DETAILED ACTION
This Office Action is in response to application 16/835,937 filed on March 31, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/14/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stottinger et al. (Stottinger) U.S. Pub. Number 2021/0167956, in view of Yi et al. (Yi) U.S. Pat. Number 10,510,055. 
Regarding claim 1; Stottinger discloses a method for injecting secrets in an autonomous vehicle, comprising:
issuing configuration parameters for acquiring a set of secrets (para. [0028] key generation device 10 comprises a storage device for storing provided secrets 24a, 24b, wherein the secrets 24a, 24b can, for example, be secret keys, passwords or passphrases. The provision of the secrets 24a, 24b for the key generation device 10 can, for example, take place through an initial download during the implementation of the communication system 100);
communicating with a secrets service to request the set of secrets (para. [0030] key generation device 10 comprises a computing unit that generates cryptographic keys 26a, 26b on the basis of the secrets 24a, 24b and of the authorization information 22. The cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms… the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c);
obtaining, at a secrets injection tool, the set of secrets from the secrets service (para. [0030] key generation device 10 comprises a computing unit that generates cryptographic keys 26a, 26b on the basis of the secrets 24a, 24b and of the authorization information 22. The cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms. In the exemplary embodiment illustrated, the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c); and
injecting, by the secrets injection tool, secrets from the set of secrets in respective [[autonomous]] vehicle locations (para. [0030] cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms. In the exemplary embodiment illustrated, the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c). 

Stottinger does not disclose, which discloses an autonomous vehicle (Yi: col. 1, lines 51-67, determining an autonomous vehicle and a vehicle access token (VAT) for the autonomous vehicle by the transportation service platform in response to the transportation service request, sending a first copy of the VAT by the transportation service platform to the user device, and sending the passenger secret and a second copy of the VAT by the transportation service platform to the autonomous vehicle). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Stottinger to provide an autonomous vehicle, as taught by Yi. The motivation would be to provide improving safety and security for autonomous vehicle, for example, vehicles being hacked or operated by malicious people.

Regarding claim 2; the combination of Stottinger and Yi discloses the method of claim 1, wherein issuing the configuration parameters includes issuing a set of endpoints, 
(Stottinger: para. [0030] the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c), and
wherein respective ones of the set of endpoints indicate locations of the respective secrets within the secrets service (Stottinger: para. [0030] the cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c).

Regarding claim 3; the combination of Stottinger and Yi discloses the method of claim 1, wherein issuing the configuration parameters includes issuing a set of locations, 
wherein respective ones of the set of locations correspond to respective secrets from the set of secrets (Stottinger: para. [0036] wherein the key generation device 10a is an element of the vehicle-internal control device 18a, and the key generation device 10b is an element of the vehicle-internal control device 18b. The secret 24 is provided to the key generation devices 10a, 10b, wherein the key generation devices 10a, 10b are configured to derive a cryptographic key on the basis of the secret 24, wherein this is directly usable by the respective control device 18a, 18b in the context of security measures 16a, 16b), and
wherein respective ones of the set of locations indicate injection locations of the respective secrets (Stottinger: para. [0036] the key generation devices 10a, 10b are configured to derive a cryptographic key on the basis of the secret 24, wherein this is directly usable by the respective control device 18a, 18b in the context of security measures 16a, 16b).

Regarding claim 4; the combination of Stottinger and Yi discloses the method of claim 1, wherein communicating includes transmitting a request for the set of secrets from the secrets injection tool to the secrets service (Stottinger: para. [0033] the key-exchange event 20a-20c is captured by a vehicle-internal control unit 12, so that the control unit 12 also initiates the generation of the new cryptographic keys 26a, 26b as well as the provision of the cryptographic keys 26a, 26b that have been generated).

Regarding claim 5; the combination of Stottinger and Yi discloses the method of claim 1, wherein communicating includes transmitting the configuration parameters from the secrets injection tool to the secrets service (Stottinger: para. [0035] the vehicle-internal communication system 100 is furthermore configured to provide key generation parameters to a vehicle-external computer system 102).

Regarding claim 6; the combination of Stottinger and Yi discloses the method of claim 1, wherein issuing configuration parameters includes issuing at least one of variable values, a DNS name, and a location of a trusted certificate authority certificate (Stottinger: para. [0035] key generation parameters allow the vehicle-external computer system 102 to generate the cryptographic keys 26a, 26b that are used by the vehicle-internal control devices 18a-18c. This allows the keys 26a, 26b that are generated internally to the vehicle also to be generated outside the vehicle).

Regarding claim 7; the combination of Stottinger and Yi discloses the method of claim 1, wherein issuing configuration parameters includes issuing the configuration parameters to a secrets injection tool, and further comprising requesting a credential from the secrets service using the configuration parameters (Stottinger: para. [0012] key generation device for example uses a key derivation function such as, for example, PBKDF2 to generate the at least one key. The at least one secret can, for example, be a secret key, a password or a passphrase. The at least one secret can be downloaded).

Regarding claim 8; the combination of Stottinger and Yi discloses the method of claim 1, wherein obtaining the set of secrets includes obtaining at least one of a certificate, a password, an encryption key, and a decryption key (Stottinger: para. [0015] key-exchange event may captured by a vehicle-internal control unit, wherein the control unit initiates the generation of the at least one new cryptographic key and/or the provision of the at least one new cryptographic key. The vehicle-internal control unit thus functions as a rekeying manager).

Regarding claim 9; the combination of Stottinger and Yi discloses the method of claim 1, wherein injecting secrets in the respective autonomous vehicle locations includes storing secrets in at least one non-persistent memory (Yi: col. 21, lines 7- 30, vehicle 730 may include, for example, a controller 732, one or more sensors 736, one or more transceivers 738, a memory system 734, … may include memory devices at different hierarchical levels, such as cache, ROM, … non-volatile memory devices that may store data, software, firmware, etc. For example, memory system 734 may store a security application 760, which may be implemented as a software or firmware module and may be executed by controller 732. Security application 760 may include, for example, a secret decoder 762 configured to decrypt expected passenger secret using a secret key, and a biometric comparator 764 configured to compare expected decrypted passenger biometric information and passenger biometric information collected on-site by one or more sensor(s) 736). The reason to combine Stottinger and Yi is similar to claim 1, above.

Regarding claim 10; the combination of Stottinger and Yi discloses the method of claim 9, wherein the non-persistent memory expires with an occurrence of an event (Yi: col. 21, lines 54-65, clock 745 may be used to determine the time (e.g., expiration time) and synchronize electronic components on user device 740. Memory system 744 may include memory devices at different hierarchical levels, such as cache, ROM, DRAM, flash memory, solid state drive, or other volatile or non-volatile memory devices that may store data), and wherein the event includes at least one of: the autonomous vehicle is turned off, the autonomous vehicle is serviced, the autonomous vehicle is charged, and the autonomous vehicle completes a route (Stottinger: para. [0014] key-exchange event may be an environmental change, such as the change in the position, the change in the route and/or the exceeding of physical limit parameters. The key-exchange event may furthermore also be exceeding of a time limit. The key-exchange event may, moreover, be a vehicle-internal change, which can for example be ascertained by means of anomaly detection). The reason to combine Stottinger and Yi is similar to claim 1, above.

Regarding claim 11; Stottinger discloses a system for injection of secrets to an autonomous vehicle, comprising:
 a secrets injection tool in the autonomous vehicle configured to:
communicate with secrets service to obtain a subset of the plurality of secrets (para. [0030] key generation device 10 comprises a computing unit that generates cryptographic keys 26a, 26b on the basis of the secrets 24a, 24b and of the authorization information 22. The cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms… the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c), and
inject each secret of the subset in a respective [[autonomous]] vehicle location (para. [0030] cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms. In the exemplary embodiment illustrated, the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c). 

Stottinger does not disclose, which discloses a secrets service configured to store a plurality of secrets for a fleet of vehicles including the autonomous vehicle (Yi: col. 9, lines 5-16, a transportation service platform or an autonomous fleet operator 150 may provide the connection between a passenger and an autonomous vehicle with wireless communication devices, such as a smart phone or a communication subsystem in an autonomous vehicle. For example, a user device 160 used by a passenger 180 may have an application installed or may use a browser to request transportation service through transportation service platform or the autonomous fleet operator 150).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Stottinger to provide a fleet of vehicles including the autonomous vehicle, as taught by Yi. The motivation would be to provide improving safety and security for autonomous vehicle, for example, vehicles being hacked or operated by malicious people.

Regarding claim 12; the combination of Stottinger and Yi discloses the system of claim 11, wherein a first respective autonomous vehicle location is a non-persistent storage, and wherein a first respective secret of the subset is stored in the non-persistent storage (Yi: col. 21, lines 7- 30, vehicle 730 may include, for example, a controller 732, one or more sensors 736, one or more transceivers 738, a memory system 734, … may include memory devices at different hierarchical levels, such as cache, ROM, … non-volatile memory devices that may store data, software, firmware, etc. For example, memory system 734 may store a security application 760, which may be implemented as a software or firmware module and may be executed by controller 732. Security application 760 may include, for example, a secret decoder 762 configured to decrypt expected passenger secret using a secret key, and a biometric comparator 764 configured to compare expected decrypted passenger biometric information and passenger biometric information collected on-site by one or more sensor(s) 736). The reason to combine Stottinger and Yi is similar to claim 1, above.

Regarding claim 13; the combination of Stottinger and Yi discloses the system of claim 12, wherein the non-persistent storage is in a first container (Yi: col. 21, lines 27- 30, memory system 734 may store a security application 760, which may be implemented as a software or firmware module and may be executed by controller 732), and wherein the first container further includes at least one application container (Yi: col. 21, lines 7- 30, vehicle 730 may include, for example, a controller 732, one or more sensors 736, one or more transceivers 738, a memory system 734, … may include memory devices at different hierarchical levels, such as cache, ROM, … non-volatile memory devices that may store data, software, firmware, etc. For example, memory system 734 may store a security application 760, which may be implemented as a software or firmware module and may be executed by controller 732. Security application 760 may include, for example, a secret decoder 762 configured to decrypt expected passenger secret using a secret key, and a biometric comparator 764 configured to compare expected decrypted passenger biometric information and passenger biometric information collected on-site by one or more sensor(s) 736). The reason to combine Stottinger and Yi is similar to claim 1, above.

Regarding claim 14; the combination of Stottinger and Yi discloses the system of claim 13, wherein the at least one application container includes an application that uses the first respective secret (Yi: col. 14, lines 25-35, vehicle electronic system 400 can be part of security and safety platform 300 of FIG. 3. Vehicle electronic system 400 can also be part of an autonomous driving (AD) vehicle and can include various electronic components including, for example, an AD controller 402, an infotainment system 404, and external sensors 40). The reason to combine Stottinger and Yi is similar to claim 1, above.

Regarding claim 15; the combination of Stottinger and Yi discloses the system of claim 11, further comprising a set of configuration parameters provided to the secrets injection tool, wherein the configuration parameters include a set of endpoints, wherein respective ones of the set of endpoints correspond to respective secrets from the subset of secrets (Stottinger: para. [0030] the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c), and
wherein respective ones of the set of endpoints indicate locations of the respective secrets within the secrets service (Stottinger: para. [0030] the cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c).
Regarding claim 16; the combination of Stottinger and Yi discloses the system of claim 15, wherein the configuration parameters include a set of locations, wherein the respective autonomous vehicle location corresponds to a respective secret from the subset of secrets (Stottinger: para. [0036] wherein the key generation device 10a is an element of the vehicle-internal control device 18a, and the key generation device 10b is an element of the vehicle-internal control device 18b. The secret 24 is provided to the key generation devices 10a, 10b, wherein the key generation devices 10a, 10b are configured to derive a cryptographic key on the basis of the secret 24, wherein this is directly usable by the respective control device 18a, 18b in the context of security measures 16a, 16b), and
wherein the respective autonomous vehicle location indicates an injection location of the respective secret (Stottinger: para. [0036] the key generation devices 10a, 10b are configured to derive a cryptographic key on the basis of the secret 24, wherein this is directly usable by the respective control device 18a, 18b in the context of security measures 16a, 16b).

Regarding claim 17; Stottinger discloses a method of providing secrets to a set of autonomous vehicles, comprising:
issuing, to each vehicle in the set of autonomous vehicles, respective credentials for acquiring a respective set of secrets (para. [0028] key generation device 10 comprises a storage device for storing provided secrets 24a, 24b, wherein the secrets 24a, 24b can, for example, be secret keys, passwords or passphrases. The provision of the secrets 24a, 24b for the key generation device 10 can, for example, take place through an initial download during the implementation of the communication system 100);
communicating, from each vehicle in the set of autonomous vehicles, with a secrets service to request the respective set of secrets corresponding to the respective credentials (para. [0030] key generation device 10 comprises a computing unit that generates cryptographic keys 26a, 26b on the basis of the secrets 24a, 24b and of the authorization information 22. The cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms… the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c); and
transmitting, from the secrets service to each vehicle in the set of autonomous vehicles, the respective sets of secrets (para. [0030] cryptographic keys 26a, 26b that are generated are provided to a plurality of vehicle-internal control devices 18a-18c via a distribution device 14 using key exchange algorithms. In the exemplary embodiment illustrated, the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c). 

Stottinger does not disclose, which discloses an autonomous vehicle (Yi: col. 1, lines 51-67, determining an autonomous vehicle and a vehicle access token (VAT) for the autonomous vehicle by the transportation service platform in response to the transportation service request, sending a first copy of the VAT by the transportation service platform to the user device, and sending the passenger secret and a second copy of the VAT by the transportation service platform to the autonomous vehicle). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Stottinger to provide an autonomous vehicle, as taught by Yi. The motivation would be to provide improving safety and security for autonomous vehicle, for example, vehicles being hacked or operated by malicious people.

Regarding claim 18; the combination of Stottinger and Yi discloses the method of claim 17, wherein each of the respective sets of secrets is, at least in part, unique (Stottinger: para. [0028] secrets 24a, 24b can, for example, be secret keys, passwords or passphrases. The provision of the secrets 24a, 24b for the key generation device 10 can, for example, take place through an initial download during the implementation of the communication system 100).

Regarding claim 19; the combination of Stottinger and Yi discloses the method of claim 17, wherein transmitting the respective sets of secrets includes:
transmitting to a first vehicle in the set of autonomous vehicles a first respective set of secrets corresponding to a first respective credential (Stottinger: para. [0030] the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c), and 
denying the first vehicle access to secrets excluded the first respective set of secrets (Stottinger: para. [0016] the control unit monitors the provision and/or the distribution of new cryptographic keys to one or a plurality of control devices and/or adapts the provision and/or the distribution of new cryptographic keys to one or a plurality of control devices. The rekeying process can be modified dynamically in that the control unit permits an adaptation of the key generation and/or an adaptation of the key distribution… Through a change to the specification it is possible to ensure that one or a plurality of secrets are no longer used for key generation).

Regarding claim 20; the combination of Stottinger and Yi discloses the method of claim 17, wherein issuing the respective credentials includes issuing respective sets of path endpoints, wherein respective ones of the sets of path endpoints correspond to respective secrets (Stottinger: para. [0014] the key-exchange event may be an environmental change, such as the change in the position, the change in the route and/or the exceeding of physical limit parameters;  para. [0030] the key generation device 10 generates the cryptographic key 26a on the basis of the secret 24a and the cryptographic key 26b on the basis of the secret 24b. The cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c), and
wherein respective ones of the sets of path endpoints indicate locations of the respective secrets within the secrets service (Stottinger: para. [0030] the cryptographic key 26a is provided to the vehicle-internal control devices 18a, 18b. The cryptographic key 26b is provided to the vehicle-internal control device 18c).

Examiner’s remarks to overcome the rejection above
The Examiner encourage to contact the examiner to discuss claim’s amendment before responding to this Office Action to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2019/0342275 A1 to Olive-Olive teaches  generate a key derivation key and transmit the key derivation key to the data service system, wherein the key derivation key is encrypted within the initialization request message using a public operational encryption key received in the session reply message; receive an initiation response message from the data service system that includes an indication confirming whether message encryption is elected; when the initiation response message confirms that message encryption is elected generate at least one Message Encryption Key (MEK) by applying the key derivation key to a key derivation function.

U.S. Pub. Number 2020/0186333 A1 to Schubert-Schubert teaches a vehicle includes a controller. The controller is configured to send a nonce encrypted according to a symmetric encryption key. The nonce is sent responsive to receiving a pair request over a personal area network from a nomadic device outside the vehicle. The controller is further configured to initialize a secure connection using a random key and permit vehicle access according to data received via the secure connection. The initialization is responsive to receiving a concatenation of the random key and an incrementation of the nonce encrypted with the symmetric encryption key. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-
/VU V TRAN/Examiner, Art Unit 2491