DETAILED ACTION
This communication is response to the application filed 03/20/2019. Claims 1-20 are pending and presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/20/2019 and 08/13/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-10, 12, 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent 10,103,901 to Wu et al. (hereafter Wu) in view of US Pub. 2017/0093659 to Elend et al. (hereafter Elend).

Regarding claim 1, Wu discloses a vehicle network system, comprising: 
a first controller area network (CAN) bus including a first node and a first secure transceiver (see Wu, Fig 1- Fig 3; Col 1 lines 44-49; Col 3 lines 18-30; Col 6 lines 1-11); 
a second CAN bus including a second node and a second secure transceiver (see Wu, Fig 1- Fig 3; Col 1 lines 44-49; Col 3 lines 18-30; Col 6 lines 1-11); 
a gateway to enable transmission of a CAN message from the first node to the second node (see Wu, Col 3 lines 18—30; Col 4 lines 32-38; Col 5 lines 18-20); and 
an auxiliary communication link to transmit an auxiliary data derived from the CAN message from the first secure transceiver to the second secure transceiver (see Wu, Col 3 lines 51-63; Col 6 lines 8-16; Col 6 lines 39-49).
Wu discloses switch for transmitting CAN message between nodes but does not explicitly disclose a gateway.
However, Elend discloses a first controller area network (CAN) bus including a first node and a first secure transceiver (see Elend, ¶ 0054; ¶ 0055); a second CAN bus including a second node and a second secure transceiver (see Elend, ¶ 0054; ¶ 0055); a gateway to enable transmission of a CAN message from the first node to the second 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of using a gateway to enable transmission of a CAN message from the first node to the second node as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 2, Wu in view of Elend discloses the vehicle network system of claim 1, Wu discloses wherein the CAN message is transmitted using a CAN protocol (see Wu, Col 3 lines 18-30) but does not explicitly disc the auxiliary data is transmitted via the auxiliary communication link using a protocol that is different from the CAN protocol.
However, Elend discloses the auxiliary data is transmitted via the auxiliary communication link using a protocol that is different from the CAN protocol (see Elend, ¶ 0092: Local Interconnect Network (LIN) and FLEXRAY protocols).


Regarding claim 3, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the auxiliary communication link goes through the gateway.
However, Elend discloses wherein the auxiliary communication link goes through the gateway (see Lend, ¶ 0075; ¶ 0079).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 4, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the first secure transceiver and the second secure transceiver are fabricated in a same integrated circuit and the auxiliary communication link connects the first secure transceiver and the second secure transceiver within the integrated circuit.
However, Elend discloses wherein the first secure transceiver and the second secure transceiver are fabricated in a same integrated circuit and the auxiliary 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 5, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the auxiliary data includes a signature generated using a shared key, the identification of the first secured transceiver and a message counter.
However, Elend discloses wherein the auxiliary data includes a signature generated using a shared key, the identification of the first secured transceiver and a message counter (see Elend, ¶ 0062; ¶ 0063).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 6, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the auxiliary data includes an identification of the first secure transceiver and a message counter.

Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 7, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the second secure transceiver includes a mapping table that includes identification of the first secure transceiver and a code that the first secure transceiver is authorized to transmit.
However, Elend discloses wherein the second secure transceiver includes a mapping table that includes identification of the first secure transceiver and a code that the first secure transceiver is authorized to transmit (see Elend, ¶ 0062; ¶ 0063).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 8, Wu in view of Elend discloses the vehicle network system of claim 1, wherein the gateway includes a processor to generate a shared key and send the shared to the first secure transceiver and the second secure transceiver (see Elend, Fig 10A; ¶ 0074).


Regarding claim 9, Wu in view of Elend discloses the vehicle network system of claim 1, Elend discloses gateway that generate messages to the transceivers but does not explicitly disclose wherein the gateway is configured to generate the shared key at each secure boot.
However, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to configure the gateway to generate shared key or any other security key at each secure boot based on user design preference to achieve secure in-vehicle network to prevent malicious attack.

Regarding claim 10, Wu in view of Elend discloses the vehicle network system of claim 8, Wu does not explicitly disclose wherein the first and second secure transceivers include a memory to store the shared key.
However, Elend discloses wherein the first and second secure transceivers include a memory to store the shared key (see Elend, Fig 1; Fig 10). Obvious, the gateway will include memory to stored messages.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught 

Regarding claim 12, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose but Elend does discloses wherein the auxiliary communication link is a serial peripheral interface (see Elend, ¶ 0065: The RXD input interface is configured to receive serial data from the RXD path and the TXD input interface is configured to receive serial data from the TXD path).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 14, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose but Elend does disclose wherein the second secure transceiver is configured to validate the CAN message using the auxiliary data (see Elend, ¶ 0003; ¶ 0054 and ¶ 0074).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 15, Wu in view of Elend discloses the vehicle network system of claim 14, Wu does not explicitly disclose wherein based on the auxiliary data, the second secure transceiver is configured to invalidate the CAN message if the CAN message is not found to be authorized based on one or more of a message counter and an identification of the first secure transceiver.
However, Elend discloses wherein based on the auxiliary data, the second secure transceiver is configured to invalidate the CAN message if the CAN message is not found to be authorized based on one or more of a message counter and an identification of the first secure transceiver (see Elend, ¶ 0003: CAN transceiver, the compare module having a receive data (RXD) interface configured to receive data from the CAN transceiver, a CAN decoder configured to decode an identifier of a CAN message received from the RXD interface, and an identifier memory configured to store an entry that corresponds to at least one identifier, and compare logic configured to compare a received identifier from a CAN message to the entry that is stored in the identifier memory and to output a match signal when the comparison indicates that the received identifier of the CAN message matches the entry that is stored at the CAN device. The CAN device also includes a signal generator configured to output, in response to the match signal, a signal to invalidate the CAN message; ¶ 0005: the error signal is output onto a CAN bus to invalidate the CAN message; ¶ 0013: receiving an identifier of a CAN message at a CAN device, the identifier received at the CAN device via a CAN bus, comparing the identifier of the CAN message to an entry in an identifier memory at the CAN device, outputting a match signal when the comparison indicates that the identifier from the CAN message matches the entry in the identifier memory, 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 16, Wu in view of Elend discloses the vehicle network system of claim 1, Wu does not explicitly disclose wherein the auxiliary data includes a message counter to prevent an old auxiliary data being used to validate the CAN message.
However, Elend discloses wherein the auxiliary data includes a message counter to prevent an old auxiliary data being used to validate the CAN message (see Elend, ¶ 0003; ¶ 0013; ¶ 0062).

Regarding claim 17, Wu in view of Elend discloses the vehicle network system of claim 1, wherein the auxiliary data includes one or more of an identification of the first 
Elend also discloses wherein the auxiliary data includes one or more of an identification of the first secure transceiver and an information that is derived from a header of the CAN message and an information that is derived from a payload of the CAN message (see Elend, ¶ 0013; ¶ 0057; ¶ 0062).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Elend and incorporate it into the system of Wu to achieve reliable control of CAN messages to prevent malicious attack of vehicle components (see Elend, ¶ 0002). 

Regarding claim 18, it is rejected for the same reasons as set forth in claims 1 and 15. Although phrased as a method claim, the claim is nevertheless simple repetitions of the subject matter of claims 1 and 15.

Regarding claim 19, it is rejected for the same reasons as set forth in claim 17. Although phrased as a method claim, the claim is nevertheless simple repetitions of the subject matter of claim 17.

Regarding claim 20, it is rejected for the same reasons as set forth in claim 6. Although phrased as a method claim, the claim is nevertheless simple repetitions of the subject matter of claim 6.

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wu in view of Elend and further in view of US Pub. 2018/0084412 to Alfred et al. (hereafter Alfred).

Regarding claim 13, Wu in view of Elend discloses the vehicle network system of claim 8, but does not explicitly disclose wherein the first secure transceiver is configured to generate the auxiliary data based on the CAN message and the shared key using a cryptographic operation and transfer the auxiliary data to the second secure transceiver through the auxiliary communication link.
However, Alfred discloses wherein the first secure transceiver is configured to generate the auxiliary data based on the CAN message and the shared key using a cryptographic operation and transfer the auxiliary data to the second secure transceiver through the auxiliary communication link (see Alfred, Fig 2; ¶ 0018- ¶ 0022).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the above teaching as taught by Alfred and incorporate it into the system of Wu and Elend to prevent attack in a CAN network (see Alfred, ¶ 0010).

Allowable Subject Matter
Claim 11 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Pub. 2017/0078884 to TANABE et al. discloses a gateway device disposed between first CAN bus and second CAN bus in order to prevent an increase in the communication traffic.
US Pub. 2012/0278507 to Menon et al. discloses cross-network synchronization of applications S/W execution using Flexray global time.
US Pub. 2014/0334568 to Gotou et al. discloses communication device, communication system, and communication method.
US Patent 7,855,573 to Yost discloses controller area network active bus terminator.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to RASHEED GIDADO whose telephone number is (571)270-7645.  The examiner can normally be reached on Monday - Friday 8AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ricky Ngo can be reached on 571-272-3139.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RASHEED GIDADO/           Primary Examiner, Art Unit 2464