Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted were in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 – 10 and 19 – 27 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 – 6, 8 – 11 and 30 – 49 of U.S. Patent No. 10630661 in view of Agiwal et al (US 20160205555), hereafter Agiwal. 
Instant App. 16826832
U.S. Patent No. 10630661
1. A method of wireless communication at a transmitting wireless device, comprising: generating a first message authentication code for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generating a second message authentication code for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), wherein the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; and transmitting the data packet to the relay UE with at least the first message authentication code and the second message authentication code.
2. The method of claim 1, wherein the transmitting wireless device comprises a UE and the receiving wireless device comprises a network access device.
3. The method of claim 2, further comprising: establishing a connection with the network access device; receiving, from the network access device via the connection, a first indication of the relay UE and a second indication of a data radio bearer (DRB) configuration to use when communicating with the relay UE; and establishing a connection with the relay UE using the DRB configuration.
4. The method of claim 1, wherein the transmitting wireless device comprises a network access device and the receiving wireless device comprises a UE.
5. The method of claim 4, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the method further comprises: transmitting, to the UE, a set of one or more security keys used to communicate with each of the plurality of relay UEs.
6. The method of claim 4, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the method further comprises: transmitting, to each relay UE of the plurality of relay UEs, a respective security key used to communicate with the network access device; and generating a plurality of message authentication codes for the data packet, for the plurality of relay UEs, based on the respective security keys used to communicate with the network access device; wherein the first message authentication code is further generated based at least in part on the plurality of message authentication codes generated for the plurality of relay UEs.
7. The method of claim 4, further comprising: receiving, from the UE, an integrity-protected status report indicating receipt of the data packet at the UE.
8. The method of claim 4, further comprising: establishing a first connection with the UE; identifying the data routing path between the network access device and the UE, the data routing path including at least the relay UE and the DRB configuration; transmitting an indication of at least a first portion of the data routing path to the UE via the first connection; and transmitting an indication of at least a second portion of the data routing path to the relay UE.
9. A method of wireless communication at a relay user equipment (UE), comprising: receiving a data packet associated with at least a first message authentication code and a second message authentication code; determining, based at least in part on a first security key used to communicate with an upstream wireless device for which the relay UE is configured to relay data, that the second message authentication code was generated at least in part by the upstream wireless 8 device; generating, based at least in part on the determination that the second message authentication code was generated at least in part by the upstream wireless device, a third message authentication code for the data packet based at least in part on a second security key used to communicate with a downstream wireless device; and transmitting the data packet to the downstream wireless device with at least an indication of the first message authentication code and the third message authentication code .
10. The method of claim 9, wherein the indication of the first message authentication code comprises the first message authentication code.
19. An apparatus for wireless communication at a transmitting wireless device, comprising: a processor, memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: generate a first message authentication code for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generate a second message authentication code for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), wherein the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; and transmit the data packet to the relay UE with at least the first message authentication code and the second message authentication code.
20. The apparatus of claim 19, wherein the transmitting wireless device comprises a UE and the receiving wireless device comprises a network access device.
21. The apparatus of claim 20, wherein the instructions are further executable by the processor to cause the apparatus to: establish a connection with the network access device; receive, from the network access device via the connection, a first indication of the relay UE and a second indication of a data radio bearer (DRB) configuration to use when communicating with the relay UE; and establish a connection with the relay UE using the DRB configuration.
22. The apparatus of claim 19, wherein the transmitting wireless device comprises a network access device and the receiving wireless device comprises a UE.
23. The apparatus of claim 22, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the instructions are further executable by 4 the processor to cause the apparatus to: transmit, to the UE, a set of one or more security keys used to communicate with each of the plurality of relay UEs.
24. The apparatus of claim 22, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the instructions are further executable by the processor to cause the apparatus to: transmit, to each relay UE of the plurality of relay UEs, a respective security key used to communicate with the network access device; and generate a plurality of message authentication codes for the data packet, for the plurality of relay UEs, based on the respective security keys used to communicate with the network access device; wherein the first message authentication code is further generated based at least in part on the plurality of message authentication codes generated for the plurality of relay UEs.
25. The apparatus of claim 22, wherein the instructions are further executable by the processor to cause the apparatus to: receive, from the UE, an integrity-protected status report indicating receipt of the data packet at the UE.
26. The apparatus of claim 22, wherein the instructions are further executable by the processor to cause the apparatus to: establish a first connection with the UE; identify the data routing path between the network access device and the UE, the data routing path including at least the relay UE and the DRB configuration; transmit an indication of at least a first portion of the data routing path to the UE via the first connection; and transmit an indication of at least a second portion of the data routing path to the relay UE.
27. An apparatus for wireless communication at a relay user equipment (UE), comprising: a processor, 4 memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive a data packet associated with at least a first message authentication code and a second message authentication code; determine, based at least in part on a first security key used to communicate with an upstream wireless device for which the relay UE is configured to relay data, that the second message authentication code was generated at least in part by the upstream wireless device; generate, based at least in part on the determination that the second message authentication code was generated at least in part by the upstream wireless device, a third message authentication code for the data packet based at least in part on a second security key used to communicate with a downstream wireless device; and transmit the data packet to the downstream wireless device with at least an indication of the first message authentication code and the third message authentication code.
1. (Currently amended) A method of wireless communication, comprising, at a wireless device: receiving,first data routing path, the data packet associated with a first message authentication code and a second message authentication code, wherein the relay UE is configured to relay data from the wireless device to the first UE; determining, and the transmission between the wireless device and the relay UE, an indication of at least a second portion of the data using a second data routing path, wherein the first data routing path and the second data routing path are different.
2. The method of claim 1, wherein the wireless device comprises a network access device.
3. The method of claim 2, further comprising, at the wireless device: determining, based at least in part on a third security key used to communicate with a second relay UE, that the first message authentication code was generated at least in part by the second relay UE, the second relay UE configured to relay data from the first UE to the wireless device along the data routing path.
4. The method of claim 3, wherein the determination that the first message authentication code was generated at least in part by the second relay UE is further based at least in part on: a combination of a first counter value written in a header of the data packet by the first UE, and a flow identifier written in the header of the data packet by the first UE; a combination of the first counter value and a locally-stored identifier at the second relay UE associated with a data radio bearer (DRB) over which the data packet is received by or transmitted from the second relay UE; [[or]] a second counter value written in the header of the data packet by the second relay UE; or some combination thereof.
5. The method of claim 4, wherein the header is an enhanced Packet Data Convergence Protocol (ePDCP) header, a security header, or a Layer 2 (L2) header.
6. The method of claim 2, further comprising, at the wireless device: configuring the data routing path; transmitting, to the first UE, an indication of at least a first portion of the data routing path using a first direct connection between the wireless device and the first UE 
8. The method of claim [[7]] 1, wherein the data routing path comprises a plurality of relay UEs including the relay UE, the method further comprising, at the wireless device: transmitting a set of one or more security keys used to communicate with each of the plurality of relay UEs.  
9. The method of claim 8, further comprising, at the wireless device: determining, based at least in part on a third security key used to communicate with a second relay UE configured to relay data from the wireless device to the first UE along    the data routing path, that the first message authentication code was generated at least in part by the second relay UE.  
10. (Currently amended) The method of claim 9, wherein the determination that the first message authentication code was generated at least in part by the second relay UE is further based at least in part on: a combination of a first counter value written in an enhanced Packet Data Convergence Protocol (ePDCP) header of the data packet and a flow identifier written in the ePDCP header of the data packet, a combination of the first counter value and a locally-stored identifier at the second relay UE associated with a data radio bearer (DRB) over which the data packet is received by or transmitted from the second relay UE, [[or]] a second counter value written in the ePDCP header of the data packet by the second relay UE, or some combination thereof.  
11. The method of claim [[7]] 1, further comprising, at the wireless device: receiving an integrity-protected status report indicating receipt of the data packet at the first UE.
30. A wireless device comprising: a transceiver, a processor coupled with the transceiver; and memory coupled with the processor; wherein the processor and the memory are configured to: receive, via the transceiver , wherein the relay UE is configured to relay data from the wireless device to the first UE;           determine, and process, and the transmission between the wireless device and the relay UE, an indication of at least a second portion of the data using a second data routing path, wherein the first data routing path and the second data routing path are different.
31. (New) The wireless device of claim 30, wherein the wireless device comprises a network access device.  
32. (New) The wireless device of claim 31, wherein the processor and the memory are further configured to: determine, based at least in part on a third security key used to communicate with a second relay UE, that the first message authentication code was generated at least in part by the second relay UE, the second relay UE configured to relay data from the first UE to the wireless device along the data routing path.  
33. (New) The wireless device of claim 32, wherein the determination that the first message authentication code was generated at least in part by the second relay UE is further based at least in part on: a combination of a first counter value written in a header of the data packet by the first UE, and a flow identifier written in the header of the data packet by the first UE; a combination of the first counter value and a locally-stored identifier at the second relay UE associated with a data radio bearer (DRB) over which the data packet is received by or transmitted from the second relay UE; a second counter value written in the header of the data packet by the second relay UE; or some combination thereof.  
34. (New) The wireless device of claim 33, wherein the header is an enhanced Packet Data Convergence Protocol (ePDCP) header, a security header, or a Layer 2 (L2) header.
35. The wireless device of claim 31, wherein the processor and the memory are further configured to: configure the data routing path; transmit, via the transceiver to the first UE, an indication of at least a first portion of the data routing path using a first direct connection between the wireless device and the first UE 
36. (New) The wireless device of claim 30, wherein the data routing path comprises a plurality of relay UEs including the relay UE, and wherein the processor and the memory are further configured to: transmit, via the transceiver, a set of one or more security keys used to communicate with each of the plurality of relay UEs.  
37. (New) The wireless device of claim 36, wherein the processor and the memory are further configured to: determine, based at least in part on a third security key used to communicate with a second relay UE configured to relay data from the wireless device to the first UE along the data routing path, that the first message authentication code was generated at least in part by the second relay UE.  
38. (New) The wireless device of claim 37, wherein the determination that the first message authentication code was generated at least in part by the second relay UE is further based at least in part on: a combination of a first counter value written in an enhanced Packet Data Convergence Protocol (ePDCP) header of the data packet and a flow identifier written in the ePDCP header of the data packet, a combination of the first counter value and a locally-stored identifier at the second relay UE associated with a data radio bearer (DRB) over which the data packet is received by or transmitted from the second relay UE, a second counter Page 6 of 12App. No. 15/705,786PATENT Amendment dated August 29, 2019 Reply to Final Office Action dated August 15, 2019 value written in the ePDCP header of the data packet by the second relay UE; or some combination thereof.  
39. (New) The wireless device of claim 30, wherein the processor and the memory are further configured to: receive, via the transceiver, an integrity-protected status report indicating receipt of the data packet at the first UE.
40. (Currently amended) An apparatus for use in a wireless device, the apparatus comprising: means for receiving a data packet from a relay user equipment (UE) configured to relay data from a first UE to the wireless device via a first data routing path, the data packet associated with a first message authentication code and a second message authentication code, wherein the relay UE is configured to relay data from the wireless device to the first UE means for determining, based at least in part on a first security key used to communicate with the first UE, that the first message authentication code was generated at least in part by the first UE; means for determining, based at least in part on a second security key used to communicate with the relay UE, that the second message authentication code was generated at least in part by the relay UE; and means for processing the data packet based at least in part on the determinations that the first message authentication code was generated at least in part by the first UE and the second message authentication code was generated at least in part by the relay UE; and means for transmission between the wireless device and the relay UE, an indication of at least a second portion of the data using a second data routing path, wherein the first data routing path and the second data routing path are different.
45. The apparatus of claim 41, and further comprising: means for configuring the data routing path; means for transmitting, to the first UE, an indication of at least a first portion of the data routing path using a first direct connection between the wireless device and the first UE 
41. The apparatus of claim 41, wherein the wireless device comprises a network access device.  
42. The apparatus of claim 41, and further comprising: means for determining, based at least in part on a third security key used to communicate with a second relay UE, that the first message authentication code was generated at least in part by the second relay UE, the second relay UE configured to relay data from the first UE to the wireless device along the data routing path.  
43. The apparatus of claim 42, wherein the determination that the first message authentication code was generated at least in part by the second relay UE is further based at least in part on: a combination of a first counter value written in a header of the data packet by the first UE, and a flow identifier written in the header of the data packet by the first UE; a combination of the first counter value and a locally-stored identifier at the second relay UE associated with a data radio bearer (DRB) over which the data packet is received by or transmitted from the second relay UE; a second counter value written in the header of the data packet by the second relay LUE; or some combination thereof.  
44. The apparatus of claim 43, wherein the header is an enhanced Packet Data Convergence Protocol (ePDCP) header, a security header, or a Layer 2 (L2) header.  
45. The apparatus of claim 41, and further comprising: means for configuring the data routing path; means for transmitting, to the first UE, an indication of at least a first portion of the data routing path using a first direct connection between the wireless device and the first UE and means for transmitting, to the relay UE, an indication of at least a second portion of the data routing path using a second direct connection between the wireless device and the relay UE.


However, the analogous art Agi teaches receiving,([0017-18] deriving a ProSe traffic key (PTK) of the UE-to-network relay using ProSe group key (PGK)... and transmitting a security key response message comprising at least the PTK, PTK-id, PGK-id of the UE-to-network relay... to the UE-to-network relay. The PTK of the UE-to-network relay is used to derive a security key for communication between the remote-UE and the UE-to-network relay; receiving a security key response message comprising at least one of a proximity-based service (ProSe) traffic key (PTK) of the UE-to-network relay, a PTK identification (ID) and a ProSe group key (PGK) ID, from the a ProSe key management function (PKMF), generating a ProSe encryption key (PEK) of the UE-to-network relay based on the PTK of the UE-to-network);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Patent #: 10630661 to include the idea of transmitting keys to the relay node as taught by Agi so that for establishing a secure communication between a remote-user equipment (UE) and a network relay that belongs to a different group than the remote-UE in a device-to-device (D2D) group communication ([0017]).

Claim Rejections - 35 USC § 101 (Abstract Idea)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


8.	Claims 1 – 12, 14, 15, 17 – 29 is / are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more analyzed according to 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”). The claim recites generating two message authentication codes based on security keys and transmitting the same to the relay device.
Step 1: The claims 1, 9, 19 and 27 do fall into one of the four statutory categories of method and system claims. Nevertheless the claims still is/are considered as abstract idea for the following prongs and reasons.
Step 2A: Prong 1: The limitation of claims 1, 9, 19 and 27 recites: generating two message authentication codes based on security keys and transmitting the same to the relay device, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the human organized way and / or with pen and paper without a generic computer. Except for words ‘processor, memory and apparatus…’, there is nothing in the claim element precludes the step from practically being performed in human organized way and/or with pen and paper. For example, the claimed concept is akin to two persons can generate plurality of pairs of public and private keys and communicate the same via their known third party as intermediary. 
Dependent claims 2 – 8 and 20 – 26 which in turn recite which are the sender and receiver devices, establishing connection and indications of data radio bearer, sending plurality of security keys to the one or more relay nodes, sending acknowledgement for receipt of data and identifying data routing path. Further, claims 10 – 12, 14, 15, 28 and 29 recite combining different message authentication codes generated based on the security keys and generating further message authentication codes is/are mere structural addendums and are other steps that could be performed by human manually with/without need for a computer.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in an human organized way but for the recitation of generic computer components, then it falls within the “certain methods of organizing human activities” grouping of abstract ideas and can be done manually. Accordingly, the claim recites an abstract idea.
Prong 2: This judicial exception is not integrated into a practical application. In particular, the claims do not recite any additional element to perform beyond routine steps of generating two message authentication codes based on security keys and transmitting the same to the relay spec. [0129]) such that it amounts no more than mere instructions to apply the exception using generic computer components). Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore the claims is directed to an abstract idea.
Step 2B: The claims does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, generating two message authentication codes based on security keys and transmitting the same to the relay device amounts to no more than mere instructions to apply the exception using a generic computer terms. Mere instructions to apply an exception using a generic computer components cannot provide an inventive concept. The claims is / are not patent eligible. Therefore all the corresponding dependent claims 2 – 8, 10 – 12, 14, 15, 17, 18, 20 – 26, 28 and 29 are also rejected for the same rationale.
Note: Claims 13, 16 and 30 are considered statutory as they integrate the claimed concept into a practical application are therefore are not rejected under this statute.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1 – 10 and 18 – 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Choyi et al (US Pub. #: 20160065362), hereafter Choy and Agiwal et al (US 20160205555), hereafter Agi.
Claim 1: Choy teaches a method of wireless communication at a transmitting wireless device, comprising: generating a first message authentication code for a data packet based at least in part ([0005] a proximity service security function (PSSF) derives a first intermediate key based on the obtained first key that is associated with the pre-established security association between the first UE and the network entity [127] via packet-switched networks);.
generating a second message authentication code for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE) ([0005] the PSSF derives a second intermediate key based on the obtained second key that is associated with the pre-established security association between the second UE and the network entity);
wherein the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; ([0002] two devices that use proximity services by using D2D communication with other devices that act as a relay node between the two devices);
Choy teaches the claimed concept but is silent on and transmitting the data packet to the relay UE with at least the first message authentication code and the second message authentication code.
However, the analogous art Agi teaches and transmitting the data packet to the relay UE with at least the first message authentication code and the second message authentication code. ([0017] deriving a ProSe traffic key (PTK) of the UE-to-network relay using ProSe group key (PGK)... and transmitting a security key response message comprising at least the PTK, PTK-id, PGK-id of the UE-to-network relay... to the UE-to-network relay. The PTK of the UE-to-network relay is used to derive a security key for communication between the remote-UE and the UE-to-network relay);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Choy to include the idea of transmitting ([0017]).
Claim 2: the combination of Choy and Agi teaches the method of claim 1, wherein the transmitting wireless device comprises a UE and the receiving wireless device comprises a network access device. (Choy: Figs. 1 and 2: UEs are transmitting devices and eNB and PSSF are network access devices).
Claim 3: the combination of Choy and Agi teaches the method of claim 2, further comprising: establishing a connection with the network access device; receiving, from the network access device via the connection, a first indication of the relay UE and a second indication of a data radio bearer (DRB) configuration to use when communicating with the relay UE; and establishing a connection with the relay UE using the DRB configuration. (Choy: [0053] if the eNB is registered to discover ProSe participant UEs, the eNB configures each UE with a public key of the other UE and the eNB provisions the second UE with a public key of first UE. Each UEs encrypts its respective beacon with its private key, and the other UE, decrypts the beacon information using the advertising UE's public key to authenticate the advertising UE. The eNB configures the UE with next hop parameters to derive a shared secret using parameters).
Claim 4: the combination of Choy and Agi teaches the method of claim 1, wherein the transmitting wireless device comprises a network access device and the receiving wireless device comprises a UE. (Choy: see Fig. 7A, wireless devices comprise UEs and transmitting wireless device is PSSF within eNB).
Claim 5: the combination of Choy and Agi teaches the method of claim 4, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the method further comprises: transmitting, to the UE, a set of one or more security keys used to communicate with each of the plurality of relay UEs. (Choy: Fig. 3, [0035]: the first and second cluster heads 306a and 306b provide synchronization, scheduling, and security. Another CH, for instance a third CH 306c, is a trusted entity that is trusted by the first CH 306a and the second CH 306b. Because the UEs 304 trust their respective CH, and because the first and second CH 306a and 306b trust the third CH 306c, the UEs 304 trust the third CH 306c based on transitive trust).
Claim 6: the combination of Choy and Agi teaches the method of claim 4, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the method further comprises: transmitting, to each relay UE of the plurality of relay UEs, a respective security key used to communicate with the network access device; and generating a plurality of message authentication codes for the data packet, for the plurality of relay UEs, based on the respective security keys used to communicate with the network access device; wherein the first message authentication code is further generated based at least in part on the plurality of message authentication codes generated for the plurality of relay UEs. (Choy: Fig. 3, [0035]: the third CH 306c offers security services to UEs 304 in both of the first and second groups 302a and 302b that communicate with one another. Each of the cluster heads 306a-c performs security functions that include serving as an authentication server, a PSSF, a private key generator (PKG) for identity-based encryption (IBE), an identity provider (IdP), a certificate authority, or any appropriate combination thereof A CH that serves as an IdP provides trust within its group or between groups. A CH that serves as a certification authority is an authority for certifications within its group (intra-group CA) or between groups (inter-group CA), [0038] the keys are obtained (Fig. 5), keys are also be derived (generated) and the derived keys are used to encrypt and integrity-protect user data communications).
Claim 7: the combination of Choy and Agi teaches the method of claim 4, further comprising: receiving, from the UE, an integrity-protected status report indicating receipt of the data packet at the UE. (Choy: Fig. 9, [0064] the first UE sends an acknowledgement (Ack) message to the second UE. The acknowledgement message indicates a successful derivation and binding of the session keys).
Claim 8: the combination of Choy and Agi teaches the method of claim 4, further comprising: establishing a first connection with the UE; identifying the data routing path between the network access device and the UE, the data routing path including at least the relay UE and the DRB configuration; transmitting an indication of at least a first portion of the data routing path to the UE via the first connection; and transmitting an indication of at least a second portion of the data routing path to the relay UE. (Choy: [0053, Figs. 3 and 5] if the eNB is registered to discover ProSe participant UEs, the eNB configures each UE with a public key of the other UE and the eNB provisions the second UE with a public key of first UE. Each UEs encrypts its respective beacon with its private key, and the other UE, decrypts the beacon information using the advertising UE's public key to authenticate the advertising UE. The eNB configures the UE with next hop parameters to derive a shared secret using parameters).
Claim 9: Choy teaches a method of wireless communication at a relay user equipment (UE), comprising: receiving a data packet associated with at least a first message authentication code and a second message authentication code; determining, based at least in part on a first security key used to communicate with an upstream wireless device for which the relay UE is configured to relay data, that the second message authentication code was generated at least in part by the upstream wireless device; generating, based at least in part on the determination that the second message authentication code was generated at least in part by the upstream wireless device, a third message authentication code for the data packet based at least in part on a second security key used to communicate with a downstream wireless device; ([0005] a proximity service security function (PSSF) derives a first intermediate key based on the obtained first key that is associated with the pre-established security association between the first UE and the network entity; [0005] the PSSF derives a second intermediate key based on the obtained second key that is associated with the pre-established security association between the second UE and the network entity; [0002] two devices that use proximity services by using D2D communication with other devices that act as a relay node between the two devices; [0046, Fig. 7A] the second UE derives Y from the function of the nonce and the second key, and further decrypts X using Y. The second UE also generates the third key (KeNB).sub.PrAS that is equal to a function of the first intermediate key X and the second intermediate key Y).
Choy teaches the claimed concept but is silent on and transmitting the data packet to the downstream wireless device with at least an indication of the first message authentication code and the third message authentication code.
([0017] deriving a ProSe traffic key (PTK) of the UE-to-network relay using ProSe group key (PGK)... and transmitting a security key response message comprising at least the PTK, PTK-id, PGK-id of the UE-to-network relay... to the UE-to-network relay. The PTK of the UE-to-network relay is used to derive a security key for communication between the remote-UE and the UE-to-network relay);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Choy to include the idea of transmitting keys to the relay node as taught by Agi so that for establishing a secure communication between a remote-user equipment (UE) and a network relay that belongs to a different group than the remote-UE in a device-to-device (D2D) group communication ([0017]).
Claim 10: the combination of Choy and Agi teaches the method of claim 9, wherein the indication of the first message authentication code comprises the first message authentication code. (Agi [0051]: UE-to-network relay sends MAC-I along with the PGK ID and the PTK ID).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Choy to include the idea of transmitting MAC key as taught by Agi so that for establishing a secure communication between a remote-user equipment (UE) and a network relay that belongs to a different group than the remote-UE in a device-to-device (D2D) group communication ([0017]).
Claim 18: the combination of Choy and Agi teaches the method of claim 9, wherein the upstream wireless device and the downstream wireless device are nodes along a data routing path Choy: [0027, 0053, Figs. 3, 5, 7A, 7B] Local path mode refers to a communication between two devices that includes an intermediary between the two devices… if the eNB is registered to discover ProSe participant UEs, the eNB configures each UE with a public key of the other UE and the eNB provisions the second UE with a public key of first UE. Each UEs encrypts its respective beacon with its private key, and the other UE, decrypts the beacon information using the advertising UE's public key to authenticate the advertising UE. The eNB configures the UE with next hop parameters to derive a shared secret using parameters).
Claim 19: Choy teaches an apparatus for wireless communication at a transmitting wireless device, comprising: a processor, memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: generate a first message authentication code for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generate a second message authentication code for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), wherein the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; ([0005] a proximity service security function (PSSF) derives a first intermediate key based on the obtained first key that is associated with the pre-established security association between the first UE and the network entity; [0005] the PSSF derives a second intermediate key based on the obtained second key that is associated with the pre-established security association between the second UE and the network entity; [0002] two devices that use proximity services by using D2D communication with other devices that act as a relay node between the two devices).
Choy teaches the claimed concept but is silent on and transmit the data packet to the relay UE with at least the first message authentication code and the second message authentication code.
However, the analogous art Agi teaches and transmit the data packet to the relay UE with at least the first message authentication code and the second message authentication code. ([0017] deriving a ProSe traffic key (PTK) of the UE-to-network relay using ProSe group key (PGK)... and transmitting a security key response message comprising at least the PTK, PTK-id, PGK-id of the UE-to-network relay... to the UE-to-network relay. The PTK of the UE-to-network relay is used to derive a security key for communication between the remote-UE and the UE-to-network relay);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Choy to include the idea of transmitting keys to the relay node as taught by Agi so that for establishing a secure communication between a remote-user equipment (UE) and a network relay that belongs to a different group than the remote-UE in a device-to-device (D2D) group communication ([0017]).
Claim 20: the combination of Choy and Agi teaches the apparatus of claim 19, wherein the transmitting wireless device comprises a UE and the receiving wireless device comprises a network access device. (Choy: Figs. 1 and 2: UEs are transmitting devices and eNB and PSSF are network access devices).
Claim 21: the combination of Choy and Agi teaches the apparatus of claim 20, wherein the instructions are further executable by the processor to cause the apparatus to: establish a connection with the network access device; receive, from the network access device via the Choy: [0053] if the eNB is registered to discover ProSe participant UEs, the eNB configures each UE with a public key of the other UE and the eNB provisions the second UE with a public key of first UE. Each UEs encrypts its respective beacon with its private key, and the other UE, decrypts the beacon information using the advertising UE's public key to authenticate the advertising UE. The eNB configures the UE with next hop parameters to derive a shared secret using parameters).
Claim 22: the combination of Choy and Agi teaches the apparatus of claim 19, wherein the transmitting wireless device comprises a network access device and the receiving wireless device comprises a UE. (Choy: see Fig. 7A, wireless devices comprise UEs and transmitting wireless device is PSSF within eNB).
Claim 23: the combination of Choy and Agi teaches the apparatus of claim 22, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the instructions are further executable by 4 the processor to cause the apparatus to: transmit, to the UE, a set of one or more security keys used to communicate with each of the plurality of relay UEs. (Choy: Fig. 3, [0035]: the first and second cluster heads 306a and 306b provide synchronization, scheduling, and security. Another CH, for instance a third CH 306c, is a trusted entity that is trusted by the first CH 306a and the second CH 306b. Because the UEs 304 trust their respective CH, and because the first and second CH 306a and 306b trust the third CH 306c, the UEs 304 trust the third CH 306c based on transitive trust).
Claim 24: the combination of Choy and Agi teaches the apparatus of claim 22, wherein the data packet is transmitted from the network access device to the UE via the data routing path, the data routing path comprises a plurality of relay UEs including the relay UE, and the instructions are further executable by the processor to cause the apparatus to: transmit, to each relay UE of the plurality of relay UEs, a respective security key used to communicate with the network access device; and generate a plurality of message authentication codes for the data packet, for the plurality of relay UEs, based on the respective security keys used to communicate with the network access device; wherein the first message authentication code is further generated based at least in part on the plurality of message authentication codes generated for the plurality of relay UEs. (Choy: Fig. 3, [0035]: the third CH 306c offers security services to UEs 304 in both of the first and second groups 302a and 302b that communicate with one another. Each of the cluster heads 306a-c performs security functions that include serving as an authentication server, a PSSF, a private key generator (PKG) for identity-based encryption (IBE), an identity provider (IdP), a certificate authority, or any appropriate combination thereof A CH that serves as an IdP provides trust within its group or between groups. A CH that serves as a certification authority is an authority for certifications within its group (intra-group CA) or between groups (inter-group CA), [0038] the keys are obtained (Fig. 5), keys are also be derived (generated) and the derived keys are used to encrypt and integrity-protect user data communications).
Claim 25: the combination of Choy and Agi teaches the apparatus of claim 22, wherein the instructions are further executable by the processor to cause the apparatus to: receive, from the UE, an integrity-protected status report indicating receipt of the data packet at the UE. (Choy: Fig. 9, [0064] the first UE sends an acknowledgement (Ack) message to the second UE. The acknowledgement message indicates a successful derivation and binding of the session keys).
Claim 26: the combination of Choy and Agi teaches the apparatus of claim 22, wherein the instructions are further executable by the processor to cause the apparatus to: establish a first connection with the UE; identify the data routing path between the network access device and the UE, the data routing path including at least the relay UE and the DRB configuration; transmit an indication of at least a first portion of the data routing path to the UE via the first connection; and transmit an indication of at least a second portion of the data routing path to the relay UE. (Choy: [0053, Figs. 3 and 5] if the eNB is registered to discover ProSe participant UEs, the eNB configures each UE with a public key of the other UE and the eNB provisions the second UE with a public key of first UE. Each UEs encrypts its respective beacon with its private key, and the other UE, decrypts the beacon information using the advertising UE's public key to authenticate the advertising UE. The eNB configures the UE with next hop parameters to derive a shared secret using parameters).
Claim 27: Choy teaches an apparatus for wireless communication at a relay user equipment (UE), comprising: a processor, 4 memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive a data packet associated with at least a first message authentication code and a second message authentication code; determine, based at least in part on a first security key used to communicate with an upstream wireless device for which the relay UE is configured to relay data, that the second message authentication code was generated at least in part by the upstream wireless device; generate, based at least in part on the determination that the second message authentication code was generated at least in part by the upstream wireless device, a third message authentication [0005] a proximity service security function (PSSF) derives a first intermediate key based on the obtained first key that is associated with the pre-established security association between the first UE and the network entity; [0005] the PSSF derives a second intermediate key based on the obtained second key that is associated with the pre-established security association between the second UE and the network entity; [0002] two devices that use proximity services by using D2D communication with other devices that act as a relay node between the two devices; [0046, Fig. 7A] the second UE derives Y from the function of the nonce and the second key, and further decrypts X using Y. The second UE also generates the third key (KeNB).sub.PrAS that is equal to a function of the first intermediate key X and the second intermediate key Y).
Choy teaches the claimed concept but is silent on and transmit the data packet to the downstream wireless device with at least an indication of the first message authentication code and the third message authentication code.
However, the analogous art Agi teaches and transmit the data packet to the downstream wireless device with at least an indication of the first message authentication code and the third message authentication code. ([0017] deriving a ProSe traffic key (PTK) of the UE-to-network relay using ProSe group key (PGK)... and transmitting a security key response message comprising at least the PTK, PTK-id, PGK-id of the UE-to-network relay... to the UE-to-network relay. The PTK of the UE-to-network relay is used to derive a security key for communication between the remote-UE and the UE-to-network relay);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Choy to include the idea of transmitting ([0017]).

Allowable Subject Matter
Claims 11 – 17 and 28 – 30 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
1. Phuyal et al (US 20160192439): NETWORK-INITIATED DISCOVERY AND PATH SELECTION PROCEDURES FOR MULTI-HOP UNDERLAY NETWORKS.
2. Ulupinar et al (US 8867428): Split-cell relay application protocol.
3. Lin; Tzu-Ming (US 8605904): Security method in wireless communication system having relay node.
4. Pan et al (US 20160323777): METHOD AND APPARATUS FOR SUPPORTING UE-TO-NETWORK RELAY BASED ON DEVICE TO DEVICE SERVICE IN A WIRELESS COMMUNICATION SYSTEM.
5. MORITA et al (US 20160219051): RELAY APPARATUS, TERMINAL APPARATUS, AND COMMUNICATION METHOD.
6. Bao et al (US 20100250922): METHOD AND SYSTEM FOR PROPAGATING TRUST IN AN AD HOC WIRELESS COMMUNICATION NETWORK.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BADRINARAYANAN /Examiner, Art Unit 2438.