DETAILED ACTION
This communication is in respond to application filed on September 30, 2019 in which claims 1-24 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2, 3, and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 2 recites the limitation “when woken up for a first time” in line 3, it is not clear what the woken up is referring to. Claim 2 further recites “a public key associated with the certificate” in line 6, however, there is a previously recited “a public key associated with the certificate” in parent claim 1 (lines 7-8), it is not clear whether the public key recited in claim 2 is the same public key recited in claim 1.

Claim 3 recites “a certificate assigned to the first control” in lines 3-4, however, there is a previously recited “a certificate assigned to the first controller” in parent claim 1 (line 5), it is not 

Claim 15 recites the limitation “the request transmission unit is responsive to an update request... for transmitting an inherent information request including the certificate...” in lines 2-4, the scope of this limitation is not clear. As recited in parent claim 13, the request transmission unit is a component of the apparatus, this limitation appears to suggest that the request transmission unit only acts when an update request is received; further, it is not clear whether the “transmitting an inherent information request...” recited in claim 15 (lines 3-4) is the same “an inherent information request” recited in parent claim 13, line 3.

Allowable Subject Matter
Claim 15 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims. No prior art of record teach or fairly suggest transmitting an inherent information request in responsive to an update request from an backend server for a specified controller out of the plurality of second controllers, for transmitting an inherent information request including the certificate assigned to the apparatus to the specified controller; and wherein a controller information update is performed by causing the inherent information reception unit to receive an encrypted inherent information of the specified controller from the specified controller, causing the inherent information extraction unit to utilize a private key associated with the certificate for obtaining a decrypted inherent information from the encrypted inherent information having been received by the inherent information reception unit, and updating the decrypted inherent information in the storage unit in correspondence with the specified controller.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 6-8, 10-13, 16, 18-20 and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over US PG-PUB No. 2020/0151972 A1 to Nakajima et al. (hereinafter Nakajima) in view of US PG-PUB No. 2018/0007557 A1 to Lee et al. (hereinafter Lee) and US PG-PUB No. 2018/0270340 A1 to Ahmad et al. (hereinafter Ahmad).

transmitting an inherent information request to a suspicious controller of the plurality of second controllers for an inherent information of the suspicious controller (Nakajima, par 0093, “...the authentication part 101 performs configuration authentication for authenticating the validity of a configuration for each ECU of the plurality of ECUs, and registers an ECU that has failed the configuration authentication in an authentication error list 630. Specifically, the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs”, acquiring ECU information from ECU implies a request being sent from the authentication part 101 to each ECU, an ECU that has not been authenticated corresponds to a suspicious controller); 
receiving an encrypted inherent information of the suspicious controller from the suspicious controller, the encrypted inherent information having been encrypted (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs”, and par 0183-0184, “data transmitted and received between the authentication management apparatus 300 and the vehicle communication apparatus 100 may be encrypted in order to increase confidentiality... As a cryptographic algorithm used to generate configuration data from ECU information, a method based on public key cryptography may be used”); 

comparing the decrypted inherent information with a pre-stored inherent information (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs, and calculates a signature of each ECU based on the ECU information. The authentication part 101 compares the signature with configuration data 601 included in the configuration data table 610”); and 
determining the suspicious controller to be an anomalous controller when the decrypted inherent information is different from the pre-stored inherent information (Nakajima, par 0112, “If the comparison result is a non-match, the authentication part 101 determines that the configuration authentication is unsuccessful”);
Nakajima does not explicitly disclose the inherent information request including a certificate assigned to the first controller, however, in an analogous art in network communication security, Lee disclosed the concept of including a certificate with a public key of a device in a message sent by the device (Lee, par 0187, “the apparatus 800 may verify the signature of the device using a public-key included in the message (e.g., where the message included a certificate, which itself included the public-key of the device)”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Nakajima to incorporate the concept of including public key certificate in 
Nakajima disclosed encrypting inherent information of the second controller (Nakajima, par 0183), and further disclosed generating inherent information from the second control based on public key cryptography (Nakajima, par 0184) but does not explicitly disclose encrypting the data from second control using public key of the first control and decrypting the encrypted data using the private key associated with the certificate of the first controller, however, in an analogous art in network communication security, Ahmad disclosed encrypting and decrypting communications between two nodes using public and private keys (Ahmad, par 0048, “The data portion of the packet can be encrypted by the breath analysis device 130 using public-key cryptography. For example, a public key of the server 150 can be stored in memory of the breath analysis device 130 and be used to encrypt the data portion. The mobile application 115 may not have access to the corresponding private key of the server 150 and thus may not be configured to decrypt the data portion of the packet. Additionally, as long as the mobile application 115 does not have access to the private key of the server 150, the mobile application 115 may be unable to tamper with or change the data portion of the request without the server 150 being able to detect the tampering and thus rejecting the request. Likewise, the response to the request sent from the server 150 to the breath analysis device 130 may be encrypted using the public-key of the breath analysis device 130 such that the mobile application 115 is unable to read or tamper with the data without the breath analysis device 130 being able to detect the tampering”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Nakajima to further incorporate the 

As per claim 3, Nakajima-Lee-Ahmad disclosed the method of claim 1, further comprising:
transmitting an inherent information request to a specified controller out of the plurality of second controllers, the inherent information request including a certificate assigned to the first controller (Nakajima, par 0093, “...the authentication part 101 performs configuration authentication for authenticating the validity of a configuration for each ECU of the plurality of ECUs, and registers an ECU that has failed the configuration authentication in an authentication error list 630. Specifically, the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs”, acquiring ECU information from ECU implies a request being sent from the authentication part 101 to each ECU, each ECU identified to be authenticated corresponds to a specified controller; and Lee, par 0187, including public key certificate in a message sent by a device, the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein); 
receiving an encrypted inherent information of the specified controller from the specified controller, the encrypted inherent information of the specified controller having been encrypted with a public key associated with the certificate (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs”, and par 0183-0184, “data transmitted and received between the authentication management apparatus 300 and the vehicle communication apparatus 100 may be encrypted in order to increase confidentiality... As a cryptographic algorithm used to generate configuration data from ECU information, a method based on public key cryptography may be used”; and Ahmad, par 0048, encrypting/decrypting communications between two 
using the private key associated with the certificate to obtain a decrypted inherent information from the encrypted inherent information of the specified controller; and updating the encrypted inherent information of the specified controller in correspondence with the specified controller (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs, and calculates a signature of each ECU based on the ECU information. The authentication part 101 compares the signature with configuration data 601 included in the configuration data table 610”, and par 0183-0184, “data transmitted and received between the authentication management apparatus 300 and the vehicle communication apparatus 100 may be encrypted in order to increase confidentiality... As a cryptographic algorithm used to generate configuration data from ECU information, a method based on public key cryptography may be used”; and Ahmad, par 0048, encrypting/decrypting communications between two entities using public/private keys of the nodes; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 4, Nakajima-Lee-Ahmad disclosed the method of claim 1, wherein the inherent information comprises at least one of a boot loader or MAC information of the suspicious controller, and is a hash value of information on the suspicious controller (Nakajima, par 0079, “The ECU information 621 includes, as attributes of an ECU, information such as an ECU identification ID, an ECU information name, manufacturer information, vendor information, a hardware number, a version, a function classification, related in-vehicle functions, and related ECU inputs/outputs”, MAC address is a form of ECU identification information).

As per claim 6, Nakajima-Lee-Ahmad disclosed the method of claim 1, wherein a random value is added and encrypted when the inherent information is encrypted with the public key (Lee, par 0280, random number included as part of the message transmitted; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 7, Nakajima-Lee-Ahmad disclosed the method of claim 1, wherein the inherent information is stored as a table in matching relation with the plurality of second controllers, wherein the table is stored in a hardware security module (HSM) or stored after encryption (Nakajima, par 0183, data transmitted and received may be encrypted to increase confidentiality).

As per claim 8, Nakajima-Lee-Ahmad disclosed the method of claim 1, further comprising transmitting the certificate and a random value together when the inherent information is requested (Lee, par 0280, random number included as part of the message transmitted; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 10, Nakajima-Lee-Ahmad disclosed the method of claim 1, wherein the encrypted inherent information is transmitted from the suspicious controller when the suspicious controller that has received the inherent information request succeeds in verifying the certificate (Lee, par 0187, “the apparatus 800 may verify the signature of the device using a public-key included in the message (e.g., where the message included a certificate, which itself 

As per claim 11, Nakajima-Lee-Ahmad disclosed the method of claim 1, wherein the suspicious controller is determined to be an anomalous controller upon receiving no response for a preset time from the suspicious controller that has received the inherent information request, or when the suspicious controller fails to verify the certificate (Nakajima, par 0097, and 0120-0121, unit authentication unsuccessful indicates an unauthorized ECU; and Lee, par 0187, certificate verification as part of authenticating communication; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 12, Nakajima-Lee-Ahmad disclosed a non-transitory computer-readable medium storing a computer program, including computer-executable instructions for causing, when executed in a processor, the processor to perform the method of claim 1.

Claim 13 recites substantially the same limitations as claim 1, in the form of an apparatus implementing the corresponding method, therefore, it is rejected under the same rationale.

As per claim 16, Nakajima-Lee-Ahmad disclosed the apparatus of claim 13, wherein the inherent information comprises at least one of a boot loader or MAC information of the suspicious controller (Nakajima, par 0079, “The ECU information 621 includes, as attributes of an ECU, information such as an ECU identification ID, an ECU information name, manufacturer information, vendor information, a hardware number, a version, a function classification, related in-vehicle functions, and related ECU inputs/outputs”, MAC address is a form of ECU 

As per claim 18, Nakajima-Lee-Ahmad disclosed the apparatus of claim 13, wherein when the inherent information is encrypted with the public key, a random value is added and encrypted (Lee, par 0280, random number included as part of the message transmitted; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 19, Nakajima-Lee-Ahmad disclosed the apparatus of claim 13, wherein the inherent information is stored as a table in matching relation with the plurality of second controllers (Nakajima, par 0085, ECU function correlation table), wherein the table is stored in a hardware security module (HSM) or stored after encryption (Nakajima, par 0183, data transmitted and received may be encrypted to increase confidentiality).

As per claim 20, Nakajima-Lee-Ahmad disclosed the apparatus of claim 13, wherein the certificate and a random value are transmitted together when the request transmission unit requests the inherent information (Lee, par 0280, random number included as part of the message transmitted; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).



As per claim 23, Nakajima-Lee-Ahmad disclosed the apparatus of claim 13, wherein the verification unit is configured to determine the suspicious controller to be an anomalous controller upon receiving no response for a preset time from the suspicious controller that has received the inherent information request, or when the suspicious controller fails to verify the certificate (Nakajima, par 0097, and 0120-0121, unit authentication unsuccessful indicates an unauthorized ECU; and Lee, par 0187, certificate verification as part of authenticating communication; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

Claims 2 and 14  are rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Lee and Ahmad as applied to claim 1 above, and further in view of US Pat. No. 8798852 B1 to Chen et al. (hereinafter Chen).
As per claim 2, Nakajima-Lee-Ahmad disclosed the method of claim 1, further comprising: 
	transmitting the certificate assigned to the first controller to the plurality of second controllers (Nakajima, par 0093, “...the authentication part 101 performs configuration authentication for authenticating the validity of a configuration for each ECU of the plurality of 
receiving encrypted inherent information of the second controllers from the second controllers, the encrypted inherent information of the second controllers having been encrypted with a public key associated with the certificate (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs”, and par 0183-0184, “data transmitted and received between the authentication management apparatus 300 and the vehicle communication apparatus 100 may be encrypted in order to increase confidentiality... As a cryptographic algorithm used to generate configuration data from ECU information, a method based on public key cryptography may be used”; and Ahmad, par 0048, encrypting/decrypting communications between two entities using public/private keys of the nodes; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein); 
using the private key associated with the certificate to obtain decrypted inherent information of the second controllers from the encrypted inherent information of the second controllers; and storing the decrypted inherent information of the second controllers in correspondence with the second controllers (Nakajima, par 0093, “the authentication part 101 acquires ECU information indicating attributes of each ECU from each ECU of the plurality of ECUs, and calculates a signature of each ECU based on the ECU information. The authentication part 101 compares the signature with configuration data 601 included in the configuration data 
Nakajima-Lee-Ahmad does not explicitly disclose the authentication request / certificate being transmitted when woken up for a first time (Examiner’s node: “when woken up for a first for a first time” is interpreted the in-vehicle network devices being powered up or initialized); however, in an analogous art in vehicle communication network security, Chen disclosed transmitting authentication request upon start of the vehicle system (Chen, col. 3, lines 15-24, “...each time the ignition key is inserted into the vehicle ignition or upon powering up or unlocking of the vehicle, authentication data is read from the electronic storage devices and compared by an on-board vehicular controller with stored authentication information or with authentication data from other electronic storage devices. Responsive to a successful authentication (e.g., all components containing electronic storage devices are authorized for use with the vehicle or by the vehicle owner), the vehicle is allowed to function normally”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Nakajima to further incorporate the concept of requiring authentication of devices upon start of vehicle system as disclosed by Chen, in order to ensure the security of the vehicle communication network as suggested by Chen (Chen, col. 3, lines 14-29).

.

Claims 5, 9, 17, 21 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Lee and Ahmad as applied to claim 1 above, and further in view of US PG-PUB No. 2020/0211301 A1 to Zhang et al. (hereinafter Zhang).
As per claim 5, Nakajima-Lee-Ahmad disclosed the method of claim 1, Nakajima does not explicitly disclose transmitting, to a backend server, information indicating that the suspicious controller is determined to be an anomalous controller so that the backend server in receipt of the information can take action to limit use of the suspicious controller; however, in an analogous art in vehicle network communication security, Zhang disclosed the concept that a remote secure server communicating with local authentication server for managing authentication of vehicle ECUs (Zhang, Fig. 3, secure server 310 corresponds to a backend server; and par 0035, 0059, 0082, local Master Node ADC report changes to the security operation center on the cloud server); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Nakajima to further incorporate the remote security operation center as disclosed by Zhang, such modification would provide efficient data management via centralized control service.

As per claim 9, Nakajima-Lee-Ahmad-Zhang disclosed the method of claim 1, wherein transmitting the inherent information request is performed upon receiving a verification request for the suspicious controller from a backend server (Zhang, par 0059, secure server 310 sends authentication request to master node 320; the reasons of obviousness have been noted in the rejection of claim 5 above and applicable herein).

As per claim 17, Nakajima-Lee-Ahmad-Zhang disclosed the apparatus of claim 13, further comprising a verification result transmission unit configured to transmit, to a backend server, a determination by the verification unit that the suspicious controller is an anomalous controller, wherein the backend server in receipt of the determination takes action to limit use of the suspicious controller  (Zhang, Fig. 3, secure server 310 corresponds to a backend server; and par 0035, 0059, 0082, local Master Node ADC report changes to the security operation center on the cloud server; the reasons of obviousness have been noted in the rejection of claim 5 above and applicable herein).

As per claim 21, Nakajima-Lee-Ahmad-Zhang disclosed the apparatus of claim 13, wherein the request transmission unit is configured to transmit the inherent information request upon receiving a verification request for the suspicious controller from a backend server (Zhang, par 0059, secure server 310 sends authentication request to master node 320; the reasons of obviousness have been noted in the rejection of claim 5 above and applicable herein).

Claim 24 recites substantially the same limitations as claim 5, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Miyake (US Pat. No. 9,132,790 B2) disclosed an in-vehicle network system with a configuration management device that authenticates in-vehicle control devices.
Koide et al. (US Pat. No. 9,413,732 B2) disclosed vehicle network system implementing secure communications between ECUs.
Zhang et al. (US PG-PUB No. 2020/0213287 A1) disclosed a security platform for a vehicle communication network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Linglan Edwards whose telephone number is (571)270-5440. The examiner can normally be reached 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LINGLAN E EDWARDS/Primary Examiner, Art Unit 2491