DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-14 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
2.	Claim(s) 1-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Miyamoto, et al. [US 20080104401] in view of Baker, et al. [US 20180152824]
As per claim 1:	Miyamoto, et al. teaches a method for embedding a certificate for an in-vehicle controller, the method comprising: 
transmitting a public key request from a first server to a controller requiring certificate embedding; [Miyamoto: para 0014, 0033; client apparatus receives a request for an electronic certificate from a server apparatus wherein the certificate contains personal information and a server public key of the server apparatus. The “controller” can be given the broadest reasonable interpretation (BRI) as hardware or software that may include (but not limited to) cards or microchip as part of a machine/device, or separate machine/device per se] 
generating a key pair including a private key and a public key by a hardware security module included in the controller according to the public key request; [Miyamoto: para 0037; The client apparatus has a temporary certificate creating unit and a signature creating unit. The temporary certificate creating unit has a function of creating a temporary electronic certificate that conforms to an electronic certificate. The temporary certificate creating unit includes a temporary key generating section, an encryption section, a signature value calculating section. The storage unit stores a client certificate that contains personal information, a client private key  corresponding to a client public key based on public key cryptography. Thus, suggests a key pair was generated by a hardware security module of the client controller which coincides to the public key request]
transmitting the public key in the key pair to the first server via the controller; [Miyamoto: para 0014, 0034; After the temporary electronic certificate is created which includes basic fields such as issuer information and a public key with extension fields with unique information, and the client sends the temporary electronic certificate to the server apparatus]
**transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key; [**as rejected under a secondary reference, discussion below]
when the hardware security module signs the hash with the private key, transmitting the signed hash to the first server via the controller; and  [Miyamoto: para 0050; the signature creating unit encrypts the obtained hash value using a private key corresponding to the public key recorded in the electronic certificate to be transmitted, so as to create a signature. The signature creating unit then sends the server apparatus the created signature together with the electronic certificate or after the electronic certificate is transmitted]
**completing generation of the CSR message by the first server based on the signed hash. [**as rejected under a secondary reference, discussion below]
Miyamoto discloses information of a used hash function is sent to the server apparatus using an extension field of a temporary electronic certificate [Miyamoto: para 0047]. The signature setting section signs the temporary electronic certificate. Specifically, the signature setting section sets, in the temporary electronic certificate, a signature value which is obtained by hashing information stored in the basic fields and the extension fields and encrypting the resultant hash value using the server public key recorded in the server certificate [Miyamoto: para 0048]. However, Miyamoto did not clearly discuss “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”.
Baker, et al. teaches the invention that enables the initial layer of security, which may employ public-key infrastructure (PKI) techniques to create a one-time PKI requirement [Baker: para 0162]. The private/public-key pair is then used to generate a certificate signing request (CSR). After successful creation of the user, the CA to create a user account on its server to keep track of certificates. Individual users can have many devices, and therefore, private/public-key pairs, CSRs, and certificates are generated for each installation of the application on a particular device [Baker: para 0163]. The CA digitally signs the CSR with a private key such as a RSA-4096 bit private-key, and produces a SHA-256 digest of its signature, resulting in a certificate which encompasses the public-key generated by the originating device, as well as its user identifier as the subject of the certificate. The CA returns the certificate B to the cloud, along with its own root certificate [Baker: para 0164]. Thus, the SHA-256 digest is a hash of the CSR message that the CA (first server) generated the CSR message based on a public key. As such, Miyamoto obviously suggests “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, where motivation is to ensure a layer of security of communication for each device [Baker: para 0162-0163].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Baker with Miyamoto to teach “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, for the reason to ensure a layer of security of communication for each device.
Claim 2:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1, teaches the process and functionality for generation of CSR message that maybe utilized by various multiple devices and/or servers]; for the method according to claim 1, wherein the method further comprises: transmitting the generated CSR message from the first server to a second server; verifying the CSR message and generating a certificate by the second server; and transmitting the certificate to the hardware security module via the first server and the controller.
Claim 3:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1, teaches the process and functionality for generation of CSR message]; for the method according to claim 1, wherein the method comprises: generating, by the first server, the CSR message based on the public key and identification information of the controller.
Claim 4:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure communication process and functionality that maybe utilized by various multiple devices and/or servers. See Miyamoto: para 0031-0033]; for the method according to claim 1, wherein the first server includes a factory server and the second server includes a vehicular public-key infrastructure (vKPI) server.
Claim 5:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure communication process and functionality based on public key cryptography that maybe utilized by various multiple devices and/or servers. See Miyamoto: para 0031-0033]; for the method according to claim 2, wherein the method comprises: connecting the first server to the controller via vehicle communication through production equipment; and connecting the first server to the second server via external Internet communication.
Claim 6:  Miyamoto: para 0078; discussing the method according to claim 1, wherein the method comprises: mounting the hardware security module as an on-chip module in a microprocessor computer of the controller.
Claim 7:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure communication process and functionality that maybe utilized by various multiple devices and/or servers. See Ref2: para 0067-0068]; for the method according to claim 1, wherein the controller includes a charging controller for electromotive vehicles.
As per claim 8:	Miyamoto, et al. teaches a method for embedding a certificate for a controller requiring certificate embedding, the method comprising: 
receiving, from a server connected in a wired communication, a public key request; [Miyamoto: para 0014, 0033; client apparatus receives a request for an electronic certificate from a server apparatus wherein the certificate contains personal information and a server public key of the server apparatus. The “controller” can be given the broadest reasonable interpretation (BRI) as hardware or software that may include (but not limited to) cards or microchip as part of a machine/device, or separate machine/device per se] 
when the public key request is received, generating, by a hardware security module (HSM), a key pair including a private key and a public key; [Miyamoto: para 0037; The client apparatus has a temporary certificate creating unit and a signature creating unit. The temporary certificate creating unit has a function of creating a temporary electronic certificate that conforms to an electronic certificate. The temporary certificate creating unit includes a temporary key generating section, an encryption section, a signature value calculating section. The storage unit stores a client certificate that contains personal information, a client private key  corresponding to a client public key based on public key cryptography. Thus, suggests a key pair was generated by a hardware security module of the client controller which coincides to the public key request]
transmitting the public key in the generated key pair to the server; [Miyamoto: para 0014, 0034; After the temporary electronic certificate is created which includes basic fields such as issuer information and a public key with extension fields with unique information, and the client sends the temporary electronic certificate to the server apparatus] 
**when a hash of a certificate signing request (CSR) message generated based on the public key is transmitted from the server [**as rejected under a secondary reference, discussion below], signing, by the HSM, the hash with the private key and transmitting the signed hash to the server; and [Miyamoto: para 0050; the signature creating unit encrypts the obtained hash value using a private key corresponding to the public key recorded in the electronic certificate to be transmitted, so as to create a signature. The signature creating unit then sends the server apparatus the created signature together with the electronic certificate or after the electronic certificate is transmitted]
when a certificate is transmitted from the server, completing, by the HSM, verification of the certificate and then storing the certificate. [**as rejected under a secondary reference, discussion below]
Miyamoto discloses information of a used hash function is sent to the server apparatus using an extension field of a temporary electronic certificate [Miyamoto: para 0047]. The signature setting section signs the temporary electronic certificate. Specifically, the signature setting section sets, in the temporary electronic certificate, a signature value which is obtained by hashing information stored in the basic fields and the extension fields and encrypting the resultant hash value using the server public key recorded in the server certificate [Miyamoto: para 0048]. However, Miyamoto did not clearly discuss “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”.
Baker, et al. teaches the invention that enables the initial layer of security, which may employ public-key infrastructure (PKI) techniques to create a one-time PKI requirement [Baker: para 0162]. The private/public-key pair is then used to generate a certificate signing request (CSR). After successful creation of the user, the CA to create a user account on its server to keep track of certificates. Individual users can have many devices, and therefore, private/public-key pairs, CSRs, and certificates are generated for each installation of the application on a particular device [Baker: para 0163]. The CA digitally signs the CSR with a private key such as a RSA-4096 bit private-key, and produces a SHA-256 digest of its signature, resulting in a certificate which encompasses the public-key generated by the originating device, as well as its user identifier as the subject of the certificate. The CA returns the certificate B to the cloud, along with its own root certificate [Baker: para 0164]. Thus, the SHA-256 digest is a hash of the CSR message that the CA (first server) generated the CSR message based on a public key. As such, Miyamoto obviously suggests “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, where motivation is to ensure a layer of security of communication for each device [Baker: para 0162-0163].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Baker with Miyamoto to teach “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, for the reason to ensure a layer of security of communication for each device.
As per claim 9:	Miyamoto, et al. teaches a non-transitory computer-readable recording medium having a program recorded thereon, the program to direct a processor to perform acts of: 
transmitting a public key request from a first server to a controller requiring certificate embedding; [Miyamoto: para 0014, 0033; client apparatus receives a request for an electronic certificate from a server apparatus wherein the certificate contains personal information and a server public key of the server apparatus. The “controller” can be given the broadest reasonable interpretation (BRI) as hardware or software that may include (but not limited to) cards or microchip as part of a machine/device, or separate machine/device per se]
generating a key pair including a private key and a public key by a hardware security module included in the controller according to the public key request; [Miyamoto: para 0037; The client apparatus has a temporary certificate creating unit and a signature creating unit. The temporary certificate creating unit has a function of creating a temporary electronic certificate that conforms to an electronic certificate. The temporary certificate creating unit includes a temporary key generating section, an encryption section, a signature value calculating section. The storage unit stores a client certificate that contains personal information, a client private key  corresponding to a client public key based on public key cryptography. Thus, suggests a key pair was generated by a hardware security module of the client controller which coincides to the public key request]
transmitting the public key in the key pair to the first server via the controller; [Miyamoto: para 0014, 0034; After the temporary electronic certificate is created which includes basic fields such as issuer information and a public key with extension fields with unique information, and the client sends the temporary electronic certificate to the server apparatus] 
**transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key; [**as rejected under a secondary reference, discussion below]
when the hardware security module signs the hash with the private key, transmitting the signed hash to the first server via the controller; and [Miyamoto: para 0050; the signature creating unit encrypts the obtained hash value using a private key corresponding to the public key recorded in the electronic certificate to be transmitted, so as to create a signature. The signature creating unit then sends the server apparatus the created signature together with the electronic certificate or after the electronic certificate is transmitted]
**completing generation of the CSR message by the first server based on the signed hash. [**as rejected under a secondary reference, discussion below]
Miyamoto discloses information of a used hash function is sent to the server apparatus using an extension field of a temporary electronic certificate [Miyamoto: para 0047]. The signature setting section signs the temporary electronic certificate. Specifically, the signature setting section sets, in the temporary electronic certificate, a signature value which is obtained by hashing information stored in the basic fields and the extension fields and encrypting the resultant hash value using the server public key recorded in the server certificate [Miyamoto: para 0048]. However, Miyamoto did not clearly discuss “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”.
Baker, et al. teaches the invention that enables the initial layer of security, which may employ public-key infrastructure (PKI) techniques to create a one-time PKI requirement [Baker: para 0162]. The private/public-key pair is then used to generate a certificate signing request (CSR). After successful creation of the user, the CA to create a user account on its server to keep track of certificates. Individual users can have many devices, and therefore, private/public-key pairs, CSRs, and certificates are generated for each installation of the application on a particular device [Baker: para 0163]. The CA digitally signs the CSR with a private key such as a RSA-4096 bit private-key, and produces a SHA-256 digest of its signature, resulting in a certificate which encompasses the public-key generated by the originating device, as well as its user identifier as the subject of the certificate. The CA returns the certificate B to the cloud, along with its own root certificate [Baker: para 0164]. Thus, the SHA-256 digest is a hash of the CSR message that the CA (first server) generated the CSR message based on a public key. As such, Miyamoto obviously suggests “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, where motivation is to ensure a layer of security of communication for each device [Baker: para 0162-0163].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Baker with Miyamoto to teach “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, for the reason to ensure a layer of security of communication for each device.
As per claim 10:	Miyamoto, et al. teaches an in-vehicle controller comprising: 
a hardware security module configured to: 
generate a key pair including a private key and a public key; [Miyamoto: para 0014, 0033; client apparatus receives a request for an electronic certificate from a server apparatus wherein the certificate contains personal information and a server public key of the server apparatus. The “controller” can be given the broadest reasonable interpretation (BRI) as hardware or software that may include (but not limited to) cards or microchip as part of a machine/device, or separate machine/device per se]
extract the public key from the generated key pair; [Miyamoto: para 0037; The client apparatus has a temporary certificate creating unit and a signature creating unit. The temporary certificate creating unit has a function of creating a temporary electronic certificate that conforms to an electronic certificate. The temporary certificate creating unit includes a temporary key generating section, an encryption section, a signature value calculating section. The storage unit stores a client certificate that contains personal information, a client private key  corresponding to a client public key based on public key cryptography. Thus, suggests a key pair was generated coincides to the public key request]
transmit the public key to the controller when a first public key request is received from the controller; [Miyamoto: para 0014, 0034; After the temporary electronic certificate is created which includes basic fields such as issuer information and a public key with extension fields with unique information, and the client sends the temporary electronic certificate to the server apparatus] 
**generate a hash of a certificate signing request (CSR) message based on the public key; [**as rejected under a secondary reference, discussion below]
when the hash of the CSR message is transmitted from the controller, sign the hash with the private key and transmit the signed hash to the controller; and [Miyamoto: para 0050; the signature creating unit encrypts the obtained hash value using a private key corresponding to the public key recorded in the electronic certificate to be transmitted, so as to create a signature. The signature creating unit then sends the server apparatus the created signature together with the electronic certificate or after the electronic certificate is transmitted] 
**when a certificate is transmitted from a server, complete verification of the certificate and store the certificate. [**as rejected under a secondary reference, discussion below]
Miyamoto discloses information of a used hash function is sent to the server apparatus using an extension field of a temporary electronic certificate [Miyamoto: para 0047]. The signature setting section signs the temporary electronic certificate. Specifically, the signature setting section sets, in the temporary electronic certificate, a signature value which is obtained by hashing information stored in the basic fields and the extension fields and encrypting the resultant hash value using the server public key recorded in the server certificate [Miyamoto: para 0048]. However, Miyamoto did not clearly discuss “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”.
Baker, et al. teaches the invention that enables the initial layer of security, which may employ public-key infrastructure (PKI) techniques to create a one-time PKI requirement [Baker: para 0162]. The private/public-key pair is then used to generate a certificate signing request (CSR). After successful creation of the user, the CA to create a user account on its server to keep track of certificates. Individual users can have many devices, and therefore, private/public-key pairs, CSRs, and certificates are generated for each installation of the application on a particular device [Baker: para 0163]. The CA digitally signs the CSR with a private key such as a RSA-4096 bit private-key, and produces a SHA-256 digest of its signature, resulting in a certificate which encompasses the public-key generated by the originating device, as well as its user identifier as the subject of the certificate. The CA returns the certificate B to the cloud, along with its own root certificate [Baker: para 0164]. Thus, the SHA-256 digest is a hash of the CSR message that the CA (first server) generated the CSR message based on a public key. As such, Miyamoto obviously suggests “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, where motivation is to ensure a layer of security of communication for each device [Baker: para 0162-0163].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Baker with Miyamoto to teach “transmitting a hash of a certificate signing request (CSR) message to the controller when the first server generates the CSR message based on the public key” and “completing generation of the CSR message by the first server based on the signed hash”, for the reason to ensure a layer of security of communication for each device.
Claim 11:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure (Baker: para 0097; wired) communication process and functionality that maybe utilized by various multiple devices and/or servers (Miyamoto: para 0033-0034)]; discussing the in-vehicle controller according to claim 10, wherein the controller is configured to: transmit the first public key request to the hardware security module when a second public key request is received from a server connected to the controller in a wired communication.
Claim 12:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure communication process and functionality that maybe utilized by various multiple devices and/or servers. See Miyamoto: para 0031-0033]; for the in-vehicle controller according to claim 11, wherein the server includes a factory server connected to a vehicular public-key infrastructure (vKPI) server.
Claim 13:  The combination of Miyamoto and Baker teaches the limitations of claim 1, as stated [applies the same motivation as stated in claim 1 accordingly, which teaches secure communication process and functionality that maybe utilized by various multiple devices and/or servers. See Ref2: para 0067-0068]; for the in-vehicle controller according to claim 10, wherein the controller includes a charging controller for electromotive vehicles.
Claim 14:  Miyamoto: para 0078-0079; discussing the in-vehicle controller according to claim 10, wherein the hardware security module is mounted as an on-chip module in a microprocessor computer of the controller.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435