DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/28/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendment
Claims 1-10 and 13-22 are pending. Claims 1, 3, 5-10, 12-13 and 16-20 are currently amended. Claim 11 is canceled. Claims 21-22 are newly added. 
Applicant’s amendments to the claims and abstract will overcome each and every specification objection, claim objection, 112(b) rejection and the 101 rejection ( in regards to including hardware in the claims), previously set forth in the Non-Final Office Action mailed 10/28/2021. The abstract filed on 01/28/2022 is accepted. 

Response to Arguments
Applicant' s arguments, see pages 8-12, filed 01/28/2022, with respect to the 102 and 103 rejections have been fully considered and are persuasive.  The 102  rejection of claim 12 and 103 rejections of claims 1-8 and 12-20 has been withdrawn.

Claim Objections
Claims 1, 12 and 21-22 are objected to because of the following informalities:  The examiner suggests amending the claim to recite “the message is additionally” instead of “message is additionally” in line 11 of claim 1, line 8 of claim 12, line 10 of claim 21 and line 7 of claim 22 to provide better quality and clarity.  Appropriate correction is requested.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 12 and 22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 12 recites  storing at least one cryptographic key, storing a master key reference, storing the key state and transmitting a message.
The limitations of storing at least one cryptographic key, storing a master key reference, storing the key state and transmitting a message, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “a processor”” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “processor” language, “storing and transmitting” in the context of this claim encompasses the user manually saving and forwarding data. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – using a processor to perform the steps. The additional element is recited at a high-level of generality (i.e., as a generic processor with a generic computer function and a generic memory storing data), such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, the additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Independent claim 22 includes limitations similar to the limitations of independent claim 12 and rejected under 3 USC 101 for being directed to abstract idea for similar reasons as discussed above with respect to independent claim 12.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 9-10 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by TAEKMORI et al. (US Pub No. 2019/0238325).
Regarding claim 9, TAKERMORI teaches a device for performing key derivations, wherein the device comprises a security circuit, configured to derive a cryptographic key from a saved master key that is selected in a received message by a master key reference noted therein (TAKEMORI, Figure 1, page 4, paragraph 0052, page 8, paragraphs 0093-0096 and page 9, paragraphs 0115-0119; ENC and Mac keys generated from a master secret, vehicle identification number and key identifiers).
Regarding claim 10, TAKERMORI teaches the device wherein the hardware security circuit is configured such that, to derive the key, it also takes into account a key state transmitted by the vehicle (TAKEMORI, Figure 1, page 4, paragraph 0052, page 8, paragraphs 0093-0096 and page 9, paragraphs 0115-0119; ENC and Mac keys generated from a master secret, vehicle identification number and key identifiers).


Allowable Subject Matter
Claims 1-8 and 13-21 would be allowable if rewritten or amended to overcome the claim objections, set forth in this Office action.
Claims 12 and 22 would be allowable if rewritten or amended to overcome the claim objections and rejection(s) under 35 U.S.C. 101, set forth in this Office action.
Examiner’s Statement for Indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: After further search and consideration and applicant remarks put forth in the Remarks of 01/28/2022 on pages 8-12, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art TAKEMORI et al. (US Pub No. 2019/0238325) discloses a communication system that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle key transmission/reception unit that transmits or receives a third key to or from the server device by encryption communication which uses the second key. The first arithmetic processing device includes a vehicle communication unit that performs encryption communication with the server device using the third key (TAKEMORI, Abstract), CHENNAKESHU (US Pub No. 2017/0200324) discloses vehicle data can be encrypted at block  with an identifier of a current driver, for example, log-in identifier and/or driver identification data, which can also be stored at server. Hence, when server decrypts vehicle data, an identifier of a current driver can be determined. Similarly, encrypted vehicle data can be transmitted with an unencrypted identifier of a current driver and the unencrypted identifier of a current driver can be used by server to determine which key to use to decrypt encrypted vehicle data. Indeed, in some implementations, encrypted vehicle data can include the encrypted identifier of a current driver and can also be transmitted with the unencrypted identifier of a current driver such that when encrypted vehicle data is decrypted, the two identifiers can be compared as a verification and/or as an integrity check. In yet a more complicated embodiment the driver identifier and vehicle data can be hashed and signed by the key and the signed hash together with the unsigned data can be sent to the server. The server decrypts the signed hash using the corresponding private key, then hashes the unsigned data using a similar hash algorithm and compares the two hashes. If they correspond there is an integrity check. (CHENNAKESHU, pages 7-8, paragraph 0093), DARNELL et al. (US Pub No. 2017/0134382) discloses a server comprising a portion of a reservation management (RM) system for a plurality of vehicles, the server comprising memory and a processor configured to execute instructions from the memory to: receive an encrypted message from a manufacturing work station in communication with a vehicle computing device, the message including a unique identifier (UID) associated with the vehicle computing device; decrypt the message; generate a unique encryption key from the UID; store the UID and the unique encryption key; generate an encrypted message that includes the unique encryption key for the vehicle computing device; and send the generated message to the manufacturing work station for storage in the vehicle computing device. Some embodiments further comprise: the vehicle computing device configured to communicate with a controller area network (CAN) bus of a vehicle, the vehicle computing device comprising memory and a processor, the memory storing a plurality of vehicle types and settings associated with each vehicle type, the processor configured to execute instructions from the memory to: query the CAN bus for the VIN of the vehicle; generate an encrypted message that includes the VIN and the UID; send the encrypted message to the server; receive an encrypted message from the server with a vehicle type associated with the vehicle; decrypt the received message; set the vehicle type in the nonvolatile memory of the vehicle computing device; and reboot with the settings associated with the set vehicle type. (DARNELL. Page 5, paragraph 0036) and Kawaguchi et al. (US Pub No. 2020/0380326) discloses the encrypted message includes an encrypted portion and an unencrypted portion, the unencrypted portion including a secret key identifier that identifies the secret key to an authentication device. In some of these embodiments, the authentication device retrieves the secret key based on the secret key identifier and decrypts the encrypted message using the secret key. In some embodiments, the encrypted message further includes a secret pattern identifier that identifies the secret pattern to the authentication device. In some of these embodiments, the secret pattern is included in the unencrypted portion of the encrypted message. In some embodiments, the secret pattern is included in the encrypted portion of the encrypted message. (Kawaguchi, page 5, paragraph 0044), however, the prior art taken alone or in combination fails to teach or suggest “ transmitting from the vehicle to an external server a message, having an encrypted part that is encrypted with the cryptographic key, which message is additionally provided with the master key reference and the key state of the vehicle, wherein the master key reference and the key state of the vehicle are transmitted unencrypted; deriving a cryptographic key in the external server from the master key identified by the master key reference depending on the key state of the vehicle” (as recited in claims 1 & 21 and similarly in claims 12 & 22). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SHAQUEAL D WADE-WRIGHT/             Examiner, Art Unit 2437                                                                                                                                                                                           	
/ALI S ABYANEH/             Primary Examiner, Art Unit 2437