Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
DETAILED ACTION
This action is in response to original filings made on 2/3/2021. Claims 1-16 are pending.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). 
Specification (Title)
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
Specification (Abstract)
Applicant is reminded of the proper content of an abstract of the disclosure. The examiner notes that applicant’s current abstract appears to be applicant’s claim 1.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 10-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claim 10 is directed towards a system comprising a “key generation device”, “a control unit” and a “control device”. The examiner notes that applicant’s “key generation device”, “a control unit” and a “control device”, are able to be implemented solely in software. The examiner contends that software is non-statutory subject matter. Therefore, the claim lacks at least one hardware element.
Claims 11-16 don't cure the deficiency of claim 10 and are rejected under 35 USC 101 for their dependency upon claim 10.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over  Schaap (US Patent Publication No. 2020/0153625) in view of David et al. (US Patent No. 10,009,325 and David hereinafter (cited from IDS 7/14/2020)).

As to claim 1, Schaap teaches a method for the vehicle-internal management of cryptographic keys comprising:
providing at least one secret for a vehicle-internal key generation device (i.e. …teaches in par. 0056 the following: “Method 560 begins in step 565 with a first circuit (e.g., HSM 130A) storing a first key (e.g., a provisioned key 152) usable to encrypt data. In step 570, the first circuit receives, from a second circuit (e.g., HSM 130B), an encrypted portion (e.g., MAC 450) of a first packet and a first timestamp (e.g., Packet ID 420) included in the first packet. In various embodiments, a first network node (e.g., node 120A) coupled to the first circuit receives the first packet and requests that the first circuit decrypt the encrypted portion of the first packet. In some embodiments, the first network node is an electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first circuit generates a second key (e.g., HSM key 136) based on the first key and a portion of the first timestamp (e.g., after application of mask 320).”); 
and generating at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret (i.e., …teaches in par. 026 the following: “generate keys 134 and 136 by calculating a key derivation function  based on a synchronized time value determined from a sync communication” …further teaches in par. 0056 the following: “the first network node is an electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first 

Schaap does not expressly teach: vehicle-internal key generation device.
In this instance the examiner notes the teachings of prior art reference David.
David illustrates in figure 2, figure element 230 a vehicle internal key generation module.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal key generation module. Utilizing a vehicle internal key generation module as taught by David above allows a system to provide comprehensive communication security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced bus communication. 

As to claim 2, the system of Schaap and David as applied to claim 1 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 1, further comprising: 
providing at least one new cryptographic key for at least one vehicle-internal control device (i.e., … teaches in par. 0023 the following: “Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to generate encryption keys used to encrypt traffic 122 being communicated between nodes 120. In some embodiments, HSMs 130 generate node keys 134 for their respective nodes 120, which are configured to use the keys 134 perform encryption and decryption of network traffic 122. In some embodiments, HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a 
and using the vehicle-internal control device in cryptographic and/or non-cryptographic security measures (i.e., … teaches in par. 0023 the following: “Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to generate encryption keys used to encrypt traffic 122 being communicated between nodes 120. In some embodiments, HSMs 130 generate node keys 134 for their respective nodes 120, which are configured to use the keys 134 perform encryption and decryption of network traffic 122. In some embodiments, HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C”).

Schaap does not expressly teach: one vehicle-internal control device.
David illustrates in figure 2, figure element 202 a vehicle internal control unit.


As to claim 3, the system of Schaap and David as applied to claim 1 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 1, wherein at least one of the generation of the at least one new cryptographic key and the provisioning of the at least one new cryptographic key is triggered by one of: a key-exchange event, a combination of key-exchange events, and takes place autonomously (i.e., … teaches in par. 0023 the following: “Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to generate encryption keys used to encrypt traffic 122 being communicated between nodes 120. In some embodiments, HSMs 130 generate node keys 134 for their respective nodes 120, which are configured to use the keys 134 perform encryption and decryption of network traffic 122. In some embodiments, HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C”)”.).

As to claim 4, the system of Schaap and David as applied to claim 3 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 3, further comprising: capturing the key-exchange event with a vehicle-internal control unit (i.e., …teaches in par. 23 the following: “HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.); 
and initiating with the control unit one of the generating of the at least one new cryptographic key and the provisioning of the at least one new cryptographic key (i.e. …teaches in par. the following: 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.).

Schaap does not expressly teach: vehicle internal control unit.
In this instance the examiner notes the teachings of prior art reference David.
David illustrates in figure 2, figure element 202 a vehicle internal control unit.


As to claim 5, the system of Schaap and David as applied to claim 4 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 4, further comprising at least one of:
monitoring of the key generation carried out by the key generation device by the control unit (i.e. …teaches in par. 24 the following: “ HSMs 130 are configured to generate keys 134 and 136 based on time values maintained by local clocks 132, which are synchronized with a reference clock 1”.); 
and adapting the key generation carried out by the key generation device by the control unit (i.e. …teaches in par. 24 the following: “ HSMs 130 are configured to generate keys 134 and 136 based on time values maintained by local clocks 132, which are synchronized with a reference clock 1”.).

As to claim 6, the system of Schaap and David as applied to claim 4 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 4, further comprising at least one of: 
monitoring at least one of the provisioning and the distributing of new cryptographic keys to at least one of a plurality of control devices by the control unit (i.e. …teaches in par. 0023 the following: “ HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.);
adapting at least one of the provisioning and the distributing of new cryptographic keys to one of the plurality of control devices by the control unit (i.e. …teaches in par. 0023 the following: “ HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.).

Schaap does not expressly teach: one vehicle-internal control device.
In this instance the examiner notes the teachings of prior art reference David.
David illustrates in figure 2, figure element 202 a vehicle internal control unit.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal controller. Utilizing a vehicle internal controller as taught by David above allows a system to provide comprehensive communication system security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced system communication. 

As to claim 7, the system of Schaap and David as applied to claim 1 above teaches generating key data, specifically Schaap teaches a method as claimed in claim 1, further comprising at least one of:
provisioning of key generation parameters for a vehicle-external computer system that enable the vehicle-external computer system to generate at least one cryptographic key that is used by a vehicle-internal control device (i.e., teaches in par. 0026 the following: “a given HSM 130 is configured to generate keys 134 and 136 by calculating a key derivation function based on a synchronized time value determined from a sync communication 144”.); 
and generating by the external computer system, of at least one cryptographic key that is used by a vehicle-internal control device (i.e., teaches in par. 0026 the following: “a given HSM 130 is configured to generate keys 134 and 136 by calculating a key derivation function based on a synchronized time value determined from a sync communication 144”.).

Schaap does not expressly teach: vehicle-external computer system.
In this instance the examiner notes the teachings of prior art reference David.
David illustrates in figure 2, figure element 202 a vehicle computer system.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal controller. Utilizing a vehicle internal controller as taught by David above allows a system to provide comprehensive communication system security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced system communication. 

As to claim 8, the system of Schaap and David as applied to claim 1 above teaches key generation, specifically Schaap does not expressly teach a method as claimed in claim 1, further 
In this instance the examiner notes the teachings of prior art reference David.
With regards to applicant’s claim limitation element(s) or, “comprising provisioning authorization information for the vehicle-internal key generation device”, David teaches in col. 9 lines 1-15 the following: “The controller 114 can use the security layer 108 to generate an end-to-end security policy for communication with the other controllers 114 and, in some instances, other devices and/or systems (e.g., management computer system 112), as indicated by step C (116). For example, the security layer 108 can include encryption schemes, rules, and agents for performing key exchanges among the controllers 114 (and other authorized devices/systems) to create end-to-end communication policies that can be used to securely communicate among the controllers 114 (and other authorized devices/systems).”.
With regards to applicant’s claim limitation element(s) of, “wherein the generation of the at least one new cryptographic key by the vehicle-internal key generation device also takes place on the basis of the authorization information”, David teaches in col. 14, lines 20-30 the following: “For instance, the key generator 230 can look for verification from the remote system 270 (e.g., management computer system 104, management computer system 164) that the controller 202 is within a secure environment before it is able to create keys with the other controllers 264a-n.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a operation authorization. Utilizing operation authorization as taught by David above allows a system to provide comprehensive access control and therefore provides the motivation in this instance 

As to claim 9, Schaap teaches a key generation device for use in a vehicle-internal communication system, comprising: a storage device for storing at least one secret (i.e. …teaches in par. 0056 the following: “Method 560 begins in step 565 with a first circuit (e.g., HSM 130A) storing a first key (e.g., a provisioned key 152) usable to encrypt data. In step 570, the first circuit receives, from a second circuit (e.g., HSM 130B), an encrypted portion (e.g., MAC 450) of a first packet and a first timestamp (e.g., Packet ID 420) included in the first packet. In various embodiments, a first network node (e.g., node 120A) coupled to the first circuit receives the first packet and requests that the first circuit decrypt the encrypted portion of the first packet. In some embodiments, the first network node is an electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first circuit generates a second key (e.g., HSM key 136) based on the first key and a portion of the first timestamp (e.g., after application of mask 320).”); 
a computing unit to generate at least one new cryptographic key on the basis of the at least one secret (i.e., …teaches in par. 026 the following: “generate keys 134 and 136 by calculating a key derivation function based on a synchronized time value determined from a sync communication” …further teaches in par. 0056 the following: “the first network node is an electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first circuit generates a second key (e.g., HSM key 136) based on the first key and a portion of the first timestamp (e.g., after application of mask 320).”).

Schaap does not expressly teach: vehicle internal key generation device.
In this instance the examiner notes the teachings of prior art reference David.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal key generation module. Utilizing a vehicle internal key generation module as taught by David above allows a system to provide comprehensive communication security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced bus communication. 

As to claim 10, Schaap teaches a vehicle-internal communication system comprising:
a key generation device which provides at least one secret and generates at least one new cryptographic key on the basis of the at least one secret (i.e., …teaches in par. 026 the following: “generate keys 134 and 136 by calculating a key derivation function  based on a synchronized time value determined from a sync communication” …further teaches in par. 0056 the following: “the first network node is an electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first circuit generates a second key (e.g., HSM key 136) based on the first key and a portion of the first timestamp (e.g., after application of mask 320).”); 
a control unit (i.e. …teaches in par. 0056 the following: “…electronic control unit (ECU) configured to receive the first packet over a vehicle network. In step 575, the first circuit generates a second key (e.g., HSM key 136) based on the first key and a portion of the first timestamp (e.g., after application of mask 320).”.). (e.g., a provisioned key 152) usable to encrypt data..”)). 

Schaap does not expressly teach: and at least one control device 
In this instance the examiner notes the teachings of prior art reference David.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal controller. Utilizing a vehicle internal controller as taught by David above allows a system to provide comprehensive communication system security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced system communication. 

As to claim 11, the system of Schaap and David as applied to claim 10 above teaches generating key data, specifically Schaap teaches a device as claimed in claim 10, wherein providing the at least one new cryptographic key is for the at least one control device and the at least one new cryptographic key is used in cryptographic and/or non-cryptographic security measures (i.e., … teaches in par. 0023 the following: “Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to generate encryption keys used to encrypt traffic 122 being communicated between nodes 120. In some embodiments, HSMs 130 generate node keys 134 for their respective nodes 120, which are configured to use the keys 134 perform encryption and decryption of network traffic 122. In some embodiments, HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for 
Schaap does not expressly teach: control device 
In this instance the examiner notes the teachings of prior art reference David.
David illustrates in figure 2, figure element 202 a vehicle internal control unit.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schaap with the teachings of David by including the feature of a vehicle internal controller. Utilizing a vehicle internal controller as taught by David above allows a system to provide comprehensive communication system security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Schaap's system will obtain the capability to provide enhanced system communication. 

As to claim 12, the system of Schaap and David as applied to claim 10 above teaches generating key data, specifically Schaap teaches a device as claimed in claim 10, wherein the key generation device is triggered by one of: a key-exchange event, a combination of key-exchange events, and or by an autonomous action (i.e., … teaches in par. 0023 the following: “Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to generate encryption keys used to encrypt traffic 122 being communicated between nodes 120. In some embodiments, HSMs 130 generate node keys 134 for their respective nodes 120, which are configured to use the keys 134 perform encryption and decryption of network traffic 122. In some embodiments, HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an 

As to claim 13, the system of Schaap and David as applied to claim 12 above teaches generating key data, specifically Schaap teaches a device as claimed in claim 12, wherein the key-exchange event is captured by the control unit (i.e., …teaches in par. 23 the following: “HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and 
and the control unit initiates at least one of the generation of the at least one new cryptographic key and the providing of the at least one new cryptographic key (i.e. …teaches in par. the following: “ HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.).

As to claim 14, the system of Schaap and David as applied to claim 13 above teaches generating key data, specifically Schaap teaches a device as claimed in claim 13, further comprising at least one of the control unit monitors the key generation carried out by the key generation device (i.e. …teaches in par. 24 the following: “HSMs 130 are configured to generate keys 134 and 136 based on time values maintained by local clocks 132, which are synchronized with a reference clock 1”.)and adapts the key generation carried out by the key generation device (i.e. …teaches in par. 24 the following: “ HSMs 130 are configured to generate keys 134 and 136 based on time values maintained by local clocks 132, which are synchronized with a reference clock 1”.). 

As to claim 15, the system of Schaap and David as applied to claim 13 above teaches generating key data, specifically Schaap teaches a device as claimed in claim 13, wherein the control unit monitors at least one of the providing and the distribution of the at least one new cryptographic key (i.e. …teaches in par. 0023 the following: “ HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. For example, HSMs 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.)
and adapts at least one of the providing and the distribution of new cryptographic keys to the at least one control device (i.e. …teaches in par. 0023 the following: “ HSMs 130 are configured to generate HSM keys 136 and use the keys 136 to encrypt and decrypt network traffic 122 for nodes 120. In the illustrated embodiment, however, HSMs 130 are configured to generate both node keys 134 used by nodes 120 to encrypt a portion of a packet and HSM keys 136 used by HSMs 130 to encrypt another portion of the packet. (As used herein, the term “portion” may refer to less than an entirety or an entirety of something.) In various embodiments, keys 134 and 136 are generated on a per-node basis. For example, if node 120A is supposed to communicate traffic 122 to nodes 120B and node 120C, HSM 130A may generate a first set of keys 134 and 136 for communicating with node 120B and a second set of keys 134 and 136 for communicating with node 120C. In some embodiments, keys 134 and 136 may be applicable to only one direction of traffic flow. For example, node 120A may generate a first set of keys 134 and 136 for encrypting traffic 122 to node 120B and a second set of keys 134 and 136 for decrypting traffic 122 received from node 120B. In various embodiments, keys 134 and 136 are generated anew for each new network session. For example, if nodes 120A and 120B establish a network session every 100 ms for communicating traffic 122, HSMs 130A and 130B may generate new keys 134 and 136 every 100 ms. Still further, in some embodiments, HSMs 130 are configured to roll over keys 134 and 136 periodically, which may occur during a given network session. 130 may roll over keys 134 and 136 every four seconds. If a network session is ongoing, HSMs 130 and nodes 120 may transition from using one set of keys 134 and 136 to another, new set of keys 134 and 136.”.).

As to claim 16, the system of Schaap and David as applied to claim 10 above teaches key generation, specifically Schaap does not expressly teach a device as claimed in claim 10, wherein authorization information for the key generation device is provided, and wherein the generation of the at least one new cryptographic key takes place on the basis of the authorization information.
In this instance the examiner notes the teachings of prior art reference David.
With regards to applicant’s claim limitation element(s) or, “wherein authorization information for the key generation device is provided”, David teaches in col. 9 lines 1-15 the following: “The controller 114 can use the security layer 108 to generate an end-to-end security policy for communication with the other controllers 114 and, in some instances, other devices and/or systems (e.g., management computer system 112), as indicated by step C (116). For example, the security layer 108 can include encryption schemes, rules, and agents for performing key exchanges among the controllers 114 (and other authorized devices/systems) to create end-to-end communication policies that can be used to securely communicate among the controllers 114 (and other authorized devices/systems).”.
With regards to applicant’s claim limitation element(s) of, “and wherein the generation of the at least one new cryptographic key takes place on the basis of the authorization information”, David teaches in col. 14, lines 20-30 the following: “For instance, the key generator 230 can look for verification from the remote system 270 (e.g., management computer system 104, management computer system 164) that the controller 202 is within a secure environment before it is able to create keys with the other controllers 264a-n.”.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.