DETAILED ACTION
1.	This office action is in response to the communication filed on 03/15/2019.
2.	Claims 1-28 are pending. 

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Claim Objections
5.	Claim(s) 8 and 28 is/are objected to because of the following informalities:  
Regarding claim 8, there is a typographical error in line 2 (e.g. missing commas in the phrase “determine, from a plurality of authentication mechanisms, an authentication”).
Regarding claim 28, the claim should be re-written into an independent claim or cancelled. (Note: claim 27 already recites a system, e.g. an apparatus, to implement a method according to claim 1).
Appropriate correction(s) is/are required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


6.	Claim(s) 1-2, 21-22 and 25-28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar et al. (US 20170257870 A1) in view of Salkintzis (US 20170318450 A1).
Regarding claim 1:
Farmanbar discloses a method comprising: 
creating a [security] service function chain comprising a set of [security] service functions, wherein the [security] service function chain is created in response to instantiation of a given network partition in a communication network, wherein the communication network supports instantiation of a plurality of network partitions for providing a respective plurality of network services (see paras. 27, 29 where a network slice (i.e. network partition) is a set of functions supporting network service(s), wherein a network service adheres to a service function chain (SFC); para. 49 where network slice(s) is/are created/instantiated to manage service request(s)); and 
utilizing the [security] service function chain to perform at least one [security] service for an entity performing one of accessing and seeking access to a network service corresponding to the given network partition (see fig. 1B and paras. 29-30 where network service(s)/function(s) is/are utilized to perform service for a customer, e.g. a mobile device, (i.e. an entity) performing one of accessing and seeking access to a network service corresponding to a network slice); 
wherein one or more of the steps are performed by a processing device (see fig. 11 and/or paras. 73, 75).
Farmanbar does not, but Salkintzis discloses:
security service (see Salkintzis, fig. 6 and para. 137, where a network slice performs a mutual authentication (i.e. security service) between a user entity (UE) and a network).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for security service, as taught by Salkintzis, in order for authenticate a UE using a network slice (Salkintzis, para. 137).

Regarding claims 26-28:
	See similar rejection to claim 1.

Regarding claim 2:
Farmanbar does not, but Salkintzis discloses:
mutual authentication between the entity and the communication network (see Salkintzis, fig. 5 and para. 137 or 147).


Regarding claim 21:
Farmanbar discloses:
utilizing the [security] service function chain to facilitate [authenticated] access by the entity to the network service corresponding to the given network partition (see paras. 27, 29 where a network slice (i.e. network partition) is a set of functions supporting network service(s), wherein a network service adheres to a service function chain (SFC); see fig. 1B and paras. 29-30 where network service(s)/function(s) is/are utilized to perform service for a customer, e.g. a mobile device, (i.e. an entity) performing one of accessing and seeking access to a network service corresponding to a network slice).
Farmanbar does not, but Salkintzis discloses:
security service to facilitate authenticated access (see Salkintzis, para. 171).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for security service to facilitate authenticated access, as taught by Salkintzis. The motivation is the same as presented in claim 1.

Regarding claim 22:
Farmanbar does not, but Salkintzis discloses:
utilizing the security service function chain to facilitate handover of the entity from a source network to a target network while maintaining access to the network service corresponding to the given network partition (see Salkintzis, fig. 5 and para. 147).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for utilizing the security service function chain to facilitate handover of the entity from a source network to a target network while maintaining access to the network service corresponding to the given network partition, as taught by Salkintzis. The motivation is the same as presented in claim 1.

Regarding claim 25:
Farmanbar does not, but Salkintzis discloses:
a machine-to-machine service (see Salkintzis, fig. 1, for mobile-to-mobile service).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for a machine-to-machine service, as taught by Salkintzis, in order to provide a mobile-to-mobile service via network slice(s) (Salkintzis, fig. 1). 

(s) 3-6, 10, 14-16 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, and further in view of Tang et al. (US 20190123963 A1).
Regarding claim 3:
Farmanbar discloses:    
wherein creation of the [security] service function chain [utilized to perform the mutual authentication is managed by an authentication orchestrator created for the given network partition] (see para. 49 where network slice(s) is/are created/instantiated; see paras. 27, 29 where a network slice is a set of functions supporting network service(s), wherein a network service adheres to a service function chain (SFC)).
Farmanbar does not, but Salkintzis discloses:
security service utilized to perform the mutual authentication (see Salkintzis, fig. 6 and para. 137, where a network slice performs a mutual authentication between a UE and a network).
The combination of Farmanbar-Salkintzis does not, but Tang discloses:    
creation of a given network partition is managed by an authentication orchestrator created for the given network partition (see Tang, para. 131, where a network slice instance is created based on a network slice template; see fig. 5 and paras. 91, 116 where a user is authenticated before creating a network slice template by a module, e.g. a slice elastic scaling decision module or the slice management module, (i.e. an authentication orchestrator)).


Regarding claim 4:
Farmanbar does not, but Salkintzis discloses:
a subset of an authentication gateway function, an authentication function, an identity mapping function, and a confidentiality and integrity function (see Salkintzis, fig. 6 and para. 137, where a network slice performs a mutual authentication procedure).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for a subset of an authentication gateway function, an authentication function, an identity mapping function, and a confidentiality and integrity function, as taught by Salkintzis. The motivation is the same as presented in claim 1.

Regarding claim 5:
Farmanbar does not, but Salkintzis discloses:
receive a message from the entity (see Salkintzis, fig. 5, step 540 associated with the first network slice instance); 
extract authentication information from the received message (see Salkintzis, fig. 5, step 545); 
compose an authentication request message from the extracted authentication information (see Salkintzis, fig. 5, step 545, and para. 128); and 
forward the authentication request message to the authentication function (see Salkintzis, fig. 5, step 550).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for receive a message from the entity, extract authentication information from the received message, compose an authentication request message from the extracted authentication information, and forward the authentication request message to the authentication function, as taught by Salkintzis. The motivation is the same as presented in claim 1.

Regarding claim 6:
Farmanbar does not, but Salkintzis discloses:
receive an authentication-related message from the authentication function (see Salkintzis, fig. 5, step 550 associated with the second network slice instance); 
integrate authentication information from the received message into an access response message (see Salkintzis, fig. 5, steps 555 and 560); and 
forward the access response message to the entity (see Salkintzis, fig. 5, steps 560 and 570).


Regarding claim 10:
Farmanbar does not, but Salkintzis discloses:
wherein the authentication function operating in a visited domain network in the communication network is configured to obtain, through [the authentication orchestrator of the given network partition], authentication information for the entity from another authentication function in a home domain network in the communication network (see Salkintzis, fig. 5, step 550).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication function operating in a visited domain network in the communication network is configured to obtain authentication information for the entity from another authentication function in a home domain network in the communication network, as taught by Salkintzis. The motivation is the same as presented in claim 1.
The combination of Farmanbar-Salkintzis does not, but Tang discloses:
the authentication orchestrator of the given network partition (see Tang, fig. 5 and paras. 91, 116 for a module, e.g. a slice elastic scaling decision module or the slice management module, (i.e. an authentication orchestrator)).

Regarding claim 14:
Farmanbar does not, but Salkintzis discloses:
provide protection for signaling messages [on a control plane of the network partition and for user data on a user plane of] the network partition (see Salkintzis, fig. 5 and para. 147).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for provide protection for signaling messages from/to the network partition, as taught by Salkintzis, in order to use a generated security to protect signaling messages between a UE and a network slice instance (Salkintzis, para. 147).
The combination of Farmanbar-Salkintzis does not, but Tang discloses:
signaling messages on a control plane of the network partition and for user data on a user plane of the network (see Tang, para. 66, for control plane network service and forwarding plane network service of a network slice (NS)).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis's invention by enhancing it for signaling messages on a control plane of the network partition and for user data on a user plane of the network, as 

Regarding claim 15:
Farmanbar does not, but Tang discloses:
wherein the authentication orchestrator for the given network partition is created and managed by a master authentication orchestrator function (see Tang, fig. 5, for a slice elastic scaling decision module (i.e. authentication orchestrator) and a slice management module (i.e. master authentication orchestrator function)).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication orchestrator for the given network partition is created and managed by a master authentication orchestrator function, as taught by Tang. The motivation is the same as presented in claim 3.

Regarding claim 16:
Farmanbar does not, but Tang discloses:
wherein the authentication function is a first authentication function, and the authentication orchestrator for the given network partition is configured to instantiate a second authentication function for another network partition during a scale-out operation (see Tang, fig. 5 and paras. 91, 116 where the slice elastic scaling decision module (i.e. authentication orchestrator function) of one of network slices has a function similar with the slice management module (i.e. master .
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication function is a first authentication function, and the authentication orchestrator for the given network partition is configured to instantiate a second authentication function for another network partition during a scale-out operation, as taught by Tang. The motivation is the same as presented in claim 3.

Regarding claim 18:
Farmanbar does not, but Tang discloses:
wherein the authentication orchestrator for the given network partition is configured to provision and configure the authentication function (see Tang, fig. 5 and paras. 91, 116 where the slice elastic scaling decision module (i.e. authentication orchestrator function) of one of network slices has a function similar with the slice management module (i.e. master authentication orchestrator) to authenticate a user).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication orchestrator for the given network partition is configured to provision and configure the authentication function, as taught by Tang. The motivation is the same as presented in claim 3.

Regarding claim 19:
Farmanbar does not, but Tang discloses:
wherein the authentication orchestrator for the given network partition is configured to terminate another authentication function for another network partition during a scale in operation (see Tang, fig. 5 and paras. 91, 116 where the slice elastic scaling decision module (i.e. authentication orchestrator function) of one of network slices has a function similar with the slice management module (i.e. master authentication orchestrator) to authenticate a user; see paras. 6, 101 where a specific quantity of network slice instances (i.e. another network slice/slice instance) is terminated during scale-in).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication orchestrator for the given network partition is configured to terminate another authentication function for another network partition during a scale in operation, as taught by Tang. The motivation is the same as presented in claim 3.

Regarding claim 20:
Farmanbar does not, but Tang discloses:
wherein the master authentication orchestrator is configured to: 
instantiate another authentication orchestrator function for another network partition during a scale-out operation (see Tang, fig. 5 and paras. 91, 116 where the slice elastic scaling decision module (i.e. authentication orchestrator function) ; and 
terminate another authentication orchestrator function for another network partition during a scale-in operation (see Tang, fig. 5 and paras. 6, 101).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it to instantiate another authentication orchestrator function for another network partition during a scale-out operation, and terminate another authentication orchestrator function for another network partition during a scale-in operation, as taught by Tang, in order to properly allocate resources during a scale-out or scale-in process (Tang, para. 17).

8.	Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, Tang, and further in view of Fransen (US 20170055153 A1).
Regarding claim 7:
Farmanbar as modified does not, but Fransen disclose:
receive key-related information from the authentication function (see Fransen, fig. 2 and paras. 98-100, where an eNodeB, e.g. eNodeB_4, receive attach request including information for authentication and/or key agreement from the other eNodeB); and 
forward the key-related information to the confidentiality and integrity function (see Fransen, fig. 2 and para. 100, where the attach request is forwarded to the core network system to generate key; see para. 44 where an integrity key is derived).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to receive key-related information from the authentication function, and forward the key-related information to the confidentiality and integrity function, as taught by Fransen, in order to perform an authentication procedure and/or a key agreement procedure for a user device using the received further secret key in the radio access network system and the derived further secret key in the user device (Fransen, abstract).

9.	Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, Tang, and further in view of Mildh et al. (US 20180062847 A1).
Regarding claim 8:
Farmanbar as modified discloses:
[determine from a plurality of authentication mechanisms] an authentication mechanism to use to perform access mutual authentication between the entity and the communication network (see Salkintzis, para. 137, where a mutual authentication is performed between a UE and a network).
Farmanbar as modified does not, but Mildh discloses:
determine from a plurality of authentication mechanisms an authentication mechanism to use (see Mildh, paras. 106, 125).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to determine from a plurality of authentication mechanisms an authentication mechanism to use, as taught by Mildh, in order to identify an authentication procedure to be used for authenticating a user entity (Mildh, para. 125).

10.	Claim(s) 9, 13 and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, Tang, and further in view of Anthony JR. et al. (US 20140044019 A1).
Regarding claim 9:
Farmanbar does not, but Salkintzis discloses:
[retrieve, from the identity mapping function, an actual identity associated with the entity based on] a temporary identity associated with the entity assigned by the communication network (see Salkintzis, para. 90, where a temporary identifier assigned to the UE).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for a temporary identity associated with the entity assigned by the communication network, as taught by Salkintzis, in order to identify a 
Farmanbar as modified does not, but Anthony JR. discloses:
retrieve, from the identity mapping function, an actual identity associated with the entity based on a temporary identity (see Anthony JR., para. 120).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to retrieve, from the identity mapping function, an actual identity associated with the entity based on a temporary identity, as taught by Anthony JR., in order to determine the real identify corresponding to a temporary identity (Anthony JR., para. 120).

Regarding claim 13:
Farmanbar as modified does not, but Anthony JR. discloses:
manage a relationship between an actual identity associated with the entity and a temporary identity assigned to the entity by the communication network (see Anthony JR., para. 120).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to manage a relationship between an actual identity associated with the entity and a temporary identity assigned to the entity by the communication network, as taught by Anthony JR., in order to 

Regarding claim 24:
Farmanbar does not, but Anthony JR. discloses:
an enhanced multimedia broadband service (see Anthony JR., paras. 66, 114, where a service comprises a multimedia service being increased or optimized).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it for an enhanced multimedia broadband service, as taught by Anthony JR., in order to provide multimedia service to a subscriber (Anthony JR., para. 114).

11.	Claim(s) 11-12 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, Tang, and further in view of Leveridge et al. (US 7233997 B1).
Regarding claim 11:
Farmanbar does not, but Salkintzis discloses:
wherein the authentication function is configured to [maintain a database of the authentication status and security context] for entities performing one of accessing and seeking access to the communication network through the given network partition (see Salkintzis, figs. 1, 5, and para. 147 where a second network slice instance is configured to perform authentication for UEs seeking access to a .
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication function is configured to perform authentication for entities performing one of accessing and seeking access to the communication network through the given network partition, as taught by Salkintzis. The motivation is the same as presented in claim 1.
Farmanbar as modified does not, but Leveridge discloses:
maintain a database of the authentication status and security context (see Leveridge, col. 6, lines 19-23, where a database stores a session key generated during authentication and a token identifying the access rights when a user has been authenticated).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to maintain a database of the authentication status and security context, as taught by Leveridge, in order to store authentication details of authorized users, and a list of currently-authenticated users for checking a current authentication status of a user (Leveridge, abstract).

Regarding claim 12:
Farmanbar does not, but Salkintzis discloses:
wherein the authentication function is configured to, after the entity initiates a handover to a target network, [reference the database of authentication status and security context for the entity to avoid] performing a mutual authentication between the entity and the target network (see Salkintzis, fig. 5 and para. 147).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication function is configured to, after the entity initiates a handover to a target network, performing a mutual authentication between the entity and the target network, as taught by Salkintzis. The motivation is the same as presented in claim 1.
Farmanbar-Salkintzis does not, but Leveridge discloses:
reference the database of authentication status and security context for the entity to avoid performing an authentication (see Leveridge, col. 2, lines 53-57; col. 6, lines 19-23).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to reference the database of authentication status and security context for the entity to avoid performing an authentication, as taught by Leveridge. The motivation is the same as presented in claim 11.

Regarding claim 17:

wherein the authentication function is a first authentication function, and the authentication orchestrator for the given network partition is configured to [instantiate a second authentication function] for the given network partition [when the first authentication function fails] (see Tang, fig. 5 and paras. 91, 116 where the slice elastic scaling decision module (i.e. authentication orchestrator function) of one of network slices has a function similar with the slice management module (i.e. master authentication orchestrator) to authenticate a user).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for the authentication function is a first authentication function, and the authentication orchestrator for the given network partition is configured to instantiate an authentication function for the given network partition, as taught by Tang. The motivation is the same as presented in claim 3.
Farmanbar as modifed does not, but Leveridge discloses:
instantiate a second authentication function when the first authentication function fails (see Leveridge, col. 10, lines 42-43).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar-Salkintzis-Tang's invention by enhancing it to instantiate a second authentication function when the first authentication function fails, as taught by Leveridge, in order to re-authenticate a user a number of times when an authentication failed (Leveridge, col. 10, lines 42-43).

12.	Claim(s) 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Farmanbar, Salkintzis, and further in view of Chia et al. (US 20080072301 A1).
Regarding claim 23:
Farmanbar does not, but Salkintzis discloses:
utilizing the security service function chain to facilitate [a single sign-on (SSO) operation] for the entity for the network service corresponding to the given network partition and another network service corresponding to another network partition (see Salkintzis, fig. 5 and para. 34, where a UE is authenticated with a first/primary network slice and re-authenticated with a second/secondary network slice; see para. 28 where a network slice provide network services).
Farmanbar as modified does not, but Chia discloses:
a single sign-on (SSO) operation (see Chia, para. 23, for a single-sign-on is used when a terminal accesses network services).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Farmanbar's invention by enhancing it for a single sign-on (SSO) operation, as taught by Chia, in order to allow a terminal to access multiple networks using a single-sign-on (Chia, abstract).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Chen et al., US 20170367036 A1, Network Slice Discovery And Selection.
Gage, US 20170332212 A1, Systems and methods for network slice attachment and configuration.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAN V. DOAN whose telephone number is 571-272-3809. The examiner can normally be reached on Monday – Thursday, 9:00am – 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID, can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.