Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 08/04/2022, with respect to the U.S.C. §103 rejection claims 1-7 are rejected as being unpatentable over US20180302228  (Hergesheimer) in view of US11283793 (Khanna) have been fully considered.  However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-7 and 14 are rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2), and further in view of US PG-PUB No 20090167524 hereinafter Chesnutt.

Regarding claim 1, Hergesheimer teaches:

A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising:
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);
 receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));

Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a limited, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One- Time Password - single-use/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110. Khanna et al further teaches in paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
attaching the single-use credential value to the command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP to each access request (command message));
a processor of the vehicle tracking device generating a first expected credential value based at least in part on the shared key value and a second time value (paragraph [0008]: The instructions further cause the processor(s) to perform processing comprising generating a second TOTP (expected credential value) using a key (shared key) that has been configured for the username; paragraph [0030]: generate TOTPs as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110);
the processor of the vehicle tracking device comparing the first expected credential value to the single-use credential value attached to the command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value)); and e the vehicle tracking device executing the command included in the command message only if the first expected credential value matches the single-use credential value attached to the command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP). 
Hergesheimer and Khanna et al are both considered to be analogous to the clarmed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, if would have been obvious for one of ordmary skill m the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al. One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]).

	Hergesheimer in view of Khanna do not disclose:
generating a short message service command including a command to be executed by the vehicle tracking device 

	Chesnutt discloses:
generating a short message service command including a command to be executed by the vehicle tracking device (para 0046 “At the call center, the SMS command message is authenticated by one or more security-related functions, step 214, as described above. These security-related functions can include checking the origination address of the device that sent the SMS command message; i.e., mobile phone 22. It is also possible for the SMS command message from the trigger device to be encrypted; in which case, call center 20 will decrypt the incoming message according to one or more cryptographic methods known in the art. If call center 20 determines that the incoming SMS command message is from an authorized sender and has not been tampered with, then it can wirelessly forward the SMS command message to vehicle 12 over wireless carrier system 14, step 220.” Para 0047 “Once the SMS command message is received at vehicle 12, the vehicle can perform one or more security-related functions to authenticate the incoming message, step 224, as described above. If the SMS command message is deemed to be authentic, then telematics unit 30 or some other electronic component of vehicle 12 can compare the trigger device GPS information that was embedded or inserted into the SMS command message with vehicle GPS information representative of the current or past location of the vehicle, step 230. If the GPS information shows that mobile phone 22 is within a certain proximity of vehicle 12, say for example one mile, then telematics unit 30 can extract and initiate the remote engine start command that was also included in the SMS command message, step 232.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Hergesheimer in view of Khanna to include the generating a short message service command including a command to be executed by the vehicle tracking device, as taught by Chesnutt.
The motivation would be to send a utilized a verifiable message to include pertinent information to provide secure communication.

Regarding claim 2, Hergesheimer and Khanna in view of Chesnutt et al, hereinafter HK, teaches all of the features with respect to claim 1, as outlined above. 
Khanna et al further teaches wherein the first expected credential value matches the single-use credential value based on the second time value falling within the first time window (paragraph [0008]: determining whether the session is valid and the determining whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value). Paragraph [0074]: The times used to generate the TOTPs (first and second time value) also need to be synchronized.).

Regarding claim 3, HK and C teaches all of the features with respect to claim 1, as outlined above. 
Khanna et al further teaches wherein if the first expected credential value does not match the single-use credential value, the method further comprises:
the processor of the vehicle tracking device generating a second expected credential value based at least in part on the shared key value and a time value that falls within a preceding time window that immediately precedes a time window into which the second time value falls (paragraph [0022]: Because TOTPs are only valid for a specific time window, a new valid TOTP (second expected credential value) would be needed (within a preceding time window) each time a time window expires);
the processor of the vehicle tracking device comparing the second expected credential value to the single-use credential value attached to the sms command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (second expected credential value)); and
the vehicle tracking device executing the sms command included in the sms command message only if the second expected credential value matching the single-use credential value attached to the sms command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP)

Regarding claim 4, HK and C teaches all of the features with respect to claim 3, as outlined above.
Khanna et al further teaches wherein the preceding time window corresponds to the first time window (paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window)).

Regarding claim 5, HK and C teaches all of the features with respect to claim 1, as outlined above.
Khanna et al further teaches wherein the second time value corresponds to a time at which the sms command message is received at the vehicle tracking device (paragraph [0008]: receiving, during a session established for a username, an access request (Command message is received) from a client application, the access request identifying a resource (vehicle tracking device on this case) to be accessed, generating a second TOTP (include the time value)).

Regarding claim 6, HK and C teaches all of the features with respect to claim 5, as outlined above.
Hergesheimer further teaches wherein the time at which the sms command message is received at the vehicle tracking device is determined based on reference to timing signals from Global Positioning System (GPS) satellites (paragraph [0004]: In addition to location information, a GPS receiver can also be configured to provide time data.).

Regarding claim 7, HK and C teaches all of the features with respect to claim 1, as outlined above.
Khanna et al further teaches wherein step (c) comprises prepending the single-use credential value to the sms command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP (single-use credential value) to each access request (command message) (e.g., to a header portion of the access request)).

Regarding claim 14, HK, C teaches all of the features with respect to claim 8, as outlined above.
Chesnutt teaches wherein the command included in the SMS command message causes the vehicle tracking device to perform one or more of: setting up cellular communications and  acquiring and transmitting its current GPS coordinates (para 0046 and 0047)

5.	Claims 8 and 15 are rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2), and further in view of Chesnutt, and Rougier (US PG-PUB No. 20180310174 Al).

Regarding claim 8, Hergesheimer teaches:
A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising:
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);

receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));

Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a duration of X seconds, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One- Time Password - single-user/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110. Paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
attaching the single-use credential value to the command message (paragraph [0030]: TOTP generator 124 may be configured to automatically add a TOTP (single-use credential value) to each access request (Command message));
the processor of the vehicle tracking device comparing the expected credential value to the single-use credential value attached to the command message (paragraph [0008]: determining, whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value)); and

the vehicle tracking device executing the command included in the command message only if the expected credential value matches the single-use credential value attached to the command message (paragraph [0008]: controlling access to the resource by the client application based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP).

Hergesheimer and Khanna et al are both considered to be analogous to the claimed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, if would have been obvious for one of ordinary skill m the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al. One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]). 

Hergesheimer in view of Khanna do not disclose:
generating a short message service command including a command to be executed by the vehicle tracking device 

	Chesnutt discloses:
generating a short message service command including a command to be executed by the vehicle tracking device (para 0046 “At the call center, the SMS command message is authenticated by one or more security-related functions, step 214, as described above. These security-related functions can include checking the origination address of the device that sent the SMS command message; i.e., mobile phone 22. It is also possible for the SMS command message from the trigger device to be encrypted; in which case, call center 20 will decrypt the incoming message according to one or more cryptographic methods known in the art. If call center 20 determines that the incoming SMS command message is from an authorized sender and has not been tampered with, then it can wirelessly forward the SMS command message to vehicle 12 over wireless carrier system 14, step 220.” Para 0047 “Once the SMS command message is received at vehicle 12, the vehicle can perform one or more security-related functions to authenticate the incoming message, step 224, as described above. If the SMS command message is deemed to be authentic, then telematics unit 30 or some other electronic component of vehicle 12 can compare the trigger device GPS information that was embedded or inserted into the SMS command message with vehicle GPS information representative of the current or past location of the vehicle, step 230. If the GPS information shows that mobile phone 22 is within a certain proximity of vehicle 12, say for example one mile, then telematics unit 30 can extract and initiate the remote engine start command that was also included in the SMS command message, step 232.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Hergesheimer in view of Khanna to include the generating a short message service command including a command to be executed by the vehicle tracking device, as taught by Chesnutt.
The motivation would be to send a utilized a verifiable message to include pertinent information to provide secure communication.


Hergesheimer and Khanna in view of Chesnutt et al teaches all of the features as outlined above. HK and C fails to teach, but Rougier teaches:
attaching a timestamp value to the command message, wherein the timestamp value corresponds to the first time value (paragraph [0037]: when a client connects, sends a command or attempts to register, it always embeds its own time stamp in the request headers);
a processor of the vehicle tracking device generating an expected credential value based at least in part on the shared key value and the timestamp value attached to the command message (paragraph [0037]: uses the connected client's time stamp as the basis for its TOTP computation. Paragraph [0055]: The block 300 generates a second TOTP (expected credential) from the authentication key (shared key) and a controller timestamp with the controller (block 312));
HK, C and Rougier are both considered to be analogous to the claimed invention because they are both teaching secure commumication and authentication. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of secure communications for vehicle tracking device with using time-based one-time password (TOTP) disclosed by HK and C with adding the timestamp as the basis for TOTP computation as disclosed by Rougier.
One of ordinary skill in the art would have been motivated to make these modifications in order to ensure the TOTP computation in the event an internet connection is unavailable (local time is not available), as suggested by Rougier (paragraph [0037]).

Regarding claim 15, HK, C and Rougier teaches all of the features with respect to claim 8, as outlined above.
Chesnutt teaches wherein the command included in the SMS command message causes the vehicle tracking device to perform one or more of: setting up cellular communications and  acquiring and transmitting its current GPS coordinates (para 0046 and 0047)

6. 	Claims 9-13 and 16 are rejected under 35 U.S.C 103 as being unpatentable over Hergesheimer (US PG-PUB No. 20180302228 A1) in view of Khanna et al (US PG-PUB No. 11283793 B2), and further in view of Chesnutt, and further in view of  and Hamlin et al (US PG-PUB No. 20190013945 A1).

Regarding claim 9, Hergesheimer teaches:
A method for providing secure communications between a backend server and a vehicle tracking device (Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device (vehicle tracking device) and external computing devices (server)), comprising:
generating a command message including a command to be executed by the vehicle tracking device (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110);
sending the command message from the backend server to the vehicle tracking device via a wireless communication network (paragraph [0042]: The customer server 432 can send authenticated outbound messages to one or more vehicle telematics devices 110. In paragraph [0002]: secure data communication of data (message) by wireless networks);
receiving the command message at the vehicle tracking device (paragraph [0027]: The vehicle telematics device 110 can also include one or more communication interfaces 220 capable of sending and receiving data (command message));

Hergesheimer fails to teach, but Khanna et al teaches:
generating a single-use credential value based at least in part on a shared key value and a first time value, wherein the single-use credential value is valid only during a first time window having a duration of X seconds, and wherein the first time value falls within the first time window (paragraph [0030]: generate TOTPs (Time-based One- Time Password - single-user/expected credential value) as a function of the shared secret (shared key) 132 and further as a function of a local time (time value) on the client device 110. In paragraph [0005]: TOTPs are only valid for a specific time window (e.g., a thirty second window));
a processor of the vehicle tracking device generating an expected credential value based at least in part on the shared key value and a second time value (paragraph [0008]: The instructions further cause the processor(s) to perform processing comprising generating a second TOTP(expected credential value) using a key (shared key) that has been configured for the username; In paragraph [0030]: generate TOTPs (both of single-use credential value and expected credential value) as a function of the shared secret 132 and further as a function of a local time (time value) on the client device 110);
the vehicle tracking device executing the command included in the command message (paragraph [0008]: controlling access to the resource by the client application (executing the command) based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP matches the second TOTP).
Hergesheimer and Khanna et al are both considered to be analogous to the claimed invention because they are both teaching a method of secure communications between a user device and a server. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the systems and methods for secure communications in vehicle telematics systems disclosed by Hergesheimer with adding the time-based one-time password (TOTP) method as disclosed by Khanna et al. 
One of ordinary skill in the art would have been motivated to make these modifications in order to secure user sessions in connection with authorization to access a protected resource during session created for a user of a client device as suggested by Khanna et al (paragraph [0003]).
	
Hergesheimer in view of Khanna do not disclose:
generating a short message service command including a command to be executed by the vehicle tracking device 

	Chesnutt discloses:
generating a short message service command including a command to be executed by the vehicle tracking device (para 0046 “At the call center, the SMS command message is authenticated by one or more security-related functions, step 214, as described above. These security-related functions can include checking the origination address of the device that sent the SMS command message; i.e., mobile phone 22. It is also possible for the SMS command message from the trigger device to be encrypted; in which case, call center 20 will decrypt the incoming message according to one or more cryptographic methods known in the art. If call center 20 determines that the incoming SMS command message is from an authorized sender and has not been tampered with, then it can wirelessly forward the SMS command message to vehicle 12 over wireless carrier system 14, step 220.” Para 0047 “Once the SMS command message is received at vehicle 12, the vehicle can perform one or more security-related functions to authenticate the incoming message, step 224, as described above. If the SMS command message is deemed to be authentic, then telematics unit 30 or some other electronic component of vehicle 12 can compare the trigger device GPS information that was embedded or inserted into the SMS command message with vehicle GPS information representative of the current or past location of the vehicle, step 230. If the GPS information shows that mobile phone 22 is within a certain proximity of vehicle 12, say for example one mile, then telematics unit 30 can extract and initiate the remote engine start command that was also included in the SMS command message, step 232.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Hergesheimer in view of Khanna to include the generating a short message service command including a command to be executed by the vehicle tracking device, as taught by Chesnutt.
The motivation would be to send a utilized a verifiable message to include pertinent information to provide secure communication.

Hergesheimer and Khanna and Chesnutt teaches all of the features as outlined above. HK fails to teach, but Hamlin et al teaches:
encrypting the command message using the single-use credential value as an encryption key (paragraph [0001]: The present disclosure generally relates to the field of encrypted communication of sensor data (command message) between access points in the Internet of Things, and more specifically to encryption of sensor data using session keys generated using time-based one-time passwords (single-use credential value));
the processor of the vehicle tracking device decrypting the command message using the expected credential value as a decryption key (paragraph [0011]: Upon receipt of the encrypted sensor data in embodiments of the present disclosure, the data evaluating device may use the identical session key (shared key of the expected credential value) to decrypt the sensor data (command message) and evaluate it);

HK, C and Hamlin et al are both considered to be analogous to the claimed mvention because they are in the same field of teaching a method for the generation of a time-based one- time password (TOTP) for session encryption. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the current TOTP method disclosed by HK and C with adding the encryption and decryption of the communication message disclosed by Hamlin et al.
One of ordinary skill in the art would have been motivated to make these modifications in order to ensure the communication data is protected during the data transmission, as suggested by Hamlin et al (paragraph [0010)]).

Regarding claim 10, Hergesheimer, Khanna, Chestnutt and Hamlin et al, hereinafter HKH, teaches all of the features with respect to claim 9, as outlined above.
Hamlin et al further teaches wherein the processor of the vehicle tracking device is able to decrypt the sms  command message based on the expected credential value matching the single-use credential value attached to the sms command message (paragraph [0049]: the decryption performed at block 318 in an embodiment may only successfully decrypt the encrypted data received from the sending device if the session key generated by the receiving device (expected credential value) at block 316 matches identically the session key generated by the sending device (single- use credential value) at block 310).

Regarding claim 11, HK, C and H teaches all of the features with respect to claim 10, as outlined above.
Khanna et al further teaches wherein the expected credential value matches the single-use credential value based on the second time value falls within the first time window (paragraph [0008]: extracting a session cookie from the access request (command message), the session cookie comprising information identifying the session. determining, using the session cookie, whether the session is valid; Controlling access to the resource by the client application (executing the command) based upon outcomes of the determining whether the session is valid and the determining whether the first TOTP (single-use credential value) matches the second TOTP (expected credential value). In paragraph [0074]: The times used to generate the TOTPs also need to be synchronized. (first and second time value falls within the same time window)).

Regarding claim 12, HK, C and H teaches all of the features with respect to claim 9, as outlined above.
Khanna et al further teaches wherein the second time value corresponds to a time at which the sms command message is received at the vehicle tracking device (paragraph [0008]: receiving, during a session established for a username, an access request (Command message is received) from a client application, the access request identifying a resource (vehicle tracking device on this case) to be accessed, generating a second TOTP (include the time value)).

Regarding claim 13, HK, C and H teaches all of the features with respect to claim 12, as outlined above.
Khanna et al further teaches wherein the time at which the sms command message is received at the vehicle tracking device is determined based on reference to timing signals from Global Positioning System (GPS) satellites (paragraph [0004]: In addition to location information, a GPS receiver can also be configured to provide time data).

Regarding claim 14, HK, C and H  teaches all of the features with respect to claim 8, as outlined above.
Chesnutt teaches wherein the command included in the SMS command message causes the vehicle tracking device to perform one or more of: setting up cellular communications and  acquiring and transmitting its current GPS coordinates (para 0046 and 0047)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499