DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Joseph Wang (Reg. No. 61,123) on July 1, 2021.

Claims
The application has been amended as follows:

Regarding claim 1: (Currently Amended) A system comprising:
a first electronic control unit (ECU) of a plurality of ECUs in a vehicle; and
a second ECU of the plurality of ECUs;
the first ECU configured to perform first operations comprising:
provisioning a third ECU of the plurality of ECUs with a set of security keys to enable only the third ECU to securely exchange messages with only the second ECU; and

the second ECU configured to perform second operations comprising:
receiving, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU to enable only the third ECU to securely exchange messages with the second ECU;
comparing the authentication data with an authentication signal; and
based on the comparing of the authentication data with the authentication signal, sending the first ECU a failure signal that indicates a security key authentication failure with respect to the third ECU; and wherein:
the first ECU is further configured to limit operation of the vehicle, in response to receiving the failure signal from the second ECU, by placing the third ECU in a restricted mode of operation that restricts the third ECU from performing one or more operations.

Regarding claims 11-12: (Currently Cancelled)

Regarding claim 16: (Currently Amended)  A system comprising:
one or more processors of a first electronic control unit (ECU) of a plurality of ECUs in a vehicle; and
a memory device of the first ECU, the memory device to store:
authentication data for authenticating messages exchanged by only a second ECU of the plurality of ECUs with only a third ECU of the plurality of ECUs, the authentication 
the set of security keys to enable only the third ECU to securely exchange messages with only the second ECU; and
a set of instructions that, when executed by the one or more processors, cause the first ECU to perform first operations comprising:
provisioning the third ECU with the set of security keys to enable only the third ECU to securely exchange messages with only the second ECU;
provisioning the second ECU with the authentication data for authenticating the messages exchanged with only the third ECU;
the second ECU, in response to the provisioning of the second ECU with the authentication data, performing second operations comprising:
receiving, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU;
comparing the authentication data with an authentication signal maintained by the first ECU; and
based on the comparing of the authentication data with the authentication signal, sending the first ECU a failure signal that indicates a security key authentication failure with respect to the third ECU; and
the first operations performed by the first ECU further comprising:
limiting operation of the vehicle, in response to receiving the failure signal from the second ECU, by placing the third ECU in a restricted mode of operation that restricts the third ECU from performing one or more operations.
Regarding claim 20: (Currently Amended)  A method comprising:
storing, at a first electronic control unit (ECU) of a plurality of ECUs in a vehicle, authentication data for authenticating messages exchanged by only a second ECU of the plurality of ECUs with only a third ECU of the plurality of ECUs, the authentication data including one or more attributes related to communication with the third ECU based on a set of security keys provisioned to the third ECU to enable only the third ECU to securely exchange messages with only the second ECU;
storing, at the first ECU, the set of security keys to enable only the third ECU to securely exchange messages with only the second ECU;
provisioning the third ECU with the set of security keys to enable only the third ECU to securely exchange messages with only the second ECU;
provisioning the second ECU with the authentication data for authenticating the messages exchanged with only the third ECU;
the second ECU, in response to the provisioning of the second ECU with the authentication data, performing operations comprising:
receiving a secure message from the third ECU, the secure message being cryptographically signed using a security key from the set of security keys provisioned to the third ECU;
comparing the authentication data with an authentication signal maintained by the first ECU; and
based on the comparing of the authentication data with the authentication signal, sending the first ECU a failure signal that indicates a security key authentication failure with respect to the third ECU; and
the first ECU, in response to receiving the failure signal from the second ECU, limiting operation of the vehicle by placing the third ECU in a restricted mode of operation that restricts the third ECU from performing one or more operations.


Reasons for Allowance

The following is an examiner’s statement of reasons for allowance: 
Claims 1-9 and 13-21 are considered allowable.

The Prior Art OGUMA et al. US Patent Application Publication No. 2017/0111177 teaches a vehicle system constituted by a master ECU and a general ECU. The general ECU attaches a digital signature to transmission data including the data (for example, a digest value of a program) and transmits the transmission data to the master ECU. The master ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, determines that the general ECU is valid. The master ECU attaches a digital signature to transmission data including the data of the master ECU and a session key and transmits the transmission data to the general ECU. The general ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, the general ECU uses the session key included in the transmission data as a common key when performing Subsequent communications.

The Prior Art NAKAJIMA et al. US Patent Application Publication No. 2020/0151972 teaches an in-vehicle authentication system has a vehicle communication 

The Prior Art Alrabady US Patent Application Publication No. 2007/0130469 teaches a system and method for providing secure one-way transmissions in a vehicle wireless communications system. The system and method rely on a clock signal to assure that the vehicle and server receive proper messages. The vehicle and the server will periodically synchronize their internal clocks to a global clock signal. The server will add its local time to the body of a message including a vehicle identification number and a function code. The server will then encrypt the message and transmit it to the vehicle. The vehicle will decrypt the message and compare the transmitted vehicle identification number with its identification number. If the identification numbers match, the vehicle will then see if the time in the message is within a predefined window of the vehicle time. If the transmitted time is within the predefined window of the vehicle time, the vehicle will accept the message and perform the function.

The instant application is allowable over OGUMA et al., NAKAJIMA et al. and Alrabady described above, either singularly or in combination, due to the instant application teaching a different and detailed systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.

The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “provisioning a third ECU of the plurality of ECUs with a set of security keys to enable only the third ECU to securely exchange messages with only the second ECU; and provisioning the second ECU with authentication data for authenticating the messages exchanged with only the third ECU, the authentication data including one or more attributes related to communication with the third ECU based on the set of security keys to enable only the third ECU to securely exchange messages with only the second ECU; and receiving, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU to enable only the third ECU to securely exchange messages with the second ECU; the first ECU is 

Therefore the claims of the instant application are allowable over the cited prior art.
[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FAHIMEH MOHAMMADI/   Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439