DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.    	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
2.    	Claims 1-20 are pending. Claims 1 and 11 are in independent forms. 

Information Disclosure Statement
3.    	The information disclosure statements (I DS's) submitted on 03/17/2021 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
4.    	The drawings filed on 03/17/2021 are accepted by the examiner.

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
	A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not 	identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior 	art are such that the claimed invention as a whole would have been obvious before the effective filing date of 	the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. 	Patentability shall not be negated by the manner in which the invention                                                                                                                                       

6.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kulkarni et al. US Patent Application Publication No. 2021/0288801 (hereinafter Kulkarni) in view of Figueira US Patent Application Publication No. 2017/0034167 (hereinafter Figueira) .

	Regarding claim 1, Kulkarni discloses a system, comprising a computer including a processor (Fig. 1, PC 12) and a memory (par. 0024, The PC 12 has diagnostics software that makes an RP1210 ClientConnect function call to load the memory with the proper functions and addresses), the memory storing instructions executable by the processor to: 
	“monitor an onboard communication network of a vehicle to detect a plurality of available messages that include respective cipher-based message authentication codes (CMAC) and that were identified as eligible messages based on having an information entropy greater than a specified threshold” (see Kulkarni pars. 0068-0069, Each CAN Conditioner 64a, 64b, 64c, 64d both monitors and filters the traffic going into and out of a node on a J1939 network. The device calculates a Cryptographic Message Authentication Code (CMAC) according to RFC 4493 (https://tools.ietf.org/html/rfc4493). Each session key is tied to a node and a source address. Since each node has a unique source address, the secure gateway module 48 can calculate the CMAC and keep track of the traffic from each node. This CMAC message acts as a heartbeat indicator for the secure gateway module 48 to verify healthy node behavior and unaltered messaging. Each CAN conditioner 64a, 64b, 64c, 64d is also further able to be able to perform authenticated symmetric encryption of messages at 100% bus load and uses a high entropy random number generator for cryptographic operations);
	“select a first message from the plurality of available messages” (see Kulkarni par. 0081, When messages are transmitted from the respective ECUs 14 to the CAN conditioner 64a, 64b, 64c, 64d only messages with the correct J1939 source address(es) (SA) and appropriate PGNs will be allowed out of the ECUs 14. If a message is determined to not be on the whitelist, the CAN conditioner 64a, 64b, 64c. 64d will drop the message and transmit an imposter alerts (i.e., an imposter PG alter on J1939). The CAN conditioner 64a, 64b, 64c, 64d will also transmit a DM1 message with SPN 10841 and FMI 12 on J1939. The CAN conditioner 64a, 64b, 64c, 64d also ensures message timing for each allowable ID that is maintained); 
	“input the CMAC of the selected message into (Kulkarni in par. 0063 discloses The pack message 56 includes a first message and a second message that add up to 16 bytes, which are the packed plaintext messages. The counter and the CRC values are generated/computed by the sending node to help keep the communication in-sync and provide an additional layer of security. The IV and the key are used to encrypt the 16-byte plaintext to obtain the 16-byte cipher message shown in two blocks of an encrypted CAN message 52, 53) but Kulkarni does not explicitly discloses a random number generator that outputs a random number seeded by the CMAC; then output the random number. 
	However, in analogues art, Figueira discloses a random number generator that outputs a random number seeded by the CMAC (see Figueira Abstract a dynamic computer communication security encryption method or system using an initial seed key and multiple random number generators of a specific design, whereby a sequence of independent random entropy values is produced by one set of random number generators and encrypted along with the message stream using the initial seed key, or the output of a second set of random number generators initialized with the initial seed key, and following the subsequent transmission of the variable encrypted entropy/message block, the entropy values are used to symmetrically or identically augment or increase the current uncertainty or entropy of the cryptosystem at both the sender and the receiver, prior to the next encryption block operation); and then output the random number (see Figueira par. 0007, transmit random entropy updates which are used to perpetually augment the entropy or uncertainty of the cryptosystem mechanics, variables, configuration, state or the composition of the random number generators used to generate the required random number outputs).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
	
	Regarding claim 3, Kulkarni in view of Figueira discloses the system of claim 1, 
 	Kulkarni further discloses wherein the instructions further include instructions to maintain a list of the eligible messages on the vehicle communication network, and to incrementally select the first message from the list (see Kulkarni par. 0071, All incoming messages on the CAN bus 22 and outgoing messages from the ECUs 14 must go through the respective CAN conditioner 64a, 64b, 64c, 64d. The CAN conditioner 64a, 64b, 64c, 64d compares each incoming or outgoing message an allow/block lists to mitigate spoofing attacks. If an incoming message to a node associated with one of the ECUs 14 is on the block list, then the CAN conditioner 64a, 64b, 64c, 64d does not forward the message to the respective ECUs 14).  

	Regarding claim 4, Kulkarni in view of Figueira discloses the system of claim 3, 
 	Figueira further discloses wherein the instructions further include instructions to remove messages from the list after a predetermined time (see Figueira pars. 0036, 0073 A further object of the current invention is to simultaneously super-encrypt the combined data transmissions and entropy updates within a variable length message package, thereby using the RNG synchronization updates to “pollute” or “contaminate” the resulting cipher-text sequence for the message, making the cryptosystem resistant to linear and differential cryptanalysis, and removing the assumption that a message was even sent). 
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).

	Regarding claim 5, Kulkarni in view of Figueira discloses the system of claim 1, 
 	Kulkarni further discloses wherein the instructions further include instructions to maintain a list of the eligible messages on the vehicle communication network, and to select the first message from on the list based on a previous random number (see Kulkarni par. 0035, The filtering module 58 of the secure gateway module 48 functions to transfer raw messages downstream (i.e., from the diagnostic adapter 24 to the ECUs 14) and upstream (i.e., from the ECUs 14 to the diagnostic adapter 24). The filter module 58 monitors for illegitimate message and events and then blocks them when found. The filter module 58 also acts upon certain events occurring in the CAN bus 22, such as bus off, bus warning, and channel initialization events. The filter module also can interact with and command the logger module 60 to overwrite exiting messages, record baud rate, flooding, and timing reasonableness of the vehicle diagnostic communication system 10. Lastly the filter module 58 functions to drop all messages that do not pass integrity checks). 

	Regarding claim 6, Kulkarni in view of Figueira discloses the system of claim 5, 
 	Figueira further discloses wherein the instructions further include instructions to remove messages from the list after a predetermined time (see Figueira pars. 0036, 0073 A further object of the current invention is to simultaneously super-encrypt the combined data transmissions and entropy updates within a variable length message package, thereby using the RNG synchronization updates to “pollute” or “contaminate” the resulting cipher-text sequence for the message, making the cryptosystem resistant to linear and differential cryptanalysis, and removing the assumption that a message was even sent). 
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
 
	Regarding claim 7, Kulkarni in view of Figueira discloses the system of claim 1, 
 	Kulkarni further discloses wherein the random number is input to an application for a security function (see Kulkarni par. 0069, Each CAN conditioner 64a, 64b, 64c, 64d is able to securely store a private asymmetric key and a certificate for a root of trust and produce and use random ephemeral keys for each session of use. Each CAN conditioner 64a, 64b, 64c, 64d is also further able to be able to perform authenticated symmetric encryption of messages at 100% bus load and uses a high entropy random number generator for cryptographic operations. Each CAN conditioner 64a, 64b, 64c, 64d is also capable of storing a whitelist of certificates with public keys for authorized diagnostic sessions (i.e., certificate pinning) and an updatable black-list of public keys to handle certificate revocation locally, as well as automatically update the whitelist and black list through a diagnostics utility). 

	Regarding claim 8, Kulkarni in view of Figueira discloses the system of claim 1, 
 	Figueira further discloses wherein the instructions further include instructions to select the first message based on receiving a request for a random number (see Figueira par. 0022, multiple RNGs are deployed at both the sending and receiving stations or entities (may be users, machines, network devices, groups etc.) in that some RNGs are used to generate a sequence of random entropy values, which are mixed with message sequences, and communicated in an encrypted format, and are then used to alter the deterministic mechanics of the cryptosystem or it's RNGs in a probabilistic manner without actually communicating any keys, but merely the means of key generation).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
  
	Regarding claim 9, Kulkarni in view of Figueira discloses the system of claim 8, 
 	Kulkarni further discloses wherein the instructions further include instructions to select, as the first message, a most recent available message detected on the onboard communication network after receiving the request (see Kulkarni par. 0071, All incoming messages on the CAN bus 22 and outgoing messages from the ECUs 14 must go through the respective CAN conditioner 64a, 64b, 64c, 64d. The CAN conditioner 64a, 64b, 64c, 64d compares each incoming or outgoing message an allow/block lists to mitigate spoofing attacks. If an incoming message to a node associated with one of the ECUs 14 is on the block list, then the CAN conditioner 64a, 64b, 64c, 64d does not forward the message to the respective ECUs 14).  

	Regarding claim 10, Kulkarni in view of Figueira discloses the system of claim 8, 
 	Kulkarni further discloses wherein the instructions further include instructions to select, as the first message, a next available message detected on the onboard communication network after receiving the request (see Kulkarni par. 0070, If a CMAC fails to match, the secure gateway module 48 informs the network using the J1939 Diagnostic Message #1 and a message using the J1939 defined Impostor PG Alert parameter group. Results show the IDS 28 can detect alteration of a message or an impersonated message).  

	Regarding claim 11, Kulkarni discloses a method, comprising: 
	“monitoring an onboard communication network of a vehicle to detect a plurality of available messages that include respective cipher-based message authentication codes (CMAC) and that were identified as eligible messages based on having an information entropy greater than a specified threshold” (see Kulkarni pars. 0068-0069, Each CAN Conditioner 64a, 64b, 64c, 64d both monitors and filters the traffic going into and out of a node on a J1939 network. The device calculates a Cryptographic Message Authentication Code (CMAC) according to RFC 4493 (https://tools.ietf.org/html/rfc4493). Each session key is tied to a node and a source address. Since each node has a unique source address, the secure gateway module 48 can calculate the CMAC and keep track of the traffic from each node. This CMAC message acts as a heartbeat indicator for the secure gateway module 48 to verify healthy node behavior and unaltered messaging. Each CAN conditioner 64a, 64b, 64c, 64d is also further able to be able to perform authenticated symmetric encryption of messages at 100% bus load and uses a high entropy random number generator for cryptographic operations);
	“selecting a first message from the plurality of available messages” (see Kulkarni par. 0081, When messages are transmitted from the respective ECUs 14 to the CAN conditioner 64a, 64b, 64c, 64d only messages with the correct J1939 source address(es) (SA) and appropriate PGNs will be allowed out of the ECUs 14. If a message is determined to not be on the whitelist, the CAN conditioner 64a, 64b, 64c. 64d will drop the message and transmit an imposter alerts (i.e., an imposter PG alter on J1939). The CAN conditioner 64a, 64b, 64c, 64d will also transmit a DM1 message with SPN 10841 and FMI 12 on J1939. The CAN conditioner 64a, 64b, 64c, 64d also ensures message timing for each allowable ID that is maintained); 
 	 “inputting the CMAC of the selected message into (Kulkarni in par. 0063 discloses The pack message 56 includes a first message and a second message that add up to 16 bytes, which are the packed plaintext messages. The counter and the CRC values are generated/computed by the sending node to help keep the communication in-sync and provide an additional layer of security. The IV and the key are used to encrypt the 16-byte plaintext to obtain the 16-byte cipher message shown in two blocks of an encrypted CAN message 52, 53) but Kulkarni does not explicitly discloses a random number generator that outputs a random number seeded by the CMAC; then outputting the random number. 
	However, in analogues art, Figueira discloses a random number generator that outputs a random number seeded by the CMAC (see Figueira Abstract a dynamic computer communication security encryption method or system using an initial seed key and multiple random number generators of a specific design, whereby a sequence of independent random entropy values is produced by one set of random number generators and encrypted along with the message stream using the initial seed key, or the output of a second set of random number generators initialized with the initial seed key, and following the subsequent transmission of the variable encrypted entropy/message block, the entropy values are used to symmetrically or identically augment or increase the current uncertainty or entropy of the cryptosystem at both the sender and the receiver, prior to the next encryption block operation); and then output the random number (see Figueira par. 0007, transmit random entropy updates which are used to perpetually augment the entropy or uncertainty of the cryptosystem mechanics, variables, configuration, state or the composition of the random number generators used to generate the required random number outputs).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
 	
	Regarding claim 13, Kulkarni in view of Figueira discloses the method of claim 11, 
	 Kulkarni further discloses maintaining a list of the eligible messages on the vehicle communication network, and incrementally selecting the first message from the list (see Kulkarni par. 0071, All incoming messages on the CAN bus 22 and outgoing messages from the ECUs 14 must go through the respective CAN conditioner 64a, 64b, 64c, 64d. The CAN conditioner 64a, 64b, 64c, 64d compares each incoming or outgoing message an allow/block lists to mitigate spoofing attacks. If an incoming message to a node associated with one of the ECUs 14 is on the block list, then the CAN conditioner 64a, 64b, 64c, 64d does not forward the message to the respective ECUs 14).  
  
	Regarding claim 14, Kulkarni in view of Figueira discloses the method of claim 13, 
	 Figueira further discloses removing messages from the list after a predetermined time (see Figueira pars. 0036, 0073 A further object of the current invention is to simultaneously super-encrypt the combined data transmissions and entropy updates within a variable length message package, thereby using the RNG synchronization updates to “pollute” or “contaminate” the resulting cipher-text sequence for the message, making the cryptosystem resistant to linear and differential cryptanalysis, and removing the assumption that a message was even sent). 
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
  
	Regarding claim 15, Kulkarni in view of Figueira discloses the method of claim 11, 
	Kulkarni further discloses maintaining a list of the eligible messages on the vehicle communication network, and selecting the eligible message from on the list based on a previous random number (see Kulkarni par. 0035, The filtering module 58 of the secure gateway module 48 functions to transfer raw messages downstream (i.e., from the diagnostic adapter 24 to the ECUs 14) and upstream (i.e., from the ECUs 14 to the diagnostic adapter 24). The filter module 58 monitors for illegitimate message and events and then blocks them when found. The filter module 58 also acts upon certain events occurring in the CAN bus 22, such as bus off, bus warning, and channel initialization events. The filter module also can interact with and command the logger module 60 to overwrite exiting messages, record baud rate, flooding, and timing reasonableness of the vehicle diagnostic communication system 10. Lastly the filter module 58 functions to drop all messages that do not pass integrity checks). 
  
	Regarding claim 16, Kulkarni in view of Figueira discloses the method of claim 15, 
	 Figueira further discloses removing messages from the list after a predetermined time (see Figueira pars. 0036, 0073 A further object of the current invention is to simultaneously super-encrypt the combined data transmissions and entropy updates within a variable length message package, thereby using the RNG synchronization updates to “pollute” or “contaminate” the resulting cipher-text sequence for the message, making the cryptosystem resistant to linear and differential cryptanalysis, and removing the assumption that a message was even sent). 
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
  	
	Regarding claim 17, Kulkarni in view of Figueira discloses the method of claim 11, 
	 Kulkarni further discloses wherein the random number is input to an application for a security function (see Kulkarni par. 0069, Each CAN conditioner 64a, 64b, 64c, 64d is able to securely store a private asymmetric key and a certificate for a root of trust and produce and use random ephemeral keys for each session of use. Each CAN conditioner 64a, 64b, 64c, 64d is also further able to be able to perform authenticated symmetric encryption of messages at 100% bus load and uses a high entropy random number generator for cryptographic operations. Each CAN conditioner 64a, 64b, 64c, 64d is also capable of storing a whitelist of certificates with public keys for authorized diagnostic sessions (i.e., certificate pinning) and an updatable black-list of public keys to handle certificate revocation locally, as well as automatically update the whitelist and black list through a diagnostics utility). 
  
	Regarding claim 18, Kulkarni in view of Figueira discloses the method of claim 11, 
	 Figueira further discloses selecting the message based on receiving a request for a random number (see Figueira par. 0022, multiple RNGs are deployed at both the sending and receiving stations or entities (may be users, machines, network devices, groups etc.) in that some RNGs are used to generate a sequence of random entropy values, which are mixed with message sequences, and communicated in an encrypted format, and are then used to alter the deterministic mechanics of the cryptosystem or it's RNGs in a probabilistic manner without actually communicating any keys, but merely the means of key generation).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Figueira into the system of Kulkarni to include a PRNGs use small seed or initialization values, there is a cryptographic quality issue in that that the entropy of the output number sequences with a PRNG is limited to the entropy of the input seed entropy (see Figueira par. 0018).
 	
	Regarding claim 19, Kulkarni in view of Figueira discloses the method of claim 18, 
	 Kulkarni further discloses selecting, as the first message, a most recent available message detected on the onboard communication network after receiving the request (see Kulkarni par. 0071, All incoming messages on the CAN bus 22 and outgoing messages from the ECUs 14 must go through the respective CAN conditioner 64a, 64b, 64c, 64d. The CAN conditioner 64a, 64b, 64c, 64d compares each incoming or outgoing message an allow/block lists to mitigate spoofing attacks. If an incoming message to a node associated with one of the ECUs 14 is on the block list, then the CAN conditioner 64a, 64b, 64c, 64d does not forward the message to the respective ECUs 14).  
 
	Regarding claim 20, Kulkarni in view of Figueira discloses the method of claim 18, 
	 Kulkarni further discloses selecting, as the first message, a next available message detected on the onboard communication network after receiving the request (see Kulkarni par. 0070, If a CMAC fails to match, the secure gateway module 48 informs the network using the J1939 Diagnostic Message #1 and a message using the J1939 defined Impostor PG Alert parameter group. Results show the IDS 28 can detect alteration of a message or an impersonated message).

Allowable Subject Matter
7.	Claims 2 and 12 are objected to as being dependent upon a rejected base claim, but would be allowable if re written in independent form including all of the limitations of the base claim and any intervening claims.	                                                                                                                                                                                   	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Naim et al. (2016/0330032): discloses A method of transmitting data within a vehicle includes: storing two copies of a data message; constructing at an electronic control unit (ECU) a serial bus message that includes one copy of the data message and a message authentication code (MAC) created using a secret key stored at the ECU, a MAC algorithm, and a different copy of the data message; transmitting the serial bus message to a receiving ECU over a vehicle bus; authenticating the serial bus message at the receiving ECU using a copy of the key stored at the receiving ECU by creating a copy of the MAC from the data message included in the serial bus message and the copy of the key; comparing the MAC from the serial bus message with the copy of the MAC created at the receiving ECU; and rejecting or accepting the data message based on the comparison.
Oshida (2016/0255065): Devices between which packets are transmitted and received include mutually corresponding packet counters. The same random number value is given to the packet counters as their initial values and the packet counters are updated with packet transmission/reception. The transmission-side device generates a MAC value, draws out part thereof on the basis of a counted value of its own packet counter, sets it as a divided MAC value, generates a packet by adding the value to a message and transmits the packet onto a network. The reception-side device generates a MAC value on the basis of the message in the received packet, draws out part thereof on the basis of a counted value of its own packet counter, compares the part with the divided MAC value in the received packet and thereby performs message authentication. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SAMUEL AMBAYE/Examiner, Art Unit 2433              

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433