disclosed the invention of claim 1.  Canavor further discloses:
“the signed body portion signed using a private key corresponding to the public key of the first autonomous vehicle (Canavor, par. 0033; message 106 from the unmanned aerial vehicle 102 to the unmanned aerial vehicle 104 is provided with a digital signature 108, i.e., digitally signed using a private cryptographic key of a public-private cryptographic key pair, of the message 106).

As to claim 4, Canavor and Goeringer disclosed the invention of claim 1.  Canavor further discloses:
“the signed body portion comprising an order to remotely control a second autonomous vehicle” (Canavor, par. 0021; during operation, an unmanned aerial vehicle may receive a message from an entity, i.e., a command and control center, or another unmanned aerial vehicle, encoded with information/commands that the unmanned aerial vehicle can process to determine how to operate, the UAV,  to add a new task, modify an existing task and/or perform an operation, e.g., to fly to a specified location and to perform an action at the specified location).

(Canavor, par. 0021; during operation, an unmanned aerial vehicle may receive a message from an entity, i.e., a command and control center, or another unmanned aerial vehicle, encoded with information/commands that the unmanned aerial vehicle can process to determine how to operate, the UAV,  to add a new task, modify an existing task and/or perform an operation, e.g., to fly to a specified location and to perform an action at the specified location).

As to claim 6, Canavor and Goeringer disclosed the invention of claim 1.  Canavor further discloses:
“the signed body portion comprising a freshness indicator” (Canavor, pars. 0057 and 0061; determining whether the digital certificate is trusted may involve additional operations as well, such as determining whether the digital is expired (and, therefore, untrusted), whether the digital certificate corresponds to an identity that purportedly digitally signed the message, and/or other operations).

As to claim 9, claim 9 represents a non-transitory computer readable storage medium storing executable instructions for implementing processes that are substantively similar in scope to the invention of claim 1.  Claim 9 is therefore rejected for the same reasons outlined in the rejection of claim 1 above.



As to claim 12, claim 12 is substantively similar in scope to the invention of claim 5.  Claim 12 is therefore rejected for the same reasons outlined in the rejection of claim 5 above.

As to claim 15, claim 15 represents a device for implementing a method that is substantively similar in scope to the invention of claim 1.  Claim 15 is therefore rejected for the same reasons outlined in the rejection of claim 1 above.

As to claim 17, claim 17 is substantively similar in scope to the invention of claim 4.  Claim 17 is therefore rejected for the same reasons outlined in the rejection of claim 4 above.

As to claim 18, claim 18 is substantively similar in scope to the invention of claim 5.  Claim 18 is therefore rejected for the same reasons outlined in the rejection of claim 5 above.


Claims 2, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Canavor in view of Goeringer in further view of England, Paul. Et al., Device Identity with DICE and RIoT: Keys and Certificates, Microsoft, Sept. 2017, www.microsoft.com/en-us/research/publication/device-identity-dice-riot-keys-certificates/ hereinafter referred to as England).
As to claim 2, Canavor and Goeringer disclosed the invention of claim 1.  Canavor does not explicitly disclose:
“the components generated using a DICE-RIoT core layer.”
However, England discloses:
“the components generated using a DICE-RIoT core layer” (England, pgs. 7-9, section 3.6 – Example DICE+RIoT Software Architecture; Device Identity Composition Engine, provides software called Compound Device Identity (CDI) with a secret that is dependent on the hardware device and booting software identity and passes the CDI to RIoT core to derive additional keys and secrets and optionally generates a self-signed DeviceID certificate and CSR for the DeviceID public key).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Canavor and Goeringer with England to use Device Identity Composition Engine (DICE) to generate a cryptographically unique value, e.g., a Compound Device Identity (CDI), for secure software boot up of a device wherein the Robust Internet of Things (RIoT) security uses the CDI to create the DeviceID and other keys to provide for data-at-rest protection (sealing), secure firmware updates, and other services (England, pages 2-4)



As to claim 16, claim 16 is substantively similar in scope to the invention of claim 2.  Claim 16 is therefore rejected for the same reasons outlined in the rejection of claim 2 above.

Claims 7-8, 13-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Canavor in view of Goeringer in further view of Xu et al. (US Pub. 2017/0141926 A1 filed 11/13/2015).
As to claim 7, Canavor and Goeringer disclosed the invention of claim 1.  Canavor does not explicitly disclose:
“the authenticating the message comprising doubly decrypting the triple to and comparing the result to the public identifier.”
However, Xu discloses:
“the authenticating the message comprising doubly decrypting the triple to and comparing the result to the public identifier” (Xu, par. 0052; to authenticate the signed client message 114, the signature token can be extracted from the signed client message 114. A digital signature can be extracted from the signature token. The digital signature and the public key 130B can be used as inputs into a decryption function to generate decrypted data; verification data to the signature can be hashed to generate a verification hash, i.e., using the same hash function used by the caller component 116 of the client system 102 and may be compared with the decrypted data to determine the authenticity and integrity of the client message data if there is a match).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Canavor and Goeringer with Xu to use digital signature extraction from a signature token to obtain a public key for message decryption, verification, integrity and authentication (Xu, par. 0052). 

As to claim 8, Canavor and Goeringer disclosed the invention of claim 1.  Canavor does not explicitly disclose:
“the authenticating the message further comprising confirming an identi[ty] of the first autonomous vehicle by querying a remote database using the triple.”
However, Xu discloses:
“the authenticating the message further comprising confirming an identify of the first autonomous vehicle by querying a remote database using the triple” (Xu, par. 0088;  certificate management portal 212 and/or the certificate management service 218 can be configured to enable a user to query information for a public key or public key certificate by invoking a query service provided by the certificate management service 218).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Canavor and Goeringer with Xu to provide a mechanism to query information for a public key or public key certificate using a query service provided by the certificate management service to 
 
As to claim 13, claim 13 is substantively similar in scope to the invention of claim 7.  Claim 13 is therefore rejected for the same reasons outlined in the rejection of claim 7 above.

As to claim 14, claim 14 is substantively similar in scope to the invention of claim 8.  Claim 14 is therefore rejected for the same reasons outlined in the rejection of claim 8 above.

As to claim 19, claim 19 is substantively similar in scope to the invention of claim 7.  Claim 19 is therefore rejected for the same reasons outlined in the rejection of claim 7 above.

As to claim 20, claim 20 is substantively similar in scope to the invention of claim 8.  Claim 20 is therefore rejected for the same reasons outlined in the rejection of claim 8 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to /FELICIANO S MEJIA/ whose telephone number is (571)270-5994.  The examiner can normally be reached on 8:30am - 5:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/FELICIANO S. MEJIA/
Examiner
Art Unit 2492




/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492