Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to an amendment application received on 08/16/2021. In the amendment, applicant has only amended dependent claim 2. Claims 1 and 3-23 remain original. No claim has been cancelled and no new claim has been added.
For this Office Action, claims 1-23 have been received for consideration and have been examined. 
Response to Arguments
Claim Rejections – 35 U.S.C. § 112(b)
	Applicant’s remarks with respect to claim rejections under 35 U.S.C. § 112(b) have been reviewed by the examiner, however, they are found unpersuasive. Applicant is reminded that claims have been rejected due to the indefinite language in the claims because independent claims recites multiple “wherein” clauses which belong to other entities which are not part of the claimed “a processor”, which is performing the steps in method (claim 1), CRM(claim 13) and apparatus (claim 17, which is not the vehicle) claims. 
In other words, claims have been drafted in light of FIG. 1, “Server 120” which includes “processor 122” and “memory 124”. The particular recited “wherein” clauses where data network [Security Network] and select vehicle performing any function(s) are outside the scope of the invention and therefore examiner finds it would be unclear to a potential infringer how these clause limits the scope of the claim required for infringement. 

Examiner rejects a clause of claim 1 reciting “wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network” as allegedly failing to inform a potential infringer “how this clause limits the scope of the claim required for infringement (in particular the step of selecting).” See Office Action at 3-4. Applicant respectfully disagrees and submits that those skilled in the art would understand the scope of the rejected clause when claim 1 is read as a whole (See Page # 10).
The Examiner likewise rejects a clause of claim 1 reciting “wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks” as allegedly indefinite because “it is unclear how the ... security network clause[] ... affect[s] the scope of the claimed invention. See Office Action at 5. For the reasons discussed above, Applicant respectfully disagrees and submits that when the rejected clause is read in view of claim 1 as a whole, those skilled in the art would understand that claimed “security network”—which is excluded from the selected data network(s)—has different geographic scope characteristics than the “one or more data networks.” Moreover, those skilled in the art would understand that such features are relevant to the two transmitting steps set forth in claim 1, as discussed above (See Page # 11-12).
Additionally, the Examiner rejects a clause of claim 1 reciting “wherein the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces” as allegedly “indefinite because the select vehicle is outside the scope of the claim.” See Office Action at 4-5. The Examiner similarly rejects a clause of claim 1 reciting “wherein the select vehicle is configured to communicate with the security network via a second interface of two or more wireless communication interfaces” as allegedly indefinite because “it is unclear how the select vehicle [clause] . . . affect[s] the scope of the claimed inventions.” See Office Action at 5. Applicant respectfully disagrees (See Page # 12).
The Examiner also rejects a clause of claim 1 reciting “wherein the encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data” as allegedly indefinite because “it is unclear how this affects the scope of method, computer readable-medium and apparatus claims because the clause in question is limiting data.” See Office Action at 4-5. The Examiner further states that a “potential infringer would find it unclear how encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data.” /d. at 5. Applicant respectfully disagrees (See Page # 13).
The Examiner further rejects a clause of claim 1 reciting “wherein the select vehicle is configured to update one or more automotive control systems using the protected data” as allegedly indefinite because “the select vehicle is outside the scope of the claim... . [and ] it would be unclear to a potential infringer how this limits the scope ... of the claim.” See Office Action at 4-5. Applicant respectfully disagrees and submits that those skilled in the art, reading claim 1 as a whole, would understand that the rejected clause relates to the type of data transmitted over the selected network (See Page # 14
Lastly, the Examiner rejects a clause of claim 1 reciting “wherein the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks” as allegedly indefinite because “it is unclear how . . . security network clause[] .. . affect[s] the scope of the claimed inventions.” See Office Action at 5 (See Page # 15).
Rejection of Claim 2 for Alleged Use of a Trademark or Trade Name (See Page # 16).
Examiner’s Response
Regarding remark # 1, that Examiner rejects a clause of claim 1 reciting “wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network” as allegedly failing to inform a potential infringer “how this clause limits the scope of the claim required for infringement (in particular the step of selecting).” See Office Action at 3-4. Applicant respectfully disagrees and submits that those skilled in the art would understand the scope of the rejected clause when claim 1 is read as a whole, examiner respectfully disagrees. 
Examiner would to clarify the fact that Independent claim(s) are written from the point of “a processor configured to perform operations for secure communication of protected data to a select vehicle” while the clause in discussion recites “each of the one or more data networks is configured …”. Examiner has considered the claim as a whole and the above mentioned “wherein” clause is not part of the claimed “a processor” which is part of the “Server 120” depicted in FIG. 1 of the instant application and considered indefinite. Therefore, examiner 
Regarding remark # 2, that Examiner likewise rejects a clause of claim 1 reciting “wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks” as allegedly indefinite because “it is unclear how the ... security network clause[] ... affect[s] the scope of the claimed invention. See Office Action at 5. For the reasons discussed above, Applicant respectfully disagrees and submits that when the rejected clause is read in view of claim 1 as a whole, those skilled in the art would understand that claimed “security network”—which is excluded from the selected data network(s)—has different geographic scope characteristics than the “one or more data networks.” Moreover, those skilled in the art would understand that such features are relevant to the two transmitting steps set forth in claim 1, as discussed above, examiner respectfully disagrees. 
	Examiner would to simplify the fact that Independent claim(s) are written from the point of “a processor configured to perform operations for secure communication of protected data to a select vehicle” while the clause in discussion recites “the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks”. Considering the claim as a whole in light of the Figure. 1 of the instant specification, “the security network 110” is a separate entity which is not part of the claimed “Server 120” performing the functions. Therefore, this “wherein” clause is considered indefinite because the limitation is regarding data networks whereas the claim is directed to a method 
	Regarding remark # 3, that Examiner rejects a clause of claim 1 reciting “wherein the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces” as allegedly “indefinite because the select vehicle is outside the scope of the claim.” See Office Action at 4-5. The Examiner similarly rejects a clause of claim 1 reciting “wherein the select vehicle is configured to communicate with the security network via a second interface of two or more wireless communication interfaces” as allegedly indefinite because “it is unclear how the select vehicle [clause] . . . affect[s] the scope of the claimed inventions.”, examiner respectfully disagrees.
	Regarding above remark, again examiner would like to reiterate the fact that functions of the independent claim(s) are being performed by “a processor of Server 120” depicted in FIG. 1 and “select vehicle” in the “wherein” clause is not part of the “Server 120”. Therefore this “wherein” clause is considered indefinite and would be unclear to a potential infringer how this clause limits the scope of the claim required for infringement.
Regarding remark # 4, that Examiner also rejects a clause of claim 1 reciting “wherein the encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data” as allegedly indefinite because “it is unclear how this affects the scope of method, computer readable-medium and apparatus claims because the clause in question is limiting data.” See Office Action at 4-5. The Examiner further states that a “potential infringer would find it unclear how encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data.” /d. at 5. Applicant respectfully disagrees, in response examiner respectfully disagrees. 
Examiner would like to highlight that the first wherein clause is considered outside the scope of the claimed inventions because examiner finds that it is unclear how “encrypted protected data” is configured to be decrypted by the select vehicle using the encryption key to provide the protected data when “select vehicle” is not part of the claimed “a processor”. 
Regarding remark # 5, that Examiner further rejects a clause of claim 1 reciting “wherein the select vehicle is configured to update one or more automotive control systems using the protected data” as allegedly indefinite because “the select vehicle is outside the scope of the claim... [and ] it would be unclear to a potential infringer how this limits the scope ... of the claim.” See Office Action at 4-5. Applicant respectfully disagrees and submits that those skilled in the art, reading claim 1 as a whole, would understand that the rejected clause relates to the type of data transmitted over the selected network, examiner respectfully disagrees.
As examiner has clarify in above remarks that claimed functions are written from the focus of “a processor in Server 120” in Figure. 1 performing the steps whereas the “wherein” clause in discussion is performed by “the select vehicle”. Examiner has considered the claim as whole however, examiner is bound by the guidance of MPEP which states that language of the claim should particularly point out and distinctly claim the subject matter which the applicant regards as the invention. And based on that applicant’s wherein clause is outside the scope and indefinite and therefore would be unclear to a potential infringer how this limits the scope the scope of the claim.
Regarding remark # 6, that Examiner rejects a clause of claim 1 reciting “wherein the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks” as allegedly indefinite because “it is unclear how . . . security network clause[] .. . affect[s] the scope of the claimed inventions.” See Office Action at 5 Applicant respectfully disagrees and submits that those skilled in the art, reading claim 1 as a whole, would understand that the rejected clause relates to the security network over which transmissions are sent, examiner respectfully disagrees. 
Examiner emphasizes the fact again that functions of the independent claim(s) are being performed by “a processor of Server 120” depicted in FIG. 1 and “security network” is not part of the claim “a processor of Server 120” performing the steps. Considering the claim as a whole in light of the Figure. 1 of the instant specification, “the security network 110” is a separate entity which is not part of the claimed “Server 120” performing the functions. Therefore, this “wherein” clause is considered indefinite because the limitation is regarding data networks whereas the claim is directed to a method from the point of claimed processor. The examiner finds it would be unclear to a potential infringer how this clause limits the scope of the claim required for infringement.
	Based on above explanations, claims still contain numerous “wherein” clauses which are performing separate functions/steps and are not part of the claimed “a processor of the server 120” as depicted in Figure. 1 and therefore, claims are still rejected under 35 U.S.C. § 112(b) as being indefinite and for containing outside the scope language. 
Regarding remark # 7, applicant’s amendment to claim 2 have been reviewed by the examiner and found to overcome the 35 U.S.C. § 112(b) issues. Therefore for claim 2, this rejection has been withdrawn. 
Claim Rejections – 35 U.S.C. § 112(a)
	Examiner has consulted Applicant’s cited paragraphs from the instant specification for the support of claim and based on consultation examiner has withdrawn this rejection.
Claim Rejections – 35 U.S.C. § 103
	Applicant’s remarks with respect to claim rejection under 35 U.S.C. § 103 have been reviewed by the examiner, however they are unpersuasive. After review, applicant’s remarks have been summarized as follows:
Jung fails to disclose the following required features of claim 1: [S]electing a network for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network, wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network, wherein the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle. See Office Action, at 10-11 (emphasis added). The Examiner then contends that Schnieders cures the admitted deficiency of Jung but further admits that the combination of Jung and Schnieders fails to disclose the following required features of claim 1: [W]herein the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks, and wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks. See Office Action, at 11-12 (emphasis added). However, the Examiner alleges that Ross cures the admitted deficiency of the combination of Jung and Schnieders. See Office Action, at 12-13. Applicant respectfully submits that Schnieders and/or Ross do not cure the admitted deficiencies of Jung with respect to the above-identified features of claim 1 (See Page 22-23).
Examiner has provided no explanation or motivation in the record for those skilled in the art to modify the disclosed network interfaces of Schnieders and corresponding broadband and narrowband networks to facilitate communication with two broadband network over two separate network interfaces on the basis of geographic access (See Page # 24).
Jung and Schnieders do not teach or suggest (1) “one or more data networks … configured to provide narrower geographic access to the select vehicle that a security network and the one or more data networks exclude the security network,” or (2) a security network “configured to provide broader geographic access to the select vehicle than each of the one or more data networks,” as required by claim 1.
The cited portions of Karp do not teach or suggest and is silent regarding (1) one or more data networks “provid[ing] narrower geographic access to the select vehicle than a security network” and “exclud[ing] the security network; (2) a security network “configured as an out-of-band side-channel to provide security enhancement to the one See Page # 28).
Examiner’s Response
	Regarding remark # 1, applicant mentions that combination of cited references of Jung, Schnieders and Ross fails to disclose that “security network comprises a satellite constellation configured as an out-of-band side-channel configured to provide broader geographic access”, examiner respectfully disagrees. 
	Third reference of Ross clearly discloses various types of communication arrays which are used to communicate continuous sensor data between multiple Automated or autonomous vehicles (AVs) and between the AVs and a backend system. For this purpose, Ross discloses several communication arrangements and among them one of the means of communication includes satellite network array which can be leveraged to communicate network configuration data between the vehicles and the backend system. 
Based on explanation from Ross, satellite network array can be used as claimed “security network” which is used as an “out-of-band side-channel” . Examiner would like to emphasize the fact that any communication network whether it is narrowband or broadband can be configured and designed as security network as long as it is capable of carrying information encrypted and not susceptible to malicious interference attack. Therefore, Ross’s satellite network array can be combined into Jung and Schnieders teachings and create a 
Regarding remark # 2, that Examiner has provided no explanation or motivation in the record for those skilled in the art to modify the disclosed network interfaces of Schnieders and corresponding broadband and narrowband networks to facilitate communication with two broadband network over two separate network interfaces on the basis of geographic access, examiner respectfully disagrees. 
Examiner provided appropriate and adequate motivation in last Office Action Page # 13 in which an ordinary person skilled in the art would modify the Jung and Schnieders references and include the optimum connection [i.e. satellite network array] to transmit the data from backend server to the selected vehicle in fast yet secure way possible based on bandwidth and geographic location, as disclosed by Ross.
Regarding remark # 3, that Jung and Schnieders do not teach or suggest (1) “one or more data networks … configured to provide narrower geographic access to the select vehicle that a security network and the one or more data networks exclude the security network,” or (2) a security network “configured to provide broader geographic access to the select vehicle than each of the one or more data networks,” as required by claim 1, examiner respectfully disagrees. 
Second reference of Schneiders exclusively teaches using “multiple communication channel” in Figure 2 depicted as 208 as first communication channel and 210 as second communication channel. The first communication channel 208 is interpreted as a communication means which provides “narrower geographic access” to select vehicle because See Schneiders: [0032-0033]). 
In response to answering second part of the remark, third reference of Ross discloses using Satellite network array for “providing broader geographic access to the select vehicle than each of the one or more data networks”. Regarding remark that none of the reference teaches “a security network”, primary and secondary reference of Jung and Schneiders extensively discloses communicating vehicle firmware update data which includes encrypted communication. With that being said, examiner would like to note that Network Encryption makes the network secure and protects data moving over communications network and based on this, any type of network can be made secure as long as it supports encrypted network traffic and construed “a security network”. 
Regarding remark # 3, that cited portions of Karp do not teach or suggest and is silent regarding (1) one or more data networks “provid[ing] narrower geographic access to the select vehicle than a security network” and “exclud[ing] the security network”; (2) a security network “configured as an out-of-band side-channel to provide security enhancement to the one or more data networks”; or (3) a security network “configured to provide broader geographic access to the select vehicle than each of the one or more data networks,” as required by claim 5, through inheritance from claim 1. As such, Karp does not cure the admitted deficiencies of Jung, examiner respectfully disagrees.
Examiner would like to note that Karp reference was using to teach concept of “generating replacement encryption keys”. With respect to applicant’s remarks that Karp reference fails to teach “providing narrower geographic access to the select vehicle”, “a security network configured as out-of-band channel” and “a security network configured to provider broader geographic access”, examiner would like to note that these concepts are already taught by Jung, Schneiders and Ross references and examiner has already addressed about these concept in previous remarks. Therefore applicant’s remarks are erroneous that Karp fails to teach these concept when these concepts are already taught by the combination of Jung, Schneiders and Ross references. 
Based on above explanation and interpretation, examiner believe that combination of cited reference would render similar results as being claimed in the instant application. Therefore rejection has been maintained in this Office Action.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-23 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Dependent claims are also rejected due to same reasoning as applied to their parent claims. 
According to MPEP 2173.02(II) "If the language of the claim is such that a person of ordinary skill in the art could not interpret the metes and bounds of the claim so as to understand how to avoid infringement, a rejection of the claim under 35 U.S.C. 112(b), is appropriate."
1, 13 and 17) or the scope of the claimed structure of the device (for claim 17)).
Following are the clauses in the independent claims which render the claims indefinite:
Second limitation recites, “wherein1 each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network, 
wherein2 the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces”. 
The first wherein clause is considered indefinite because the limitation is regarding data networks whereas the claim is directed to a method from the point of claimed processor. The examiner finds it would be unclear to a potential infringer how this clause limits the scope of the claim required for infringement (in particular the step of selecting). 
The second wherein clause is considered indefinite because the select vehicle is outside the scope of the claim, which is directed to a method (claim 1), CRM(claim 13) and apparatus (claim 17, which is not the vehicle).  The examiner finds it would be unclear to a potential infringer how this limits the scope the scope of the claim. 
Third limitation recites, “wherein1 the encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data, and
wherein2 the select vehicle is configured to update one or more automotive control systems using the protected data”. 
The first wherein clause is considered outside the scope of the claimed inventions because encrypted protected data is not part of the method, CRM, or apparatus. The examiner finds that a potential infringer would find it unclear how encrypted protected data is configured to be decrypted by the select vehicle using the encryption key to provide the protected data. For example, it is unclear how this affects the scope of method, computer readable-medium and apparatus claims because the clause in question is limiting data. 
The second wherein clause is considered indefinite because the select vehicle is outside the scope of the claim, which is directed to a method (claim 1), CRM(claim 13) and apparatus (claim 17, which is not the vehicle).  The examiner finds it would be unclear to a potential infringer how this limits the scope the scope of the claim. 
Fifth limitation recites, “wherein1 the select vehicle is configured to communicate with the security network via a second interface of the two or more wireless communication interfaces, 
wherein2 the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data network” and 
“wherein3 the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks.” 
The above mentioned first, second & third wherein clauses are considered outside the scope of the claimed inventions because the select vehicle and the security network are not 
The dependent claims of the independent claims included in the statement of rejection but not specifically addressed in the body of the rejection, have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, dependent claims are also rejected based on the same rationale as applied to their parent claims above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, and 6-23 rejected under 35 U.S.C. 103 as being unpatentable over Jung et al., (US20150180840A1) in view of Schneiders et al., (EP3306891A1) and Ross et al., (US9432929B1).
Regarding claim 1, Jung discloses:
	A method for secure communication of protected data to a select vehicle of a vehicle fleet comprising:
encrypting, by a processor using an encryption key, protected data for communication to a select vehicle of a vehicle fleet ([0019] encrypting original firmware using the secret key; [0029] a firmware encryption module encrypting the original firmware using the secret key; [0095] the server/ECU secret key 405 using a designated secret key generation function and acquires the first data by encrypting the original firmware using the generated server/ECU secret key 405), 
wherein the protected data is configured to update one or more automotive control systems of the select vehicle ([0115] The firmware database 920 is a storage medium to store original unencrypted firmware for ECUs mounted in a vehicle, and may maintain newest updated firmware information of the ECUs), and 
wherein the encryption key is configured to encrypt the protected data and decrypt the encrypted protected data ([0065] The server 310 may perform communication with the diagnostic apparatus 320 through wired or wireless connection, and when the server 310 receives a firmware transmission request of a specific ECU from the diagnostic apparatus 320, the server 310 is configured to encrypt the corresponding firmware and provide the encrypted firmware to the diagnostic apparatus);
[0019] encrypting the secret key using a public key of a reception terminal that is stored in advance; [0029] a secret key encryption module encrypting the secret key using a reception terminal public key that is stored in advance), 
wherein the encrypted encryption key is configured to be decrypted by a second key of the KEK pair possessed by the select vehicle ([0024] decrypting the encrypted secret key using a private key of the ECU that is stored in advance; [0030] a secret key decryption module decrypting the encrypted secret key using a private key of the ECU that is stored in advance); and 
transmitting, by the processor, the encrypted encryption key directly to the select vehicle ([0029] a communication unit transmitting firmware data including the encrypted firmware, the encrypted secret key, and the encrypted hash value to an external device; [0031] a server transmitting firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value to the diagnostic apparatus according to a firmware transmission request from the diagnostic apparatus, and an electronic control unit (ECU)). 
Jung fails to disclose:
selecting a network for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network, wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network, wherein the select vehicle is configured to communicate with the one or more data 
However, Schneiders discloses:
selecting a network (See [0029] for selection of network based on the connection bandwidth) for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network (i.e. WLAN) and providing narrower geographic access to the select vehicle than a security network (i.e. network depicted in FIG. 2 such as 3G, 4G or 5G which are known to provide ‘broader geographic access than WLAN), wherein the one or more data networks exclude the security network ([0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols), 
wherein the select vehicle is configured to communicate with the one or more data networks via a first interface (See [0032] i.e. a first communication channel 208 (Fig. 2); See [0038] a first network interface 404 (Fig. 4)) of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle ([0018] the communication is within a communication module for a motor vehicle having a first network interface with a first maximum data rate; [0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol. The first communication channel 208 over which this happens is in FIG. 2 … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols);
wherein the select vehicle is configured to communicate with the security via a second interface (See [0033] a second communication channel 210 via the second network interface; [0038] A second network interface 406 of the communication module) of the two or more wireless communication interfaces ([0011] a key for symmetric encryption is exchanged and the communication over the second network interface is symmetrically encrypted. This makes it possible to efficiently exchange the key via the network interface of the lower resource consumption and then perform symmetric encryption over the second network interface; [0033] After the key exchange, encrypted communication is carried out via a second communication channel 210 via the second network interface, the encryption of which is based on the key exchanged; [0038] A second network interface 406 of the communication module).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Jung and include a separate communication interfaces for a motor vehicle to communicate in encrypted form. 
The motivation to include separate communication modules is to ensure secure communication of protected data to a vehicle fleet to prevent compromise of the safety and operations of the vehicle system by using only single communication interface (See Scheinders [0004]).
The combination of Jung and Schnieders fails to disclose:

However, Ross discloses:
	wherein the security network comprises a satellite constellation (See FIG. 1; i.e. Satellite Network array 117) and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks (Col. 5, Line # 3-5; In some examples, the communications array 101 can also include a satellite network array 117 that can transmit and receive communications 160 via a global satellite Internet network).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Jung and Schnieders and allow the backend server to select ideal connection such as Satellite Network array as an out-of-band channel when trying to communicate secure data with a selected vehicle from a group of vehicles, as disclosed by Ross.
	The motivation to select Satellite Network array to communicate secure data is to transmit the data from backend server to the selected vehicle in fast yet secure way possible based on bandwidth and geographic location (See Ross: Col. 5, Line # 1-6). 	
Regarding claim 2, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein the one or more data networks comprises a cellular broadband network, a101966988_1.docx-2-Application No. 15/845,859Docket No.: AUTP.P0001US/1001009179 Reply to Office Action of February 17, 2021television broadcast network, a wireless computer network, a wired computer network, a Ku band satellite communications network, a Ka band satellite Ross: Col. 17, Line # 9-14; Whether selected by the backend system or the AVs 420 themselves, the AVs 420 can connect to various network types provided by various base stations. Certain AVs 420 can travel through areas having coverage by one or multiple base stations (e.g., Broadcast Station N 407, offering network connectivity for 3G, 4G, and 4G LTE network types, or Broadcast Station F, offering connectivity for WiMax)).
Regarding claim 3, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein the KEK pair is unique to each vehicle of the vehicle fleet (Jung: [0070] With reference to FIG. 4, the server 310 may maintain a server private key 401 and an ECU public key 402 in a designated recording area in advance. Further, the server 310 may maintain a server public key 403 and an ECU private key 404 in a designated recording area in advance; [0071] The server private key 401 is a security key maintained in the corresponding server 310 and is not possessed jointly by other devices except for the corresponding server 310. On the other hand, the server public key 403 is a security key possessed jointly by other devices except for the corresponding server 310 and may be a security key known to all ECUs. The server private key 401 and the server public key 403 pair off exclusively and are not related to other different security keys. Therefore, data encrypted by the server private key 401 may be decrypted only by the server public key 403, and vice versa. That is, in a private key/public key structure, an encryption/decryption operation is performed in one direction. Therefore, the server 310 may not decrypt data, encrypted by the server private key 401, using the server private key 401. Further, an algorithm used in the private key/public key structure is designed such that one key of one pair of keys may not be discriminated using the other key. Therefore, the private key may not be decrypted through the public key, and the public key may not be decrypted through the private key).
Regarding claim 4, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein the first key of the KEK pair comprises a public encryption key unrestricted to the processor and the select vehicle of the vehicle fleet, and wherein the second key of the KEK pair comprises a private encryption key exclusive to the processor and the select vehicle (Jung: [0070] With reference to FIG. 4, the server 310 may maintain a server private key 401 and an ECU public key 402 in a designated recording area in advance. Further, the server 310 may maintain a server public key 403 and an ECU private key 404 in a designated recording area in advance; [0071] The server private key 401 is a security key maintained in the corresponding server 310 and is not possessed jointly by other devices except for the corresponding server 310. On the other hand, the server public key 403 is a security key possessed jointly by other devices except for the corresponding server 310 and may be a security key known to all ECUs. The server private key 401 and the server public key 403 pair off exclusively and are not related to other different security keys. Therefore, data encrypted by the server private key 401 may be decrypted only by the server public key 403, and vice versa. That is, in a private key/public key structure, an encryption/decryption operation is performed in one direction. Therefore, the server 310 may not decrypt data, encrypted by the server private key 401, using the server private key 401. Further, an algorithm used in the private key/public key structure is designed such that one key of one pair of keys may not be discriminated using the other key. Therefore, the private key may not be decrypted through the public key, and the public key may not be decrypted through the private key).
Regarding claim 6, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein the first key of the KEK pair and second key of the KEK pair are symmetric keys generated independently by the processor and the select vehicle of the vehicle fleet based on pre-established seed parameters (Jung: [0011] With reference to FIG. 1, the diagnostic apparatus requests the server to transmit new firmware, and the server transmits new firmware data to the diagnostic apparatus. Thereafter, the diagnostic apparatus requests the ECU to perform re-programming, and in response the corresponding ECU generates a random number, i.e., a seed value, stores the seed value, and then transmits the seed value to the diagnostic apparatus. The diagnostic apparatus generates a key value using the received seed value and a key generation function, which is known in advance, and transmits the generated key value to the ECU; [0074] The server/ECU secret key 405 in accordance with one embodiment of the present inventive concept may be acquired by inputting current time information at the time of secret key generation as a seed value to a secret key generation function of a designated order. Therefore, the server/ECU secret key 405 may not be decrypted if accurate time information when the server/ECU secret key 405 is generated is not known although a reception terminal or a specific device on a communication path knows the secret key generation function).
Regarding claim 7, the combination of Jung, Schnieders and Ross discloses:
The method of claim 6, wherein the first key of the KEK pair is regenerated independently by the processor on a pre-determined interval, and wherein the second key of the KEK pair is regenerated independently by the select vehicle of the vehicle fleet on the pre-determined interval (Schnieders: [0037] In addition, it is checked regularly in a test step 310 whether the validity of the key has already expired or whether a predetermined fraction of the finite time interval for which the key is valid has already expired. If this is not the case, communication is continued. If this is the case, a new connection is established to the communication partner, which can provide a key, and the communication process just described begins again).
Regarding claim 8, the combination of Jung, Schnieders and Ross discloses:
The method of claim 6, further comprising:
generating, by the processor, new seed parameters, wherein the new seed parameters are configured to replace the pre-established seed parameters and trigger, upon receipt by the select vehicle of the vehicle fleet, regeneration of the second key of the KEK pair; encrypting, by the processor, the new seed parameters using the first key of the KEK pair, wherein the encrypted new seed parameters are configured to be decrypted by the second key of the KEK pair; transmitting, by the processor, the encrypted new seed parameters directly to the select vehicle via the security network; regenerating, by the processor using the new seed parameters, the first key of the KEK pair (Jung: [0028] The decrypted secret key may be generated by the server and is generated by inputting current time information as a seed value to a designated secret key generation function; [0074] The server/ECU secret key 405 in accordance with one embodiment of the present inventive concept may be acquired by inputting current time information at the time of secret key generation as a seed value to a secret key generation function of a designated order. Therefore, the server/ECU secret key 405 may not be decrypted if accurate time information when the server/ECU secret key 405 is generated is not known although a reception terminal or a specific device on a communication path knows the secret key generation function).
Regarding claim 9, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein transmitting the encrypted data to the select vehicle via the selected network of the data network and transmitting the encrypted encryption key directly to the select vehicle via the security network occur in parallel (Schneiders: [0037] Figure 3 shows a flow diagram of a method for communicating in which the key exchanged via the first network interface has a finite validity. According to such a method, a connection to a communication partner is first established in a connection step 302, with whom communication is to take place in encrypted form or who can provide the key. In an exchange step 304, the key is then exchanged via the first network interface and the key is exchanged in a communication module, as shown below in FIG Figure 4 is shown schematically, stored. After this storage step 306, the key is used in a data exchange step 308 in order to communicate in encrypted form via the second network interface).
Regarding claim 10, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, further comprising:
encrypting, by the processor using the encryption key, new protected data for communication to the select vehicle of the vehicle fleet; transmitting, by the processor, the encrypted new protected data to the select vehicle via the selected network of the one or more data networks, wherein the encrypted new protected data is configured to be decrypted by the encryption key transmitted to the select vehicle in a prior transmission (Jung: [0019] a firmware transmission method through which a server transmits firmware includes generating a secret key using a designated secret key generation function, encrypting original firmware using the secret key, encrypting the secret key using a public key of a reception terminal that is stored in advance, and generating a hash value by inputting the original firmware to a designated hash function, and encrypting the generated hash value using a private key of the server that is stored in advance, wherein firmware data including the encrypted original firmware, the encrypted secret key, and the encrypted hash value is transmitted to the reception terminal; [0029] a server providing firmware includes a controller, a firmware database in which original firmware is stored, a secret key generation module generating a secret key using a designated secret key generation function, a firmware encryption module encrypting the original firmware using the secret key, a secret key encryption module encrypting the secret key using a reception terminal public key that is stored in advance, a hash value encryption module generating a hash value by inputting the original firmware to a designated hash function and encrypting the generated hash value using a private key of the server, and a communication unit transmitting firmware data including the encrypted firmware, the encrypted secret key, and the encrypted hash value to an external device according to a control signal from the controller).
Regarding claim 11, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, further comprising:
generating, by the processor, the encryption key based on a dataset of a plurality of datasets and on a pre-determined interval, wherein each of the plurality of datasets comprise a different amount of information and correspond to a control system of the one or more automotive control systems of the select vehicle, wherein the pre-determined interval is greater when the dataset comprises more information and lower when the dataset comprises (Schnieders: [0037] In addition, it is checked regularly in a test step 310 whether the validity of the key has already expired or whether a predetermined fraction of the finite time interval for which the key is valid has already expired. If this is not the case, communication is continued. If this is the case, a new connection is established to the communication partner, which can provide a key, and the communication process just described begins again).
Regarding claim 12, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, further comprising:
transmitting, by the processor, the encrypted protected data to a plurality of vehicles of the vehicle fleet via the one or more data networks; transmitting, by the processor, the encrypted encryption key directly to the plurality of vehicles via the security network (Jung: [0019] a firmware transmission method through which a server transmits firmware includes generating a secret key using a designated secret key generation function, encrypting original firmware using the secret key, encrypting the secret key using a public key of a reception terminal that is stored in advance, and generating a hash value by inputting the original firmware to a designated hash function, and encrypting the generated hash value using a private key of the server that is stored in advance, wherein firmware data including the encrypted original firmware, the encrypted secret key, and the encrypted hash value is transmitted to the reception terminal; [0029] a server providing firmware includes a controller, a firmware database in which original firmware is stored, a secret key generation module generating a secret key using a designated secret key generation function, a firmware encryption module encrypting the original firmware using the secret key, a secret key encryption module encrypting the secret key using a reception terminal public key that is stored in advance, a hash value encryption module generating a hash value by inputting the original firmware to a designated hash function and encrypting the generated hash value using a private key of the server, and a communication unit transmitting firmware data including the encrypted firmware, the encrypted secret key, and the encrypted hash value to an external device according to a control signal from the controller).
Regarding claim 13, Jung discloses:
A non-transitory computer-readable storage medium storing instructions that, when executed by a processor, cause the processor to perform operations for secure communication of protected data to a select vehicle of a vehicle fleet comprising:
encrypting, by a processor using an encryption key, protected data for communication to a select vehicle of a vehicle fleet ([0019] encrypting original firmware using the secret key; [0029] a firmware encryption module encrypting the original firmware using the secret key; [0095] the server/ECU secret key 405 using a designated secret key generation function and acquires the first data by encrypting the original firmware using the generated server/ECU secret key 405), 
wherein the protected data is configured to update one or more automotive control systems of the select vehicle ([0115] The firmware database 920 is a storage medium to store original unencrypted firmware for ECUs mounted in a vehicle, and may maintain newest updated firmware information of the ECUs), and 
[0065] The server 310 may perform communication with the diagnostic apparatus 320 through wired or wireless connection, and when the server 310 receives a firmware transmission request of a specific ECU from the diagnostic apparatus 320, the server 310 is configured to encrypt the corresponding firmware and provide the encrypted firmware to the diagnostic apparatus);
encrypting, by the processor, the encryption key using a first key of a key-encryption key (KEK) pair associated with the select vehicle ([0019] encrypting the secret key using a public key of a reception terminal that is stored in advance; [0029] a secret key encryption module encrypting the secret key using a reception terminal public key that is stored in advance), 
wherein the encrypted encryption key is configured to be decrypted by a second key of the KEK pair possessed by the select vehicle ([0024] decrypting the encrypted secret key using a private key of the ECU that is stored in advance; [0030] a secret key decryption module decrypting the encrypted secret key using a private key of the ECU that is stored in advance); and 
transmitting, by the processor, the encrypted encryption key directly to the select vehicle ([0029] a communication unit transmitting firmware data including the encrypted firmware, the encrypted secret key, and the encrypted hash value to an external device; [0031] a server transmitting firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value to the diagnostic apparatus according to a firmware transmission request from the diagnostic apparatus, and an electronic control unit (ECU)). 
Jung fails to disclose:
selecting a network for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network, wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network, wherein the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle; and wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks.
However, Schneiders discloses:
selecting a network (See [0029] for selection of network based on the connection bandwidth) for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network (i.e. WLAN) and providing narrower geographic access to the select vehicle than a security network (i.e. network depicted in FIG. 2 such as 3G, 4G or 5G which are known to provide ‘broader geographic access than WLAN), wherein the one or more data networks exclude the security network ([0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols), 
See [0032] i.e. a first communication channel 208 (Fig. 2); See [0038] a first network interface 404 (Fig. 4)) of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle ([0018] the communication is within a communication module for a motor vehicle having a first network interface with a first maximum data rate; [0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol. The first communication channel 208 over which this happens is in FIG. 2 … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols);
wherein the select vehicle is configured to communicate with the security via a second interface (See [0033] a second communication channel 210 via the second network interface; [0038] A second network interface 406 of the communication module) of the two or more wireless communication interfaces ([0011] a key for symmetric encryption is exchanged and the communication over the second network interface is symmetrically encrypted. This makes it possible to efficiently exchange the key via the network interface of the lower resource consumption and then perform symmetric encryption over the second network interface; [0033] After the key exchange, encrypted communication is carried out via a second communication channel 210 via the second network interface, the encryption of which is based on the key exchanged; [0038] A second network interface 406 of the communication module).

The motivation to include separate communication modules is to ensure secure communication of protected data to a vehicle fleet to prevent compromise of the safety and operations of the vehicle system by using only single communication interface (See Scheinders [0004]).
The combination of Jung and Schnieders fails to disclose:
	wherein the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks;  and wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks.
However, Ross discloses:
	wherein the security network comprises a satellite constellation (See FIG. 1; i.e. Satellite Network array 117) and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks (Col. 5, Line # 3-5; In some examples, the communications array 101 can also include a satellite network array 117 that can transmit and receive communications 160 via a global satellite Internet network).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Jung and Schnieders and allow the backend server to select ideal connection such as Satellite Network array as an 
The motivation to select Satellite Network array to communicate secure data is to transmit the data from backend server to the selected vehicle in fast yet secure way possible based on bandwidth and geographic location (See Ross: Col. 5, Line # 1-6).
Regarding claim 14, the combination of Jung, Schnieders and Ross discloses:
The non-transitory computer-readable storage medium of claim 13, wherein the first key of the KEK pair comprises a public encryption key unrestricted to the processor and the select vehicle of the vehicle fleet, and wherein the second key of the KEK pair comprises a private encryption key exclusive to the processor and the select vehicle (Jung: [0070] With reference to FIG. 4, the server 310 may maintain a server private key 401 and an ECU public key 402 in a designated recording area in advance. Further, the server 310 may maintain a server public key 403 and an ECU private key 404 in a designated recording area in advance; [0071] The server private key 401 is a security key maintained in the corresponding server 310 and is not possessed jointly by other devices except for the corresponding server 310. On the other hand, the server public key 403 is a security key possessed jointly by other devices except for the corresponding server 310 and may be a security key known to all ECUs. The server private key 401 and the server public key 403 pair off exclusively and are not related to other different security keys. Therefore, data encrypted by the server private key 401 may be decrypted only by the server public key 403, and vice versa. That is, in a private key/public key structure, an encryption/decryption operation is performed in one direction. Therefore, the server 310 may not decrypt data, encrypted by the server private key 401, using the server private key 401. Further, an algorithm used in the private key/public key structure is designed such that one key of one pair of keys may not be discriminated using the other key. Therefore, the private key may not be decrypted through the public key, and the public key may not be decrypted through the private key).
Regarding claim 15, the combination of Jung, Schnieders and Ross discloses:
The non-transitory computer-readable storage medium of claim 13, wherein the first key of the KEK pair and second key of the KEK pair are symmetric keys generated independently by the processor and the select vehicle of the vehicle fleet based on pre-established seed parameters (Jung: [0011] With reference to FIG. 1, the diagnostic apparatus requests the server to transmit new firmware, and the server transmits new firmware data to the diagnostic apparatus. Thereafter, the diagnostic apparatus requests the ECU to perform re-programming, and in response the corresponding ECU generates a random number, i.e., a seed value, stores the seed value, and then transmits the seed value to the diagnostic apparatus. The diagnostic apparatus generates a key value using the received seed value and a key generation function, which is known in advance, and transmits the generated key value to the ECU; [0074] The server/ECU secret key 405 in accordance with one embodiment of the present inventive concept may be acquired by inputting current time information at the time of secret key generation as a seed value to a secret key generation function of a designated order. Therefore, the server/ECU secret key 405 may not be decrypted if accurate time information when the server/ECU secret key 405 is generated is not known although a reception terminal or a specific device on a communication path knows the secret key generation function).
Regarding claim 16, the combination of Jung, Schnieders and Ross discloses:
Schnieders: [0037] In addition, it is checked regularly in a test step 310 whether the validity of the key has already expired or whether a predetermined fraction of the finite time interval for which the key is valid has already expired. If this is not the case, communication is continued. If this is the case, a new connection is established to the communication partner, which can provide a key, and the communication process just described begins again).
Regarding claim 17, Jung discloses:
An apparatus comprising: at least one processor configured to perform operations for secure communication of protected data to a select vehicle of a vehicle fleet comprising:
encrypt, by a processor using an encryption key, protected data for communication to a select vehicle of a vehicle fleet ([0019] encrypting original firmware using the secret key; [0029] a firmware encryption module encrypting the original firmware using the secret key; [0095] the server/ECU secret key 405 using a designated secret key generation function and acquires the first data by encrypting the original firmware using the generated server/ECU secret key 405), 
[0115] The firmware database 920 is a storage medium to store original unencrypted firmware for ECUs mounted in a vehicle, and may maintain newest updated firmware information of the ECUs), and 
wherein the encryption key is configured to encrypt the protected data and decrypt the encrypted protected data ([0065] The server 310 may perform communication with the diagnostic apparatus 320 through wired or wireless connection, and when the server 310 receives a firmware transmission request of a specific ECU from the diagnostic apparatus 320, the server 310 is configured to encrypt the corresponding firmware and provide the encrypted firmware to the diagnostic apparatus);
encrypt, by the processor, the encryption key using a first key of a key-encryption key (KEK) pair associated with the select vehicle ([0019] encrypting the secret key using a public key of a reception terminal that is stored in advance; [0029] a secret key encryption module encrypting the secret key using a reception terminal public key that is stored in advance), 
wherein the encrypted encryption key is configured to be decrypted by a second key of the KEK pair possessed by the select vehicle ([0024] decrypting the encrypted secret key using a private key of the ECU that is stored in advance; [0030] a secret key decryption module decrypting the encrypted secret key using a private key of the ECU that is stored in advance); and 
[0029] a communication unit transmitting firmware data including the encrypted firmware, the encrypted secret key, and the encrypted hash value to an external device; [0031] a server transmitting firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value to the diagnostic apparatus according to a firmware transmission request from the diagnostic apparatus, and an electronic control unit (ECU)). 
Jung fails to disclose:
select a network for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network, wherein each of the one or more data networks is configured to provide narrower geographic access to the select vehicle than a security network and the one or more data networks exclude the security network, wherein the select vehicle is configured to communicate with the one or more data networks via a first interface of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle; and wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks.
However, Schneiders discloses:
select a network (See [0029] for selection of network based on the connection bandwidth) for communicating the protected data to the select vehicle from one or more data networks comprising at least one internet protocol network (i.e. WLAN) and providing narrower geographic access to the select vehicle than a security network (i.e. network depicted in FIG. 2 such as 3G, 4G or 5G which are known to provide ‘broader geographic access than WLAN), wherein the one or more data networks exclude the security network ([0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols), 
wherein the select vehicle is configured to communicate with the one or more data networks via a first interface (See [0032] i.e. a first communication channel 208 (Fig. 2); See [0038] a first network interface 404 (Fig. 4)) of two or more wireless communication interfaces, and wherein the selected network is chosen based on bandwidth and geographic access to the select vehicle ([0018] the communication is within a communication module for a motor vehicle having a first network interface with a first maximum data rate; [0032] The communication module 202 exchanges the key via the first network interface which uses or supports a first network protocol. The first communication channel 208 over which this happens is in FIG. 2 … other broadband data connections or data protocols may be used, such as one of the IEEE802.11 standardized wireless LAN (WLAN) protocols);
wherein the select vehicle is configured to communicate with the security via a second interface (See [0033] a second communication channel 210 via the second network interface; [0038] A second network interface 406 of the communication module) of the two or more wireless communication interfaces ([0011] a key for symmetric encryption is exchanged and the communication over the second network interface is symmetrically encrypted. This makes it possible to efficiently exchange the key via the network interface of the lower resource consumption and then perform symmetric encryption over the second network interface; [0033] After the key exchange, encrypted communication is carried out via a second communication channel 210 via the second network interface, the encryption of which is based on the key exchanged; [0038] A second network interface 406 of the communication module).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Jung and include a separate communication interfaces for a motor vehicle to communicate in encrypted form. 
The motivation to include separate communication modules is to ensure secure communication of protected data to a vehicle fleet to prevent compromise of the safety and operations of the vehicle system by using only single communication interface (See Scheinders [0004]).
The combination of Jung and Schnieders fails to disclose:
	wherein the security network comprises a satellite constellation and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks;  and wherein the security network is further configured to provide broader geographic access to the select vehicle than each of the one or more data networks.
However, Ross discloses:
	wherein the security network comprises a satellite constellation (See FIG. 1; i.e. Satellite Network array 117) and is configured as an out-of-band side-channel to provide security enhancement to the one or more data networks (Col. 5, Line # 3-5; In some examples, the communications array 101 can also include a satellite network array 117 that can transmit and receive communications 160 via a global satellite Internet network).

	The motivation to select Satellite Network array to communicate secure data is to transmit the data from backend server to the selected vehicle in fast yet secure way possible based on bandwidth and geographic location (See Ross: Col. 5, Line # 1-6).
Regarding claim 18, the combination of Jung, Schnieders and Ross discloses:
The apparatus of claim 17, wherein the first key of the KEK pair comprises a public encryption key unrestricted to the processor and the select vehicle of the vehicle fleet, and wherein the second key of the KEK pair comprises a private encryption key exclusive to the processor and the select vehicle (Jung: [0070] With reference to FIG. 4, the server 310 may maintain a server private key 401 and an ECU public key 402 in a designated recording area in advance. Further, the server 310 may maintain a server public key 403 and an ECU private key 404 in a designated recording area in advance; [0071] The server private key 401 is a security key maintained in the corresponding server 310 and is not possessed jointly by other devices except for the corresponding server 310. On the other hand, the server public key 403 is a security key possessed jointly by other devices except for the corresponding server 310 and may be a security key known to all ECUs. The server private key 401 and the server public key 403 pair off exclusively and are not related to other different security keys. Therefore, data encrypted by the server private key 401 may be decrypted only by the server public key 403, and vice versa. That is, in a private key/public key structure, an encryption/decryption operation is performed in one direction. Therefore, the server 310 may not decrypt data, encrypted by the server private key 401, using the server private key 401. Further, an algorithm used in the private key/public key structure is designed such that one key of one pair of keys may not be discriminated using the other key. Therefore, the private key may not be decrypted through the public key, and the public key may not be decrypted through the private key).
Regarding claim 19, the combination of Jung, Schnieders and Ross discloses:
The apparatus of claim 17, wherein the first key of the KEK pair and second key of the KEK pair are symmetric keys generated independently by the processor and the select vehicle of the vehicle fleet based on pre-established seed parameters (Jung: [0011] With reference to FIG. 1, the diagnostic apparatus requests the server to transmit new firmware, and the server transmits new firmware data to the diagnostic apparatus. Thereafter, the diagnostic apparatus requests the ECU to perform re-programming, and in response the corresponding ECU generates a random number, i.e., a seed value, stores the seed value, and then transmits the seed value to the diagnostic apparatus. The diagnostic apparatus generates a key value using the received seed value and a key generation function, which is known in advance, and transmits the generated key value to the ECU; [0074] The server/ECU secret key 405 in accordance with one embodiment of the present inventive concept may be acquired by inputting current time information at the time of secret key generation as a seed value to a secret key generation function of a designated order. Therefore, the server/ECU secret key 405 may not be decrypted if accurate time information when the server/ECU secret key 405 is generated is not known although a reception terminal or a specific device on a communication path knows the secret key generation function).
Regarding claim 20, the combination of Jung, Schnieders and Ross discloses:
The apparatus of claim 17, wherein the at least one processor is further configured to: generate the encryption key based on a dataset of a plurality of datasets and on a pre- determined interval, wherein each of the plurality of datasets comprise a different amount of information and correspond to a control system of the one or more automotive control systems of the select vehicle, and wherein the pre-determined interval is greater when the dataset comprises more information and lower when the dataset comprises less information (Schnieders: [0037] In addition, it is checked regularly in a test step 310 whether the validity of the key has already expired or whether a predetermined fraction of the finite time interval for which the key is valid has already expired. If this is not the case, communication is continued. If this is the case, a new connection is established to the communication partner, which can provide a key, and the communication process just described begins again).
Regarding claim 21, the combination of Jung, Schnieders and Ross discloses:
The method of claim 1, wherein selecting the network of one or more data networks for communicating the protected data to the select vehicle includes receiving information identifying the selected network from the select vehicle over the selected network (Ross: FIG. 9A & 9B; Col. 1, Line # 47-50; FIGS. 9A and 9B are flow charts describing an example method of selecting optimal routes and connections for AVs throughout a given region).
Regarding claim 22, the combination of Jung, Schnieders and Ross discloses:
Ross: FIG. 9A & 9B; Col. 1, Line # 47-50; FIGS. 9A and 9B are flow charts describing an example method of selecting optimal routes and connections for AVs throughout a given region).
Regarding claim 23, the combination of Jung, Schnieders and Ross discloses:
The apparatus of claim 17, wherein the operation to select the network of one or more data networks for communicating the protected data to the select vehicle further includes receiving information identifying the selected network from the select vehicle over the selected network (Ross: FIG. 9A & 9B; Col. 1, Line # 47-50; FIGS. 9A and 9B are flow charts describing an example method of selecting optimal routes and connections for AVs throughout a given region).

Claim 5 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al., (US20150180840A1) in view of Schneiders et al., (EP3306891A1) in view Ross et al., (US9432929B1), in view of Karp et al., (US8214638B1) and further in view of Jalanko et al., (US20160261566A1).
Regarding claim 5, the combination of Jung, Schneiders and Ross fails to disclose:
The method of claim 4, further comprising: 
generating, by the processor, a replacement KEK pair comprising: a replacement first key comprising a public encryption key unrestricted to the processor and the select vehicle of second key comprising a private encryption key exclusive to the processor and the select vehicle; encrypting, by the processor, the replacement second key of the replacement KEK pair using the first key of the KEK pair, wherein the encrypted replacement second key is configured to be decrypted by the second key of the KEK pair; transmitting, by the processor, the encrypted replacement second key directly to the select vehicle of the vehicle fleet via the security network, wherein the replacement second key is configured to replace the second key; and replacing, by the processor, the first key with the replacement first key of the replacement KEK pair for subsequent encryption of the encryption key for transmissions via the100676667.1- 3 -Application No. 15/845,859Docket No.: AUTP.POOO1US/1001009179 Reply to Final Office Action of March 26, 2020security network, wherein the replacement second key is further configured to decrypt the encryption key encrypted by the replacement first key.
However, Karp discloses:
generating, by the processor, a replacement KEK pair comprising (Col. 5, Line # 10-11; FIG. 3 illustrates a method for generating and transmitting new public keys 113): 
a replacement first key comprising a public encryption key unrestricted to the processor and the select vehicle of the vehicle fleet, and a replacement second key comprising a private encryption key exclusive to the processor and the select vehicle (Col. 5, Line # 19-23; From time to time, the source secure communications manager 101 generates 305 at least one new private/public key pair 111 NEW 113 NEW, and replaces 307 an associated, old private/public key pair (e.g., 111 1 113 1 therewith); 
replacing, by the processor, the first key with the replacement first key of the replacement KEK pair for subsequent encryption of the encryption key for transmissions via the security network, wherein the replacement second key is further configured to decrypt the Col. 5, Line # 23-28; For each new private key 111 NEW, the source secure communications manager 101 also transmits 313 the corresponding new public key 113 NEW such that the new public key 113 NEW is associated with the corresponding certificate 109).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Jung, Schneiders, & Ross and replace old public private key pairs with new public private key pairs, as disclosed by Karp.
The motivation to replace old key pairs with new key pairs is to increase level of security in encrypted network communication (See Karp: Abstract). 
The combination of Jung, Schneiders, Ross & Karp fails to disclose:
	encrypting, by the processor, the replacement second key of the replacement KEK pair using the first key of the KEK pair, wherein the encrypted replacement second key is configured to be decrypted by the second key of the KEK pair; transmitting, by the processor, the encrypted replacement second key directly to the select vehicle of the vehicle fleet via the security network, wherein the replacement second key is configured to replace the second key.
However, Jalanko discloses:
	encrypting, by the processor, the replacement second key of the replacement KEK pair using the first key of the KEK pair, wherein the encrypted replacement second key is configured to be decrypted by the second key of the KEK pair ([0012] The securing can comprise encrypting the second private key by means of the associated public key; [0013] The secured second private key can be encrypted based on the associated public key such that the encryption can only be decrypted with the first private key);
transmitting, by the processor, the encrypted replacement second key directly to the select vehicle of the vehicle fleet via the security network, wherein the replacement second key is configured to replace the second key ([0031] The second private key is secured at 21 based on a public key associated with the first private key. The secured second private key is then communicated at 22 to the device to replace the first private key).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Jung, Schneiders, Ross and Karp and include a method of replacement of asymmetric cryptographic key pairs, as disclosed by Jalanko.
	The motivation to include the method of replacement of key pairs is to enhance network security for providing a confidential data exchange among entities (See Jalanko: [0002]). 
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/S.M.A./             Patent Examiner, Art Unit 2432                                                                                                                                                                                           
/SYED A ZAIDI/             Primary Examiner, Art Unit 2432