Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notice of Pre-AIA  or AIA  Status
This Office Action is in response to the application 17/253,614 filed 12/17/2020; Claims 1, 13, and 15 are independent claims; Claims 6 and 16-18 have been cancelled. Claims 1-5, and 7-15 have been examined and are pending.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. WELCH, HENRY (Reg. No.: 65516) has agreed and authorized the Examiner to amend claims 1, 13, and 15; Canceled claim 3.
Examiner’s Amendments
Claims
Replacing claims 1-18 as following:
1.	(Currently amended) A data protection method for an in-vehicle infotainment (IVI) system, the method comprising:
receiving user identification data;
generating a unique token on the basis of the user identification data;
transmitting the token to a device for presentation to a user;
receiving, by the IVI system, first user input data;

in response to determining that the first user input data corresponds to the token:
generating, by the backend server, a one-time password (OTP) on the basis of the token, and
transmitting, by the backend server, the OTP both (1) to the IVI system and (2) to a mobile device of the user;
receiving, by the IVI system, second user input data; and
in response to determining, by the IVI system, that the second user input data corresponds to the OTP:
creating, by the IVI system, a secure container within the IVI system for access by the user that is separate from a host file system of the IVI system,
creating, by the IVI system, a custom file system on the host file system in the secure container, and
storing a copy of downloaded user data and one or more user applications associated with the user in the secure container, wherein the one or more user applications execute inside the secure container via [[a]] the custom file system such that the one or more user applications do not impact applications or data of the host file system.

2.	(Original) The method according to claim 1, wherein the backend server saves the token in a memory unit.



4.	(Currently amended) The method according to claim [[3]] 1, wherein the custom file system exists on the host file system as a directory and is protected through host security policies.

5.	(Original) The method according to claim 4, wherein the host security policies are active security policies.

6.	(Cancelled) 

7.	(Previously presented) The method according to claim 1, wherein the user identification data comprises at least one of a user’s name, a user’s mobile number, a user’s address, a user’s e-mail address, a user’s driving license number, a user’s personal identification information, or a user’s biometric information.

8.	(Previously presented) The method according to claim 1, further comprising:
in response to the user logging out of the IVI system:
backing up, by the IVI system, the copy of the downloaded user data associated with the user stored in the secure container on a backup server, 
deleting, by the IVI system, the secure container from the IVI system, and
instructing, by the IVI system, the backend server to delete information 

9.	(Previously presented) The method according to claim 8, wherein the backup server is available as a cloud based service and the backup of the downloaded user data is stored in a network cloud.

10.	(Original) The method according to claim 1, wherein communication between the backend server and the IVI system is performed over a secure communication channel.

11.	(Original) The method according to claim 1, wherein the IVI system comprises an automotive infotainment head unit in a car shared by a plurality of users.

12.	(Previously presented) The method according to claim 1, wherein the secure container is created only temporarily and/or data is stored within the secure container only temporarily.

13.	(Currently amended) A system comprising:
a backend server comprising a first processor and a first memory; and
an in-vehicle infotainment (IVI) system comprising a second processor and a second memory;
wherein, when executing instructions, the first and second processors are configured to execute a computer-implemented method comprising:
receiving, by the backend server, user identification data;

transmitting, by the backend server, the token to a device for presentation to a user;
receiving, by the IVI system, first user input data;
transmitting, by the IVI system, the first user input data to the backend server;
in response to determining that the first user input data corresponds to the token,
generating, by the backend server, a one-time password (OTP) on the basis of the token, and
transmitting, by the backend server, the OTP both (1) to the IVI system and (2) a mobile device of the user; and
receiving, by the IVI system, second user input data; and
in response to determining, by the IVI system, that the second user input data corresponds to the OTP:
creating, by the IVI system, a secure container within the IVI system for access by the user that is separate from a host file system of the IVI system,
creating, by the IVI system, a custom file system on the host file system in the secure container, and
storing a copy of downloaded user data and one or more user applications associated with the user in the secure container, the custom file system such that the one or more user applications do not impact applications or data of the host file system.

14.	(Original) The system of claim 13, wherein the transmitted OTP is stored on a local cryptographic storage unit in the IVI system.

15.	(Currently amended) One or more non-transitory computer-readable media including instructions that, when executed by a system, cause the system to perform the steps of:
receiving user identification data;
generating a unique token on the basis of the user identification data;
transmitting the token to a device for presentation to a user;
receiving, by an in-vehicle infotainment (IVI) system, first user input data;
transmitting, by the IVI system, the first user input data to a backend server;
in response to determining that the first user input data corresponds to the token:
generating, by the backend server, a one-time password (OTP) on the basis of the token, and
transmitting, by the backend server, the OTP both (1) to the IVI system and (2) to a mobile device of the user;
receiving, by the IVI system, second user input data; and
in response to determining, by the IVI system, that the second user input data 
creating, by the IVI system, a secure container within the IVI system for access by the user that is separate from a host file system of the IVI system,
creating, by the IVI system, a custom file system on the host file system in the secure container, and
storing a copy of downloaded user data and one or more user applications associated with the user in the secure container, wherein the one or more user applications execute inside the secure container via [[a]] the custom file system such that the one or more user applications do not impact applications or data of the host file system.

16-18.	(Cancelled)

Examiner's Statement of reason for Allowance
Claims 1-2, 4-5, 7-14, and 15 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The invention is directed to methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments 
The closest prior art are Madhok et al. (“Madhok,” US 2014/0189888, published Jul. 3, 2014), in view of Greaves et al. (“Greaves,” WO 2015/019104, published Feb. 12, 2015), and further in view of Hong et al. (“Hong,” US 2017/0078278, published Mar. 2017), and Barton et al. (“Barton,” US 2014/0108793, published Apr. 17, 2014), and Fojtik et al. (“Fojtik,” US 2017/0124320, filed May 4, 2017) generally directed to various aspect of the method involves receiving user identification data by using a backend server. Two-phase user authentication is implemented using a user device through the backend server and an in-vehicle infotainment (IVI) system. A secure container is created within the IVI system for access by a user in response to a successful two-phase user authentication. A unique token is generated based on the user identification data through the backend server. The unique token is transmitted to a device (105) for presentation to the user through the backend server. User input data is received by the IVI system.
However, none of Madhok, Greaves, Hong, Barton, and Fojtik teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1, 13, and 15. For examples, it failed to teach “generating, by the backend server, a one-time password (OTP) on the basis of the token, and transmitting, by the backend server, the OTP both (1) to the IVI system and (2) to a mobile device of the user;” and “receiving, by the IVI system, second user input data; and in response to determining, by the IVI system, that the second user input data corresponds to the OTP: creating, by the IVI system, a secure container within the IVI system for access by the user that is separate from a host file system of the IVI system, creating, by the IVI system, a custom file system on the host file system in the secure container, and storing a copy of downloaded user data and one or more user applications associated with the user in the secure container, wherein the one or more user applications execute inside the secure container via the custom file system such that the one or more user applications do not impact applications or data of the host file system.”
This feature in light of other features describes in the independent claims 1 and 13 are allowable over the prior art of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380.  The examiner can normally be reached on Monday-Friday: 6:00 AM-3:30 PM, other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 




/Canh Le/
Examiner, Art Unit 2439
November 29th, 2021.



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439