DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2.	The information disclosure statements (IDS) submitted on 11/18/2020 and 11/30/2020 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Response to Amendment
3. 	This communication is in response to the amendment filed on 01/29/2021. The Examiner has acknowledged the amended Claims 1, 5, 18, 33, and 34. Claim 4 has been cancelled and no new claims have been added. Claims 1-3 and 5-34 are pending and Claims 1-3 and 5-34 are rejected.

Response to Arguments
4.	Applicant's Arguments (Remarks) filed 01/29/2021 have been fully considered, but they are not persuasive. Applicant’s amendment necessitated a new grounds of rejection.

5.       	Applicant’s arguments with respect to the rejections of claims under 35 U.S.C. 102 and 35 U.S.C. 103 [REMARKS: Pages 8-9] have been fully considered, but they are not persuasive, and therefore, the rejection has been maintained. (Please see the 103 rejection below).
	Applicant argues [in Pages 8-9] that “Zhang does not teach or suggest that the UE receives a second security command message from the base station in response to transmitting a security 
However, the examiner respectfully disagrees. It is noted that the examiner has relied upon the combination of references to teach feature(s) applicant is arguing about. TR 33.899 discloses for example,  RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability (Page 149: Step 6), at least two alternative and substantially different algorithms should be supported (Page 51: 5.1.3.3.3), User encryption is mandatory to support in UE and network, with at least two alternative and substantially different algorithms mandatory to support (Page 69: 5.1.4.3.2), UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message (Page 149:  Step 1), the UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s) (Page 150: Step 16), start and stop UP integrity on per DRB basis…, When trigger conditions are met, UE and gNB exchange RRC Connection Reconfiguration for the particular radio bearer (RB) to start integrity protection (Page 152: Step 5), and further discloses one UE could have multiple PDU sessions according to its services (Page 90).
Zhang on the other hand discloses negotiating multiples algorithms through AS SMC, for example, the algorithms are negotiated through an AS SMC procedure. Thus, the selected security algorithms may be indicated to the RN in the AS SMC procedure (Zhang: ¶ [0052], also see ¶¶ [0012, 0037]), and integrity protection algorithm 1 selected for the data on the SRB, integrity protection algorithm 2 selected for the data on the S-DRB, integrity protection algorithm 3 selected for the data on the d-DRB, encryption algorithm 1 selected for the data on the SRB, encryption algorithm 2 selected for the data on the S-DRB, and encryption algorithm 3 selected for the data on 
Applicant’s arguments with respect to dependent claims are based on the dependency on the independent claims and rejected using similar rationales.
Applicant’s amendment necessitated a new grounds of rejection.

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



7.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

8.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the 

9.	Claims 1-3 and 5-34 are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP TR 33.899 V1.3.0 (“3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on the security aspects of the next generation system (Release 14), 3GPP TR 33.899 V1.3.0 (2017-08)”, hereinafter TR 33.899)[As disclosed in IDS]  in view of ZHANG et al. (US 2013/0236016 A1, hereinafter Zhang). 

Regarding Claim 1,
TR 33.899 discloses a method for establishing secure communications in a wireless network (TR 33.899: Page 148: Section 5.1.4.41- UP security Determination, Page 179: Section: 5.2.3.1.3-communication over a variety of access networks providing access to the 5G core, including access networks not defined by 3GPP, e.g. fixed or WLAN access networks, Also see Page 149), the method comprising: 
receiving, by a user equipment (UE) (TR 33.899: Page 148: Figure 5.1.4.41.2-1-UE), a first security command message from a base station (TR 33.899: Page 148: Figure 5.1.4.41.2-1-(R)AN, Page 149- Step 0. gNB is preconfigured with allowed CP security capability and allowed UP security capability, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability) comprising an indication of a first integrity protection algorithm and an indication of a first encryption algorithm (TR 33.899: Page 149: Step 0. there will be only two allowed algorithm lists which are one list for integrity algorithms and one for ciphering algorithms, Step 6 RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability), the first security command message triggering a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station (TR 33.899: Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established); 
transmitting, by the UE (TR 33.899: Page 148: Figure 5.1.4.41.2-1-UE), a security command complete message to the base station (TR 33.899: Page 148: Figure 5.1.4.41.2-1-(R)AN, Page 149- Step 0. gNB is preconfigured with allowed CP security capability and allowed UP security capability, Step 6. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established), the security command complete message triggering a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station (TR 33.899: Page 149: Step 6. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established, Step 7. The RAN forwards Registration Accept to the UE, Step 8. The UE initiates the UE Requested PDU Session establishment procedure by the transmission of a NAS message containing a PDU Session Establishment Request within the NI SM information. The PDU Session Establishment Request may include a PDU Type, SSC mode, Protocol Configuration Options); and
receiving, by the UE, a second security command message from the base station in response to transmitting the security command complete message, the second security command message  an indication of a second integrity algorithm and an indication of a second encryption algorithm (TR 33.899: Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability, Page 51: 5.1.3.3.3 Integrity protection is optional to support for UE and mandatory to support for network endpoint; even when both UE and network support it, it is still optional to use. At least two alternative and substantially different algorithms should be supported, Page 69: 5.1.4.3.2 User encryption is mandatory to support in UE and network, with at least two alternative and substantially different algorithms mandatory to support, Page 71: Confidentiality protection algorithm, such as AES, Snow 3G, Zuc, Null. Integrity protection algorithm, such as AES, Snow 3G, Zuc, Null, Page 150: Step 16. The UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s), Page 152: Step 5. start and stop UP integrity on per DRB basis…, When trigger conditions are met, UE and gNB exchange RRC Connection Reconfiguration for the particular radio bearer (RB) to start integrity protection, Page 90: One UE could have multiple PDU sessions according to its services), the PDU session establishment procedure further comprising negotiating user plane security algorithms for the PDU session in accordance with the second integrity algorithm and the second encryption algorithm (TR 33.899: Page 149:  Step 1. UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, See also Steps 4-6, 14).
However, it is noted that TR 33.899 does not explicitly disclose: receiving, by the UE, a second security command message from the base station in response to transmitting the security command complete message, the second security command message comprising an indication of a second integrity algorithm and an indication of a second encryption algorithm, the PDU session 
However, Zhang from the same field of endeavor as the claimed invention discloses implement security protection for the signaling data on the SRB, the signaling on the DRBs, and the user data on the d-DRB with the negotiated respective integrity protection algorithm and encryption algorithm (Zhang: ¶ [0012]), the algorithm negotiate is based on per type of RB. That is, negotiating an integrity protection algorithm and an encryption algorithm for each type of the SRB,
the s-DRB and the d-DRB (Zhang: ¶ [0037]), one possible way is that the algorithms are negotiated through an AS SMC procedure. Thus, the selected security algorithms may be indicated to the RN in the AS SMC procedure (Zhang: ¶ [0052]), and integrity protection algorithm 1 selected for the data on the SRB, integrity protection algorithm 2 selected for the data on the S-DRB, integrity protection algorithm 3 selected for the data on the d-DRB, encryption algorithm 1 selected for the data on the SRB, encryption algorithm 2 selected for the data on the S-DRB, and encryption algorithm 3 selected for the data on the d-DRB are carried and ordered in sequence in the AS SMC (Zhang: ¶ [0105]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Zhang in the teachings of TR 33.899. A person having ordinary skill in the art would have been motivated to do so because data security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met (Zhang: ¶ [0013], ¶ [0124]), and security protection for data may be controlled based on the granularity of per RB, thereby meeting security requirements for the RN more flexibly (Zhang: ¶ [0160]).


Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the RRC traffic signaling protection procedure comprises negotiating RRC security activation in accordance with the first integrity protection algorithm and the first encryption algorithm (TR 33.899: Page 149: Step 1. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established, also see Step 5, Page 150: Step 15. RAN transfer selected UP algorithm(s) to the UE with DRB information in RRC signalling, i.e. RRC connection reconfiguration signalling. Step 16. The UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s)).

Regarding Claim 3,
Claim 3 is dependent on Claim 2, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 2. TR 33.899 further discloses wherein the first security command message further comprises an indication of a second integrity algorithm and an indication of a second encryption algorithm (TR 33.899: Page 149: Step 1. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, Step 5. RAN selects CP security algorithms based on UE supported algorithms and the priority list of CP algorithms that
pre-configured at the gNB, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability, Page 51: 5.1.3.3.3 Integrity protection is optional to support for UE and mandatory to support for network endpoint; even when both UE and network support it, it is still optional to use. At least two alternative and substantially
different algorithms should be supported, Page 69: 5.1.4.3.2 User encryption is mandatory to support in UE and network, with at least two alternative and substantially different algorithms mandatory to support, Page 71: Confidentiality protection algorithm, such as AES, Snow 3G, Zuc, Null. Integrity protection algorithm, such as AES, Snow 3G, Zuc, Null, Also see Page 128 Step 4), wherein the PDU session establishment procedure further comprises negotiating user plane security algorithms for the PDU session in accordance with the second integrity algorithm and the second encryption algorithm (TR 33.899: Page 149:  Step 1. UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, See also Steps 4-6, 14).

Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1.  TR 33.899 further discloses receiving, by the UE, during a subsequent PDU session establishment, an indication of a third integrity algorithm and an indication of a third encryption algorithm in RRC signaling used to configure data radio bearers (DRBs) of a subsequent PDU session (TR 33.899: Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability, Page 51: 5.1.3.3.3 Integrity protection is optional to support for UE and mandatory to support for network endpoint; even when both UE and network support it, it is still optional to use. At least two alternative and substantially different algorithms should be supported, Page 69: 5.1.4.3.2 User encryption is mandatory to support in UE and network, with at least two alternative and substantially different algorithms mandatory to support, Page 71: Confidentiality protection algorithm, such as AES, Snow 3G, Zuc, Null. Integrity protection algorithm, such as AES, Snow 3G, Zuc, Null,  Page 150: Step 16. The UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s), Page 152: Step 5. When trigger conditions are met, UE and gNB exchange RRC Connection Reconfiguration for the particular radio bearer (RB) to start integrity protection, Page 90: One UE could have multiple PDU sessions according to its services), the subsequent PDU session having a corresponding PDU establishment procedure comprising negotiating user plane security algorithms for the subsequent PDU session in accordance with the third integrity algorithm and the third encryption algorithm (TR 33.899: Page 149:  Step 1. UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, See also Steps 4-6, 14).
However, Zhang further discloses implement security protection for the signaling data on the SRB, the signaling on the DRBs, and the user data on the d-DRB with the negotiated respective integrity protection algorithm and encryption algorithm (Zhang: ¶ [0012], also see ¶ [0037]), and integrity protection algorithm 1 selected for the data on the SRB, integrity protection algorithm 2 selected for the data on the S-DRB, integrity protection algorithm 3 selected for the data on the d-DRB, encryption algorithm 1 selected for the data on the SRB, encryption algorithm 2 selected for the data on the S-DRB, and encryption algorithm 3 selected for the data on the d-DRB are carried and ordered in sequence in the AS SMC (Zhang: ¶ [0105]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Zhang in the teachings of TR 33.899. (Zhang: ¶ [0013], ¶ [0124]), and security protection for data may be controlled based on the granularity of per RB, thereby meeting security requirements for the RN more flexibly (Zhang: ¶ [0160]).

Regarding Claim 6,
Claim 6 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses: receiving, by the UE, a security policy command from the base station indicating an activation status of user plane encryption and user plane integrity protection for the PDU session (TR 33.899: Page 149: Step 8. UE initiates the UE Requested PDU Session establishment procedure by the transmission of a NAS message containing a PDU Session Establishment Request, Step 14. RAN activates/deactivates UP confidentiality protection and UP integrity protection according to security policy by selecting ciphering algorithm and optional integrity algorithm, e.g. If the security policy indicates enabling UP ciphering and UP integrity, then the RAN selects a ciphering algorithm and an integrity algorithm based on UE security capability and RAN allowed security algorithms which is consistent with TS33.401 subclause 7.2.4.2 …, Page 150: Step 15. RAN transfer selected UP algorithm(s) to the UE with DRB information in RRC signalling, Section 5.1.4.42 Security policies are negotiated for all bearers at the time of AS context set up); and 
activating, by the UE, user plane encryption and user plane integrity protection for the PDU session in accordance with the security policy command (TR 33.899: Page 149: Step 8. UE initiates the UE Requested PDU Session establishment procedure by the transmission of a NAS message containing a PDU Session Establishment Request, Page 150: Step 16. The UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s), Section 5.1.4.42 Security policies are negotiated for all bearers at the time of AS context set up).

Regarding Claim 7,
Claim 7 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses transmitting, by the UE, a list of algorithms to an access management function (AMF) node comprising a list of integrity algorithms and a list of ciphering algorithms supported by the UE (TR 33.899: Page 149: Step 1. UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message).

Regarding Claim 8,
Claim 8 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the first security command message is integrity protected with an RRC integrity key (TR 33.899: Page 347: Step 3. The UE and eNB use this key to derive integrity key for integrity protecting RRC messages, Step 4. Upon successful verification, UE may use the derived integrity key to protect RRC messages until the UE authenticates with eNB (i.e. until AS Security context is established at EPC and UE), also see Page 149: Step 6).



Regarding Claim 9,
Claim 9 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the security command complete message is integrity protected with the first integrity protection algorithm as indicated in the first security command message (TR 33.899: Page 149: Step 0. there will be only two allowed algorithm lists which are one list for integrity algorithms and one for ciphering algorithms, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected, Page 130: Section 5.1.4.32.2.1 UE sends the integrity protected and encrypted NAS Security Mode Complete (NAS-MAC) to the AMF, See Figure 5.1.4.32.2.1-1—UE, NG (R)AN, AMF).

Regarding Claim 10,
Claim 10 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the security command complete message indicates that the RRC traffic signaling protection procedure has been successfully completed (TR 33.899: Page 149: Step 6. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established).

Regarding Claim 11,
Claim 11 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the first security command message is an access stratum (AS) security mode command (SMC) (TR 33.899: Page 148: See Figure 5.1.4.41.2-1—6 ASSMC, Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established).

Regarding Claim 12,
Claim 12 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the base station is a next generation NodeB (gNB) or a next generation enhanced NodeB (ng-eNB) (TR 33.899: Page 149: Step 0: gNB is preconfigured with allowed CP security capability and allowed UP security capability, Page 151: Step 1: UE and gNB starts Access Stratum security context, Step 2: UE and gNB starts RRC integrity configuration for RRC radio bearers as currently defined, Page 317: See also Table 5.4.3.3.1-1: Architecture options).

Regarding Claim 13,
Claim 13 is dependent on Claim 12, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 12. TR 33.899 further discloses wherein the base station is a Master Node (MN) supporting dual connectivity with a Secondary Node (SN) (TR 33.899: Page 317: Section 5.4.3.3.1.0 next generation system is expected to cover different cases of dual connectivity…, Dual connectivity in the next generation system may involve not only next generation nodes, but also LTE radio access and possibly also the EPC, See Table 5.4.3.3.1-1: Architecture options for dual connectivity).



Regarding Claim 14,
Claim 14 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the wireless network is a fifth generation (5G) standalone (SA) or a 5G non-standalone (NSA) network architecture (TR 33.899: Page 148: Section 5.1.4.41-Solution #1.41: UP security Determination, Page 179: Section: 5.2.3.1.3-communication over a variety of access networks providing access to the 5G core, including access networks not defined by 3GPP, e.g. fixed or WLAN access networks, Also see Page 105, Page 146: Section 5.1.4.40.2 - 5G network, Page 118).

Regarding Claim 15,
Claim 15 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the PDU session establishment procedure (TR 33.899: Page 149: Step 8. 8. The UE initiates the UE Requested PDU Session establishment procedure by the transmission of a NAS message containing a PDU Session Establishment Request) comprises: 
configuring, by the UE, one or more data radio bearers (DRBs) in the PDU session (TR 33.899: Page 150: Section 5.1.4.42 User plane integrity protection on a per DRB basis…, Security policies are negotiated for all bearers at the time of AS context set up. The algorithm negotiation and default operation of the bearer happens at the time of AS/NAS context set up, Page 151-152: Step 3. UE starts radio bearer set up for a particular QoS, See also steps 4a-7); and 
negotiating, by the UE, a user plane security activation in accordance with the first integrity protection algorithm and the first encryption algorithm (TR 33.899: Page 150: UE sends the uplink data using the DRB. The data shall be protected based on the selected UP algorithm(s), Section 5.1.4.42.1 the security algorithm negotiation and default operation of the bearer happens at the time of AS/NAS context set up using the SCM procedure. When a DRB is set up, whether the integrity protection is needed for the DRB, and the integrity protection is for the whole life of DRB or only during trigger conditions is signalled between the UE and the gNB, Section 5.1.4.42, Page 151-152: Section 5.1.4.42 User plane integrity protection on a per DRB basis…, Security policies are negotiated for all bearers at the time of AS context set up See also Step 2, steps 4a-7).

Regarding Claim 16,
Claim 16 is dependent on Claim 15, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 15. TR 33.899 further discloses wherein the negotiating the user plane security activation is separately negotiated for each DRB in the one or more DRBs (TR 33.899: Page 151: Step 2. Both the UE and the gNB sets up radio bearers for the requested QCI, and integrity protection either static or conditional based on the parameters in UE assistance info, Step 4. UE and gNB enable UP integrity on the DRB if it is enabled for the life of DRB. If UP integrity is enabled based on trigger conditions, steps 4a to 7 are executed. In case 4a, if conditional triggers are set for the DRB, when the UE is the receiver of PDCP for downlink radio bearers, UE checks trigger conditions (for e,g, packet arrival rate or packet error rate etc), is conforming to the QCI configured for the bearer. If one or more triggers are set, the UE sends the RRC trigger message to the gNB to start integrity protection of the RB, Step 6, Page 152: Section 5.1.4.42.3 method to start and stop UP integrity on per DRB basis).


Regarding Claim 17,
Claim 17 is dependent on Claim 1, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 1. TR 33.899 further discloses wherein the security command complete message is encrypted using the first encryption algorithm (TR 33.899: Page 130: Section 5.1.4.32.2.1 UE sends the integrity protected and encrypted NAS Security Mode Complete (NAS-MAC) to the AMF, See Figure 5.1.4.32.2.1-1—UE, NG (R)AN, AMF).

Regarding Claim 18,
TR 33.899 discloses a method for providing security policy in a wireless network (TR 33.899: Page 148: Section 5.1.4.41-UP security Determination, Page 179: Section: 5.2.3.1.3-communication over a variety of access networks providing access to the 5G core, including access networks not defined by 3GPP, e.g. fixed or WLAN access networks, Also see Page 149),  a user equipment (UE) (TR 33.899: Page 148: Figure 5.1.4.41.2-1-UE), a base station (TR 33.899: Page 148: Figure 5.1.4.41.2-1-(R)AN, Page 149- Step 0. gNB is preconfigured with allowed CP security capability and allowed UP security capability, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability) and discloses all the limitations of Claim 18, in combination with Zhang, as discussed in Claim 1. Therefore, Claim 18 is rejected using the same rationales.

Regarding Claim 19,
Claim 19 is dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 further discloses receiving, by the base station, a user plane security policy indicating activation status of user plane encryption and user plane integrity protection for all data radio bearers (DRBs) associated to the PDU session (TR 33.899: Page 149:  Step 11. If the PDU is an initial request, then SMF determines security policy…, The security policy indicates the RAN whether UP confidentiality protection and integrity protection are enabled or not, Step  13. AMF sends N2 PDU session request to the gNB with the SM information that contains the security policy, Step 14. RAN activates/deactivates UP confidentiality protection and UP integrity protection according to security policy by selecting ciphering algorithm and optional integrity algorithm, e.g. If the security policy indicates enabling UP ciphering and UP integrity, then the RAN selects a ciphering algorithm and an integrity algorithm based on UE security capability and RAN allowed security algorithms which is consistent with TS33.401 subclause 7.2.4.2., Page 150: Security policies are negotiated for all bearers at the
time of AS context set up, Step 15. RAN transfer selected UP algorithm(s) to the UE with DRB information in RRC signalling, Page 151: Step 2: UE and gNB starts RRC integrity configuration for RRC radio bearers; and 
transmitting, by the base station (TR 33.899: Page 148: Figure 5.1.4.41.2-1-(R)AN, Page 149- Step 0. gNB is preconfigured with allowed CP security capability and allowed UP security capability, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability), a security policy command to the UE indicating an activation status of user plane encryption and user plane integrity protection for the PDU session(TR 33.899: Page 150: Step 15. RAN transfer selected UP algorithm(s) to the UE with DRB information in RRC signalling).

Regarding Claim 20,
Claim 20 is dependent on Claim 19, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 19. TR 33.899 further discloses wherein the user plane security policy is (TR 33.899: Page 149:  Step 8. The UE initiates the UE Requested PDU Session establishment procedure by the transmission of a NAS message containing a PDU Session Establishment Request, Step 9. After selecting a SMF, AMF will send SM request signalling to SMF, Step 11. If the PDU is an initial request, then SMF determines security policy…, security policy indicates the RAN whether UP confidentiality protection and integrity protection are enabled or not, Step 12. SMF sends the security policy, authorized QoS profile and session ID to the AMF in Nl1 interface. Step 13. AMF sends N2 PDU session request to the gNB with the SM information that contains the security policy).

Regarding Claim 21,
Claim 21 is dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 further discloses wherein RRC downlink encryption at the base station begins after transmitting the security command message (TR 33.899: Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established).

Regarding Claim 22,
Claim 22 is dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 further discloses verifying, by the base station, the security command complete message, wherein RRC uplink encryption at the base station begins after (TR 33.899: Page 149: Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability. This signalling was integrated protected. After UE verifying the integrity protection of the AS SMC, it will response AS SMP to the RAN. After this step, the CP protection between UE and RAN is established, Step 7. The RAN forwards Registration Accept to the UE).

Regarding Claim 23,
Claim 23 is dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 further discloses receiving, by the base station, a list of algorithms from an access management function (AMF) node comprising a list of integrity algorithms and a list of ciphering algorithms supported by the UE (TR 33.899: Page 149: Step 1. UE sends Registration Request to the AMF. UE supported algorithms that contain ciphering algorithms and integrity protection algorithms shall be included in this message, Step 4. AMF sends N2 messages to the RAN with security context included. The N2 message also contains Registration Accept message. Step 5. RAN selects CP security algorithms based on UE supported algorithms and the priority list of CP algorithms that pre-configured at the gNB).

Regarding Claim 24,
Claim 24 is dependent on Claim 23, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 23. TR 33.899 further discloses selecting, by the base station, the integrity algorithm corresponding to a highest priority integrity algorithm present in a configured list of the base station and supported by the UE (TR 33.899: Page 149: Step 14. If the security policy indicates enabling UP ciphering and UP integrity, then the RAN selects a ciphering algorithm and an integrity algorithm based on UE security capability and RAN allowed security algorithms which is consistent with TS33.401 subclause 7.2.4.2. If the security policy contains a UP security lists of serving network allowed UP security algorithms, the selected algorithms shall be based on UE supported algorithms, RAN allowed algorithms and serving network allowed UP security algorithms in the security policy. That is RAN shall choose the algorithm(s) which meets the security policy and has the highest priority from preconfigured RAN allowed algorithms and is also present in UE supported algorithms, See also Step 0.); and 
selecting, by the base station, the encryption algorithm corresponding to a highest priority encryption algorithm present in a configured list of the base station and supported by the UE  (TR 33.899: Page 149: Step 14. If the security policy indicates enabling UP ciphering and UP integrity, then the RAN selects a ciphering algorithm and an integrity algorithm based on UE security capability and RAN allowed security algorithms which is consistent with TS33.401 subclause 7.2.4.2. If the security policy contains a UP security lists of serving network allowed UP security algorithms, the selected algorithms shall be based on UE supported algorithms, RAN allowed algorithms and serving network allowed UP security algorithms in the security policy. That is RAN shall choose the algorithm(s) which meets the security policy and has the highest priority from preconfigured RAN allowed algorithms and is also present in UE supported algorithms, See also Step 0.).

Regarding Claims 25-29,
Claims 25-29 are dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 discloses all the limitations of Claims 25-29 as 

Regarding Claim 30,
Claim 30 is dependent on Claim 29, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 29. TR 33.899 discloses all the limitations of Claim 30 as discussed in Claim 13. Therefore, Claim 30 is rejected using the same rationales as in Claim 13.

Regarding Claims 31-32,
Claims 31-32 are dependent on Claim 18, and the combination of TR 33.899 and Zhang discloses all the limitations of Claim 18. TR 33.899 discloses all the limitations of Claims 31-32 as discussed in Claims 14 and 17. Therefore, Claims 31-32 are rejected using the same rationales as in Claims 14 and 17.

Regarding Claim 33,
TR 33.899 discloses a user equipment (UE) (TR 33.899: Page 148: Figure 5.1.4.41.2-1-UE), comprising: a non-transitory memory storage comprising instructions (TR 33.899: Page 558: code that the UE (possibly the UICC) can compile, or can run, Page 443 mobile devices, Page 103 executes both the legacy USIM functions inherited from previous standards (UMTS and LTE), and other functions required for NextGen UE security. It can be abbreviated as the "NextGen USIM"), one or more processors in communication with the non-transitory memory storage, wherein the one or more processors execute the instructions to (TR 33.899: Page 558: code that the UE (possibly the UICC) can compile, or can run, Page 443 mobile devices, Page 103 executes both the legacy USIM functions inherited from previous standards (UMTS and LTE), and other functions required for NextGen UE security. It can be abbreviated as the "NextGen USIM"), and discloses all the limitations of Claim 33, in combination with Zhang, as discussed in Claim 1. Therefore, Claim 33 is rejected using the same rationales.

Regarding Claim 34,
TR 33.899 discloses a base station  (TR 33.899: Page 148: Figure 5.1.4.41.2-1-(R)AN, Page 149- Step 0. gNB is preconfigured with allowed CP security capability and allowed UP security capability, Step 6. RAN sends AS SMC to the UE with selected signalling algorithms and UE security capability), comprising: a non-transitory memory storage comprising instructions (TR 33.899: Page 317: gNB's setting or software configurations…, secure storage and processing of sensitive data in gNB), one or more processors in communication with the non-transitory memory storage, wherein the one or more processors execute the instructions to (TR 33.899: Page 317: gNB's setting or software configurations…, secure storage and processing of sensitive data in gNB), and discloses all the limitations of Claim 34, in combination with Zhang, as discussed in Claim 1. Therefore, Claim 34 is rejected using the same rationales.


	Conclusion

10.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-20180083972-A1
US-20190246282-A1
US-20130269001-A1
US-20120315878-A1
US-20160014647-A1
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507.  The examiner can normally be reached on M-F 9:45am - 6:15pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For 

/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494

/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-10-2021