Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 have been examined.

2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-2, 4-9, 11-14, 17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Woo et al. (“A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN”; hereafter “Woo”), and further in view of Haga et al. (U.S. Patent Application Publication 2018/0126954; hereafter “Haga”).
	For claims 1 and 19. Woo teaches a method and non-transitory computer-readable storage medium (note page 1003, B. Performance Evaluation and Fig. 10) for authenticating communications received from a first device of a vehicle by a second device of the vehicle, the method comprising:
	performing, using a processing circuit of the second device, a keying operation (note page 999, Fig. 6 Distribution of Initial Session Keys), comprising:
		exchanging randomly generated numbers with the first device (note page 999, Fig. 6; 2) Distribution of Initial Session Keys – (A) and (B), random numbers R and Seed are exchanged); and
		generating a plurality of encryption keys using the randomly generated numbers (note page 999, Fig. 6; page 1000, 2) Distribution of Initial Session Keys – (D) and (F), KDF is used to generate plurality of keys);
	receiving at the second device a first message (note page 1000, Message Reception) including:
		a first message sequence counter value (note page 1000, Message Transmission – (A), counter value CTRECUS); and
		a first hash generated using a first encryption key of the plurality of encryption keys (note page 1000, Message Transmission – (B), MAC generated using session AK);
	after receiving the first message, receiving a second message at the second device (note page 1000, Message Reception) that includes a second message sequence counter value (note page 1000, Message Transmission – (B), CTRECUS is incremented after completion of previous message transmission) and a second hash generated using the first encryption key (note page 1000, Message Transmission – (B), MAC generated using same session AK);
	in accordance with a determination that the second message sequence counter value is greater than the first message sequence counter value, authenticating the second message as having been received from the first device (note page 1000, Message Reception – (A) and (C), verification of message includes CTRECUS that was incremented after previous message; i.e. message is authenticated if counter in message matches the local counter that has been incremented since the previous message)
	after receiving the second message, receiving a third message (note page 1000, Message Reception) that includes a third message sequence counter value and a third hash generated using the second encryption key of the plurality of encryption keys (note page 1000, Message Transmission – (B), MAC is generated with current session AK, which may be k+1 session since the second message MAC generated with k session AK; note page 1001, Fig. 9, key generated in session k is used to generate AKk+1); and
	in accordance with a determination that the third message sequence counter value is less than the second message sequence counter value (note page 1001, General Key Update Phase – (D), after key update, counters are initialized to zero) and the second encryption key used to generate the third hash is different than the first encryption key, authenticating the third message as having been received from the first device (note page 1000, Message Reception – (A) and (C), verification of message includes current CTRECUS and AK; i.e. message is authenticated if counter in message matches the local counter that has been initialized to zero after key update).


	Woo differs from the claimed invention in that they fail to explicitly teach:
	first and second devices are of an autonomous vehicle

	Haga teaches:
	first and second devices are of an autonomous vehicle (note paragraphs [0223] and [0231], ECU devices are used in a vehicle that can automatically go into a reduced speed safe state, perform automatic braking, lane keeping, distance keeping and collision avoidance; i.e. autonomous functions)

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the ECU’s that perform secure message transmission in a vehicle with autonomous functions of Haga. It would have been obvious because a simple substitution of one known element (ECUs used in autonomous vehicle of Haga) for another (ECUs used in vehicle of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs perform functions in an autonomous vehicle (Haga).


	For claim 20, the combination of Woo and Haga teaches an autonomous vehicle (note paragraphs [0223] and [0231] of Haga, ECU devices are used in a vehicle that can automatically go into a reduced speed safe state, perform automatic braking, lane keeping, distance keeping and collision avoidance; i.e. autonomous functions), comprising:
	a first device having a first processing circuit (note page 998 of Woo, B. Proposed Security Protocol, ECUs);
	a second device having a second processing circuit (note page 998 of Woo, B. Proposed Security Protocol, ECUs); and
	memory storing one or more programs configured to be executed by the first and second processing circuits (note page 1003 of Woo, B. Performance Evaluation and Fig. 10), the one or more programs including instructions for:
	performing a keying operation (note page 999 of Woo, Fig. 6 Distribution of Initial Session Keys), comprising:
		exchanging randomly generated numbers between the first device and the second device (note page 999 of Woo, Fig. 6; 2) Distribution of Initial Session Keys – (A) and (B), random numbers R and Seed are exchanged); and
		generating a plurality of encryption keys using the randomly generated numbers (note page 999 of Woo, Fig. 6; page 1000 of Woo, 2) Distribution of Initial Session Keys – (D) and (F), KDF is used to generate plurality of keys);
	transmitting to the second device using the first processing circuit a first message including a first message sequence counter value (note page 1000 of Woo, Message Transmission – (A), counter value CTRECUS) and a first hash generated using the first encryption key of the plurality of encryption keys (note page 1000 of Woo, Message Transmission – (B), MAC generated using session AK);
	receiving the first message at the second device (note page 1000 of Woo, Message Reception);
	after transmitting the first message, transmitting to the second device using the first processing circuit a second message that includes a second message sequence counter value that is greater than the first message sequence counter value (note page 1000 of Woo, Message Transmission – (B), CTRECUS is incremented after completion of previous message transmission) and a second hash generated using the first encryption key (note page 1000 of Woo, Message Transmission – (B), MAC generated using same session AK);
	receiving the second message at the second device (note page 1000 of Woo, Message Reception);
	in accordance with a determination by the second processing circuit that the second message sequence counter value is greater than the first message sequence counter value, authenticating the second message as having been received from the first device (note page 1000 of Woo, Message Reception – (A) and (C), verification of message includes CTRECUS that was incremented after previous message; i.e. message is authenticated if counter in message matches the local counter that has been incremented since the previous message);
	after transmitting the second message, transmitting to the second device using the first processing circuit a third message that includes a third message sequence counter value and a third hash generated using a second encryption key of the plurality of encryption keys (note page 1000 of Woo, Message Transmission – (B), MAC is generated with current session AK, which may be k+1 session since the second message MAC generated with k session AK; note page 1001 of Woo, Fig. 9, key generated in session k is used to generate AKk+1); and
	in accordance with a determination by the second processing circuit that the third message sequence counter value is less than the second message sequence counter value (note page 1001 of Woo, General Key Update Phase – (D), after key update, counters are initialized to zero) and the second encryption key used to generate the third hash is different than the first encryption key, authenticating the third message as having been received from the first device (note page 1000 of Woo, Message Reception – (A) and (C), verification of message includes current CTRECUS and AK; i.e. message is authenticated if counter in message matches the local counter that has been initialized to zero after key update).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the ECU’s that perform secure message transmission in a vehicle with autonomous functions of Haga. It would have been obvious because a simple substitution of one known element (ECUs used in autonomous vehicle of Haga) for another (ECUs used in vehicle of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs perform functions in an autonomous vehicle (Haga).


	For claim 2, the combination of Woo and Haga teaches claim 1, further comprising authenticating the randomly generated numbers during the keying operation by confirming a portion of the message accompanying the numbers corresponds with a key shared by both the first and second devices (note page 999 of Woo, 1) Loading Long-Term Symmetric Keys and 2)Distribution of Initial Session Keys – (B), MAC1 is generated using long term symmetric key Ki shared by the devices).

	For claim 4, the combination of Woo and Haga teaches claim 1, wherein performing the keying operation comprises initiating the keying operation by the second device (note pages 999-1000 of Woo, Fig. 6 and 8, if ECUi of Distribution of initial session key is the Receiver ECUr of Message Transmission and Reception, then keying operation is initialized by second device).

	For claim 5, the combination of Woo and Haga teaches claim 1, wherein exchanging randomly generated numbers comprises sending, by the second device, a keying response communication to the first device in response to receiving, by the second device, a keying request communication from the first device, wherein the keying response communication comprises a first randomly generated number of the randomly generated numbers and a test message (note page 999 of Woo, Distribution of Initial Session Keys – (B), GECU sends Seed1||MAC1 in response to random number Ri; Seed1||MAC1 includes random number and test message).

	For claim 6, the combination of Woo and Haga teaches claim 5, wherein exchanging randomly generated numbers comprises receiving, from the first device, a keying acknowledgement at the second device after sending the randomly generated number from the second device (note pages 999-1000 of Woo, Distribution of Initial Session Keys – (E), ECUi sends MAC2||MAC3 acknowledgement).

	For claim 7, the combination of Woo and Haga teaches claim 6, wherein the keying acknowledgement comprises a fourth hash generated by a third encryption key of the encryption keys and the test message (note pages 999-1000 of Woo, Distribution of Initial Session Keys – (E), MAC2||MAC3 acknowledgement includes hashes generated with AK and data from test message).

	For claim 8, the combination of Woo and Haga teaches claim 1, wherein the first and second devices both independently generate the plurality of encryption keys during the keying operation (note page 999 of Woo, Fig. 6; page 1000 of Woo, 2) Distribution of Initial Session Keys – (D) and (F), KDF is used by both devices to independently generate plurality of keys).

	For claim 9, the combination of Woo and Haga teaches claim 1, wherein an unused one of the encryption keys is used each time a register of the message sequence counter resets (note page 1001 of Woo, General Key Update Phase – (D), after key updated to unused key, counters are initialized to zero). 

	For claim 11, the combination of Woo and Haga teaches claim 1, wherein the plurality of encryption keys are regenerated in response to predetermined criteria (note page 999 of Woo, Distribution of Initial Session Keys – (B), keys are generated after starting vehicle).

	For claim 12, the combination of Woo and Haga teaches claim 1, further comprising ceasing communication between the first and second devices after receiving a threshold number of non-authenticated messages (note paragraphs [0097], [0213], [0249]-[0253] of Haga, when a message fails authentication, the fraud count is increased for the ID and after a threshold number, the data frames are aborted and overwritten with an error, i.e. ceasing communication).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the threshold fraud count of Haga. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of ECUs using a secure communication protocol (Woo) where a count tracks the number of fraudulent messages received and if a threshold is reached, messages matching the sending ID are aborted and overwritten with an error to cease communication with the sender (Haga).


	For claim 13, the combination of Woo and Haga teaches claim 1, wherein the first device comprises a sensor configured to support navigation of the autonomous vehicle (note paragraph [0231] of Haga, ECU sensors support lane keeping and distance keeping, i.e. navigation of the autonomous vehicle).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the ECU’s that perform secure message transmission in a vehicle with autonomous functions of Haga. It would have been obvious because a simple substitution of one known element (ECUs used in autonomous vehicle of Haga) for another (ECUs used in vehicle of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs perform functions in an autonomous vehicle (Haga).


	For claim 14, the combination of Woo and Haga teaches claim 13, wherein the sensor is a velocity sensor or an object detection sensor (note paragraphs [0118], [0123], [0180] and [0231] of Haga, ECU sensors include speed, distance keeping and collision avoidance, i.e. velocity and object detection sensors).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the ECU’s that perform secure message transmission in a vehicle with autonomous functions of Haga. It would have been obvious because a simple substitution of one known element (ECUs used in autonomous vehicle of Haga) for another (ECUs used in vehicle of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs perform functions in an autonomous vehicle (Haga).


	For claim 17, the combination of Woo and Haga teaches claim 1, further comprising, in accordance with a determination that the second message sequence counter value is less than or equal to the first message sequence counter value, disregarding the second message (note page 1000 of Woo, Message Transmission – (B), only message with correct counter value will pass MAC verification; note page 1002, A. Security Analysis – Authentication, malicious data frames result in an error state, i.e. message is disregarded) .

	For claim 18, the combination of Woo and Haga teaches claim 17, wherein authenticating the third message is performed in accordance with a determination that the third hash was generated by the second encryption key and that the second encryption key is one of the plurality of encryption keys (note page 1000 of Woo, Message Reception – (A) and (B), verification of message includes current CTRECUS and AK; i.e. message is authenticated if counter in message matches the local counter and current session AK is used).


4.	Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Woo and Haga as applied to claim 1 above, and further in view of Kalaiselvam et al. (U.S. Patent Application Publication 2020/0112439; hereafter “Kalaiselvam”).
	For claim 3, the combination of Woo and Haga differs from the claimed invention in that they fail to teach:
	wherein the keying operation further comprises a keying communication and a keying response communication that are transmitted within discrete windows of time.

	Kalaiselvam teaches:
	wherein the keying operation further comprises a keying communication and a keying response communication that are transmitted within discrete windows of time (note paragraphs [0031]-[0033] and Fig. 3, keying communication and responses occur during the key message exchange time window).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of the combination of Woo and Haga and key message exchange time window of Kalaiselvam. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of ECUs using a secure communication protocol (the combination of Woo and Haga) where all keying communication and response messages are performed during a key message time window (Kalaiselvam).


5.	Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Woo and Haga as applied to claim 1 above, and further in view of Kurachi et al. (“CaCAN - Centralized Authentication System in CAN”; hereafter “Kurachi”), and further in view of Rosenow et al. (U.S. Patent 5,483,596; hereafter “Rosenow”).
	For claim 10, the combination of Woo and Haga differ from the claimed invention in that they fail to teach:
	wherein the first and second message sequence counter values are generated using a 32-bit register

	Kurachi teaches:
	wherein the first and second message sequence counter values are generated using a 32-bit register (note E. Anti-replay counter, counter is 32 bits).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of the combination of Woo and Haga and the 32 bit anti-replay counter of Kurachi. It would have been obvious because a simple substitution of one known element (32 bit counter of Kurachi) for another (counter of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the message counters are 32 bit registers (Kurachi).

	The combination of Woo, Haga and Kurachi differs from the claimed invention in that they fail to teach:
	and the plurality of encryption keys comprises at least 255 encryption keys organized in a table.

	Rosenow teaches:
	and the plurality of encryption keys comprises at least 255 encryption keys organized in a table (note column 9, Tables 1 and 2, key tables include 255 encryption keys).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Woo, Haga and Kurachi and the 255 encryption key table of Rosenow. It would have been obvious because a simple substitution of one known element (255 encryption key table of Rosenow) for another (key storage of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs generate 255 session keys and store them in a table for encryption (Rosenow).

6.	Claims 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Woo and Haga as applied to claim 1 above, and further in view of Entelis et al. (U.S. Patent Application Publication 2022/0046114; hereafter “Entelis”).
	For claim 15, the combination of Woo and Haga differs from the claimed invention in that they fail to teach:
	wherein the first, second and third messages received from the first device at the second device are transmitted across a first channel and the second device is configured to transmit messages to the first device using a second channel that is discrete from the first channel and wherein the first and second devices are configured to perform independent rekeying operations for both the first channel and the second channel.

	Entelis teaches:
	wherein the first, second and third messages received from the first device at the second device are transmitted across a first channel and the second device is configured to transmit messages to the first device using a second channel that is discrete from the first channel and wherein the first and second devices are configured to perform independent rekeying operations for both the first channel and the second channel (note paragraph [0168], messages may be sent via unidirectional Secure Channels where each secure channel has its own security association using its own key).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of the combination of Woo and Haga and the unidirectional secure channels of Entelis. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of ECUs using a secure communication protocol (Woo) where messages are sent on a unidirectional secure channel where each channel between ECUs establishes its own key (Entelis).


	For claim 16, the combination of Woo, Haga and Entelis teaches claim 15, wherein the communications comprise sensor data pertaining to autonomous driving of the autonomous vehicle that are sent to the second device from the first device (note paragraphs [0118], [0123], [0180] and [0231] of Haga, ECU sensors send messages of sensor data for speed, distance keeping and collision avoidance).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the ECU secure message transmission of Woo and the ECU’s that perform secure message transmission in a vehicle with autonomous functions of Haga. It would have been obvious because a simple substitution of one known element (ECUs used in autonomous vehicle of Haga) for another (ECUs used in vehicle of Woo) would yield the predictable results of ECUs using a secure communication protocol (Woo) where the ECUs perform functions in an autonomous vehicle (Haga).

Conclusion
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Herzerg et al. (U.S. Patent Application Publication 2020/0007319) teaches secure ECU messages that including a counter (note Fig. 3).

Wang (U.S. Patent 9,705,678) teaches a method for authenticating ECU messages that uses a counter (note Abstract).

Prochaska et al. (U.S. Patent Application Publication 2012/0155645) teaches ECUs performing encrypted communication using a key table and key IDs (note paragraphs [0014] and [0017]).

8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/David J Pearson/Primary Examiner, Art Unit 2438