PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/784,185
Filing Date: 6 Feb 2020
Appellant(s): Elangovan et al.



__________________
Joel D. Bradley
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed July 7, 2021.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated March 2, 2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.” New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Response to Arguments, section VI. Arguments
A. Claims 1, 8, and 15 are not obvious under 35 U.S.C. § 103 in view of Stitt and Hassani
The Examiner most respectfully disagrees with Appellant’s statement that claim 1 (and similarly claims 8 and 15) requires “receiving a second identifier from a second key fob” and “selecting the first key fob....” Stitt and Hassani, alone or in any combination, fail to teach or suggest at least these elements of Appellant’s independent claims 1, 8, and 15.
i. Stitt and Hassani do not teach or suggest “receiving a second identifier from a second key fob” and “selecting the first key fob.... ”
First, respectfully provided, the citation from the receiving a second identifier from a second key fob as each key fob transmits identifier, timing, and synchronization information:
[0254] The control module 350 (or one or more of the modules 204, 210, 211, 212 of FIG. 3) may establish a secure communication connection with a portable access device (e.g., one of the portable access devices 32, 34 of FIG. 2). For example, the control module 350 may establish a secure communication connection using the BLE communication protocol this may include transmitting and/or receiving timing and synchronization information. The timing and synchronization information may include information directed to the secure communication connection, such as timing of next communication connection events, timing intervals between communication connection events, communication channels for next communication connection events, a channel map, a channel hop interval or offset, communication latency information, communication jitter information, etc. The control module 350 may detect (or “eavesdrop”) packets sent by the portable access device to the vehicle control module 204 and measure signal information of the signals received from the portable access device. The channel hop interval or offset may be used to calculate a channel for a subsequent communication connection event.

The Examiner additionally most respectfully includes the citation for determining, based on the second identifier that the second key fob is associated with the vehicle which additionally included:
[0255] The control module 350 may measure a received signal strength of a signal received from the portable access device and generate a corresponding RSSI value. Additionally or alternatively, the control module 350 may take other measurements of received signals from the portable access device, such as an angle of arrival, a time of arrival, a time difference of arrival, etc. The control module 350 may then send the measured information to the vehicle control module 204, which may then determine a location of and/or distance to the portable access device relative to the vehicle 30 based on the measured information. The location and distance determinations may be based on similar information received from one or more other RF antenna modules and/or other sensors.
[0256] As an example, the vehicle control module 204 may determine the location of the portable access device based on, for example, the patterns of the RSSI values corresponding to signals 
[0257] Based on the determined location of or distance to the portable access device relative to the vehicle 30, the modules 211, 212 of FIG. 3 may then authorize and/or perform a vehicle function, such as unlocking a door of the vehicle 30, unlocking a trunk of the vehicle 30, starting the vehicle 30, and/or allowing the vehicle 30 to be started. As another example, if the portable access device is less than a first predetermined distance from the vehicle 30, the modules 211, 212 may activate interior or exterior lights of the vehicle 30. If the portable access device is less than a second predetermined distance from the vehicle 30, the modules 211, 212 may unlock doors or a trunk of the vehicle 30. If the portable access device is located inside of the vehicle 30, the modules 211, 212 may allow the vehicle 30 to be started.

The selecting of the first key fob, which was based on a key fob characteristic on RSSI, information directed to the secure communication connection, such as timing of next communication connection events, timing intervals between communication connection events, communication channels for next communication connection events, a channel map, a channel hop interval or offset, communication latency information, communication jitter information, etc. is specifically discussed in the Stitt reference for detecting “eavesdropping” and packets sent by the portable access device to the vehicle control module to measure signal information of the signals received from the portable access device. By the very definition of eavesdropping, there is another device “listening in” to the communication between the entity transmitting and the entity receiving. 
As explained by Stitt, “[0249] The connection information distribution module 302 is configured to communicate with some of the sensors 226 of FIG. 3 and to provide the sensors with communication information necessary for the sensors to find and then follow, or eavesdrop on, the secure communication link. This may occur once the sensors are synchronized with a communication gateway, which may be included in or implemented by one of the transceivers 222. As an example, the vehicle 200 and/or the PAK system 202 may include any number of sensors disposed anywhere on the vehicle 200 for detecting and monitoring mobile devices. The connection information distribution module 302 is configured to obtain information corresponding to communication channels and channel switching parameters of a communication link and transmit the information to the sensors 226. In response to the sensors 226 receiving the information from the connection information distribution module 302 via the vehicle interface 45 and the sensors 226 being synchronized with the communication gateway, the sensors 226 
Even further, Stitt teaches, “[0222] Examples set forth herein include polarization diversity for RF signal transmission between RF antennas of a vehicle and RF antennas of portable access devices (e.g., key fobs, mobile phones, wearable devices, etc.). In addition, the examples include pseudo-random As used herein, the phrase “at any moment in time” means at all times while the corresponding devices are in communication with each other and/or at all times while one or more signals are being transmitted between the devices and while one or more signals are being received by one or more of the devices. This, in addition to allowing for accurate distance determinations, also aids in preventing range extender type relay station attacks. Pseudo-random bi-directional data exchanges as described below also aid in preventing range extender type relay station attacks…. [0242] The access application may implement a Bluetooth® protocol stack that is configured to provide a channel map, access identifier, next channel, and a time for a next channel. The access application is configured to output timing signals for timestamps for signals transmitted and received via the RF antenna modules 40. The access application may obtain channel map information and timing information and share this information with other modules in the vehicle.”
Further, the combination takes the teachings of Hassani into account, wherein Hassani teaches historical data associated with a previous authorization of the key fob to access the vehicle, “[0015] The additional checks can include various techniques. In a first example, the vehicle may analyze the response signal to determine whether the response corresponds to a remote device that is moving in space at a normal rate. In a second example, the vehicle may receive a device counter value from the remote device, and compare it to a store profile. In some replay attacks, the attacking device pretends to by an authorized device. The vehicle can save previous device counter values of the authorized device, and compare to the newly received device counter value. If the same device counter value is used, that may indicate that the message received from the remote device has been replayed (i.e., a replay attack). In a third example, the vehicle may determine one or more characteristics of the remote device such as the location mean, variance, or rate of change. These values can then be compared to a stored profile, to determine whether they are too similar to prior values. If the location mean, variance, or rate of change for a given period of time is identical or too similar to stored values, which may indicate that a replay attack has occurred. In a fourth example, the vehicle may perform a time of flight analysis, transmitting a signal to the remote device and measuring an amount of time until a response is received. If a relay attack is occurring, the time will be larger than a threshold time normally needed to communicate within the normal range of the vehicle. [0021] When a device initiates communication with the communication system 102, vehicle 100 may not know initially whether the device is an authentic or designated key fob, or whether it is an attack device. As described herein, a device at this stage may be called a vehicle unlocking device. Further, a designated or authorized device may be a device that has been designed, manufactured, or otherwise 
The Figure 2, description, as presented in Stitt:
[0224] FIG. 2 shows a vehicle access system 28 that performs as a PEPS system and a PAK system. The vehicle access system 28 includes a vehicle 30 and may include a key fob 32, a mobile phone 34, and/or other portable access devices, such as a wearable device, a laptop computer, or other portable network device. The portable access devices may be, for example, a Bluetooth®-enabled communication device, such as a smart phone, smart watch, wearable electronic device, key fob, tablet device, or other device associated with a user of the vehicle 30. The user may be an owner, driver, or passenger of the vehicle 30 and/or a technician for the vehicle 30… In other words, at any moment in time, at least one RF antenna of the vehicle has at least one polarization axis that is not cross-polarized with a polarization axis of at least one RF antenna of each of the portable access devices.


    PNG
    media_image2.png
    604
    477
    media_image2.png
    Greyscale

Further, both the Stitt reference, and Appellants reference discuss the same incentive and benefits, to mitigate unauthorized access to a vehicle system by devices making a relay attack against particular key fobs. The cited teachings of Stitt read:
 [0030] In other features, the method further includes: transmitting packets to the portable access the another device is performing a range extender type relay station attack; and preventing access to an interior of the vehicle in response to detecting the range extender type relay station attack.
[0251] After link authentication is established, the data management module 308 collects the current location of the vehicle 108 from the telematics module 225 and shares the location with the portable access devices. The portable access devices optionally include GPS modules and application software that when executed compares the estimated relative locations of the portable access devices to the vehicle 108. Based on the estimated positions of the portable access devices relative to the vehicle 108, the portable access devices can send signals to one of the transceivers 222 requesting the vehicle to perform certain actions. As an example, the data management layer 308 is configured obtain vehicle information obtained by any of the modules (e.g., location information obtained by a telematics module 225) and transmit the vehicle information to the portable access devices.”
The Examiner now points to paragraphs [0011]-[0015] of Appellant’s as-filed specification, which is provided below for the Appeal Board’s convenience:
[11] The systems and methods disclosed herein are configured to provide passive 
entry passive start (PEPS) systems to a vehicle by communicating with multiple key fobs associated with a vehicle that are all co-located in an operative distance to the particular vehicle to implement a Time-of-Flight (ToF) security system. Each key fob associated with a vehicle within proximate operating distances of the vehicle is assigned a time slot and assigned a communication time for RF signal advertisement, for example 10 msec. A Body Control Module (BCM), which in one embodiment may be or include a radio transceiver module (RTM), or in another embodiment may be a Bluetooth Low Energy module (BLEM), then decides which key fob to use when executing the ToF determination. For purposes of this disclosure, a key fob may refer to any mobile device, including a mobile phones and wearable, configured to operate as a key fob. 
[12] In some embodiments of the present disclosure, the BCM may receive a trigger request, such as, for example, a touch to a door handle. Responsive to the door handle touch, the BCM may transmit a low frequency (LF) challenge message to all key fobs within an operative distance of the vehicle PEPS system. The key fobs within the operative distance may respond, each in turn, with their measurement of Received Signal Strength Indication (RSSI) according to a set time slot allocation set for each of the key fobs within operative range of the vehicle.
[13] After receiving all responses back from key fobs within operative range, the BCM may select a key fob to use for performing a ToF determination based on various selectable criteria associated with the key fobs. Example characteristics or criteria for selection may include Bluetooth* Low-Energy (BLE) RSSI, Ultra-High Frequency (UHF) RSSI, Ultra-Wide Band (UWB) RSSI, date information and time information associated with a previous vehicle access, Low-Frequency (LF) RSSI of the key fobs, a pre-set value indicating the method for selecting the ToF-determining key fob, or selection of a ToF-determining fob using an analytical engine that uses date and time information from prior vehicle accesses to determine predictive patterns associated with the key fob use. For example, the analytical model may use an adaptive method that uses machine learning techniques to select the ToF determining key fob based on historical use patterns. The analytical model may select a key fob based on the prior use data. 

[15] In one example embodiment, the present disclosure can be used to mitigate unauthorized access to a vehicle PEPS system by devices making a relay attack against particular key fobs. Aspects of this disclosure may provide for a system that reduces or eliminates the threat of relay attacks while keeping the system response time within tolerable delay limits that unlock vehicle doors responsive to a user trigger event command (e.g., touching a door handle) without a noticeable delay.

Appellants system provides the same functionality of that of the present invention, with the same communication medium, Bluetooth, the same RSSI, and the same TOF determination to reduce and eliminate relay attacks, as taught by the combination of Stitt, Hassani, and in the cases of claims 2 and 7, Kaye.

B. Claims 2 and 7 are not obvious under 35 U.S.C. § 103 in view of Stitt, Hassani, and Kaye
The Examiner most respectfully disagrees with Appellant’s statement that Appellant’s claim 2 requires “wherein the first key fob is selected for the time of flight determination instead of the second key fob,” and Appellant’s claim 7 requires “wherein selecting the first key fob is performed after the first identifier is received from the first key fob and the second identifier is received from the second key fob;” Stitt, Hassani, and Kaye, alone or in any combination, fail to teach or suggest at least these elements of Appellant’s dependent claims 2 and 7.
i. Stitt, Hassani, and Kaye do not teach or suggest “wherein the first key fob is selected for the time of flight determination instead of the second key fob” of dependent claim 2 and “wherein selecting the first key fob is performed after the first identifier is received from the first key fob and the second identifier is received from the second key fob” of dependent claim 7
The Examiner most respectfully cites to the action where these claim limitation elements are addressed, as both Stitt and Hassani are concerned with time of arrival in selecting the proper fob, “[0254] The control module 350 (or one or more of the modules 204, 210, 211, 212 of FIG. 3) may establish a secure communication connection with a portable access device (e.g., one of the portable access devices 32, 34 of FIG. 2). For example, the control module 350 may establish a secure communication connection using the BLE communication protocol this may include transmitting and/or receiving timing and synchronization information. The timing and synchronization information may include information directed to the secure communication connection, such as timing of next communication connection events, timing intervals between communication connection events, communication channels for next communication connection events, a channel map, a channel hop interval or offset, communication 
The entire citation as provided in the action of the Kaye reference is relevant, not just the Abstract as cited by Appellants, most especially where Kaye teaches, “[0019] In response to first user 115-1 interacting (at 1) with system device 120, system device 120 may broadcast (at 2) identifier 140. System device 120 may broadcast (at 2) identifier 140 over a first wireless network, using signaling of a first wireless network technology, or from a first wireless network radio of system device 120. System device 120 may create the first wireless network. The first wireless network may be a short-range wireless network. For instance, system device 120 may broadcast (at 2) identifier 140 using a Bluetooth or Bluetooth Low Energy (“BLE”) radio. In some embodiments, system device 120 may use other wireless network technologies (e.g., Wi-Fi) to broadcast identifier 140 a short distance from system device 120 (e.g., less than 20 feet). [0022] Commencement of the secure hands-free proximity-based access control procedure may include each user device 110, via execution of the corresponding access control application, detecting (at 3) proximity to system device 120. In some embodiments, user devices 110 may 
Kaye is most certainly and clearly pertinent in remedying the deficiencies of Stitt and Hassani in teaching and expressly suggesting “wherein the first key fob is selected for the time of flight determination instead of the second key fob” of dependent claim 2 and “wherein selecting the first key fob is performed after the first identifier is received from the first key fob and the second identifier is 

(3) Conclusion 
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/EMILY C TERRELL/
Primary Examiner, Art Unit 2689
Conferees:
/JOSEPH H FEILD/             Supervisory Patent Examiner, Art Unit 2689                                                                                                                                                                                           
/BRIAN A ZIMMERMAN/             Supervisory Patent Examiner, Art Unit 2683                                                                                                                                                                                           
Requirement to pay appeal forwarding fee: In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless Appellants had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.