DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on 10/20/2022.
Claims 1-20 are pending for consideration.

Response to Amendment
This office action is in response to the amendment filed on 10/20/2022.
Claim 20 is amended.
Claims 1-20 are pending in the application.
The objection to claim 20 is withdrawn because the amended claim overcomes the objection.
The 112 rejections against claim 20 are withdrawn because the amended claim overcomes the rejections.

Response to Applicant’s Arguments
35 USC §103 Rejections	The Applicant’s arguments in the Remarks filed on 10/20/2022
	Claims 1-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Cheng; Yueqiang et al. (US 20210173917 A1, hereinafter Cheng) in view of LEE; Jun Ha et al. (US 20200366479 A1, hereinafter Lee) in the office action dated 07/20/2022.	Near the bottom of page 1 of the Remarks, the Applicant argues that the cited references do not teach the limitations of claim 1.  Specifically,	Starting at the second paragraph of page 2 of the Remarks, the Applicant argues, “Cheng fails to describe or suggest generating one or more encryption keys by hashing the session key with an identifier based on a cycle time, as recited in claim 1. It is first pointed out that Cheng describes generating the session key by a hash function of first random nonce nc and a second random nonce ns. Cheng, at Paragraph [0116]. Thus, the session key itself is generated by hashing the random nonces nc and ns. Claim 1 recites generating the encryption keys by hashing the session key with an identifier based on a cycle time. The present claims recite two layers of security: first, generating the session key that includes a shared secret key and second, generating encryption keys by hashing the session key with an identifier based on a cycle time. Cheng only describes the single layer of security generating the session key based on the random nonces nc and ns, and thus fails to describe or suggest claim 1.”, starting at near the bottom of page 2 of the Remarks, the Applicant argues, “Cheng does not describe or suggest the encryption keys being generated based on an identifier based on a cycle time. Examiner argues that this is described in Paragraph [0122]. Office Action, page 6-7. However, Cheng describes verifying "a freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time." Cheng, Paragraph [0122]. Cheng describes monitoring how old the nonce is and not using the nonce if it is generated outside of a predetermined period of time. This is not the same as hashing the session key with an identifier based on a cycle time. By hashing the session key with the identifier based on the cycle time, there is an added layer of security in that the system must have the positively recited identifier based on the cycle time, rather than simply evaluating the age of the signal, as described in Cheng. Cheng fails to describe or suggest generating one or more encryption keys by hashing the session key with an identifier based on a cycle time, as recited in claim 1.”	The Examiner respectfully disagrees.  Cheng teaches that the session key is generated for based on a predetermined period of time, and if a session expired, a new session key is generated (Cheng, ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed). As a result, the session key is generated based on cycle time.  According to the instant specification, “the cycle time may be a time-based cycle time, and a new encryption key may be generated every interval of time associated with the cycle time (e.g., every minute, every five minutes, every hour, or the like).”  Cheng’s teaching is consistent with the instant specification with regard to the cycle time.	Cheng teaches the generation of a session key to encrypt and decrypt messages (Cheng ¶47, The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; see also Cheng ¶118). As a result, Cheng teaches the generation of the encryption key.  Cheng further discloses in para. 47 that to generate the session key, a request to create a session key is sent from the host to the accelerator along with the first nonce.  The first nonce corresponds to the session key of the claimed invention.  Since the first nonce is sent from the host to the accelerator, the first nonce is a shared. The session key of Cheng is produced by hashing the first and the second nonce (see Cheng ¶116). The second nonce corresponds to the identifier.  Although Cheng does not recite the names (session key, first nonce, second nonce) the same as that of the claimed invention, Cheng teaches elements and steps that are equivalent (encryption key, session key, identifier), and would work as well.  Therefore, it would have been obvious to an ordinary skill in the art that Cheng teaches the disputed limitation by a simple substitution of known elements using known method, as disclosed above that would produce predictable result. In conclusion, Cheng teaches the disputed limitation.		The Applicant argues, near the top of page 3 of the Remarks, “Cheng fails to describe an off-board communication system, as recited in claim 1. Examiner seems to argue that the DP accelerator functions as an off-board communication system since it is a separate device than the host channel manager (HCM). Applicant disagrees. The claims recite an onboard communication system disposed onboard a vehicle system, as well as the off-board communication system. Thus, the claims make clear that the off-board communication system is not simply a system that is separate from the onboard system, but rather is a communication system off-board a vehicle system. Thus, Cheng does not describe or suggest the off-board communication system recited in claim 1.”	The Examiner fully consider the Applicant’s argument, but the Examiner respectfully disagrees.  The claim requires “an onboard communication system”, and then it requires the “onboard communication system” to be configured to be disposed onboard a vehicle system.  These two words onboards are not the same nor recited to be the same.  They are separated.  According to the instant specification, the specification does not set forth the definition of the term onboard, nor set forth a definition that “onboard” used for the system is the same as “onboard” used within a vehicle.  The Examiner uses BRI, and according to Google, “onboard” can be understood as “onboard is a term used to describe a hardware component embedded into a circuit board. With a computer, onboard often refers to a device, like a sound card, network card, GPU (graphics processing unit), or WLAN, integrated onto the motherboard. Unlike expansion cards, users cannot remove these components from their computer.”  The claim further does not recite “off-board communication system” is with respect to the onboard communication system or with the vehicle.  The instant specification also indicates, “Secure communication may occur between two systems, such as between a vehicle system and an off-board control system, between two or more vehicles such as in two different vehicle systems, between a vehicle and another wayside device, or the like.”. The Examiner would emphasis the part of communication between two vehicles, where the off-board would appear to be in another vehicle. As a result, only by way of example, not set forth as a definition, an off-board system can be onboard system of another vehicle.  When not clearly defined in the specification, and not recited in the claim, the Applicant’s assertion regarding “off-board communication system” with respect to a vehicle is not persuasive.  Furthermore, the claimed limitations do not prevent the system from working where the location of “off-board communication system” location would prevent it from working.    When combined with the instant specification, even for the sake of argument that the term “off-board” would means off-board of the vehicle as the Applicant argues, there is nothing in the claim that would prevent the it from working when moving onto the vehicle or another vehicle.  For example, when the off-board system is a wireless laptop (which may or may not be further controlled elsewhere), would the same laptop by merely carried onto the vehicle, would no longer infringe on the claimed invention? As a result, the “off-board” limitation is merely intended use.  In conclusion, the Applicant’s argument is not persuasive that the claim recites the “off-board” is off of “a vehicle”.	With regard to Cheng, Cheng teaches that the accelerator can be wirelessly communicated with the host.  See fig. 32 of Cheng below:
    PNG
    media_image1.png
    742
    1072
    media_image1.png
    Greyscale

Cheng discloses in para. 190 regarding this disclosure, where processing modules 1528 can be the host or the accelerator, and they can communicate over a wireless network (element 1505 above).  Therefore, the accelerator is not integrated into the host device or the host motherboard.  As a result, the Examiner asserts that Cheng teaches the “off-board communication system”.	The Applicant also fails to consider Lee, who also teaches the off-board communication system.  Lee teaches a network of distributed system, where Lee discloses “[0002] A control based system, for example, a vehicle and a drone, is a distributed system in which small computers communicate with one other. Recently, with the increasing number and complexity of functions of the control based system, for example, vehicles and drones, a network of the system is in the form of a bus that is easy to transmit data.”  Lee also teaches the communication between a node in a system and an external node (¶1 of Lee, communication between nodes constituting a network within system or between a node on a network within system and an external node that interacts with the node and transmits and receives the encryption key).  Lee further discloses the Network is not limited to inside world (Lee, ¶4, the system network is exposed to the outside world, and thus greater emphasis is placed on the need for security).  The nodes are part of clusters on the network.  Lee does not limit the nodes to be part of the clusters that only is inside the vehicle.  One of ordinary skilled would not reasonably limited to such scenario, or have reason to indicate Lee’s teaching only limited to that scenario, although Lee’s teaching can work in that particular scenario also.	As a result, the Examiner asserts that the cited references teaches the disputed limitations of the claimed invention.
Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. § 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. § 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.	Regarding independent claims 1, 10 and 19, the claims recite “an off-board communication system”.  The claims also recite “an onboard communication system configured to be disposed onboard a vehicle system” in claim 1, “an onboard communication system, … the onboard communication system disposed onboard a vehicle system” in claim 10, and “an onboard communication system … the onboard communication system being disposed onboard a vehicle system”.  It is not clear it the off-board communication system is “off” with respect to the onboard communication system, or with the vehicle, or with something else. 	Regarding dependent claims 2-9, 11-18 and 20, the claims are rejected for the same reasons as that of the independent claims 1, 10 and 19, respectively, because they do not resolve the deficiency recited by the independent claims 1, 10 and 19, respectively.	For the purpose of prior art examination, the “off-board communication system” is interpreted as a communication system that is not integrated with the onboard system.	Appropriate corrections are required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Cheng; Yueqiang et al. (US 20210173917 A1, hereinafter Cheng) in view of LEE; Jun Ha et al. (US 20200366479 A1, hereinafter Lee).
	Regarding claim 1, Cheng teaches a system comprising:
	an onboard communication system ¶6, a host system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor; fig. 1 element 104), the one or more processors configured to:
	generate a session key that includes a shared secret key that is known by the onboard communication system and an off-board communication system (¶47, a system generates a first nonce (nc) at the host system the system transmits a request to create a session key from the host system to the DP accelerator, the request including a host public key (PK_O) and the first nonce [Examiner remark: first nonce as the session key, the host system corresponds to the onboard communication system, the DP accelerator corresponds to the off-board communication system];  [0116], HCM 901 generates a first random nonce (nc), HCM 901 sends a command “CM_generate session key”, and the nonce nc to ACM 915. At operation 1557, upon receiving the “CM_generate session key” command, ACM 915 generates a second random nonce (ns); see also ¶118; see fig. 32,

    PNG
    media_image1.png
    742
    1072
    media_image1.png
    Greyscale

; [0190], Processing module/unit/logic 1528 may represent any of the components described above, such as, for example, host server 104 of FIG. 2, runtime libraries 205 of FIG. 2, DP accelerator 405 of FIG. 4, IO manager 401 or IO interface 415 of FIG. 4, HCM 901 or ACM 915 of FIGS. 9 and 14, and MM 1701 of FIG. 17, security unit 1020 and time unit 2003 of FIG. 20, as described above. Processing module/unit/logic 1528 may further be transmitted or received over a network via network interface device 1505 [Examiner remark: please note that element 1505 can have a wireless transceiver]; see also ¶57-¶58; fig. 15-fig. 16B; see also fig. 9, fig. 17 and fig. 20);
	generate one or more encryption keys by hashing the session key with an identifier based on a cycle time (¶47, a system generates a first nonce (nc) at the host system, the system transmits a request to create a session key from the host system to the DP accelerator, the request including a host public key (PK_O) and the first nonce. The system receives a second nonce (ns) from the DP accelerator [Examiner remark: the second nonce corresponds to the identifier], where the second nonce is encrypted using the host public key and a temporary private key (SK_d) corresponding to the temporary public key. The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; see also [0117]; ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng [0140], request time unit 2003 to generate a timestamp on a per need basis. The timestamp can then be used by security unit 1020 to time stamp cryptographic key authentications, key generations, and/or key expirations. For example, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed or a renewal authorization is obtained through a user application; see also ¶119; see also fig. 9, fig. 17 and fig. 20; [Examiner remark: Cheng discloses that to generate the session, a request to create a session is sent from the host to the accelerator along with the first nonce.  As a result, the session key that is used to encrypt and decrypt messages corresponds to the one or more encryption keys of the claimed invention.  The first nonce corresponds to the session key of the claimed invention and the second nonce corresponds to the identifier.  Although Cheng does not recite the names the same as claimed invention, Cheng teaches elements and steps that are equivalent, and would work as well.  One would find it obvious to derive at the limitation of the claimed invention by performing simple substitution of the first nonce with the claimed session key, second nonce with the identifier and the resulted hash of these two nonce would produce the encryption key, and therefore produce a predictable result]);
	generate one or more encrypted messages by encrypting one or more messages ¶47, The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶116, the session key is then used to encrypt and decrypt data exchanged between ACM 915 and HCM 901; ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; see also fig. 9, fig. 17 and fig. 20); and
	communicate the one or more encrypted messages from the onboard communication system to the off-board communication system (¶47, The system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶116, the session key is then used to encrypt and decrypt data exchanged between ACM 915 and HCM 901; ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; see also fig. 9, fig. 17 and fig. 20).	Although Cheng’s system is readily applied onto an onboard vehicle system and offboard communication system, and Cheng teaches the expiration of session based on time period using timestamp to determine freshness of a session (Cheng ¶53, ¶56, and ¶122), Cheng does not explicitly disclose the following limitations that Lee teaches:
	an onboard communication system configured to be disposed onboard a vehicle system (Lee abstract, communication method using a security key between nodes connected via a network or a bus includes setting a critical cluster among multiple nodes, selecting a primary message shared between the set critical clusters, and encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key;  [0002] A control based system, for example, a vehicle and a drone, is a distributed system in which small computers communicate with one other; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶62, the system (for example, a vehicle or a drone); see also ¶4; ¶83);	the cycle time is known by the onboard communication and the off-board communication system (Lee abstract, communication method using a security key between nodes connected via a network … encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key; ; ¶1, performs encrypted communication via a network or a bus, and more particularly, to a node that generates an encryption key for ensuring secure communication between nodes constituting a network within system or between a node on a network within system and an external node that interacts with the node and transmits and receives the encryption key, a method for communication between nodes and a recording medium having the method recorded thereon; [0002] A control based system, for example, a vehicle and a drone; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; [0004], the system network is exposed to the outside world, and thus greater emphasis is placed on the need for security. Accordingly, there is a need for technology to identify a message sent by an unauthorized node accessing the network of the system; [0007], a communication method using a security key between nodes connected via a network or a bus according to an embodiment of the present disclosure includes (a) setting a critical cluster among multiple nodes; see also ¶89-¶107); and	encrypting one or more messages associated with one or more of the vehicle system or a route over which the vehicle system is configured to move (Lee abstract, encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters; ¶1, performs encrypted communication via a network or a bus, and more particularly, to a node that generates an encryption key for ensuring secure communication between nodes constituting a network within system or between a node on a network within system and an external node that interacts with the node and transmits and receives the encryption key, a method for communication between nodes and a recording medium having the method recorded thereon; [0002] A control based system, for example, a vehicle and a drone; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; [0004], the system network is exposed to the outside world, and thus greater emphasis is placed on the need for security. Accordingly, there is a need for technology to identify a message sent by an unauthorized node accessing the network of the system; [0007], a communication method using a security key between nodes connected via a network or a bus according to an embodiment of the present disclosure includes (a) setting a critical cluster among multiple nodes; see also ¶19, ¶56-¶62; ¶78-¶83).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones that has known cycle time between the clusters, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
Regarding claim 2, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate each of the one or more encryption keys by hashing the session key with a different identifier based on the cycle time (Cheng ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; Cheng ¶118, processing logic generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; ¶117, HCM 901 verifies a freshness of the session key by verifying random nonce nc is indeed identical to a copy of the random nonce nc originally generated by HCM 901; [0140], timestamp can then be used by security unit 1020 to time stamp cryptographic key authentications, key generations, and/or key expirations. For example, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶53, ¶57-¶58).

	Regarding claim 3, Cheng in view of Lee teaches the system of claim 1, wherein the cycle time is based on one or more of a time (Cheng ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng ¶56, the timestamp is further to determine whether the session key has expired, in which a new session key is to be generated; Cheng ¶136, time unit 2003 may be a standalone unit; ¶137, security unit 1020 requires a secure time source to keep track when cryptographic keys have been authenticated or when a session key has expired; ¶140, a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; ¶139, clock calibrator 2109 initially calibrates the clock generation signal to match an external source (e.g., an atomic clock) at a manufacturing phase of the DP accelerator; Lee ¶2-¶4, ¶62, ¶83).	Although Cheng disclose the checking of the session based on a pre-determined period and timestamp, and the timestamp generated by time unit is used to check on freshness of the session shared by the host and the accelerator, Cheng does not clearly state that the host has the time synchronized with the accelerator’s time unit.	However, Cheng further discloses that the accelerator has a time generation unit that is calibrates to match an external source (Cheng ¶139).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Cheng, which teaches to have a time generation unit on the accelerator, into the teaching of Cheng, that teaches the host generating a second nonce and the checking of the nonce based on timestamp for session freshness, to also have a time generation unit on the host that has its clock calibrated to the same external source to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as having calibrated time unit on both the host and the accelerator would ensure accurate synchronization of the host and the accelerator and also improve security of the system (Cheng ¶137).

	Regarding claim 4, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate a first encryption key of the one or more encryption keys based on one or more of a first time or a first location of the vehicle system (Cheng ¶122, the host system is configured to verify freshness of the first nonce, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng [0140], request time unit 2003 to generate a timestamp on a per need basis. The timestamp can then be used by security unit 1020 to time stamp cryptographic key authentications, key generations, and/or key expirations. For example, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed or a renewal authorization is obtained through a user application), and the one or more processors are configured to generate a second encryption key of the one or more encryption keys based on one or more of a second time or a second location of the vehicle system (¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a channel session associated with the session key may be terminated. Subsequently, a new session key may be generated if the session key is configured to be automatically renewed).

	Regarding claim 5, Cheng in view of Lee teaches the system of claim 1, wherein the onboard communication system is configured to generate the session key while the vehicle system is stationary or moving along the route ([Examiner remark: Cheng’s teaching is readily applied on a stationary or moving vehicle]; Lee ¶3, in these emerging automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶4, automated driving systems).

	Regarding claim 6, Cheng in view of Lee teaches the system of claim 1, wherein the one or more processors are configured to generate a first encryption key of the one or more encryption keys by hashing the session key with a first identifier based on a first time of the cycle time (Cheng ¶47, derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns, first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges;), and
	the one or more processors are configured to generate a second encryption key of the one or more encryption keys by hashing the session key with a second identifier based on a second time of the cycle time (Cheng ¶122, where the host session key is generated only if the first nonce was generated within a predetermined period of time; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed;  Cheng ¶47, derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns, first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges; Cheng ¶48, the first nonce was generated by the host system after the temporary public key has been verified; see also ¶116 and ¶118 of Cheng).

	Regarding claim 7, Cheng in view of Lee teaches the system of claim 1, wherein the onboard communication system is configured to receive one or more off-board encryption messages from the off-board communication system (Cheng ¶102, a secured information exchange channel is required to be setup or established between host server 104 and the DP accelerator, information can then be exchanged between the user application and the DP accelerator through the secure channel by way of a session key to encrypt and decrypt the information exchanges; see also Cheng ¶158 and ¶160).

	Regarding claim 8, Cheng in view of Lee teaches the system of claim 7, wherein the onboard communication system is configured to decrypt the one or more off-board encryption messages based on one or more of the cycle time, the one or more encryption keys, or the session key (Cheng ¶47, the system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶116).

	Regarding claim 9, Cheng in view of Lee teaches the system of claim 7, wherein the onboard communication system is configured to decrypt the one or more off-board encryption messages based on one or more of the session key, the cycle time, or the identifier (Cheng ¶47, the system generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator; Cheng ¶140, if a session key is determined to be expired, based on a timestamp associated with when the session key is generated, a new session key may be generated if the session key is configured to be automatically renewed; see also Cheng ¶116).
	Regarding claims 10-11, and 13-14, the claims recite essentially the same limitations as that of claim 1-3, and 5, respectively.  The claims 10-11, and 13-14 are rejected for the same reasons as that of claims 1-3 and 5, respectively.

	Regarding claims 12, and 15-18, the claims recite essentially the same limitations as that of claim 4, 6-9, respectively.  The claims 12, 15-18 are rejected for the same reasons as that of claim 4, 6-9, respectively.
	Regarding claim 19, Cheng teaches a method for securing communication between an onboard communication system (¶6, a host system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor; fig. 1 element 104) and an off-board communication system (fig. 1, elements 105-107), 
	generating one or more encryption keys based at least in part on information that is known by both the onboard communication system and the off-board communication system (¶47, the system receives a second nonce (ns) from the DP accelerator; ¶48, the second nonce has been generated locally at the DP accelerator;  [0116], HCM 901 upon receiving the “CM_generate session key” command, ACM 915 generates a second random nonce (ns); ¶118, receives a second nonce (ns) from the DP accelerator; ¶116, ACM 915 generates a second random nonce (ns),  derives a session key based on the first and the second random nonce, nc and ns, the session key is derived by a hash function of random nonce nc concatenated with random nonce ns; see also [0117]; ¶122);
	generating one or more encryption messages by encrypting one or more messages associated with one or more of the Cheng ¶47, ¶116, ¶118, generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator); and
	communicating the one or more encrypted messages between the onboard communication system and the off-board communication system, wherein the one or more encrypted messages include information about one or more of the Cheng ¶47, ¶116, ¶118, generates a first session key based on the first nonce and the second nonce, which is utilized to encrypt or decrypt subsequent data exchanges between the host system and the DP accelerator). 	Although Cheng’s system is readily applied onto an onboard vehicle system and offboard communication system, Cheng does not explicitly disclose the following limitations that Lee teaches:
	an onboard communication system configured to be disposed onboard a vehicle system (Lee abstract, communication method using a security key between nodes connected via a network or a bus includes setting a critical cluster among multiple nodes, selecting a primary message shared between the set critical clusters, and encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters, wherein each of the critical clusters stores the primary message for the preset period according to a same key generation scheme to generate a block, and generates and possesses a new key based on the generated block and a currently used key;  [0002] A control based system, for example, a vehicle and a drone, is a distributed system in which small computers communicate with one other; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; ¶62, the system (for example, a vehicle or a drone); see also ¶4; ¶83); and	encrypting one or more messages associated with one or more of the vehicle system or a route over which the vehicle system is configured to move (Lee abstract, encrypting a message using a key generated to be valid for a preset period to enable communication between the critical clusters; ¶1, encrypted communication via a network or a bus, and more particularly, to a node that generates an encryption key for ensuring secure communication between nodes; [0002] A control based system, for example, a vehicle and a drone; ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; see also ¶7-¶19, ¶56-¶62; ¶78-¶83).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
	Regarding claim 20, Cheng in view of Lee teaches the method of claim 19 (see discussion above), further comprising:
	decrypting the one or more encrypted messages by the off-board communication system (Cheng ¶47-¶48; Cheng ¶116);	Although Cheng’s encryption system between host and accelerators is readily applied on a vehicle, Cheng does not explicitly disclose the following limitations that Lee teaches:
	generating a first new encrypted message to be communicated to one or more of the vehicle system or another vehicle system, wherein the first new encrypted message comprises one or more command messages for one or more of controlling movement of the vehicle system or the other vehicle system, or controlling one or more systems of the vehicle system or the other vehicle system (Lee [0002] A control based system, for example, a vehicle and a drone; Lee ¶3, automated driving systems or drones, nodes, not humans, control all situations and drive vehicles; Lee [0083], The message sender and the message receiver use the encrypted MAC(n−1) of the previous message m(n−1) to generate the encrypted message MACn, the system (for example, a vehicle or a drone); Lee, [0105] The control unit 30 may encrypt a message that the sender node intends to send; Lee [0066], A message encryption and decryption process is a task with high performance overhead. Accordingly, in terms of performance and cost efficiency, it is efficient to apply this method to only a node for which security attributes are important, such as a node that controls the engine or steering).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lee, which teaches an encrypted communication system between nodes/clusters such as vehicles or drones and controlling vehicle with the encrypted messages, into the teaching of Cheng to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as incorporating Lee’s teaching would help improve security of communication between systems (Lee ¶3, ¶4) and improve efficiency and performance of the system that Cheng’s system being applied onto (Lee ¶66). In addition, both references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as, encrypted communication. This close relation between both references highly suggests an expectation of success when combined.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20200169400 A1 - key pair generation/regeneration process effectively places a geofence around the trusted execution environment as the secret data can only be accessed so long as the computing device is within some bounded geographic location that can be cryptographically verified using signals from, for example, a trusted Global Navigation Satellite System (GNSS).
US 20190191301 A1 - generate the encryption key of the STA according to location information of the terminal, so that the generated encryption key is changed.
US 20210266988 A1 - onboard controller 104, one or more nodes 106, or one or more communication modules 116 onboard the vehicles 102 of the vehicle network can dynamically establish network sessions with available radio and/or wireless networks through such devices implemented at wayside locations.  Offboard controllers 108 communicating the key via the second communication pathway. The onboard controller is configured to receive a request for a key, generate the key, communicate the key to an offboard controller associated with the vehicle network. The key communicated by the candidate operator can include a first key portion. A key can be one or more of an encrypted key, a unique key, a cryptographic key.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.H.H/
Examiner, Art Unit 2497

/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497