Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
2.	Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on the reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Drawings
3.	The drawings were received on 01/08/2021.  The replacement drawings for figures 2, 3, 4, and 5 are accepted by the Examiner. 
Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

A)	Claims 1-2 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over VACHIRAVEL (US 2016/0226869 A1) in view of BAEK (US 2012/0204027 A1). 
As per claim 1, VACHIRAVEL teaches a network authentication method (VACHIRAVEL, ¶0026, network authentication method), comprising: receiving, by a first network device, an access request message sent by a terminal device (VACHIRAVEL, ¶0026, receiving by network authorization and authentication node 108 (i.e. computing device) a service access request message transmitted by user device 102), wherein the access request message comprises an identity of the terminal device (VACHIRAVEL, ¶0026, access request message including device identifier information of user equipment); determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device by determining whether a local list stored on the first network device comprises the identity of the terminal device (VACHIRAVEL, ¶0026-27, determining by network authorization and authentication node 108 based on the device identity information whether or not to grant or allow the authentication on the UE102  based on predetermined list of an authorized devices which is stored in the node 108; also see ¶0022, locally or remotely storage device of authorization and authentication node 108; therefore local list of authorization and authentication node 108).	 
	However, VACHIRAVEL does not explicitly teach responsive to determining that the first network device does not allow the authentication on the terminal device: sending, by the first network device, the identity of the terminal device to a core network or responsive to determining that the first network device allows the authentication on the terminal device: sending, by the first network device, an authentication request message to the terminal device, so that the terminal device performs authentication on the first network device based on the authentication request message;  receiving an authentication response message sent by the terminal device; and performing authentication on the terminal device based on the authentication response message.  
 	In the same field of endeavor, BAEK teaches responsive to determining that the first network device does not allow the authentication on the terminal device: sending, by the first network device, the identity of the terminal device to a core network device, so that the core network device performs network authentication based on the identity of the terminal device; or responsive to determining that the first network device allows the authentication on the terminal device (BAEK, ¶0046, when authorize or allow the authentication on the terminal 140): sending, by the first network device, an authentication request message to the terminal device (BAEK, ¶0051, sending by NAS 120 Extensible Authentication Protocol (EAP) request message to the terminal 140), so that the terminal device performs authentication on the first network device based on the authentication request message (BAEK, ¶0051, so the terminal 140 performs EAP by transmitting response/identity message based on the EAP request message);  receiving an authentication response message sent by the terminal device (BAEK, ¶0051, receiving EAP response/identity message sent by terminal 140); and performing authentication on the terminal device based on the authentication response message 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of BAEK into invention of VACHIRAVEL in order to perform an authentication procedure and to authorize the user to access the network service if the user is determined to have subscribed to the network service for purpose of ensuring security in information transmission and reception between nodes (BAEK, ¶0003-04). 
 	As per claim 2 as applied to claim 1 above, VACHIRAVEL teaches wherein the determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device (VACHIRAVEL, ¶0026, determining by network node 108 based on the device identity information whether or not to grant or allow the authentication on the UE 102) comprises: determining, by the first network device based on the identity of the terminal device, whether the terminal device is an internet of things (IoT) device (VACHIRAVEL, ¶0026 and ¶0014, UE 102 can be laptop, a smart phone, a tablet, a remote terminal unit, a printer, or any other (i.e. IoT device) wired or wireless enterprise device, and combinations thereof). 
 	As per claim 8 as applied to claim 1 above, VACHIRAVEL teaches wherein when the first network device is a base station (VACHIRAVEL, ¶0021, authorization and authentication node (i.e. base station)). 
 	However, VACHIRAVEL does not explicitly teach, after the performing authentication on the terminal device based on the authentication response message, 
	In the same field of endeavor, BAEK teaches after the performing authentication on the terminal device based on the authentication response message, the method further comprises: sending, by the first network device, an access security management key to the core network device (BAEK, ¶0057, after performing authentication on the terminal 140 sending security Master Session Key (MSK)). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of BAEK into invention of VACHIRAVEL in order to perform an authentication procedure and to authorize the user to access the network service if the user is determined to have subscribed to the network service for purpose of ensuring security in information transmission and reception between nodes (BAEK, ¶0003-04). 
As per claim 9, VACHIRAVEL teaches a network device (VACHIRAVEL, ¶0026, network authorization and authentication node 108), comprising: a receiver, a processor, a transmitter, and a memory (VACHIRAVEL, ¶0022, receiver, processor, transmitter, and memory), wherein the memory is configured to store code that run by the processor (VACHIRAVEL, ¶0022, memory to store instructions or code executed by the processor); the receiver is further configured to receive an access request message sent by a terminal device (VACHIRAVEL, ¶0026, receiving by network authorization and authentication node 108 (i.e. computing device) a service access request message transmitted by user device 102), wherein the access request message comprises an identity of the terminal device (VACHIRAVEL, ¶0026, access request message 
	However, VACHIRAVEL does not explicitly teach responsive to determining that the network device does not allow the authentication on the terminal device:6Application No. 16/698,721Preliminary Amendment send the identity of the terminal device to a core network device, so that the core network device performs network authentication based on the identity of the terminal device; or responsive to determining that the network device allows the authentication on the terminal device: send an authentication request message to the terminal device, so that the terminal device performs authentication on the network device based on the authentication request message; wherein the receiver is further configured to receive an authentication response message sent by the terminal device; and wherein the processor is further configured to perform authentication on the terminal device based on the authentication response message.  
	In the same field of endeavor, BAEK teaches responsive to determining that the network device does not allow the authentication on the terminal device:6Application No. 16/698,721Preliminary Amendment send the identity of the terminal device to a core network device, so that the core network device or responsive to determining that the network device allows the authentication on the terminal device (BAEK, ¶0046, when authorize or allow the authentication on the terminal 140): send an authentication request message to the terminal device (BAEK, ¶0051, sending by NAS 120 Extensible Authentication Protocol (EAP) request message to the terminal 140), so that the terminal device performs authentication on the network device based on the authentication request message (BAEK, ¶0051, so the terminal 140 performs EAP by transmitting response/identity message based on the EAP request message); wherein the receiver is further configured to receive an authentication response message sent by the terminal device (BAEK, ¶0051, receiving EAP response/identity message sent by terminal 140); and wherein the processor is further configured to perform authentication on the terminal device based on the authentication response message (BAEK, ¶0051 and ¶0053, performing EAP authentication procedure based on EAP response/identity message). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of BAEK into invention of VACHIRAVEL in order to perform an authentication procedure and to authorize the user to access the network service if the user is determined to have subscribed to the network service for purpose of ensuring security in information transmission and reception between nodes (BAEK, ¶0003-04). 


VACHIRAVEL (US 2016/0226869 A1) in view of BAEK (US 2012/0204027 A1) and further in view of CHEN (US 20180176777 A1).  
 	As per claim 3 as applied to claim 2 above, VACHIRAVEL in view of BAEK teaches all the limitation substantially as claimed in claim 2. However, VACHIRAVEL in view of BAEK does not explicitly teach, wherein if the first network device allows the authentication on the terminal device, before the sending, by the first network device, an authentication request message to the terminal device, the method further comprises:  4Application No. 16/698,721Preliminary Amendmentdetermining, by the first network device, whether a local blacklist comprises the identity of the terminal device; and wherein the sending, by the first network device, an authentication request message to the terminal device comprises: if the first network device determines that the local blacklist does not comprise the identity of the terminal device, sending, by the first network device, the authentication request message to the terminal device.  
 	In the same field of endeavor, CHEN teaches wherein if the first network device allows the authentication on the terminal device, before the sending, by the first network device, an authentication request message to the terminal device (CHEN, ¶0034 and ¶0036,  MME authorize or allow the authentication on the terminal device before sending the request for authentication), the method further comprises:  4Application No. 16/698,721Preliminary Amendmentdetermining, by the first network device, whether a local blacklist comprises the identity of the terminal device (CHEN, ¶0034 and ¶0041, determining by MME whether blacklist comprising the terminal ID); and wherein the sending, by the first network device, an authentication request message to the terminal device comprises: if the first network device 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of CHEN into invention of VACHIRAVEL in view of BAEK in order to check a device identity at a central authorization entity in a core network to avoid potential risks while using non-3GPP access network such as Wi-Fi network (CHEN, abstract). 

As per claim 5 as applied to claim 1 above, VACHIRAVEL in view of BAEK teaches all the limitation substantially as claimed in claim 1. However, VACHIRAVEL in view of BAEK does not explicitly teach, wherein the determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device comprises: determining, by the first network device, whether the local whitelist comprises the identity of the terminal device.  
	In the same field of endeavor, CHEN teaches wherein the determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device (CHEN, ¶0034 and ¶0036, determining by MME whether to authorize or allow the authentication on the terminal device) comprises: determining, by the first network device, whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a white list).  

 	As per claim 6 as applied to claim 5 above, CHEN further teaches, wherein before the determining, by the first network device, whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a white list), the method further comprises: determining, by the first network device, whether a local blacklist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a black list); and, wherein the determining, by the first network device, whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a white list) comprises: 5Application No. 16/698,721Preliminary Amendmentif the first network device determines that the local blacklist does not comprise the identity of the terminal device (CHEN, ¶0041 and ¶0046, if the MME determines that the blacklist does not include the UE by ID check then sending an authorization success message to the terminal), determining, by the first network device, whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0041 and ¶0046, determining by MME whether the white list include the identity of device by checking the ID). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of CHEN into invention of VACHIRAVEL in view of BAEK in order to check a device 
 	 As per claim 11 as applied to claim 10 above, VACHIRAVEL in view of BAEK teaches all the limitation substantially as claimed in claim 10. However, VACHIRAVEL in view of BAEK does not explicitly teach, wherein the processor is further configured to determine whether a local blacklist comprises the identity of the terminal device; and, wherein the transmitter is specifically configured to: if the processor determines that the local blacklist does not comprise the identity of the terminal device, send an authentication request message to the terminal device.  
 	In the same field of endeavor, CHEN teaches wherein the processor is further configured to determine whether a local blacklist comprises the identity of the terminal device (CHEN, ¶0034 and ¶0041, determining by MME whether blacklist comprising the terminal ID); and, wherein the transmitter is specifically configured to: if the processor determines that the local blacklist does not comprise the identity of the terminal device, send an authentication request message to the terminal device (CHEN, ¶0034 and ¶0041, if the MME determines that the blacklist does not include the UE by ID check then sending an authorization success message to the terminal). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of CHEN into invention of VACHIRAVEL in view of BAEK in order to check a device identity at a central authorization entity in a core network to avoid potential risks while using non-3GPP access network such as Wi-Fi network (CHEN, abstract). 

	In the same field of endeavor, CHEN teaches wherein to determine whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a white list).  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of CHEN into invention of VACHIRAVEL in view of BAEK in order to check a device identity at a central authorization entity in a core network to avoid potential risks while using non-3GPP access network such as Wi-Fi network (CHEN, abstract). 

 	As per claim 14 as applied to claim 13 above, CHEN further teaches, wherein to determine whether a local blacklist comprises the identity of the terminal device (CHEN, ¶0046, whether device identity is in a black list); and 5Application No. 16/698,721Preliminary Amendmentif the first network device determines that the local blacklist does not comprise the identity of the terminal device (CHEN, ¶0041 and ¶0046, if the MME determines that the blacklist does not include the UE by ID check then sending an authorization success message to the terminal), determine whether the local whitelist comprises the identity of the terminal device (CHEN, ¶0041 and ¶0046, determining by MME whether the white list include the identity of device by checking the ID). 


C)	Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over VACHIRAVEL (US 2016/0226869 A1) in view of BAEK (US 2012/0204027 A1) and further in view of CHEN (US 20180176777 A1) and Chien (US 2018/0198796 A1). 
 	As per claim 4 as applied to claim 3 above, VACHIRAVEL in view of BAEK and CHEN teaches all the claim limitation substantially as claimed in claim 3. However, VACHIRAVEL in view of BAEK and CHEN does not explicitly teach determining, by the first network device, whether a local whitelist comprises the identity of the terminal device; and if the first network device determines that the local whitelist does not comprise the identity of the terminal device, sending, by the first network device, the identity of the terminal device to the core network device, so that the core network device verifies validity of the identity of the terminal device. 
 	In the same field of endeavor, Chien teaches determining, by the first network device, whether a local whitelist comprises the identity of the terminal device (Chien, ¶0070, whether white list includes address, nodes, data source or other information which can be trusted); and if the first network device determines that the local whitelist does not comprise the identity of the terminal device (Chien, ¶0075, if the destination node’s IP address not in the white list), sending, by the first network device, the identity 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of Chien into invention of VACHIRAVEL in view of BAEK and CHEN in order to evaluate and determines whether an outbound or inbound network communication is allowable based on one or more factors or properties of the communication, including one or more of an IP address, a listening port, a geographic location, time of day, or the like (Chien, abstract). 
	As per claim 12 as applied to claim 11 above, VACHIRAVEL in view of BAEK and CHEN teaches all the claim limitation substantially as claimed in claim 11. However, VACHIRAVEL in view of BAEK and CHEN does not explicitly teach determine whether a local whitelist comprises the identity of the terminal device; and if the first network device determines that the local whitelist does not comprise the identity of the terminal device, sending, by the first network device, the identity of the terminal device to the core network device, so that the core network device verifies validity of the identity of the terminal device. 
 	In the same field of endeavor, Chien teaches determine whether a local whitelist comprises the identity of the terminal device (Chien, ¶0070, whether white list includes address, nodes, data source or other information which can be trusted); and if the first network device determines that the local whitelist does not comprise the identity of the 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of Chien into invention of VACHIRAVEL in view of BAEK and CHEN in order to evaluate and determines whether an outbound or inbound network communication is allowable based on one or more factors or properties of the communication, including one or more of an IP address, a listening port, a geographic location, time of day, or the like (Chien, abstract). 

D)	Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over VACHIRAVEL (US 2016/0226869 A1) in view of BAEK (US 2012/0204027 A1) and further in view of ZHANG (US 20170201937 A1)
 	As per claim 7 as applied to claim 1 above, VACHIRAVEL in view of BAEK teaches all the claim limitation substantially as claimed in claim 1. However, VACHIRAVEL in view of BAEK does not explicitly teach wherein when the first network device is an access network gateway, after the performing authentication on the terminal device based on the authentication response message, the method further comprises: sending, by the first network device, a security mode command to the terminal device; receiving, by the first network device, a security mode complete 
	In the same field of endeavor, ZHANG teaches wherein when the first network device is an access network gateway (ZHANG, ¶0040, access gateway), after the performing authentication on the terminal device based on the authentication response message (ZHANG, ¶0040, based on the authentication data response message), the method further comprises: sending, by the first network device, a security mode command to the terminal device (ZHANG, ¶0044, Fig.7, sending security mode command (SMC) to the UE); receiving, by the first network device, a security mode complete command sent by the terminal device (ZHANG, ¶0044, Fig.7, performing AKA (i.e. acknowledgment or complete) and NAS SMC by UE); sending, by the first network device, an access security management key to the core network device and a base station that is connected to the terminal device (ZHANG, ¶0044, Fig.7, sending key for access security management entity between eNB 120 and UE 110 and HSS 150); and sending, by the first network device, an attach complete message to the terminal device (ZHANG, ¶0074, sending by MME a complete attach request message to the UE 110). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of ZHANG into invention of VACHIRAVEL in view of BAEK in order to effectively support a dedicated core network by ensuring that a UE is served by the appropriate network. 
 in view of BAEK teaches all the claim limitation substantially as claimed in claim 9. However, VACHIRAVEL in view of BAEK does not explicitly teach wherein when the network device is an access network gateway the transmitter is further configured to send a security mode command to the terminal device; the receiver is further configured to receive a security mode complete command sent by the terminal device; the transmitter is further configured to send an access security management key to the core network device and a base station that is connected to the terminal device; and the transmitter is further configured to send an attach complete message to the terminal device.
	In the same field of endeavor, ZHANG teaches wherein when the network device is an access network gateway (ZHANG, ¶0040, access gateway) the transmitter is further configured to send a security mode command to the terminal device (ZHANG, ¶0044, Fig.7, sending security mode command (SMC) to the UE); the receiver is further configured to receive a security mode complete command sent by the terminal device (ZHANG, ¶0044, Fig.7, performing AKA (i.e. acknowledgment or complete) and NAS SMC by UE); the transmitter is further configured to send an access security management key to the core network device and a base station that is connected to the terminal device (ZHANG, ¶0044, Fig.7, sending key for access security management entity between eNB 120 and UE 110 and HSS 150); and the transmitter is further configured to send an attach complete message to the terminal device (ZHANG, ¶0074, sending by MME a complete attach request message to the UE 110). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to have incorporated the teaching of  in view of BAEK in order to effectively support a dedicated core network by ensuring that a UE is served by the appropriate network.
Conclusion
5.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARIDEH MADANI whose telephone number is (571)272-1249.  The examiner can normally be reached on Monday through Friday; 9 AM to 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FARIDEH MADANI/Examiner, Art Unit 2643                                                                                                                                                                                                        

/JINSONG HU/Supervisory Patent Examiner, Art Unit 2643