Ex Parte Alrabady et alDownload PDFPatent Trial and Appeal BoardMar 16, 201813722810 (P.T.A.B. Mar. 16, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 131722,810 12/20/2012 70422 7590 03/20/2018 LKGlobal (GM) 7010 E. COCHISE ROAD SCOTTSDALE, AZ 85253 FIRST NAMED INVENTOR ANSAF I. ALRABADY UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. P022301-GMVE-CD(003.1009) 7799 EXAMINER SIMITOSKI, MICHAEL J ART UNIT PAPER NUMBER 2493 NOTIFICATION DATE DELIVERY MODE 03/20/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): docketing@lkglobal.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Exparte ANSAF I. ALRABADY, KEVIN M. BALTES, J. DAVID ROSA, THOMAS M. FOREST, and ALAND. WIST Appeal 2017-011031 Application 13/722,8101 Technology Center 2400 Before ELENI MANTIS MERCADER, JAMES W. DEJMEK, and MATTHEW J. McNEILL, Administrative Patent Judges. DEJMEK, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a Final Rejection of claims 1, 2, 4-6, 8, 9, and 11-19. Appellants have canceled claims 3, 7, and 10. Br. 15-16. We have jurisdiction over the remaining pending claims under 35 U.S.C. § 6(b). We reverse. 1 Appellants identify GM Global Technology Operations LLC, the Applicant, as the real party in interest. Br. 4. Appeal 2017-011031 Application 13/722,810 STATEMENT OF THE CASE Introduction Appellants' disclosed and claimed invention is directed to "bypassing authenticity checks for secure control modules." Spec. ,-i 1. Appellants describe that within a vehicle, there may exist a plurality of vehicle control modules (e.g., engine control or transmission control), the control modules including a control program for controlling operation of a vehicle component (e.g., operation of the engine or transmission). Spec. ,-i 2. Appellants further disclose that a secure production control module typically requires the control program to be digitally signed in order to replace or update the control program. Spec. ,-i 3. Further, according to the Specification, it may desirable to update or replace a control program with an unsigned control program, for example to replace a production version of a boot program with a development version. Spec. ,-i,-i 4, 31. In a disclosed embodiment, an authenticity check of a program may be bypassed if authenticity data (i.e., a signature and unique identifier) associated with the program is validated. Spec. ,-i,-i 23-24, Figs. 5, 6. Claim 1 is illustrative of the subject matter on appeal and is reproduced below with the disputed limitation emphasized in italics: 1. A method of bypassing an authenticity check for a secure control module, comprising: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier (ID) that is unique to the control module; programming the control module with the authenticity data; and selectively bypassing the authenticity check of a control program of the control module when the signature of the 2 Appeal 2017-011031 Application 13/722,810 authenticity data is valid and when the ID matches an identifier of the control module, wherein the control program includes instructions that when executed by a processor control one or more components of a vehicle. The Examiner's Rejections 1. Claims 1, 2, 4, 8, 9, 13-17, and 19 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Margol et al. (US 2011/0106374 Al; May 5, 2011) ("Margol") and Kusudo et al. (US 2005/0138397 Al; June 23, 2005) ("Kusudo"). Final Act. 4-16. 2. Claims 5 and 6 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Margol, Kusudo, and Pai et al. (US 2013/0007348 Al; Jan. 3, 2013) ("Pai"). Final Act. 16-19. 3. Claims 11, 12, and 18 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Margol, Kusudo, and Bennett (US 2009/0282483 Al; Nov. 12, 2009). Final Act. 19-21. ANALYSIS2 In rejecting independent claims 1 and 16, the Examiner relies on the combined teaching and suggestions of Margol and Kusudo. Final Act. 5-8, 12-15. We begin our analysis with a review of these prior art references. Margol is generally directed to "remotely programming a vehicle." Margol ,-i 1. In particular, Margol describes programming various electronic control units (i.e., modules) via the on-board diagnostic interface (i.e., OBD- 2 Throughout this Decision, we have considered the Appeal Brief, filed September 4, 2015 ("Br.") the Examiner's Answer, mailed February 1, 2016 ("Ans."); and the Final Office Action, mailed April 10, 2015 ("Final Act."), from which this Appeal is taken. Appellants did not file a Reply Brief. 3 Appeal 2017-011031 Application 13/722,810 II). Margol ,-i,-i 4, 71. Example modules include the engine control module and transmission control module. Margol ,-i 71. Although the OBD-II interface provides for increased standardization compared to OBD-I, Margol explains the communication protocols used may vary by manufacturer. Margol ,-i 22. Thus, Margol provides a communication system that connects to a vehicle's OBD-II interface on one end and a scan tool or computer at a remote location. Margol ,-i 75, Fig. 2. In use, a technician can send, via the scan tool or computer, programming instructions for a vehicle's control module to the vehicle's OBD-II interface. Margol ,-i 78. The disclosed communication system converts the signaling and programming to be compatible with the detected vehicle's protocol. Margol ,-i,-i 78-79. Kusudo "relates to an authenticated program execution method that verifies the credibility of a downloaded program and executes the program that has been verified to be credible." Kusudo ,-i 2. In particular, Kusudo is concerned with downloading a program in a digital television and checking the authenticity of the program to ensure that before being "superimposed on a broadcast wave," the program has not been tampered with, does not inflict damage to the digital television, or does not act to spoof a third party. Kusudo ,-i 3. Kusudo recognizes that authenticating a program may be time consuming and, therefore, seeks to "shorten[] the time required before a program is activated, while guaranteeing the credibility of the program." Kusudo ,-i 6. Thus, Kusudo performs authentication before a program is stored in memory and performs no, or a partial, authentication at the time of program activation. Kusudo ,-i 7. Kusudo describes the steps of authenticating a program prior to storage in memory as comprising: (i) verifying hash values of the program and a stored value corresponding to 4 Appeal 2017-011031 Application 13/722,810 the program; (ii) validating a certificate file; and (iii) decrypting a signature value included with the program and comparing to a hash value associated with the program. Kusudo iJ 8. At the time for program execution, the certificate file is verified to be valid and, if so, the program is executed. Kusudo iJ 8. Figures 8 and 12 of Kusudo illustrate various structures of programs (stored in a POD and stored in a terminal apparatus). Kusudo iii! 29, 33; see also Kusudo, Figs. 8, 12. Kusudo describes a program is made up from a plurality of sub-programs (e.g., a main program, an initialization sub- program, a network sub-program, a reproduction sub-program, and a pay- per-view (PPV) sub-program). Kusudo iJ 96; see also Kusudo, Fig. 8. Within the terminal apparatus, Kusudo describes a program as comprising a plurality of sub-programs including an OS (operating system), EPG (electronic program guide), a Java VM (virtual machine), a service manager, and a Java library. Kusudo iii! 118-119, Fig. 12. The Java VM analyzes and executes programs written in the Java™ language. Kusudo iJ 127. Kusudo further describes an Application Information Table (AIT), which includes Application IDs of Java programs. Kusudo iii! 135, 137. Kusudo discloses if the value of the Application ID is within a certain range (i.e., OxO to Ox3fff), no authentication of the program is required. Kusudo iJ 137. If the value is not within the specified range (i.e., Ox4000 to Ox7fff), authentication is required. Kusudo iJ 13 7. Still further, Kusudo describes a download manager in the terminal apparatus receiving code data from the head end. Kusudo iJ 148. "Code data refers to binary data that includes an X.509 certificate and/or firmware of the terminal apparatus." Kusudo iJ 149. XAIT information is transmitted 5 Appeal 2017-011031 Application 13/722,810 between the head end and a POD and indicates information about Java programs that the terminal apparatus should store in non-volatile memory (i.e., secondary storage). Kusudo iJ 150. Figure 21 ofKusudo illustrates an example of XAIT information and includes identifiers of Java programs (2001 ), control information for the Java programs (2002), DSM CC (digital storage media command and control) identifiers (2003), and the storage position (2101) of a downloaded file system comprising an ocap.hashfile (2116), ocap.certificate (2119), and an ocap.signature file (2120). Kusudo iii! 150-151, Fig. 21. 3 Kusudo describes the authentication steps performed prior to the programs being stored in secondary storage. See Kusudo iii! 152-157; see also Kusudo iJ 8. After the program has been stored in secondary storage, a security manager "checks the value of the Java program identifier 2001 to judge whether it is an unsigned program or a signed program." Kusudo iJ 160. In addition to asserting Kusudo is non-analogous art to Appellants' invention (see Br. 10), Appellants also argue Kusudo, as relied on by the Examiner, fails to teach receiving authenticity data including a signature and an identifier unique to a control module. Br. 11. Further, Appellants argue Kusudo determines whether a program is signed or unsigned (i.e., whether authentication is required) based on only the value of the Application ID. Br. 11-12. Although we agree with the Examiner that Kusudo teaches XAIT information as comprising identifiers and the location of a downloaded file system including, inter alia, a signature file (i.e., ocap.signature ), based on 3 OCAP refers to the OpenCable™ Application Platform Specification. Kusudo iJ 154. 6 Appeal 2017-011031 Application 13/722,810 our review of Kusudo, validation of the signature data is not used to selectively bypass authentication of the program. See Kusudo iii! 152-157. Rather the signature (as well as other data) is used to authenticate the program prior to storage. See Kusudo iii! 8, 152-157. Prior to execution of the stored program a determination of whether to bypass authentication is determined based on the value of the Application ID. Kusudo iJ 137. Because we find it dispositive that Kusudo, as relied upon by the Examiner, does not teach or suggest selectively bypassing an authenticity check based on both a unique identifier and signature data, as required by independent claims 1 and 16, we need not address other issues raised by Appellants' arguments. For the reasons discussed supra, we do not sustain the Examiner's rejection of independent claims 1 and 16 over the combined teachings and suggestions of Margol and Kusudo. Additionally, the Examiner does not rely on the teachings of Bennett or Pai to remedy the deficiencies of the rejection related to the independent claims. Accordingly, we do not sustain the Examiner's rejections of claims 2, 4-6, 8, 9, 11-15, and 17-19, which depend directly or indirectly from independent claims 1 and 16. DECISION We reverse the Examiner's decision rejection claims 1, 2, 4-6, 8, 9, and 11-19. REVERSED 7 Copy with citationCopy as parenthetical citation
