DETAILED ACTION
I.	Claims 3, 11, 17, 25, and 29-60 were cancelled in a preliminary amendment.
II.	Claims 1, 2, 4-10, 12-16, 18-24 and 26-28 have been examined.
III.	Responses to Applicant’s remarks have been given.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
The current application is a national stage entry of PCT/IB2016/050770, International Filing Date: 02/12/2016.
Response to Arguments
The amendments to claims 7, 13, 21 and 27 (i.e., the removal of the semi-colon at the end of the respective claims, and the addition of a period at the end of the respective claims) give cause for the 35 U.S.C. 112(b) rejection of claims 7 and 13 to be hereby withdrawn.  However, claims 21 and 27 remain rejected in view of the grounds cited below.
Applicant's arguments filed 11/04/2020 have been fully considered but they are not persuasive. With regards to the Applicant’s arguments that Wei does not teach the the service entity transfers to the EAC an authentication request carrying the related information such as the ID of the service entity, the security degree of the authentication mechanism chosen by the service entity, and etc.” and “a UE issues to the EAC a HTTP Digest authentication request carrying its own ID” within paragraph 142 of Wei.
With regards to the claim limitation of “the Application Function receiving a response to the authentication request from the Authentication Function including an authentication challenge” the Examiner asserts that it is disclosed within Wei via the searching and returning of a “mutual authentication protocol” after receiving the initial claimed “authentication request” via paragraph 73, “upon receiving the authentication request, the EAC searches the security degree list stored in local to find at least one authentication mechanism currently supported by the network and satisfying the security degree requirement, including an authentication protocol and an enciphering algorithm. For instance, Http AKA is a mutual authentication protocol between the network and the terminal in the radio network. By performing this protocol, the two communication parties can authenticate the identity of each other and generate the same key respectively” and paragraph 165, “And the EAC eventually matches the 
With regards to the claim limitation pertaining to “the Application Function sending a challenge response to the Authentication Function”, the Examiner asserts that it is disclosed via the transferring of an “HTTP request message including Digest AKA response” within paragraph 146 of Wei: “the UE transfers to the EAC an HTTP request message including a Digest AKA response and an abstract value calculated by the RES calculated”.
Further, regarding the claim limitation of “upon receiving a response indicating success from the Authentication Function, the Application Function generating a session key using secret authentication credentials and information included in the authentication challenge”, the Examiner upholds that Wei discloses this via the key generation and the establishment of “the lifetime of the key material in local, and associates them with the authentication mechanism” within paragraph 150 of Wei, “the UE also generates the same key material, Ks=CKIIK, acquires the ISR-ID and the lifetime of the key material by decrypting, stores the ISR-ID and the lifetime of the key material in local, and associates them with the authentication mechanism”.
Further, with regards to the claim limitation of “the Application Function handshaking with the Authentication Function and establishing the secure communication link using the session key, thereby securing the interface between the Application Function and the Authentication Function”, the Examiner maintains that Wei discloses this aspect of the claimed invention via the “mutual authentication” and generation of “a shared key material and establish a security connection” via Figure 13 and paragraph 162, “When the bank SP desires to provide a mobile phone bank service for a UE, it first needs to perform mutual authentication with the EAC to generate a shared key material and establish a security connection, and the authentication procedure is as follows, referring to FIG. 13”; as well as the verification and security connection establishing processes within paragraph 169.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 21 and 27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 21 is directed – via amendment – to “The Application Function of claim 15” and claim 27 is directed – via amendment – to “The Authentication Function of claim 23”. However, claim 15 is directed to “An Application Function node” and claim 23 is directed to “An Authentication Function node”.  Therefore, there is insufficient antecedent basis within these claims.  Appropriate correction is required. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 2, 4-10, 12-16, 18-24 and 26-28 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by United States Patent Application Publication No. US 20080178004 A1 to Wei et al., hereinafter Wei.
Regarding claim 1, Wei teaches a method for securing an interface and for securing a process for establishing a secure communication link between an Application Function located in an unsecure zone and an Authentication Function (Figure 13, and paragraph 162), comprising: 

the Application Function receiving a response to the authentication request from the Authentication Function including an authentication challenge (paragraph 73, “upon receiving the authentication request, the EAC searches the security degree list stored in local to find at least one authentication mechanism currently supported by the network and satisfying the security degree requirement, including an authentication protocol and an enciphering algorithm. For instance, Http AKA is a mutual authentication protocol between the network and the terminal in the radio network. By performing this protocol, the two communication parties can authenticate the identity of each other and generate the same key respectively”, paragraph 144, and paragraph 165, “And the EAC eventually matches the authentication mechanism supported by the SP and determine the authentication mechanism used in the mutual authentication”); 
the Application Function sending a challenge response to the Authentication Function (paragraph 146, “the UE transfers to the EAC an HTTP request message including a Digest AKA response and an abstract value calculated by the RES calculated”); 
upon receiving a response indicating success from the Authentication Function, the Application Function generating a session key using secret authentication credentials and information included in the authentication challenge (paragraph 150, “the UE also 
and the Application Function handshaking with the Authentication Function and establishing the secure communication link using the session key, thereby securing the interface between the Application Function and the Authentication Function (Figure 13 and paragraphs 162, “When the bank SP desires to provide a mobile phone bank service for a UE, it first needs to perform mutual authentication with the EAC to generate a shared key material and establish a security connection, and the authentication procedure is as follows, referring to FIG. 13” and 169, “upon receiving the Client Hello message, the EAC verifies whether the Session ID field is null. If the Session ID field is not null and associated security connection information can be matched with the information carried in the Session ID field, the EAC directly transfers a Finished message to the SP to verify whether the authentication result of the security connection and the shared key material are available. After verifying that the parameters in the Finished message are correct, the SP returns another Finished message to the EAC. If the EAC verifies that the parameters in the Finished message are correct, the two parties re-use the security connection”). 
Regarding claim 2, Wei teaches wherein the Application Function is a Network Application Function (NAF) and the Authentication Function is a Bootstrapping Server Functionality (BSF) as defined in Generic Bootstrapping Architecture (GBA) and wherein the interface is an interface between the NAF and the BSF (paragraphs 5-11, 58, 60, and 191). 
Regarding claim 4, Wei teaches wherein the authentication challenge is an authentication vector generated by a Home Subscriber Server (HSS) (paragraphs 5, 38 and 143). 
Regarding claim 5, Wei teaches wherein the session keys are Bootstrapping Key Session (Ksb) useable for a specific Application Function (Figure 17 and paragraphs 19, 68, 117, 128, 177, and 179). 
Regarding claim 6, Wei teaches wherein the secret authentication credentials comprise a physical Subscriber Identity Module (SIM), an embedded SIM or a software SIM (paragraphs 58, 134, 185, and 189). 
Regarding claim 7, Wei teaches wherein the information included in the authentication challenge includes a Message Authentication Code (MAC) and Random number (RAND) (paragraphs 143, 144, 153, 154, 215, 216, 227, and 228).
Regarding claim 8, Wei teaches wherein the secure communication link is a Transport Layer Security based on Pre-Shared Key ciphersuite (TLS-PSK) tunnel (paragraphs 134, 137, 164-167, and 183-186). 
Regarding claim 9, Wei teaches a method for securing an interface and for securing a process for establishing a secure communication link between an Application Function located in an unsecure zone and an Authentication Function (Figure 13, and paragraph 162), comprising: 
the Authentication Function receiving an authentication request message from the Application Function (paragraphs 72 and 142); 

the Authentication Function receiving a response from the HSS including the authentication vector (paragraphs 5, 38 and 143); 
the Authentication Function sending a response to the authentication request to the Application Function including an authentication challenge derived from the authentication vector (paragraph 146); 
the Authentication Function receiving a challenge response from the Application Function (paragraph 150); 
upon validating the challenge response, the Authentication Function generating a session key using information included in the authentication vector (paragraph 150); 
the Authentication Function sending a response indicating success to the Application Function; and the Authentication Function handshaking with the Application Function and establishing the secure communication link using the session key, thereby securing the interface between the Application Function and the Authentication Function (Figure 13 and paragraphs 162 and 169). 
Regarding claim 10, Wei teaches wherein the Application Function is a Network Application Function (NAF) and the Authentication Function is a Bootstrapping Server Functionality (BSF) as defined in Generic Bootstrapping Architecture (GBA) and wherein the interface is an interface between the NAF and the BSF (paragraphs 5-11, 58, 60, and 191). 
Regarding claim 12, Wei teaches wherein the session keys are Bootstrapping Key Session (Ksb) useable for a specific Application Function (Figure 17 and paragraphs 19, 68, 117, 128, 177, and 179). 
Regarding claim 13, Wei teaches wherein the information included in the authentication challenge includes a Message Authentication Code (MAC) and Random number (RAND) (paragraphs 143, 144, 153, 154, 215, 216, 227, and 228).
Regarding claim 14, Wei teaches wherein the secure communication link is a Transport Layer Security based on Pre-Shared Key ciphersuite (TLS-PSK) tunnel (paragraphs 134, 137, 164-167, and 183-186). 
Regarding claim 15, Wei discloses an Application Function node located in an unsecure zone for securing an interface and a process for establishing a secure communication link towards an Authentication Function (Figure 13, and paragraph 162), 
the Application Function node comprising a processing circuit and a memory, said memory containing instructions executable by said processing circuit whereby said Application Function node is operative to: 
send an authentication request message to the Authentication Function (paragraphs 72 and 142); 
receive a response to the authentication request from the Authentication Function including an authentication challenge (paragraphs 73, 144, and 165); 
send a challenge response to the Authentication Function (paragraph 146); 
upon receiving a response indicating success from the Authentication Function, generate a session key using secret authentication credentials and information included in the authentication challenge (paragraph 150); 

Regarding claim 16, Wei discloses wherein the Application Function node is a Network Application Function (NAF) and the Authentication Function is a Bootstrapping Server Functionality (BSF) as defined in Generic Bootstrapping Architecture (GBA) and wherein the interface is an interface between the NAF and the BSF (paragraphs 5-11, 58, 60, and 191). 
Regarding claim 18, Wei discloses wherein the authentication challenge is an authentication vector generated by a Home Subscriber Server (HSS) (paragraphs 5, 38 and 143). 
Regarding claim 19, Wei discloses wherein the session keys are Bootstrapping Key Session (Ksb) useable for a specific Application Function (Figure 17 and paragraphs 19, 68, 117, 128, 177, and 179). 
Regarding claim 20, Wei discloses wherein the secret authentication credentials comprise a physical Subscriber Identity Module (SIM), an embedded SIM or a software SIM (paragraphs 58, 134, 185, and 189). 
Regarding claim 21, Wei discloses, wherein the information included in the authentication challenge includes a Message Authentication Code (MAC) and Random number (RAND) (paragraphs 143, 144, 153, 154, 215, 216, 227, and 228). 
Regarding claim 22, Wei discloses wherein the secure communication link is a Transport Layer Security based on Pre-Shared Key ciphersuite (TLS-PSK) tunnel (paragraphs 134, 137, 164-167, and 183-186). 
Regarding claim 23, Wei discloses an Authentication Function node for securing an interface and a process for establishing a secure communication link towards an Application Function located in an unsecure zone (Figure 13, and paragraph 162), 
the Authentication function node comprising a processing circuit and a memory, said memory containing instructions executable by said processing circuit whereby said Authentication Function node is operative to: 
receive an authentication request message from the Application Function (paragraphs 72 and 142); 
send a request for an authentication vector to a Home Subscriber Server (HSS) for an identifier provided in the authentication request message (paragraphs 5, 38, and 143); 
receive a response from the HSS including the authentication vector (paragraphs 5, 38, and 143); 
send a response to the authentication request to the Application Function including an authentication challenge derived from the authentication vector (paragraph 146); 
receive a challenge response from the Application Function (paragraphs 73, 144, and 165); 
upon validating the challenge response, generate a session key using information included in the authentication vector; (paragraph 150) 
send a response indicating success to the Application Function; and handshake with the Application Function and establish the secure communication link using the session 
Regarding claim 24, Wei discloses wherein the Application Function is a Network Application Function (NAF) and the Authentication Function node is a Bootstrapping Server Functionality (B SF) as defined in Generic Bootstrapping Architecture (GBA) and wherein the interface is an interface between the NAF and the BSF (paragraphs 5-11, 58, 60, and 191). 
Regarding claim 26, Wei discloses wherein the session keys are Bootstrapping Key Session (Ksb) useable for a specific Application Function (Figure 17 and paragraphs 19, 68, 117, 128, 177, and 179). 
Regarding claim 27, Wei discloses wherein the information included in the authentication challenge includes a Message Authentication Code (MAC) and Random number (RAND) (paragraphs 143, 144, 153, 154, 215, 216, 227, and 228). 
Regarding claim 28, Wei discloses wherein the secure communication link is a Transport Layer Security based on Pre-Shared Key ciphersuite (TLS-PSK) tunnel (paragraphs 134, 137, 164-167, and 183-186).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to secure authentication.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627.  The examiner can normally be reached on M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see https://ppair-



/JEREMIAH L AVERY/Primary Examiner, Art Unit 2431