DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This notice of allowance is in response to applicant’s claims 1-14 filed April 30, 2021 for examination. Claims 1-14 are pending allowed.
3.	Preliminary amendment to the specification, abstract, and claims, filed April 30, 2021 has been acknowledged.
4.	The drawings filed on April 30, 2021 have been accepted.
5.	The information disclosure statement filed 04/30/2021 has been placed in the application file and the information referred to therein has been considered as to the merits.
	
ALLOWABLE SUBJECT MATTER
	6.	Claims 1-14 are allowed over prior arts of record.

EXAMINER’S STATEMENT OF REASONS FOR ALLOWANCE
The following is an Examiner’s statement of reasons for the indication of allowable subject matter; the claims are allowable because the examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of the said prior arts.
7.	Regarding the claimed terms, the Examiner notes that a “general term must be understood in the context in which the inventor presents it.” In re Glaug 283 F.3d 1335, 1340, 62 USPQ2d 1151, 1154 (Fed. Cir. 2002). Therefore the Examiner must interpret the claimed terms as found on the specification of the instant application. Clearly almost all the general terms in the claims may have multiple meanings. So where a claim term "is susceptible to various meanings,...the inventor's lexicography must prevail.... " Id. Using these definitions for the claims, the claimed invention was not reasonably found in the prior art.
8.	Prior art US 11,177,953B2 (Zeh et al.) has been found to teach “an authentication system includes a microcontroller having a unique identifier (ID) and a first key pair including a microcontroller secret key and a microcontroller public key. The microcontroller is configured to store the unique ID, the first key pair, a digital signature of the unique ID, the digital signature being generated using an external secret key of a second key pair, and a digital certificate of the microcontroller public key that is signed by the external secret key of the second key pair. The second key pair includes the external secret key and an external public key. The authentication system further includes a controller configured to perform a first authenticity validation check on the unique ID using the external public key and perform a second authenticity validation check on the microcontroller public key using the external public key.”
Prior art Q. Pan and J. Tan, "A Dynamic Key Generation Scheme Based on CAN Bus," 2019 10th International Conference on Information Technology in Medicine and Education (ITME), 2019, pp. 564-569, doi: 10.1109/ITME.2019.00133. has been found to teach “With the widespread use of CAN bus, more and more security issues are exposed. Traditional fixed preset keys are easier to be cracked after long-term use, the risk of key leakage can be caused by physical intrusion; Assigning different keys to different ECUs also leads to extremely high cost of key management . In order to ensure the safety of CAN bus transmission and reduce the complexity of system, this paper proposes a dynamic key generation algorithm. All ECUs obtain their own transient values and current timestamps when the car starts, complete the generation of the master key MK by the ECC algorithm, and generate the current session key in combination with the timestamp to encrypt the message. When the car is turned off, all keys are deleted and regenerated next time when the car starts. It is verified by analysis that the generation scheme can effectively reduce the complexity of key management and improve key security.”
	Prior art US 2021/0328782A1 (David et al.) has been found to teach “a method for providing end-to-end communication security on controllers includes determining, by a controller, a fingerprint for the controller; generating, by the controller, a plurality of cryptographic keys using the fingerprint as a seed value, the plurality of cryptographic keys including, at least, a public key and a corresponding private key for the controller and a communications table key for the controller; and performing a remote attestation process with a remote computer system to validate the controller; in response to passing the remote attestation process, exchanging public cryptographic keys with each of a plurality of other controllers, each exchange having a corresponding identifier, wherein the controller is programmed to generate a plurality of symmetric keys for communication with the plurality of other controllers using the private key for the controller and the public keys received from the other controllers; creating, by the controller, a communication table that includes entries for the plurality of other controllers, the entries in the communication table including the corresponding identifiers and the public keys received from the other controllers; encrypting, by the controller, the communication table using the communications table key; and storing, by the controller, the encrypted communication table locally on the controller.” Para. 0008.
Prior art US 2020/0159930 A1 (Venkateswaran et al.) has been found to teach “a method includes, for each of one or more sensors, digitally signing, using a private key, a portion of data associated with a respective sensor of the one or more sensors such that the portion of data is associated with a digital signature. The method includes validating, by at least one processor, the digital signatures of the respective portion of data upon booting of each sensor. The method includes generating, by the at least one processor, at least one session key. The method includes encrypting, by the at least one processor, the at least one session key. The method includes sending, by the at least one processor, the at least one encrypted session key to the one or more sensors after booting of the one or more sensors, wherein each of the booted one or more sensors receives the at least one session key and decrypts at least one session key using the at least one processor. The method includes sending, by the one or more sensors, sensor data to the at least one processor, the sensor data including a message authentication code generated using the at least one session key. The method includes validating, by the at least one processor, the sensor data at least partially based on the message authentication code and a determining that the sensor data was received within a pre-determined period of time, wherein the at least one processor parses the validated sensor data.”
9.	For independent claim 1. the examiner notes that the prior arts do not provide sufficient motivation to be combined and to be modified in such a way as to render obvious the claimed feature of “combining the encrypted symmetric key, the encrypted data and the message authentication code into an export data set, deleting the first public key, the unencrypted data, the message authentication code and the symmetric key from the volatile memory of the automotive ECU, transmitting the export data set, or grant read access to the memory space storing export data set, to the requesting entity, and deleting the export data set from the volatile memory of the automotive ECU” in combination with authenticating the requesting entity, the method further comprising, if the authentication and the verification are successful: generating a random symmetric key, reading data to be exported in accordance with the request from a first storage space of the automotive ECU's memory into a volatile memory of the automotive ECU, encrypting the data read into the volatile memory of the automotive ECU using the symmetric key, generating a message authentication code using the symmetric key, storing the encrypted data and the message authentication code in the volatile memory of the automotive ECU, encrypting the symmetric key using the first public key, within the context of the claimed invention as a whole without the usage of impermissible hindsight reasoning.
10.	For independent claim 9. the examiner notes that the prior arts do not provide sufficient motivation to be combined and to be modified in such a way as to render obvious the claimed feature of “receiving an export data set, or receiving a read access grant, to a memory space of the automotive ECU storing the export data set, and reading the export data set accordingly, wherein the export data set includes a symmetric key encrypted with the first public key of the first public/private key pair, data encrypted with the symmetric key, and a message authentication code generated using the symmetric key, checking the certificate, if the expiry date or the time of validity, of the first public key, is exceeded and, if the first public key is still valid: decrypting the symmetric key using the first private key of the first public/private key pair, and decrypt the data and verify the authenticity of the data using the decrypted symmetric key.” in combination with transmitting a data export request targeting the automotive ECU, the data export request including the signed first public key and a certificate indicating an expiry date or a time period of validity of the first public key, providing authentication to the automotive ECU, in response to a corresponding request received from, or a protocol initiated by, the automotive ECU, within the context of the claimed invention as a whole without the usage of impermissible hindsight reasoning.
Independent claim 13 recites similar limitations.
11.	Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.''
CONCLUSION
	 12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Shawnchoy Rahman/Primary Examiner, Art Unit 2438