DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim 10 was amended by Preliminary amendment, claims 1-20 are pending. 
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. KR 10 2017 0122210, filed on 09/22/2017.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/23/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 10 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.   Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


The term in claim 17 “wherein the control unit is configured to encrypt a message the sender node intends to send….  ” is a term which renders the claim indefinite. Sender Node may send or may not send the encrypted message, thus it become ambiguous.  

Dependent claims 18-19  do not cure the deficiencies also rejected accordingly.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-7, 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Chittigala et al(US 20120254607 A1) in view of Soliman et al(US 7457411 B2).

With regards to claim 1, 10 Chittigala discloses, A communication method using a security key between nodes connected via a network or a bus, comprising:
 (a) setting a critical cluster among multiple nodes ([0022] Referring now to FIG. 2, a block diagram depicts functional software elements that support selective communication of encrypted and unencrypted information between computing nodes of a cluster. User interface 30 provides access to security module 32 to allow end user inputs for selection of a cluster security level. Note: when end user selects “high security” level its become critical); 
(b) selecting a primary message shared between the set critical clusters ([0009] More specifically, plural computing nodes communicate heartbeat packets and messages to form a cluster. A security module executing on one or more of the computing nodes selectively communicates predetermined of the information between the nodes in encrypted and unencrypted formats based upon predetermined conditions. For example, heartbeat packets between the computing nodes are always sent in an encrypted format while other messages are selectively sent in unencrypted formats… [0005] Each node runs a heartbeat daemon and exchanges messages called heartbeats to inform other nodes of its state. In the event of a failure, the heartbeat daemon on a back-up node initiates applications for failover.); and 
(c) encrypting a message using a key to enable communication between the critical clusters ([0008]; Computing nodes of a cluster selectively communicate some but not all information between each other in an encrypted format based upon one or more predetermined condition that balance cluster security with cluster performance.), 

Chittigala does not but Soliman teaches, 
wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block (col 6 line 35-55; Upon approval of the user's credentials by the CA, the CA starts a daemon related to the requesting user, and randomly selects an initial DAK, sending a copy to the user via a secure channel 12, for example, using the well-known RSA technique where the CA uses the user's public key to encrypt the newly generated DAK, hen the CA starts a daemon that permanently regenerates the DAK. Upon the reception of the initial DAK, the user starts a daemon in order to permanently regenerate the DAK. From that point forward, the user and CA randomly regenerate the next DAK every .delta.t period, 14, 15, based on the previous generated DAK and the auxiliary static key K.;  FIG 2 step 12,14, 15 and associated text;), and generates and possesses a new key based on the generated block and a currently used key, so that information about a previous message and a previous key is sequentially accumulated in the new key (FIG 3a and associated text; Note: K[1] is generate based on block  PV[1] hashed based generated block and DAK[1] dynamic authenticated key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Chittigala’s method with teaching of Soliman in order to provide a dynamic data encryption and node authentication method and system that distributes the complexity of the encryption algorithm over the dynamics of data exchange and involves full synchronization of encryption key regeneration at system nodes, independent of the node clocks (Soliman col1 line 20-30)

With regards to claim 2, Chittigala further discloses, wherein the step (a) comprises: setting a node related to a preset security function among the multiple nodes as the critical cluster (FIG 3 and associated text; [0022] Referring now to FIG. 2, a block diagram depicts functional software elements that support selective communication of encrypted and unencrypted information between computing nodes of a cluster. User interface 30 provides access to security module 32 to allow end user inputs for selection of a cluster security level. Note: when end user selects higher security level its become critical), setting a node located within a system among the multiple nodes as the critical cluster, or setting a node located within a system and a node that interacts with the node as the critical cluster.

With regards to claim 3, Chittigala further discloses, wherein the step (b) comprises: selecting, as the primary message, a message transmitted and received to/from a largest number of critical clusters among a set of messages transmitted and received between the set critical clusters ([0020]; In order to provide failover functionality, computing nodes 12 each include a heartbeat 20, which communicate heartbeat packets 22 between each other. Heartbeat packets as used herein means the heartbeat packets used by conventional clusters, such as High Availability Cluster Multi-Processing for AIX (HACMP) applications available from IBM Corporation or similar clustering applications. ).

With regards to claim 5, Chittigala further discloses, wherein the step (c) comprises: generating a message to send ([0008]; Computing nodes of a cluster selectively communicate some but not all information between each other in an encrypted format based upon one or more predetermined condition that balance cluster security with cluster performance) or verifying a received message using an encrypted message of a previous period stored in each of the critical clusters and a key pre-stored to be valid for a current period.

With regards to claim 6, Chittigala in view of Soliman discloses,  wherein the step (c) comprises: (c2) encrypting a message to send (Chittigala 0009] More specifically, plural computing nodes communicate heartbeat packets and messages to form a cluster.) and an encrypted message of a previous period using a key pre-stored to be valid for a current period to generate a new encrypted message (Soliman FIG 3, 4 and associated text; ); and (c3) attaching the generated new encrypted message to the message to send and sending to a receiver node (Chittigala 0009] More specifically, plural computing nodes communicate heartbeat packets and messages to form a cluster.). Motivation would be same as stated in claim 1. 

With regards to claim 7, wherein the step (c) further comprises: (c4) encrypting the message received by the receiver node and the stored encrypted message of the previous period using the stored key valid for the current period, and comparing with the received new encrypted message to verify security (Col 14 line 020 Referring to FIG. 17a, a diagram illustrates a method to validate data integrity of R data records at a source node. At the beginning of each predefined validation period, the DSK.sub.i.sup.t0 and PV.sub.i.sup.t0, where t.sub.0 is initialized first with zero, are buffered 316. At this point, all previously sent data records are considered to be valid at the destination node; the source and the destination have the same set of data records, and no intruder violated data integrity or injected extra cipher. After encrypting and sending R records (D.sub.i.sup.t0, D.sub.i.sup.t0+1, . . . , D.sub.i.sup.t0+R-1), the source encrypts again the data record D.sub.i.sup.t0+R-2 using PV.sub.i.sup.t0+R yielding a cipher C.sub.integrity, and sends it to the destination 318. Then the source waits to receive a cipher C'.sub.integrity from the destination, in order to verify that all dynamic keys, at the source and the destination nodes, are synchronized 320).

With regards to claim 9, Chittigala in view of Soliman discloses, (d) generating and possessing, by each of the critical clusters, the new key using the current key and the set of stored encrypted messages according to the same key generation scheme (col 6 line 35-55; Upon approval of the user's credentials by the CA, the CA starts a daemon related to the requesting user, and randomly selects an initial DAK, sending a copy to the user via a secure channel 12, for example, using the well-known RSA technique where the CA uses the user's public key to encrypt the newly generated DAK, hen the CA starts a daemon that permanently regenerates the DAK. Upon the reception of the initial DAK, the user starts a daemon in order to permanently regenerate the DAK. From that point forward, the user and CA randomly regenerate the next DAK every .delta.t period, col 9 line 55-65; Once the parties are synchronized, mutual authentication of DAKs is performed to ensure the parties indeed share the same DAK.  ), when message transmission and reception is repeated a preset number of times through the step (c) (FIG 10 104 and associated text; ). Motivation would be same as stated in claim 1.

Claims 11-13, 15-16, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang(US 9705678 B1) in view of Chittigala et al(US 20120254607 A1)  and further in view of Soliman et al(US 7457411 B2).

With regards to claim 11, Wang discloses,  A sender node that performs communication via a network or a bus, comprising: 
a nonvolatile memory to store a key generated to be valid for a preset period (Col 10 line 49-55; The memory 1012 preferably includes non-volatile memory, such as flash memory, and the non-volatile memory is used for storing information that is to be preserved from session to session, i.e., that should not be erased when the vehicle is inactive. In some embodiments, the memory 1012 includes read only memory (ROM), programmable read-only memory (PROM), or erasable programmable read-only memory (EPROM), which may be used for storing values that do not change from session to session, such as node identifiers 404, trust groups 1016 and/or keys 1018.) and an encrypted message (Col 2 line 15-20; In some embodiments, a vehicular system is provided. The system includes an electronic control unit configured to couple to a vehicular communication network or bus. The electronic control unit has a hash calculator, a message authentication code generator, and a memory configured to store a key and at least one hash value. ); 
a volatile memory having a storage space corresponding to a storage space of the nonvolatile memory, the volatile memory configured to read the key and the encrypted message stored in the nonvolatile memory, perform calculation or store a calculation result in the nonvolatile memory (col 6 line 5-20; At the initialization stage, a dealer's device is connected to the OBD-II port 108 to conduct a diagnostic session, during which the initial value of session number (i.e., zero), node IDs, and Kh are written to the specified locations on the flash memory of corresponding ECUs 102. Then, upon each start-up, these values can be directly read from the flash memory into the main memory.  Note: main memory is volatile(RAM)  where  key/node identifier taken from nonvolatile/flash memory for HMAC calculation); and 
a control unit to perform communication between clusters (FIG 1 and associated text;  Note: ECU to ECU communication or ECU to external device communication), 

Wang does not exclusively but Chittigala discloses, 
a control unit to perform encrypted communication between critical clusters,  wherein the control unit is configured to: select a primary message shared between the critical clusters, encrypt a message to send using a key and send to a receiver node among the critical clusters ([0009] More specifically, plural computing nodes communicate heartbeat packets and messages to form a cluster. A security module executing on one or more of the computing nodes selectively communicates predetermined of the information between the nodes in encrypted and unencrypted formats based upon predetermined conditions. For example, heartbeat packets between the computing nodes are always sent in an encrypted format while other messages are selectively sent in unencrypted formats… [0005] Each node runs a heartbeat daemon and exchanges messages called heartbeats to inform other nodes of its state. In the event of a failure, the heartbeat daemon on a back-up node initiates applications for failover.)), 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wang’s method with teaching of Chittigala in order to provide high availability of clusters nodes(Chittgala[0005])

Wang in view of Chittigala do not but Soliman teaches, 
encrypt a message to send using a key generated to be valid for a preset period from the primary message and send to a receiver node among (FIG 10 step 100 and associated text; FIG 2 step 12,14, 15 and associated text;)), and
 store the primary message for the preset period according to a same key generation scheme as the receiver node to generate a block (col 6 line 35-55; Upon approval of the user's credentials by the CA, the CA starts a daemon related to the requesting user, and randomly selects an initial DAK, sending a copy to the user via a secure channel 12, for example, using the well-known RSA technique where the CA uses the user's public key to encrypt the newly generated DAK, hen the CA starts a daemon that permanently regenerates the DAK. Upon the reception of the initial DAK, the user starts a daemon in order to permanently regenerate the DAK. From that point forward, the user and CA randomly regenerate the next DAK every .delta.t period, 14, 15, based on the previous generated DAK and the auxiliary static key K.;  FIG 2 step 12,14, 15 and associated text;), and 
generate and possess a new key based on the generated block and a currently used key, so that information about a previous message and a previous key is sequentially accumulated in the new key ((FIG 3a and associated text; Note: K[1] is generate based on block  PV[1] hashed based generated block and DAK[1] dynamic authenticated key).It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Wang in view of Chittigala’s method with teaching of Soliman in order to provide a dynamic data encryption and node authentication method and system that distributes the complexity of the encryption algorithm over the dynamics of data exchange and involves full synchronization of encryption key regeneration at system nodes, independent of the node clocks (Soliman col1 line 20-30).

With regards to claim 12, Wang in view of Chittigala and Soliman teaches, wherein the control unit generates the message to send using an encrypted message of a previous period stored in the nonvolatile memory and a key (Wang Col 6 line 42-64; When a node in the high-trust group 306 of FIG. 3 has a CAN message to transmit (referred to as data message), the node first sends the data message, and then sends an authentication message right after the data message. Nodes in the low-trust 304 group do not perform any authentication operations, in a sense that they do not send or verify any authentication messages. The format of the authentication message 402 is shown in FIG. 4. Each authentication message 402 contains 1-byte node ID (NID) 404, 2-byte message counter (MC) 406, 4-byte message authentication code (MAC) 408, and 1-byte authentication marker (OxFF) 410. The authentication marker 410 is used together with NID 404 and MC 406 to help the receiver verify this is a follow-up authentication message 402. The calculation of MAC 408 is as follows in equation 1 (Eqn 1) ; col 9 line 39 to col 10 line 9;  ) and a key pre-stored to be valid for a current period (Soliman col 2 line 5-10; This issue is addressed by the use of multiple session keys that are exchanged periodically.).  Motivation would be same as stated in claim 11.

Claim 13 is substantially similar to claim 6, also rejected accordingly.

Claim 15, 20 are substantially similar to claim 9, also rejected accordingly.

Claims 16 is a receiver node substantially similar to sender node of claim 11 also rejected accordingly.

Allowable Subject Matter
Claims 4, 8, 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498