Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 09/27/2019. Claims 1-20 are pending and being considered. Claims 1, 11 and 17 are independent. Thus, claims 1-20 are rejected.

Abstract
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because the abstract recites phrases, “Examples of the present disclosure relate to a….” and later “In an example…” which should be avoided.  Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claims 1 and 11, the claims recite limitation(s) "a first electronic component of a vehicle” in lines 3-4 of the claims. The limitation(s) is indefinite because it is not clear whether “a vehicle” defined in lines 3-4 of the claims refers to “a vehicle” defined in line 1 of the claims, or refers to a different “vehicle”. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Regarding claim 1, the claim further recites limitation(s) “in response to receiving the secure CAN message” in lines 13-14 of the claim. There is insufficient antecedent basis for “in response to receiving the secure CAN message” in the claim. Examiner notes that the claim only recites to “send the first key” and further recites to “encrypt the 
Regarding claim 2, the claim recites limitation(s) “where in response to receiving the second ECU secure CAN message, the first ECU decrypts the second CAN ID portion of the second ECU secure CAN message …” in lines 6-8 of the claim. There is insufficient antecedent basis for “where in response to receiving the second ECU secure CAN message, the first ECU decrypts the second CAN ID portion of the second ECU secure CAN message” in the claim. Examiner notes that the claim only recites to “send the second key”, and does not recite to “send or transmit the secure CAN message”. Further, the claim does not define/recite to “encrypt the second CAN ID portion of the secure CAN message”, in order for the “first ECU to decrypt the second CAN ID portion of the secure CAN message”. Therefore, limitations are unclear.
Regarding claim 11, the claim recite limitation(s) "organizing a received key in a message table to correspond to the ECU of origin for the received key” and “decrypting a received message…” in lines 7-8 and 13 of the claim, respectively. The limitation(s) are indefinite because it is not clear whether “a received key” defined in line 7 of the claim refers to “the key” defined in line 5 of the claim, or is different from it. Further, it is unclear whether “the ECU” defined in line 7 of the claim refers to “a first ECU” defined in line 2 of the claim, or refers to one of “a distributed plurality of ECUs” defined in line 5 of the claim. Furthermore, it is unclear whether “decrypting a received message…” in line 13 of the claim refers to “the secure CAN message” as defined in line 11 of the claim, or refers to a different/new message.  Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
 12, the claim recite limitation(s) "a distributed plurality of electronic controller units…” in line 2 of the claim. The limitation is indefinite because it is not clear whether “a distributed plurality of electronic controller units” defined in line 2 of the claim refers to “a distributed plurality of electronic controller units (ECUs)” defined in line 5 of the claim 1, or is different from it. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Regarding claim 11, the claim recite limitation(s) "organize a received key in a message table to correspond to the ECU of origin for the received key” and “decrypt a received message…” in lines 7-8 and 12 of the claim, respectively. The limitation(s) are indefinite because it is not clear whether “a received key” defined in line 7 of the claim refers to “the key” defined in line 5 of the claim, or is different from it. Further, it is unclear whether “the ECU” defined in line 7 of the claim refers to one of “a distributed plurality of ECUs” defined in line 5 of the claim, or is different from it. Furthermore, it is unclear whether “decrypt a received message…” in line 12 of the claim refers to “the secure CAN message” as defined in line 11 of the claim, or refers to a different/new message. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Regarding claim 18, the claim recite limitation(s) "a distributed plurality of electronic controller units…” in line 2 of the claim. The limitation is indefinite because it is not clear whether “a distributed plurality of electronic controller units” defined in line 2 of the claim refers to “a distributed plurality of electronic controller units (ECUs)” defined in line 5 of the claim 1, or is different from it. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
3-10, 13-16 and 19-20 are likewise rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph as being indefinite since they depend on and/or carries the deficiencies of the parent claims.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Herzberg; Amir et al. (US 10,419,408 B1; Filed on Sep. 24, 2018), hereinafter (US 2014/0040992 A1; Filed on March 2, 2012), hereinafter (Koide).

Regarding claim 1, Herzberg teaches a system for implementing a secure controller area network (CAN) in a vehicle comprising (Herzberg, Col. 1 (Lines 59-63), discloses to provide improved cryptographic engines and processes for secure communication among nodes on a network , such as ECUs communicating with each other over a CAN bus or similar networks, and as disclosed in Col. 3 (Lines 65-67), an example system for providing low overhead network security on example ECUs that are part of an example vehicle, as shown in Fig. 1): 
a first electronic controller unit (ECU) Herzberg, Fig. 1 depicts an ECU A (104a)), wherein the first ECU comprises a first CAN identification (ID) and a first key (Herzberg, Col. 5 (Lines 38-41), discloses that each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and / or for each of the message identifiers (i.e., hereinafter symmetric cryptographic keys represents first key/second key, and message identifiers represents as first CAN ID/ second CAN ID)); 
a second ECU Herzberg, Fig. 1 depicts an ECU B (104b)), wherein the second ECU comprises a message table (Herzberg, Fig. 1 also depicts communications table (124) of ECU B, and/or see also Col. 7 (Lines 20-21), wherein each ECU 104a-n can include a communication table 122-126); 
wherein, in response to receiving power (Herzberg, Col. 15 (Lines 1-10), discloses that an automobile is actuated 606. For example, a technician can start the ), the first ECU is to send the first key to the second ECU (Herzberg, Col. 10 (Lines 4-7), discloses that first key 207 can be a shared secret between the sender and recipient controllers (ECUs)), and wherein the first ECU is to encrypt the first CAN ID portion of a secure CAN message using the first key (Herzberg, Col. 13 (Lines 64-67) and Col. 14 (1-5), discloses that the transmitting ECU 502 can encode the randomized message to generate ciphertext (516), which can then be transmitted over the CAN bus 504 ( 516 ) . For example, the ECU 502 can apply a block cipher to the randomized message using a key that is a shared secret between the transmitting ECU 502 and the receiving ECU 504. The transmitting ECU 502 can then transmit, to the receiving ECU 506 over the CAN bus 506, the ciphertext (518) in a message that include the message identifier in a header field); and 
wherein, in response to receiving the first key, the second ECU is to store the first key in the message table and associate the first key with the first CAN ID (Herzberg, Col. 10 (Lines 4-7), discloses that first key 207 can be a shared secret between the sender and recipient controllers (ECUs) such as a symmetric key value ( or other type of key ) that is securely stored /reproducible by both the sender and recipient, and as disclosed in Col. 7 (Lines 20-25), each ECU 104a-n can include a communication table 122 -126 with a listing of each message ID on the CAN bus 106 that the specific ECU is sending or receiving messages (“S / R” _ “S” represents sending and “R” represents receiving), keys that are used for each message ID, etc.), and in response to receiving the secure CAN message, the second ECU is to decrypt the first CAN ID portion of the secure CAN message using the first key from the message table (Herzberg, Col. 14 (Lines 6-15), discloses that the CAN bus 504 can carry (520) the ciphertext from the transmitting ECU 502 to the receiving ECU 506 , and the receiving ECU 506 can receive the ciphertext (522). For example, the receiving ECU 506 can listen on the CAN bus 504 for any messages that contain the message identifier and pull in the message from the transmitting ECU 502. The receiving ECU 506 can decode the ciphertext into the randomized message (524). The receiving ECU 506 can use the same block cipher and key to decode the ciphertext as the transmitting ECU 502 used to encode the message (516)).  
However Herzberg fails to explicitly disclose but Koide teaches a first electronic controller unit (ECU) dedicated to control a first electronic component of a vehicle (Koide, Fig. 1 and Para. [0055], discloses that the first to fourth ECUs 20 to 23 are, for example, an engine ECU, a brake ECU, a steering ECU, and an drive aid (navigation system) ECU),
a second ECU dedicated to control a second electronic component of the vehicle distinct from the first component of the vehicle (Koide, Fig. 1 and Para. [0055], discloses that the first to fourth ECUs 20 to 23 are, for example, an engine ECU, a brake ECU, a steering ECU, and an drive aid (navigation system) ECU),
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koide’ into the teachings of ‘Herzberg’, with a motivation wherein first and second ECUs are dedicated to control first and second electronic components of the vehicle which are distinct from each other, as taught by Koide, in order to maintain security of the vehicle 

Regarding claim 2, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches: the second ECU comprises a second CAN ID and a second key (Herzberg, Col. 5 (Lines 38-41), discloses that each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and/or for each of the message identifiers (i.e., hereinafter symmetric cryptographic keys represents first key and/or second key, and message identifiers represents as first CAN ID and/or second CAN ID)), where in response to receiving power (Herzberg, Col. 15 (Lines 1-10), discloses that an automobile is actuated 606. For example, a technician can start the engine of the automobile, open or close a door, or otherwise engage a part of an automobile that will cause an ECU in the automobile to generate a new message), the second ECU sends the first ECU the second key (Herzberg, Col. 10 (Lines 21-22), discloses that the key 230 can be a shared secret between the sender and recipient controllers (ECUs), similar to the first key 207); and 
the first ECU comprises a first ECU message table that in response to receiving the second key stores a value of the key in the first ECU message table associated with the second CAN ID (Herzberg, Col. 10 (Lines 21-22), discloses that the key 230 can be a shared secret between the sender and recipient controllers (ECUs), similar to the first key 207, and as disclosed in Col. 5 (Lines 38-41), wherein each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and/or for each of the message identifiers, and as ), where in response to receiving the second ECU secure CAN message (Herzberg, Col. 4 (Lines 40-44), discloses that messages between the ECUs 104a - n are broadcast over the CAN bus 102 using message identifiers, with each ECU 104a - n being configured to transmit and / or listen for messages that are transmitted over the CAN bus 106 with a particular message identifier), the first ECU decrypts the second CAN ID portion of the second ECU secure CAN message using the second key from the message table (Herzberg, Col. 5 (Lines 35-52), discloses that cryptographic engine 112 can include shared secrets 116 (i.e., keys) that can be used by the cryptography techniques 114 to encode, decode, and authenticate message traffic over the CAN bus 106. For example, each of the ECUs 104a - n can be programmed to establish symmetric cryptography keys for each of the ECU pairs and / or for each of the message identifiers (which are stored in communication table, See Col. 7 (Lines 20-25)). For example, symmetric cryptography keys can be used to encode communication between senders and recipients so that only the sender and recipient, which are the only two ECUs with access to the symmetric cryptography key, are able to decode and read the information being transmitted. Additionally, these symmetric cryptography keys also permit for the sender and recipients to validate the identity of the purported sender of a message as identified via the message header, and as disclosed in Col. 4 (Lines 51-55), wherein each of the ECUs 104a - n can be loaded with a custom cryptographic ).  

Regarding claim 3, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches the encryption of the first CAN ID portion of the secure CAN message comprises a logical exclusive OR (xOR) cipher of the CAN ID and the first key (Herzberg, Fig. 2 and Col. 10 (Lines 1-16), discloses that the cleartext message 201 and the pseudo-random counter 208 (generated using the first key 207) can be combined using an XOR operation 211, and as disclosed in Col. 8 (Lines 26-38), wherein the cleartext message 201 can include non-redundant data 202 (message identifier) and redundant data 204).  

Regarding claim 4, Herzberg as modified by Koide teaches the system of claim 3, wherein Herzberg further teaches the decryption of the first CAN ID portion of the secure CAN message by the second ECU comprises removal of the xOR cipher by using the first key stored in the message table (Herzberg, Fig. 2 and Col. 10 (Lines 32-40), discloses that the receiving ECU can perform the same operations of the sender, but in reverse order to turn to the ciphertext into the cleartext message 201, including performing a block cipher decoding 215 of the ciphertext 212 to generate the randomized message 210, generating the pseudo-random counter 208 (generated using the first key 207, see Col. 10 (Lines 1-4)) and combining it via an XOR operation 211 with the randomized message 210 to obtain the cleartext message 201, and as ).  

Regarding claim 5, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches the first ECU comprises a key regeneration module that generates a new first key upon each power up of the vehicle (Herzberg, Col. 15 (Lines 1-2), when an automobile is actuated, and as disclosed in Col. 5 (Lines 38-44), each of ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and/or for each of the message identifiers. The symmetric keys and/or information that can be used to recreate the symmetric keys (e.g., public key of other controller) can be stored locally by the cryptographic engine 112).  

Regarding claim 6, Herzberg as modified by Koide teaches the system of claim 1, wherein the first ECU comprises a key regeneration module that generates a new first key upon receipt of a key generation request (Herzberg, Col. 8 (Lines 15-18), discloses CAN commands, such as instructions to increase rotation, apply breaks, and/or change gears in the car that contains the ECUs, and as disclosed in Col. 5 (Lines 38-44), wherein each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and/or for each of the message identifiers. The symmetric keys and/or information that can be used to recreate the symmetric keys (e.g., public key of other controller) can be stored locally by the cryptographic engine 112).  

7, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches the first ECU sends a second ECU the first key using advanced encryption standard (AES) encryption (Herzberg, Col. 5 (Lines 59-65), discloses that the symmetric keys can be established between the ECUs 104a - n in any of a variety of ways, such as through public key cryptography, like Diffie-Helman or other techniques for two parties to create a shared secret through publicly distributed information, and/or through loading the symmetric keys onto the ECUS 104a - n (e.g., OEM generating secret keys that are loaded onto the ECUs 104a - n )).  

Regarding claim 8, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches the first ECU sends a second ECU the first key prior to the first ECU sending any other messages (Herzberg, Col. 10 (Lines 4-7), discloses that first key 207 can be a shared secret between the sender and recipient controllers (ECUs), and as disclosed in Col. 5 (Lines 38-49), each of ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and/or for each of the message identifiers. For example, symmetric cryptography keys can be used to encode communication between senders and recipients so that only the sender and recipient, which are the only two ECUs with access to the symmetric cryptography key, are able to decode and read the information being transmitted, or see also Koide Para. [0102, 0107 or 0110], discloses that the first ECU 20 transmits the generated public key K2, during initialization processing, into the network 29 and sets the public key into the second ECU 21).  

9, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg further teaches the message table comprises the first CAN ID prior to the power up of the vehicle (Herzberg, Col. 7 (Lines 20-25), discloses that each ECU 104a-n can include a communication table 122 -126 with a listing of each message ID on the CAN bus 106 that the specific ECU is sending or receiving messages (“S / R” _ “S” represents sending and “R” represents receiving), and keys that are used for each message ID)).  

Regarding claim 10, Herzberg as modified by Koide teaches the system of claim 1, wherein Herzberg fails to explicitly disclose but Koide further teaches the secure CAN message comprises an unencrypted message payload distinct from the first CAN ID portion of the secure CAN message (Koide, Fig. 9 and Para. [0103-0104], discloses that the first ECU 20 transmits to the network 29 the encrypted signal TS10 (including CAN ID “YY” and encrypted data “608…”, as depicted in Fig. 9) that is used for the reliability estimation of the transmitted signal TD10 prior to transmitting the transmission signal TD10 (including CAN ID “XX” and plain text data “123…”, as depicted in Fig. 9)).  

Regarding claim 11, Herzberg teaches a method for implementing a secure controller area network (CAN) in a vehicle comprising (Herzberg, Fig. 1 and Col. 3 (Lines 65-67), discloses an example system for providing low overhead network security on example ECUs that are part of an example vehicle, and as disclosed in Col. 2 (Lines 23-25), wherein this technology can also be used for methods, computer-readable media, devices, and other systems with the same or similar elements): 
generating a key with a first electronic controller unit (ECU) dHerzberg, Col. 5 (Lines 38-41), discloses that each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and / or for each of the message identifiers (i.e., hereinafter symmetric cryptographic keys represents a key, and message identifiers represents as CAN ID) and as disclosed in Col. 15 (Lines 1-10), when an automobile is actuated 606. For example, a technician can start the engine of the automobile); 
organizing a received key in a message table to correspond to the ECU of origin for the received key (Herzberg, Col. 10 (Lines 4-7), discloses that first key 207 can be a shared secret between the sender and recipient controllers (ECUs) such as a symmetric key value ( or other type of key ) that is securely stored /reproducible by both the sender and recipient, and as disclosed in Col. 7 (Lines 20-25), each ECU 104a-n can include a communication table 122 -126 with a listing of each message ID on the CAN bus 106 that the specific ECU is sending or receiving messages (“S / R” _ “S” represents sending and “R” represents receiving), keys that are used for each message ID, etc.); 
composing a secure CAN message comprising a first CAN ID and a message payload (Herzberg, Col. 4 (Lines 40-44), discloses that messages between the ECUs 104a - n are broadcast over the CAN bus 102 using message identifiers, with each ECU 104a - n being configured to transmit and / or listen for messages that are transmitted over the CAN bus 106 with a particular message identifier);  
-14-encrypting the first CAN ID portion of the secure CAN message using the key (Herzberg, Col. 13 (Lines 64-67) and Col. 14 (1-5), discloses that the transmitting ECU 502 can encode the randomized message to generate ciphertext (516), which can then be transmitted over the CAN bus 504 ( 516 ) . For example, the ECU 502 can apply a block cipher to the randomized message using a key that is a shared secret between the transmitting ECU 502 and the receiving ECU 504. The transmitting ECU 502 can then transmit, to the receiving ECU 506 over the CAN bus 506, the ciphertext (518) in a message that include the message identifier in a header field); 
sending the secure CAN message to a receiving ECU of the distributed plurality of ECUs (Herzberg, Col. 14 (1-5), discloses that the transmitting ECU 502 can then transmit, to the receiving ECU 506 over the CAN bus 506, the ciphertext (518) in a message that include the message identifier in a header field); and 
decrypting a received message from one of the distributed plurality of ECUs with the received key in the message table (Herzberg, Col. 14 (Lines 6-15), discloses that the CAN bus 504 can carry (520) the ciphertext from the transmitting ECU 502 to the receiving ECU 506 , and the receiving ECU 506 can receive the ciphertext (522). For example, the receiving ECU 506 can listen on the CAN bus 504 for any messages that contain the message identifier and pull in the message from the transmitting ECU 502. The receiving ECU 506 can decode the ciphertext into the randomized message (524). The receiving ECU 506 can use the same block cipher and key to decode the ciphertext as the transmitting ECU 502 used to encode the message (516)).  
dedicated to control a first electronic component of a vehicle (Koide, Para. [0055], discloses the first to fourth ECUs 20 to 23 are, for example, an engine ECU, a brake ECU, a steering ECU, and an drive aid (navigation system) ECU);
sending the key to a distributed plurality of electronic controller units (ECUs) each dedicated to their own respective electronic component (Koide, Para. [0074], discloses that the first ECU 20 distributes the public key K2 to the second to fourth ECUs 21 to 23 via the network 29 (step S12 in FIG. 5), and as disclosed in Para. [0055], wherein the first to fourth ECUs 20 to 23 are, for example, an engine ECU, a brake ECU, a steering ECU, and an drive aid (navigation system) ECU); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koide’ into the teachings of ‘Herzberg’, with a motivation to send the key to a distributed plurality of electronic controller units (ECUs) each dedicated to their own respective electronic component, as taught by Koide, in order to maintain security of the vehicle network system in which a plurality of electronic control units installed on a vehicle are network-connected to each other and exchange information; Koide, Para. [0002 and 0122].

Regarding claim 12, the claim is drawn to the method corresponding to the system of using same as claimed in claim 9. Therefore, the rejection(s) set forth above with respect to the system claim 9 is equally applicable to the claim 12 of the method.

13-16, the claims are drawn to the method corresponding to the system of using same as claimed in claims 3-6, respectively. Therefore, the rejection(s) set forth above with respect to the system claims 3-6 are equally applicable to the claims 13-16 of the method, respectively. 

Regarding claim 17, Herzberg teaches a tangible, non-transitory, computer-readable medium comprising instructions that, when executed by a processor, implements a secure controller area network (CAN) in a vehicle, the instructions to direct the processor to (Herzberg, Fig. 1 and Col. 3 (Lines 65-67), discloses an example system for providing low overhead network security on example ECUs that are part of an example vehicle, and as disclosed in Col. 2 (Lines 23-25), wherein this technology can also be used for methods, computer-readable media, devices, and other systems with the same or similar elements, and as disclosed in Col. 22 (Lines 65-67), non - transitory computer - readable medium comprising instructions that , when executed by one or more processors, cause the processor to perform operations): 
generate a key in response to receiving power (Herzberg, Col. 5 (Lines 38-41), discloses that each of the ECUs 104a-n can be programmed to establish symmetric cryptographic keys for each of the ECU pairs and / or for each of the message identifiers (i.e., hereinafter symmetric cryptographic keys represents a key, and message identifiers represents as CAN ID) and as disclosed in Col. 15 (Lines 1-10), when an automobile is actuated 606. For example, a technician can start the engine of the automobile); 
organize a received key in a message table to correspond to the ECU of origin for the received key (Herzberg, Col. 10 (Lines 4-7), discloses that first key 207 );  
-15-compose a secure CAN message comprising a first CAN ID and a message payload (Herzberg, Col. 4 (Lines 40-44), discloses that messages between the ECUs 104a - n are broadcast over the CAN bus 102 using message identifiers, with each ECU 104a - n being configured to transmit and / or listen for messages that are transmitted over the CAN bus 106 with a particular message identifier); 
encrypt the first CAN ID portion of the secure CAN message using the key (Herzberg, Col. 13 (Lines 64-67) and Col. 14 (1-5), discloses that the transmitting ECU 502 can encode the randomized message to generate ciphertext (516), which can then be transmitted over the CAN bus 504 ( 516 ) . For example, the ECU 502 can apply a block cipher to the randomized message using a key that is a shared secret between the transmitting ECU 502 and the receiving ECU 504. The transmitting ECU 502 can then transmit, to the receiving ECU 506 over the CAN bus 506, the ciphertext (518) in a message that include the message identifier in a header field); and 
send the secure CAN message to a receiving ECU of the distributed plurality of ECUs (Herzberg, Col. 14 (1-5), discloses that the transmitting ECU 502 can ); 
decrypt a received message from one of the distributed plurality of ECUs with the received key in the message table (Herzberg, Col. 14 (Lines 6-15), discloses that the CAN bus 504 can carry (520) the ciphertext from the transmitting ECU 502 to the receiving ECU 506 , and the receiving ECU 506 can receive the ciphertext (522). For example, the receiving ECU 506 can listen on the CAN bus 504 for any messages that contain the message identifier and pull in the message from the transmitting ECU 502. The receiving ECU 506 can decode the ciphertext into the randomized message (524). The receiving ECU 506 can use the same block cipher and key to decode the ciphertext as the transmitting ECU 502 used to encode the message (516)).  
However Herzberg fails to disclose but Koide teaches send the key to a distributed plurality of electronic controller units (ECUs) each dedicated to their own respective electronic component (Koide, Para. [0074], discloses that the first ECU 20 distributes the public key K2 to the second to fourth ECUs 21 to 23 via the network 29 (step S12 in FIG. 5), and as disclosed in Para. [0055], wherein the first to fourth ECUs 20 to 23 are, for example, an engine ECU, a brake ECU, a steering ECU, and an drive aid (navigation system) ECU); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koide’ into the teachings of ‘Herzberg’, with a motivation to send the key to a distributed plurality of electronic controller units (ECUs) each dedicated to their own respective electronic component, as taught by Koide, in order to maintain security of the vehicle network 

Regarding claim 18, the claim is drawn to the tangible, non-transitory, computer-readable medium corresponding to the system of using same as claimed in claim 9. Therefore, the rejection(s) set forth above with respect to the system claim 9 is equally applicable to the claim 18 of the tangible, non-transitory, computer-readable medium.

Regarding claims 19-20, the claims are drawn to the tangible, non-transitory, computer-readable medium corresponding to the system of using same as claimed in claims 3-4, respectively. Therefore, the rejection(s) set forth above with respect to the system claims 3-4 are equally applicable to the claims 19-20 of the tangible, non-transitory, computer-readable medium, respectively.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
1.	Wang; Qiyan (US 9705678 B1), the disclosure relate to a fast CAN message authentication for vehicular systems.
2.	Walrant; Thierry G. C. (US 10715333 B2), the present application relates to an apparatus and method of authenticating and verifying a message frame on a multi-master access bus with message broadcasting.

4.	El Idrissi; Younes El Hajjaji et al. (US 10218499 B1), this disclosure relates to a system and method for secure communications between controllers in a vehicle network.
5.	Miyashita; Yukihiro (US 20180367546 A1), the present invention relates to a vehicle-mounted relay device that relays a message between a plurality of networks provided in a vehicle, a vehicle-mounted communication system that includes the vehicle-mounted relay device, and a relay program that is executed in the vehicle-mounted relay device.
6.	Otsuka; Satoshi (US 11134100 B2), the present invention relates to a network device connected via a bus with a plurality of network devices includes: an authentication unit that executes authentication based upon message authentication information included in data transmitted, via the bus, by one of the plurality of network devices acting as a sender device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

/ALI CHEEMA/
Examiner, Art Unit 2496
 

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496