Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

1.     In view of the Appeal Brief filed on 4/18/2022, PROSECUTION IS HEREBY REOPENED. A new ground of rejection is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) request reinstatement of the appeal. 
If reinstatement of the appeal is requested, such request must be accompanied by a supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1.131 or 1.132) or other evidence are permitted. See 37 CFR 1.193(b)(2).
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
.
 
2.        Claims 1, 2, 4 - 18 are pending.  Claim 3 has been canceled.  Claims 1, 8, 14 are independent.    This application was filed on 11-10-2017.  

Response to Arguments

3.    Applicant’s arguments, see Arguments/Remarks Made in an Amendment, filed 4-18-2022, with respect to the rejection(s) under Maher in view Campos and further in view of Pierce have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Maher in view Campos and further in view of Hayton and Demeniuk.

A.  Applicant argues on page 8 of Remarks: “   ...   no mention is made in Pierce of “a precomputed version of the ESN encrypted using a symmetric key known to the gateway but not to the ECU”   ...   “. 

    The Examiner respectfully disagrees.  Pierce is no longer used as ground of rejection.  Campos discloses the generation of a precomputed version of an ESN (i.e. object serial number).  And, Campos discloses utilizing the generated object serial number in data processing. (see Campos page 8, lines 6-10: updating or reprogramming vehicle ECUs generating an encrypted package and means to parallel encrypt data files and information files of vehicle; adding a header with the data referring to vehicle model (original equipment manufacturer data! (OEM), vehicle model, vehicle year, platform vehicle, ECU Identification (ID) data (i.e. analogous to VIN number: it is well known in the art that a VIN number is generated from a combination of fields; fields indicating vehicle manufacturer, vehicle year, vehicle model; precomputed information associated with a specific vehicle (ECU))
    Demeniuk discloses the capability to encrypt a trust response comprising an ESN and using a symmetric encryption key.  (see Demeniuk paragraph [0067], lines 2-14: applications are signed with a VIN-specific certificate that allows them to interact only with specific vehicle(s); certificates are attached to the application install when the vehicle owner, driver, or passenger obtains the application from the distribution model; each certificate contains an encrypted copy of a VIN-specific key and application's identity; upon connecting to service, application identity string and certificate are sent; system decrypts certificates, and verifies that the VIN key matches the module, and that application identity matches that which is sent from application; if both strings do not match, further messages from the application will not be honored)    
    Maher discloses an encryption operation utilizing an encryption key (known to the gateway). (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key); paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted)
    Maher discloses a situation whereby an encryption key can possibly be known by a gateway and not known by an ECU.  (see Maher paragraph [0129], lines 1-15: an unverified system will not be able to process trusted credentials issued by trust authority; communication from unverified systems will originate outside the boundary of trust; trusted systems, components and devices disregard communications originating outside the boundary of trust; (an unverified system is not included within a web of trust, which is the current operational environment for the claimed invention)) 
    In addition, Hayton discloses the capability for a key to be known by a first application (i.e. analogous to a gateway, controller implemented via software) and unknown to a second application (i.e. analogous to a software implemented ECN, controller). (see Hayton paragraph [0116], lines 6-14: information can be in a protected or encrypted format such that the controller associated with the first application 502a may be able to read the information, but the second application 502b might not be able to read the information; controller 512a generates an encrypted record of first application 502a's application identifier encrypted with a key K, where K is known to controller 512a and is not known to second application 502b; paragraph [0116], lines 29-33: if controller of first application 502a and controller of second application 502b are not the same controller (e.g., controllers 512a and 512b), then controllers 512a and 512b are able to make an association between the two applications 502a and 502b).
    In addition, there is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection. 

B.  Applicant argues on page 8 of Remarks:    ...   Pierce does not disclose or suggest that an ESN is encrypted, let alone “encrypted using a symmetric key known to the gateway but not to the ECU.”. 

    The Examiner respectfully disagrees.  Pierce is no longer used as grounds of rejection.  Maher discloses the encryption of a generated object serial number.  Maher discloses an encryption operation utilizing an encryption key (known to the gateway). (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (i.e. a symmetric key utilized as an cryptographic key); paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted) 
    Demeniuk discloses the capability to encrypt a trust response comprising an ESN using a symmetric encryption key as stated above.  
    Maher discloses a condition whereby an encryption key can possibly be known by a gateway and not known by an ECU.  (see Maher paragraph [0129], lines 1-15: an unverified system will not be able to process trusted credentials issued by trust authority; communication from unverified systems will originate outside the boundary of trust; trusted systems, components and devices disregard communications originating outside the boundary of trust; (unverified system is not included within a web of trust))  
    In addition, Hayton discloses the capability for a key to be known by a first application (i.e. analogous to a gateway, controller implemented via software) and unknown to a second application (i.e. analogous to a software implemented ECN, controller). (see Hayton paragraph [0116], lines 6-14: information can be in a protected or encrypted format such that the controller associated with the first application 502a may be able to read the information, but the second application 502b might not be able to read the information; controller 512a generates an encrypted record of first application 502a's application identifier encrypted with a key K, where K is known to controller 512a and is not known to second application 502b; paragraph [0116], lines 29-33: if controller of first application 502a and controller of second application 502b are not the same controller (e.g., controllers 512a and 512b), then controllers 512a and 512b are able to make an association between the two applications 502a and 502b)
    There is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection. 

C.  Applicant argues on page 8 of Remarks:    ...   Pierce also fails to disclose or suggest a “trust response including a precomputed version of the ESN encrypted using a symmetric key known to the gateway but not to the ECU”   ...   . 

    The Examiner respectfully disagrees.  Pierce is no longer used as grounds of rejection.  Maher discloses the encryption of a generated object serial number.  Maher discloses an encryption operation utilizing a symmetric encrypted key (known to the gateway). (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key); paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted) 
    Demeniuk discloses the capability to encrypt a trust response comprising an ESN using a symmetric encryption key as stated above.  
    Maher discloses a condition whereby an encryption key can possibly be known by a gateway and not known by an ECU.  (see Maher paragraph [0129], lines 1-15: an unverified system will not be able to process trusted credentials issued by trust authority; communication from unverified systems will originate outside the boundary of trust; trusted systems, components and devices disregard communications originating outside the boundary of trust; (unverified system is not included within a web of trust))
    There is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection.  

D.  Applicant argues on page 8 of Remarks: “   ...   independent claim 1 and all claims that depend therefrom are patentable over Maher in view of Campos and further in view of Pierce.”. 

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.    

E.  Applicant argues on page 8 of Remarks: Independent claims 8 and 14 differ in scope from that of independent claim 1 but are patentable at least for similar reasons.

    Independent claims 8 and 14 have similar limitations as independent claim 1.  Responses to arguments against independent claim 1 also answer arguments against independent claims 8 and 14.    

F.  Applicant argues on page 8 of Remarks: Dependent claims 2, 4-7, 9-13, and 15-18 are in condition for allowance at least due to their dependence from one of independent claims 1, 8, or 14.

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.   

Claim Rejections - 35 USC § 112

4.        The following is a quotation of the first paragraph of 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.

5.        Claims 1, 8, 14 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. There is no disclosure within the specification or the original claims for the following claim limitations: “   ...   the trust response including a precomputed version of the ESN encrypted using a symmetric key known to the gateway but not to the ECU,   ...   “.  The specification does not disclose a symmetric key known to the gateway but not known to the ECU.  The specification in paragraph [0030] discloses a symmetric key used for cryptographic operations known to the gateway (no mention of any association to the ECU is indicated).  Dependent claim are also rejected under the same rationale set forth above. Appropriate correction is required.  

Claim Rejections - 35 USC § 103  

6.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

7.        Claims 1, 2, 4 - 18 are rejected under 35 U.S.C. 103 as being unpatentable over Maher et al. (US PGPUB No. 20130212659) in view of Campos et al. (WIPO Publication No. WO/2017/010859) and further in view of Hayton et al. (US PGPUB No. 20170026383) and Demeniuk (US PGPUB No. 20140163771).      

Regarding Claim 1, Maher discloses a system comprising:
a)  a gateway of a vehicle, connected to a telematics control unit (TCU) and a plurality of electronic control units (ECUs) (see Maher paragraph [0006], lines 1-15: facilitating a security and trust architecture in networked or connected vehicles; including information relating to a plurality of electronic control unit (ECUs) and network connections included in connected vehicle; a telematics system and engine control modules and/or embedded systems that control one or more systems or subsystems in vehicle; paragraph [0126], lines 1-8: gateways issued trusted credentials used to indicate to other devices and systems that communication originating from gateways are trusted), programmed to perform operations. 

Furthermore, Maher discloses the following:
c)  responsive to confirmation that the ESN of the target ECU is not included in a web of trust, (see Maher paragraph [0129], lines 1-15: an unverified system will not be able to process trusted credentials issued by trust authority; communication from unverified systems will originate outside the boundary of trust; trusted systems, components and devices disregard communications originating outside the boundary of trust; (unverified system is not included within a web of trust)) and     
d)  send a trust request to a plurality of subnets of the vehicle. (see Maher paragraph [0154], lines 1-4: ECU receives a request to access certain secure content; (request generated and processed within a particular network environment, subnet))    

    Furthermore, Maher discloses for g) responsive to confirmation that the ESN of the target ECU is included in the web of trust stored to the gateway. (see Maher paragraph [0127], lines 1-14: trust hierarchies between ECUs are identified; based on the identified relationships, devices (i.e. ECUs) that are included in a trusted architecture are identified and based on the identified relationship the ECUs are issued trusted credentials; paragraph [0126], lines 1-8: gateways issued trusted credentials used to indicate to other devices and systems that a communication originating from gateways are trusted)    
    Although, Maher discloses vehicle software update capabilities (see Maher paragraph [0107], lines 1-8: articulate which entities are authorized to access which resources and for which purposes such as software update access; paragraph [0071], lines 1-6: connected vehicle designed such that control signals sent from an ECU in vehicle; control certain vehicle functions), Maher does not specifically disclose for b) receiving a command from a TCU specifying an electronic serial number (ESN), and for e) trust response including a precomputed version of ESN, and for g) receiving and forwarding a command to a target ECU. 
However, Campos discloses: 
b)  receive a command from the TCU, the command specifying an electronic serial number (ESN) of a target ECU of the ECUs; (see Campos page 7, lines 4-7: system for reprogramming ECU devices (Electronic Control Units) in vehicles; transmit new software files (downloading software updates) to vehicle for reprogramming) and
e)  the trust response including a precomputed version of the ESN encrypted using an encryption key; (see Campos page 8, lines 6-10: updating or reprogramming vehicle ECUs generating an encrypted package and means to parallel encrypt data files and information files of vehicle; adding a header with the data referring to vehicle model (original equipment manufacturer data! (OEM), vehicle model, vehicle year, platform vehicle, ECU Identification (ID) data (i.e. analogous to VIN number: it is well known in the art that a VIN number is generated from a combination of fields; fields indicating vehicle manufacturer, vehicle year, vehicle model; precomputed information associated with a specific vehicle (ECU)) and 
g)  forward the command to the target ECU. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.; receive and separate encrypted package (i.e. software files); decrypt encrypted package; obtain software files for each type of vehicle and each specific ECU; only ECU to be reprogrammed (target ECU) attends to the transmitted messages; receiving ECU proceeds to self-reprogram)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher for b) receiving a command from a TCU specifying an electronic serial number (ESN), and for e) trust response including a precomputed version of ESN, and for g) receiving and forwarding a command to a target ECU as taught by Campos.  One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)       

    Furthermore, Maher discloses for e) receive a trust response from the target ECU via one of the subnets. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted; paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies (multiple types of networks, subnets) that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets)), and encrypted using an encryption key known to the gateway. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key); paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted)

    Furthermore, Maher-Campos does not specifically disclose an encryption operation using a symmetric key known to a gateway (a first entity) but not to an ECU (a second entity).
    However, Hayton discloses wherein an encryption operation using an encryption key known to a gateway but not to the ECU.  (see Hayton paragraph [0116], lines 6-14: information can be in a protected or encrypted format such that the controller associated with the first application 502a may be able to read the information, but the second application 502b might not be able to read the information; controller 512a generates an encrypted record of first application 502a's application identifier encrypted with a key K, where K is known to controller 512a and is not known to second application 502b; paragraph [0116], lines 29-33: if controller of first application 502a and controller of second application 502b are not the same controller (e.g., controllers 512a and 512b), then controllers 512a and 512b are able to make an association between the two applications 502a and 502b)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos for an encryption operation using an encryption key known to a gateway (a first entity) but not to an ECU (a second entity) as taught by Hayton. One of ordinary skill in the art would have been motivated to employ the teachings of Hayton for the benefits achieved from a system that enables the flexibility of a data processing system whether all of its data processing components can utilize encryption keys or cannot utilize encryption keys. (see Hayton paragraph [0116], lines 6-14)  

    There is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection. 

Furthermore, Maher discloses for f) verify that the target ECU is trusted at least by decrypting the trust response (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key)) and adding the ESN to the web of trust. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted)

Maher-Campos-Hayton-Peirce does not specifically disclose for f) decrypting a trust response using a symmetric key.
However, Demeniuk discloses wherein for f) decrypting the trust response using the symmetric key. (see Demeniuk paragraph [0067], lines 2-14: applications are signed with a VIN-specific certificate that allows them to interact only with specific vehicle(s); certificates are attached to the application install when the vehicle owner, driver, or passenger obtains the application from the distribution model; each certificate contains an encrypted copy of a VIN-specific key and application's identity; upon connecting to service, application identity string and certificate are sent; system decrypts certificates, and verifies that the VIN key matches the module, and that application identity matches that which is sent from application; if both strings do not match, further messages from the application will not be honored)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos-Hayton-Peirce for f) decrypting a trust response using a symmetric key as taught by Demeniuk. One of ordinary skill in the art would have been motivated to employ the teachings of Demeniuk for the benefits achieved from a system that enables the utilization of a symmetric cryptographic key in the secure protection of identification information.  (see Demeniuk paragraph [0067], lines 2-14)  

Regarding Claim 2, Maher-Campos-Hayton-Demeniuk discloses the system of claim 1, wherein the gateway is further programmed to:
a)  decrypt the command using a symmetric key.  (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key)) 

Maher-Hayton-Peirce-Demeniuk does not specifically disclose for b) identifying ESN of target ECU.
However, Campos discloses:
b)  identify the ESN of the target ECU from the command as decrypted. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Hayton-Demeniuk for b) identifying ESN of target ECU as taught by Campos.  One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)      

Regarding Claim 4, Maher-Campos-Hayton-Demeniuk discloses the system of claim 1, wherein the gateway is further programmed to verify that the target ECU is trusted and includes a trust response (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted) and encrypted using a symmetric key. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key))

Maher-Hayton-Demeniuk does not specifically disclose validating that a precomputed version of an identification number (VIN) of a vehicle is included in response. 
However, Campos discloses wherein validating that a vehicle identification number (VIN) of the vehicle is included in the response. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.)  
    And, Campos discloses a precomputed version of a vehicle identification Number (VIN). (see Campos page 8, lines 6-10: updating or reprogramming vehicle ECUs generating an encrypted package and means to parallel encrypt data files and information files of vehicle; adding a header with the data referring to vehicle model (original equipment manufacturer data! (OEM), vehicle model, vehicle year, platform vehicle, ECU Identification (ID) data (i.e. analogous to VIN number: it is well known in the art that a VIN number is generated from a combination of fields; fields indicating vehicle manufacturer, vehicle year, vehicle model; precomputed information associated with a specific vehicle (ECU))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Hayton-Demeniuk for validating that a precomputed version of a vehicle identification number (VIN) of a vehicle is included in response as taught by Campos. One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)       

Regarding Claim 5, Maher-Campos-Hayton-Demeniuk discloses the system of claim 1, wherein the gateway is further programmed to verify that the target ECU is trusted by validating that the trust response is successfully decrypted by the gateway. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages)    

Regarding Claim 6, Maher-Campos-Hayton-Demeniuk discloses the system of claim 1, wherein the gateway is further programmed to add the ESN of the target ECU to the web of trust responsive to successful verification that the target ECU is trusted. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses a trusted credential); determination made that communication and originating ECU are trusted)    

Regarding Claim 7, Maher-Campos-Hayton-Demeniuk discloses the system of claim 6, wherein the gateway is further programmed to indicate, in the web of trust, on which one of the subnets the target ECU is located as the one of the subnets on which the trust response is received. (see Maher paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets))      

Regarding Claim 8, Maher discloses a method comprising:
a)  confirming, by a gateway of a vehicle, whether an ESN of a target ECU of a received command is included in a web of trust stored to the gateway. (see Maher paragraph [0151], lines 1-8: trusted credentials are distributed to verified vehicle ECUs and associated services, and used to implement the trust management methodologies) 

Maher does not specifically disclose for b): forwarding a command to a target ECU, and for d) trust response including a precomputed version of ESN. 
However, Campos discloses:  
b)  responsive to the ESN being included in the web of trust, forwarding the command to the target ECU; (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.; receive and separate encrypted package (i.e. software files); decrypt encrypted package; obtain software files for each type of vehicle and each specific ECU; only ECU to be reprogrammed attends to the transmitted messages; receiving ECU proceeds to self-reprogram) and    
d)  the trust response including a precomputed version of the ESN. (see Campos page 8, lines 6-10: updating or reprogramming vehicle ECUs generating an encrypted package and means to parallel encrypt data files and information files of vehicle; adding a header with the data referring to vehicle model (original equipment manufacturer data! (OEM), vehicle model, vehicle year, platform vehicle, ECU Identification (ID) data (i.e. analogous to VIN number: it is well known in the art that a VIN number is generated from a combination of fields; fields indicating vehicle manufacturer, vehicle year, vehicle model; precomputed information associated with a specific vehicle (ECU))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher for b) forwarding a command to a target ECU, and for d) trust response including a precomputed version of ESN as taught by Campos.  One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13) 

Furthermore, Maher discloses wherein c) responsive to the ESN not being included in the web trust, sending a trust request to a plurality of subnets of the vehicle (see Maher paragraph [0154], lines 1-4: ECU receives a request to access certain secure content; (request generated and processed within a particular network environment)), and d) receiving a trust response from the target ECU via one of the subnets, and a vehicle identification number (VIN) of the vehicle encrypted using an encryption key known to the gateway. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (i.e. symmetric key utilized as cryptographic key); paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted; paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies (multiple types of networks, subnets) that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets))   

Furthermore, Maher-Campos does not specifically disclose an encryption operation using an encryption key known to a gateway but not to an ECU.
    However, Hayton discloses wherein an encryption operation using an encryption key known to a gateway but not to the ECU. (see Hayton paragraph [0116], lines 6-14: information can be in a protected or encrypted format such that the controller associated with the first application 502a may be able to read the information, but the second application 502b might not be able to read the information; controller 512a generates an encrypted record of first application 502a's application identifier encrypted with a key K, where K is known to controller 512a and is not known to second application 502b; paragraph [0116], lines 29-33: if controller of first application 502a and controller of second application 502b are not the same controller (e.g., controllers 512a and 512b), then controllers 512a and 512b are able to make an association between the two applications 502a and 502b)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos for an encryption operation using an encryption key known to a gateway but not to an ECU as taught by Hayton. One of ordinary skill in the art would have been motivated to employ the teachings of Hayton for the benefits achieved from a system that enables the flexibility of a data processing system whether all of its data processing components can utilize encryption keys or cannot utilize encryption keys. (see Hayton paragraph [0116], lines 6-14)

    There is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection. 

Furthermore, Maher discloses for e) verifying that the target ECU is trusted according to a trust response responsive to properly decrypting the trust response (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key)) by adding the ESN to the web of trust. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted)     

Maher-Campos-Hayton does not specifically disclose for e) decrypting a trust response using a symmetric key.
However, Demeniuk discloses wherein for e) decrypting the trust response using the symmetric key. (see Demeniuk paragraph [0067], lines 2-14: applications are signed with a VIN-specific certificate that allows them to interact only with specific vehicle(s); certificates are attached to the application install when the vehicle owner, driver, or passenger obtains the application from the distribution model; each certificate contains an encrypted copy of a VIN-specific key and application's identity; upon connecting to service, application identity string and certificate are sent; system decrypts certificates, and verifies that the VIN key matches the module, and that application identity matches that which is sent from application; if both strings do not match, further messages from the application will not be honored)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos-Hayton for e) decrypting a trust response using a symmetric key as taught by Demeniuk. One of ordinary skill in the art would have been motivated to employ the teachings of Demeniuk for the benefits achieved from a system that enables the utilization of a symmetric cryptographic key in the secure protection of identification information.  (see Demeniuk paragraph [0067], lines 2-14)   
 
Regarding Claim 9, Maher-Campos-Hayton-Demeniuk discloses the method of claim 8, wherein further comprising verifying that the target ECU is trusted by validating the vehicle identification in a trust response. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication analyzed to determine if originating ECU is trusted (possesses a trusted credential); determination made that communication and originating ECU are trusted)

Maher-Hayton-Demeniuk does not specifically disclose vehicle identification number (VIN) of vehicle included in response. 
However, Campos discloses wherein further comprising vehicle identification number (VIN) of the vehicle is included in the trust response. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.; receive and separate encrypted package (i.e. software files); decrypt encrypted package; obtain software files for each type of vehicle and each specific ECU; only ECU to be reprogrammed (target ECU) attends to the transmitted messages; receiving ECU proceeds to self-reprogram)       
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Hayton-Demeniuk for vehicle identification number (VIN) of vehicle included in response as taught by Campos. One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)

Regarding Claim 10, Maher-Campos-Hayton-Demeniuk discloses the method of claim 8, further comprising verifying that the target ECU is trusted by validating that the trust response is successfully decrypted by the gateway. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages)     

Regarding Claim 11, Maher-Campos-Hayton-Demeniuk discloses the method of claim 8, further comprising adding the ESN of the target ECU to the web of trust responsive to successful verification that the target ECU is trusted. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication analyzed to determine if originating ECU is trusted (possesses a trusted credential); determination made that communication and originating ECU are trusted)    

Regarding Claim 12, Maher-Campos-Hayton-Demeniuk discloses the method of claim 8, further comprising indicating, in the web of trust, on which one of the subnets the target ECU is located as the one of the subnets on which the trust response is received. (see Maher paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets))      

Regarding Claim 13, Maher-Campos-Hayton-Demeniuk discloses the method of claim 8, wherein the command is a request to unlock vehicle doors, and the target ECU is a body controller of the vehicle. (see Maher paragraph [0049], lines 8-10: telematics systems allow vehicle to be remotely started and/or the vehicle doors to be unlocked/locked)    

Regarding Claim 14, Maher discloses a non-transitory computer-readable medium including instructions that, when executed by a processor of a gateway of a vehicle, cause the gateway to:
a)  confirm whether an ESN of a target ECU of a received command is included in a web of trust stored to the gateway. (see Maher paragraph [0151], lines 1-8: trusted credentials are distributed to verified vehicle ECUs and associated services, and used to implement the trust management methodologies) and       

Maher does not specifically disclose for b) forwarding a command to a target ECU, and for d) trust response including a precomputed version of ESN. 
However, Campos discloses:
b)  responsive to ESN being included in the web of trust, forward the command to the target ECU. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.; receive and separate encrypted package (i.e. software files); decrypt encrypted package; obtain software files for each type of vehicle and each specific ECU; only ECU to be reprogrammed attends to the transmitted messages; receiving ECU proceeds to self-reprogram) and 
d)  the trust response including a precomputed version of the ESN. (see Campos page 8, lines 6-10: updating or reprogramming vehicle ECUs generating an encrypted package and means to parallel encrypt data files and information files of vehicle; adding a header with the data referring to vehicle model (original equipment manufacturer data! (OEM), vehicle model, vehicle year, platform vehicle, ECU Identification (ID) data (i.e. analogous to VIN number: it is well known in the art that a VIN number is generated from a combination of fields; fields indicating vehicle manufacturer, vehicle year, vehicle model; precomputed information associated with a specific vehicle (ECU))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher for b) forwarding a command to a target ECU, and for d) trust response including a precomputed version of ESN as taught by Campos.  One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)

Furthermore, Maher discloses wherein for c) responsive to the ESN not being included in the web of trust, send a trust request to a plurality of subnets of the vehicle (see Maher paragraph [0154], lines 1-4: ECU receives a request to access certain secure content; (request generated and processed within a particular network environment (subnet))), and d) receive a trust response from the target ECU via one of the subnets encrypted using a symmetric key known to the gateway. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted; paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies (multiple types of networks, subnets) that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets)).  

Furthermore, Maher-Campos does not specifically disclose an encryption operation using an encryption key known to a gateway but not to an ECU.
    However, Hayton discloses wherein an encryption operation using an encryption key known to a gateway but not to the ECU. (see Hayton paragraph [0116], lines 6-14: information can be in a protected or encrypted format such that the controller associated with the first application 502a may be able to read the information, but the second application 502b might not be able to read the information; controller 512a generates an encrypted record of first application 502a's application identifier encrypted with a key K, where K is known to controller 512a and is not known to second application 502b; paragraph [0116], lines 29-33: if controller of first application 502a and controller of second application 502b are not the same controller (e.g., controllers 512a and 512b), then controllers 512a and 512b are able to make an association between the two applications 502a and 502b)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos for an encryption operation using an encryption key known to a gateway but not to an ECU as taught by Hayton. One of ordinary skill in the art would have been motivated to employ the teachings of Hayton for the benefits achieved from a system that enables the flexibility of a data processing system whether all of its data processing components can utilize encryption keys or cannot utilize encryption keys. (see Hayton paragraph [0116], lines 6-14)

    There is no disclosure for the claim limitation: “a symmetric key known to the gateway but not to the ECU”.  See 112 Rejection. 

Furthermore, Maher discloses for e) verifying that the target ECU is trusted according to a trust response responsive to properly decrypting the trust response (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages; (symmetric key utilized as cryptographic key)) by adding the ESN to the web of trust. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses trusted credentials); determination made that communication and originating ECU are trusted)

Maher-Campos-Hayton does not specifically disclose for e) decrypting a trust response using a symmetric key.
However, Demeniuk discloses wherein for e) decrypting the trust response using the symmetric key. (see Demeniuk paragraph [0067], lines 2-14: applications are signed with a VIN-specific certificate that allows them to interact only with specific vehicle(s); certificates are attached to the application install when the vehicle owner, driver, or passenger obtains the application from the distribution model; each certificate contains an encrypted copy of a VIN-specific key and application's identity; upon connecting to service, application identity string and certificate are sent; system decrypts certificates, and verifies that the VIN key matches the module, and that application identity matches that which is sent from application; if both strings do not match, further messages from the application will not be honored)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Campos-Hayton for f) decrypting a trust response using a symmetric key as taught by Demeniuk. One of ordinary skill in the art would have been motivated to employ the teachings of Demeniuk for the benefits achieved from a system that enables the utilization of a symmetric cryptographic key in the secure protection of identification information.  (see Demeniuk paragraph [0067], lines 2-14)

Regarding Claim 15, Maher-Campos-Hayton-Demeniuk discloses the medium of claim 14, wherein further comprising instructions that, when executed by the processor of the gateway, cause the gateway to verify that the target ECU is trusted by validating a vehicle identification and a trusted response. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses a trusted credential); determination made that communication and originating ECU are trusted) 

Maher-Hayton-Demeniuk does not specifically disclose a vehicle identification number (VIN) of a vehicle is included in response. 
However, Campos discloses wherein a vehicle identification number (VIN) of the vehicle is included in the response. (see Campos page 8, lines 4-26: encrypting files of software for updating vehicle ECUs; generating an encrypted package; adding a header with data referring to: vehicle information, ECU identification (ID) data, data packet size, key of software file, and etc.; receive and separate encrypted package (i.e. software files); decrypt encrypted package; obtain software files for each type of vehicle and each specific ECU; only ECU to be reprogrammed (target ECU) attends to the transmitted messages; receiving ECU proceeds to self-reprogram)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Maher-Hayton-Demeniuk for a vehicle identification number (VIN) of a vehicle is included in response as taught by Campos. One of ordinary skill in the art would have been motivated to employ the teachings of Campos for the benefits achieved from a system that enables the management of ECU devices within vehicles. (see Campos page 1, lines 10-13)  

Regarding Claim 16, Maher-Campos-Hayton-Demeniuk discloses the medium of claim 14, further comprising instructions that, when executed by the processor of the gateway, cause the gateway to verify that the target ECU is trusted by validating that the trust response is successfully decrypted by the gateway. (see Maher paragraph [0131], lines 11-26: cryptographic keys used in exchanging cryptographic messages between trusted systems; messages originating from trusted systems, components, devices associated with a vehicle are encrypted and/or digitally signed using keys; trusted receiving encrypted messages use keys to decrypt and/or verify the signature associated with messages)    

Regarding Claim 17, Maher-Campos-Hayton-Demeniuk discloses the medium of claim 14, further comprising instructions that, when executed by the processor of the gateway, cause the gateway to add the ESN of the target ECU to the web of trust responsive to successful verification that the target ECU is trusted. (see Maher paragraph [0152], lines 4-18: receiving a communication from a trusted vehicle; communication is analyzed to determine if originating ECU is trusted (possesses a trusted credential); determination made that communication and originating ECU are trusted)    

Regarding Claim 18, Maher-Campos-Hayton-Demeniuk discloses the medium of claim 14, further comprising instructions that, when executed by the processor of the gateway, cause the gateway to indicate, in the web of trust, on which one of the subnets the target ECU is located as the one of the subnets on which the trust response is received. (see Maher paragraph [0056], lines 1-20: inter-vehicle networks use wireless and/or wired communication technologies that connect the vehicle to the external world; configured to facilitate communication with a network incorporating any suitable communication standard and/or protocol (networking, internetworking, subnets))    

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CJ/
July 13, 2022                                                                                                                                                                                              
                                             
                                                                                                                                                                                                                                                                                                                                                             
       /SHEWAYE GELAGAY/       Supervisory Patent Examiner, Art Unit 2436