VEHICLE AUTHENTICATION SYSTEM

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments, see pages 8-10, filed 10/23/2025, with respect to the rejection(s) of claim(s) 1-3 and 8 under 35 U.S.C. 102(a)(2) as being anticipated by LEE et al. (KR 102241775 B1) AND 4-7 and 9-14 under 35 U.S.C. 103 as being unpatentable over LEE et al. (KR 102241775 B1) in view of KIM et al. (WO 2020218627 A1) have been fully considered and are persuasive. Therefore, these rejection(s) have been partially withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art for the amended limitations, and combined with the prior art references already applied previously, given that they teach the limitations previously filed. LEE et al. (KR 102241775 B1) and KIM et al. (WO 2020218627 A1) are maintained given that they teach the claims as discussed below and that the claims do not further define what is contained within authentication data or unique information OR what device(s) perform user authentication, for instance. LEE et al. (KR 102241775 B1) and KIM et al. (WO 2020218627 A1) do not explicitly teach the amended limitation “thereafter perform the user authentication using the unique information of the user terminal”. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3 and 8 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by LEE et al. (KR 102241775 B1) – machine translation attached – hereinafter LEE ‘775) in view of LEE (US 9911255 B2 – hereinafter LEE ‘255) further in view of JEFFERIES et al. (US 8768565 B2). Re claim 1, LEE ‘775 discloses (abstract) a vehicle authentication system, comprising: a vehicle controller 21/22/23 configured to be installed in a vehicle 20 and to determine whether to allow the vehicle to be driven through user authentication; The dual security touch manipulation device 21 is provided with an internal memory, so that authentication information required for user authentication may be maintained. Here, the authentication information may include password information, pattern recognition information, biometric recognition information, and the like, but is not limited thereto. a user terminal 10 configured to generate authentication data related to the user authentication and to transmit the authentication data to the vehicle controller; and (see below) The user terminal 10 may generate a wireless encryption key and encrypt the first security data using the generated wireless encryption key (S760 to S770). The user terminal 10 may transmit the first vehicle remote control message including the encrypted first security data to the dual security touch manipulation device 21 through short-range wireless communication (S780). a security server 30 configured to generate a secret key (private key) and an encryption key (i.e. public key) for generating the authentication data, The wireless encryption key distribution server 30 is a session key generation module that generates a session key that requires secure wireless communication by using a storage unit 31 storing a unique key value for each device and a unique key value stored in the storage unit 31 (32), it may be configured to include a communication module 33 for performing communication with an external device. wherein the security server generates the secret key and the encryption key using unique information of at least any one of the vehicle controller or the user terminal. The wireless encryption key distribution server 30 transmits the communication request of the user terminal 10 to the dual security touch manipulation device 21 (S420), and then encrypted with a unique key (KEY 1) corresponding to the user terminal 10. The first session key is transmitted to the user terminal 10 (S430), and the second session key encrypted with a unique key (KEY 2) corresponding to the dual security touch manipulation device 21 is the dual security touch manipulation device 21 Can be transferred to. However, LEE ‘775 fails to explicitly disclose: share or temporarily take over authority to drive the vehicle from an owner of the vehicle; an owner terminal, which is carried by the owner of the vehicle, the owner terminal being configured to share the authority to drive the vehicle with the user terminal and to transmit a shared password to the user terminal and the security server; wherein the user terminal is configured to perform: sharer authentication by transmitting the unique information of the user terminal and the shared password to the security server. LEE ‘255 teaches (abstract) in a similar field of invention, a vehicle management system for vehicle sharing functions, wherein a user terminal 504 (FIG.5) is used to share or temporarily take over authority to drive the vehicle from an owner of the vehicle (c.1, l.46-67) and authority to drive the vehicle from an owner of the vehicle. Furthermore, LEE ‘255 teaches (c.12, l.32-53) that an owner terminal 502, which is carried by the owner of the vehicle, the owner terminal being configured to share the authority to drive the vehicle with the user terminal and to transmit a shared password (i.e. user information and tokens) to the user terminal and the security server 500 (FIG.5 – steps (3-4) send user information and approval token #1-2). Lastly, the user terminal is configured to perform: sharer authentication (by way of step (4) sending user information and approval token to a manager server 506/500) by transmitting the unique information of the user terminal and the shared password to the security server. (70) Once the contents and validity of the user information are checked, the manager 402 generates the approval token #1 through the mobile device 502, in operation 608. The approval token #1 generated by the mobile device 502 of the manager 402 is sent to the mobile device 504 of the user 404 (see (2) of FIG. 5). (71) Furthermore, the manager 402 generates the approval token #2 through the mobile device 504, in operation 612, and sends the approval token #2 to the checkout station 506 with the user information, in operation 614 (see (3) of FIG. 5). How to use the user information and approval token #2 in the checkout station 506 will be described in the following operation 620 in more detail. (72) Upon reception of the approval token #1 from the manager 402, the user 404 goes to the checkout station 506 installed at a location where the vehicle 100 is standing by and requests generation of an access key through the mobile device 504 of the user 404, in operation 616. Upon request of the user 404 for the access key, the user information and the approval token #1 are sent to the checkout station 506 from the mobile device 504 of the user 404, in operation 618 (see (4) of FIG. 5). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try the system of LEE ‘255 by modifying the function of lending a specific vehicle to another user by using a password in order to share such vehicle driving authority temporarily. However, LEE ‘775 as modified by LEE ‘255 fails to explicitly disclose: thereafter perform the user authentication using the unique information of the user terminal. JEFFERIES teaches (abstract) in a similar field of invention, a system and method for assigning vehicle for a temporary time period, by way of administrators using servers (FIG.9-11), including various functions such as performing user authentication between a user terminal (FIG.9 – steps 1012 and 1013) in combination with a vehicle controller (c.17, l.15-35) using unique information of user terminal (FIG.9, c.16, l.48-55 – i.e. data processed from customer ID or identifier including phone number or electronic serial number of such user terminal is used during processing and generation of access key), for the purpose of properly and securely determining an authorized user/user terminal within the operations of steps 1001-1011. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try performing user authentication after obtaining an access code/key which in turn authenticates a user carrying specific user terminal with a vehicle controller in order to securely allow a user to borrow a vehicle. Re claim 2, LEE ‘775 discloses the vehicle authentication system of claim 1, wherein the unique information is a unique ID of a processor built in the vehicle controller or in the user terminal. The wireless encryption key generation module 214 and the dual security touch manipulation device 21 may generate a hash-encrypted wireless encryption key based on vehicle identification information-for example, VIN-and a randomly generated salt value. Here, the GPS time may be used as a seed value of the salt value generation function so that the wireless encryption key generation module 214 and the dual security touch manipulation device 21 are synchronized to generate the same salt value. That is, the wireless encryption key generation module 214 and the dual security touch manipulation device 21 may generate the same wireless encryption key at the same GPS time through a predetermined control procedure. Re claim 3, LEE ‘775 discloses the vehicle authentication system of claim 1, wherein, when the user authentication is performed, the user terminal and the vehicle controller are connected through short-range wireless communication. The user terminal 10 may perform short-range wireless communication with the dual security touch manipulation device 21 of the vehicle 20. For example, short-range wireless communication may include Bluetooth communication, but this is only one embodiment, and Wi-Fi communication, NFC (Near Field Communication), UWB (Ultra Wideband) communication, and the like may be used. Re claim 8. LEE ‘775 discloses the vehicle authentication system of claim 1, wherein, when both the user terminal and vehicle controller are connected on-line such that they are capable of long-range wireless communication with the security server, the security server generates the secret key using both the unique information of the vehicle controller and the unique information of the user terminal and encrypts the secret key, and then transmits the secret key to the vehicle controller and the user terminal, respectively. The method of claim 6, The session key value is distributed to the user terminal and the device by a wireless encryption key distribution server connected to a mobile communication network. Claim(s) 4-7 and 9-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE et al. (KR 102241775 B1) in view of LEE (US 9911255 B2) and JEFFERIES et al. (US 8768565 B2) in view of KIM et al. (WO 2020218627 A1). Re claim 4, However, LEE ‘775 as modified by LEE ‘255 and JEFFERIES fails to explicitly disclose: the vehicle authentication system of claim 1, wherein, when the user terminal is connected on-line to enable long-range wireless communication with the security server and the vehicle controller is in an offline state where long-range wireless communication is not possible, the security server generates the secret key using the unique information of the vehicle controller and encrypts the secret key, and then transmits the secret key to the user terminal. KIM teaches (abstract) in a similar field of invention, the functions of using a user terminal 1 connected on-line to enable long-range wireless communication with a security server 2, when a direct on-line connection between vehicle controller and servers is not available, the terminal serves as a gateway so that the server uses vehicle information to generate server public key and server private key and transmits server public key to user terminal. In the mobile terminal-based relay mode, the vehicle device 3 does not support the telematics function, so the mobile terminal 1 serves as a gateway (G/W) of the vehicle device 3 and the management server 2. At this time, the mobile terminal 1 relays the vehicle device 3 to process the vehicle digital key registration through authentication of the management server 2. Referring to FIG. 5, the mobile terminal 1 logs in to the management server 2 by running a dedicated app (S500). At this time, you can log in by entering ID/PW, email, etc. After completing the login, the management server 2 inquires the owned vehicle information (S502). In this case, when there is no information on the owned vehicle, a process of confirming whether the vehicle is actually owned may be added. For example, processes such as email authentication and vehicle registration photo delivery are required. Thereafter, the management server 2 generates a server public key and a server private key (S502), and transmits the digital key non-registered vehicle information and the server public key to the mobile terminal 1 (S504). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try using the user terminal for direct communication for on-line functions, such as server key distribution in order to provide an auxiliary means for communication of vehicle and server. Re claim 5, LEE ‘775 discloses (see below) the vehicle authentication system of claim 4, wherein the security server generates the encryption key for encrypting the secret key by using the unique information of the user terminal. The wireless encryption key distribution server 30 is a session key generation module that generates a session key that requires secure wireless communication by using a storage unit 31 storing a unique key value for each device and a unique key value stored in the storage unit 31 (32), it may be configured to include a communication module 33 for performing communication with an external device. Referring to FIG. 4, the user terminal 10 may request communication with the dual security touch manipulation device 21 from the wireless encryption key distribution server 30 (S410). The wireless encryption key distribution server 30 transmits the communication request of the user terminal 10 to the dual security touch manipulation device 21 (S420), and then encrypted with a unique key (KEY 1) corresponding to the user terminal 10. The first session key is transmitted to the user terminal 10 (S430), and the second session key encrypted with a unique key (KEY 2) corresponding to the dual security touch manipulation device 21 is the dual security touch manipulation device 21 Can be transferred to. Re claim 6, However, LEE ‘775 as modified by LEE ‘255 and JEFFERIES fails to explicitly disclose: the vehicle authentication system of claim 5, wherein the user terminal: decrypts the received encrypted secret key using the unique information of the user terminal, generates random number data, and then generates the authentication data using the random number data and the secret key, and transmits the random number data and the authentication data to the vehicle controller. KIM teaches using user terminal decrypts received encrypted secret key using unique information generates number data and also transmits to a vehicle controller device. The vehicle device 3 encrypts the vehicle information with the terminal public key received from the mobile terminal 1 (S516). Vehicle information includes VIN (vehicle identification number), authentication controller information, vehicle public key, and the like. The vehicle device 3 transmits the encrypted vehicle information to the mobile terminal 1 (S518), and the mobile terminal 1 moves the encrypted vehicle information from the general area to the security area (S520). The mobile terminal 1 decrypts vehicle information with the terminal private key in the security area, then encrypts the vehicle information and terminal information with the server public key (S522), and transmits the encrypted vehicle information and terminal information to the general area (S524). The mobile terminal 1 transmits the encrypted vehicle information and terminal information in the general area to the management server 2 (S526), and the management server 2 decrypts the vehicle information and terminal information with the server private key and then decrypts the information. Save the (S528). Subsequently, the management server 2 generates a digital key, and encrypts the digital key with the public key transmitted from the vehicle device 3 and the mobile terminal 1, respectively (S530). For example, by encrypting the digital key using the vehicle public key in the vehicle information, an encrypted digital key for the vehicle is generated, and the digital key for the terminal is encrypted by encrypting the digital key using the terminal public key in the terminal information. Generate. The management server 2 transmits the encrypted vehicle and terminal digital keys to the mobile terminal 1 (S532), and the mobile terminal 1 transmits the terminal digital key encrypted with the terminal public key to the security area (S534). Then, the digital key for the terminal encrypted with the terminal private key in the security area is decrypted and stored (S536). Meanwhile, the mobile terminal 1 transmits the vehicle key encrypted with the vehicle public key to the vehicle device 3 (S538), and the vehicle device 3 decrypts the vehicle key with the vehicle private key and stores it (S540), and registers The completion message is transmitted to the mobile terminal 1 (S542). Then, the mobile terminal 1 transmits a registration completion message to the management server 2 (S544). It would have been obvious to use user terminal for decryption and transmit functions as taught by KIM, because the modification of LEE ‘775 as modified by LEE ‘255 and JEFFERIES to use a mobile terminal to perform decryption/encryption and communication functions would have constituted the mere arrangement of old elements with each performing the same function it had been known to perform, the combination yielding no more than one would expect from such an arrangement. Re claim 7, However, LEE ‘775 as modified by LEE ‘255 and JEFFERIES fails to explicitly disclose: the vehicle authentication system of claim 6, wherein the vehicle controller: independently generates the secret key using the unique information of the vehicle controller, generates verification data using the random number data received from the user terminal and the secret key, and completes the user authentication based on a result of comparison between the authentication data and the verification data. KIM also teaches functions such as vehicle controller device generating secret key using unique information and performing verification/authentication functions. The vehicle device 3 encrypts the vehicle information with the terminal public key received from the mobile terminal 1 (S516). Vehicle information includes VIN (vehicle identification number), authentication controller information, vehicle public key, and the like. The vehicle device 3 transmits the encrypted vehicle information to the mobile terminal 1 (S518), and the mobile terminal 1 moves the encrypted vehicle information from the general area to the security area (S520). The mobile terminal 1 decrypts vehicle information with the terminal private key in the security area, then encrypts the vehicle information and terminal information with the server public key (S522), and transmits the encrypted vehicle information and terminal information to the general area (S524). It would have been obvious to use a sensor made of using vehicle controller for functions as claimed, because the modification of LEE ‘775 as modified by LEE ‘255 and JEFFERIES to use vehicle controller and components for generating secret key and perform verification/authentication would have constituted the mere arrangement of old elements with each performing the same function it had been known to perform, the combination yielding no more than one would expect from such an arrangement. Re claim 9, LEE ‘775 suggests (FIG.4) the vehicle authentication system of claim 8, wherein the security server: generates a first encryption key (KEY 2) for encrypting the secret key using the unique information of the vehicle controller, and generates a second encryption key (KEY 1) for encrypting the secret key using the unique information of the user terminal. A person of ordinary skill in the art would have had good reason to pursue the known options of generating encryption keys for secret keys using unique information for a specific device. It would require no more than "ordinary skill and common sense," to use unique information (i.e. ID data) to encrypt each key. Re claim 10, LEE ‘775 suggests (FIG.4) the vehicle authentication system of claim 9, wherein the security server: transmits the secret key encrypted with the first encryption key to the vehicle controller, and transmits the secret key encrypted with the second encryption key to the user terminal. Re claim 11. However, LEE ‘775 as modified by LEE ‘255 and JEFFERIES fails to explicitly disclose: the vehicle authentication system of claim 10, wherein the user terminal: decrypts the received encrypted secret key using the unique information of the user terminal related to the second encryption key, generates random number data, and then generates the authentication data using the random number data and the secret key, and transmits the random number data and the authentication data to the vehicle controller. LEE ‘775 as modified by LEE ‘255 and JEFFERIES as modified by KIM’s teaching is applied for claim 6, given the similarity of functions claimed. Re claim 12. However, LEE ‘775 as modified by LEE ‘255 and JEFFERIES fails to explicitly disclose: the vehicle authentication system of claim 11, wherein the vehicle controller: decrypts the received encrypted secret key using the unique information of the vehicle controller related to the first encryption key, generates verification data using the random number data received from the user terminal and the secret key, and completes the user authentication based on a result of comparison between the authentication data and the verification data. LEE ‘775 as modified by LEE ‘255 and JEFFERIES as modified by KIM’s teaching is applied for claim 7, given the similarity of functions claimed. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLOS E GARCIA whose telephone number is (571)270-1354. The examiner can normally be reached M-Th 9-6pm F 9-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Zimmerman can be reached at (571) 272-3059. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. CARLOS E. GARCIA Primary Examiner Art Unit 2686 /Carlos Garcia/Primary Examiner, Art Unit 2686 11/10/2025