DETAILED ACTION
Notice of Pre-AlA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12-19-2025 has been entered.
The official correspondence below is a first action non-final on an RCE.
Response to Amendment
Amendments received 08-06-2025 have been considered by the examiner.
Claims 1, 5, 10, and 12-15 have been amended.
Claim 11 has been cancelled.
There are no new claims.
Claims 1-10 and 12-20 are currently pending.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1, 8-10, 12-13, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith (US 20150178999 A1) in view of Bruneel (US 20190378355 A1) and in further view of Spackman (US 8621645 B1).
REGARDING CLAIM 1, Smith discloses, storing, by each motor vehicle of the vehicle fleet, a predetermined parameter set (Smith: [0017] Device 102 may comprise trusted execution environment (TEE) 108 including, for example, privacy enforcement module (PEM) 110. TEE 108 may be a secure workspace in which known-good programs (e.g., PEM 110) may execute, confidential information may be stored in a secure manner, etc. In one example implementation, TEE 108 may employ Secure Enclave (SE) technology developed by the Intel Corporation. SE may provide a safe and hardware-encrypted computation and storage area inside of system memory, the contents of which cannot be deciphered by privileged code or even through the application of hardware probes to memory bus. When TEE 108 resides within an SE, embodiments consistent with the present disclosure make it impossible for an intruder to decipher the contents of TEE 108. [0018] For example, SE may be visualized as a virtual safe for protecting applications, data, etc. An application developer may specify the memory region that must be protected, which creates the safe. At this point there is a safe available, but nothing of value is stored inside. The application developer may then place code into the protected memory region and may initialize any necessary data. At this point the code and data have been placed inside of the safe, but nothing is secret yet as anyone may have observed what was placed into the safe because "the safe door" is still open. The application may then initialize the SE, which may be considered as the equivalent of closing and locking the door of the safe. From this point forward the enclave code may execute only inside of the safe and running code inside this enclave may generate secure keys (e.g., protected data). Protected data values cannot be observed outside of the SE, and thus, the code and data is inaccessible outside of the SE; [0025]), anonymizing the first dataset (Smith: [ABS] privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer) by a vehicle processor of the first motor vehicle (Smith: [ABS] privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer) based on the stored predetermined parameter set (Smith: [ABS] privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer; [0017] Device 102 may comprise trusted execution environment (TEE) 108 including, for example, privacy enforcement module (PEM) 110. TEE 108 may be a secure workspace in which known-good programs (e.g., PEM 110) may execute, confidential information may be stored in a secure manner, etc. In one example implementation, TEE 108 may employ Secure Enclave (SE) technology developed by the Intel Corporation. SE may provide a safe and hardware-encrypted computation and storage area inside of system memory, the contents of which cannot be deciphered by privileged code or even through the application of hardware probes to memory bus. When TEE 108 resides within an SE, embodiments consistent with the present disclosure make it impossible for an intruder to decipher the contents of TEE 108. [0018] For example, SE may be visualized as a virtual safe for protecting applications, data, etc. An application developer may specify the memory region that must be protected, which creates the safe. At this point there is a safe available, but nothing of value is stored inside. The application developer may then place code into the protected memory region and may initialize any necessary data. At this point the code and data have been placed inside of the safe, but nothing is secret yet as anyone may have observed what was placed into the safe because "the safe door" is still open. The application may then initialize the SE, which may be considered as the equivalent of closing and locking the door of the safe. From this point forward the enclave code may execute only inside of the safe and running code inside this enclave may generate secure keys (e.g., protected data). Protected data values cannot be observed outside of the SE, and thus, the code and data is inaccessible outside of the SE; [0025]); communicating the anonymized first dataset to the server system by the vehicle processor (Smith: [0033] at least a portion of the operational data may be altered or removed (e.g., by a PEM operating in the device) based on the privacy settings. The filtered data may be transmitted in operation 412 (e.g., to at least one data consumer)).
Smith discloses a backend server and privacy settings. Smith does not explicitly disclose, settings, sent by a server system, the server system being remote from the motor vehicle; generating a first dataset by a first motor vehicle of the vehicle fleet; determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset; selectively generating an updated parameter set based on the determined degree of anonymization; transmitting the updated parameter set to the vehicle processor by the server system; transmitting the updated parameter set to one or more other motor vehicles of the vehicle fleet; replacing, by the first motor vehicle and the one or more other motor vehicles, the stored predetermined parameter set with the updated parameter set; and using, by the first motor vehicle and the one or more other motor vehicles of the vehicle fleet, the adapted updated parameter set for anonymizing one or more second data sets, until a further updated parameter set is received.
However, in the same field of endeavor, Bruneel discloses, sent by a server system (Bruneel: [0035] bus interface connectors and/or modems. One or more VSMs 28 may periodically or occasionally have their software or firmware updated and, in some embodiments, such vehicle updates may be over the air (OTA) updates that are received from a computer 78 or remote facility 80 via land network 76 and communications device 30. In one embodiment, the OTA updates (or other software/firmware updates) can be particular to the vehicle electronics configuration type of the vehicle 12 and, when installed, can cause the VSM to operate according to instructions received at the vehicle in a vehicle-specific sensor configuration request, as discussed more below; [0074] These vehicle-specific sensor configuration requests can be generated and/or obtained based on a non-vehicle-specific sensor configuration request that is received from servers system 130 and/or on information stored in databases 120; [0080] the vehicle request handling application 138 can be used to generate (or otherwise obtain) one or more non-vehicle-specific sensor configuration signals, which can then be sent to the vehicle backend services server system 110), the server system being remote from the motor vehicle (Bruneel: [0035] bus interface connectors and/or modems. One or more VSMs 28 may periodically or occasionally have their software or firmware updated and, in some embodiments, such vehicle updates may be over the air (OTA) updates that are received from a computer 78 or remote facility 80 via land network 76 and communications device 30. In one embodiment, the OTA updates (or other software/firmware updates) can be particular to the vehicle electronics configuration type of the vehicle 12 and, when installed, can cause the VSM to operate according to instructions received at the vehicle in a vehicle-specific sensor configuration request, as discussed more below; [0074] These vehicle-specific sensor configuration requests can be generated and/or obtained based on a non-vehicle-specific sensor configuration request that is received from servers system 130 and/or on information stored in databases 120; [0080] the vehicle request handling application 138 can be used to generate (or otherwise obtain) one or more non-vehicle-specific sensor configuration signals, which can then be sent to the vehicle backend services server system 111); generating a first dataset by a first motor vehicle of the vehicle fleet (Bruneel: [0022] According to various embodiments, this method may further include any one of the following features or any technically-feasible combination of some or all of these features: [0023] each of the one or more vehicles are configured to: receive at least one of the vehicle-specific sensor configuration requests; compile vehicle sensor data from one or more onboard vehicle sensors in response to receiving the at least one vehicle-specific sensor configuration request and based on the at least one vehicle-specific sensor configuration request; and send the compiled vehicle sensor data to a remote computer or remote facility; and/or [0024] the vehicle request handling application, when executed by the processor of the first server, further causes the first server to: evaluate the vehicle sensor data request in conjunction with a plurality of active vehicle sensor configuration settings regarding the set of vehicles, wherein the vehicle sensor configuration settings indicate current settings of the one or more onboard vehicle sensors; and determine redundancies in the vehicle sensor data request with respect to the active vehicle sensor configuration settings and based on the evaluating step; wherein the non-vehicle-specific sensor configuration request is generated based at least partially on the determined redundancies in the vehicle sensor data request; [0033] Communications system 10 generally includes a first vehicle 12 with a wireless communications device 30 and other VSMs 22-56, a second vehicle 14, a third vehicle 16, a roadside unit (RSU) 18, a constellation of global navigation satellite system (GNSS) satellites 60, one or more wireless carrier systems 70, a land communications network 76, a computer or server 78, and a vehicle backend services facility 80; [0066] a fleet of vehicles (including the vehicles 12, 14, and 16); [0099] in a scenario where vehicle 12 is of a vehicle electronics configuration type A and vehicles 14,16 are of a vehicle electronics configuration type B, a first vehicle-specific sensor configuration request is sent to vehicle 12 and a second vehicle-specific sensor configuration request is sent to vehicle 14 and to vehicle 16. The first vehicle-specific sensor configuration request can thus be formatted or configured in a way that is particularly tailored for vehicles of vehicle electronics configuration type A, such as vehicle 12; likewise, the vehicle-specific sensor configuration request can thus be formatted or configured in a way that is particularly tailored for vehicles of vehicle electronics configuration type B, such as vehicle 14 and vehicle 16. In one embodiment, the vehicle-specific sensor configuration requests can include a vehicle electronics configuration script that, when executed by a processing device of the vehicle, causes the vehicle electronics to operate according to the vehicle sensor data request options (or the modified vehicle sensor data request options) that were included in the vehicle sensor data request (or the modified vehicle sensor data request) and/or according to the non-vehicle-specific sensor configuration request); determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset (Bruneel: [0010] the vehicle backend services server system includes a computer program that is configured to carry out the step of generating the one or more vehicle-specific sensor configuration requests and wherein the vehicle data request system includes a separate computer program that is configured to carry out the steps of receiving the vehicle sensor data request and generating the non-vehicle-specific sensor configuration request; [0011] determining whether the vehicle sensor data request complies with a data privacy governance rule-set; and denying the vehicle sensor data request when it is determined that the vehicle sensor data request does not comply with a data privacy governance rule-set; [0083] vehicle sensor data source such that the obtainment of the vehicle sensor data is dependent on whether the vehicle condition is satisfied; [0090] The data privacy governance rule-set (examiner: pre-set anonymization rules) can include a plurality of rules that can be applied to a vehicle sensor data request so as to indicate whether the vehicle sensor data request complies with certain data privacy rules ... the vehicle sensor data request may request information pertaining to the vehicle's location, as well as information pertaining to the user's identity, such as name and home address. The data privacy governance rule-set can include a rule that evaluates whether the requested information includes the combination of vehicle location and certain user identity fields (e.g., name, home address) and, in such a scenario, the rule, when applied to the vehicle sensor data request, results in a determination that the vehicle sensor data request does not comply with the data privacy governance rule-set); selectively generating an updated parameter set (Bruneel: [0016] modified vehicle sensor data request options are included in the non-vehicle-specific sensor configuration request, and wherein the modified vehicle sensor data request options are based on the determined redundancies in the vehicle sensor data request; [0017] the vehicle sensor data request specifies a particular time period for when the configuration of the one or more vehicles is to be effected; [0018] each of the one or more vehicles are further configured to modify operation of at least one of the one or more onboard vehicle sensors in response to the at least one vehicle-specific sensor configuration request; [0107] the vehicle may modify settings or operations of one or more onboard vehicle sensors pursuant to the vehicle-specific sensor configuration request, such as by changing time(s) when the sensor operates to sense data, the frequency of data sensing, and/or other sensor settings. The method 500 then ends) based on the determined degree of anonymization (Bruneel: [0011] determining whether the vehicle sensor data request complies with a data privacy governance rule-set; and denying the vehicle sensor data request when it is determined that the vehicle sensor data request does not comply with a data privacy governance rule-set; [0012] notifying the vehicle data requestor of the denial or approval of the vehicle sensor data request); transmitting the updated parameter set to the vehicle processor by the server system (Bruneel: [0107] the vehicle may modify settings or operations of one or more onboard vehicle sensors pursuant to the vehicle-specific sensor configuration request, such as by changing time(s) when the sensor operates to sense data, the frequency of data sensing, and/or other sensor settings. The method 500 then ends); transmitting the updated parameter set to one or more other motor vehicles of the vehicle fleet (Bruneel: [ABS] generating one or more vehicle-specific sensor configuration requests based on the non-vehicle-specific sensor configuration request, wherein each of the one or more vehicle-specific sensor configuration requests is associated with a particular vehicle electronics configuration type; and sending each of the one or more vehicle-specific sensor configuration requests to one or more vehicles of the set of vehicles based on the associated particular vehicle electronics configuration type); replacing, by the first motor vehicle and the one or more other motor vehicles, the stored predetermined parameter set with the updated parameter set (Bruneel: [0090] In step 330, it is determined whether the sensor data request complies with a data privacy governance rule-set. The data privacy governance rule-set can include a plurality of rules that can be applied to a vehicle sensor data request so as to indicate whether the vehicle sensor data request complies with certain data privacy rules. For example, the data privacy rules may not permit certain personal identifying information to be accessed or known to the vehicle sensor data requestors (or other entity) and, in such a case, the requested sensor data of the vehicle sensor data request can be evaluated in light of such rules (or data privacy governance rule-set) to determine whether the particular vehicle sensor data request complies with certain data privacy rules. In one scenario, the vehicle sensor data request may request information pertaining to the vehicle's location, as well as information pertaining to the user's identity, such as name and home address. The data privacy governance rule-set can include a rule that evaluates whether the requested information includes the combination of vehicle location and certain user identity fields (e.g., name, home address) and, in such a scenario, the rule, when applied to the vehicle sensor data request, results in a determination that the vehicle sensor data request does not comply with the data privacy governance rule-set. Moreover, the vehicle sensor data request can be modified in response to the evaluation of the vehicle sensor data request and this modified request can be referred to as data privacy-modified vehicle sensor data request. In such a case, the modified vehicle sensor data request can include data privacy-modified vehicle sensor data request options that are the same as the original vehicle sensor data request options with the exception that the modified vehicle sensor data request options do not include one or more data types, data sources, and/or vehicle conditions that are a basis for determining noncompliance of at least a portion of the vehicle sensor data request based on the data privacy governance rule-set. Once it is determined whether the vehicle sensor data request complies with the data privacy governance rule-set, the method 300 continues to step 340. [0091] It should be appreciated that steps 320 and 330 can be carried out in a different order than that which is illustrated in FIG. 3. In one embodiment, step 330 is carried out after step 320 and, in this case, the data privacy governance rule-set may be applied only to the modified vehicle sensor data request options that are obtained as a result of step 320. Additionally, or alternatively, step 320 can be carried out (e.g., again) after step 330 so that an impact metric can be determined for the data privacy-modified vehicle sensor data request options that are a result of step; [see all of 0090-0094 for implementing modified privacy parameters]); and using, by the first motor vehicle and the one or more other motor vehicles of the vehicle fleet, the updated parameter set for anonymizing one or more second data sets, until a further updated parameter set is received (Bruneel: [0011]; [0090]), for the benefit of providing secure vehicular data management with enhanced privacy.
In considering the disclosure of a reference, it is proper to take into account not only specific teachings of the reference but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In this case, Bruneel does not explicitly recite the terminology "replacing" a stored parameter. However, Bruneel discloses modified parameters replacing previous settings. Which, implies or suggest replacing previously stored instructions.
Further, Bruneel does not explicitly recite the terminology "using until a further updated parameter set is received". However, the method disclosed by Bruneel discloses a vehicle operating according to received parameters until a modification is received.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Smith to include a data privacy check/confirmation taught by Bruneel. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide secure vehicular data management with enhanced privacy.
The examiner submits, Smith, as modified, discloses, determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset (see Bruneel above [0010-0011, [0083-0090]).
However, should it be found that Smith, as modified, fails to disclose, determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset, in the same field of endeavor, Spackman discloses, “the vehicle computing apparatus 14 determines whether the privacy level exceeds a threshold privacy level indicating at least a portion of the content is private and requires modification or suppression. Based on the privacy information, the vehicle computing apparatus 14 can determine a privacy level associated with the content. In one example, a privacy level is assigned by the vehicle computing apparatus 14 to the request based on the treatment included in the identified privacy information. In this example, each treatment is associated with a privacy level. Accordingly, privacy levels can be used to indicate that content is at least partially private, available or not available to only certain specified individual(s) or categories of individuals, and/or available in a modified form with private information filtered, modified, removed, or anonymized, for example (Col. 6, Ln. 43-57); network-accessible device can be a remote corporate server accessible by a wireless network connection using the network interface (Col. 8, Ln. 7-9)”, for the benefit of determining if requested content requires modification or suppression.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by a modified Smith to include server determinations taught by Spackman. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to determine if requested content requires modification or suppression.
REGARDING CLAIM 8, Smith, as modified, remains as applied above to claim 1, and further, Bruneel also discloses, the predetermined parameter set comprises a delay period and the anonymized first dataset is communicated to the server system delayed in time according to the delay period by means of the vehicle processor (Bruneel: [0089]).
REGARDING CLAIM 9, Smith, as modified, remains as applied above to claim 1, and further, Bruneel also discloses, a group size is determined by the server system based on the anonymized first dataset, which corresponds to a number of motor vehicles, to which the anonymized dataset may be related, and the degree of anonymization is determined depending on the group size (Bruneel: [0094]).
REGARDING CLAIM 10, Smith, as modified, remains as applied above to claim 1, and further, Smith also discloses, a second dataset is generated by the first motor vehicle and the second dataset is anonymized (Smith: [FIG. 4(410)]) by the vehicle processor based on the adapted parameter set.
Smith does not explicitly disclose, the anonymized second dataset is communicated to the server system by the vehicle computing processor.
However, in the same field of endeavor, Bruneel discloses, (Bruneel: [0099]), for the benefit of providing secure vehicular data management with enhanced privacy.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Smith to include an updated data package taught by Bruneel. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide secure vehicular data management with enhanced privacy.
REGARDING CLAIM 12, Smith, as modified, remains as applied above to claim 1, and further, Bruneel also discloses, a further dataset is generated by each other motor vehicle of the motor vehicle fleet and the respective further dataset is anonymized by the respective further vehicle processor based on the adapted parameter set; and the respective anonymized further dataset is communicated to the server system by the respective further vehicle processor (Bruneel: [0099]).
REGARDING CLAIM 13, Smith discloses, a server system for providing data, the server system comprising at least one server processor, which is configured to obtain an anonymized first dataset from a first motor vehicle of the vehicle (Smith: [ABS]; [0037]).
Smith does not explicitly disclose, a fleet, wherein the at least one server processor is configured: to determine a degree of anonymization achieved by anonymization based on the anonymized first dataset; to selectively generate an updated parameter set for future anonymization based on the degree of anonymization; and to communicate the adapted parameter set to the first motor vehicle and one or more other motor vehicles of the vehicle fleet.
However, in the same field of endeavor, Bruneel discloses, a fleet (Bruneel: [0066]), wherein the at least one server processor is configured: to determine a degree of anonymization achieved by anonymization based on the anonymized first dataset (Bruneel: [0010]); to selectively generate an updated parameter set for future anonymization based on the degree of anonymization (Bruneel: [see all of 0090-0094 for implementing modified privacy parameters]); and to communicate the adapted parameter set to the first motor vehicle and one or more other motor vehicles of the vehicle fleet (Bruneel: [0107]), for the benefit of providing secure vehicular data management with enhanced privacy.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Smith to include a data privacy check/confirmation taught by Bruneel. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide secure vehicular data management with enhanced privacy.
The examiner submits, Smith, as modified, discloses, determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset (see Bruneel above [0010-0011, [0083-0090]).
However, should it be found that Smith, as modified, fails to disclose, determining, by the server system, a degree of anonymization achieved by the anonymizing of the anonymized first dataset, in the same field of endeavor, Spackman discloses, “the vehicle computing apparatus 14 determines whether the privacy level exceeds a threshold privacy level indicating at least a portion of the content is private and requires modification or suppression. Based on the privacy information, the vehicle computing apparatus 14 can determine a privacy level associated with the content. In one example, a privacy level is assigned by the vehicle computing apparatus 14 to the request based on the treatment included in the identified privacy information. In this example, each treatment is associated with a privacy level. Accordingly, privacy levels can be used to indicate that content is at least partially private, available or not available to only certain specified individual(s) or categories of individuals, and/or available in a modified form with private information filtered, modified, removed, or anonymized, for example (Col. 6, Ln. 43-57); network-accessible device can be a remote corporate server accessible by a wireless network connection using the network interface (Col. 8, Ln. 7-9)”, for the benefit of determining if requested content requires modification or suppression.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by a modified Smith to include server determinations taught by Spackman. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to determine if requested content requires modification or suppression.
REGARDING CLAIM 15, Smith, as modified, remains as applied above to claim 13, and further, Smith also discloses, store a predetermined parameter set (Smith: [FIG. 4(410)]; [0017-0018]; [0025]), to anonymize a first dataset generated by the first motor vehicle (Smith: [ABS]), based on the predetermined parameter set to generate the anonymized first dataset (Smith: [ABS]; [0017-0018]; [0025]); to communicate the anonymized first dataset to the server system (Smith: [0033]).
Smith does not explicitly disclose, received from the server system; to receive an updated parameter set from the server system; to replace the stored predetermined parameter set with the updated parameter set; and to use the adapted parameter set for anonymizing at least a second data set, generated by the first motor vehicle, until a further adapted parameter set is received.
However, in the same field of endeavor, Bruneel discloses, received from the server system (Bruneel: [0035]; [0074]; [0080]); to receive an updated parameter set from the server system (Bruneel: [see all of 0090-0094 for implementing modified privacy parameters]); to replace the stored predetermined parameter set with the updated parameter set (Bruneel: [see all of 0090-0094 for implementing modified privacy parameters]); and to use the adapted parameter set for anonymizing at least a second data set, generated by the first motor vehicle, until a further adapted parameter set is received (Bruneel: [0011]; [0090]), for the benefit of providing secure vehicular data management with enhanced privacy.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Smith to include a data privacy check/confirmation taught by Bruneel. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide secure vehicular data management with enhanced privacy.
Claim(s) 2-7, 14, and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith (US 20150178999 A1) in view of Bruneel (US 20190378355 A1) and in further view of Spackman (US 8621645 B1) as applied to claims 1 and 13 above, and further in view of Stinner (US 20210258776 A1).
REGARDING CLAIM 2, Smith, as modified, remains as applied above to claim 1, and further, Smith, as modified, discloses filtering and removing data for preservation of privacy (Spackman: (Col. 6, Ln. 43-57), (Col. 8, Ln. 7-9)).
However, should it be found Smith, as modified, does not explicitly disclose, user related data is communicated to the server system together with the anonymized first dataset by the vehicle processor; and the communicated user related data is deleted by the server system, in the same field of endeavor, Stinner discloses, user related data is communicated to the server system together with the anonymized first dataset by the vehicle processor; and the communicated user related data is deleted by the server system (Stinner: [0024]), for the benefit of providing increased privacy after data communications.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by a modified Smith to removal of identifying information after transfer taught by Stinner. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide increased privacy after data communications.
REGARDING CLAIM 3, Smith, as modified, remains as applied above to claim 2, and further, Stinner also discloses, the user related data comprises one or more of: an IP address of the vehicle processor, and an identifier associated with the vehicle processor (Stinner: [0024]).
REGARDING CLAIM 4, Smith, as modified, remains as applied above to claim 2, and further, Smith also discloses, the user related data (Smith: [ABS]) and the anonymized first dataset (Smith: [0010]) are communicated to a first server processing circuit of the server system by the vehicle processor (Smith: [FIG. 4(412)]).
Smith, as modified, does not explicitly disclose, the communicated user related data is deleted by the first server processing circuit (Stinner: [0024]); and the anonymized first dataset is communicated to a second server processing circuit of the server system by the first server processing circuit (Stinner: [0043]), for the benefit of providing increased privacy after data communications.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by a modified Smith to include removal of identifying information after a first data transfer taught by Stinner. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide increased privacy after data communications.
REGARDING CLAIM 5, Smith, as modified, remain as applied above to claim 4, and further, Bruneel also discloses, the degree of anonymization is determined by the second server processing circuit; and the adapted parameter set is generated by the second server processing circuit and communicated to the vehicle processor (Bruneel: [0010-0011]; [0089]).
To the examiners best understanding, the limitations of claim 5 are duplicative of limitations of claim 1. The duplication of essential steps/parts is typically considered well within the scope of customary practices for one of ordinary skill, and does not provide or involve an inventive step in the absence of an unanticipated result, resulting in an improvement.
REGARDING CLAIM 6, Smith, as modified, remains as applied above to claim 2, and further, Smith also discloses, the anonymized first dataset (Smith: [0010]) is encrypted by the vehicle processor before communication thereof to the server system (Smith: [0017]); and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data (Smith: [FIG. 2]; [FIG. 4(410)(412)]; [0010]; [0016]).
Smith does not explicitly recite the terminology, the anonymized first dataset is encrypted by the vehicle processor before communication thereof to the server system; and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data. However, Smith discloses, filtering data (deleting, [0010]), encrypting data before transmission ([0017] and [FIG. 2 and 4]), and transmitting it to a user server ([0010] and [FIG. 4]). Which, is “the anonymized first dataset is encrypted by the vehicle processor before communication thereof to the server system; and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data”.
REGARDING CLAIM 7, Smith, as modified, remains as applied above to claim 6, and further, Smith also discloses, before decryption, a success of deletion of the user related data is examined by the server system (Smith: [0010]); and the decryption is performed depending on a result of the examination (Smith: [0010]; [0016-0017]; [FIG. 2 and 4]).
REGARDING CLAIM 14, Smith, as modified, remains as applied above to claim 13, and further, Stinner also discloses, the at least one server processor comprises a first server processing circuit and a second server processing circuit (Stinner: [0024]; [0043]); the first server processing circuit is configured to obtain user related data from the first motor vehicle together with the anonymized first dataset, to delete the communicated user related data and to communicate the anonymized first dataset to the second server processing circuit (Stinner: [0024]; [0043]).
REGARDING CLAIM 16, Smith, as modified, remains as applied above to claim 3, and further, Smith also discloses, the user related data and the anonymized first dataset are communicated to a first server processing circuit of the server system by the vehicle processor (Smith: [0016]).
Smith, as modified, does not explicitly disclose, the communicated user related data is deleted by the first server processing circuit; and the anonymized first dataset is communicated to a second server processing circuit of the server system by the first server processing circuit.
However, in the same field of endeavor, Stinner discloses, the communicated user related data is deleted by the first server processing circuit; and the anonymized first dataset is communicated to a second server processing circuit of the server system by the first server processing circuit (Stinner: [0024]; [0043]), for the benefit of providing increased privacy after data communications.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by a modified Smith to include removal of identifying information after a first data transfer taught by Stinner. One of ordinary skill in the art would have been motivated to make this modification, with a reasonable expectation of success, in order to provide increased privacy after data communications.
REGARDING CLAIM 17, Smith, as modified, remains as applied above to claim 16, and further, Bruneel also discloses, the degree of anonymization is determined by the second server processing circuit; and the adapted parameter set is generated by the second server processing circuit and communicated to the vehicle processor (Bruneel: [0010-0011]; [0089]).
To the examiners best understanding, the limitations of claims 5 and 17 are duplicative of limitations of claim 1. The duplication of essential steps/parts is typically considered well within the scope of customary practices for one of ordinary skill, and does not provide or involve an inventive step in the absence of an unanticipated result, resulting in an improvement.
REGARDING CLAIM 18, Smith, as modified, remains as applied above to claim 3, and further, Smith also discloses, the anonymized first dataset is encrypted by the vehicle processor before communication thereof to the server system; and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data (Smith: [0010]; [0016-0017]; [FIG. 2 and 4]).
REGARDING CLAIM 19, Smith, as modified, remains as applied above to claim 4, and further, Smith also discloses, the anonymized first dataset is encrypted by the vehicle processor before communication thereof to the server system; and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data (Smith: [0010]; [0016-0017]; [FIG. 2 and 4]).
REGARDING CLAIM 20, Smith, as modified, remains as applied above to claim 5, and further, Smith also discloses, the anonymized first dataset is encrypted by the vehicle processor before communication thereof to the server system; and the encrypted anonymized first dataset is decrypted by the server system after deleting the user related data (Smith: [0010]; [0016-0017]; [FIG. 2 and 4]).
Response to Arguments
Applicant's arguments filed 12-19-2025, and beginning on page 8, have been fully considered but they are not persuasive. To the examiner’s best understanding, the applicant has provided amendments emphasizing updating settings, from a server, for a fleet of vehicles. As cited above, Bruneel (US 20190378355 A1) discloses updating settings ([see all of 0090-0094 for implementing modified privacy parameters]), from a server ([0035], [0074], [0080]), and a fleet ([0066]).
Because the prior art of Smith, as modified, discloses that which is claimed, the examiner respectfully maintains the rejection of the independent claims under 35 USC §103, obviousness.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Jebara (US 20160292455 A1)
Nakagawa (US 20150304331 A1)
Farmer (US 20030130893 A1)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AARRON SANTOS whose telephone number is (571)272-5288. The examiner can normally be reached Monday - Friday: 8:00am - 4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ANGELA ORTIZ can be reached at (571) 272-1206. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.S./Examiner, Art Unit 3663
/ANGELA Y ORTIZ/Supervisory Patent Examiner, Art Unit 3663