Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to amendments filed on April 12, 2022.

Status of Claims
Claims 1, 3-4, 6, 8-10, 12, 14, 16, and 18 are amended, claims 5, 7, 13, 15, and 20 are canceled. Claims 1-4, 6, 8-12, 14, and 16-19 are pending in the application.

Priority
The priority date that has been considered for this application is October 24, 2017.  

Response to Amendment
(A). Regarding claim objections: claim objections to claims 1-9 and 15 are withdrawn because amendment to claim 1 appropriately addressed the objections to claims 1-9, and claim 15 is canceled.
(B). Regarding art rejection: In regards to pending claims Applicant’s arguments are not persuasive; see response to arguments section of this office action.

Examiner Notes 
(A).      Examiner has cited particular columns with line numbers, and/or paragraph numbers, references, or figures in the references applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. Please see MPEP § 2141.02 and § 2123.

            (B).      Claim limitations are provided with the Bold fonts in the art rejection.

Claim Objections
Claims 2-4 are objected to because of the following informalities:  claim 2, line 3, - the security verification- .  claims 3-4 are objected to for the same reason because of their dependencies from claim 2. Appropriate correction is required.


Claim Rejections - 35 USC § 103
 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed 
invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 6, 10-11, 14, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over UJIIE et al (US 20170192770 A1, hereinafter “UJIIE” cited from IDS filed 8/28/2020) in view of Calkowski et al (US 20140250066 A1, hereinafter, “Calkowski”) and Matyas et al (US 6947556 B1, hereinafter, “Matyas”).

Regarding claim 1 (Currently amended), UJIIE teaches A vehicle-mounted device upgrade method (Fig. 14), applied to a vehicle-mounted system, wherein the vehicle-mounted system comprises a vehicle-mounted control device and one or more to-be-upgraded vehicle-mounted devices (Fig. 1), and the method comprises: 
obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade package, wherein the vehicle-mounted upgrade package comprises a plurality of upgrade files, and each upgrade file of the plurality of upgrade files is used to upgrade at least one of the one or more to- be-upgraded vehicle-mounted devices (para [0130], “…and the gateway 300 receives the FW update information (step S1106b)” wherein the gateway 300 reads on the control device. para [0128], “…decides one or more pieces of updated firmware to deliver to the gateway 300 (step S1101)….” wherein a piece of firmware reads on an upgrade file); 
performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files (para [0131], “After receiving the FW update information, the gateway 300 verifies the signature of the FW update information (FW update information signature) with the signature verifying unit 373 (step S1107).”); 
responsive to determining that the security verification on the plurality of upgrade files succeeds (para [0131], “… If the verification is successful, the gateway 300 conducts a FW update control process …”), [generating, by the vehicle-mounted control device, a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files];
UJIIE does not explicitly teach 
(responsive to determining that the security verification on the plurality of upgrade files succeeds,) generating, by the vehicle-mounted control device, a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files; 
generating a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key; and 
sending, by the vehicle-mounted control device, the plurality of mutually associated data blocks that carry the first MAC.
Calkowski teaches 
(responsive to determining that the security verification on the plurality of upgrade files succeeds,) generating, by the vehicle-mounted control device, a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files (para [0022], “…Once the file has been divided into chunks, for each chunk, a hash is computed and indexed in the local chunk index 104. The hash for each chunk is associated with the location information for the chunk, for example, a file identifier and offset, so that, based upon the indexed hash, the location information for the chunk can be identified. …” wherein the indexed hash indicates that the chunks are mutually associated); 
sending, by the vehicle-mounted control device, the plurality of mutually associated data blocks that carry the first MAC(para [0023], “…In this manner, the CDCSS builds up the patch 110 sequentially by examining the file, chunk by chunk. As a result, the patch 110 can be forwarded (e.g., sent, transferred, communicated, etc.) to a recipient in parts as it is created (or, in some embodiments, after the whole patch is computed) to be processed sequentially…” para [0022] teaches indexed hash is computed for each chunk, wherein the hash is analogous to the first MAC in that it serves verification purposes).
UJIIE and Calkowski are analogous art because both deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE and Calkowski before him/her before the effective filing date of the claimed invention, to incorporate the features of Calkowski into UJIIE because Calkowski’s teaching provides enhanced “techniques for synchronizing content, such as a file, between one or more clients (e.g., client computing systems) and one or more servers (e.g., server computing systems).” (Calkowski, para [0013]).
None of UJIIE and Calkowski explicitly teaches 
generating a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key;
Matyas teaches 
generating a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key (col 15, lines 7-16, “… the personal key client may generate a MAC (message authentication code) on the unencrypted content of the file (block 514). For example, the personal key client may utilize ki and a strong collision-resistant one-way hash function such as SHA-1 to generate the MAC. That is, MAC=Hash(file, ki). …” wherein ki reads on the second key. col 14, lines 17-21, “The personal key client encrypts ke, and, optionally, ki and a hash of ke, ki with k using, for example, a symmetric-key encryption algorithm (such as DES, Triple-DES, RC5, etc)(block 508).….” wherein ki which reads on the second key is a symmetric algorithm key);
The combination of UJIIE and Calkowski along with Matyas are analogous art because all deal with updating software/firmware of devices and authenticating data.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski and Matyas before him/her before the effective filing date of the claimed invention, to incorporate the features of Matyas into UJIIE and Calkowski because Matyas’ teaching provides techniques that allow “data recovery to be done in pieces” (Matyas, col 15, lines 7-16).

Regarding claim 2 (Original), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 1, UJIIE further teaches wherein the vehicle-mounted upgrade package comprises a first digital signature (para [0044], “A configuration is also possible in which the firmware update information includes a signature attached to the updated firmware…”); and the performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files comprises: 
performing, by the vehicle-mounted control device, digital signature verification on the plurality of upgrade files using the first digital signature (para [0044], “…and the first process is a process of verifying the signature…”).

Regarding claim 6 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 1, Matyas further teaches wherein the method further comprises: 
encrypting, by the vehicle-mounted control device, each of the plurality of upgrade subfiles using a third key (col 16, lines 8-11, “…the personal key client also encrypts the content of the file with ke using a symmetric-key encryption algorithm (such as DES, Triple-DES, RC5, etc)(block 518)….” For motivation to combine, please refer to office action regarding claim 1); 
Calkowski teaches generating, by the vehicle-mounted control device, a plurality of mutually associated data blocks from the plurality of upgrade subfiles (para [0022], “…Once the file has been divided into chunks, for each chunk, a hash is computed and indexed in the local chunk index 104. The hash for each chunk is associated with the location information for the chunk, for example, a file identifier and offset, so that, based upon the indexed hash, the location information for the chunk can be identified. In some embodiments the hash is a strong cryptographic hash (e.g., SHA-256) of the content of the chunk, although in other embodiments, other hashes and/or other identifiers may be incorporated” wherein the SHA-256 reads on a second key. For motivation to combine, please refer to office action regarding claim 1) ; Thus, the combination of Matyas and Calkowski teaches and  55Docket No. HW749217 the generating, by the vehicle-mounted control device, a plurality of mutually associated data blocks from the plurality of upgrade subfiles a preset algorithm, the plurality of mutually associated data blocks from the plurality of upgrade subfiles that are encrypted using the third key. 

Regarding claim 10 (Currently amended), UJIIE teaches An intelligent vehicle, wherein the intelligent vehicle comprises a vehicle-mounted control device and at least one to-be-upgraded vehicle-mounted device (Fig. 1), wherein 
the vehicle-mounted control device is configured to obtain a vehicle-mounted upgrade package (para [0130], “…and the gateway 300 receives the FW update information (step S1106b)” wherein the gateway 300 reads on the control device. para [0128], “…decides one or more pieces of updated firmware to deliver to the gateway 300 (step S1101)….” wherein a piece of firmware reads on an upgrade file), perform security verification on a plurality of upgrade files in the vehicle-mounted upgrade package (para [0131], “After receiving the FW update information, the gateway 300 verifies the signature of the FW update information (FW update information signature) with the signature verifying unit 373 (step S1107).”), responsive to determining that that the security verification on the plurality of upgrade files succeeds (para [0131], “… If the verification is successful, the gateway 300 conducts a FW update control process …”), [generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files, generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key,]
UJIIE does not explicitly teach 
generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files, generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key,
and send the plurality of mutually associated data blocks that carry the first MAC to a target to-be-upgraded vehicle-mounted device that is to be upgraded, wherein each upgrade file of the plurality of upgrade files is used to upgrade the at least one to-be-upgraded vehicle-mounted device; and 
the target to-be-upgraded vehicle-mounted device is configured to receive the plurality of mutually associated data blocks that carry the first MAC sent by the vehicle-mounted control device, perform verification on the plurality of mutually associated data blocks using the second key, in case that all the plurality of mutually associated data blocks are verified, combine the plurality of sequentially verified data blocks for upgrade to generate a combined file and perform a secure upgrade using the combined file.
Calkowski teaches 
generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files (para [0022], “…Once the file has been divided into chunks, for each chunk, a hash is computed and indexed in the local chunk index 104. The hash for each chunk is associated with the location information for the chunk, for example, a file identifier and offset, so that, based upon the indexed hash, the location information for the chunk can be identified. …” wherein the indexed hash indicates that the chunks are mutually associated),
and send the plurality of mutually associated data blocks that carry the first MAC to a target to-be-upgraded vehicle-mounted device that is to be upgraded, wherein each upgrade file of the plurality of upgrade files is used to upgrade the at least one to-be-upgraded vehicle-mounted device (para [0023], “…In this manner, the CDCSS builds up the patch 110 sequentially by examining the file, chunk by chunk. As a result, the patch 110 can be forwarded (e.g., sent, transferred, communicated, etc.) to a recipient in parts as it is created (or, in some embodiments, after the whole patch is computed) to be processed sequentially…” para [0022] teaches indexed hash is computed for each chunk, wherein the hash is analogous to the first MAC in that it serves verification purposes),
the target to-be-upgraded vehicle-mounted device is configured to receive the plurality of mutually associated data blocks that carry the first MAC sent by the vehicle-mounted control device (para [0059], “Blocks 705 through 713 implement a loop for processing each segment of the patch…” the sender (e.g. server) is analogous to the control device), perform verification on the plurality of mutually associated data blocks using the second key (para [0063], “…in block 710 the logic retrieves the referred to data, computes its own hash value for the retrieved data, and then compares the computed hash to a hash value stored with the patch record that provided a reference to the data. In this manner, the logic is able to verify that the data found matches that specified by the patch…” one of ordinary skill in the art understands that to compute a hash value a key is needed and the key reads on the second key), in case that all the plurality of mutually associated data blocks are verified, combine the plurality of sequentially verified data blocks for upgrade to generate a combined file and perform a secure upgrade using the combined file (para [0065], “In block 713, the logic concatenates (appends) the processed patch segment to the patch being cached…” Fig. 7, steps 705 determines if more segments to be processed, if not the file is assembled).
UJIIE and Calkowski are analogous art because both deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE and Calkowski before him/her before the effective filing date of the claimed invention, to incorporate the features of Calkowski into UJIIE because Calkowski’s teaching provides enhanced “techniques for synchronizing content, such as a file, between one or more clients (e.g., client computing systems) and one or more servers (e.g., server computing systems).” (Calkowski, para [0013]).
None of UJIIE and Calkowski explicitly teaches 
generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key,
Matyas teaches 
generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key (col 15, lines 7-16, “… the personal key client may generate a MAC (message authentication code) on the unencrypted content of the file (block 514). For example, the personal key client may utilize ki and a strong collision-resistant one-way hash function such as SHA-1 to generate the MAC. That is, MAC=Hash(file, ki). …” wherein ki reads on the second key. col 14, lines 17-21, “The personal key client encrypts ke, and, optionally, ki and a hash of ke, ki with k using, for example, a symmetric-key encryption algorithm (such as DES, Triple-DES, RC5, etc)(block 508).….” wherein ki which reads on the second key is a symmetric algorithm key);
The combination of UJIIE and Calkowski along with Matyas are analogous art because all deal with updating software/firmware of devices and authenticating data.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski and Matyas before him/her before the effective filing date of the claimed invention, to incorporate the features of Matyas into UJIIE and Calkowski because Matyas’ teaching provides techniques that allow “data recovery to be done in pieces” (Matyas, col 15, lines 7-16).

Regarding claim 11 (Original), UJIIE as modified by Calkowski and Matyas teaches The intelligent vehicle according to claim 10, UJIIE further teaches wherein the vehicle-mounted control device is configured to: 
perform digital signature verification on the plurality of upgrade files using a first digital signature (para [0044], “…and the first process is a process of verifying the signature…”).

Regarding claim 14 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The intelligent vehicle according to claim 10, Matyas further teaches wherein the vehicle-mounted control device is configured to: 
encrypt each of the plurality of upgrade subfiles using a third key (col 16, lines 8-11, “…the personal key client also encrypts the content of the file with ke using a symmetric-key encryption algorithm (such as DES, Triple-DES, RC5, etc)(block 518)….” For motivation to combine, please refer to office action regarding claim 10), 
…, decrypt each of the plurality of sequentially verified data blocks using the third key (col 2, lines 36-58, “…The personal key client generates the personal key from the password, decrypts the recovered encrypted encryption key with the personal key to recover the encryption key and decrypts the encrypted digital data with the recovered encryption key….”),
Calkowski teaches 
and generate, using the preset algorithm, the plurality of mutually associated data blocks from the plurality of upgrade subfiles that are encrypted using the third key (para [0022], “…Once the file has been divided into chunks, for each chunk, a hash is computed and indexed in the local chunk index 104. The hash for each chunk is associated with the location information for the chunk, for example, a file identifier and offset, so that, based upon the indexed hash, the location information for the chunk can be identified. In some embodiments the hash is a strong cryptographic hash (e.g., SHA-256) of the content of the chunk, although in other embodiments, other hashes and/or other identifiers may be incorporated” wherein the SHA-256 reads on a third key. For motivation to combine, please refer to office action regarding claim 10); and 
the target to-be-upgraded vehicle-mounted device is configured to: 
responsive to determining that all the plurality of data blocks are verified (para [0065], “In block 713, the logic concatenates (appends) the processed patch segment to the patch being cached…” Fig. 7, steps 705 determines if more segments to be processed, if not the file is assembled), (decrypt each of the plurality of sequentially verified data blocks using the third key), and combine the plurality of data blocks that are decrypted using the third key for upgrade (para [0065], “In block 713, the logic concatenates (appends) the processed patch segment to the patch being cached…” Fig. 7, steps 705 determines if more segments to be processed, if not the file is assembled).

Regarding claim 16 (Currently Amended), UJIIE teaches A vehicle-mounted device upgrade apparatus (Fig. 3, Gateway), comprising: 
a processor (Fig. 3, processing unit, e.g. 370), configured to obtain a vehicle-mounted upgrade package from an upgrade server, wherein the vehicle-mounted upgrade package comprises a plurality of upgrade files, and each upgrade file of the plurality of upgrade files is used to upgrade at least one to-be-upgraded vehicle-mounted device (para [0130], “…and the gateway 300 receives the FW update information (step S1106b)” wherein the gateway 300 reads on the control device. para [0128], “…decides one or more pieces of updated firmware to deliver to the gateway 300 (step S1101)….” wherein a piece of firmware reads on an upgrade file); 
and the processor further configured to perform security verification on the plurality of upgrade files (para [0131], “After receiving the FW update information, the gateway 300 verifies the signature of the FW update information (FW update information signature) with the signature verifying unit 373 (step S1107).”), responsive to determining that the security verification on the plurality of upgrade files succeeds (para [0131], “… If the verification is successful, the gateway 300 conducts a FW update control process …”), [generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files and generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key;] 
UJIIE does not explicitly teach 
generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files and generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key;
a transceiver, configured to send the plurality of mutually associated data blocks that carry the first MAC.
Calkowski teaches 
generate a plurality of mutually associated data blocks from a plurality of upgrade subfiles in each upgrade file of the plurality of upgrade files (para [0022], “…Once the file has been divided into chunks, for each chunk, a hash is computed and indexed in the local chunk index 104. The hash for each chunk is associated with the location information for the chunk, for example, a file identifier and offset, so that, based upon the indexed hash, the location information for the chunk can be identified. …” wherein the indexed hash indicates that the chunks are mutually associated);
a transceiver, configured to send the plurality of mutually associated data blocks that carry the first MAC to a target to-be-upgraded vehicle-mounted device that is to be upgraded (para [0023], “…In this manner, the CDCSS builds up the patch 110 sequentially by examining the file, chunk by chunk. As a result, the patch 110 can be forwarded (e.g., sent, transferred, communicated, etc.) to a recipient in parts as it is created (or, in some embodiments, after the whole patch is computed) to be processed sequentially…” wherein forwarding indicates that a transceiver is configured to send. para [0022] teaches indexed hash is computed for each chunk, wherein the hash is analogous to the first MAC in that it serves verification purposes).
UJIIE and Calkowski are analogous art because both deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE and Calkowski before him/her before the effective filing date of the claimed invention, to incorporate the features of Calkowski into UJIIE because Calkowski’s teaching provides enhanced “techniques for synchronizing content, such as a file, between one or more clients (e.g., client computing systems) and one or more servers (e.g., server computing systems).” (Calkowski, para [0013]).
None of UJIIE and Calkowski explicitly teaches 
generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key;
Matyas teaches 
generate a first message authentication code (MAC) of the plurality of mutually associated data blocks using a second key, wherein the second key is a symmetric algorithm key (col 15, lines 7-16, “… the personal key client may generate a MAC (message authentication code) on the unencrypted content of the file (block 514). For example, the personal key client may utilize ki and a strong collision-resistant one-way hash function such as SHA-1 to generate the MAC. That is, MAC=Hash(file, ki). …” wherein ki reads on the second key. col 14, lines 17-21, “The personal key client encrypts ke, and, optionally, ki and a hash of ke, ki with k using, for example, a symmetric-key encryption algorithm (such as DES, Triple-DES, RC5, etc)(block 508).….” wherein ki which reads on the second key is a symmetric algorithm key);
The combination of UJIIE and Calkowski along with Matyas are analogous art because all deal with updating software/firmware of devices and authenticating data.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski and Matyas before him/her before the effective filing date of the claimed invention, to incorporate the features of Matyas into UJIIE and Calkowski because Matyas’ teaching provides techniques that allow “data recovery to be done in pieces” (Matyas, col 15, lines 7-16).

Regarding claim 17 (Original), UJIIE as modified by Calkowski and Matyas teaches The apparatus according to claim 16, UJIIE further teaches wherein the vehicle-mounted upgrade package comprises a first digital signature (para [0044], “A configuration is also possible in which the firmware update information includes a signature attached to the updated firmware…”); and the processor is configured to perform digital signature verification on the plurality of upgrade files using the first digital signature (para [0044], “…and the first process is a process of verifying the signature…”).

Claims 3 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over UJIIE in view of Calkowski and Matyas as applied to claims 2 and 17 respectively, in further view of Hrabak et al (US 20190075423 A1, hereinafter, “Hrabak”).

Regarding claim 3 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 2, but does not explicitly teach wherein the method further comprises: 
sending, by the vehicle-mounted control device, identity authentication information to an upgrade server; and 
responsive to determining that the identity authentication information is authenticated by the upgrade server, establishing a secure channel between the vehicle-mounted control device and the upgrade server; and 
wherein the obtaining, by the vehicle-mounted control device, [[a]] the vehicle-mounted upgrade 54Docket No. HW749217 package comprises: 
obtaining, by the vehicle-mounted control device, the vehicle-mounted upgrade package from the upgrade server through the secure channel.
Hrabak teaches wherein the method further comprises: 
sending, by the vehicle-mounted control device, identity authentication information to an upgrade server (para [0077], “…The vehicle wireless communications device 30 can receive the connection request message and then respond by sending a connection confirmation message to the location-based device 90…” wherein the vehicle wireless communications device 30 reads on the control device, and the location-based device 90 reads on an upgrade server, the request and respond messages include identity authentication information, refer to other part of para [0077]); and 
responsive to determining that the identity authentication information is authenticated by the upgrade server, establishing a secure channel between the vehicle-mounted control device and the upgrade server (para [0077], “…The connection request message, the connection confirmation message, and/or the one or more communications (collectively, "connection establishment messages") can be a part of an authentication handshake that is carried out by the devices in order to establish a secure connection….”); and 
wherein the obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade 54Docket No. HW749217 package comprises: 
obtaining, by the vehicle-mounted control device, the vehicle-mounted upgrade package from the upgrade server through the secure channel (para [0079], “In step 330, data is transferred between the location-based wireless communications device and the vehicle over the SRWC connection…”).
The combination of UJIIE, Calkowski, Matyas and Hrabak are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Hrabak before him/her before the effective filing date of the claimed invention, to incorporate the features of Hrabak into UJIIE, Calkowski and Matyas because Hrabak’s teaching provides secure connection for communication between devices (Hrabak, para [0077]).

Regarding claim 18 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The apparatus according to claim 17, but does not explicitly teach wherein the processor is further configured to: 
send identity authentication information to the upgrade server; and 
responsive to determining that the identity authentication information is authenticated by the upgrade server, establish a secure channel via the transceiver between the vehicle-mounted control device and the upgrade server; and 
obtain the vehicle-mounted upgrade package from the upgrade server through the secure channel.
Hrabak teaches wherein the processor is further configured to: 
send identity authentication information to the upgrade server (para [0077], “…The vehicle wireless communications device 30 can receive the connection request message and then respond by sending a connection confirmation message to the location-based device 90…” wherein the vehicle wireless communications device 30 reads on the control device, and the location-based device 90 reads on an upgrade server, the request and respond messages include identity authentication information, refer to other part of para [0077]); and 
responsive to determining that the identity authentication information is authenticated by the upgrade server, establish a secure channel via the transceiver between the vehicle-mounted control device and the upgrade server (para [0077], “…The connection request message, the connection confirmation message, and/or the one or more communications (collectively, "connection establishment messages") can be a part of an authentication handshake that is carried out by the devices in order to establish a secure connection….”); and 
obtain the vehicle-mounted upgrade package from the upgrade server through the secure channel (para [0079], “In step 330, data is transferred between the location-based wireless communications device and the vehicle over the SRWC connection…”).
The combination of UJIIE, Calkowski, Matyas and Hrabak are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Hrabak before him/her before the effective filing date of the claimed invention, to incorporate the features of Hrabak into UJIIE, Calkowski and Matyas because Hrabak’s teaching provides secure connection for communication between devices (Hrabak, para [0077]).

Claims 4, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over UJIIE in view of Calkowski and Matyas as applied to claims 2 and 17 respectively, in further view of Lee et al (US 20150200804 A1, hereinafter, “Lee” cited from IDS filed 8/28/2020).

Regarding claim 4 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 2, UJIIE further teaches the performing, by the vehicle-mounted control device, digital signature verification on the plurality of upgrade files by using the first digital signature (para [0044] as cited for claim 2 above)  but does not explicitly teach 
wherein the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key; and the method further comprises: 
obtaining, by the vehicle-mounted control device, the first key from a key server; and 
after (the performing, by the vehicle-mounted control device, digital signature verification on the plurality of upgrade files by using the first digital signature,) the method comprises: 
decrypting, by the vehicle-mounted control device, the plurality of upgrade files using the first key responsive to determining that the digital signature verification succeeds.
Lee teaches 
wherein the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key (para [0032], “…to prevent update of modulated firmware, an electronic signature (e.g., symmetric key or asymmetric key) may be added to the firmware…”); and the method further comprises: 
obtaining, by the vehicle-mounted control device, the first key from a key server (para [0032] “…A private key in a server and a public key that corresponds to the private key in a controller may be used as an electronic signature method…” In a symmetric key case, one key (such as a private key) is used and is obtained from the server); and 
after (the performing, by the vehicle-mounted control device, digital signature verification on the plurality of upgrade files by using the first digital signature), the method comprises: 
decrypting, by the vehicle-mounted control device, the plurality of upgrade files using the first key responsive to determining that the digital signature verification succeeds (para [0032], “…When the server encrypts a hash value of firmware using the private key and adds the encrypted hash value to the firmware, the authentication medium may be configured to authenticate the firmware by comparing a hashed value of the received firmware to a value acquired by decrypting the received encrypted hash value using the public key”).
The combination of UJIIE, Calkowski and Matyas along with Lee are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Lee before him/her before the effective filing date of the claimed invention, to incorporate the features of Lee into UJIIE, Calkowski and Matyas because Lee’s teaching provides “more efficient reprogramming and a control method” (Lee, para [0012]).

Regarding claim 19 (Original), UJIIE as modified by Calkowski and Matyas teaches The apparatus according to claim 17, UJIIE further teaches digital signature verification is performed on the plurality of upgrade files using the first digital signature (para [0044] as cited for claim 2 above)  but does not explicitly teach 
wherein the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key; and the processor is further configured to: 
obtain the first key from a key server; and 
after (digital signature verification is performed on the plurality of upgrade files using the first digital signature), decrypt, for the vehicle-mounted control device, the plurality of upgrade files using the first key when the digital signature verification succeeds.
Lee teaches 
wherein the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key (para [0032], “…to prevent update of modulated firmware, an electronic signature (e.g., symmetric key or asymmetric key) may be added to the firmware…”); and the processor is further configured to: 
obtain the first key from a key server (para [0032] “…A private key in a server and a public key that corresponds to the private key in a controller may be used as an electronic signature method…” In a symmetric key case, one key (such as a private key) is used and is obtained from the server); and 
after (digital signature verification is performed on the plurality of upgrade files using the first digital signature), decrypt, for the vehicle-mounted control device, the plurality of upgrade files using the first key when the digital signature verification succeeds (para [0032], “…When the server encrypts a hash value of firmware using the private key and adds the encrypted hash value to the firmware, the authentication medium may be configured to authenticate the firmware by comparing a hashed value of the received firmware to a value acquired by decrypting the received encrypted hash value using the public key”).
The combination of UJIIE, Calkowski and Matyas along with Lee are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Lee before him/her before the effective filing date of the claimed invention, to incorporate the features of Lee into UJIIE, Calkowski and Matyas because Lee’s teaching provides “more efficient reprogramming and a control method” (Lee, para [0012]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over UJIIE in view of Calkowski and Matyas as applied to claim 1, and in further view of Shah et al (US 20160092701 A1, hereinafter, “Shah”).

Regarding claim 8 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 1, but does not explicitly teach wherein the preset algorithm comprises [[any]] one of a hash chain algorithm, a hash tree algorithm, [[and]] or a bloom filter algorithm.
Shah teaches 
wherein the preset algorithm comprises [[any]] one of a hash chain algorithm, a hash tree algorithm, [[and]] or a bloom filter algorithm (para [0009], “…The method further includes generating a hash tree associated with the updated data blocks of the block device,…”).
The combination of UJIIE, Calkowski and Matyas along with Shah are analogous art because all deal with updating software/firmware of devices and authenticating data.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Shah before him/her before the effective filing date of the claimed invention, to incorporate the features of Shah into UJIIE, Calkowski and Matyas because Shah’ teaching provides techniques for “efficiently verifying the data integrity of block devices” (Shah, para [0004-0005]).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over UJIIE in view of Calkowski and Matyas as applied to claim 1, and in further view of Loring et al (US 20170351666 A1, hereinafter, “Loring”).

Regarding claim 9 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The method according to claim 1, but does not explicitly teach wherein the method further comprises:  56Docket No. HW749217 
retransmitting, by the vehicle-mounted control device, a target data block to the target to-be-upgraded vehicle-mounted device, wherein the target data block is a data block on which verification fails on the target to-be-upgraded vehicle-mounted device in the plurality of mutually associated data blocks.
Loring teaches wherein the method further comprises:  56Docket No. HW749217 
retransmitting, by the vehicle-mounted control device, a target data block to the target to-be-upgraded vehicle-mounted device, wherein the target data block is a data block on which verification fails on the target to-be-upgraded vehicle-mounted device in the plurality of mutually associated data blocks (para [0022], “…the method further comprises resending segments whose hash information determined at the second computer network file system is different than the hash information determined at the first computer network file system.” wherein the first computer network file system reads on the control device, and the second computer network file system is analogous to the target device).
The combination of UJIIE, Calkowski and Matyas along with Loring are analogous art because all deal with updating software/firmware of devices and authenticating data.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Loring before him/her before the effective filing date of the claimed invention, to incorporate the features of Loring into UJIIE, Calkowski and Matyas because Loring’ teaching provides techniques for re-sending a particular file segment if the particular file segment is received with an error or flaw (Loring, para [0022]).

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over UJIIE in view of Calkowski and Matyas as applied to claim 11, in further view of Hrabak and Lee.

Regarding claim 12 (Currently Amended), UJIIE as modified by Calkowski and Matyas teaches The intelligent vehicle according to claim 11, but does not explicitly teach wherein the vehicle-mounted control device is configured to: 
send identity authentication information to an upgrade server, and responsive to determine that the identity authentication information is authenticated by the upgrade server, establish a secure channel between the vehicle-mounted control device and the upgrade server, and obtain the vehicle-mounted upgrade package from the upgrade server through the secure channel; or  57Docket No. HW749217 
the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key; and the vehicle-mounted control device is configured to: 
obtain the first key from a key server, and after digital signature verification performed on the plurality of upgrade files using the first digital signature succeeds, decrypt the plurality of upgrade files using the first key.
Hrabak teaches wherein the vehicle-mounted control device is configured to: 
send identity authentication information to an upgrade server (para [0077], “…The vehicle wireless communications device 30 can receive the connection request message and then respond by sending a connection confirmation message to the location-based device 90…” wherein the vehicle wireless communications device 30 reads on the control device, and the location-based device 90 reads on an upgrade server, the request and respond messages include identity authentication information, refer to other part of para [0077]), and responsive to determine that the identity authentication information is authenticated by the upgrade server, establish a secure channel between the vehicle-mounted control device and the upgrade server (para [0077], “…The connection request message, the connection confirmation message, and/or the one or more communications (collectively, "connection establishment messages") can be a part of an authentication handshake that is carried out by the devices in order to establish a secure connection….”), and obtain the vehicle-mounted upgrade package from the upgrade server through the secure channel (para [0079], “In step 330, data is transferred between the location-based wireless communications device and the vehicle over the SRWC connection…”);  
The combination of UJIIE, Calkowski and Matyas along with Hrabak are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas and Hrabak before him/her before the effective filing date of the claimed invention, to incorporate the features of Hrabak into UJIIE, Calkowski and Matyas because Hrabak’s teaching provides secure connection for communication between devices (Hrabak, para [0077]).
None of UJIIE, Calkowski, Matyas and Hrabak explicitly teaches (Examiner Note: this claim has two parts separated by the “or”, the office action is required to address one of them although both are addressed in this office action) or
the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key; and the vehicle-mounted control device is configured to: 
obtain the first key from a key server, and after digital signature verification performed on the plurality of upgrade files using the first digital signature succeeds, decrypt the plurality of upgrade files using the first key.
Lee teaches 
the vehicle-mounted upgrade package is encrypted using a first key, and the first key is a symmetric key (para [0032], “…to prevent update of modulated firmware, an electronic signature (e.g., symmetric key or asymmetric key) may be added to the firmware…”); and the vehicle-mounted control device is configured to: 
obtain the first key from a key server (para [0032] “…A private key in a server and a public key that corresponds to the private key in a controller may be used as an electronic signature method…” In a symmetric key case, one key (such as a private key) is used and is obtained from the server), and after digital signature verification performed on the plurality of upgrade files using the first digital signature succeeds, decrypt the plurality of upgrade files using the first key (para [0032], “…When the server encrypts a hash value of firmware using the private key and adds the encrypted hash value to the firmware, the authentication medium may be configured to authenticate the firmware by comparing a hashed value of the received firmware to a value acquired by decrypting the received encrypted hash value using the public key”). 
The combination of UJIIE, Calkowski, Matyas and Hrabak along with Lee are analogous art because all deal with updating software/firmware of devices.
Therefore, it would have been obvious to one of ordinary skill in the art, having the teachings of UJIIE, Calkowski, Matyas, Hrabak and Lee before him/her before the effective filing date of the claimed invention, to incorporate the features of Lee into UJIIE, Calkowski, Matyas and Hrabak because Lee’s teaching provides “more efficient reprogramming and a control method” (Lee, para [0012]).

Response to Arguments
Applicant's arguments regarding art rejections filed 4/12/2022 have been fully considered but they are not persuasive. 
On p10 last two paragraphs to p11 first two paragraphs of the Remarks, Applicant argued that ‘Calkowski fails to disclose “a plurality of mutually associated data blocks”.’ 
Examiner respectfully disagrees, because, Calkowski teaches (para [0022] as cited for office action above) generating a hash for each chunk, and the hash is indexed and is associated with the location information for the chunk. The index and the location information indicate that the chunks are mutually associated. 
On p11 last two paragraphs to p12 first paragraph of the Remarks, Applicant argued that ‘Calkowski is silent about “generating a first message authentication code (MAC)”.’ and that ‘Matayas fails to disclose above features either.’
Examiner respectfully disagrees, because, Calkowski teaches generating a hash for each chunk wherein the hash is analogous to a message authentication code. Further, Matayas reaches the feature, see Matayas, col 15, lines 7-16, and col 14, lines 17-21 as cited for the office above. 
On p12 of the Remarks, Applicant argued that the combination of the cited references does not render claim 1 obvious, independent claims 10 and 16 are similarly not obvious over the cited references, dependent claims are patentable because of their dependencies from their respective independent claims.
Examiner respectfully disagrees, because, as explained in previous paragraphs, the cited references teach the claim features under discussion, hence, the independent claims are rejected, dependent claims are similarly rejected.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. HAKUTA et al is cited for teaching in-vehicle information communication system and authentication method
.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zengpu Wei whose telephone number is 571-270-1302. The examiner can normally be reached on Monday to Friday from 8:00AM to 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sam Sough, can be reached on 5712726799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

/Zengpu Wei/
Examiner, Art Unit 2192


/ZIAUL A CHOWDHURY/Primary Examiner, Art Unit 2192                                                                                                                                                                                                                                               06/03/2022