DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on 04/14/2021.
Claims 1-20 are pending for consideration.

Claim Objections
Claim 20 is objected to because of the following informalities:  
The claim recites a limitation using an alternative language “method or system” that further depends on “any of the proceeding claims”.  The claim should recite “the system of claim …” or “the method of claim …” where the claim is a system claim or a method claim respectively.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 20 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.	Claim 20 recites limitation “the proceeding claims”.  The term “proceeding” appears to refer to claims that are declared after the claim 20.  There is no claim after claim 20.  Furthermore, according to MPEP 608.01(n) (I) (B) (2), it is unacceptable to have claim not referring to a preceding claim. 	The U.S. Court of Appeals for the Federal Circuit indicated that although the requirements of pre-AIA  35 U.S.C. 112, 4th paragraph, are related to matters of form, non-compliance with pre-AIA  35 U.S.C. 112, 4th paragraph, renders the claim unpatentable just as non-compliance with other paragraphs of 35 U.S.C. 112 would. See Pfizer, Inc. v. Ranbaxy Labs., Ltd., 457 F.3d 1284, 1291-92, 79 USPQ2d 1583, 1589-90 (Fed. Cir. 2006) (holding a dependent claim in a patent invalid for failure to comply with pre-AIA  35 U.S.C. 112, 4th paragraph). Therefore, if a dependent claim does not comply with the requirements of 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, the dependent claim should be rejected under pre-AIA  35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as unpatentable rather than objecting to the claim.	Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
The following is a quotation of 35 U.S.C. § 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.	Claim 20 recites limitation “The method or system according to any of the proceeding claims”.  It is unclear what “proceeding claims” the claim 20 depends on.	For the purpose of prior art examination, the claim is interpreted as best understood.	Claim 20 recites limitation “The method or system”.  According to MPEP 2173.05 (p) (II), a single claim which claims both an apparatus and the method steps of using the apparatus is indefinite under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. See In re Katz Interactive Call Processing Patent Litigation, 639 F.3d 1303, 1318, 97 USPQ2d 1737, 1748-49 (Fed. Cir. 2011). It is indefinite because it is unclear as to when direct infringement occurs (it is unclear "whether infringement … occurs when one creates a system that allows the decrypting the one or more encrypted messages … and generating a first new encrypted message, or whether infringement occurs when the “decrypting the one or more encrypted messages by the off-board communication system” and “generating a first new encrypted message to be communicated to one or more of the vehicle system or another vehicle system …” happens when the system being deployed by user.	Claims 20/1-20/9 recite “the method … according to any proceeding claim”.  It is unclear what method of the system recited in claims 1-9 that the claims 20/1-20/9 refer to.	Claims 20/10-20/19 recite “the system according to any proceeding claim”.  It is unclear which system of the methods recited in claims 10-19 that the claims 20/10-20/19 refer to.	For the purpose of prior art rejection, the claim is interpreted as best understood.	Appropriate corrections are required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Cheng; Yueqiang et al. (US 20210173917 A1, hereinafter Cheng) in view of LEE; Jun Ha et al. (US 20200366479 A1, hereinafter Lee).
	Regarding claim 1, Cheng teaches a system comprising:
	an onboard communication system ¶6, a host system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor; fig. 1 element 104), the one or more processors configured to:
	generate a session key that includes a shared secret key that is known by the onboard communication system and an off-board communication system (¶47, the system receives a second nonce (ns) from the DP accelerator; ¶48, the second nonce has been generated locally at the DP accelerator;  [0116], HCM 901 upon receiving the “CM_generate session key” command, ACM 915 generates a second random nonce (ns); ¶118, receives a second nonce (ns) from the DP accelerator; see also ¶57-¶58; fig. 15-fig. 16B; see also fig. 9, fig. 17 and fig. 20);
	generate one or more encryption keys by hashing the session key with an identifier based on a cycle time (¶47, receives a second nonce (ns) from the DP accelerator; ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; see also [0117]; ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; see also ¶119, ¶140; see also fig. 9, fig. 17 and fig. 20);
	generate one or more encrypted messages by encrypting one or more messages ¶47, The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶116, the session key is then used to encrypt and decrypt data exchanged between ACM 915 and HCM 901; ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; see also fig. 9, fig. 17 and fig. 20); and
	communicate the one or more encrypted messages from the onboard communication system to the off-board communication system (¶47, The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶116, the session key is then used to encrypt and decrypt data exchanged between ACM 915 and HCM 901; ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; see also fig. 9, fig. 17 and fig. 20).	Although Cheng’s system is readily applied onto an onboard vehicle system and offboard communication system, and Cheng teaches the expiration of session based on time period using timestamp to determine freshness of a session (Cheng ¶53, ¶56, and ¶122), Cheng does not explicitly disclose the following limitations that Lee teaches:
	an onboard communication system configured to be disposed onboard a vehicle system (Lee abstract, communication method using a security key between nodes connected via a network or a bus includes setting a critical cluster among multiple nodes, selecting a primary message shared between the set critical clusters, and encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key;  [0002] A control based system, for example, a vehicle and a drone, is a distributed system in which small computers communicate with one other; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶62, the system (for example, a vehicle or a drone); see also ¶4; ¶83);	the cycle time is known by the onboard communication and the off-board communication system (Lee abstract, communication method using a security key between nodes connected via a network … encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key; see also ¶89-¶107); and	encrypting one or more messages associated with one or more of the vehicle system or a route over which the vehicle system is configured to move (Lee abstract, encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters; ¶1, encrypted communication via a network or a bus, and more particularly, to a node that generates an encryption key for ensuring secure communication between nodes; [0002] A control based system, for example, a vehicle and a drone; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; see also ¶7-¶19, ¶56-¶62; ¶78-¶83).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones that has known cycle time between the clusters, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
Regarding claim 2, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate each of the one or more encryption keys by hashing the session key with a different identifier based on the cycle time (Cheng ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; Cheng ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; ¶117, HCM 901 verifies a freshness of the session key by verifying random nonce nc is indeed identical to a copy of the random nonce nc originally generated by HCM 901; [0140], timestamp can then be used by security unit 1020 to time stamp cryptographic key authentications, key generations, and/or key expirations. For example, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶53, ¶57-¶58).

	Regarding claim 3, Cheng in view of Lee teaches the system of claim 1, wherein the cycle time is based on one or more of a time (Cheng ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng ¶56, the timestamp is further to determine whether the session key has expired, in which a new session key is to be generated; Cheng ¶136, time unit 2003 may be a standalone unit; ¶137, security unit 1020 requires a secure time source to keep track when cryptographic keys have been authenticated or when a session key has expired; ¶140, a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; ¶139, clock calibrator 2109 initially calibrates the clock generation signal to match an external source (e.g., an atomic clock) at a manufacturing phase of the DP accelerator; Lee ¶2-¶4, ¶62, ¶83).	Although Cheng disclose the checking of the session based on a pre-determined period and timestamp, and the timestamp generated by time unit is used to check on freshness of the session shared by the host and the accelerator, Cheng does not clearly state that the host has the time synchronized with the accelerator’s time unit.	However, Cheng further discloses that the accelerator has a time generation unit that is calibrates to match an external source (Cheng ¶139).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Cheng, which teaches to have a time generation unit on the accelerator, into the teaching of Cheng, that teaches the host generating a second nonce and the checking of the nonce based on timestamp for session freshness, to also have a time generation unit on the host that has its clock calibrated to the same external source to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as having calibrated time unit on both the host and the accelerator would ensure accurate synchronization of the host and the accelerator and also improve security of the system (Cheng ¶137).

	Regarding claim 4, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate a first encryption key of the one or more encryption keys based on one or more of a first time or a first location of the vehicle system, and the one or more processors are configured to generate a second encryption key of the one or more encryption keys based on one or more of a second time or a second location of the vehicle system.

	Regarding claim 5. The system of claim 1, wherein the onboard communication system is configured to generate the session key while the vehicle system is stationary or moving along the route ([Examiner remark: Cheng’s teaching is readily applied on a stationary or moving vehicle]; Lee ¶3, in these emerging automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶4, automated driving systems).

	Regarding claim 6, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate a first encryption key of the one or more encryption keys by hashing the session key with a first identifier based on a first time of the cycle time (Cheng ¶47, derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns, first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges;), and
	the one or more processors are configured to generate a second encryption key of the one or more encryption keys by hashing the session key with a second identifier based on a second time of the cycle time (Cheng ¶122, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed;  Cheng ¶47, derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns, first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges; see also ¶116 and ¶118 of Cheng).

	Regarding claim 7, Cheng in view of Lee teaches the system of claim 1, wherein the onboard communication system is configured to receive one or more off-board encryption messages from the off-board communication system (Cheng ¶102, a secured information exchange channel is required to be setup or established between host server 104 and the DP accelerator, information can then be exchanged between the user application and the DP accelerator through the secure channel by way of a session key to encrypt and decrypt the information exchanges; see also Cheng ¶158 and ¶160).

	Regarding claim 8, Cheng in view of Lee teaches the system of claim 7, wherein the onboard communication system is configured to decrypt the one or more off-board encryption messages based on one or more of the cycle time, the one or more encryption keys, or the session key (Cheng ¶47, the system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶116).

	Regarding claim 9, Cheng in view of Lee teaches the system of claim 7, wherein the onboard communication system is configured to decrypt the one or more off-board encryption messages based on one or more of the session key, the cycle time, or the identifier (Cheng ¶47, the system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶116).
	Regarding claims 10-11, and 13-14, the claims recite essentially the same limitations as that of claim 1-3, and 5, respectively.  The claims 10-11, and 13-14 are rejected for the same reasons as that of claims 1-3 and 5, respectively.

	Regarding claims 12, and 15-18, the claims recite essentially the same limitations as that of claim 4, 6-9, respectively.  The claims 12, 15-18 are rejected for the same reasons as that of claim 4, 6-9, respectively.
	Regarding claim 19, Cheng teaches a method for securing communication between an onboard communication system (¶6, a host system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor; fig. 1 element 104) and an off-board communication system (fig. 1, elements 105-107), 
	generating one or more encryption keys based at least in part on information that is known by both the onboard communication system and the off-board communication system (¶47, the system receives a second nonce (ns) from the DP accelerator; ¶48, the second nonce has been generated locally at the DP accelerator;  [0116], HCM 901 upon receiving the “CM_generate session key” command, ACM 915 generates a second random nonce (ns); ¶118, receives a second nonce (ns) from the DP accelerator; ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; see also [0117]; ¶122);
	generating one or more encryption messages by encrypting one or more messages associated with one or more of the Cheng ¶47, ¶116, ¶118, generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator); and
	communicating the one or more encrypted messages between the onboard communication system and the off-board communication system, wherein the one or more encrypted messages include information about one or more of the Cheng ¶47, ¶116, ¶118, generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator). 	Although Cheng’s system is readily applied onto an onboard vehicle system and offboard communication system, Cheng does not explicitly disclose the following limitations that Lee teaches:
	an onboard communication system configured to be disposed onboard a vehicle system (Lee abstract, communication method using a security key between nodes connected via a network or a bus includes setting a critical cluster among multiple nodes, selecting a primary message shared between the set critical clusters, and encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key;  [0002] A control based system, for example, a vehicle and a drone, is a distributed system in which small computers communicate with one other; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶62, the system (for example, a vehicle or a drone); see also ¶4; ¶83); and	encrypting one or more messages associated with one or more of the vehicle system or a route over which the vehicle system is configured to move (Lee abstract, encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters; ¶1, encrypted communication via a network or a bus, and more particularly, to a node that generates an encryption key for ensuring secure communication between nodes; [0002] A control based system, for example, a vehicle and a drone; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; see also ¶7-¶19, ¶56-¶62; ¶78-¶83).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
	Regarding claim 20, Cheng in view of Lee teaches the method or system according to any of the proceeding claims (see discussion above), comprising:
	decrypting the one or more encrypted messages by the off-board communication system (Cheng ¶47-¶48; Cheng ¶116);	Although Cheng’s encryption system between host and accelerators is readily applied on a vehicle, Cheng does not explicitly disclose the following limitations that Lee teaches:
	generating a first new encrypted message to be communicated to one or more of the vehicle system or another vehicle system, wherein the first new encrypted message comprises one or more command messages for one or more of controlling movement of the vehicle system or the other vehicle system, or controlling one or more systems of the vehicle system or the other vehicle system (Lee [0002] A control based system, for example, a vehicle and a drone; Lee ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; Lee [0083], The message sender and the message receiver use the encrypted MAC(n−1) of the previous message m(n−1) to generate the encrypted message MACn, the system (for example, a vehicle or a drone); Lee, [0105] The control unit 30 may encrypt a message that the sender node intends to send; Lee [0066], A message encryption and decryption process is a task with high performance overhead. Accordingly, in terms of performance and cost efficiency, it is efficient to apply this method to only a node for which security attributes are important, such as a node that controls the engine or steering).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones and controlling vehicle with the encrypted messages, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4) and improve efficiency and performance of the system that Cheng’s system being applied onto (Lee ¶66). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20200169400 A1 - key pair generation/regeneration process effectively places a geofence around the trusted execution environment as the secret data can only be accessed so long as the computing device is within some bounded geographic location that can be cryptographically verified using signals from, for example, a trusted Global Navigation Satellite System (GNSS).
US 20190191301 A1 - generate the encryption key of the STA according to location information of the terminal, so that the generated encryption key is changed.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.H.H/
Examiner, Art Unit 2497


/IZUNNA OKEKE/Primary Examiner, Art Unit 2497