APPARATUS AND METHOD FOR DISTINGUISHING RELAY/REPLAY SIGNAL IN PASSIVE KEYLESS ENTRY SYSTEM

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 1-4, 7-11 and 14-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1-4, 7-11 and 14-18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Claim(s) 1, 8 and 15 “recites” abstract ideas under the 2019 PEG: Step 2A, Prong One – Judicial Exception The claims are directed to an abstract idea. Specially, the claims recite verifying and authenticating signals by generating, receiving, and comparing timestamps, hash values, and threshold values to determine whether a relay or replay signal has occurred. Such limitations constitute analyzing information and making a determination based on mathematical comparison and logical conditions, which fall within the categories of mental process and mathematical concepts per the 2019 PEG update. Step 2A, Prong Two – Integration into a Practical Application The claims do not integrate the abstract idea into a practical application. The additional elements recited in the claims, including a processor, memory, timestamps, random numbers, hash values and wireless signal transmission, are generic computer and communication components used to perform their conventional functions. The claims merely apply the abstract idea in the context of a passive keyless entry system, which amounts to use of the abstract idea in a particular technological environment and does not impose any meaningful limits on the judicial exception. Step 2B – Inventive Concept The claims do not recite additional elements that amount to significantly more than the abstract idea. The claimed steps are performed using well-understood, routine, and conventional techniques for signal authentication and data comparison implemented on generic computing components. When considered individually and as an ordered combination, the additional elements do not add any non-conventional or inventive feature sufficient to transform the abstract idea into patent-eligible subject matter. Therefore, claims 1-4, 7-11 and 14-18 are not drawn to eligible subject matter as they are directed to an abstract idea without significantly more. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bjorkengren (US 2023/0074878, hereinafter Volvo) in view of Nowottnick (US 2019/0075454). Per claim 1, Volvo teaches a method of operating a passive keyless entry (PKE) system of a vehicle, the method comprising (0049 and abstract teach a system and method for authorizing a user device/passive key to send a request to a vehicle in order to unlock the vehicle and detect a relay attack): generating a first signal including a first random number and a first timestamp value (0011 teaches activating the vehicle acoustic transducer to transmit an acoustic signal comprising a first unique ID, ID1, and creating a time stamp t0); transmitting the first signal to a smart key (0011 teaches the vehicle acoustic transducer transmits an acoustic signal to the user device); receiving from the smart key, a second signal including a second hash value and a second timestamp value (0011 teaches receiving the response signal, verifying ID2 and creating a time stamp t4. 0018 further teaches ID2 is generated based on the received signal identity ID1 using a previously agreed upon method and is typically also on a shared secret that is not known by a potential attacker); comparing a first difference between the second timestamp value and the first timestamp value with a first threshold (0064 teaches if a difference between Tof1 and ToF2 is below a predetermined threshold value Tmax, the user is authorized); and determining that a relay signal has occurred in response to the first difference between the second timestamp value and the first timestamp value being equal to or greater than the first threshold (0066 teaches if the difference between ToF1 and ToF2 exceeds threshold value Tmax, this can be interpreted as a potential relay attack. Volvo’s “first unique ID, ID1” functions as a challenge identifier generated by the vehicle. While Volvo does not explicitly describe ID1 as a “random number”, Volvo uses ID1 as a unique challenge value exchanged during an authorization procedure. Similarly, Volvo teaches a response value ID2 derived from the original identifier and secret information, which maps to a cryptographic authentication value. But, Volvo does not explicitly teach the term “random number” or “hash value”. However, in an analogous art, Nowottnick teaches transceiver communication system (abstract). Nowottnick in paragraph 0063 teaches a challenge based on a first-random-number. 0076 teaches hashing…the payload data to generate hashed payload data. 0078 teaches a hashed-response is transmitted from the second transceiver to the first transceiver. Volvo already teaches detecting relay attacks in a PKE system using challenge/response identifiers, timestamp generation and threshold-based analysis. Volvo further teaches that the response ID2 is derived from ID1 and a shared secret, establishing a cryptographic basis for authentication. Nowottnick is directed to vehicle access system and explicitly teaches generating challenges using random numbers and generating hash values for authentication and integrity verification. Therefore, before the effective filling date of the invention, it would have been obvious to one of ordinary skill in the art to implement Volvo’s challenge identifier as a random number and Volvo’s derived response identifier as a hash value as taught by Nowottnick, in order to improve cryptographic explicitness and integrity of the challenge response exchange while maintaining Volvo’s relay attack timing detection. This combination yields predictable improvements in security robustness without altering the fundamental operation of Volvo’s timing-based relay detection. Per claim 2, Volvo teaches wherein the first difference between the second timestamp value and the first timestamp value indicates a first sum of a first time elapsed for the smart key to receive the first signal from the PKE system and a second time elapsed for the smart key to transmit the second signal to the PKE system (0011 teaches determining a response delay time tD as tD=t3-t2. This is a difference between timestamp values and is expressly used as the device’s response delay. 011 further teaches receiving and verifying the acoustic signal identity ID1 transmitted by the vehicle and creating a time stamp t2 upon reception (smart key receipt of first signal). 0011 further teaches transmiting the response signal as an acoustic signal comprising ID2 and creating a time stamp t3 transmission event (smart key’s transmission of second signal). 0059 teaches based on the time stamp t2 created upon reception of the signal US1 and the time stamp t3 created for the transmission event, a response delay time tD can be determined as tD=t3-t2. Thus, Volvo’s timestamp difference (te-t2) indicates the elapsed time attributable to the smart key’s receive and respond behavior, which corresponds to “first sum” of time associated with receiving the first signal and time associated with transmitting the second signal). Per claim 3, Volvo teaches generating a third timestamp value upon receiving the second signal (0011 teaches receiving the response signal, verifying ID2 and creating a timestamp t4 (third)); and in response to the first difference between the second timestamp value and the first timestamp value being less than the first threshold, comparing a second difference between the third timestamp value and the second timestamp value with a second threshold (0011 teaches determining a second time of flight ToF2 as ToF2 =t4-t0-tD which teaches comparing timing differences that includes the t4 which is third timestamp and t2/t3 which corresponds to the claimed second difference between the third timestamp value and the second timestamp value. 0064 teaches if a difference between ToF1 and Tof2 is below a predetermined threshold value Tmax, the user deice is authorized…which teaches that further processing and comparison occur when an earlier timing comparison does not exceed the threshold, corresponding to the claimed conditional step), and determining that one of or both of the relay signal and a replay signal has occurred in response to the second difference between the third timestamp value and the second timestamp value being equal to or greater than the second threshold (0066 teaches if the difference between ToF1 and Tof2 exceeds threshold value Tmax, this can be interpreted as a potential relay station attack). Per claim 4, Volvo teaches wherein the second difference between the third timestamp value and the second timestamp value indicates a second sum of a second time elapsed for the smart key to transmit the second signal to the PKE system (0011 teaches transmitting the response signal as an acoustic signal comprising ID2 and creating a timestamp t3 for the transmission event….this timestamp t3 marks the completion of the smart key’s transmission of the second signal) and a third time elapsed for the PKE system to receive the second signal (011 then teaches receiving the response signal, verifying ID2, and creating a timestamp t4….this marks the completion of the PKE system’s receipt of the second signal. 0011 further teaches determining a second time of flight Tof2 as ToF2=t4-t0-tD. Because t4 corresponds to reception at the vehicle and t3 corresponds to transmission by the smart key, the timing relationship includes the elapsed time from the smart key’s transmission of the second signal to the vehicle’s receipt of the second signal, i.e., the second sum). Per claim 5, Volvo in view of Nowottnick teaches generating a first hash value based on the first random number; in response to the second difference between the third timestamp value and the second timestamp value being less than the second threshold, comparing the first hash value with the second hash value contained in the second signal; and allowing access to and startup of the vehicle in response to the first hash value based on the first random number being equal to the second hash value contained in the second signal (0064 teaches if a difference between Tof1 and Tof2 is below a predetermine threshold value Tmax, the user device is authorized…which corresponds to the subsequent authentication steps (including comparison of authentication values) occur in response to the timing difference being below a threshold. 0011 teaches activating the vehicle acoustic transducer to transmit an acoustic signal comprising a first unique ID, ID1 and receiving the response signal, verifying ID2. 0018 teaches ID2 is created using a method and parameters which are predetermined and known to the vehicle and ID2 is a unique identifier based on ID1 and typically also on a shared secret that is not known by a potential attacker…thus teaching a challenge-response mechanism in which a value derived from an initial identifier is generated by the user device and verified by the vehicle prior to allowing authorization. 0011-0013 teaches allowing continued communication and vehicle access after successful verification and 0013 teaches a request from the user device to the vehicle may for example be a request to unlock the vehicle). But Volvo does not explicitly teach ID1 as a random number, ID2 as a hash value and generating a hash value based on a random number nor comparing hash values. However, Nowottnick in 0063 teaches generating a hash value based on a random number. 0032 teaches generating hash values using cryptographic processing. 0020 explicitly teaches cipher-code may be a random or pseudo-random number. 0032 teaches hashing…to generate hashed-decrypted response; and setting a validation state in accordance with a comparison of the hashed-decrypted response and the received hashed response. 0025 teaches access to one or more systems of the vehicle may be controlled by the vehicle in accordance with the validation state. 0068 teaches unlocking the vehicle. Therefore, before the effective filling date of the invention, it would have been obvious to one of ordinary skill in the art to implement Volvo’s challenge identifier as a random number and Volvo’s derived response identifier as a hash value as taught by Nowottnick, in order to improve cryptographic explicitness and integrity of the challenge response exchange while maintaining Volvo’s relay attack timing detection. This combination yields predictable improvements in security robustness without altering the fundamental operation of Volvo’s timing-based relay detection. Per claim 6, Volvo in rejection above teaches PKE system for a vehicle that conditionally allows or denies vehicle access based on authentication result and relay attack detection. Nowottnick as taught above teaches disallowing vehicle access when a hash comparison fails. Specifically, paragraph 0077 teaches if the received hashed payload data does not match, the procedure stops and 0068 and 0009 teaches the output may be to authorize access to the vehicle such as unlocking a door if the hashing payload match. Therefore, before the effective filling date of the invention, it would have been obvious to one of ordinary skill in the art to incorporate Nowottnick’ s hash comparison failure logic into Volvo’s PKE system since it would have been a predictable substitution that improves authentication clarify and integrity, while remaining compatible with Volvo’s relay attack detection framework. Per claim 7, Volvo teaches in paragraph 011 transmitting a signal from the vehicle to the smart key using a vehicle mounted transducer. Volvo further in 011-0013 teaches transmitting a response signal from the smart key back to the vehicle using a radio-based transmission. Thus, Volvo teaches asymmetric signaling, where the vehicle-to-key communication using one signaling modality and the key-to-vehicle response using a different wireless modality. But Volvo doesn’t explicitly teach LF and UHF signal transmission. It’s well-known in the art that passive keyless entry systems commonly transmits vehicle-initiated challenge signals using low frequency signal and transmit key-initiated response signal using ultra-high frequency signals to enable short-range proximity detection, directionality and reduced relay attack susceptibility. Therefore, examiner will take Official Notice, that before the effective filling date of the invention, it would have been obvious to one of ordinary skill in the art that using LF and UHF signaling was a conventional and ubiquitous in PKE systems. The rationale would be to minimize relay-attack through range limitation and for accurate proximity and direction detection. Per claim 8, see rejection of claim 1 and 3. Per claim 9, see rejection of claim 2. Per claim 10, see rejection of claim 3. Per claim 11, see rejection of claim 4. Per claim 12, see rejection of claim 5. Per claim 13, see rejection of claim 6. Per claim 14, see rejection of claim 7. Per claim 15, Volvo teaches a method of operating a smart key for a vehicle, the method comprising (0049 and abstract teach a system and method for authorizing a user device/passive key to send a request to a vehicle in order to unlock the vehicle and detect a relay attack):: receiving from a passive keyless entry (PKE) system of the vehicle, a first signal including a first random number and a first timestamp value (0011 teaches a vehicle acoustic transducer transmits an acoustic signal comprising a first unique ID, ID1 and creating a time stamp t0….the user device receives the acoustic signal); generating a second random number and a second timestamp value (0011 teaches user device transmits a response signal back to the vehicle. 0063 teaches a second time of flight measurement ToF2 is determined. 0018 teaches user device generates a response identifier ID2 based on the received signal identity ID1 using a previously agreed method. 0019 teaches the user device transmits a response signal and a time stamp t1 is created); and transmitting to the PKE system, a second signal including a second hash value and the second timestamp value, wherein the PKE system is configured to generate a third timestamp value based on a receipt of the second signal (0019 teaches the user device transmits the response signal including ID2. 0018 teaches ID2 is generated using a shared secret that is not known by a potential attacker. 0019 further teaches receiving the response signal, verifying ID2 and creating a time stamp t4 (third timestamp)), to compare a first difference between the second timestamp value and the first timestamp value with a first threshold, and to determine that a relay signal has occurred in response to the first difference between the second timestamp value and the first timestamp value being equal to or greater than the first threshold (0066 teaches if a difference between ToF1 and ToF2 exceeds threshold value Tmax, this can be interpreted as a potential relay station attack). Volvo’s “first unique ID, ID1” functions as a challenge identifier generated by the vehicle. While Volvo does not explicitly describe ID1 as a “random number”, Volvo uses ID1 as a unique challenge value exchanged during an authorization procedure. Similarly, Volvo teaches a response value ID2 derived from the original identifier and secret information, which maps to a cryptographic authentication value. But, Volvo does not explicitly teach the term “second random number” or “second hash value”. However, in an analogous art, Nowottnick teaches transceiver communication system (abstract). Nowottnick in paragraph 0020 teaches cipher-code may be a random number. 0063 teaches a challenge based on a first-random-number. 0076 teaches hashing…the payload data to generate hashed payload data. 0078 teaches a hashed-response is transmitted from the second transceiver to the first transceiver. 0011 teaches a hashing module configured to hash the response signature to generate a hashed-response using the cipher-code. Volvo already teaches detecting relay attacks in a PKE system using challenge/response identifiers, timestamp generation and threshold-based analysis. Volvo further teaches that the response ID2 is derived from ID1 and a shared secret, establishing a cryptographic basis for authentication. Nowottnick is directed to vehicle access system and explicitly teaches generating challenges using random numbers and generating hash values for authentication and integrity verification. Therefore, before the effective filling date of the invention, it would have been obvious to one of ordinary skill in the art to implement Volvo’s challenge identifier as a random number and Volvo’s derived response identifier as a hash value as taught by Nowottnick, in order to improve cryptographic explicitness and integrity of the challenge response exchange while maintaining Volvo’s relay attack timing detection. This combination yields predictable improvements in security robustness without altering the fundamental operation of Volvo’s timing-based relay detection. Per claim 16, see rejection of claim 9. Per claim 17, see rejection of claim 10. Per claim 18, see rejection of claim 11. Per claim 19, see rejection of claim 12. Per claim 20, see rejection of claim 13. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Meng (US 2019/0232917) abstract and Fig. 1 Any inquiry concerning this communication or earlier communications from the examiner should be directed to OMEED ALIZADA whose telephone number is (571)270-5907. The examiner can normally be reached Monday-Friday, 9:30 am until 5:30 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Zimmerman can be reached at 571-272-3059. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OMEED ALIZADA/Primary Examiner, Art Unit 2686