SECURING COMMUNICATION REQUESTS FROM A VEHICLE COMMUNICATION INTERFACE TO A VEHICLE

§101 §103 §112

8Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55. Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/15/2024 is being considered by the examiner. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification (MPEP 608.01, ¶6.31). Claim Objections Claims 4, 8-9, and 13 are objected to because of the following informalities: Claims 4 and 13 recite “detecting the diagnostic tool not connected to the VCI device”, which likely should be “detecting that the diagnostic tool is not connected to the VCI device” for proper grammar. Claims 8-9 recite “the request to store the encrypted ECU key” and “the request to store the secure access protocol”. It would improve clarity to differentiate them further (e.g. first request and second request), as it could potentially be confusing as to antecedent basis (one may mistake one request for the other). Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 5 recites “the diagnostic request”, whereas previous recitations recite “the unauthorized diagnostic request. It is unclear whether it is intended to be a different request (i.e. a different request after the device has been authorized] or referring to the previously recited unauthorized request. Thus, there is insufficient antecedent basis for the claimed feature. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea accomplishable by mental processes without significantly more. The claims recite the abstract idea of communicating, encryption and decryption, which is analogous to mental work with the aid of generic computer equipment as collecting, organizing and manipulating data. This judicial exception is not integrated into a practical application and the claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Step 1: Is the claim directed to a process, machine, manufacture, or composition of matter? Yes, The claims are directed to a device [machine], claims 1-12, and a method [process], claims 13-19. Step 2A; is the claim directed to a law of nature, a natural phenomenon, or an abstract idea? Yes, claims 1-19 are directed to the abstract idea of collecting, organizing and manipulating data. In essence, the independent claims recite a device and process of authentication based on encryption, wherein the specific steps refer to the order of operations; in other words, the transmission, processing, and manipulation of data and communications. Prong One; Is the claim directed to a law of nature, a natural phenomenon, or an abstract idea? Yes, as understood in their broadest reasonable interpretation, the independent claims are directed to the abstract idea of collecting, organizing and manipulating data. In addition, the remaining claim limitations either work to develop the abstract idea further by identifying a specified order of operations or origin of messages, detailing the contents of messages, and associated permissions based on the message contents (encryption, authentication etc.), or to implement the idea onto generic computer components, such as the ECU or a security circuit [which, as claimed, merely involves a generically recited memory]. The recited abstract idea is not integrated into a practical application. In particular, Claims 1-19 do not present any additional elements to integrate the idea into a practical application. Prong Two; Does the claim recite additional elements that integrate the judicial exception into a practical application? No, the elements are generically recited. In particular, elements of a vehicle controller and sensors merely use generically recited features as tools to perform the abstract idea. VCI is a well-known and generically recited piece of equipment in the field to interact with vehicles ECU is a well-known and generically recited piece of equipment in vehicles Processing circuitry is generically recited, and merely functions as a computer system (and detailed in the specification to serve as a controller for the computer system, e.g. paragraph 0085) Security circuit is only detailed to have a memory in the claims, which is generically recited and is accomplishable by generic computer equipment well known in the art Therefore, this abstract idea is not integrated into a practical application because there are no meaningful limits on practicing the abstract idea. Therefore, Claims 1-19 are directed to an abstract idea. Step 2B: Does the claim recite additional elements that amount to significantly more than the judicial exception? Claims 1-19 do not include additional elements that amount to significantly more than the judicial exception. For the same reasons as described above, with respect to integration of the abstract idea into a practical application, Claims 1-19 do not amount to significantly more than the judicial exception. Using similar reasoning to above, Claims 1-19 do not add any significant structure or elements that qualify as significantly more, and instead merely further detail/define aspects of the abstract idea, and thus do not further integrate the abstract idea into a practical application. Therefore, Claims 1-19 are not patent eligible under 35 U.S.C 101. Additionally, Claim 18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because a computer program [software per se] without structural limitations is ineligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1-3, 6-7, and 10-19 are rejected under 35 U.S.C. 103 as being unpatentable over Yasmin (EP3902012A1, see IDS). Regarding claim 1, Yasmin teaches; A vehicle communication interface (VCI) device (taught as a modular vehicle communication interface, paragraph 0126), comprising: [[a security circuit]] comprising a secure memory (taught as an ECU with a memory, paragraph 0128, where the ECU stores pre-shared key information, paragraph 0180 and therefore indicates a component of memory used for decryption); and a processing circuitry (taught as a gateway, paragraph 0134) communicatively coupled to the security circuit; the processing circuitry configured to (example of the process shown in Fig 4a-b): receive a secure access protocol and an encrypted electronic control unit (ECU) key from a diagnostic tool (taught as the gateway encrypting a key and sending it to the ECU, paragraph 0180); send an unauthorized diagnostic request to a vehicle ECU (taught as the diagnostic apparatus sending a first PKI certificate to the gateway, paragraph 0161, where ‘unauthorized’ indicates the diagnostic apparatus’ public key has not been checked yet, paragraph 0162); receive a security challenge from the vehicle ECU in response to the unauthorized diagnostic request (taught as the gateway generating a first challenge, paragraph 0163); and in response to receiving the security challenge: request the security circuit to decrypt the encrypted ECU key into a decrypted ECU key and generate a security challenge response based on the decrypted ECU key and the secure access protocol (taught as the diagnostic apparatus signing the first challenge using a private key, paragraph 0165); and send the security challenge response to the vehicle ECU (taught as the diagnostic apparatus sending the third signature to the gateway, paragraph 0166). While Yasmin does not explicitly teach a distinct security circuit, the features taught in Yasmin’s interface gateway and ECU sufficiently accomplish the claimed limitations. Separating the specific functions associated with a security circuit as claimed from the features taught in Yasmin would be an obvious modification to provide redundancy. Regarding claim 2, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), wherein the security circuit is configured to: decrypt the encrypted ECU key based on the encrypted ECU key (taught as the diagnostic apparatus signing the first challenge via a private key, paragraph 0165, which indicates decryption being performed based on a shared/agreed encryption algorithm, e.g. paragraphs 0180-0181); and generate the security challenge response based on the decrypted ECU key and the secure access protocol (taught as signing the challenge with a third signature and sending it to the gateway, paragraphs 0165-0166). Regarding claim 3, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), wherein the processing circuitry is further configured to: receive a second security challenge from the vehicle ECU in response to sending the security challenge response to the vehicle ECU (taught as the gateway sending a third challenge to the diagnostic apparatus, paragraphs 0334-0335); and in response to the second security challenge indicating authorization of the VCI device (taught as the gateway receiving the signature from the diagnostic apparatus, paragraph 0336): send a second diagnostic request based on the first diagnostic request to the vehicle ECU (taught as the gateway, upon further confirmation, sending the element to the ECU for key confirmation, paragraph 0344). Regarding claim 6, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), wherein the processing circuitry is further configured to: receive a VCI device identification signature request from the diagnostic tool (taught as sending the first challenge to the diagnostic apparatus, paragraph 0164); and in response to receiving the VCI device identification signature request, request the security circuit to sign a VCI device identification for the VCI device based on a VCI endorsement key (taught as the diagnostic apparatus signing the certificate in a third signature, paragraph 0165). Regarding claim 7, Yasmin teaches; The VCI device of claim 6 (see claim 6 rejection), wherein the VCI device identification comprises a unique serial number of the VCI device (taught as the diagnostic request including the service identifier, paragraph 0138; while not explicitly a serial number, the service identifier serves as a way to label/identify a device and thus serves the same function as the serial number). Regarding claim 10, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), wherein the processing circuitry is configured to: receive the security challenge comprising a seed from the vehicle ECU in response to sending the unauthorized diagnostic request to the vehicle ECU (taught as the ECU generating random numbers [seeds] after receiving a request, paragraph 0240); and in response to receiving the security challenge, request the security circuit to generate the security challenge response based on the seed, the decrypted ECU key, and the secure access protocol (taught as the gateway, upon receiving a random number from the ECU, transmitting a response to generate a shared key, paragraph 0240). Regarding claim 11, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), wherein the processing circuitry is further configured to establish a communication session with the diagnostic tool connected to the VCI device (taught as a communications system between the gateway, the ECU, and the diagnostic apparatus, paragraph 0135); the processing circuitry configured to receive the secure access protocol and the encrypted ECU key in the communication session (taught as sending an encrypted shared key upon authentication, paragraph 0171, which occurs over the communications system, e.g. paragraph 0145). Regarding claim 12, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection), further comprising a vehicle connector [interpreted to be a port, based on the specification, paragraph 0004] configured to be connected to a vehicle communication port communicatively coupled to the vehicle ECU (taught as connecting to the vehicle via a port to implement a communication system, paragraph 0135); wherein: the processing circuitry is communicatively coupled to the vehicle connector (taught as the port is directly connected to a gateway, which connects to the diagnostic apparatus, paragraph 0135, indicating all communications between the gateway, diagnostic apparatus and ECU would occur through this communication system and OBD port); and the processing circuitry is configured to: send the diagnostic request through the vehicle connector to the vehicle ECU (taught as the diagnostic apparatus sending a first PKI certificate to the gateway, paragraph 0161, where ‘unauthorized’ indicates the diagnostic apparatus’ public key has not been checked yet, paragraph 0162); receive the security challenge through the vehicle connector from the vehicle ECU in response to the diagnostic request (taught as the gateway generating a first challenge, paragraph 0163); and send the security challenge response through the vehicle connector to the vehicle ECU (taught as the diagnostic apparatus sending the third signature to the gateway, paragraph 0166). Regarding claims 13-19, it has been determined that no further limitations exist apart from those previously addressed in claims 1-3, 6, and 10. Therefore, claims 13-19 are rejected under the same rationales as claims 1-3, 6, and 10, wherein; Claims 13 and 18-19 correspond to claim 1, Claims 14-15 correspond to claims 2-3, Claim 16 corresponds to claim 6, and Claim 17 corresponds to claim 10 respectively. Claim(s) 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Yasmin (EP3902012A1) as applied to claim 1 and further in view of Morselli (US20150348346A1). Regarding claim 4, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection). However, Yasmin does not explicitly teach;, wherein the processing circuitry is further configured to: detect if the diagnostic tool is not connected to the VCI device; and in response to detecting the diagnostic tool not connected to the VCI device: send the unauthorized diagnostic request to the vehicle ECU. Morselli teaches; detect if the diagnostic tool is not connected to the VCI device (taught as detecting when a device is disconnected, paragraph 0043); and in response to detecting the diagnostic tool not connected to the VCI device: send the unauthorized diagnostic request [examiner interprets this to indicate a device is forgotten and authentication has to be redone] to the vehicle ECU (taught as, when a device is disconnected, forgetting the system/automatically removing it, paragraph 0043, which means the authentication (unauthorized diagnostic request) would have to be performed again). It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to forget a device when disconnected as taught by Morselli in the system taught by Yasmin in order to improve security. As suggested by Morselli, such a system aids in preventing third parties from intercepting information being transferred (paragraph 0004). Regarding claim 5, Yasmin as modified by Morselli teaches; The VCI device of claim 4 (see claim 4 rejection). However, Yasmin does not explicitly teach; wherein the diagnostic request comprises a VCI device loss prevention command. Morselli teaches; wherein the diagnostic request comprises a VCI device loss prevention command (taught as, when a device is disconnected, forgetting the system/automatically removing it, paragraph 0043, which corresponds to the idea presented in the specification such that an action occurs upon detection relating to the loss, left behind, or disconnected state of the device in paragraph 0047). It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to forget a device when disconnected as taught by Morselli in the system taught by Yasmin in order to improve security. As suggested by Morselli, such a system aids in preventing third parties from intercepting information being transferred (paragraph 0004). Claim(s) 8 is rejected under 35 U.S.C. 103 as being unpatentable over Yasmin (EP3902012A1) as applied to claim 1 and further in view of Bardelski (US20180254903A1) Regarding claim 8, Yasmin teaches; The VCI device of claim 1 (see claim 1 rejection). However, Yasmin does not explicitly teach; wherein the processing circuitry is further configured to: receive a request from the diagnostic tool to store the encrypted ECU key; and in response to receiving the request to store the encrypted ECU key, store the encrypted ECU key in a memory accessible by the processing circuitry. Bardelski teaches; wherein the processing circuitry is further configured to: receive a request from the diagnostic tool to store the encrypted ECU key (taught as a verification process with a diagnostic tool and the ECU, paragraph 0006); and in response to receiving the request to store the encrypted ECU key, store the encrypted ECU key in a memory accessible by the processing circuitry (taught as, upon completion of a verification process, storing the offline [encryption] key by replacing an old key with a new one, e.g. paragraph 0006). It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allow the storage of a new key as taught by Bardelski in the system taught by Yasmin in order to improve security and usability. Such a system allows replacement keys to be generated and used. As suggested by Bardelski, as ECUs perform critical functions, they need to be secure to prevent access without authorization (paragraph 0002), and updating keys (such as after a breach, akin to changing a password) would enable for improved security in case of a security breach/concern. Allowable Subject Matter Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and to overcome the 101 rejection. The following is a statement of reasons for the indication of allowable subject matter: Claim 9 recites the idea of receiving a request to store the secure access memory, after receiving a request to store the encrypted ECU key. The use and storage of secure access protocols is well known in the art, for example, in Yasmin (paragraph 0129), Bardelski (paragraph 0026). This applies to general secure communications as well, such as https. However, it is not apparent that this storage of a secure access protocol occurs AFTER the storage of the encryption ECU key. It is normal that key generation, verification and exchange occurs according to a protocol, which would imply that the protocol is already stored. However, as presented in claim 9, this would occur AFTER the encryption ECU key has been stored. It would thus not make sense for the relevant prior art to perform a key verification/exchange according to a protocol before said protocol is stored. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. For further encryption/verification protocols ; US20230087521A1, US20170324558A1 For further vehicle diagnostic security; US20210075783A1 Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL ANFINRUD whose telephone number is (571)270-3401. The examiner can normally be reached M-F 9:30-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jelani Smith can be reached at (571)270-3969. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GABRIEL ANFINRUD/Examiner, Art Unit 3662 /JELANI A SMITH/Supervisory Patent Examiner, Art Unit 3662