DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
The present application is a continuation of US Serial Number 16/022,020, filed June 28, 2018, which claims priority to US provisional patent application No. 62/606,146 filed on January 8, 2018, the entire content of which is incorporated herein by reference. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/08/22.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Instant Application
US 11316898 B2
1. A method implemented by one or more computing devices for managing use of an asset, the method comprising: 
accomplishing a registration procedure between an asset device physically coupled with an asset and an owner device associated with an owner of the asset; 








transmitting a secure policy associated with a user from a policy owner device to a user device associated with the user, wherein the secure policy includes policy attributes defining conditions and limitations for controlling use of the asset and is distinct from cryptographic keys used to secure the communication to the asset.; 
transmitting the secure policy from user device to the asset device; 
requesting, by the user device, a specified use of the asset; and enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to the policy attributes in the policy.
1. A method implemented by one or more computing devices for managing use of an asset, the method comprising: 
accomplishing a registration procedure between an asset device physically coupled with an asset and an owner device associated with an owner of the asset, wherein the registration procedure comprises: exchanging public keys between the owner device and the asset device, the public keys being signed by a certificate authority with a certificate of identity; deriving a shared secret; and protecting communications between the owner device and the asset device by encrypting and signing the communication using the public keys and the shared secret; 
transmitting a secure policy associated with a user from a policy owner device to a user device associated with the user, wherein the secure policy includes policy attributes defining conditions and limitations for controlling use of the asset and is distinct from cryptographic keys used to secure the communication to the asset; 
transmitting the secure policy from user device to the asset device; 
requesting, by the user device, a specified use of the asset; and enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to the policy attributes in the policy.




Claims 1-18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-16 of U.S. Patent No. US 11316898 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with minor obvious variations.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 10, 12-17 are rejected under 35 U.S.C. 103 as being unpatentable over Penilla et al(US 20150210287 A1:IDS supplied) and in view of Madrigal et al(US 20150365293 A1).

With regards to claim 1, 10 Penilla discloses, A method implemented by one or more computing devices for managing use of an asset, the method comprising: 
accomplishing a registration procedure between an asset device physically coupled with an asset and an owner device associated with an owner of the asset ([0295] In one embodiment, at a remote location, a user is able to access a user interface for an application, which provides users access to user accounts. A user account can be for a user and the user can add one or more vehicles, objects, data or appliances for remote reporting, viewing and control. In one embodiment, a user is an owner or user of a vehicle. The user can register the vehicle with a remote service. FIG 8 step 214, 210 and associated text;)[0031] Note: Examiner interpreted CAR as asset, controller of car as asset device  and owner device as user mobile phone); 
transmitting the secure policy from user device to the asset device (FIG 9A 370 and associated text; [0164]; In one embodiment, when the user comes in proximity to the car 200, the car can beep or light up when enabled, it can open the doors to allow the user to access the vehicle when the logic has paired the user to the vehicle, the profile of the user can be transferred to the vehicle, …. Accordingly, the profile database 160 can include both profiles of the user, such as user settings, as well as profile restrictions that may be set by the car sharing service.) wherein the secure policy includes policy attributes defining conditions and limitations for controlling use of the asset and is distinct from cryptographic keys used to secure the communication to the asset ([0164]; the profile of the user can be transferred to the vehicle, the use of the vehicle is managed by the user's online account (storing historical use data and any billing information), automatic payment for use can be made from predefined payment arrangements stored in the profile, and use of the vehicle can be restricted to predefined rules, based on the profile. [0127] In one embodiment, rules can be integrated with or applied to the applications and system user interfaces for when the vehicle is moving. As mentioned above, such rules can limit interactivity with certain user interfaces while the vehicle is moving to prevent unsafe driving. In one embodiment, the custom user interface is saved to the user profile.);  
requesting, by the user device, a specified use of the asset ([0042]; In one example, the profile is associated with a plurality of vehicle types and the method includes detecting a violation of a setting or an incompatible setting in the profile that is user defined via the user account. The method can then automatically send a notification to a predefined administrator of the profile. The method being executed by a processor.FIG 9A 364 and associated text; ); and 
enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to the policy attributes in the policy ([0164]; the profile of the user can be transferred to the vehicle, the use of the vehicle is managed by the user's online account (storing historical use data and any billing information), automatic payment for use can be made from predefined payment arrangements stored in the profile, and use of the vehicle can be restricted to predefined rules, based on the profile. [0042]; In one example, the profile is associated with a plurality of vehicle types and the method includes detecting a violation of a setting or an incompatible setting in the profile that is user defined via the user account. The method can then automatically send a notification to a predefined administrator of the profile. The method being executed by a processor. FIG 9A 370 and associated text; ).

Penilla does not exclusively discloses, transmitting a secure policy associated with a user from a policy owner device to a user device associated with the user, 
However Madrigal teaches transmitting a secure policy associated with a user from a policy owner device to a user device associated with the user, ([0008] Accordingly, in some examples, the compliance system can be in communication with an on-demand service system operated by the entity. Although the devices are in possession of the service providers, the entity can generate and use policies for managing and controlling their devices through use of the compliance system, so as to ensure that the devices are being used appropriately by the service providers. Because the entity owns the devices, the compliance system can be used to change the functionality, operation, or status of a compliance-violating device [0011] For example, based on information received from the MDM system that a particular application is present (e.g., stored) on a device of the plurality of devices, the compliance system can identify a policy based on the information, and transmit, to the M2M system, a request to change a configuration of that device based on the identified policy. FIG 3 310-320 and associated text;), It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Penilla’s method with teaching of Madrigal in order for enforcing policies for service entity with mobile device (MADRIGAL Abstract).

With regards to claim 12, Penilla further discloses, wherein the policy owner device is controlled by the owner of the asset ([0102] In the various embodiments defined herein, Internet services provide access to cloud services. The cloud services provide access to user accounts and access to settings, configurations, applications and other customization defined by the user…. The programming can include automatic programming at certain times, days, months, years, etc., and can be updated or molded over time as the user continues to use the vehicle UI).

With regards to claim 13, Penilla further discloses, wherein the policy owner device is controlled by a party other than the owner of the asset who has been given rights to create policies (FIG 8 214 -210 and associated text; [0129] In one embodiment, the custom user interface configuration can be transferred to the vehicle. The custom configuration, as mentioned above is stored in the database of the vehicle manufacturer, or a database held by a 3rd party that cooperates with the vehicle manufacturer to provide cloud services.).

With regards to claim 14, Penilla further discloses, wherein the asset device stores a data structure including a user ID (FIG 7 USER bob), a user fingerprint ([0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords). Credentials can also include biometric data of the user. The biometrics can include face detection, finger print identification, eye retina exam, voice finger prints, and combinations of two or more thereof.), access policy attributes ([0080] [0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords).  ), and a shared secret with the owner device ([0080] In one embodiment, a device is allowed to set and recall the settings for future pairings with the vehicle. In some implementations, the settings can be predictive based on settings in past, the current environment (e.g., outside temp, inside temp, season of year, time of day, etc.). The controls, functions and interface abilities provided to each passenger can be based on where the user is sitting in vehicle, or based on privileges, or can be dynamically set or terminated.), and wherein the owner device stores a data structure including an asset ID (FIG 8 Car A ID:1528ABC), an asset fingerprint ([0085]; For example, a user can send a friend the code or link to log into cloud services so that the friend's device can be pre-paired to the user's car. When the friend is a passenger in the user's car, the friend will be able to auto-link to the car. Along the same example, a user wishing to travel by vehicle (e.g., car, truck, bus, airplane, boat, etc.) can register to pre-pair to the vehicle. Once the user gets to the vehicle, the user's device will auto connect to the vehicle or will connect upon acceptance of the connection (e.g., by way of one or more screens or GUIs). In some examples, the passenger can pre-set certain settings from interfaces provided by cloud services, so that when the user arrives to the vehicle the settings can be implemented automatically, once paired and/or the seat is identified for the passenger. Note: Car MAC address could be asset signature as it connected to the network), access policy attributes ([0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords)), and the shared secret ([0080] In one embodiment, a device is allowed to set and recall the settings for future pairings with the vehicle. In some implementations, the settings can be predictive based on settings in past, the current environment (e.g., outside temp, inside temp, season of year, time of day, etc.). The controls, functions and interface abilities provided to each passenger can be based on where the user is sitting in vehicle, or based on privileges, or can be dynamically set or terminated).

With regards to claim 15, Penilla further discloses, wherein the user device stores a data structure including an asset ID, and asset fingerprint, and a shared secret with the policy owner (FIG 8 and associated text [008];[0085).

With regards to claim 16, Penilla further discloses, wherein the use of the asset includes physical access to an interior of the asset (FIG 1 User N accessing Vechicle)).

With regards to claim 17, Penilla further discloses, wherein the asset is a computing resource and the use includes access to the computing resource (FIG 1 user 1 accessing Vehicle metrics  ).

Claims 2-8, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Penilla et al(US 20150210287 A1:IDS supplied) and in view of MADRIGAL et al(US 20180026949 A1) and  in view of Medvinsky et al(US 20100151822 A1).

With regards to claim 2, 11 Penilla further discloses,  wherein the secure policy is bound to a fingerprint of the user device ([0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords). Credentials can also include biometric data of the user. The biometrics can include face detection, finger print identification, eye retina exam, voice finger prints, and combinations of two or more thereof. The user credentials can be associated to a user account that is managed and/or stored by cloud services.) and further comprising the policy owner device encrypting ([0303] The access to the data can also be encrypted to prevent unauthorized access to the data)

However Penilla in view of MADRIGAL do not but, Medvinsky teaches,  The policy owner device signing the policy ([0034] The mobile phone 106 can obtain the region code from the network context and send it to the media content provider 102. Based on the region code, the media content provider can determine up the encryption policy and send the signed policy and region code back to the mobile phone. The policy and region code can be signed to prevent a man in the middle attack that alters the actual policy.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Penilla in view of MADRIGAL’s method with teaching of Medvinsky to prevent a man in the middle attack that alters the actual policy (Medvinsky [0034]).

With regards to claim 3, Penilla further discloses, wherein the policy owner device is controlled by the owner of the asset ([0102] In the various embodiments defined herein, Internet services provide access to cloud services. The cloud services provide access to user accounts and access to settings, configurations, applications and other customization defined by the user…. The programming can include automatic programming at certain times, days, months, years, etc., and can be updated or molded over time as the user continues to use the vehicle UI).

With regards to claim 4, Penilla further discloses, wherein the policy owner device is controlled by a party other than the owner of the asset who has been given rights to create policies (FIG 8 214 -210 and associated text; [0129] In one embodiment, the custom user interface configuration can be transferred to the vehicle. The custom configuration, as mentioned above is stored in the database of the vehicle manufacturer, or a database held by a 3rd party that cooperates with the vehicle manufacturer to provide cloud services.).

With regards to claim 5, Penilla further discloses, wherein the asset device stores a data structure including a user ID (FIG 7 USER bob), a user fingerprint ([0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords). Credentials can also include biometric data of the user. The biometrics can include face detection, finger print identification, eye retina exam, voice finger prints, and combinations of two or more thereof.), access policy attributes ([0080] [0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords).  ), and a shared secret with the owner device ([0080] In one embodiment, a device is allowed to set and recall the settings for future pairings with the vehicle. In some implementations, the settings can be predictive based on settings in past, the current environment (e.g., outside temp, inside temp, season of year, time of day, etc.). The controls, functions and interface abilities provided to each passenger can be based on where the user is sitting in vehicle, or based on privileges, or can be dynamically set or terminated.), and wherein the owner device stores a data structure including an asset ID (FIG 8 Car A ID:1528ABC), an asset fingerprint ([0085]; For example, a user can send a friend the code or link to log into cloud services so that the friend's device can be pre-paired to the user's car. When the friend is a passenger in the user's car, the friend will be able to auto-link to the car. Along the same example, a user wishing to travel by vehicle (e.g., car, truck, bus, airplane, boat, etc.) can register to pre-pair to the vehicle. Once the user gets to the vehicle, the user's device will auto connect to the vehicle or will connect upon acceptance of the connection (e.g., by way of one or more screens or GUIs). In some examples, the passenger can pre-set certain settings from interfaces provided by cloud services, so that when the user arrives to the vehicle the settings can be implemented automatically, once paired and/or the seat is identified for the passenger. Note: Car MAC address could be asset signature as it connected to the network ), access policy attributes ([0080] In some embodiments, persons that enter a vehicle as passengers will be allowed to connect to the vehicle electronic by entering credentials (e.g., user names and/or passwords)), and the shared secret ([0080] In one embodiment, a device is allowed to set and recall the settings for future pairings with the vehicle. In some implementations, the settings can be predictive based on settings in past, the current environment (e.g., outside temp, inside temp, season of year, time of day, etc.). The controls, functions and interface abilities provided to each passenger can be based on where the user is sitting in vehicle, or based on privileges, or can be dynamically set or terminated).

With regards to claim 6, Penilla further discloses, wherein the user device stores a data structure including an asset ID, and asset fingerprint, and a shared secret with the policy owner (FIG 8 and associated text [008];[0085).

With regards to claim 7, Penilla further discloses,  wherein the use of the asset includes physical access to an interior of the asset (FIG 1 User N accessing Vechicle)).

With regards to claim 8, Penilla further discloses, wherein the asset is a computing resource and the use includes access to the computing resource (FIG 1 user 1 accessing Vehicle metrics  ).

Allowable Subject Matter
Claims 9, 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498