DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement filed February 11, 2021 has been placed in the application file and the information referred to therein has been considered as to the merits.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 7-8, 11-13 and 17-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US patent publication 20090045910 granted to Zoller et al.
Regarding claim 1, Zoller meets the claimed limitations as follows:
“An automotive gateway, comprising: 
	one or more interfaces for communicating with electronic subsystems of a vehicle;” see paragraph [0022] (. . . the third-party application servers 125 interface with the integration module 155 to provide infotainment, entertainment and/or telematics application services to the platform 105.) and Figure 1.
	“and one or more processors, configured to host one or more guest applications and to control communication traffic between the one or more guest applications and the electronic subsystems of the vehicle in accordance with a security policy.” see paragraph [0036] (. . . The security provisioning module 515 functions as an interface for re-configuring of platform security policies.) and Figures 1. 
Regarding claim 2, Zoller meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to selectively grant or deny
transfer of data from an electronic subsystem of the vehicle to a guest application.” see paragraph [0042] (. . . a determination may be made (e.g., by the security module 140 of FIG. 3) as to whether the onboard vehicle system (or its user) has the requisite access rights for the requested third-party application. If not, process may continue to block 730 where the onboard vehicle system is notified of the fact that the request will not be processed due to a lack of access rights. If, on the other hand, the onboard vehicle system does have the necessary access rights, process 700 moves to block 740.).
Regarding claim 3, Zoller meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to selectively grant or deny a
request from a quest application to control an electronic subsystem of the vehicle.” see paragraph [0042] (. . . a determination may be made (e.g., by the security module 140 of FIG. 3) as to whether the onboard vehicle system (or its user) has the requisite access rights for the requested third-party application. If not, process may continue to block 730 where the onboard vehicle system is notified of the fact that the request will not be processed due to a lack of access rights. If, on the other hand, the onboard vehicle system does have the necessary access rights, process 700 moves to block 740.).
Regarding claim 7, Zoller meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to authenticate data downloaded from outside the vehicle.” see paragraph [0030] and Figure 3, element 140.
Regarding claim 8, Zoller meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to permit data flow from an
electronic subsystem of the vehicle to a guest application, and to prevent data flow from the guest application to the electronic subsystem.” see paragraph [0042].

Claims 11-13 and 17-18 are method claims that are substantially equivalent to automotive gateway claims 1-3 and 7-8. Therefore claims 11-13 and 17-18 are rejected by a similar rationale. 


Claims 1-5, 8, and 11-15 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US patent publication 20170134788 granted to Lee.
Regarding claim 1, Lee meets the claimed limitations as follows:
“An automotive gateway, comprising: 
	one or more interfaces for communicating with electronic subsystems of a vehicle;” see paragraph [0011] (. . . the smartphone and the vehicle AVN system are connected to each other using a physical communication means such as a universal serial bus (USB) or Wi-Fi, and the vehicle AVN system decodes, renders, and outputs received data such as video or audio when the smartphone transmits the data. In addition, the vehicle AVN system may transmit, to the smartphone, input data input through an included input means such as a touch screen . . .) and Figure 1.
	“and one or more processors, configured to host one or more guest applications and to control communication traffic between the one or more guest applications and the electronic subsystems of the vehicle in accordance with a security policy.” see paragraph [0059] (. . .  the hypervisor 360 may maintain vehicle security by preventing hardware for in-vehicle communication such as a CAN from being used by the guest process/the smartphone linkage application 340. For example, the hypervisor 360 may exclude a CAN communication resource fatal to vehicle security from a virtualization resource, and include at least one of a display resource, an input resource, an audio resource, and a USB/Wi-Fi resource in the virtualization resource. However, this is merely an example, and it should be noted that the virtualization resource may be different according to a vehicle security policy of a vehicle OEM and a providable function of linking the vehicle AVN system and the smartphone). 
Regarding claim 2, Lee meets the claimed limitations as follows:
“2. The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to selectively grant or deny
transfer of data from an electronic subsystem of the vehicle to a guest application.
Regarding claim 3, Lee meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to selectively grant or deny a
request from a quest application to control an electronic subsystem of the vehicle.” see paragraph [0066] (. . .  the hypervisor 470 may prevent vehicle security threat through the smartphone linkage application by restricting access to a hardware resource, which enables access to an electronic control device in the vehicle, such as a CAN by the guest operating system 450.).
Regarding claim 4, Lee meets the claimed limitations as follows:
“The automotive gateway according to claim 3, wherein the one or more processors are configured to deny the request when the request, or the electronic subsystem, has
an impact on vehicle safety.” see paragraphs [0012] (. . . there has been a problem of poor security in a vehicle since the smartphone linkage application shares a hardware resource such as a controller area network (CAN) without a separate restriction.); [0013] (. . .  In particular, referring to the function of linking the vehicle AVN system and the smartphone, due to different characteristics between the smartphone which puts emphasis on convenience/availability and the vehicle which puts emphasis on safety, respectively, vehicle safety may be endangered if the smartphone linkage application shares AVN hardware without a separate restriction even when the vehicle requires a higher level of safety than the smartphone) and [0066].
Regarding claim 5, Lee meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein the guest applications comprise Virtual Machines (VMs), and wherein the one or more processors are configured to run a hypervisor that controls the communication traffic of the VMs in accordance with the security policy.” see paragraph [0059] (. . .  the hypervisor 360 may maintain vehicle security by preventing hardware for in-vehicle communication such as a CAN from being used by the guest process/the smartphone linkage application 340. For example, the hypervisor 360 may exclude a CAN communication resource fatal to vehicle security from a virtualization resource, and include at least one of a display resource, an input resource, an audio resource, and a USB/Wi-Fi resource in the virtualization resource. However, this is merely an example, and it should be noted that the virtualization resource may be different according to a vehicle security policy of a vehicle OEM and a providable function of linking the vehicle AVN system and the smartphone).
Regarding claim 8, Lee meets the claimed limitations as follows:
“The automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to permit data flow from an
electronic subsystem of the vehicle to a guest application, and to prevent data flow from the guest application to the electronic subsystem.” see paragraph [0059].

Claims 11-15 and 18 are method claims that are substantially equivalent to automotive gateway claims 1-5 and 8. Therefore claims 11-15 and 18 are rejected by a similar rationale.

Allowable Subject Matter
Claims 6, 9-10, 16 and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  
With respect to claim 6, the cited prior art fails to specifically teach the automotive gateway according to claim 1, wherein the one or more processors are configured to expose to the guest applications an Application Programming Interface (API) that complies with the security policy.
	With respect to claim 9, the cited prior art fails to specifically teach the automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to protect the electronic
subsystems from ransomware.
With respect to claim 10, the cited prior art fails to specifically teach the automotive gateway according to claim 1, wherein, in accordance with the security policy, the one or more processors are configured to prevent data sharing between at least first and second guest applications among the guest applications.
With respect to claim 16, the cited prior art fails to specifically teach the method according to claim 11, wherein controlling the communication traffic comprises exposing to the guest applications an Application Programming Interface (API) that complies with the security policy.
With respect to claim 19, the cited prior art fails to specifically teach the method according to claim 11, wherein controlling the communication traffic comprises protecting the electronic subsystems from ransomware.
With respect to claim 20, the cited prior art fails to specifically teach the method according to claim 11, wherein controlling the communication traffic comprises preventing data sharing between at least first and second guest applications among the guest applications.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437