POLICY MANAGED VEHICLE OPERATION SYSTEMS AND METHODS

DETAILED ACTION Notice of AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The present application’s priority under Provisional US Application Number 63/027,792 is acknowledged. The present application’s status as a continuation of US Application 17/200,441 is acknowledged. Specification The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed. Examiner suggests mentioning subsystems and trusted certificates. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 16-30 are rejected under 35 U.S.C. 103 as being unpatentable over Poplawsky et al. (US 20190166494 A1) in view of Zhang et al. (US 20200211301 A1). Regarding claim 16, Poplawsky teach A method for managing at least one controlled operation (see at least [0035]: “activating air bags”) of a vehicle (see at least [0028]: “a vehicle”) performed by a vehicle control system (see at least FIG. 2: secure telematics system architecture) comprising a processor (see at least FIG. 2, [0040]: “the security controller 100 can include one or more secure processors”) and a non-transitory (see at least [0032]: “The storage memory 76 can also encompass one or more hard disks and/or removable memory, such as CD-ROMs.”) computer readable storage medium (see at least FIG. 2: storage memory 76-1) storing instructions (see at least [0032]: “The storage memory 76 can contain … program code”; [0029]: “The module 32 can be software comprised of executable program code”) that cause the vehicle control system to perform the method, the method comprising: accessing a vehicle operation management policy, the vehicle management policy indicating one or more vehicle subsystems (see at least [0035]: “an inflator system for activating air bags”) included in the vehicle associated with the at least one controlled operation and specifying one or more conditions (see at least [0093]: “When a sufficient vehicle impact is detected”; [0076]: “the random number received by the controller 100 in response from the application matches the number encrypted for challenge”; [0077]: “Certificates usually last until the expiration date. … an application that has been compromised, such as where its private key has been exposed, may be required to be revoked.”) associated with the at least one controlled operation; sending an information request (see at least [0076]: “The secure controller 100 can return a challenge request to the application that includes a random number encrypted with a public key.”) to at least one of the one or more vehicle subsystems indicated by the vehicle management policy; receiving subsystem information (see at least [0032]: “The subsystems can include a global positioning system (GPS) 70 that provides geographic or locational information associated with the vehicle”) and at least one first trusted certificate (see at least [0076]: “the certified application sends a service request with the certificate to the secure controller 100.”) from the at least one of the one or more vehicle subsystems, the at least one first trusted certificate comprising information relating to at least one characteristic (see at least [0015]: “The certificate can include certain properties and/or rights, such as: a unique identifier for the certificate owner, a priority level assigned to the application, duration of the certificate, geographic or other location where the certificate is deemed valid, the identification or description of other resources and/or entities with which the application must communicate to function properly”) of an associated subsystem; determining, based at least in part on the subsystem information (see at least [0042]: “This trusted … location information can be used to check against any location restrictions that might apply to certain resources in the vehicle.”) and the at least one first trusted certificate, whether the one or more conditions specified in the vehicle operation management policy have been satisfied (see at least [0093]: “When a sufficient vehicle impact is detected”; [0076]: “If the random number received by the controller 100 in response from the application matches the number encrypted for challenge then the service request is granted.”; [0077]: “The security controller 100 consults the CRL during its authentication process to ensure that the application has not been revoked.”); and controlling, in accordance with the determination, activation (see at least [0093]: “an air bag of the inflator system is activated or deployed”) of the at least one controlled operation of the vehicle. However, Poplawsky does not explicitly teach when executed by the processor. Zhang teach when executed by the processor (see at least [0084]: “The processing depicted in FIG. 7 may be implemented in software (e.g., code, instructions, program) executed by one or more processing units (e.g., processors, cores) of the respective systems”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Poplawsky to incorporate the teachings of Zhang to execute program code with a processor for use in ECU security. Doing so would “improve safety and security of hardware, firmware, and/or software of an autonomous vehicle”, as recognized by Zhang in paragraph [0005]. Regarding claim 17, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the at least one controlled operation comprises at least one of an autonomous operation (see at least [0093]: “When a sufficient vehicle impact is detected, an air bag of the inflator system is activated or deployed.”), a semi-autonomous operation, and a driver-assist operation. Regarding claim 18, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the method further comprises receiving the at least one vehicle operation management policy from a policy service (see at least [0053]: “a certificate authority (CA) that provide certificates for use in the secure telematics system 20.”) in communication with the vehicle control system. Regarding claim 19, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the one or more vehicle subsystems comprise at least one sensor (see at least [0032]: “The subsystems can include a global positioning system (GPS) 70 that provides geographic or locational information associated with the vehicle”) system. Regarding claim 20, the combination of Poplawsky and Zhang teach The method of claim 19. Poplawsky further teaches wherein the subsystem information comprises sensor information (see at least [0032]: “The subsystems can include a global positioning system (GPS) 70 that provides geographic or locational information associated with the vehicle”) generated by the at least one sensor system. Regarding claim 21, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the information relating to the at least one characteristic of the associated subsystem comprises at least one of subsystem identification information (see at least [0015]: “The certificate can include certain properties and/or rights, such as: a unique identifier for the certificate owner”), subsystem manufacturer information, subsystem model information, subsystem serial number information, and subsystem software version information. Regarding claim 22, the combination of Poplawsky and Zhang teach The method of claim 21. Poplawsky further teaches wherein the one or more conditions specified in the vehicle operation management policy comprise at least one condition (see at least [0044]: “Bus arbitration B the security controller 100 can provide arbitration between high priority and low priority activity on one or more buses located in the vehicle.”) relating to at least one characteristic (see at least [0015]: “The certificate can include certain properties and/or rights, such as: … a priority level assigned to the application”) of the associated subsystem. Regarding claim 23, the combination of Poplawsky and Zhang teach The method of claim 22. Poplawsky further teaches wherein the one or more conditions further specify at least one threshold (see at least [0044]: “Bus arbitration B the security controller 100 can provide arbitration between high priority and low priority activity on one or more buses located in the vehicle.”) associated with the received subsystem information. Regarding claim 24, the combination of Poplawsky and Zhang teach The method of claim 23. Poplawsky further teaches wherein determining whether the one or more conditions have been satisfied (see at least [0044]: “For example, when there is an emergency, the security controller 100 might halt all low priority activity”) comprises comparing the received subsystem information with the at least one threshold. Regarding claim 25, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the method further comprises verifying authenticity (see at least [0077]: “The CA can maintain a certificate revocation list (CRL) that can be embedded within the security controller 100. The security controller 100 consults the CRL during its authentication process to ensure that the application has not been revoked. Updating the CRL may be supported by including a requirement for additional third-party authentication within the certificate itself.”) of the at least one first trusted certificate with a trusted service provider system (see at least [0053]: “a certificate authority (CA) that provide certificates for use in the secure telematics system 20.”). Regarding claim 26, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the method further comprises receiving at least one cryptographic signature (see at least [0015]: “the certification process has the certificate authority being initialized with one or more signature keys associated with supporting desired security.”) associated with (see at least [0015]: “The certificate authority could also issue keys to an application developer that allows one or more applications to make certificate requests.”) the received subsystem information. Regarding claim 27, the combination of Poplawsky and Zhang teach The method of claim 26. Poplawsky further teaches wherein the method further comprises verifying that the at least one cryptographic signature was generated using a private key (see at least [0045]: “the security controller 100 requests that the application prove that it is the principal of the credential by presenting valid access information, such as performing a cryptographic operation using the associated private key.”) securely associated with the at least one subsystem. Regarding claim 28, the combination of Poplawsky and Zhang teach The method of claim 16. Poplawsky further teaches wherein the method further comprises receiving at least one second trusted certificate (see at least [0041]: “The security controller 100 may store user identification information in one or more of a number of forms including a personal identification number (PIN) smart card”; [0046]: “Multiple keys B the security controller 100 can also require more than one key or other security tool to be able to access one or more functions. More than one factor or requirement may be necessary to authenticate an application or a particular entity/user. For example, configuring the settings for a vehicle may require … a particular PIN or password entered through the human interface 40 (second factor). Additional factors may include time, location information, biometric information from the operator or user (fingerprint, voice print, facial print and the like)”) from a device associated with a driver of the vehicle. Regarding claim 29, the combination of Poplawsky and Zhang teach The method of claim 28. Poplawsky further teaches wherein the at least one second trusted certificate comprises an indication of an authority of the driver to engage (see at least [0041]: “[0046]: “Multiple keys B the security controller 100 can also require more than one key or other security tool to be able to access one or more functions. More than one factor or requirement may be necessary to authenticate an application or a particular entity/user. For example, configuring the settings for a vehicle may require … a particular PIN”) in the at least one controlled operation. Regarding claim 30, the combination of Poplawsky and Zhang teach The method of claim 28. Poplawsky further teaches wherein determining whether the one or more conditions specified in the vehicle operation management policy have been satisfied (see at least [0083] – [0085]: “the cellular phone 24 is available to send configuration information into the vehicle. This configuration information may include driver identification, … and use of other subsystems or devices located in the vehicle. Upon receiving the information, these can be adjusted under commands from the telematics control unit 80 or other vehicle-resident computing devices. Such an application may require the following steps: … Operator identification is entered, such as a “PIN”, biometric, smart card”) is further based, at least in part, on the at least one second trusted certificate. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Fox et al. (US 11558743 B2) teaches verifying device authenticity using public and private keys for autonomous vehicles (see [Abstract]). Kozlay (US 20110046845 A1) teaches detecting and reporting unauthorized wireless transmissions to vehicles (see paragraph [0024]). Tran (US 20180117447 A1) teaches controlling access rights to unlocking vehicle doors to particular user accounts using public and private keys (see paragraph [0268]). Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEORGE ALCORN whose telephone number is (571) 270-3763. The examiner can normally be reached M-F, 9:30 am – 6:30 pm est. Examiner Interview are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jelani Smith can be reached at (571) 270-3415. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GEORGE A ALCORN III/Examiner, Art Unit 3662 /JELANI A SMITH/Supervisory Patent Examiner, Art Unit 3662