Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action is in response to amendment file on 5/13/2022. Claims 1, 4, 9, 10 and 13 are amended. Claims 3 and 12 are cancelled. Claims 17-22 are new. Claims 1, 2 and 4-11 and 13-22 are pending.
Response to Arguments
Examiner’s Remarks – Specification Objection (Title)
The examiner withdraws the objection to applicant’s Specification in view applicant’s title amendment. 
Examiner’s Remarks – Specification Objection (Abstract)
The examiner withdraws the objection to applicant’s Specification in view applicant’s Abstract amendment. 
Examiner’s Remarks - 35 USC § 101
The examiner withdraws the rejection in view of applicant’s claim amendment. 
Examiner’s Remarks - 35 USC § 103
Applicant’s arguments with respect to claim(s) 1, 2 and 4-11 and 13-16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 4-11, 13-16, 18 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Takemori et al. (US Patent Publication No. 2018/022120 and Takemori hereinafter (cited from IDS 5/13/2022)) in view of El Idrissi et al. (US Patent No. 10,218,499 and Idrissi hereinafter ).

As to claims 1, 9 and 10, Takemori teaches a method for the vehicle-internal management of cryptographic keys comprising: 
providing at least one secret for a vehicle-internal key generation device (i.e., …teaches in par. 069 the following: “The initial key writing device 301 generates an ECU-initial key using the master key MASTER_KEY and an ECU-identifier.”); 
generating at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret (i.e., …teaches in par. 0069 the following: “the initial key writing device 301 generates an ECU-initial key Key_A using the master key MASTER_KEY and the ECU-identifier ECU_ID_A for the ECU_A_50”), 
wherein at least one of the generation of the at least one new cryptographic key and the providing of the at least one new cryptographic key takes place autonomously (i.e., …the examiner notes that applicant’s usage of the alternative phrase “at least one”, places the above limitation in alternative form. As such the examiner notes that Takemori teaches in par. 0072 the following: “the method of generating an ECU-initial key uses a hash function. For example, it is possible to calculate a hash value using an input value representing the concatenated data of the master key MASTER_KEY and an ECU-identifier, thus using the calculated hash value as an ECU-initial key.”). 

Takemori does not expressly teach
and is triggered by one of: a key-exchange event and a combination of key-exchange events and wherein the key-exchange event is one of a vehicle-internal change, an environmental change and a security event.
In this instance the examiner notes the teachings of prior art reference Idrissi.
With regards to applicant’s claim limitation element of, “and is triggered by one of: a key-exchange event and a combination of key-exchange events”, the examiner notes that applicant’s usage of the phrase, “one of”, places the above limitation in alternative form. …As such the examiner notes that Idrissi teaches in col. 5, lines 44-55 the following: “the session initiation may be performed when the vehicle is turned on for the first time. By using the pre-shared key K_s 20, each ECU 22a, 22b, 22c randomly selects a static authentication key K.sub.—i 24 and shares it with the gateway ECU. The static authentication key K.sub.—i 24 will be used by the gateway ECU as ECU_i authentication key (i indicates the number of ECU_i). Each ECU 22a, 22b, 22c periodically generates from K.sub.—i 24 a new dynamic authentication key K.sub.—Ai 28 associated with new randomized ID.”.
With regards to applicant’s claim limitation element of, “and wherein the key-exchange event is one of a vehicle-internal change, an environmental change and a security event”, the examiner notes that applicant’ s usage of the phrase, “one of”, places the above limitation in alternative form. …As such with regards to applicant’s alternative claim limitation form of, “a vehicle-internal change, Idrissi teaches in col. 5, lines 44-55 the following: “the session initiation may be performed when the vehicle is turned on for the first time. By using the pre-shared key K_s 20, each ECU 22a, 22b, 22c randomly selects a static authentication key K.sub.—i 24 and shares it with the gateway ECU. The static authentication key K.sub.—i 24 will be used by the gateway ECU as ECU_i authentication key (i indicates the number of ECU_i). Each ECU 22a, 22b, 22c periodically generates from K.sub.—i 24 a new dynamic authentication key K.sub.—Ai 28 associated with new randomized ID.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori with the teachings of Idrissi by having their system comprise event based key derivation. One would have been motivated to do so to provide a simple and effective means to further secure key related data before communication, wherein the event base key derivation helps secure the key data and makes it easier to ensure communication integrity within the vehicle’s network environment.

As to claims 2 and 11, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori teaches a method as claimed in claim 1, further comprising:
 providing at least one new cryptographic key for at least one vehicle-internal control device (i.e., …teaches in par. 0072 the following: “the method of generating an ECU-initial key uses a hash function. For example, it is possible to calculate a hash value using an input value representing the concatenated data of the master key MASTER_KEY and an ECU-identifier, thus using the calculated hash value as an ECU-initial key.”)
and using the vehicle-internal control device in cryptographic and/or non-cryptographic security measures (i.e., …the examiner notes that applicant’s usage of the term “or” places the above limitation in alternative form. As such the examiner notes that Takermori teaches in par. 0069 the following: “the initial key writing device 301 generates an ECU-initial key Key_A using the master key MASTER_KEY and the ECU-identifier ECU_ID_A for the ECU_A_50”).

Takermori does not expressly teach:
and is triggered by one of: a key-exchange event and a combination of key-exchange events.
In this instance the examiner notes the teachings of prior art reference Idrissi.
The examiner notes that applicant’ s usage of the phrase “one of” places the above limitation in alternative form …As such the examiner notes that Idrissi teaches in col. 5, lines 44-55 the following: “the session initiation may be performed when the vehicle is turned on for the first time. By using the pre-shared key K_s 20, each ECU 22a, 22b, 22c randomly selects a static authentication key K.sub.—i 24 and shares it with the gateway ECU. The static authentication key K.sub.—i 24 will be used by the gateway ECU as ECU_i authentication key (i indicates the number of ECU_i). Each ECU 22a, 22b, 22c periodically generates from K.sub.—i 24 a new dynamic authentication key K.sub.—Ai 28 associated with new randomized ID.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori with the teachings of Idrissi by having their system comprise event based key derivation. One would have been motivated to do so to provide a simple and effective means to further secure key related data before communication, wherein the event base key derivation helps secure the key data and makes it easier to ensure communication integrity within the vehicle’s network environment.

3 and 12. (Cancelled)

As to claims 4 and 13, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori does not expressly teach a method as claimed in claim 2[[3]], further comprising: capturing the key-exchange event with a vehicle-internal control unit; 
and initiating with the control unit one of the generating of the at least one new cryptographic key and the provisioning of the at least one new cryptographic key.
In this instance the examiner notes the teachings of prior art reference Idrissi.
With regards to applicant’s claim limitation element of, “capturing the key-exchange event with a vehicle-internal control unit”, the examiner notes Idrissi teaches in col. 5, lines 44-55 the following: “the session initiation may be performed when the vehicle is turned on for the first time. ….”.
With regards to applicant’s claim limitation element of, “and initiating with the control unit one of the generating of the at least one new cryptographic key and the provisioning of the at least one new cryptographic key”, the examiner notes that applicant’ s usage of the phrase “one of” places the above limitation in alternative form …As such the examiner notes that Idrissi teaches in col. 5, lines 44-55 the following: “the session initiation may be performed when the vehicle is turned on for the first time. By using the pre-shared key K_s 20, each ECU 22a, 22b, 22c randomly selects a static authentication key K.sub.—i 24 and shares it with the gateway ECU. The static authentication key K.sub.—i 24 will be used by the gateway ECU as ECU_i authentication key (i indicates the number of ECU_i). Each ECU 22a, 22b, 22c periodically generates from K.sub.—i 24 a new dynamic authentication key K.sub.—Ai 28 associated with new randomized ID.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori with the teachings of Idrissi by having their system comprise event based key derivation. One would have been motivated to do so to provide a simple and effective means to further secure key related data before communication, wherein the event base key derivation helps secure the key data and makes it easier to ensure communication integrity within the vehicle’s network environment.

As to claims 5 and 14, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori teaches a method as claimed in claim 4, further comprising at least one of:  monitoring of the key generation carried out by the key generation device by the control unit (i.e., … applicant’ s usage of the phrase of, “at least one of”, places the above limitation in alternative form … As such with regards to applicant’s alternative claim limitation form the examiner notes that Takemori teaches in par. par. 0113 the following, “….management server equipment 80 transmits the ECU-identifier and the ECU-initial key, which is generated using the master key MASTER_KEY and the ECU-identifier, to the management device 10a of the automobile 1 through the wireless communication network 2. Specifically, the management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_A and the ECU-initial key Key_A to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_B and the ECU-initial key Key_B to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_C and the ECU-initial key Key_C to the management device 10a of the automobile 1 through the wireless communication network 2.”); 
and adapting the key generation carried out by the key generation device by the control unit (i.e., … applicant’ s usage of the phrase one of places the above limitation in alternative form … As such with regards to applicant’s alternative claim limitation form the examiner notes that Takemori teaches in par. par. 0113 the following, “The management server equipment 80 transmits the ECU-identifier and the ECU-initial key, which is generated using the master key MASTER_KEY and the ECU-identifier, to the management device 10a of the automobile 1 through the wireless communication network 2. Specifically, the management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_A and the ECU-initial key Key_A to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_B and the ECU-initial key Key_B to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_C and the ECU-initial key Key_C to the management device 10a of the automobile 1 through the wireless communication network 2.)”.

As to claims 6 and 15, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori teaches a method as claimed in claim 4, further comprising at least one of: 
monitoring at least one of the provisioning and the distributing of new cryptographic keys to at least one of a plurality of control devices by the control unit (i.e., …the examiner notes that
applicant’s usage of the phrase of, “at least one of”, places the above limitation in alternative form. …As such with regards to applicant’s alternative claim limitation form the examiner notes that Takemori teaches in par. par. 0113 the following, “….management server equipment 80 transmits the ECU-identifier and the ECU-initial key, which is generated using the master key MASTER_KEY and the ECU-identifier, to the management device 10a of the automobile 1 through the wireless communication network 2. Specifically, the management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_A and the ECU-initial key Key_A to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_B and the ECU-initial key Key_B to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_C and the ECU-initial key Key_C to the management device 10a of the automobile 1 through the wireless communication network 2);  
adapting at least one of the provisioning and the distributing of new cryptographic keys to one of the plurality of control devices by the control unit (i.e., …the examiner notes that applicant’s usage of the phrase of, “at least one of”, places the above limitation in alternative form. …As such with regards to applicant’s alternative claim limitation form the examiner notes that Takemori teaches in par. 0113 the following, “….management server equipment 80 transmits the ECU-identifier and the ECU-initial key, which is generated using the master key MASTER_KEY and the ECU-identifier, to the management device 10a of the automobile 1 through the wireless communication network 2. Specifically, the management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_A and the ECU-initial key Key_A to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_B and the ECU-initial key Key_B to the management device 10a of the automobile 1 through the wireless communication network 2. The management server equipment 80 transmits a pair of the ECU-identifier ECU_ID_C and the ECU-initial key Key_C to the management device 10a of the automobile 1 through the wireless communication network 2).

As to claims 7 and 16, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori teaches a method as claimed in claim 1, further comprising at least one of: provisioning of key generation parameters for a vehicle-external computer system that enable the vehicle-external computer system to generate at least one cryptographic key that is used by a vehicle-internal control device (i.e., …teaches in par. 069 the following: “The initial key writing device 301 generates an ECU-initial key using the master key MASTER_KEY and an ECU-identifier.”); 
and generating by the external computer system, of at least one cryptographic key that is used by a vehicle-internal control device (i.e., …teaches in par. 069 the following: “The initial key writing device 301 generates an ECU-initial key using the master key MASTER_KEY and an ECU-identifier.”).

As to claim 8, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori teaches a method as claimed in claim 1, further comprising provisioning authorization information for the vehicle-internal key generation device, wherein the generation of the at least one new cryptographic key by the vehicle-internal key generation device also takes place on the basis of the authorization information (i.e., …the examiner notes that applicant’s usage of the alternative phrase, “at least one”, places the above limitation in alternative form. As such the examiner notes that Takemori teaches in par. 069 the following: “The initial key writing device 301 generates an ECU-initial key using the master key MASTER_KEY and an ECU-identifier.”).

As to claims 18 and 21, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically Takemori does not expressly teach a method as claimed in claim 1, wherein the environmental change is one of a change in the position of the vehicle, a change in the planned driving route, exceeding of physical limit parameters, time limits, and time-based changes.
In this instance the examiner notes the teachings of prior art reference Idrissi.
The examiner notes that applicant’ s usage of the phrase “one of” places the above limitation in alternative form …As such with regards to applicant’s alternative limitation form of, “time-based changes”, the examiner notes that Idrissi teaches in col. 8, lines 55-60 the following: “generates periodically (100 ms) a new authentication key 28 and new identity 14′ (phase 2)”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori with the teachings of Idrissi by having their system comprise event based key derivation. One would have been motivated to do so to provide a simple and effective means to further secure key related data before communication, wherein the event base key derivation helps secure the key data and makes it easier to ensure communication integrity within the vehicle’s network environment.
Claim(s) 17, 19, 20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Takemori in view of as applied to claims 1, 9 and 10 above and further in view of HAGA et al. (US Patent No. 2018/0295147 and HAGA hereinafter ).

As to claims 17 and 20, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically neither reference expressly teach a method as claimed in claim 1, wherein the security event is one of. a firewall alarm, and intrusion detection, a failed identity check and a certificate rule infringement.
In this instance the examiner notes the teachings of prior art reference HAGA.
The examiner notes that applicant’ s usage of the phrase “one of” places the above limitation in alternative form …As such with regards to applicant’s alternative limitation form of, “and intrusion detection”, the examiner notes that HAGA teaches in par. 0167 and 168 the following: “in the case of determining that an anomaly has been detected in a key-related message (that is, in the case of determining that the anomalous frame is a key-related message), the anomaly detection server 80 transmits a key update request (that is, transmission information including control information for giving an instruction to update a key used in the application of cryptographic processing (encryption or MAC attachment) in a vehicle) to the vehicle 1010a in which the frame is detected, and also to vehicles having a certain relationship with the vehicle 1010a (in these exemplary operations, the vehicle 1010b in the same vehicle family) (step S403). [0168] In response, the gateway 90 of the vehicle 1010a receives the key update request (step S404), and following the key update request, updates the key stored by the key storage unit 921 (step S405). The key update request transmitted by the anomaly detection server 80 and received by the gateway 90 may also be information including a new key. The anomaly detection server 80 may also include, in the key update request, key-designating information”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori and Idrissi with the teachings of HAGA by having their system comprise anomaly based key generation. One would have been motivated to do so to provide a simple and effective means to further secure the integrity of the system before key distribution, wherein the anomaly based key generation helps secure the key data and makes it easier to ensure that data communicated in the network will be safe. 

As to claims 19 and 22, system of Takemori and Idrissi as applied to claim 1 above teaches key derivation, specifically neither references expressly teach a method as claimed in claim 1, wherein the vehicle-internal change is acquired through an anomaly detection.
In this instance the examiner notes the teachings of prior art reference HAGA.
The examiner notes that HAGA teaches in par. 0167 and 168 the following: “in the case of determining that an anomaly has been detected in a key-related message (that is, in the case of determining that the anomalous frame is a key-related message), the anomaly detection server 80 transmits a key update request (that is, transmission information including control information for giving an instruction to update a key used in the application of cryptographic processing (encryption or MAC attachment) in a vehicle) to the vehicle 1010a in which the frame is detected, and also to vehicles having a certain relationship with the vehicle 1010a (in these exemplary operations, the vehicle 1010b in the same vehicle family) (step S403). [0168] In response, the gateway 90 of the vehicle 1010a receives the key update request (step S404), and following the key update request, updates the key stored by the key storage unit 921 (step S405). The key update request transmitted by the anomaly detection server 80 and received by the gateway 90 may also be information including a new key. The anomaly detection server 80 may also include, in the key update request, key-designating information”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teaching of Takemori and Idrissi with the teachings of HAGA by having their system comprise anomaly based key generation. One would have been motivated to do so to provide a simple and effective means to further secure the integrity of the system before key distribution, wherein the anomaly based key generation helps secure the key data and makes it easier to ensure that data communicated in the network will be safe. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497