DETAILED ACTION
Continued Examination Under 37 CFR 1.114
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 05/07/2021 has been entered.
As per instant Amendment, Claim 7 is canceled; No claims have been added; Claims 1, 13, 16, and 20 have been amended; Claims 1, 16, and 20 are independent claims.  Claims 1-6, 8-20 have been examined and are pending. This Action is made Non-Final. 
Response to Arguments
Applicants’ arguments with respect to claims 1, 16, and 20 have been considered but are moot in view of the new ground(s) of rejection, which were necessitated by amendment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed 
invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if 
Claim(s) 1-2, 4-6, 11, 13-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Muthaiah et al. (US 2011/0080302; Hereinafter “Muthaiah”) in view of O’Toole et al. (US 2007/0142037; Hereinafter “O’Toole”).
Regarding claim 1, Muthaiah teaches a method at a network element for processing a first message (Muthaiah: Fig. 1, Para. [0006]-[0007]), the method comprising: 
performing a plurality of checks on the first message (Muthaiah: Para. [0023], In step 50, the receiver of the vehicle receives a data packet. In step 51, contents of the data packet are examined prior to checking the digital signature of the data packet. Para. [0022], The filter 42 exists as a set of algorithms which examines each data packet prior to the security layer 38 and makes a decision to send the data packet to the security layer 38 or discard the data packet. The filter may use a plurality of filter stages to analyze and discard the data packets received by a vehicle in a V2V network. It should further be understood that the characteristic data and predetermined parameters as described herein for filtering is not exhaustive and that the filtering routine may utilize various characteristic data and predetermined parameters that will identify an unwanted filter packets for discarding the filter packet. Para. [0024], Para. [0029]-[0039]).
Muthaiah does not explicitly teach modifying the first message, the first message being destined for an intelligent transportation system station being an endpoint associated with a road user, the modifying providing to provide an indication to the intelligent transportation system station of the plurality of checks performed by the network element, thereby creating a second message; and forwarding the second message to the intelligent transportation system station; wherein the network element is separate from and trusted by the intelligent transportation system station, and wherein the indication includes a list of the plurality of checks and whether the checks passed or failed.
(O’Toole: Fig. 1-2, Fig. 6-7, Para. [0029], At step 600, message 200 is received by receiving unit 302. At step 602, the forwardabilty of message 200 is determined by forwarding control unit 306. Para. [0033]-[0034]),
the modifying providing to provide an indication to the intelligent transportation system station of the plurality of checks performed by the network element, thereby creating a second message (O’Toole: Para. [0031], In various embodiments of the invention, forwardability is considered true if one or more of the above conditions are met. If message 200 is found to be forwardable, then at step 604, forwarding count is decreased by one. For example, in an embodiment of the invention, in message 200, hops-to-live 228 is decreased by one. At step 606, message 200 is forwarded by forwarding unit 308. In an embodiment of the invention, message 200 is forwarded to other VTUs 106. Para. [0033], In an embodiment of the invention, the forwarded message is a copy of the message received, i.e., message 200, except that hops-to-live 228 is changed. In another embodiment of the invention, a new message including a new signature incorporated by VTU 106, along with the decreased value of hops-to-live 228, is forwarded. This is done by presuming that the VTU units are implemented in secure tamper-proof chips. It is also presumed that the authorized source believes that the VTU units will not be compromised for any fraudulent purposes. This is achieved by decreasing the value of hops to live 228 by one. At step 710, the validity of message 200 is checked by validating unit 310.); and
forwarding the second message to the intelligent transportation system station (O’Toole: Para. [0031], At step 606, message 200 is forwarded by forwarding unit 308. In an embodiment of the invention, message 200 is forwarded to other VTUs 106. Para. [0033], In an embodiment of the invention, the forwarded message is a copy of the message received, i.e., message 200, except that hops-to-live 228 is changed. In another embodiment of the invention, a new message including a new signature incorporated by VTU 106, along with the decreased value of hops-to-live 228, is forwarded. This is done by presuming that the VTU units are implemented in secure tamper-proof chips. It is also presumed that the authorized source believes that the VTU units will not be compromised for any fraudulent purposes. This is achieved by decreasing the value of hops to live 228 by one. At step 710, the validity of message 200 is checked by validating unit 310.); wherein the network element is separate from and trusted by the intelligent transportation system station (O’Toole: Para. [0023], Validating unit 310 also checks if signature 226 is from the authorized source. [Authorized source meets trusted by the intelligent transportation system station limitation], Para. [0018], For example, the data may include information on the type of the traffic signal, status of the traffic signal, the positioning of the traffic signal, a stamp from an authorized source, and so forth.), and wherein the indication includes a list of the plurality of checks and whether the checks passed or failed (O’Toole: Para. [0023], Validating unit 310 checks the validity of message 200. In various embodiments of the invention, the validity is checked based on the values of validity duration 222, signature 226 and checksum 230, by validating unit 310. Validating unit 310 checks if message 200 is received within the time given by validity duration 222 from the time given by GPS timestamp 220. Validating unit 310 also checks if signature 226 is from the authorized source. Further, validating unit 310 may use an arithmetic error detection code to verify validity of message 200, by using checksum 230. Para. [0034], [0021]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of O’Toole with the system and method of Muthaiah to include modifying the first message, the first message being destined for an intelligent transportation system station being an endpoint associated with a road user, the modifying providing to provide an indication to the intelligent transportation system station of the plurality of checks performed by the network element, thereby creating a second message; and forwarding the second message to the intelligent transportation system station; wherein the network element is separate from and trusted by the intelligent transportation system station, and wherein the indication includes a list of the plurality of checks and whether the checks passed or failed because this functionality provides for transferring secure messages from trusted authorized devices (O’Toole: Para. [0032]). 
Regarding claim 2, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein, on receiving the first message, the method further comprises checking security credentials of the first message, and wherein the checking comprises finding whether a first identifier in a certificate received in the first message is associated with a second identifier of the certificate that is determined from information on a certificate revocation list (Muthaiah: Para. [0034], third example includes certificate revocation lists (CRLs). Revoking misbehaving nodes is performed through CRLs which are disseminated periodically or in response to particular events to all participants of the V2V communication network. CRLs are essentially lists that identify misbehaving nodes through a unique ID. If a node ID exists in the CRLs, the data packets received from the node ID are discarded).
Regarding claim 4, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein, on receiving the first message, the method further comprises checking security credentials of the first message, and wherein the checking comprises verifying that a signature of a certificate in the first message is consistent with contents of the certificate (Muthaiah: Para. [0033], A second example is determining an integrity of the signature. A simplest form of attack is a computational denial of service attack. Since verifying asymmetric key cryptography based on signatures is computationally intensive, verifying a large number of signatures can severally degrade a performance of the V2V communication network. A malicious attacker of the system just has to append 256-bits of random number to each transmitted message. As a result, the filter must ensure that the data packets with random bits of data masquerading as signatures are filtered from signatures with correct signatures. O’Toole: Para. [0021], The authorized source may be a traffic authority operating in the area of the traffic signal. Field 226 is a `Signature` provided by the authorized source to authenticate message 200. CertKeyId 224 is used to verify signature 226. [0027]).
Regarding claim 5, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein, on receiving the first message, the method further comprises checking security credentials of the first message (Muthaiah: Para. [0008], The protocol stack includes the security layer for authenticating a digital signature of the received message. A filter selectively processes a number of messages being staged for authentication in a security layer of the protocol stack.), and wherein the checking comprises verifying that the first message has a signature that correctly corresponds with contents of the first message and that the first message is correctly associated with a certificate in the first message (Muthaiah: Para. [0004], Messages in V2V communications are secured by appending a unique digital signature to the message. The digital signatures are typically based on asymmetric key cryptography and are the digital equivalent of hand-written signatures. At the receiving end of a vehicle communication, a digital signature algorithm is used to verify the signature. If a digital signature is authenticated, the messages are transferred to the application layer for processing the data with the message. Para. [0021], The security layer 38 authenticates the digital signature of the data packet. Para. [0033], [0039]; O’Toole: Para. [0021], The authorized source may be a traffic authority operating in the area of the traffic signal. Field 226 is a `Signature` provided by the authorized source to authenticate message 200. CertKeyId 224 is used to verify signature 226. [0027]).
Regarding claim 6, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein, on receiving the first message, the method further comprises checking data plausibility of data within the message to ensure data values are within set thresholds (Muthaiah: Para. [0036], SINR, in addition to signal strength and other signal quality characteristics may be compared to one or more threshold parameter ranges for determining whether malicious node tampering is present. For example, the signal strength of a wireless signal falls exponentially with distance. If the signal is losing signal strength, then a determination may be that the signal thought to be broadcast from a remote vehicle in the near vicinity and same direction of the host vehicle may not be near the host vehicle as expected. It is also well understood that SINR decreases as the range between the transmitter and receiver increases. If the SINR is too low (i.e., lower than a predetermined threshold range), then the data packet may be suspect and discarded. Para. [0035], Each vehicle within the sector graph transmits a message by node which has a "location coordinate" as part of the message. A detection scheme involves tracking these location coordinates and flagging them for spuriousness if the trajectory appears inconsistent with known physical laws. In FIG. 7, vehicle X is the transmitting vehicle and vehicle A is the receiving vehicle. The road is divided into a sequence of equal spaced blocks in the spatio-temporal domain. At t.sub.-3, vehicle A starts to track vehicle X. At time t.sub.0, vehicle A has sufficient data based on vehicle x's speed, acceleration, driving behavior to predict that vehicle x will be in a designated "sector of availability". If location coordinate of vehicle x at time t.sub.o is out of this "sector of availability", then the behavior of vehicle x can be considered malicious.).
Regarding claim 11, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein the first message is one of a Cooperative Awareness Message; a Decentralized Environmental Notification Message; or a Basic Safety Message (Muthaiah: Para. [0002], Para. [0016], Such environmental awareness conditions are communicated between vehicles over the inter-vehicle communication network to forewarn of some type of safety condition, traffic delays, accident, or other current conditions that is of potential importance to a driver of the vehicle or the a safety related system of the vehicle. One of the objectives is to provide advance warning to neighboring vehicles of a condition so as to provide additional time to react to the condition.).
Regarding claim 13, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein the second message is formed without one or more signatures or certificates of the sending entity sending the first message via the network element to the intelligent transportation system station (O’Toole: Para. [0023], Further, validating unit 310 may use an arithmetic error detection code to verify validity of message 200, by using checksum 230. [checksum calculated to validate message] Para. [0027], It calculates a checksum, using all the fields of message 200 and verifies the validity by comparing the calculated checksum with the value of checksum 230. Para. [0031], If message 200 is found to be forwardable, then at step 604, forwarding count is decreased by one. For example, in an embodiment of the invention, in message 200, hops-to-live 228 is decreased by one. At step 606, message 200 is forwarded by forwarding unit 308. Para. [0033], If the value of hops-to-live 228 is greater than zero, message 200 is still forwardable. Further, forwardability of message 200 is determined by forwarding region-checking unit 406 that checks if message 200 is received in the area defined by forwarding regions 218. At step 706, forwarding count is decreased by forwarding unit 308. At step 708, message 200 is forwarded by forwarding unit 308, if message 200 is forwardable. In an embodiment of the invention, message 200 is forwarded to one or more VTUs placed in other vehicles that are approaching the traffic signal. In another embodiment of the invention, message 200 may also be forwarded to CTU 104. In an embodiment of the invention, the forwarded message is a copy of the message received, i.e., message 200, except that hops-to-live 228 is changed. [hops-to-live value changed and message forwarded without signature]).
Regarding claim 14, Muthaiah, in combination with O’Toole, teaches the method of claim 1, further comprising adding a signature of the network element in the second message (O’Toole: Para. [0033], In another embodiment of the invention, a new message including a new signature incorporated by VTU 106, along with the decreased value of hops-to-live 228, is forwarded. This is done by presuming that the VTU units are implemented in secure tamper-proof chips.)  
Regarding claim 15, Muthaiah, in combination with O’Toole, teaches the method of claim 1, wherein the discarding the message occurs when a check of the first message fails (Muthaiah: Para. [0023], In step 54, if the information within the data packet does is not in compliance with the predetermined parameter, then the data packet is discarded. O’Toole: Para. [0031], At step 608, message 200 is discarded, if it is not forwardable. Para. [0035], At step 714, message 200 is discarded, if it has been found invalid by validating unit 310.).
Regarding claims 16-17, claims 16-17 are rejected under the same rational as claims 1-2, respectively.
Regarding claim 19, claim 19 is rejected under the same rational as claim 4.
Regarding claim 20, claim 20 is rejected under the same rational as claim 1.

Claim(s) 3 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Muthaiah et al. (US 2011/0080302; Hereinafter “Muthaiah”) in view of O’Toole et al. (US 2007/0142037; Hereinafter “O’Toole”) in view of Kumar et al. (US 2019/0245705; Hereinafter “Kumar”).
Regarding claim 3, Muthaiah, in combination with O’Toole, teaches the method of claim 2, in which the first identifier in the certificate is a linkage value (Muthaiah: Para. [0034], A third example includes certificate revocation lists (CRLs). Revoking misbehaving nodes is performed through CRLs which are disseminated periodically or in response to particular events to all participants of the V2V communication network. CRLs are essentially lists that identify misbehaving nodes through a unique ID. If a node ID exists in the CRLs, the data packets received from the node ID are discarded. Hori: Para. [0137], Also, in this case, it is preferable that a public key certificate with the device ID included therein be set to the "device ID" of a security frame and that the electronic signature be set to the "message authentication code".). Muthaiah, in combination with O’Toole, does not explicitly teach and the information on a certificate revocation list is one or more linkage seeds.  
In an analogous art, Kumar teaches a system and method in which the first identifier in the certificate is a linkage value and the information on a certificate revocation list is one or more linkage seeds (Kumar: Para. [0006], Then, for vehicles that need to be revoked (as determined by the MA), it requests the corresponding linkage seeds for the current time period from both of the LAs, and publishes them on the Certificate Revocation List (CRL). Using the published seeds, anyone can generate all current and future (but not past) linkage values and compare them with the ones in the certificates to identify revoked vehicles.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Kumar with the system and method of Muthaiah and O’Toole to include in which the first identifier in the certificate is a linkage value and the information on a certificate revocation list is one or more linkage seeds because this functionality provides for utilization of a linkage value as an identifier in a certificate to identify revoked vehicles (Kumar: Para. [0006]). 
Regarding claim 18, claim 18 is rejected under the same rational as claim 3.

Claim(s) 8-10 are rejected under 35 U.S.C. 103 as being. unpatentable over Muthaiah et al. (US 2011/0080302; Hereinafter “Muthaiah”) in view of O’Toole et al. (US 2007/0142037; Hereinafter “O’Toole”) in view of Cao et al. (US 2019/0387558; Hereinafter “Cao”).
Regarding claim 8, Muthaiah, in combination with O’Toole, teaches the method of claim 1.  Muthaiah, in combination with O’Toole, does not explicitly teach wherein the network element is operated by an operator that also operates a cellular network.  
In an analogous art, Cao teaches a system and method wherein the network element is operated by an operator that also operates a cellular network (Cao: Para. [0048], In such examples, the cellular network across which the nodes can communicate assists communications between the nodes by reliably establishing a link between them. A network node, in this example a base station (BS), acts as an intermediary for establishing a secure communication link between N1 and N2. Para. [0052], FIG. 4 also depicts some communication possibilities between the vehicles. V3 and V5 are shown as being connected to a BS of a cellular network 408. V3 and V5 are also connected to each other over a D2D link. This D2D link could have been established via the BS as described with respect to FIG. 3B. Para. [0044])
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cao with the system and method of Muthaiah and O’Toole to include wherein the network element is operated by an operator that also operates a cellular network because this functionality provides for fast, secure transmission and connections that are better protected against malicious communications (Cao: Para. [0008]). 
Regarding claim 9, Muthaiah, in combination with O’Toole, teaches the method of claim 1. Muthaiah, in combination with O’Toole, does not explicitly teach wherein the network element has a previously established trust relationship with the intelligent transportation system station. 
(Cao: Para. [0008], The apparatus in this context is an apparatus able to act as a traffic node manager for the radio network and could be a network node such as a Base Station (BS) or Base Transceiver Station (BTS) or a dedicated vehicle identity manager for example. Regardless of whether traffic nodes are able to communicate directly with each other in accordance within a V2X protocol scenario, an advantage of requiring context-related communications to occur via such an apparatus is that a communication request can be safely managed. Thus regardless of whether the first (requesting) traffic node is registered with the radio network, the second traffic node, which is a member of the radio network, can be protected from unsolicited communication requests, which may be malicious.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cao with the system and method of Muthaiah and O’Toole to include wherein the network element has a previously established trust relationship with the intelligent transportation system station because this functionality provides for security to be safely established between two nodes (Cao: Para. [0008]). 
Regarding claim 10, Muthaiah, O’Toole, and Cao, teaches the method of claim 9 in which the trust relationship is previously established using a cellular network attach procedure (Cao: Para. [0048], In such examples, the cellular network across which the nodes can communicate assists communications between the nodes by reliably establishing a link between them. A network node, in this example a base station (BS), acts as an intermediary for establishing a secure communication link between N1 and N2. Para. [0008]).

Claim(s) 12 is rejected under 35 U.S.C. 103 as being unpatentable over Muthaiah et al. (US 2011/0080302; Hereinafter “Muthaiah”) in view of O’Toole et al. (US 2007/0142037; Hereinafter “O’Toole”) in view of Canavor et al. (US 2016/0280371; Hereinafter “Canavor”).
Regarding claim 12, Muthaiah, in combination with O’Toole, teaches the method of claim 1. Muthaiah, in combination with O’Toole, does not explicitly teach further comprising caching an identifier for the sending entity and associated information, including one or more of result of security checks, message forwarding behavior, or message discard treatment.  
In an analogous art, Canavor teaches a system and method teach further comprising caching an identifier for the sending entity and associated information, including one or more of result of security checks, message forwarding behavior, or message discard treatment  (Canavor: Fig. 6, Para. [0025], As an example, the message may include an identifier of the unmanned aerial vehicle (which may be in the form of an identifier of a digital certificate of the unmanned aerial vehicle, which may be a fingerprint of the unmanned aerial vehicle's certificate) and information indicating revocation of the digital certificate of the unmanned aerial vehicle subject to the revocation. Para. [0027], The vote of confidence may, for example, be added by digitally signing the message or a portion thereof (e.g., an identifier of the message) using the unmanned aerial vehicle's private cryptographic key. Other information may be included instead of or in addition to a digital signature, such as a value between zero and one of the confidence of the vote and, in some examples, the other information may be included in the information that is digitally signed. Para. [0028]-[0029], Para. [0030], For example, in some implementations, unmanned aerial vehicles maintain logs of messages they have received along with other relevant information (e.g., digital signatures and certificates or identifiers of certificates). [logging message data including identifier and forwarding behavior meets caching limitation]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Canavor with the system and method of Muthaiah and O’Toole to include teach further comprising caching an identifier for the sending entity and associated information, including one or more of result of security checks, message forwarding behavior, or message discard treatment because this functionality provides for logging of identifier and behavior information of received messages to ensure chronological ordering and override effects of older messages (Canavor: Para. [0030]). 
Conclusion
The following prior art made of record is not relied upon, but is considered pertinent to applicant's disclosure. 
US Patent Application Publication No.: US 2016/0140842 by Park et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571) 272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NELSON S. GIDDINS/Primary Examiner, Art Unit 2437