DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on February 28, 2020.
Claims 1 and 3-21 are allowed.

Allowable Subject Matter
Claims 1 and 3-21 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the amendment presented on November 30, 2021.
Specifically, the independent Claim 1 now recites limitations as follows:

“A bus-based communication system, comprising: 
a communication bus connecting a plurality of nodes; and 
a first node, of the plurality of nodes, configured to: 
receive a first message on the communication bus, the first message having been broadcast on the communication bus by a second node of the plurality of nodes, 

wherein the second modular exponentiation is not based on private keys of all of a set of nodes associated with a key exchange; and compute a shared secret key, associated with the plurality of nodes, based at least in part on the first modular exponentiation and the private key of the first node, 
wherein the shared secret key is based on private keys of all of the set of nodes, including the first node and the second node, associated with the key exchange”.
The cited art by Bhattacharya et al. (US PGPUB. #  US 2020/0153618) discloses, the rounding may cause differences between the raw key computed at the first node and at the second node. Nevertheless, a shared key can be computed therefrom. There are several ways to achieve this. In an embodiment, the first network node is further configured to receive helper data of the second network node, the helper data comprising information allowing deriving of the same shared key at the first and second node cancelling differences between the raw keys derived at the first and second nodes. (¶26-¶27). Shown in FIG. 1 are two network nodes in the system: a network node 110 of initiator type and a network node 210 of responder type. In an embodiment of the key agreement (Fig. 1, ¶99). The network node is configured to operate according to an initiator mode and according to a responder mode. For example, if the network node initiates a key agreement, e.g., sends a message to another network node signaling the start of the key agreement protocol, then the network node may switch to initiator mode. If the network node responds to a key agreement, e.g., receives a message from another network node signaling the start of the key agreement protocol, then the network node may switch to responder mode. Although this is convenient in practice, also this option is not strictly necessary; for example, in a key agreement system some modes may only be configured as initiator and some may only be configured as responder nodes. A consequence of this will be that some nodes cannot agree on a shared key together. For some networks this need not be a problem, e.g., in ad-hoc network, or ad-hoc wireless grids, etc., so long as sufficiently many pairs of network nodes can communicate and agree on a shared key. (¶101). The electronic network node is configured for a key exchange (KEX) protocol. The protocol involves exchanging messages between the nodes 110 and 210 over the communication interfaces 120 and 220, and performing computations on, e.g., data received from the other node. The execution of the key agreement protocol is implemented in a processor circuit, examples of which are shown below. FIG. 1 shows functional units that may be functional units of the processor circuit. For example, FIG. 1 may be used as a blueprint of a possible functional organization of the processor circuit. The (¶104). The first network node is configured to obtain a shared polynomial (a) shared with a second network node, coefficients of the shared polynomial a being selected modulo a first modulus q, generate a private key polynomial (sk.sub.I), coefficients of the private key polynomial being bounded in absolute value by a bound (s) generate a public key polynomial (pk.sub.I) by computing a polynomial product between the shared polynomial (a) and the private key polynomial (sk.sub.I) modulo the first modulus (q) and scaling the coefficients of the polynomial product down to a second modulus (p). (Abstract). Helper data may be part of data computed from the private key, e.g., part of the raw key. Helper data may be additional data, e.g., checksum data, e.g. syndrome computed for data computed from the secret data. For example, the helper data may comprise redundancy information on the raw key, or on the shared key. Helper data may be obtained by adding one or more code words. Instead, helper data may be obtained by computing so-called syndromes of error correcting codes, e.g., for the raw key or for the shared key. In embodiments, two different types of helper data are given, reconciliation data and encapsulated keys; worked examples of these two types are given. (¶33).
One of the nodes, say the initiator node 110, e.g., in shared polynomial unit 130, may select a polynomial a, e.g., at random with elements modulo q. The coefficients may then be sent through the communication units to the other node, 230. In this case, the latter shared polynomial unit 230 will simply receive the polynomial and store it. Polynomial a may also be chosen by responder node 210 instead and sent to the initiator node 110. (¶129). On the other hand, the first nodes are capable of deriving a shared key, since they have more information than an attacker; the first and second node have their own private key polynomial in addition to the received public key polynomial. (¶25). Shared key unit 160 is configured to receive the reconciliation data 164 (h) of the second network node, and to compute a shared key by applying a reconciliation function to the received reconciliation data and the raw key polynomial 162. For example, the reconciliation function may be applied to each of the coefficients of the raw key 162 and corresponding part of reconciliation data. For example, if the reconciliation data 164 was part of the raw key generated by responder unit 210, the initiator node may select a raw key that could have been obtained by node 210 and is compatible with the received reconciliation data, e.g. has the same middle bits as received. One way of doing this is to use the reconciliation function defined above. As a result, the same bits are recovered that node 210 used to create the shared key. By concatenating the bits in the same way, or by inputting them to the same KDF the same shared key 166 is obtained. In an embodiment, the shared key is a symmetric key. (¶163). 
The reference by Jain et al. (US PGPUB. # US 2017/0019382) discloses, FIG. 1 depicts a network communication system 100 that includes a plurality of communication nodes 104A, 104B, 104C, and 104D. The nodes 104A-104D are 102. The shared communication medium 102 is, for example, a CANbus connection and the shared communication medium is also referred to as a “bus” in the description below. Each of the nodes 104A-104D is a computing device that is configured to perform the methods described herein for performing secure key generation in the presence of an eavesdropper 150. The eavesdropper 150 is another electronic device that can detect any and all communications between the nodes 104A-104D on the shared communication medium 102. In the system 100, the nodes 104A-104D generate a shared secret key via communications over the shared communication medium that are assumed to be recorded by the eavesdropper 150, but that the eavesdropper 150 cannot use to reproduce the shared secret key. After two or more of the nodes 104A-104D have produced a shared secret key, the nodes can use the key for encryption and/or authentication of message traffic that the eavesdropper 150 cannot decrypt or falsify in a practical manner. (Fig. 1(102), ¶32).
Takemore et al. (US PGPUB. # US 2019/0238325) discloses, a communication system is provided that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle (Abstract).
Trevethan (US PGPUB. # US 2021/0075600) discloses, secure determination of a solution (S) to a computational task by a dealer-free threshold signature group. Access to a resource or reward is offered in exchange for the solution. The method enables individuals in said group to work together in a trust-less, or dealer-free manner. To achieve this, individuals generate their own key pair and use their public key to establish with the group an initial shared public key that they can all use, in parallel, to find a solution to the task. Their own private keys remain secret and, therefore, the collaboration is trust less, and operates efficiently, because a verified shared public key is created using the initial shared public key that was used when a solution is found and verified. The resource or reward can be secured by the verified shared public key. Because the private keys of each participant were used in the determination of the initial shared public key that lead to the solution then participants must then collaborate to unlock the resource or reward because the corresponding shared private key can only be generated by all participants or a pre-agreed threshold of participants. Efficiency is achievable by using an initial shared public key and calculating with the group a verified shared public key after the solution has been found. The invention enables the task to be trust-less by using the homomorphic (Abstract)
Schultz et al. (US PGPUB. # US 2019/0044721) discloses, a method includes authenticating nodes by verifying symmetric keys that comprise a static portion and a dynamic portion of a keyed-hashing function having been cryptographically processed, each of the nodes having one of the symmetric keys, comparing the symmetric keys to values stored by a rubicon identity service, exchanging symmetric keys between the nodes when authenticated, pre-provisioning an authorization policy to the nodes, and authorizing a node of the nodes to perform an action defined within the authorization policy. (Abstract).
Garcia-Morchon et al. (US PGPUB. # US 2017/0310472) discloses, a cryptographic system is provided comprising multiple configuration servers (200, 201, 202) arranged to configure multiple network devices (300, 350, 360) for key sharing. Each configuration server comprising a computation unit (220) arranged to compute local key material for the network device from root key material specific to the configuration server and the network device identity number of the network device that is being configured. At least two configuration servers of the multiple configuration servers provide computed local key material to said network device. The network devices are configured to determine a shared key with any one of multiple network devices. A network device comprises a shared (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…wherein the second modular exponentiation is not based on private keys of all of a set of nodes associated with a key exchange; and compute a shared secret key, associated with the plurality of nodes, based at least in part on the first modular exponentiation and the private key of the first node, wherein the shared secret key is based on private keys of all of the set of nodes, including the first node and the second node, associated with the key exchange”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 9 is a first node of a bus-based communication system claim of above method claim 1 and Claim 17 is also a method claim of above method claim 1, and therefore, they are also allowed.
Claims 3-8 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 10-16 and 21 depend on the allowed claim 9, and therefore, they are also allowed.
Claims 18-20 depend on the allowed claim 17, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498