Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application is a continuation of International Application No. PCT/CN2016/072652, filed on Jan. 29, 2016, which claims priority to Chinese Patent No. 201510344865.4, filed on Jun. 19, 2015.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/16/2020 has been entered.
DETAILED ACTION
This office action is in response to a Request for Continued Examination (RCE) application received on 09/16/2020. In the RCE, applicant has amended independent claims 1 and 12 and added a new dependent claim 21. Claims 2-11 and 13-20 remain original. No claims have been cancelled. 
For this office action, claims 1-21 have been received for consideration and have been examined. 


Response to Arguments
Claim rejection under 35 U.S.C. § 103
Applicant’s arguments with respect to claims 1-21 have been considered but are moot because after reviewing new amendments to the independent claims and addition of a dependent claim, has changed the ground of rejection specifically challenged in the argument. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-14 and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over McCann et al., (US-20110302244-A1) in view of McCann et al., (US-20110126277-A1) and further in view of Lalonde et al., (US-7831671-B2).
Regarding claims 1 and 12, McCann’44 discloses:
A method, comprising:
i.e. Diameter Agent 106), a first diameter request message (i.e. Diameter CancelLocation (CLR) message) sent by a home subscriber server (HSS) (i.e. HSS) (As illustrated in FIG. 4, Step (1) [0031]), 
wherein the first diameter request message carries a first source domain name (i.e. origin-Realm = VZW.NET) and a first user identity (i.e. user-name: IMSI1) (See FIG. 4, Step (1), para [0030] & [0031]), and wherein the device is a diameter agent (i.e. Diameter Agent 106);
wherein the message is a diameter request message, the first source attribute is a domain name and the first alleged attribute is a first user identity (See FIG. 4, Step (1), para [0030] & [0031]);
McCann’44 fails to disclose:
	determining, by the device, whether the network request is compliant based on a network policy; and when the network request is not compliant, discarding the first diameter message, or sending a first diameter response message to the HSS, the first diameter response message carrying a first failure code; or
	wherein determining the message is compliant comprises: determining whether a first binding relationship between a message’s first source attribute and a message’s first alleged attribute is correct based on a preconfigured correct binding relationship between a preconfigured source attribute and a preconfigured alleged attribute; or
	wherein the message is not compliant when the first binding relationship between first source attribute and the first alleged attribute is incorrect.
However, McCann’77 discloses:
i.e. Diameter routing and firewall filtering at Diameter signaling router; See para [0007-0008]); and 
when the network request is not compliant (i.e. fails to satisfy the policy), discarding the first diameter message, or sending a first diameter response message to the HSS, the first diameter response message carrying a first failure code (See para [0097] & [0099]).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the McCann’44 reference and include Diameter routing and firewall filtering at a diameter agent, as disclosed by McCann’77.
	The motivation to include Diameter routing and firewall filtering is to determine whether the diameter message satisfies a network policy in order to prevent suspicious network activities. 
The combination of McCann’44 & McCann’77 fails to disclose:
wherein determining the message is compliant comprises: determining whether a first binding relationship between a message’s first source attribute and a message’s first alleged attribute is correct based on a preconfigured correct binding relationship between a preconfigured source attribute and a preconfigured alleged attribute; or
	wherein the message is not compliant when the first binding relationship between first source attribute and the first alleged attribute is incorrect.
However, Lalonde discloses an antispoofing mechanism that uses binding relationships between known attribute information of a message against alleged information:
wherein determining a message is compliant with a network policy comprises determining whether a binding relationship between a message’s first source attribute (originator details) and message’s first alleged attribute (“From” details) is correct based on a preconfigured correct binding relationship between a preconfigured source attribute and preconfigured alleged attribute (See FIG. 4 and 5 flow diagram for comparing originator data, included in a header of a message such as email, for looking up the correctness of alleged attributes; See steps 92-94-98 in Col. 4; Line # 53-67 – Col. 5, Line # 1-20; Also see FIG. 6 for another exemplary embodiment of the invention, where the alleged information is domain name within “FROM” field, and source attributes are IP address of actual sender); and 
wherein the message is not compliant when the first binding relationship between first source attribute and the first alleged attribute is incorrect (See FIG. 4, Steps 92-94-96 and associated text).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the McCann’44 & McCann’77 references and implement an antispoofing via lookup mechanism at a diameter agent firewall, which would verify the alleged attribute information in a diameter CancelLocation request (i.e., the IMSI value) with the known originator data (i.e., the domain information in the header of the CancelLocation request).

Regarding claim 12, it is an apparatus claim and recites the same concept as claim 1 and therefore rejected on same grounds. 
Regarding claims 2 & 13, the combination of McCann’44, McCann’77 & Lalonde discloses:
	The method according to claim l, further comprising: receiving, by the device, a second diameter request message sent by the HSS, wherein the second diameter request message carries a second source domain name and a second user identity; determining, by the device, that a second binding relationship between the second source domain name and the second user identity is correct; when the second binding relationship is correct, determining, according to the second diameter request message, whether a diameter relay agent (DRA) exists between the device and the HSS; and when the DRA exists between the device and the HSS, continuing to perform service processing (McCann’77: FIG. 3; [0029] & [0093]; See also Lalonde for determining alleged attribute is correct for originator data).
	Regarding claim 13, it is an apparatus claim and recites the same concept as claim 2 and therefore rejected on same grounds. 
Regarding claims 3 & 14, the combination of McCann’44, McCann’77 & Lalonde discloses:
The method according to claim 2, wherein the diameter request message further carries a source IP address, and the method further comprises:
when the DRA does not exist between the device and the HSS, determining whether a third binding relationship, is correct, wherein the third binding relationship is between the source IP address and the at least one of: the second source domain name (McCann’77: [0072]);
(McCann’77: [0098] & [0099]); and
when the third binding relationship is correct, continuing to perform the service processing (McCann’77: [0034]).
Regarding claim 14, it is an apparatus claim and recites the same concept as claim 3 and therefore rejected on same grounds.
Regarding claim 7, the combination of McCann’44, McCann’77 & Lalonde discloses:
The method according to claim 2, wherein the second diameter request message is a cancel location request message, and a cancel type parameter carried in the cancel location request message represents an MME update process or an SGSN update process, and the device continuing to perform the service processing comprises (McCann’44: [0040] In one embodiment, the received Diameter messages may include one or more messages defined in the technical specification incorporated in its entirety above. For example, the Diameter messages may include … a CancelLocation Request (CLR) message):
determining whether a context request message or an identification request message is received (McCann’ 77: [0094]); 
when the context request message or the identification request message is not received, discarding the second diameter request message, or sending a fourth diameter response message to the HSS, the fourth diameter response message carrying a fourth failure code (McCann’77: [0097] & [0098]); and
(McMann’77: [0097]).
Regarding claims 8 & 18, the combination of McCann’44, McCann’77 & Lalonde discloses:
The method according to claim 1, wherein the first failure code indicates that continuing to process the first diameter request message is rejected or not allowed (McCann’77: [0098]).
Regarding claim 18, it is an apparatus claim and recites the same concept as claim 8 and therefore rejected on same grounds.
Regarding claims 9 & 19, the combination of McCann’44, McCann’77 & Lalonde discloses:
The method according to claim 1, wherein the first diameter request message is a cancel location request message, an insert subscriber data request message, a delete subscriber data request message, or a reset request message (McCann’77: [0040]).
Regarding claim 19, it is an apparatus claim and recites the same concept as claim 9 and therefore rejected on same grounds.
Regarding claims 10 & 20, the combination of McCann’44, McCann’77 & Lalonde discloses:
The method according to claim 1, wherein the first diameter response message is a cancel location response message, an insert subscriber data response message, a delete subscriber data response message, or a reset response message (McCann’77: [0040]).
Regarding claim 20, it is an apparatus claim and recites the same concept as claim 10 and therefore rejected on same grounds.
Regarding claim 11, the combination of McCann’44, McCann’77 & Lalonde discloses:

determining whether a plurality of second binding relationships between the second source domain name and a plurality of user identities in the user identity list are correct (McCann’77: [0151]).
Regarding claim 21, the combination of McCann’44, McCann’77 & Lalonde discloses:
	The method of claim 1, further comprising: before the receiving the first diameter request message:
receiving, by the device, a message sent by the HSS in a user equipment (UE) attach process or in a tracking area update (TAU) process, the message being different from the first diameter request message, the message including a source domain name and a user identity (McCann’77: [0042-0043]); and
saving, by the device, a binding relationship between the source domain name in the message and the user identity in the message as the preconfigured correct binding relationship, wherein the discarding or the sending comprises:
determining, by the device, that the first diameter request message is part of a denial of service (DOS) attack from the HSS whose source domain name belonging to a second operator, the second operator being different from a first operator to which the first user identity belongs (McCann’77: [0102]); and
McCann’77: [0098]).

Claims 4-6 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over McCann et al., (US-20110126277-A1) in view of McCann et al., (US-20110126277-A1) in view of Lalonde et al., (US-7831671-B2) and further in view of Non-Patent Literature (NPL) Titled “3GPP_Technical_Sprecification_29.272_V13.1.0_(Dated: 2015-03)”, PDF copy of which is attached.
Regarding claims 4 and 15, the combination of McCann’44, McCann’77 & Lalonde fails to disclose:
The method according to claim 2, further comprising:
when the DRA does not exist between the device and the HSS, continuing to perform the service processing.
However, 3GPP NPL Document discloses:
when the DRA does not exist between the device and the HSS, continuing to perform the service processing (3GPP NPL Document: Page # 53, Section 7.1.2; [3rd para] If there are no intermediate Diameter Agent networks located between the visited PLMN and the home PLMN, the HSS or the first Diameter Agent located in the home PLMN which has direct connection with the serving network is required to check that the realm contained in the Origin-Realm AVP in the request from the serving network corresponds to the right serving network).
Regarding claim 15, it is an apparatus claim and recites the same concept as claim 4 and therefore rejected on same grounds.

The motivation to check the contents diameter request message originated from HSS and received by MME is to be able detect and prevent diameter signaling attack on MME.
Regarding claims 5 and 16, the combination of McCann’44, McCann’77, Lalonde and 3GPP NPL document discloses:
The method according to claim 2, wherein the second diameter request message further carries a source IP address, and when the DRA exists between the diameter agent and the HSS, the continuing to perform the service processing comprises:
when the DRA exists between the diameter agent and the HSS, determining whether the second source domain name is consistent with a domain name of the diameter agent (3GPP NPL Document: Page # 53, Section 7.1.2, [para 4th and 5th] If there are intermediate Diameter Agent networks located between the visited PLMN and home PLMN, the first Diameter Agent which has direct connection with the serving network is required to check that the realm contained in the Origin-Realm AVP in the request from the serving network corresponds to the right serving network. NOTE 1: How to do the above check is implementation specific, e.g. it may be done by checking if the IP addresses of the serving network nodes match with the realm received in the Origin-Realm AVP in the request);
when the second source domain name is consistent with the domain name of the diameter agent, determining whether the source IP address belongs to an IP network segment of a (3GPP NPL Document: Page # 53, Section 7.1.2, [para 4th and 5th] If there are intermediate Diameter Agent networks located between the visited PLMN and home PLMN, the first Diameter Agent which has direct connection with the serving network is required to check that the realm contained in the Origin-Realm AVP in the request from the serving network corresponds to the right serving network. NOTE 1: How to do the above check is implementation specific, e.g. it may be done by checking if the IP addresses of the serving network nodes match with the realm received in the Origin-Realm AVP in the request);
when the source IP address does not belong to the IP network segment, discarding the second diameter request message or sending a third diameter response message to the HSS, wherein the third diameter response message carries a third failure code (McCann: [0098] In one embodiment, mitigating actions may include, but are not limited to, discarding a Diameter message).
Regarding claim 16, it is an apparatus claim and recites the same concept as claim 5 and therefore rejected on same grounds.
Regarding claims 6 and 17, the combination of McCann’44, McCann’77, Lalonde and 3GPP NPL document discloses:
The method according to claim 2, wherein determining, according to the second diameter request message, whether the DRA exists between the device and the HSS comprises:
when the second diameter request message does not carry a route record parameter, determining that the DRA does not exist between the device and the HSS (3GPP NPL Document: Page # 53, Section 7.1.2, [3rd para] If there are no intermediate Diameter Agent 
when the second diameter request message carries a route record parameter, determining that the DRA exists between the device and the HSS (3GPP NPL Document: Page # 54, Section 7.1.6, [4th para] If an MME or SGSN knows only the home network domain name for a certain user, the Destination-Realm AVP shall be present and the command shall be routed to the next Diameter node).
Regarding claim 17, it is an apparatus claim and recites the same concept as claim 6 and therefore rejected on same grounds.
Conclusion
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018.  The examiner can normally be reached on 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432