DETAILED ACTION
This action is responsive to RCE filed on 12/29/2020. Claims 1, 6, 7 and 8 are independent. Claims 2-4 and 9 are cancelled. Claims 1, 6 and 7 are amended. Thus, claims 1, 5-8 and 10-11 are pending and being considered. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/29/2020 for application number 16/082,404 has been entered.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 
Authorization for this examiner’s amendment was given in an interview with applicant’s representative Mr. Gary V. Harkcom (Reg. No. 62,956) on 03/24/2021. The summary of the interview is attached.

Amendments to the Claims
The application has been amended as followed:
1.  (Currently Amended) A communication network system, comprising: 
	a plurality of control units, sharing a session key, that are collectively installed in a physical entity to exchange data therebetween through a network so as to achieve functions allocated thereto,
	wherein a first control unit serving as a transmission node is configured to send a count-value notification message to a second control unit serving as a reception node, through the network,
wherein the first control unit comprises a first hardware processor configured to execute instructions stored on its memory and to implement
	generating a count value,
	encrypting the count value using the session key,
	generating a first message authentication code using the count value and the session key, and
	transmitting, in a count-value notification cycle, the count-value notification message including the encrypted count value and the first message authentication code, and
hardware processor configured to execute 
receiving the count-value notification message from the first control unit,
	decrypting the encrypted count value to reproduce the count value, 
	generating a second message authentication code using the reproduced count value and the session key, and 
	checking whether the first message authentication code matches the second message authentication code, thus determining
		(i) when matched, the second control unit updates its count value stored therein with the reproduced count value, and
		(ii) when unmatched, the second control unit discards the reproduced count value, and
wherein the first control unit is configured to transmit a transmission-data transmitting frame to the second control unit via (a) through (e),
	(a) generating by the first control unit the transmission-data transmitting frame including transmission data, a lower-bit string of the count value, and a third message authentication code, wherein the third message authentication code is generated from the transmission data and the count value using the session key,
	(b) reproducing by the second control unit the count value by concatenating an upper-bit string of the count value stored therein and the lower-bit string of the count value included in the transmission-data transmitting frame,
	(c) generating by the second control unit a fourth message authentication code from the transmission data included in the transmission-data transmitting frame and the reproduced count value using the session key,
	(d) checking whether the third message authentication code matches the fourth message authentication code, and
	(e) when matched, accepting the transmission data with the second control unit.

2.  (Cancelled)  

3.  (Cancelled)  

4.  (Cancelled)  

5.  (Previously Presented)  The communication network system according to claim 1, wherein the plurality of control units are collectively installed in a vehicle as the physical entity such that the plurality of control units are connected together through a control area network (CAN).

6.  (Currently Amended)  A count-value notification node selected from among a plurality of control units, sharing a session key, that are collectively installed in a physical entity to exchange data therebetween through a network so as to achieve functions allocated thereto,
wherein the count-value notification node comprises a hardware processor configured to execute instructions stored on its memory and to implement
	generating a count value,
	encrypting the count value stored using the session key, 
	generating a message authentication code using the count value and the 
transmitting, in a count-value notification cycle, a count-value notification message, including the encrypted count value and the message authentication code,
wherein a counterpart node selected from among the plurality of control units, comprises a hardware processor, is configured to receive the count-value notification message upon checking validity of the message authentication code, thus accepting the count value decrypted from the encrypted count value, and
wherein the is configured to transmit a transmission-data transmitting frame to the 
	(a) generating by the 
	(b) reproducing by the
	(c) generating by the
(d) checking whether the third message authentication code matches the fourth message authentication code, and
	(e) when matched, accepting the transmission data with the second control unit.

7.  (Currently Amended)  A count-value sharing method adapted to a transmission node and a reception node selected from among a plurality of control units, sharing a session key, that are collectively installed in a physical entity to exchange data therebetween through a network so as to achieve functions allocated thereto, the method comprising: 
generating a count value,
encrypting, using a hardware processor of the transmission node, the count value using the session key,
generating a first message authentication code using the first count value and the session key,
transmitting, in a count-value notification cycle, the count-value notification message including the encrypted count value and the first message authentication code from the transmission node to the reception node,
decrypting, using a hardware processor of the reception node, the encrypted count value included in the count-value notification message to reproduce the count value,
generating a second message authentication code using the reproduced count value and the session key, and
checking whether the first message authentication code matches the second 
	(i) when matched, the reception node updates its count value stored therein with the reproduced count value, and
	(ii) when unmatched, the reception node discards the reproduced count value, and
wherein the 
	(a) generating by the 
	(b) reproducing by the 
	(c) generating by the 
	(d) checking whether the third message authentication code matches the fourth message authentication code, and
	(e) when matched, accepting the transmission data with the second control unit.

8.  (Previously Presented)  A non-transitory computer-readable storage medium having a stored computer program causing a computer of a count-value notification node to implement the count-value sharing method according to claim 7.

9.  (Cancelled)  

10.  (Previously Presented)  The count-value notification node according to claim 6, wherein the plurality of control units are collectively installed in a vehicle as the physical entity, such that the plurality of control units are connected together through a control area network (CAN).

11.  (Previously Presented)  The count-value sharing method according to claim 7, wherein the plurality of control units are collectively installed in a vehicle as the physical entity, such that the plurality of control units are connected together through a control area network (CAN).

Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance: 
Claims 1, 5-8 and 10-11 are allowed.
The following references/prior arts disclose the subject matter/limitation recited in independent claims 1 and 6-8 before/after the current amendment is submitted/made.
Regarding claim 1, the cited prior art(s) such as UJIIE et al. (US 2016/0315766 A1) teaches the limitation(s) a communication network system, comprising: a plurality of control units, sharing a session key, that are collectively installed in a physical entity to exchange data therebetween through a network so as to achieve functions allocated thereto (UJIIE, Abstract, discloses an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key),
	wherein a first control unit serving as a transmission node is configured to send a count-value notification message to a second control unit serving as a reception node, through the network,
wherein the first control unit comprises a first hardware processor configured to execute instructions stored on its memory and to implement (UJIIE, Para. [0061], discloses that each ECU is a device that includes, for example, digital circuits such as a processor (microprocessor), memory, and so forth, analog circuits, communication circuits, and so forth. The memory is read-only memory (ROM), random access memory (RAM), and so forth, capable of storing a control program (computer program) to be executed by the processor. The ECU can realize various functions by the processor operating following the control program (computer program), for example. The computer program is configured as a combination of multiple command codes representing instructions to the processor, to achieve predetermined functions)
generating a count value (UJIIE, Para. [0208], discloses computation of the ),

generating a first message authentication code using the count value and the session key (UJIIE, Para. [0083-0084], discloses to generate MAC values using a session key and a counter value, and/or see also Fig. 3 and Para. [0118], discloses that the master ECU 400 generates a MAC using the generated encrypted session key Ks1’ and a counter (transmission counter value) at the MAC processing unit 406), and
transmitting, UJIIE, Para. [0119], discloses that the master ECU 400 transmits a data frame including in the data field the encrypted session key Ks1' and the MAC value, and as disclosed in Para. [0005], wherein each node (ECU) connected to a bus transmits/receives messages called frames), and
wherein the second control unit comprises a second hardware processor configured to execute instructions stored on its memory and to implement (UJIIE, Para. [0061], discloses that each ECU is a device that includes, for example, digital circuits such as a processor (microprocessor), memory, and so forth, analog circuits, communication circuits, and so forth. The memory is read-only memory (ROM), random access memory (RAM), and so forth, capable of storing a control program (computer program) to be executed by the processor. The ECU can realize various functions by the processor operating following the control program (computer program), for example. The computer program is configured as a combination of multiple command codes representing instructions to the processor, to achieve predetermined functions)
receiving the UJIIE, Fig. 1 and Para. [0121], discloses that the ECU 100a starts receiving the data frame (message from master ECU 400) flowing on the bus),

generating a second message authentication code using UJIIE, Para. [0125], discloses that the ECU 100a saves the extracted session key Ks1 in the session key storing unit 108 and uses this session key Ks1 to generate or verify MAC values at the time of transmission or reception of the next and subsequent data frames (messages)), and 
checking whether the first message authentication code UJIIE, UJIIE, Para. [0101], discloses that the MAC processing unit 107 then performs comparison and verification against the MAC value included in the received data field, and notifies the verification results to the frame analyzing unit 102, and as further disclosed in Para. [0123], that the ECU 100a extracts the MAC value from the data field of the received data frame (message) and performs verification at the MAC processing unit 107)
(i) when matched, the second control unit updates its count value stored therein with the UJIIE, Para. [0083], discloses that the MAC is generated reflecting a transmission counter value incremented each time a frame is (i.e., successfully) transmitted, and as further disclosed in Para. [0084], the counter storing unit 407 stores counter values necessary for calculating MAC values, one each for transmission and for receipt, for each CAN-ID. In a case where a frame has been successfully transmitted, the transmission counter value is incremented, and in a case ), and
(ii) when unmatched, the second control unit discards UJEEI, Para. [0123], discloses that the ECU 100a extracts the MAC value from the data field of the received data frame and performs verification at the MAC processing unit 107 (step S1010). In a case where verification fails, the data frame being received is discarded, and the frame reception ends), and
wherein the first control unit is configured to transmit a transmission-data transmitting frame to the second control unit UJIIE, Para. [0132], discloses that the ECU 100a transmits the data frame including the value of the data and the counter in the data field, with the CAN-ID "1" attached, by the frame transmission/reception unit 101 (step S1104). Accordingly, the data frame appears on the bus 200, and as disclosed in Para. [0134], when a data frame appears on the bus 200, the ECU 100c starts receiving the data frame flowing on the bus),
(a) generating by the first control unit the transmission-data transmitting frame including transmission data (UJEEI, Para. [0129], discloses that, first, the ECU 100a generates data to be transmitted at the frame generating unit 110 (step S1101)), UJIIE, Para. [0130], discloses that the ECU 100a then generates a MAC corresponding to the value of the data generated in step S1101 and the counter (transmission counter value) at the MAC processing unit 107 (step S1102). The ECU 100a further uses the session key Ks1 ),

(c) generating by the second control unit a UJIIE, Para. [0101], discloses that the MAC processing unit 107 calculates a MAC value using a session key […], a portion of the data field excluding the MAC value, and a reception counter value corresponding to the CAN-ID that is stored in the counter storing unit 109),
(d) checking whether the UJIIE, Para. [0101], discloses that the MAC processing unit 107 then performs comparison and verification against the MAC value included in the received data field, and notifies the verification results to the frame analyzing unit 102, and/or as disclosed in Para. [0136], discloses that the ECU 100c extracts the MAC value from the data field of the received data frame and performs verification at the MAC processing unit 107 (step S1110). In a case where verification fails, the data frame being received is discarded, and the frame reception ends. The ECU 100c uses the session key Ks1 stored at the session key storing unit 108 in the verification of the MAC in step S1110. In a case where verification has been successful, the ECU 100c increments the reception counter value corresponding to the CAN-ID "1" by 1 (step S1111)).
Wasilewski et al. (US 2002/0044658 A1) teaches the limitation(s) encrypting the count value using the session key (Wasilewski, Fig. 3 and Para. [0073], discloses that the service origination component 305 of system 301 generates a control word (i.e., encrypted count value) by encrypting a value, called a "counter value" (which increments by one after each use) by using the MSK as the key and/or see also Fig. 10 and Para. [0179], discloses a control word (i.e., encrypted counter value) is a random value that is created by encrypting a counter value […] using the MSK as the key),
transmitting, in a count-value notification cycle, the count-value notification message including the encrypted count value and the first message authentication code (Wasilewski, Fig. 3, illustrates to transmit an entitlement control message (ECM 323) between service origination component 305 and service reception component 333 of a system, and as disclosed in Para. [0178-0179], the structure of an ECM 1008 which includes the control word (i.e., encrypted counter value) and an ECM MAC 1013 (as shown in Fig. 10), wherein the control word (i.e., encrypted counter value) is created by encrypting a counter value by using the MSK as a key, and wherein the control word in its non-encrypted form (such as the non-encrypted counter value) is used together with some or all of the MSK as input […] to produce ECM MAC 1013), and 
receiving the count-value notification message from the first control unit (Wasilewski, Para. [0075], when an ECM 323 is received in service reception component 333 (DHCT), the control word 319 (i.e., encrypted counter value) is […] found by encrypting the counter value using the MSK),
decrypting the encrypted count value to reproduce the count value (Wasilewski, Para. [0075], discloses that the ECM 323 is received in service reception component 333 (DHCT), control word (i.e., encrypted counter value) is decrypted […] by using the MSK, in order to generate a new count value as mentioned in Para. [0047])), 
Oguma et al. (US 2014/0310530 A1) teaches the limitation(s) specifically generating a second message authentication code using the count value and the session key (Oguma, Figs. 5-6 and Para. [0055], discloses a MAC production part 4 that takes out the encryption key (i.e., common key) from the encryption storage part 5 […] and the latest counter value from the counter storage part 3, and produces the MAC (i.e., second MAC) from […] the latest counter value and the encryption key (i.e., common key), as depicted in Fig. 5, and as also illustrated in Fig. 8 (Flowchart S205-S206)), and 
checking whether the first message authentication code matches the second message authentication code, thus determining (Oguma, Fig. 7 and Para. [0065], discloses a MAC comparison part 2 that compares the MAC produced by the MAC production part 4 with the MAC extracted from the received MAC message to determine whether these two MAC’s are same or not, as also depicted in Fig. 8 (Flowchart S211-S214))
However the combination of UJIIE, Wasilewski and Oguma fails to explicitly disclose the limitations such as “(ii) when unmatched, the second control unit discards the reproduced count value, (a) generating by the first control unit the transmission-data transmitting frame including transmission data, a lower-bit string of the count value, and a third message authentication code, wherein the third message authentication code is generated from the transmission data and the count value using the session key, 	(b) reproducing by the second control unit the count value by concatenating an upper-bit string of the count value stored therein and the lower-bit string of the count value included in the transmission-data transmitting frame, (c) generating by the second control unit a fourth message authentication code from the transmission data included in the transmission-data transmitting frame and the reproduced count value using the session key”.
Regarding independent claims 6, 7 and 8, the claims are allowable for the same reasons as mentioned above for the independent claim 1.
The closest cited prior arts, such as Yajima; Jun et al. (US 20160191408 A1) generally related to a control of a communication among communication devices; Lewis; Matthew et al. (US 9252945 B2) relates to a method for recognizing a manipulation of a sensor and/or sensor data of the sensor; SUGANO; Yasuharu et al. (US 20180227284 A1) relates to a communication apparatus, communication method, and communication program product each of which authenticates communication data communicated on a network by a MAC; HAGA; TOMOYUKI et al. (US 20160297401 A1) relates to a technique for sensing and handling fraudulent frames transmitted within an in-vehicle network over which electronic control units perform communication; UJIIE; YOSHIHIRO et al. (US 20170109521 A1) relates to a technique for communicating messages in a vehicle network; UJIIE; YOSHIHIRO et al. (US 20160264071 A1) relates to a technology for working against transmission of a fraudulent frame in an in-vehicle network in which electronic control units communicate with one another.; Circello; Joseph C. et al. (US 20160171249 A1) relates to decryption of encrypted software images and, more particularly, to low latency decryption within an integrated circuit; 
However, all the above cited references/prior arts including UJIIE, Wasilewski and Oguma, and also including the closest cited prior arts either taken alone or in combination neither anticipate nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the amended functional limitation incorporated in independent claims 1 and 6-8.
For this reason, the specific claim limitations recited in independent claims 1 and 6-8 taken as whole are allowed. Furthermore, the dependent claims which are dependent on the above independent claims 1 and 6-8 being further limiting to the independent claims, definite and enabled by the specification are also allowed.
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Mon-Fri: 8AM – 4PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ALI CHEEMA/
Examiner, Art Unit 2433	
/SAMSON B LEMMA/Primary Examiner, Art Unit 2498