DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 1, 11 and 16 objected to because of the following informalities:  
-Claim 1: semicolon “;” missing after first limitation “receiving …..the packet data unit session of the UE”;
-Claim 11: last limitation “an processor, ….” seems to have meant “the processor” instead of “an processor”; 
-Claim 16: preamble has repetitive words in “…the data-network network comprising…” and also missing semicolon “;” in “generate a session …… UE needs to be processed and” between the last two words.  
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-3, 5-9, 11-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2018/0227302, hereinafter “Lee”) in view of Youn et al. (US 2018/0376446, hereinafter “Youn”) and further in view of Yin et al. (US 2017/0171187, hereinafter “Yin”).
For claims 1 and 11, Lee discloses A session processing method providing a data network control of a packet data unit session (Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE); see Lee Abstract), the method comprising: 
receiving, by a session management function network element (SMF), a session establishment request from user equipment (UE) for establishing the packet data unit session (At 560, UE 115 may transmit a service session request message to AMF component 405-a. In some examples, the service session request message may be to establish a PDU session for a logical data network (i.e., network slice) associated with UE 115.…. At 560-a, AMF 405-a may transmit the service session request message to the SMF component 505; see par. 0108-0109 and Fig. 5B), wherein the SMF is a control plane network element in the data network (In the next generation, NR, mm W, or 5G network-session management may be performed by a session management function (SMF); see par. 0040, 0081, 0106 and Fig. 4), and is responsible for establishing and managing the packet data unit session of the UE (The SMF, in some 
determining, by the SMF, a session address to be used by a session of the UE (SMF component 505 may determine session parameters based on UE 115 subscription profile, a logical data network policy, a third-party authorization, or any combination thereof. As a result, SMF component 505 may determine a session policy for the service session request message; see par. 0109 and Fig. 5B); 
sending, by the SMF, a data network access request to a data-network network element in the data network for authenticating and authorizing the packet data unit session (The session policy determination may need a secondary (EAP) authentication between the UE 115 and the third party AAA component 445-a associated with the service session request message (or data network access). At 570, the SMF component 505 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445-a; see par. 0110 and Fig. 5B); 
receiving, by the SMF, a response message sent by the data-network network element, wherein the response message instructs the SMF to allow the UE to access a data network (At 575, the third-party AAA component 445-a may derive an SMF key and transmit a key response message including the SMF key to the SMF component 505. The third party AAA component 445-a may control whether an SMF component 505 is authorized to serve UE 115 by strictly sending the SMF key to an authorized SMF component 505. In some examples, the third-party AAA component 445-a may transmit the key response message based on verifying that the UE is authorized to establish the PDU session; see par. 0111 and Fig. 5B); and 
establishing, by the SMF, the data packet unit session of the UE (At 580, SMF component 505 may generate an authorization token. In some aspects, SMF component 505 may generate the authorization token based a message authentication code (MAC) function; see par. 0112 and Fig. 5B).
Lee does not explicitly disclose a data network control of a packet data session based on detecting an abnormal status so that the packet data unit session can be deleted or modified by the data network.  Youn discloses a data network control of a packet data unit session based on detecting an abnormal status so that the packet data unit session can be deleted or modified by the data network (One PDU session belongs to only a specific one network slice instance for each PLMN… A network may change an already selected network slice instance depending on a local policy and the mobility, subscription information change, etc. of a UE… A network may change a set of allowed network slice(s) with which a UE has been registered based on a local policy, a subscription information change and/or the mobility of the UE. A network may perform such a change during a registration procedure or may notify a UE of a change of a supported network slice(s) using a procedure capable of triggering a registration procedure; see Youn par. 0269-0270 and also 0283-0288). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Youn's arrangement in Lee's invention to propose the triggered access deregistration procedure in accordance with the initiation of a network (see Youn par. 0005).
Lee suggests that the service session request message may include one or more session parameters. The one or more session parameters may include a security algorithm, a QoS, etc. Additionally, the service session request message may include a logical network ID or a UE ID, wherein the data network access request comprises the session address and an identifier of the UE (the network traffic may include information identifying a source of the network traffic (e.g., UE 205, based on a device identifier and/or a network address), a destination of the network traffic ( e.g., application device 255, based on a device identifier and/or a network address), a session identifier identifying the network session, an application identifier
identifying an application that caused UE 205 to provide the network traffic, or the like; see Yin par. 0077, 0080 and 0084 and Figs. 6 and 7). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Yin's arrangement in Lee's invention to improve security of the secure authentication process by preventing parties that do not have a corresponding private key from obtaining the session identifier, or from tampering with the session identifier, via the UE (see Yin par. 0089).
Specifically for claim 11, Lee discloses A session management function network element (SMF) in a data network and responsible for establishing and managing a packet data unit session of a user equipment (UE) (FIG. 6 shows a block diagram 600 of a wireless device 605 that supports session management authorization token; see par. 0113 and Fig. 6), the SMF comprising: 
a processor in communication a storage medium that includes one or more executable instructions for execution by the processor (Wireless device 605 may also include a processor. Each of these components may be in communication with one another (e.g., via one or more buses); see par. 0113 and Fig. 6); 
a receiver; a transmitter (Wireless device 605 may include receiver 610, network device session authorization manager 615, and transmitter 620; see par. 0113 and Fig. 6);  
For claims 2 and 12, the combination of Lee and Yin does not explicitly disclose The method according to claim 1, wherein after establishing the session of the UE, the method further comprises: receiving, by the SMF, a session processing request triggered by the data-network network element, and processing the data packet unit session of the UE according to the session processing request. Youn discloses The method according to claim 1, wherein after establishing the session of the UE, the method further comprises: receiving, by the SMF, a session processing request triggered by the data-network network element, and processing the data packet unit session of the UE according to the session processing request (A PDU session is established using NAS SM signaling exchanged between a UE and an SMF through N1 (upon UE request), modified (upon UE and 5GC request), and released (upon UE and 5GC request). Upon request from an application server, 5GC may trigger a specific application within a UE. When the UE receives a trigger message, it transfers the corresponding message to an identified application. The identified application may establish a PDU session with a specific DNN; see Youn par. 0296). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Youn's arrangement in Lee's invention to propose the triggered access deregistration procedure in accordance with the initiation of a network (see Youn par. 0005).
For claims 3 and 13, the combination of Lee and Youn does not explicitly disclose The method according to claim 1, wherein determining the session address to be used by the data packet unit session of the UE comprises allocating, by the SMF, an IP address to the UE as the The method according to claim 1, wherein determining the session address to be used by the data packet unit session of the UE comprises allocating, by the SMF, an IP address to the UE as the session address (The network session record may include, for example, a session identifier (e.g., a string of one or more characters identifying the network session), a network address associated with UE 205 ( e.g., an IP address, a network port, a combination of an IP address and a network port, a URL, a URI, etc.), a network address associated with application device 255 (e.g., an IP address, a network port, a combination of an IP address and a network port, a URL, a URI, etc.), a device identifier associated with UE 205, a time at which the network session was established, or the like; see Yin par. 0075). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Yin's arrangement in Lee's invention to improve security of the secure authentication process by preventing parties that do not have a corresponding private key from obtaining the session identifier, or from tampering with the session identifier, via the UE (see Yin par. 0089).
For claims 5 and 15, the combination of Lee and Yin does not explicitly disclose The method according to claim 2, wherein processing the session of the UE according to the session processing request comprises deleting the session of the UE or modifying the session of the UE. Youn discloses The method according to claim 2, wherein processing the session of the UE according to the session processing request comprises deleting the session of the UE or modifying the session of the UE (The SMF transmits a delete tunnel request message for delete the tunnel to all UPFs allocated for the session to delete the contexts for all sessions. In this case, the delete request message may include a PDU ID for identifying a PDU as a delete request target; see Youn par. 0522 and Fig. 17). It would have been obvious to the ordinary 
For claims 6 and 16, Lee discloses A session processing method providing control to a data network of a packet data unit session (Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE); see Lee Abstract) based on detecting an abnormal status so that the packet data unit session can be deleted or modified by the data network, the method comprising: 
receiving, by a data-network network element in the data network for authenticating and authorizing the packet data unit session, a data network access request sent by a session management function network element (SMF) (At 570, the SMF component 505 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445-a. In some examples, the authentication message exchanges may be delivered over a SM NAS connection between the UE 115 and the SMF component 505, and over an SM NAS connection between the SMF component 505 and the third-party AAA component 445-a; see par. 0110 and Fig. 5B) for establishing and managing the packet data unit session of the UE (The SMF, in some examples, may authorize the PDU session for the network slice based on a subscription of the UE; see par. 0041), 
wherein the SMF is a control plane network element in the data network (In the next generation, NR, mm W, or 5G network-session management may be performed by a session management function (SMF); see par. 0040, 0081, 0106 and Fig. 4); 
sending, by the data-network network element, a response message to the SMF, wherein the response message instructs the SMF to allow the UE to access the data network, so that the SMF establishes the packet data unit session of the UE (At 575, the third-party AAA component 445-a may derive an SMF key and transmit a key response message including the SMF key to the SMF component 505. The third party AAA component 445-a may control whether an SMF component 505 is authorized to serve UE 115 by strictly sending the SMF key to an authorized SMF component 505; see par. 0111 and Fig. 5B); and 
detecting, by the data-network network element based on the session address or the identifier of the UE, that the packet data unit session of the UE needs to be processed (In some examples, the third-party AAA component 445-a may transmit the key response message based on verifying that the UE is authorized to establish the PDU session; see par. 0111 and Fig. 5B), generating a session processing request, and instructing, by using the session processing request, the SMF to process the packet data unit session of the UE (At 580, SMF component 505 may generate an authorization token. In some aspects, SMF component 505 may generate the authorization token based a message authentication code (MAC) function; see par. 0112 and Fig. 5B).
Lee does not explicitly disclose a data network control of a packet data session based on detecting an abnormal status so that the packet data unit session can be deleted or modified by the data network.  Youn discloses a data network control of a packet data unit session based on detecting an abnormal status so that the packet data unit session can be deleted or modified by the data network (One PDU session belongs to only a specific one network slice instance for each PLMN… A network may change an already selected network slice instance 
The combination of Lee and Youn does not explicitly disclose wherein the data network access request comprises an identifier of user equipment (UE) and a session address to be used by the UE, and. Yin discloses wherein the data network access request comprises an identifier of user equipment (UE) and a session address to be used by the UE, and (the network traffic may include information identifying a source of the network traffic (e.g., UE 205, based on a device identifier and/or a network address), a destination of the network traffic ( e.g., application device 255, based on a device identifier and/or a network address), a session identifier identifying the network session, an application identifier identifying an application that caused UE 205 to provide the network traffic, or the like; see Yin par. 0077, 0080 and 0084 and Figs. 6 and 7). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Yin's arrangement in Lee's invention to improve security of the secure authentication process by preventing parties that do not have a corresponding private 
Specifically for claim 16, Lee discloses A data-network network element in a data network and responsible for authenticating and authorizing a packet data unit session of a user equipment (UE) (FIG. 7 shows a block diagram 700 of a wireless device 705 that supports session management authorization token; see par. 0119 and Fig. 7), the data-network network comprising: 
a processor in communication a storage medium that includes one or more executable instructions for execution by the processor; a receiver; a transmitter; (Wireless device 705 may include receiver 710, network device session authorization manager 715, and transmitter 720. Wireless device 705 may also include a processor. Each of these components may be in communication with one another (e.g., via one or more buses); see par. 0119 and Fig. 7). 
For claims 7 and 17, Lee discloses The method according to claim 6, wherein the data network access request is an authentication request (SMF component 505 may determine a session policy for the service session request message. The session policy determination may need a secondary (EAP) authentication between the UE 115 and the third party AAA component 445-a associated with the service session request message (or data network access); see par. 0109), the response message is an authentication response message that carries an authentication success identifier
For claims 8 and 18, Lee discloses The method according to claim 6, wherein the data network access request is an authentication request carrying an authorization request identifier (SMF component 230 may, additionally, generate the authorization token based on the SMF key and one or more additional session parameters. For example, SMF component 230 may generate the authorization token based on the SMF key, a session request parameter, logical data network ID, an SMF ID, a session counter, a session management message counter, a hash of the at least one of the selected security algorithms, a hash of the at least one of the session request parameters, session policy for the PDU session, or a combination thereof. In some aspects, the session counter may be associated with a number of session that UE 115 has requested since joining a network; see par. 0074), and the response message is an authentication response message carrying authentication success and authorization success identifiers (The session response acknowledgment message may indicate reception of the session response message including the authorization token; see par. 0112, 0122, 0126).
For claims 9 and 19, Lee discloses The method according to claim 6, wherein the data network access request is an authorization request, the response message is an authorization response message and the authorization response message carries an authorization success identifier.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Lee, Youn and Yin, and further in view of Faccin et al. (US 2018/0227743, hereinafter “Faccin”) .
For claim 4, the combination of Lee and Yin does not explicitly disclose The method according to claim 2, wherein receiving the session processing request triggered by the data-network network element comprises: receiving, by the SMF, a first session processing request sent by the data-network network element; or receiving, by the SMF, a third session processing request sent by a policy control function network element, wherein the third session processing request is sent to the SMF after the policy control function network element receives a second session processing request sent by the data-network network element, and wherein the policy control function network element is a control plane network element configured to provide a packet data unit session policy for the SMF. 
Youn discloses The method according to claim 2, wherein receiving the session processing request triggered by the data-network network element comprises: receiving, by the SMF, a first session processing request sent by the data-network network element (A PDU session is established using NAS SM signaling exchanged between a UE and an SMF through N1 (upon UE request), modified (upon UE and 5GC request), and released (upon UE and 5GC request). Upon request from an application server, 5GC may trigger a specific application within a UE. When the UE receives a trigger message, it transfers the corresponding message to an identified application. The identified application may establish a PDU session with a specific DNN; see Youn par. 0296); or It would have been obvious to the ordinary skilled in the art before the effective filing date to use Youn's arrangement in Lee's invention to propose the 
The combination of Lee, Youn and Yin does not explicitly disclose receiving, by the SMF, a third session processing request sent by a policy control function network element, wherein the third session processing request is sent to the SMF after the policy control function network element receives a second session processing request sent by the data-network network element, and wherein the policy control function network element is a control plane network element configured to provide a packet data unit session policy for the SMF. Faccin discloses receiving, by the SMF, a third session processing request sent by a policy control function network element, wherein the third session processing request is sent to the SMF after the policy control function network element receives a second session processing request sent by the data-network network element (At 312, if the DN implements dynamic PCC, SMF 225-c may select a PCF (e.g., PCF 240-a). In some cases, at 314, SMF 225-c may establish a PDU-connectivity access network (PDU-CAN) session with PCF 240-a. Based on the PDU-CAN session, SMF 225-c may receive default PCC rules for the PDU session from PCF 240-a; see Faccin par. 0079, 0098 and Fig. 3), and wherein the policy control function network element is a control plane network element configured to provide a packet data unit session policy for the SMF(an SMF 225 may retrieve policy and charging control (PCC) rules from a PCF 240 over communication links 270. The PCC rules may be based on information the PCF 240 retrieved from an AF 245 over communication link 272; see Faccin par. 0061 and Fig. 3). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Faccin's arrangement in Lee's invention so that a connectivity session manager and an access and .
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee, Youn, Yin and Faccin, and further in view of Chen et al. (US 2017/0238237, hereinafter “Chen”).
For claims 10 and 20, the combination of Lee, Youn, Yin and Faccin does not explicitly disclose The method according to claim 6, wherein detecting the session of the UE needs to be processed comprises:  determining that a session corresponding to the identifier of the UE needs to be processed in response to detecting that the UE is in an abnormal access state comprising at least one of the following cases: the UE is an unauthorized UE, a subscription status of the UE changes, and a trust level of the UE changes. Chen discloses The method according to claim 6, wherein detecting the session of the UE needs to be processed comprises: determining that a session corresponding to the identifier of the UE needs to be processed in response to detecting that the UE is in an abnormal access state comprising at least one of the following cases: the UE is an unauthorized UE, a subscription status of the UE changes, and a trust level of the UE changes (By virtue of method 300, the abnormality state of a UE may be determined so that the access attempt from the abnormal UE may be denied as early as possible and thus valuable resources on the air interface in the RAN and resources in the CN may not be meaninglessly consumed; see Chen par. 0063 and Figs. 3 and 4). It would have been obvious to the ordinary skilled in the art before the effective filing date to use Chen's arrangement in Lee's invention to provide an access control method, which may deny access 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAE S LEE whose telephone number is (571)272-8236.  The examiner can normally be reached on 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Rutkowski can be reached on (571) 270-1215.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHAE S LEE/Examiner, Art Unit 2415           

/JEFFREY M RUTKOWSKI/Supervisory Patent Examiner, Art Unit 2415