Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The abstract of the disclosure is objected to because in line2, “SMS test message” should be “SMS text message”.  Correction is required.  See MPEP § 608.01(b).

Claim Interpretation
MPEP 2111.04 states that the broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent is not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A or B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B. Examiner notes that claims 1-3, 8, 10-11 recite contingent "if" limitations, and suggests positively claiming these steps for full consideration.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1(b), the term “X seconds” is indefinite because is unclear whether X means unlimited number. For the purposes of examination, the Examiner is interpreting the term “X seconds” as a limited number, like “30 seconds”. Claims 2-7 are rejected by virtue of being dependent on claim 1.
Claim 8(b) recites substantially similar subject matter to that of claim 1(b), specifically with respect to the word “X seconds”, thus, is rejected under 35 U.S.C 112 (b) for the same reasons as outlined above in claim 1(b). 
Claim 9(b) recites substantially similar subject matter to that of claim 1(b), specifically with respect to the word “X seconds”, thus, is rejected under 35 U.S.C 112 (b) for the same reasons as outlined above in claim 1(b). Claims 10-13 are rejected by virtue of being dependent on claim 9.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness 	rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7 are rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2).
Regarding claim 1, Hergesheimer teaches:
A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising: 
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);
receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));
Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a duration of X seconds, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One-Time Password - single-use/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110.  Khanna et al further teaches in paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
attaching the single-use credential value to the command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP to each access request (command message));
a processor of the vehicle tracking device generating a first expected credential value based at least in part on the shared key value and a second time value (paragraph [0008]: The instructions further cause the processor(s) to perform processing comprising generating a second TOTP (expected credential value) using a key (shared key) that has been configured for the username; paragraph [0030]: generate TOTPs as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110);
the processor of the vehicle tracking device comparing the first expected credential value to the single-use credential value attached to the command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value)); and
the vehicle tracking device executing the command included in the command message only if the first expected credential value matches the single-use credential value attached to the command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP).
Hergesheimer and Khanna et al are both considered to be analogous to the claimed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al.
One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]).
Regarding claim 2, Hergesheimer and Khanna et al, hereinafter HK, teaches all of the features with respect to claim 1, as outlined above.
Khanna et al further teaches wherein the first expected credential value matches the single-use credential value only if the second time value falls within the first time window (paragraph [0008]: determining whether the session is valid and the determining whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value).  Paragraph [0074]: The times used to generate the TOTPs (first and second time value) also need to be synchronized.).
Regarding claim 3, HK teaches all of the features with respect to claim 1, as outlined above.
	Khanna et al further teaches wherein if the first expected credential value does not match the single-use credential value, the method further comprises: 
the processor of the vehicle tracking device generating a second expected credential value based at least in part on the shared key value and a time value that falls within a preceding time window that immediately precedes a time window into which the second time value falls (paragraph [0022]: Because TOTPs are only valid for a specific time window, a new valid TOTP (second expected credential value) would be needed (within a preceding time window) each time a time window expires);
the processor of the vehicle tracking device comparing the second expected credential value to the single-use credential value attached to the command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (second expected credential value)); and
the vehicle tracking device executing the command included in the command message only if the second expected credential value matches the single-use credential value attached to the command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP)

Regarding claim 4, HK teaches all of the features with respect to claim 3, as outlined above.
	Khanna et al further teaches wherein the preceding time window corresponds to the first time window (paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window)).
Regarding claim 5, HK teaches all of the features with respect to claim 1, as outlined above.
	Khanna et al further teaches wherein the second time value corresponds to a time at which the command message is received at the vehicle tracking device (paragraph [0008]: receiving, during a session established for a username, an access request (command message is received) from a client application, the access request identifying a resource (vehicle tracking device on this case) to be accessed, generating a second TOTP (include the time value)).
Regarding claim 6, HK teaches all of the features with respect to claim 5, as outlined above.
	Hergesheimer further teaches wherein the time at which the command message is received at the vehicle tracking device is determined based on reference to timing signals from Global Positioning System (GPS) satellites (paragraph [0004]: In addition to location information, a GPS receiver can also be configured to provide time data.).
Regarding claim 7, HK teaches all of the features with respect to claim 1, as outlined above.
	Khanna et al further teaches wherein step (c) comprises prepending the single-use credential value to the command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP (single-use credential value) to each access request (command message) (e.g., to a header portion of the access request)).
Claims 8 is rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2) and Rougier (US PG-PUB No. 20180310174 A1).
Regarding claim 8, Hergesheimer teaches:
A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising: 
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);
receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));
Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a duration of X seconds, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One-Time Password - single-user/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110.  Paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
attaching the single-use credential value to the command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP (single-use credential value) to each access request (command message));
the processor of the vehicle tracking device comparing the expected credential value to the single-use credential value attached to the command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value)); and
the vehicle tracking device executing the command included in the command message only if the expected credential value matches the single-use credential value attached to the command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP).
Hergesheimer and Khanna et al are both considered to be analogous to the claimed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al.
One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]).
Hergesheimer and Khanna et al, hereinafter HK, teaches all of the features as outlined above. HK fails to teach, but Rougier teaches:
attaching a timestamp value to the command message, wherein the timestamp value corresponds to the first time value (paragraph [0037]: when a client connects, sends a command or attempts to register, it always embeds its own time stamp in the request headers);
a processor of the vehicle tracking device generating an expected credential value based at least in part on the shared key value and the timestamp value attached to the command message (paragraph [0037]: uses the connected client's time stamp as the basis for its TOTP computation. Paragraph [0055]: The block 300 generates a second TOTP (expected credential) from the authentication key (shared key) and a controller timestamp with the controller (block 312));  
HK and Rougier are both considered to be analogous to the claimed invention because they are both teaching secure communication and authentication. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of secure communications for vehicle tracking device with using time-based one-time password (TOTP) disclosed by HK with adding the timestamp as the basis for TOTP computation as disclosed by Rougier.
One of ordinary skill in the art would have been motivated to make these modifications in order to ensure the TOTP computation in the event an internet connection is unavailable (local time is not available), as suggested by Rougier (paragraph [0037]).
Claims 9-13 are rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2) and Hamlin et al (US PG-PUB No. 20190013945 A1).
Regarding claim 9, Hergesheimer teaches:
A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising: 
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);
receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));
Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a duration of X seconds, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One-Time Password - single-user/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110. In paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
a processor of the vehicle tracking device generating an expected credential value based at least in part on the shared key value and a second time value (paragraph [0008]: The instructions further cause the processor(s) to perform processing comprising generating a second TOTP(expected credential value) using a key (shared key) that has been configured for the username; In paragraph [0030]: generate TOTPs (both of single-use credential value and expected credential value) as a function of the shared secret 132 and further as a function of a local time (time value) on the client device 110);
the vehicle tracking device executing the command included in the command message (paragraph [0008]: controlling access to the resource by the client application (executing the command) based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP).
Hergesheimer and Khanna et al are both considered to be analogous to the claimed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al.
One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]).
Hergesheimer and Khanna et al, hereinafter HK, teaches all of the features as outlined above. HK fails to teach, but Hamlin et al teaches:
encrypting the command message using the single-use credential value as an encryption key (paragraph [0001]: The present disclosure generally relates to the field of encrypted communication of sensor data (command message) between access points in the Internet of Things, and more specifically to encryption of sensor data using session keys generated using time-based one-time passwords (single-use credential value));
the processor of the vehicle tracking device decrypting the command message using the expected credential value as a decryption key (paragraph [0011]: Upon receipt of the encrypted sensor data in embodiments of the present disclosure, the data evaluating device may use the identical session key (shared key of the expected credential value) to decrypt the sensor data (command message) and evaluate it); 
HK and Hamlin et al are both considered to be analogous to the claimed invention because they are in the same field of teaching a method for the generation of a time-based one-time password (TOTP) for session encryption. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the current TOTP method disclosed by HK with adding the encryption and decryption of the communication message disclosed by Hamlin et al.
One of ordinary skill in the art would have been motivated to make these modifications in order to ensure the communication data is protected during the data transmission, as suggested by Hamlin et al (paragraph [0010]).
Regarding claim 10, Hergesheimer, Khanna et al and Hamlin et al, hereinafter HKH, teaches all of the features with respect to claim 9, as outlined above.
Hamlin et al further teaches wherein the processor of the vehicle tracking device is able to decrypt the command message only if the expected credential value matches the single-use credential value attached to the command message (paragraph [0049]: the decryption performed at block 318 in an embodiment may only successfully decrypt the encrypted data received from the sending device if the session key generated by the receiving device (expected credential value) at block 316 matches identically the session key generated by the sending device (single-use credential value) at block 310).
Regarding claim 11, HKH teaches all of the features with respect to claim 10, as outlined above.
Khanna et al further teaches wherein the expected credential value matches the single-use credential value only if the second time value falls within the first time window (paragraph [0008]: extracting a session cookie from the access request (command message), the session cookie comprising information identifying the session. determining, using the session cookie, whether the session is valid; Controlling access to the resource by the client application (executing the command) based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value). In paragraph [0074]: The times used to generate the TOTPs also need to be synchronized. (first and second time value falls within the same time window)).
Regarding claim 12, HKH teaches all of the features with respect to claim 9, as outlined above.
Khanna et al further teaches wherein the second time value corresponds to a time at which the command message is received at the vehicle tracking device (paragraph [0008]: receiving, during a session established for a username, an access request (command message is received) from a client application, the access request identifying a resource (vehicle tracking device on this case) to be accessed, generating a second TOTP (include the time value)).
Regarding claim 13, HKH teaches all of the features with respect to claim 12, as outlined above.
Khanna et al further teaches wherein the time at which the command message is received at the vehicle tracking device is determined based on reference to timing signals from Global Positioning System (GPS) satellites (paragraph [0004]: In addition to location information, a GPS receiver can also be configured to provide time data).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure:
Burch et al. (US PG-PUB No. 20190036915 A1) disclosed time-based one-time password (TOTP) for network authentication.
Ben-noon et al. (US PG-PUB No. 20200186560 A1) disclosed system and method for time-based anomaly detection in an in-vehicle communication network.
Tzur-David et al. (US PG-PUB No. 20190036914 A1) disclosed system and method for temporary password management.
Lei et al. (US PG-PUB No. 20180265038 A1) disclosed Vehicle Communications.
Fox et al. (US PG-PUB No. 20180103036 A1) disclosed systems and methods for cyber-physical vehicle management, detection and control. 
Li et al. (US PG-PUB No. 20180338241 A1) disclosed systems and methods for programming, controlling and monitoring wireless networks.
Aman et al. (US PG-PUB No. 20190043281 A1) disclosed theme park gamification, guest tracking and access control system.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASMINE M DAY whose telephone number is (571)272-0067. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.M.D./Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499