DETAILED ACTION
This action is in response to the application filed on 4/23/2021.
Claims 1-20 are pending in this application.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US Patent Application Publication 2019/0187971A1, Wang hereinafter) in view of  Kruger (US Patent Application Publication 2020/0177561A1).
As to claim 1, Wang teaches a computer-implemented method for providing secure remote software updates to a cyber-physical systems (CPS) device (e.g. autonomous vehicle, see Figs. 7 and 8 and associated text), the method comprising: 
having, at a first server (e.g. update provider server), data used to update software of at least one CPS device (see e.g. [0082] - the firmware update process can begin when the update provider server 705 generates a firmware update package 715 to be provided to one or more vehicles. This firmware update package can comprise an image of all firmware to be updated or flashed on the recipient vehicle;
 converting the data into a first format (i.e. generating encrypted package, see e.g. [0083] -Once the update package 715 has been generated, it can be pre-processed and encrypted with a version-specific key for that particular update version or distribution; 
transmitting the data in the first format from the first server to the second server (e.g. content distribution server, See e.g. [0081] - The content distribution server 705 or CDN can be used to distribute update packages 715 generated, encrypted, and signed by the update provider server 705 and [0093] - This encrypted update package can be saved, provided to a content distribution network, or otherwise be made available for distribution to vehicles 100 to which the update should be applied
 identifying each CPS device that is authorized to receive a software update (see e.g. [0094] - Receiving 815 the trigger for the OTA firmware update can comprise receiving an indication of a period update check for the one or more target vehicles, receiving a request to push updates to the one or more target vehicles, or receiving a request from each of the one or more target vehicles to pull updates for the vehicle. Each target vehicle 100 of the one or more target vehicles can then be identified 820 based on the received trigger and a vehicle-specific key 710, i.e., a private key stored by the system and matching a private key stored on the vehicle 100, can be retrieved for each target vehicle 100. ; 
encrypting a software update package to ensure that the software update is decrypted by each CPS device that is authorized to receive the software update and is not decrypted by an CPS device that is not authorized to receive the software update (see e.g. [0078] - the present disclosure describes applying to firmware images distributed to one or more vehicles encryption that is unique to each update version. The encryption is also unique to each vehicle receiving the update. Embodiments of the present disclosure can also include determining and verifying the integrity of an available OTA firmware update prior to authorizing installation of the firmware update in a vehicle and [0094] - After the firmware update package 715 has been encrypted 810 and made available for distribution, an additional layer of encryption can be applied before the update package is distributed to a vehicle. More specifically, a vehicle-specific encryption can be applied to the key specific to the version for the firmware update and used to encrypt the firmware update package 715 using a key 710 specific to each of one or more target vehicles 100. This encryption can be applied on-the-fly or in real time just before or as the encrypted update package is provided to the target vehicle(s) 100; the applicant should also please note that this limitation of “ to ensure that the software update is decrypted by each CPS device that is authorized to receive the software update and is not decrypted by an CPS device that is not authorized to receive the software update” is intended use; a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim) and 
transmitting the encrypted software update package to each CPS device (see e.g. [0096] - After the vehicle-specific encryption has been applied 825 to the version-specific key used to encrypt 810 the update package 715, the encrypted update package 715 and the encrypted key specific to the version for the firmware update can be distributed 835 to the one or more target vehicles 100).

Wang does not specifically teach receiving, at a first server, data used to update software of at least one device or establishing a secure connection between the first server and a second server.
In an analogous art of updating software, however, Kruger teaches receiving, at a first server (e.g. packaging server), data used to update software of at least one device (See e.g. [0054] - the software update is assigned for installation on a particular vehicle 106, and is provided to the packaging server 104 by the author of the software update, establishing a secure connection between the first server and a second server (e.g. communication gateway server, See e.g. Fig.1 and associated text, e.g. [0023] - the communication between the communication gateway server 102 and the packaging server 104 may be encrypted using TLS, SSL, or any other cryptographic protocol for protecting the communication between the communication gateway server 102 and the packaging server 104 from eavesdropping), transmitting data in a first format from the first server to the second server (See e.g. [0071] - Once the software update has been encrypted, the packaging server 104 makes the encrypted software update and the set of metadata available as a software update package; the packaging server 104 may provide the software update package to the communication gateway server 102 for delivery to the OTA updater device 108 in the vehicle 106), and encrypting a software update package to ensure that the software update is decrypted by each CPS device that is authorized to receive the software update and is not decrypted by an CPS device that is not authorized to receive the software update (see e.g. [0054] - the software update is assigned for installation on a particular vehicle 106, and is provided to the packaging server 104 by the author of the software update to be encrypted in such a way that it can only be decrypted by the assigned particular vehicle 106, and only if the assigned particular vehicle 106 is validated by the communication gateway server 102.
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Wang to incorporate/implement the limitations as taught by Kruger in order to provide a safer and more reliable method/system of applying over-the-air software updates.

As to claim 2, Wang teaches wherein the first server is a supplier server (see e.g. [0080] this server 705 can provide any one or more application servers, web servers, and/or other servers as described above and may be provided and operated by a vehicle manufacturer, a third-party maintenance service provider, or other entity) and the second server is a customer server (See e.g. [0081] - the content distribution server 705 or CDN can be used to distribute the update packages 715 and/or certificates 730 over the network 352 to the vehicles 100 according to a schedule or on demand, but does not specifically teach wherein the first server is and the second server is secure over-the-air (SOTA). 
Kruger teaches wherein the first server is and the second server is secure over-the-air (SOTA) (See e.g. [0023] - the communication between the communication gateway server 102 and the packaging server 104 may be encrypted using TLS, SSL, or any other cryptographic protocol for protecting the communication between the communication gateway server 102 and the packaging server 104 from eavesdropping)).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Wang to incorporate/implement the limitations as taught by Kruger in order to provide a safer and more reliable method/system of applying over-the-air software updates.

As to claim 3, Wang also teaches wherein identifying each CPS device that is authorized to receive a software update comprises analyzing metadata associated with the software update package (see e.g. [0082] - each update package 715 can also include a manifest defining and describing the contents of the image and dependencies of the components therein. This manifest can therefore comprise a guide for the eventual proper installation of the firmware update in the recipient vehicle).
As to claim 4, Wang also teaches wherein encrypting the software update package comprises encrypting the software update package with an encryption key (See e.g. [0083] - Once the update package 715 has been generated, it can be pre-processed and encrypted with a version-specific key for that particular update version or distribution. Such encryption can comprise any of a variety of processes known in the art. For example, this version-specific encryption can comprise using a public-private key pair generated for each update version or distribution).
As to claim 5,  Wang also teaches wherein encrypting the software update package comprises encrypting the software update package with an encryption key that is further encrypted by a series of keys (See e.g. [0094] - After the firmware update package 715 has been encrypted 810 and made available for distribution, an additional layer of encryption can be applied before the update package is distributed to a vehicle. More specifically, a vehicle-specific encryption can be applied to the key specific to the version for the firmware update and used to encrypt the firmware update package 715 using a key 710 specific to each of one or more target vehicles 100).
As to claim 6, Kruger further teaches wherein transmitting the encrypted software update package to each CPS device comprises transmitting via a secure network (See e.g. [0023] - the communication between the communication gateway server 102 and the OTA updater device 108 may be encrypted using TLS, SSL, or any other cryptographic protocol for protecting the communication from eavesdropping).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Wang to incorporate/implement the limitations as taught by Kruger in order to provide a safer and more reliable method/system of applying over-the-air software updates.
As to claim 8, the limitations of claim 8 are substantially similar to the limitations of claim 1, and therefore is rejected for the reasons stated above.
As to claim 9, the limitations of claim 9 are substantially similar to the limitations of claim 2, and therefore is rejected for the reasons stated above.
As to claim 10, the limitations of claim 10 are substantially similar to the limitations of claim 3, and therefore is rejected for the reasons stated above.
As to claim 11, the limitations of claim 11 are substantially similar to the limitations of claim 4, and therefore is rejected for the reasons stated above.
As to claim 12, the limitations of claim 12 are substantially similar to the limitations of claim 5, and therefore is rejected for the reasons stated above.
As to claim 13, the limitations of claim 13 are substantially similar to the limitations of claim 6, and therefore is rejected for the reasons stated above.
As to claim 15, the limitations of claim 15 are substantially similar to the limitations of claim 1, and therefore is rejected for the reasons stated above.
As to claim 16, the limitations of claim 16 are substantially similar to the limitations of claim 2, and therefore is rejected for the reasons stated above.
As to claim 17, the limitations of claim 17 are substantially similar to the limitations of claim 3, and therefore is rejected for the reasons stated above.
As to claim 18, the limitations of claim 18 are substantially similar to the limitations of claim 4, and therefore is rejected for the reasons stated above.
As to claim 19, the limitations of claim 19 are substantially similar to the limitations of claim 5, and therefore is rejected for the reasons stated above.
As to claim 20, the limitations of claim 20 are substantially similar to the limitations of claim 6, and therefore is rejected for the reasons stated above.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US Patent Application Publication 2019/0187971A1, Wang hereinafter) in view of  Kruger (US Patent Application Publication 2020/0177561A1), as applied to claims 1 and 8 above, and further in view of Pry et al. (US Patent Application Publication 2019/0098494 A1, Pry hereinafter)
As to claim 7, Wang in view of Kruger teaches the limitations of claim 1, but does not specifically teach the secure network comprises at least one from among a Secure Actuation Smart Hub (SASH) or a Secure Management Device (SMD).
In an analogous art of updating software, however, Pry teaches a secure network comprises at least one [from among a Secure Actuation Smart Hub (SASH) or] a Secure Management Device (SMD) (see Fig.4 and associated text, e.g. [0048] -  During this process, a request to provision the device is made via inputting information including, for example, the User ID and the identification of the vitals device in encrypted form over secure back end 450 in communication with secure management services (“MS”) 470. MS 470 may preferably be a part of the secure back end 450 and access information from various platform services, through, for example, database server 471 (“Webserver/ API) that ensures what information can be read, written or modified depending on user permissions. The services may further include, for example, trusted vault 472, data storage management 473, data analysis server 474, mapping Hubs (Patients) 475, Webserver Authentication 476, Secure Gateway (for Hubs) 477, Secure Gateway (for internal personnel) 478 and Hub network management (updates, status) 479. As shown in FIG. 4, secure communication may include encrypted and secure communication of the private network interne 450 and network back end 470 with cloud service 430).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Wang in view of Kruger to incorporate/implement the limitations as taught by Pry in order to provide a more efficient method/system of secure communications during data management.

As to claim 14, the limitations of claim 14 are substantially similar to the limitations of claim 7, and therefore is rejected for the reasons stated above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENECA SMITH whose telephone number is (571)270-1651. The examiner can normally be reached Mon-Fri 8:00AM-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S Sough can be reached on 571-272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHENECA SMITH/Examiner, Art Unit 2192                                                                                                                                                                                                        




/GEOFFREY R ST LEGER/Primary Examiner, Art Unit 2192