DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
	Applicant's arguments filed 01/03/2022 have been fully considered but they are not persuasive. The Applicant argues that neither Fuji et al. (US 2010/0191967), hereon referred to as Fuji, nor Kuang et al. (US 2021/0211271), hereon referred to as Kuang, alone or in combination disclose all of the limitations of the independent claim(s).  Specifically, the Applicant argues that the prior art does not teach or suggest generating a session key based on the first random number, random number, and the symmetric key. The Applicant argues that the prior art only only discusses a “temporary key” and an “encryption parameter.” It does not discuss that the encryption parameter is based on the first random value, a second random value and a symmetric key. Kuang has not been cited with respect to this feature.
However, the Examiner respectfully disagrees. Fuji discloses several embodiments and options of establishing as secure communication between a client and server apparatus. A part of this approach includes a temporary key (session key) that is established to establish a secure session. However, even before the secure session is established there can be several other required security elements. Such as, a secure session can only from a result of a biometric authentication. Biometric authentication (symmetric key) certificate authentication (random number(s) are organically combined that evidently lead to the generating of the temporary key. Where, the certificate authentication may or may not multiple include multiple certificates. Therefore, the claim(s) is/are not in condition for allowance. Additionally, this element of establishing a session key based on multiple random numbers and a key are . 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6-8, 10-13, 16-18 & 20 are rejected under 35 U.S.C 103 as being unpatentable over Fuji et al. (US 2010/0191967), hereon referred to as Fuji, in view of Kuang et al. (US 2021/0211271), and hereon referred to as Kuang. 
In regards to claims 1, 10-11 & 20, Fuji discloses transmitting… a first message generated based on a first random number generated by the client ECU, first security version information of the client ECU, and a symmetric key pre-shared with the server ECU (A Client Hello message is sent when a client establishes a connection with a server for the first time, In the Client Hello message, based on biometrics and random number, lists of cipher suites and compression algorithms to be used are stored. ; receiving, from the server ECU, a second message generated based on a second random number generated by the server ECU (When the Client Hello message is sent, the client waits for a Server Hello message which is sent from the server side; Paragraph 0049; Fig.6), second security version information of the server ECU, and the symmetric key in response to the first message (the random number in the Server Hello message based on a client's private key and thereby generating an encrypted random number; Paragraph 0070, Fig.6);  when the second message is verified, storing the second random number in a memory of the client ECU (After the authentication context is created, the random number, certificate, key are saved; Paragraphs 0137-0140, Fig.6); transmitting, to the server ECU, a third message and generating a session key based on the first random number, the second random number, and the symmetric key; and transmitting, to the server ECU, a fourth message encrypted using the session key (After verification, a key can be generated and message can be sent to establish a secure session; Paragraphs 0058; 0167; 0215; Fig.6).
	However, Fuji does not disclose to a server ECU. In an analogous art Kuang disclose to a server ECU (The server during the secure data communication may be an ECU server; Paragraphs 0155; 0238). 
At the time before the effective filing date of the invention, it would have been obvious to the one with ordinary skill in the art to combine the teachings disclosed by Fuji, with the teachings disclosed by Kuang regarding to a server ECU. The suggestion/motivation of the combination would have been to provide additional security data communication (Kuang; Abs.). 
In regards to claims  2 & 12, Fuji discloses adding, to a first message part having the first random number and the first security version information…formed by encrypting a hash value of the first message part using the symmetric key (A Client Hello message is sent when a client establishes a connection with a server for the first time, In the Client Hello message, based on biometrics and random .
	However, Fuji does not disclose , a first message authentication code (MAC). In an analogous art Kuang discloses a first message authentication code (MAC) (A hash message authentication code (HMAC) can also be generated and inserted in the transaction  to allow authenticity; Paragraphs 0199; 0315).
In regards to claims 3 & 13, Fuji discloses wherein the generation of the second message includes: adding, to a second message part having the second random number and the second security version information,… formed by encrypting a hash value of the second message part using the symmetric key (A Client Hello message is sent when a client establishes a connection with a server for the first time, In the Client Hello message, based on biometrics and random number, lists of cipher suites and compression algorithms to be used are stored. When an existing session is resumed, a session ID is also stored; Paragraphs 0049; 0056; 0082-0085; 0198; 0214; Fig. 6). 
However, Fuji does not disclose a second authentication code (MAC). In an analogous art Kuang discloses a first message authentication code (MAC) (A hash message authentication code (HMAC) can also be generated and inserted in the transaction  to allow authenticity; Paragraphs 0199; 0315; Fig.6).
In regards to claims 6 & 16, Kuang discloses wherein the encryption of the fourth message includes: adding a third message authentication code (MAC) formed by encrypting a hash value of an original message using the session key, to the original message (A hashed message authentication code (HMAC) is also added, which is produced from the key and the message cipher; Paragraph 0342).
	In regards to claims 7 & 17, Fuji discloses wherein: the first message includes a message ClientHello (A ClientHello message is sent; Paragraph 00419);  the second message includes a message Server Finish (A Finished message (server finish) is a message telling the client from the server that the exchange with the client is completed; Paragraph 0060; and the third message includes a message Client Finish (A Finished (client finish) message is a message telling the server from the client that the exchange with the server is completed; Paragraph 0058).
	In regards to claims 8 & 18, Fuji discloses wherein the first security version information and the second security version information include transport layer security information (TLS info) (TLS handshake and information are utilized for authentication; Paragraphs 0047-0048; 0061). 

Claims 9 & 19 are rejected under 35 U.S.C 103 as being unpatentable over the combination of Fuji and Kuang, in view of Hakuta et al. (US 2019/0007215), hereon referred to as Hakuta
In regards to claims 9 & 19, the combination of Fuji and Kuang does not disclose wherein the session key includes an encryption key and a message authentication code (MAC) key. In an analogous art, Hakuta discloses wherein the session key includes an encryption key and a message authentication code (MAC) key (The key can include a common key (encryption key) and a MAC key; Paragraph 0153). 
At the time before the effective filing date of the invention, it would have been obvious to the one with ordinary skill in the art to combine the teachings disclosed by the combination of Fuji and Kuang, with the teachings disclosed by Hakuta regarding wherein the session key includes an encryption key and a message authentication code (MAC) key. The suggestion/motivation of the combination would have been to provide additional security in an in-vehicle communication system (Hakuta et al. Paragraph 0001). 

Allowable Subject Matter
	Claims 4-5 & 14-15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARIF E ULLAH whose telephone number is (571)272-5453. The examiner can normally be reached Mon-Fri 7:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 





/SHARIF E ULLAH/Primary Examiner, Art Unit 2495