Detailed Action
This is a final Office action in response to communications received on 8/17/2021.  Claims 1, 6 and 9 were amended. Claims 1-13 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner Note 
1.	In view of applicant’s own published specification, in particular page 4, lines 19-21 the “vehicle lock” of claim 9 is interpreted as being an “electro-mechanical device implemented into one or several of the vehicle’s doors” and as such, is interpreted as hardware.

Response to Arguments
Applicant’s amendments, filed 8/17/2021, to claim 1 correcting the claim to clarify what comprises “a secure enclave also storing a master key” is sufficient to overcome the objection to the aforementioned claim.  Accordingly, the objection to claim 1, as filed in (4) of the Non-Final Office action filed 3/17/2021, is withdrawn.  
Applicant’s amendments, filed 8/17/2021, to claim 6 correcting the claim to recite “wherein the physical key is composed of” is sufficient to overcome the objection to the 
Applicant’s amendments, filed 8/17/2021, to claim 9 correcting the claim to recite “compute locally a version of the security challenge answer to verify that it is identical to the security challenge answer received from the communication device” is sufficient to overcome the objection to the aforementioned claim.  Accordingly, the objection to claim 9, as filed in (4) of the Non-Final Office action filed 3/17/2021, is withdrawn.  
Applicant’s arguments regarding the rejection under 35 U.S.C. 103 of the claims under Hatton and Huang have been considered, and are found unpersuasive.
Applicant argues on page 6 of the Remarks, filed 8/17/2021, that “Hatton fails to disclose a vehicle lock system in which a first cryptographic key, called master key, is stored, as recited in claim 1. In Hatton, no key are indeed involved and used to calculate any kind of challenge. At best, only preloaded security codes are compared. Hatton fails to disclose that the vehicle key fob comprises a secure enclave also storing any master key”. However, Examiner respectfully disagrees. The rejection presented in the non-final office action, filed 3/17/2021, does not rely on Hatton to teach “a vehicle lock system in which a first cryptographic key, called master key, is stored”, rather Huang. Huang teaches in paragraph [0028] that the vehicle stores a first unique input which may be an encryption key (i.e. first cryptographic key called master key). It is the combination of both Hatton and Huang which teach the limitations of claim 1.
Applicant argues on page 7-8 of the Remarks, filed 8/17/2021, that “the context of Huang is totally different to the one of the invention. Therefore, a person having ordinary skill in the art would not have consulted Huang to find a solution in the context 
Applicant argues on page 8 of the Remarks, filed 8/17/2021, that “Huang fails to disclose any kind of physical key, and even less a physical key, which generates any kind of derived key as recited in claim 1” because “according to the dictionary, the term ‘server’ refers to a computer in a network that is used to provide services (such as access to files or shared peripherals or the routing of e-mail) to other computers in the network” and because “although Huang describes that the remote server may be any computing device with memory and may be at the same location as the VDT, the skilled person reading Huang would not consider implementing the remote server in the small vehicle key of Hatton, because Huang and Hatton never give any hints to motivate or teach the skilled person to realize such an implementation”. However, Examiner respectfully disagrees. In regards to that Huang fails to teach or disclose any kind of physical key, it is the Hatton reference which teaches this limitation. Hatton teaches, in paragraphs [0059]-[0061], a vehicle key (i.e. physical key) which transmits vehicle security codes to a mobile device which allows the mobile device to function as the vehicle key. In response to the argument regarding the definition of a server and the description of the server of Huang, Examiner respectfully disagrees. As argued previously in this office action, Huang is analogous art to the present invention. Huang discloses, as admitted by the Applicant, that the remote server may be “any computing 
Applicant argues on page 9 of the Remarks, filed 8/17/2021, that “Huang fails to disclose that the physical key comprises a secure enclave also storing a master key” because “Huang only mentions that the first unique input is provided to the remote server ([0049]). However, Huang fails to disclose where the server stores the first unique input. Additionally, Huang fails to disclose that the derived key is derived by any kind of secure enclave of any physical key as no physical key is disclosed or suggested and no secure enclave is no more disclosed or suggested”. However, Examiner respectfully disagrees. Hatton, which Examiner has established, teaches a vehicle key which may implement the functions of the remote server of Huang. Huang teaches, in paragraph [0004], that “a first unique input stored at the remote server” (i.e. master key) 
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Consequently, the rejection of the claims under 35 U.S.C. 103 is sustained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5-11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hatton (US 2014/0277837 A1), in view of Huang (US 2016/0035147 A1).
 Regarding claim 1, Hatton teaches the limitations of claim 1 substantially as follows:
A physical key for provisioning a communication device with data allowing said communication device to access a vehicle resource by operating remotely a vehicle lock system (Hatton; Paras. [0059]-[0061]: A vehicle key (i.e. physical key) which transmits vehicle security codes to a mobile device (i.e. provisioning a communication device with data) which allows the mobile device to function as the vehicle key (i.e. allowing said communication device to access a vehicle resource by operating remotely a vehicle lock system))
the physical key (Hatton; Paras. [0059]-[0061]: A vehicle key (i.e. physical key) which transmits vehicle security codes to a mobile device)
the physical key being configured to: 
- establish a communication link with the communication device; (Hatton; Paras. [0059]-[0061]: Initiating transmission (i.e. establish a communication link) between the vehicle key and the mobile device (i.e. communication device))
- transmit to the communication device via the secure communication link the derived key (Hatton; Paras. [0059]-[0061]: Transmitting to the mobile device using the initiated connection (i.e. via the secure communication link) security codes (i.e. derived key))
Hatton does not teach the limitations of claim 1 as follows:
in which a first cryptographic key, called master key, is stored, 
comprising a secure enclave also storing the master key, 
- derive by the secure enclave a second cryptographic key, called derived key, from the master key; 
derived key for enabling the communication device to answer a security challenge from the vehicle lock system and 
the vehicle lock system to verify said answer, 
the access to the vehicle resource being allowed if the answer is successfully verified.  
However, in the same field of endeavor, Huang discloses the limitations of claim 1 as follows:
in which a first cryptographic key, called master key, is stored, (Huang; Paras. [00004], [0026] & [0028]: The remote server stores a first unique input which may be an encryption key (i.e. first cryptographic key called master key) in a memory storing sensitive or confidential information (i.e. secure enclave))
comprising a secure enclave also storing the master key, (Huang; Para. [0029]: The ECU is provided the same first unique input (i.e. master key) as the VDT in the ECU memory (i.e. secure enclave))
- derive by the secure enclave a second cryptographic key, called derived key, from the master key; (Huang; Paras. [0033], [0043], [0046], [0049] & [0052]; Fig. 6, element 660: Determining a session key (i.e. second cryptographic key) in the ECU (i.e. secure enclave) based off a first unique input (i.e. master key))
derived key for enabling the communication device to answer a security challenge from the vehicle lock system and (Huang; Para. [0051]: Session key (i.e. derived key) which is used in determining a first challenge response (i.e. answer a security challenge from the vehicle lock system))
the vehicle lock system to verify said answer, (Huang; Paras. [0037], [0047] & [0052]: determining that the first challenge response matches a second challenge response (i.e. verify said answer))
the access to the vehicle resource being allowed if the answer is successfully verified.  (Huang; Paras. [0037]-[0038]: If the compared challenge responses match (i.e. successfully verified), access to ECU services are granted (i.e. access to the vehicle resource being allowed))


Regarding claim 2, Hatton and Huang teach the limitations of claim 1.
Hatton and Huang teach the limitations of claim 2 as follows:
The physical key according to claim 1, wherein the derived key is derived from a set of at least one validity parameter that is taken in addition to the master key, (Huang; Para. [0039]: The session key (i.e. derived key) has an associated expiration time where the key times out (i.e. validity parameter) apart from the first unique input used to derive the session key (i.e. in addition to the master key))
the set of at least one validity parameter defining at least one access rule limiting the access to the vehicle resource.  (Huang; Para. [0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid (i.e. limiting the access to the vehicle resource))
The same motivation to combine as in claim 1 is applicable to the instant claim.

Regarding claim 3, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang teach the limitations of claim 3 as follows:
The physical key according to claim 2, wherein the set of at least one validity parameter defines an expiration date after which the derived key cannot be used for accessing the resource.  (Huang; Para. [0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid (i.e. defines an expiration date after which the derived key cannot be used for accessing the resource))
The same motivation to combine as in claim 1 is applicable to the instant claim.

Regarding claim 5, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang teach the limitations of claim 5 as follows:
The physical key according to claim 2, wherein the set of at least one validity parameter defines a list of at least one action that can be carried out by the communication device for accessing the vehicle's resource.  (Huang; Paras. [0037]-[0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid for accessing ECU services (i.e. one action that can be carried out by the communication device for accessing the vehicle’s resource))
The same motivation to combine as in claim 1 is applicable to the instant claim.

Regarding claim 6, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang teach the limitations of claim 6 as follows:
The physical key according to claim 2, wherein the physical key is composed of a vehicle remote and a traditional key.  (Hatton; Paras. [0054]-[0055]; Fig. 3A: The vehicle key (i.e. physical key) comprises functions to remotely perform vehicle functions (i.e. vehicle remote) as well as a key portion (i.e. traditional key))

Regarding claim 7, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang teach the limitations of claim 7 as follows:
The physical key according to claim 2, wherein the secure enclave is an embedded secure element.  (Huang; Para. [0029]: The ECU is provided the first unique input in the ECU memory contained in the ECU (i.e. embedded secure element)) 
The same motivation to combine as in claim 1 is applicable to the instant claim.

Regarding claim 8, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang teach the limitations of claim 8 as follows:
The physical key according to claim 2, wherein the secure enclave is a trusted execution environment.  (Huang; Para. [0029]: The ECU is provided the first unique input in the ECU memory contained in the ECU which is executable by the ECU processor (i.e. trusted execution environment))
The same motivation to combine as in claim 1 is applicable to the instant claim.

Regarding claim 9, Hatton teaches the limitations of claim 9 substantially as follows:
the vehicle lock being configured to communicate remotely with a communication device provisioned with a derived key generated by a physical key configured to: (Hatton; Paras. [0059]-[0062]: The VCS (i.e. vehicle lock) communicates with the mobile device (i.e. communication device) which contains vehicle security codes received from the vehicle key (i.e. provisioned with a derived kay generated by a physical key))
- establish a communication link with the communication device; (Hatton; Paras. [0059]-[0061]: Initiating transmission (i.e. establish a communication link) between the vehicle key and the mobile device (i.e. communication device))
- transmit to the communication device via the secure communication link the derived key (Hatton; Paras. [0059]-[0061]: Transmitting to the mobile device using the initiated connection (i.e. via the secure communication link) security codes (i.e. derived key))
Hatton does not teach the limitations of claim 9 as follows:
A vehicle lock installed on a vehicle memorizing a master key in a secure enclave, 
- derive by the secure enclave a second cryptographic key called derived key from the master key: 
derived key for enabling the communication device to answer a security challenge from the vehicle lock system and 
the vehicle lock system to verify said answer, 
the access to the vehicle resource being allowed if the answer is successfully verified, 
wherein the vehicle lock is further configured to: 
- send to the communication device a challenge message comprising a random number; 
- receive from the communication device a security challenge answer determined using the derived key and the random number; 
- generate locally the derived key using the master key and compute locally a version of the security challenge answer to verify that it is identical to the security challenge answer received from the communication device; 
- in case of a positive verification, grant the access to the vehicle resource.  
However, in the same field of endeavor, Huang discloses the limitations of claim 9 as follows:
A vehicle lock installed on a vehicle memorizing a master key in a secure enclave, (Huang; Para. [0029]: The ECU is provided the same first unique input (i.e. master key) as the VDT in the ECU memory (i.e. secure enclave))
- derive by the secure enclave a second cryptographic key called derived key from the master key: (Huang; Paras. [0033], [0043], [0046], [0049] & [0052]; Fig. 6, element 660: Determining a session key (i.e. second cryptographic key) in the ECU (i.e. secure enclave) based off a first unique input (i.e. master key))
derived key for enabling the communication device to answer a security challenge from the vehicle lock system and (Huang; Para. [0051]: Session key (i.e. derived key) which is used in determining a first challenge response (i.e. answer a security challenge from the vehicle lock system))
the vehicle lock system to verify said answer, (Huang; Paras. [0037], [0047] & [0052]: determining that the first challenge response matches a second challenge response (i.e. verify said answer))
the access to the vehicle resource being allowed if the answer is successfully verified, (Huang; Paras. [0037]-[0038]: If the compared challenge responses match (i.e. successfully verified), access to ECU services are granted (i.e. access to the vehicle resource being allowed))
wherein the vehicle lock is further configured to: 
- send to the communication device a challenge message comprising a random number; (Huang; Paras. [0015], [0031]-[0033], [0044] & [0049]: provide a challenge (i.e. challenge message) comprising a seed which may be comprised of a random number)
- receive from the communication device a security challenge answer determined using the derived key and the random number; (Huang; Para. [0015], [0031]-[0033], [0044], [0049] & [0051]: Session key (i.e. derived key) which is used with the seed information (i.e. random number) in determining a first challenge response (i.e. security challenge answer))
- generate locally the derived key using the master key and compute locally a version of the security challenge answer to verify that it is identical to the security challenge answer received from the communication device; (Huang; Paras. [0036]-[0037], [0047] & [0052]: Producing a second challenge response (i.e. a version of the security challenge answer) in order to compare to the received first challenge response (i.e. verify it is identical to the one received))
- in case of a positive verification, grant the access to the vehicle resource.  (Huang; Paras. [0037]-[0038]: If the compared challenge responses match (i.e. positive verification), access to ECU services are granted (i.e. access to the vehicle resource being allowed))
Huang is combinable with Hatton because both are from the same field of endeavor of permitting access to a vehicle and vehicle functions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Hatton to incorporate the generation and use of session keys for use in authorizing access to vehicle functions as in Huang in order to improve the security of the system by providing a means by which a trust may be established between a controlling device and a vehicle.

Regarding claim 10, Hatton and Huang teach the limitations of claim 9.
Hatton and Huang teach the limitations of claim 10 as follows:
(Huang; Para. [0039]: The session key (i.e. derived key) has an associated expiration time where the key times out (i.e. validity parameter) apart from the first unique input used to derive the session key (i.e. in addition to the master key))
the set of at least one validity parameter defining at least one access rule limiting the access to the vehicle resource.  (Huang; Para. [0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid (i.e. limiting the access to the vehicle resource))
The same motivation to combine as in claim 9 is applicable to the instant claim.

Regarding claim 11, Hatton and Huang teach the limitations of claim 10.
Hatton and Huang teach the limitations of claim 11 as follows:
(Huang; Para. [0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid (i.e. defines an expiration date after which the derived key cannot be used for accessing the resource))
The same motivation to combine as in claim 9 is applicable to the instant claim.

Regarding claim 13, Hatton and Huang teach the limitations of claim 10.
Hatton and Huang teach the limitations of claim 13 as follows:
The vehicle lock according to claim 10, wherein the set of at least one validity parameter defines a list of at least one action that can be carried out by the communication device for accessing the vehicle's resource. (Huang; Paras. [0037]-[0039]: The expiration time where the key times out (i.e. validity parameter) determines a period of time wherein the key is valid for accessing ECU services (i.e. one action that can be carried out by the communication device for accessing the vehicle’s resource))
.

Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Hatton (US 2014/0277837 A1), in view of Huang (US 2016/0035147 A1), as applied to claims 1 and 9, further in view of Brinkmayer (US 2001/0028295 A1).
 Regarding claim 4, Hatton and Huang teach the limitations of claim 2.
Hatton and Huang do not teach the limitations of claim 4 as follows:
 
However, in the same field of endeavor, Brinkmayer discloses the limitations of claim 4 as follows:
 (Brinkmayer; Para. [0031]: A key controller determines a specific time of day wherein which vehicle commands received are valid in order to operate the vehicle)
Brinkmayer is combinable with Hatton and Huang because all are from the same field of endeavor of permitting access to a vehicle and vehicle functions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified system of Hatton and Huang to incorporate a specific period of time in the day wherein received vehicle commands are permitted as 

Regarding claim 12, Hatton and Huang teach the limitations of claim 10.
Hatton and Huang do not teach the limitations of claim 12 as follows:
 
However, in the same field of endeavor, Brinkmayer discloses the limitations of claim 12 as follows:
 (Brinkmayer; Para. [0031]: A key controller determines a specific time of day wherein which vehicle commands received are valid in order to operate the vehicle)
Brinkmayer is combinable with Hatton and Huang because all are from the same field of endeavor of permitting access to a vehicle and vehicle functions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified system of Hatton and Huang to incorporate a specific period of time in the day wherein received vehicle commands are permitted as in Brinkmayer in order to improve the security of the system by implementing a means by which commands sent outside of the specified time window are not authorized.

Prior Art Considered But Not Relied Upon
	Kamiya (US 2015/0371472 A1) which teaches transmitting a challenge message from a vehicular system to an accompanying mobile device for controlling locking and unlocking of car doors.
Aladenize (US 2014/0242971 A1) which teaches a method for accessing a motor vehicle using a mobile device using opening keys transmitted between the mobile device and vehicle.

Conclusion
For the above-stated reasons, claims 1-13 are rejected.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/B.I.N./Examiner, Art Unit 2438  
/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438