DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 are pending.

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 1/26/21 was filed after the mailing date of the Claims on 1/26/21.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

3.	Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Engles, et al. [US 20120011360].
US 20170221055
As per claim 1:	Engles, et al. teaches a computer comprising a processor and a memory storing instructions executable by the processor to: 
receive a request to publish or subscribe to a message topic from a node [Engles: para 0259; broadcasts a query message onto the data link to the one or more of the tags where the query message contains the SSID value, which is a nonce value that the interface generates. The interface attempts to identify all tags by broadcasting a query to all tags. More examples on para 0410. The limitation “message topic” may be given the broadest reasonable interpretation (BRI) as data or content included or associated to a message per se. Thus, the BRI for message topic is consistent with the application’s original disclosure (i.e. para 0027, may be a category of data or update), although not relied upon as the definition since limitations from the specification are not read into the claims. Engles discloses the message contains SSID value and other information (e.g. key, random value, cryptographic) related to identifying a device. As such, the message topic may broadly be credential data of a message per se] on a wired vehicle communications network via the wired vehicle communications network; [Engles: para 0189; The KMS system designed to scale to support smart objects and devices connected to the "Internet of Things" (IOT), which is a communications network that connects smart objects, e.g., objects with an embedded RFID tag such as a car with an electronic toll tag, to one another and other resources available over the global Internet as well as local networks. More examples on para 0228, 0412]
authenticate the node using the request; [Engles: para 0229, 0277-0279]
authorize the node by verifying that the node is on a permission list for the message topic; and [Engles: para 0205-0208; distribution access control lists may specify domains or specific devices that may receive specific KMS data, i.e., distribution white lists. Similarly, these lists may specify lists of domains or specific devices that may not receive specific KMS data, i.e., distribution black lists. Per BRI, the limitation “permission list” may be a listing of consent/approval and/or denied/rejected, or privilege, or rights, etc. which may include both allowed and/or not allowed (e.g. access control list, white list, black list)]
upon authenticating and authorizing the node, transmit a symmetric key to the node [Engles: para 0192], wherein the symmetric key is usable to encrypt or decrypt messages about the message topic. [Engles: para 0024; authenticated machines that wish to communicate are sent the same session key, they may use that key and a symmetric key cipher to communicate securely with one another. Also para 0228-0232; each of the interfaces contains a tag access client (TAC). The TAC provides the encrypted data transport connection between each tag and the network 61 and operates on the behalf of the tag to manage mutual authentication between the tag and the network using authentication protocols (e.g. Hummingbird). See also para 0209, 0260, 0277, 0414]
Claim 2:  Engles: para 0144, 0228-0232; discussing the computer of claim 1, wherein the instructions include instructions to receive a sample message from the node encrypted with the symmetric key, decrypt the sample message, and retransmit the symmetric key to the node upon determining that the decrypted sample message does not match a stored sample message. [Engles: para 0236-0237, 0247]
Claim 3:  Engles: para 0048, 0195; discussing the computer of claim 1, wherein authenticating the node includes applying public key cryptography to the request.
Claim 4:  Engles: para 0194, 0203; discussing the computer of claim 3, wherein the public key cryptography is a digital signature for which the request is encrypted with a node private key, and authenticating the node includes decrypting the request with a node public key paired with the node private key.
Claim 5:  Engles: para 0023, 0432; discussing the computer of claim 4, wherein the instructions include instructions to encrypt the symmetric key with the node public key before transmitting the symmetric key to the node.
Claim 6:  Engles: para 0417-0420 [Due to the mobile nature of vehicles and the use of symmetric key ciphers on the toll tags, a KMS system is required to distribute the tag secret keys to the toll booth and open road tolling applications as the keys are needed. Thus, vehicle when on requires a key for the toll tags to use the toll]; discussing the computer of claim 1, wherein the instructions include instructions to generate the symmetric key upon starting of a vehicle including the node.
Claim 7:  Engles: para 0054, 0273; discussing the computer of claim 1, wherein the instructions include instructions to generate a plurality of symmetric keys including the symmetric key for a plurality of respective message topics including the message topic.
Claim 8:  Engles: para 0259-0264; discussing the computer of claim 1, wherein the request is a request to publish the message topic, and the symmetric key is usable to encrypt message about the message topic.
Claim 9:  Engles: para 0259-0264; discussing the computer of claim 8, wherein the node is a publisher node, the symmetric key is a first symmetric key, and the instructions include instructions to: receive a request to subscribe to the message topic from a subscriber node on the wired vehicle communications network via the wired vehicle communications network [Engles: para 0189; The KMS system designed to scale to support smart objects and devices connected to the "Internet of Things" (IOT), which is a communications network that connects smart objects, e.g., objects with an embedded RFID tag such as a car with an electronic toll tag, to one another and other resources available over the global Internet as well as local networks. More examples on para 0228, 0412]; authenticate the subscriber node using the request to subscribe; authorize the subscriber node by verifying that the subscriber node is on the permission list for the message topic [Engles: para 0205-0208; distribution access control lists may specify domains or specific devices that may receive specific KMS data, i.e., distribution white lists. Similarly, these lists may specify lists of domains or specific devices that may not receive specific KMS data, i.e., distribution black lists. Per BRI, the limitation “permission list” may be a listing of consent/approval and/or denied/rejected, or privilege, or rights, etc. which may include both allowed and/or not allowed (e.g. access control list, white list, black list)]; and upon authenticating and authorizing the subscriber node, transmit a second symmetric key paired with the first symmetric key to the subscriber node, wherein the second symmetric key is usable to decrypt messages about the message topic. [Engles: para 0139, 0228-0232]
As per claim 10:	Engles, et al. teaches a vehicle system comprising: 
a manager module; [Engles: para 0231]
a node; and [Engles: para 0248]
a wired vehicle communications network connecting the node and the manager module; [Engles: para 0189; The KMS system designed to scale to support smart objects and devices connected to the "Internet of Things" (IOT), which is a communications network that connects smart objects, e.g., objects with an embedded RFID tag such as a car with an electronic toll tag, to one another and other resources available over the global Internet as well as local networks. More examples on para 0228, 0412] 
wherein the manager module is programmed to: 
receive a request to publish or subscribe to a message topic from the node; [Engles: para 0259; broadcasts a query message onto the data link to the one or more of the tags where the query message contains the SSID value, which is a nonce value that the interface generates. The interface attempts to identify all tags by broadcasting a query to all tags. More examples on para 0410. The limitation “message topic” may be given the broadest reasonable interpretation (BRI) as data or content included or associated to a message per se. Thus, the BRI for message topic is consistent with the application’s original disclosure (i.e. para 0027, may be a category of data or update), although not relied upon as the definition since limitations from the specification are not read into the claims. Engles discloses the message contains SSID value and other information (e.g. key, random value, cryptographic) related to identifying a device. As such, the message topic may broadly be credential data of a message per se]
authenticate the node using the request; [Engles: para 0229, 0277-0279]
authorize the node by verifying that the node is on a permission list for the message topic; and [Engles: para 0205-0208; distribution access control lists may specify domains or specific devices that may receive specific KMS data, i.e., distribution white lists. Similarly, these lists may specify lists of domains or specific devices that may not receive specific KMS data, i.e., distribution black lists. Per BRI, the limitation “permission list” may be a listing of consent/approval and/or denied/rejected, or privilege, or rights, etc. which may include both allowed and/or not allowed (e.g. access control list, white list, black list)] 
upon authenticating and authorizing the node, transmit a symmetric key to the node; and  [Engles: para 0192]
the node is programmed to encrypt or decrypt messages about the message topic using the symmetric key. [Engles: para 0024; authenticated machines that wish to communicate are sent the same session key, they may use that key and a symmetric key cipher to communicate securely with one another. Also para 0228-0232; each of the interfaces contains a tag access client (TAC). The TAC provides the encrypted data transport connection between each tag and the network 61 and operates on the behalf of the tag to manage mutual authentication between the tag and the network using authentication protocols (e.g. Hummingbird). See also para 0209, 0260, 0277, 0414]
Claim 11:  Engles: para 0205-0208; discussing the vehicle system of claim 10, further comprising a hardware security module physically connected to the manager module, wherein the permission list is stored on the hardware security module.
Claim 12:  Engles: para 0194, 0203; discussing the vehicle system of claim 10, wherein the node is storing a node private key, and the node is programmed to encrypt the request with the node private key and then transmit the request to the manager module.
Claim 13:  Engles: para 0097, 0232; discussing the vehicle system of claim 12, further comprising a hardware security module physically connected to the manager module, wherein authenticating the node includes decrypting the request with a node public key paired with the node private key, and the node public key is stored on the hardware security module.
Claim 14:  Engles: para 0259-0264; discussing the vehicle system of claim 10, wherein the node is a publisher node, the request is a request to publish the message topic, and the symmetric key is usable to encrypt message about the message topic.
Claim 15:  Engles: para 0189, 0288; discussing the vehicle system of claim 14, further comprising a subscriber node connected to the manager module and the publisher node via the wired vehicle communications network.
Claim 16:  Engles: para 0259-0264; discussing the vehicle system of claim 15, wherein the symmetric key is a first symmetric key; the manager module is further programmed to: receive a request to subscribe to the message topic from the subscriber node; authenticate the subscriber node using the request to subscribe [Engles: para 0259; broadcasts a query message onto the data link to the one or more of the tags where the query message contains the SSID value, which is a nonce value that the interface generates. The interface attempts to identify all tags by broadcasting a query to all tags. More examples on para 0410]; authorize the subscriber node by verifying that the subscriber node is on the permission list for the message topic [Engles: para 0205-0208; distribution access control lists may specify domains or specific devices that may receive specific KMS data, i.e., distribution white lists. Similarly, these lists may specify lists of domains or specific devices that may not receive specific KMS data, i.e., distribution black lists]; and upon authenticating and authorizing the subscriber node, transmit a second symmetric key paired with the first symmetric key to the subscriber node [Engles: para 0105-0107]; and the subscriber node is programmed to decrypt messages about the message topic using the second symmetric key. [Engles: para 0139, 0228-0232]
As per claim 17:	Engles, et al. teaches a method comprising: 
transmitting a request to publish or subscribe to a message topic by a node [Engles: para 0259; broadcasts a query message onto the data link to the one or more of the tags where the query message contains the SSID value, which is a nonce value that the interface generates. The interface attempts to identify all tags by broadcasting a query to all tags. More examples on para 0410. The limitation “message topic” may be given the broadest reasonable interpretation (BRI) as data or content included or associated to a message per se. Thus, the BRI for message topic is consistent with the application’s original disclosure (i.e. para 0027, may be a category of data or update), although not relied upon as the definition since limitations from the specification are not read into the claims. Engles discloses the message contains SSID value and other information (e.g. key, random value, cryptographic) related to identifying a device. As such, the message topic may broadly be credential data of a message per se] in a vehicle to a manager module in the vehicle; [Engles: para 0189; The KMS system designed to scale to support smart objects and devices connected to the "Internet of Things" (IOT), which is a communications network that connects smart objects, e.g., objects with an embedded RFID tag such as a car with an electronic toll tag, to one another and other resources available over the global Internet as well as local networks. More examples on para 0228, 0412] 
authenticating the node using the request by the manager module; [Engles: para 0229, 0277-0279]
authorizing the node by verifying that the node is on a permission list for the message topic by the manager module; [Engles: para 0205-0208; distribution access control lists may specify domains or specific devices that may receive specific KMS data, i.e., distribution white lists. Similarly, these lists may specify lists of domains or specific devices that may not receive specific KMS data, i.e., distribution black lists. Per BRI, the limitation “permission list” may be a listing of consent/approval and/or denied/rejected, or privilege, or rights, etc. which may include both allowed and/or not allowed (e.g. access control list, white list, black list)]
upon authenticating and authorizing the node, transmitting a symmetric key to the node by the manager module; and   [Engles: para 0192, 0231]
encrypting or decrypting messages about the message topic using the symmetric key by the node. [Engles: para 0024; authenticated machines that wish to communicate are sent the same session key, they may use that key and a symmetric key cipher to communicate securely with one another. Also para 0228-0232; each of the interfaces contains a tag access client (TAC). The TAC provides the encrypted data transport connection between each tag and the network 61 and operates on the behalf of the tag to manage mutual authentication between the tag and the network using authentication protocols (e.g. Hummingbird). See also para 0209, 0260, 0277, 0414]
Claim 18:  Engles: para 0048, 0195; discussing the method of claim 17, further comprising, upon receiving the symmetric key, encrypting a sample message with the symmetric key by the node, and transmitting the encrypted sample message by the node to the manager module.
Claim 19:  Engles: para 0144, 0228-0232; discussing the method of claim 18, further comprising decrypting the encrypted sample message by the manager module, and retransmitting the symmetric key by the manager module to the node upon determining that the decrypted sample message does not match a stored sample message on the manager module. [Engles: para 0236-0237, 0247]
Claim 20:  Engles: para 0417-0420 [Due to the mobile nature of vehicles and the use of symmetric key ciphers on the toll tags, a KMS system is required to distribute the tag secret keys to the toll booth and open road tolling applications as the keys are needed. Thus, vehicle when on requires a key for the toll tags to use the toll]; discussing the method of claim 17, further comprising generating the symmetric key by the manager module upon the vehicle starting.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435