DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9 July 2021 has been entered.
Response to Arguments
Applicant's arguments filed 9 July 2021 have been fully considered but they are persuasive only in part.
First, the examiner accepts the replacement drawing sheets filed in this application, while merely noting that in FIGS. 10, 15, and 19, “Host Interface 105” was changed to “Host Interface 135”.  The corresponding amendments to the specification are also accepted by the examiner as bringing the specification into conformance with the (replacement sheets of) drawings.
Second, the amendment to claim 20 overcomes the rejection of claim 20 (and that of claim 19, which depended from claim 20) under 35 U.S.C. 112(b).  Accordingly, the rejection is withdrawn.
Third, while applicant did not argue the previous rejection of the claims under 35 U.S.C. 101, the examiner reformulates the eligibility rejections in view of the claim amendments and consultation.  In as much as the 101 landscape in the field of encrypted communication was not fully clear to the examiner, the examiner reviewed BPAI cases (e.g., available at https://developer.uspto.gov/ptab-web/#/search/decisions ) in an attempt to clarify issues and sought consultation regarding this case.  It appears that limitations such as related (for examples only) to encrypting with a secret key, verifying a hash, generating an address identifier using a public key, decrypting with multiple keys, authenticating a mobile device by validating a public key, generating a session key based on a random number, etc. are characterizable as (involving) mathematical algorithms, mathematical operations, and mathematical calculations, and thus as being directed toward mathematical concepts, causing claims directed to such limitations, as abstract ideas, when not integrated into a practical application or additionally comprising significantly more than the abstract idea, to be characterized as non-statutory.1
Fourth, regarding the rejections under 35 U.S.C. 103, applicant is correct that claim 20 (and claim 19) is/are now seen (e.g., also by the examiner) as allowable over the prior art of record under 35 U.S.C. 103, e.g., if a 112(b) issue in independent claim 17 is addressed.  Eligibility issues also exist for this/these claim(s).
[Regarding the amendments to claim 20, the examiner understands that the ordinal numbers “first” and “second” as applied to the public and private keys are being Ikpublic and IDIKprivate in FIG. 6 and at published paragraph [0158]) from a second set of keys (e.g., referred to as KLkpublic and KLkprivate in FIG. 6 and published paragraph [0158]).  The first set of keys (public and private IDs) is also referred to as public and private identifiers/identifications (paragraphs [0138], [0154], etc.)]
However, the amendments to the independent claims 1, 12, and 17 do not distinguish those claims over Buchenscheit et al. (IEEE 2009) in view of Kounga et al. (EP, ‘813), because Kounga et al. (EP, ‘813) uses the device secret (sk, ai, etc.) to generate an identifier (e.g., such as a private key such as Ki used to sign the certificate and/or the messages and generated according to Equation 4), to generate the certificate (e.g., such as the signed Certi including the public key(s) and “generated” according to Equations 4, 5, etc. as specifically indicated in FIG. 2), and to generate the public key(s) (e.g., such according to Equation 5, etc.)  Accordingly, applicant’s arguments are not persuasive in this respect.
Accordingly, applicant’s arguments are persuasive only in part.
Drawings
The (replacement sheets of) drawings were received on (both) 6 April 2020 and 9 July 2021.  These drawings are acceptable.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 12 to 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
In claim 12, applicant now claims a “[s]ystem”2, but it is unclear from the structure of the claim whether the system includes i) the processor configured in the first vehicle and ii) the memory containing instructions as the claim structure (e.g., of the indentations) implies, or whether the system includes i) the processor configured in the first vehicle, ii) the memory containing instructions, and iii) the second vehicle configured to verify an identity of the first vehicle using the certificate (as recited in the final wherein clause).  Because it is not clear to the examiner what elements the system comprises, the metes and bounds of the claim are not clear.  This indefiniteness carries through to claim 15 which recites what the second vehicle is configured to do.  If applicant intends to claim the second vehicle, then the examiner believes this can easily be made clear and reasonably certain in the independent system claim.
In claim 17, lines 9 and 10, the “wherein” clause is unclear in the medium claim because the medium stores instructions that are executed on a computing device of a first vehicle, but the “wherein” clause describes what the second vehicle is configured to do using the triple.  This is unclear (e.g., how does the “wherein” clause relate to e.g., the stored instructions executed on the computing device of the first vehicle?), with the metes and bounds of the claim thus being unclear (e.g., is applicant claiming a medium together with what a second vehicle is configured to do, or just the medium?)
Claim(s) depending from claims expressly noted above are also rejected under 35 U.S.C. 112 by/for reason of their dependency from a noted claim that is rejected under 35 U.S.C. 112.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 to 5 and 7 to 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claim(s) 1 to 5 and 7 to 20, while (each) reciting a statutory category of invention defined in 35 U.S.C. 101 (a useful process, machine, manufacture, or composition of matter), is/are directed to an abstract idea, which is a judicial exception, the recited abstract idea being that of generating an identifier, a certificate, a public key and a triple using a device secret, e.g., by receiving a command from a host device; in response to receiving the command, storing a device secret; generating, using the device secret, the triple comprising the identifier, the certificate, and the public key; and sending the triple to a second vehicle, wherein the second vehicle is configured to verify an identity of the first vehicle using the certificate or triple; wherein the device secret is: received from the host device; or generated after receiving the command from the host device; wherein the device secret is associated with a predetermined status or class of the first vehicle; wherein the second vehicle is configured to perform an action in response to verifying the identity of the first vehicle; wherein the action is presenting an alert; wherein the device secret replaces, in the memory, a previously-stored device secret; further comprising storing a secret key used to communicate with the host device, wherein the secret key is used as an input to a message authentication code to generate the device secret; wherein the command is authenticated using the secret key, the method further comprising sending, to the host device, a confirmation that the device secret has been stored; further comprising, after the second vehicle has verified the identity of the first vehicle: encrypting, using a private key, a message, wherein the private key and the public key are an associated pair generated using the device secret; and sending the encrypted message to the second vehicle, wherein the encrypted message includes a freshness; and wherein the message includes configuration data, the second vehicle is configured to perform an action in response to receiving the message, and the action is performed by the second vehicle in conformance with the configuration data; wherein the identifier is a public identifier, and further comprising generating the public identifier and a private identifier as an associated pair of asymmetric cryptographic keys; generating the public key and a private key as an associated pair of asymmetric cryptographic keys; and generating the certificate using the private identifier, the private key, and the public key; and receiving a message from the host device; generating a first pair of asymmetric cryptographic keys, including a first private key as a private identifier and a first public key as the public identifier; generating a second pair of asymmetric cryptographic keys, including a second private key and the second public key; concatenating the message with the second public key to provide first data; encrypting the first data using the first private key as the private identifier to provide second data; and encrypting the second data using the second private key to provide the certificate.
This abstract idea falls within the grouping(s) of mathematical concepts, mental processes, and/or certain methods of organizing human activity, distilled from case law, because the generating (in a computer) of the identifier, certificate, public key, and triple, e.g., as disclosed, and the associated encryption, are purely mathematical concepts that are performed by mathematical calculations.  For example, generating a public key involves mathematical calculations, which is an abstract idea. See MPEP § 2106.04(a)(2)(I)(C); see also SAP America, Inc. v. InvestPic, LLC, 898 F.3d 1161, 1163 (Fed. Cir. 2018) (holding that claims to a “series of mathematical calculations based on selected information” are directed to abstract ideas).
Additionally, the abstract idea is not integrated by the recitation of additional elements into a practical application because merely using a computer as a tool to perform an abstract idea is not integrating the idea into a practical application of the idea, and e.g., no (other) machine, transformation, improvement to the functioning of a computer or an existing technological process or technical field, or meaningful application of the idea, beyond generally linking the idea to a technological environment or adding insignificant extra-solution activity, is recited in or encompassed by the claims.  Moreover, the claim(s) does/do not include additional elements/limitations/steps that are, individually or in ordered combination, sufficient to amount to significantly more than the judicial exception because the elements/limitations/steps are recited at a high level of generality (e.g., a host device, a system, a first vehicle, a second vehicle, an action, a user display of the second vehicle, etc.) and are used e.g., for data/information gathering only or for other activities that are well-understood, routine, and conventional activity in the industry, and moreover, the generically recited computer elements (e.g., a host device, a computing device, at least one processor, a memory, a medium, a user display, etc.; see e.g., Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 110 USPQ2d 1984 (2014); buySAFE, Inc. v. Google, Inc., 765 F.3d. 1350, 112 USPQ2d 1093 (Fed. Cir. 2014), OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 115 USPQ2d 1090 (Fed. Cir. 2015); see also the 2019 PEG Advanced Module at pages 89, 145, etc.) do not add a meaningful limitation to the abstract idea because they would be routine (and conventional) in any computer implementation of the idea. 
Moreover, limiting or linking the use of the idea to a particular technological environment (e.g., verifying the identity of a vehicle, e.g., in a system perhaps comprising vehicles) is not enough to transform the abstract idea into a patent-eligible invention (Flook[3]) e.g., because the preemptive effect of the claims on the idea within the field of use (e.g., within vehicles) would be broad.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 to 7, 10 to 13, and 15 to 17 are rejected under 35 U.S.C. 103 as being unpatentable over Buchenscheit et al. (“A VANET-based emergency vehicle warning system”, 2009 IEEE Vehicular Networking Conference (VNC), Date of Conference: 28-30 Oct. 2009, Paper No. 28-4-1, 8 pages) in view of Kounga et al. (European, EP 2003813).
Buchenscheit et al. (IEEE 2009) reveals:
per claim 1, a method comprising:
generating, by the computing device of a first vehicle [e.g., the “emergency vehicle” in the VANET-based emergency vehicle warning system; page 28-4-1-4, right column, first full paragraph] a triple comprising an identifier, a certificate, and a public key [e.g., the message signature as an identifier, the public key certificate as the certificate, and the public key in the public key certificate as the public key; page 28-4-1-4, right column, first full paragraph; wherein the message, as the “lightweight immediate warning message” of Section III., D., additionally includes both an “id” and an “EV code” as public identifiers];
sending, by the computing device, the triple to a second vehicle [e.g., sending a signature of a digitally signed message together with “a corresponding public key certificate” which obviously included all parts of a conventional certificate including a signature as an identifier, a public key, etc.; page 28-4-1-4; wherein the message, as the “lightweight immediate warning message” of Section III., D., additionally includes both an “id” and an “EV code” as public identifiers], wherein the second vehicle is configured to verify an identity of the first vehicle using the triple4 [e.g., by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; so that road users can receive and display detailed warnings (FIG. 4), be provided with audible feedback, etc. and traffic lights may initiate a specific switching procedure, e.g., to provide the right of way to the emergency vehicle (e.g., last full paragraph of Section B. System Overview];
Buchenscheit et al. (IEEE 2009) may not reveal that the emergency vehicle receives a command from a host computer or that a device secret is stored in response to the command, and that the triple (or certificate) is generated using the device secret.
However, in the context/field of authentication methods for vehicular ad hoc networks (VANET) allowing a first terminal (vehicle) to be authenticated by a second terminal (vehicle)5, Kounga et al. (EP, ‘813) teaches e.g., at paragraphs [0020]ff, [0040]ff, [0059]ff, [0090]ff, etc. and in original claims 11 to 14 that a tamper resistant black box BBk as a separate part of each (first terminal) vehicle Ck initially receives a “secret value Sk” (or sk) that is “securely transferred to” (paragraph [0038]; see also paragraphs [0035], [0061], etc.) the black box BBk obviously by command of/from a programming host system (e.g., obviously, a conventional external device or flash programmer used during manufacture and/or during maintenance of the black box/vehicle, e.g., that provides the black box with its initial/renewed functionality and/or values, including its initial secret value Sk; paragraphs [0035], [0042], etc.), and then in each time interval Ti (e.g., as obviously determined by a host clock system), the black box BBk chooses a random integer ai “that it never discloses” (paragraph [0064]) and the black box BBk subsequently generates (for the interval Ti) private and public keys (Ki and gKi, respectively) according to Equations (4) and (5), respectively, based on both the secret value and the random number, and also generates and signs a certificate Certi which other vehicles will be able to trust (e.g., and that is valid for the time interval Ti, includes/contains the public key, etc., and that is generated based on a certificate CertCA from a CA that contains a signed check value V supplied by the manufacturer; FIG. 2) with the private key Ki (paragraph [0038]).  Then, for communication with other vehicles as described e.g., for example at paragraphs [0090]ff and/or original claims 11 to 14 and/or FIG. 5, etc. the black box BBk signs the message(s) to be broadcast by the [own] vehicle Ck, and then sends the signed message and Certi to the [own] vehicle Ck which then broadcasts the signed message along with Certi (that contains the public key gKi, etc., and is signed with Ki by the black box BBk) to other cars Ck’ (second terminals), e.g., such as shown in FIG. 5.  Then, in an embodiment, as indicated at paragraph [0092], “the [other] cars that will check the validity of the messages sent by [the vehicle] Ck will use [the public key] gKi to verify the signature [e.g., in the certificate, and in the message as described at embodiments of paragraphs [0022] and [0090]] on the messages”, e.g., in order to verify that Certi was correctly signed by the black box BBk.  They will compute V* (paragraph [0072]) and compare it with V supplied by the manufacturer to verify that the public key (e.g., gKi) in the certificate is bound to the hash-code value V signed by a trusted authority (CA) and the manufacturer’s secret value K, in order to thus authenticate the public key.  And in particular she reveals:
per claim 1, receiving, by a computing device of a first vehicle, a command from a host device [e.g., the obvious programming command by the programming host system by which each black box BBk is made to receive its own “secret value Sk” during manufacturing and/or servicing; and the obvious clock signal as a command from a host clock system in the black box/vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai chosen and used in the black box to generate the private/public keys (which are updated every certain interval Ti such as one year) to be changed];
in response to receiving the command, storing a device secret in memory [e.g., either the secret value Sk stored during manufacture and/or during maintenance of the vehicle in the black box BBk; or the (new) random number “ai”, that the black box BBk “does not disclose” (paragraph [0082]), obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generating, by the computing device using the device secret [e.g., generating, using sk, ai, etc. as the device secret used in the black box BBk, the vehicle’s public and private keys, with the certificate Certi including the public key gKi as at paragraph [0091] and thus also being generated from the device secret, and with the message being signed by the private key and thus also being generated (in part) from the device secret], a triple comprising an identifier, a certificate, and a public key [e.g., an identifier comprising either i) the signature (signing) of the certificate Certi, ii) the signature (signing, by BBk or Ck) of the message, e.g., signed with the private key, or iii) the certificate Certi; a certificate comprising the certificate Certi; and a public key comprising (for example) the public key pubTi or gKi e.g., in the embodiment of (introduced at) paragraph [0090]6], including:
generating, by the computing device using the device secret [e.g., using sk, ai, etc. as the device secret used in the black box BBk], the identifier [e.g., by BBk generating the [signed, with the signature as an identifier] certificate Certi as shown in FIG. 2, by BBk generating the private key Ki (using Equation 4, as at paragraph [0066]) that it uses to sign (as an identifier) Certi, etc.];
generating, by the computing device using the device secret, the certificate [e.g., Certi contains the public key(s)7 and is signed, with BBk generating the parts of Certi (e.g., public key, signature), etc. and also “generat[ing]” and “issu[ing]” the certificate Certi itself as shown in FIG. 2 and described e.g., at paragraph [0069], with the certificate parts being generating using sk, ai, etc. as the device secret]; and
generating, by the computing device using the device secret, the public key [e.g., the public keys (pubTi, gKi) generated by the black box BBk “based on a unique secret value” (paragraph [0032]) that is known to the black box BBk, for example by using Equation 5 to generate gKi, where the unique secret value is the device secret (e.g., sk, ai, etc.)]; and
It would have been obvious at the time the application was filed to implement or modify the Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method i) so that, in order for the emergency vehicle to sign warning messages (e.g., containing id, EV code, pEV, REV, vEV, etc.; page 28-4-1-4) asserting the sender as an emergency vehicle, etc. and attach a public key certificate as desired by Buchenscheit et al. (IEEE 2009) at page 28-4-1-4, both a certificate (e.g., CertCA in FIG. 2) from a CA including e.g., the check value V (e.g., from the manufacturer), etc. and a secret key sk (and/or ai) would have been “securely transferred to” and stored in a tamper resistant black box BBk (FIG. 2) of the (emergency) vehicle during manufacture and/or (renewal) maintenance, in the manner taught by Kounga et al. (EP, ‘813), e.g., for example, obviously based on commands provided initially (from a programming host system) when the black box was made/flashed, or during maintenance, and/or then subsequently (from a host clock system) at certain intervals (e.g., every year) used for generating updated keys based in part on new random numbers that are not disclosed, etc., as taught by Kounga et al. (EP, ‘813), and ii) so that currently valid private and public keys for the (emergency) vehicle and a (public key) certificate Certi (e.g., which other vehicles could trust, signed with the private key, and containing the signed trusted information including e.g., V, etc. from the CA certificate CertCA) would have been generated by the black box (BBk) in the (emergency) vehicle (FIG. 2 in Kounga et al. (EP, ‘813)) from the secret values, and then the (public key) certificate Certi and the public key would have been sent in signed (with private key signatures as identifiers) warning messages (containing id, EV code, etc.) to other vehicles, in order to allow authentication of the messages by other vehicles as desired by Buchenscheit et al. (IEEE 2009) and as taught by Kounga et al. (EP, ‘813) at paragraph [0035], etc., in order that the private key (Ki) would have been used for the emergency vehicle (having the black box BBk) to sign the certificate and/or the message(s), as taught by Kounga et al. (EP, ‘813) and Buchenscheit et al. (IEEE 2009), in order that the public key in the public key certificate (e.g., for example, in Certi in FIG. 2 of Kounga et al. (EP, ‘813) and in the embodiment introduced at paragraph [0090]), which was sent/disseminated by the emergency vehicle for the purpose of being used (by receiving vehicles) to verify the signature/identity of the emergency vehicle and decrypt/process the message in Buchenscheit et al. (IEEE 2009), would have been uniquely generated (for each emergency vehicle) using the secret key sk, etc., in order that (receiving) vehicles that received the public key certificate (e.g., obviously now Certi containing V, pubTi, gKi, Hi, etc. as taught by Kounga (EP, ‘813); see e.g., paragraph [0071], “its public key certificate Certi”) in the digitally signed message asserting the sender as an emergency vehicle would be able to evaluate the reliability of received message by themselves (e.g., by computing V*), authenticate the sending terminal, and verify that the black box BBk which generated the message respected the security requirements defined by trusted car manufacturers, as taught by Kounga et al. (EP, ‘813), in order to allow e.g., (emergency) vehicles to manage their own certificates by themselves (e.g., their Certi e.g., for each time interval Ti,) and to eliminate or avoid some certificate management problems at the CA side, as taught by Kounga et al. (EP, ‘813), as combining prior art elements according to known methods to yield predictable results (KSR), and as a use of a known technique to improve similar devices (methods, or products) in the same way (KSR).
As such, the implemented or modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method would have rendered obvious:
per claim 1, generating, by the computing device using the device secret [e.g., by the black box BBk using sk, ai, etc. as the (stored) device secret in Kounga et al. (EP, ‘813) for generating the private and public keys, Certi, etc.], a triple comprising an identifier, a certificate, and a public key [e.g., the triple generated in Kounga et al. (EP, ‘813) by the vehicle including the black box BBk, as the triple used by the emergency vehicle in Buchenscheit et al. (IEEE 2009) when it sends/disseminates the signed message with the public key certificate, where i) the message (or certificate) signature, the vehicle id in the message, and/or the EV code in the message is the identifier, ii) the public key certificate (e.g., Certi) is the certificate, and iii) the public key (e.g., gKi or pubTi) in the public key certificate is the public key], including:
generating, by the computing device using the device secret [e.g., using sk, ai, etc. as the device secret used in the black box BBk in Kounga et al. (EP, ‘813)], the identifier [e.g., by BBk generating the [signed, with the signature being an identifier] certificate Certi as shown in FIG. 2 of Kounga et al. (EP, ‘813), by BBk generating the private key Ki (using Equation 4, as at paragraph [0066]) that it uses to sign (as an identifier) Certi, etc.];
generating, by the computing device using the device secret, the certificate [e.g., Certi contains the public key(s)8 and is signed in Kounga et al. (EP, ‘813), with BBk generating the parts of Certi (e.g., public key, signature), etc. and also “generat[ing]” and “issu[ing]” the certificate Certi itself as shown in FIG. 2 and described e.g., at paragraph [0069], with the certificate parts being generating using sk, ai, etc. as the device secret]; and
generating, by the computing device using the device secret, the public key [e.g., the public keys (pubTi, gKi) generated by the black box BBk in Kounga et al. (EP, ‘813) “based on a unique secret value” (paragraph [0032]) that is known to the black box BBk, for example by using Equation 5 to generate gKi, where the unique secret value is the device secret (e.g., sk, ai, etc.)]; and 
sending, by the computing device, the triple to a second vehicle [e.g., sending the public key certificate in the signed message to receiving vehicles at page 28-4-1-4, right column, first full paragraph, of Buchenscheit et al. (IEEE 2009), where i) the message (or certificate) signature, the vehicle id in the message, and/or the EV code in the message is the identifier, ii) the public key certificate (e.g., Certi) is the certificate, and iii) the public key (e.g., gKi or pubTi) in the public key certificate is the public key], wherein the second vehicle is configured to verify an identity of the first vehicle using the triple [e.g. as taught at page 28-4-1-4, right column, first full paragraph, in Buchenscheit et al. (IEEE 2009); and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
per claim 2, wherein the device secret is:
received from the host device [e.g., as in the case of the secret value Sk in Kounga et al. (EP, ‘813) e.g., during vehicle manufacture and/or maintenance, obviously from a programming host system]; or
generated by the computing device after receiving the command from the host device [e.g., as in the case of the random integer ai in Kounga et al. (EP, ‘813) that it never discloses, obviously generated at each (new) time interval Ti after receiving an obvious host system clock signal];
per claim 3, wherein the device secret is associated with a predetermined status or class of the first vehicle [e.g., the vehicle in Kounga et al. (EP, ‘813) having a black box BBk manufactured by the manufacturer of the black box who provided the secret value Sk not used by any other car in that class; paragraph [0059]; and the emergency vehicle (provided with the secret value Sk) in Buchenscheit et al. (IEEE 2009)];
per claim 4, wherein the second vehicle is configured to perform an action in response to verifying the identity of the first vehicle [e.g., in Buchenscheit et al. (IEEE 2009), to display a detailed warning, provide audible feedback, etc.];
per claim 5, wherein the action is at least one of presenting an alert on a user display of the second vehicle [e.g., displaying the detailed warning (FIGS. 6 to 8), in Buchenscheit et al. (IEEE 2009)], changing a path of navigation or speed of the second vehicle [e.g., by stopping in FIG. 6, by driving right in FIGS. 7 and 8, etc. in Buchenscheit et al. (IEEE 2009)], or activating a brake system of the second vehicle [e.g., by stopping in FIG. 6, in Buchenscheit et al. (IEEE 2009)];
per claim 6, further comprising sending, by the computing device, the triple to a traffic control system, wherein the traffic control system is configured to:
verify the identity of the first vehicle using the triple [e.g., in Buchenscheit et al. (IEEE 2009), from the sent warning message initiating an action for emergency vehicle preemption control of the traffic light; e.g., Section IV., C.]; and
in response to verifying the identity of the first vehicle, change a state of the traffic control system to allow passage of the first vehicle [e.g., Section IV., C. in Buchenscheit et al. (IEEE 2009) with the EmergencyVehicleWarning-Plugin and the TrafficLight-Plugin deviating only in the action they initiate];
per claim 7, wherein the device secret replaces, in the memory, a previously-stored device secret [e.g., for Sk in Kounga et al. (EP, ‘813), at maintenance of the vehicle, when the secret can be renewed (paragraph [0042]); see also paragraph [0035], “Black boxes in one embodiment store security parameters that can be updated regularly, e.g. once a year when the car is undergoing maintenance.”];
per claim 10, further comprising, after the second vehicle has verified the identity of the first vehicle:
encrypting, by the computing device using a private key, a message [e.g., page 28-4-1-4, right column, first full paragraph, in Buchenscheit et al. (IEEE 2009), using private keys to sign and public keys to decrypt/verify, as taught by Kounga et al. (EP, ‘813), as is/was conventional and well-known], wherein the private key and the public key are an associated pair generated using the device secret [e.g., as taught by Kounga et al. (EP, ‘813)]; and
sending, by the computing device, the encrypted message to the second vehicle [e.g., sending the emergency vehicle’s message to the other vehicles, in Buchenscheit et al. (IEEE 2009)], wherein the encrypted message includes a freshness;
per claim 11, wherein the message includes configuration data [e.g., the emergency vehicle warning message includes id, EV code, pEV, REV, vEV, etc. in Buchenscheit et al. (IEEE 2009) (page 28-4-1-4) and used to generate the detailed warnings (FIG. 4)], the second vehicle is configured to perform an action in response to receiving the message [e.g., display the detailed warning in Buchenscheit et al. (IEEE 2009); FIGS. 6 to 8], and the action is performed by the second vehicle in conformance with the configuration data [e.g., the warning, with instructions to the driver, is displayed, the volume of radio and entertainment systems is turned down, and audible feedback is provided, in Buchenscheit et al. (IEEE 2009)];
per claim 12, a system, the system comprising:
at least one processor [e.g., obviously for running the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles as taught by Kounga et al. (EP, ‘813)] configured in a first vehicle; and
memory containing instructions [e.g., obviously for storing the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles, with the stored security parameters, obviously including (secret) values and keys, as taught by Kounga et al. (EP, ‘813)] which, when executed by the at least one processor, are configured to instruct the at least one processor to:
store a device secret [e.g., in Kounga et al. (EP, ‘813), either the secret value Sk stored during manufacture and/or during maintenance of the vehicle; or the random number “ai” obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generate, using the device secret, a certificate [e.g., in Kounga et al. (EP, ‘813), the certificate Certi including the public key gKi e.g., in the embodiment of (introduced at) paragraph [0090] generated by the black box BBk (see e.g., paragraph [0036] and Step 1 in FIG. 2) based on the secret value, random number, etc.; and in Buchenscheit et al. (IEEE 2009), the public key certificate as the certificate to be sent in the signed message to other vehicles; page 28-4-1-4, right column, first full paragraph], an identifier [e.g., by BBk generating the [signed, with the signature being an identifier] certificate Certi as shown in FIG. 2 of Kounga et al. (EP, ‘813), by BBk generating the private key Ki (using Equation 4, as at paragraph [0066]) that it uses to sign (as an identifier) Certi, etc.], and a public key [e.g., the public keys (pubTi, gKi) generated by the black box BBk in Kounga et al. (EP, ‘813) “based on a unique secret value” (paragraph [0032]) that is known to the black box BBk, for example by using Equation 5 to generate gKi, where the unique secret value is the device secret (e.g., sk, ai, etc.)], and
a triple [e.g., the (signed) messages in FIG. 2 of Kounga et al. (EP, ‘813), that include the signed certificate, public key(s), etc. as being made of e.g., three parts (a triple)] comprising the identifier, the certificate and the public key; and
send the certificate to a second vehicle [e.g., to the vehicle to which the emergency vehicle warning is to be sent/disseminated, in Buchenscheit et al. (IEEE 2009), and to the second terminal (vehicle) in Kounga et al. (EP, ‘813)], wherein the second vehicle is configured to verify an identity of the first vehicle using the certificate [e.g., in Buchenscheit et al. (IEEE 2009), by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
per claim 13, wherein the device secret is:
received from a host device [e.g., as in the case of the secret value Sk in Kounga et al. (EP, ‘813) e.g., during vehicle manufacture and/or servicing/maintenance, obviously from a programming host system by which the black box BBk is made to receive its own “secret value sk”; and/or from a host clock system in the black/box vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai used in the black box to generate the private/public keys to be changed]; or 
generated by the system after receiving the command from the host device [e.g., as in the case of the random integer ai in Kounga et al. (EP, ‘813) that it never discloses, generated at each (new) time interval Ti after receiving an obvious host system clock signal];
per claim 15, wherein the second vehicle is configured to perform an action in response to verifying the identity of the first vehicle, and wherein the action is at least one of presenting an alert on a user display of the second vehicle [e.g., displaying the detailed warning (FIGS. 6 to 8), in Buchenscheit et al. (IEEE 2009)], changing a path of navigation or speed of the second vehicle [e.g., by stopping in FIG. 6, by driving right in FIGS. 7 and 8, etc. in Buchenscheit et al. (IEEE 2009)], or activating a brake system of the second vehicle [e.g., by stopping in FIG. 6, in Buchenscheit et al. (IEEE 2009)];
per claim 16, wherein the device secret is associated with a predetermined status or class of the first vehicle [e.g., the vehicle in Kounga et al. (EP, ‘813) having a black box BBk manufactured by the manufacturer of the black box who provided the secret value Sk not used by any other car in that class; paragraph [0059]; and the emergency vehicle (provided with the secret value Sk) in Buchenscheit et al. (IEEE 2009)];
per claim 17, a non-transitory computer storage medium storing instructions [e.g., obviously for storing the EmergencyVehicle-Plugin, the EmergencyVehicleWarning-Plugin, etc. in Buchenscheit et al. (IEEE 2009), such as obviously utilized in the prototype notebook computers; and for effecting the public key/private key communication between vehicles, with the stored security parameters, obviously including (secret) values and keys, as taught by Kounga et al. (EP, ‘813)]which, when executed on a computing device of a first vehicle, cause the computing device to at least:
receive a command from a host device [e.g., in Kounga et al. (EP, ‘813), the obvious programming command by the programming host system by which each black box is made to receive its own “secret value Sk” during manufacturing and/or servicing; and the clock command from a host clock system received from an obvious processor in the black box/vehicle that causes minutes to change and thus the intervals Ti and the random numbers ai used in the black box to generate the private/public keys to be changed];
in response to receiving the command, store a device secret in memory [e.g., in Kounga et al. (EP, ‘813), either the secret value Sk stored during manufacture and/or during maintenance of the vehicle; or the random number “ai” obviously chosen and newly stored in RAM every interval Ti (in response to an obvious host clock signal, as an implicit command to store a new random number); with the vehicle’s public and private keys then being generated from sk, ai, etc.];
generate, using the device secret, an identifier, a certificate, and a public key, and a triple comprising the identifier, the certificate, and the public key [e.g., in Kounga et al. (EP, ‘813), generating the keys, etc., with the signing (signature) of the certificate and/or the message, signed with the private key, being the identifier, the certificate Certi being the certificate, and the public key gKi being the public key e.g., for example, in the embodiment of (introduced at) paragraph [0090], and the combinations of the e.g., three parts (signatures, certificates/ public keys) in the message(s) of FIG. 2 being respective “triple[s]”; and in Buchenscheit et al. (IEEE 2009), the signature as an identifier, the public key certificate as the certificate, and the public key in the public key certificate as the public key; page 28-4-1-4, right column, first full paragraph]; and
send the triple to a second vehicle [e.g., to the vehicle to which the emergency vehicle warning is to be sent/disseminated, in Buchenscheit et al. (IEEE 2009), and to the second terminal (vehicle) in Kounga et al. (EP, ‘813)], wherein the second vehicle is configured to verify the identity of the first vehicle using the triple [e.g., in Buchenscheit et al. (IEEE 2009), by verifying the signature, that the vehicle does not lack the required emergency vehicle property; page 28-4-1-4; and as taught at paragraph [0092] by Kounga et al. (EP, ‘813)];
Claims 8, 9, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Buchenscheit et al. (“A VANET-based emergency vehicle warning system”, 2009 IEEE Vehicular Networking Conference (VNC), Date of Conference: 28-30 Oct. 2009, Paper No. 28-4-1, 8 pages) in view of Kounga et al. (European, EP 2003813) as applied to claims 1, 12, and 17 above, and further in view of Komano et al. (2019/0056925).
Buchenscheit et al. (IEEE 2009) as implemented or modified in view of Kounga et al. (EP, ‘813) has been described above.
The implemented or modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method may not reveal the details by which the secret value Sk and other security parameters were securely transferred to and then updated regularly in (e.g. once a year when the car is undergoing maintenance; paragraph [0035] in Kounga et al. (EP, ‘813), e.g., when Sk was being “renewed” (paragraph [0042] which the examiner understands to encompass “being made new again”, e.g., a new secret value)) the black box BBk, although the examiner understands that secure firmware (including code, values, etc.) loading and/or updating was well-known in the art at the time the application was filed.
However, in the context/field of securely updating firmware for terminals (20) in a vehicle having a number of terminals connected by a bus, Komano et al. (‘925) teaches that (during an update control process), a terminal provides its identifier (ID) and stored firmware version which is transmitted to a distribution server (120), update data (updated firmware) is provided to the terminal from the server, and then verification using a message authentication code (MAC) of the updated firmware is performed by the terminal, with the overall update result being confirmed from the terminal to the server, indicating that the firmware in the terminal has been updated.
It would have been obvious at the time the application was filed to implement or further modify the Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method so that, for securely transferring to and then regularly updating security parameters (including the secret value Sk, etc.) in the vehicle’s black box as desired by Kounga et al. (EP, ‘813) as firmware, message authentication codes (MAC) as taught by Komano et al. (‘925) would have been conventionally used together with a secret key shared in advance in Kounga et al. (EP, ‘813) in order to (transfer to and then) regularly update the firmware (security parameters, secret value, code, etc.) in the black box (e.g., once a year when the car is undergoing maintenance; paragraph [0035] in Kounga et al. (EP, ‘813)), using the MAC technique taught in FIG. 3 of Komano et al. (‘925), in order to effect the secure (transfer and) regular updating (together with its verification) of the secret value Sk, etc. as secure parameters, as specifically desired by Kounga et al. (EP, ‘813), and as a use of a known technique to improve similar devices (methods, or products) in the same way (KSR).
As such, the implemented or further modified Buchenscheit et al. (IEEE 2009) VANET-based emergency vehicle warning system and method would have rendered obvious:
per claim 8, further comprising storing a secret key used to communicate with the host device, wherein the secret key is used as an input to a message authentication code to generate the device secret [e.g., in order to “securely transfer[]” the secret value Sk to the black box in Kounga et al. (EP, ’813), and then regularly update the black box’s security parameters, etc.  as taught at paragraph [0035], [0038], [0061], etc. during manufacture and once a year maintenance, it would have been obvious to one of ordinary skill in the art that a secure connection between the black box and a distribution server would have been effected as taught by Komano et al. (‘925), with the communication verification occurring by means of the “message authentication code” using a secret key that was shared in advance between the vehicle terminal (black box) and server, as taught by Komano et al. (‘925)];
per claim 9, wherein the command is authenticated using the secret key, the method further comprising sending, by the computing device to the host device, a confirmation that the device secret has been stored [e.g., the update result at S105 and S106 in FIG. 3 of Komano et al. (‘925), indicating that the firmware in the terminal (BBk) had been updated, e.g., including a renewed (updated) secret value Sk];
per claim 14, further comprising memory storing a secret key for communications with the host device [e.g., the secret key shared in advance in Komano et al. (‘925); paragraphs [0028], [0052], etc.], wherein the instructions are further configured to instruct the at least one processor to use the secret key as an input to a message authentication code [e.g., for the verification at paragraph [0052] in Komano et al. (‘925)] to generate the device secret [e.g., so that the firmware update would be verified as stored, and by the firmware update the renewed Sk would be made available to be generated e.g., in the RAM of the black box for generating (by mathematical calculation that employed Sk as in input) the private and public keys];
per claim 18, wherein storing the device secret in memory comprises replacing a previously-stored device secret with the device secret [e.g., to “update[]” the security parameters obviously including the (e.g., “renewed”) secret value Sk, as taught at paragraphs [0035], [0038], [0042], [0061], etc. in Kounga et al. (EP, ‘813)], and wherein the instructions further cause the computing device to send the identifier to the host device [e.g., the next time (e.g., next year) that the (black box) firmware is to be updated e.g., at S101 in FIG. 3 of Komano et al. (‘925)];
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 2, 12, 13, and 17 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 to 7, 12, and 14 to 22 of copending Application No. 16/363211 (reference application #1). Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations in the rejected claims of the present application appear, with only slight variations in wording, in the claims of the reference application #1 as in the Table provided below, thus making the claims in the two applications patentably indistinct in scope.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1, 2, 7, 8, 10, 12 to 14, 17, 19, and 20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 to 20 of copending Application No. 16/363196 (reference application #2) in view of Kounga et al. (European, 2003813; described above). Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations in the rejected claims of the present application appear, with only slight variations in wording, in the claims of the reference application #2, through lacking the limitations related to vehicles which are shown by Kounga et al. (EP, ‘813) as was an obvious application for the identity verification/authentication in the reference application #2, in order to identify and authenticate vehicles, as in the Table provided below, thus making the claims in the two applications patentably indistinct in scope.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim in 16/363088
(Present Application) 
Corresponding claim(s) in 16/363211 (dt.06/04/2021)
Reference Application #1
Corresponding claim(s) in 16/363196 (dt.03/25/2019)
Reference Application #2
1
1, 2, 3, 12, 15, 16, 19
1, 6, 11, 13, 18
2
1, 16, 19
6, 13
-


-


-


-


7

6, 13
8

5, 14
-


10

8, 16, 19
-


12
1, 2, 3, 15, 16, 19
1, 6, 11, 13, 18
13
1, 12, 16, 19
6, 13
14

5, 14
-


-


17
1, 2, 3, 15, 12, 16, 19
1, 6, 11, 13, 18
-


19

8, 19
20

8, 19


Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David A Testardi whose telephone number is (571)270-3528.  The examiner can normally be reached on Monday - Friday, 8:30am - 5:30pm E.T.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Faris Almatrahi can be reached on (313)446-4821.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DAVID A TESTARDI/Examiner, Art Unit 3667                                                                                                                                                                                                        


    
        
            
        
            
        
            
    

    
        1 See MPEP § 2106.04(a)(2)(I)(C); see also SAP Am., 898 F.3d at 1163 (holding that claims to a “series of mathematical calculations based on selected information” are directed to abstract ideas).
        2 That was previously limited to, “for use in a first vehicle”.
        3 See e.g., Bilski v. Kappos, 561 U.S. 593 (“Flook established that limiting an abstract idea to one field of use . . . did not make the concept patentable.”)
        4 Here, the examiner merely notes that since the claim is directed to a method, which is a series of acts/steps (MPEP 2106.03, I.), and the final recited act is sending the triple to the second vehicle.  Therefore what the second vehicle is or may be configured to do with the sent triple is apparently not an “act”, is apparently “outside the scope of the claim” (see the USPTO presentation noted below), and therefore need not be shown by the examiner.  See e.g., Q5 and Q5a in the “Claim Interpretation” presentation (page 42) at:  https://www.uspto.gov/sites/default/files/documents/claim_interpretation_2019.pptx . Applicant may add to the method a final act/step of, “verifying, by the second vehicle, an identity of the first vehicle using the triple”, if applicant desires that the claimed method be limited to including such an act of the second vehicle.
        5 And improving on conventional techniques such as disclosed by Raya et al. (IEEE 2006), cited at paragraph [0002] in Kounga et al. (EP, ‘813) and cited herewith.  See “Prior Art” section near the end of this Office action for a description of Raya et al. (IEEE 2006).
        6 See, for example, FIG. 2 in Kounga et al. (EP, ‘813), reproduced below/on the next page, where the black box BBk generates the certificate Certi for the vehicle Ck from the certificate CertCA(V,…) received from the Certificate Authority (CA):
        
    PNG
    media_image1.png
    655
    1040
    media_image1.png
    Greyscale

        7 And/or is sent together with the public key gKi as shown in FIG. 2.
        8 And/or is sent together with the public key gKi as shown in FIG. 2.