DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Applicant filed a preliminary amendment filed on 6/21/2019.  The Applicant canceled claims 15-28, and amended claims 29-31.  This action is Non-Final.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1, 5-7, 12, and 29-31 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Targali et al (2013/0298209).

As per claim 1, Targali discloses a method for access control, comprising:
performing, by a user equipment, network layer mutual authentication with a local service center when the user equipment needs to access a network (Targali: See Figs. 1A-1B, para. 0045, 0047-0048, Phase 1 and 2, performing, by a user equipment (i.e. UE #52 in Figure 1A and UE #10 in Figure 1B), network layer mutual authentication (discloses different layers of authentication such as network layer authentication such as EAP, phase 2) with a local service center (i.e. AS #18 Figure 1B; Idp #56 in Figure 1A) when the UE needs to access a network (i.e. WLAN or hotspot); and
performing, by the user equipment, access layer mutual authentication with a corresponding access points group after the network layer mutual authentication is passed (Targali: para. 0048, See Fig. 14A, #114a-114b (i.e. access point groups)); performing by the user equipment (i.e. UE) access layer mutual authentication, mutual authentication #20 is completed before access to network access domain #12(i.e. AP, the Examiner asserts that the mutual authentication between the UE and Idp/AS is completed and passed before the access layer mutual authentication with AP takes place) , so that the user equipment accesses the access points group after the access layer mutual authentication is passed (Targali: para. 0058, See Fig. 1B, Phase 3, UE accesses the AP after the access layer mutual authentication is passed (i.e. 4-way handshake protocol), the UE has secure access to the AP after performing the 4-way handshake protocol).

As per claim 5, Targali discloses a method for access control, comprising: 
performing, by a local service center, network layer mutual authentication with a user equipment after receiving an access request message from the user equipment (Targali: para. 0030, 0044-0045, 0048, performing, by a local service center (i.e. Idp/AS), network layer mutual authentication with UE after receiving an access request message (i.e. discovery) from the UE); 
determining, by the local service center, an access points group corresponding to the user equipment after determining that the network layer mutual authentication with the user (Targali: para. 0046, 0049,  See Fig. 14A, access points group !14a-114b, determining, by the local service center (i.e. Idp/AS) an access points group corresponding to the UE after determining that the network layer mutual authentication with the UE, Phase 1 and 2 has passed), initiating phase to discovery by the AS (i.e. local service center) AP (i.e. access point)); and instructing, by the local service center, the access points group to perform access layer mutual authentication with the user equipment, so that the access points group allows the user equipment to access the access points group after the access layer mutual authentication is passed (Targali: para. 0045, 0048, mutual authentication has passed, than the UE is able to access the AP). 

     As per claim 6, Targali discloses the method according to claim 5.
     Targali further discloses after receiving, by the local service center, the access request message from the user equipment and before performing, by the local service center, network layer mutual authentication with the user equipment (Targali: para. 0044, receiving, by the local service center (i.e. Idp/AS), the access request message that includes discovery from the user equipment, and before performing, by the Idp/AS, the Examiner asserts this is the Phase 1,  network layer mutual authentication with the UE), the method further comprising: requesting, by the local service center, a network layer authentication parameter corresponding to the user equipment from a network service center, according to context information of the user equipment in the access request message; wherein performing, by the local service center, network layer mutual authentication with the user equipment (Targali: para. 0030-0031, 0037, requesting, by the local service center (i.e. Idp/AS), a network layer authentication parameter corresponding to the authentication vectors from an operator’s authentication center (i.e. network service center)), comprises: performing, by the local service center, network layer mutual authentication (Targali: para. 0044-0045, Phase 2 mutual authentication is performed between the Idp/AS and the UE, discloses layer authentication, including network layer). 

     As per claim 7, Targali discloses the method according to claim 6.
     Targali further discloses wherein performing, by the local service center, network layer mutual authentication with the user equipment according to the network layer authentication parameter (Targali: para. 0030-0031, 0037, performing, by the local service center (i.e. Idp/AS), a network layer authentication parameter corresponding to the authentication vectors) comprises: transmitting, by the local service center, a network layer authentication request message comprising the network layer authentication parameter to the user equipment (Targali: para. 0044-0045, Phase 2, transmitting, by the local service center (i.e. Idp/AS), a network layer authentication request message including the network layer authentication parameter (i.e. authentication vectors) to the UE), so that the user equipment authenticates a network according to the network layer authentication request message (Targali: para. 0045, 0048, user equipment (i.e. UE) authenticates a network before access to the domain/AP mutual authentication is completed before access to a network); and authenticating, by the local service center, the user equipment according to a network layer authentication request response message (Targali: para. 0045, 0048, mutual authentication which includes the Idp/AS (i.e. local service center), with the UE uses network layer authentication), the Examiner asserts that there is an authentication request response message, otherwise the mutual authentication cannot pass) if the local service center receives the network layer authentication request response message transmitted by the user equipment (Lee: para. 0068, 0085,  by the UE, access layer authentication request response (i.e. authentication response)authenticating, by the local service center (i.e. Idp/AS), response message because both the local service center (i.e. Idp/AS) is mutual authenticated with the UE, thus there is a response message the Examiner asserts).

     As per claim 12, Targali discloses a method for access control, comprising: 
     receiving, by an access point, from a local service center an access layer authentication parameter corresponding to a user equipment (Targali: para. 0051, receiving by AP (i.e. access point), from a local service center (i.e. AAA proxy) an access layer authentication parameter (i.e. rMSK (re-authentication master session key) corresponding to a user equipment (i.e. UE),  wherein the access layer authentication parameter is transmitted by the local service center after the local service center determines that network layer mutual authentication with the user equipment is passed (Targali: para. 0045, 0048, 0051, discloses three Phases 1, 2, 3;  Phase 2 includes the completion of the network layer mutual authentication, and than the authentication parameter can be transmitted by the AAA proxy); and 
     performing, by the access point, access layer mutual authentication with the user equipment, and allowing the user equipment to access the access point after determining that the access layer mutual authentication with the user equipment is passed (Targali: para. 0045, 0048,  0058, performing by the access point (i.e. AP), access layer mutual authentication with the UE, Phase 3, includes performing a 4-way handshake, the Examiner asserts is the mutual authentication between the AP and the UE; further Targali discloses different layers of mutual authentication includes networking and access layer authentication, discloses mutual authentication is completed before access to the AP). 

     As per claim 29, Targali further discloses a user equipment, comprising a memory and a processor, wherein the processor is configured to read a program in the memory to perform the method according to claim 1 (Targali: para. 0098-0099, user equipment (i.e. WTRU) includes memory and processor).

     As per claim 30, Targali further discloses a local service center, comprising a memory and a processor, wherein the processor is configured to read a program in the memory to perform the method according to claim 5 (Targali: para. 0044, See Fig. 1A and 1B, local service center (i.e. Idp/AS)).

     As per claim 31, Targali further discloses an access point, comprising a memory and a processor, wherein the processor is configured to read a program in the memory to perform the method according to claim 12 (Targali: para. 0003, 0073, access point (AP)).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 2-4, 8-11, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Targali et al (2013/0298209) in view of Lee et al (2017/0078874).

As per claim 2, Targali discloses the method according to claim 1.
(Targali: para. 0048, See Fig. 14A access points group #114a, #114b; performing by the user equipment (i.e. UE) access layer mutual authentication, mutual authentication #20 is completed before access to network access domain #12(i.e. AP, the Examiner asserts that the mutual authentication between the UE and Idp/AS is completed and passed before the access layer mutual authentication with AP takes place).
     Targali does not explicitly disclose comprises: authenticating, by the user equipment, a network according to an access layer authentication request message comprising an access points group identifier and transmitted by a target access point in the access points group; and transmitting, by the user equipment, an access layer authentication request response message comprising the access points group identifier to the target access point after authentication of the network is passed, so that the target access point authenticates the user equipment according to the access layer authentication request response message. 
     However, in analogous art, Lee et al. discloses authenticating, by the user equipment, a network according to an access layer authentication request message comprising an access points group identifier (Lee: para. 0064, authenticating, by the UE (i.e. user equipment), a network according to an access layer authentication request message (i.e. AKA procedure authentication key agreement) comprising an access point group identifier (i.e. MME group identity/MMEGI) and transmitted by a target access point in the access points group (Lee: para. 0077, handover involving MME relocation, the target MME (i.e. target access point) in the access points group(i.e. MME group));  and transmitting, by the user equipment, an access layer authentication request response message comprising the access points group identifier to the target access point (Lee: para. 0068, 0085,  transmitting, by the UE, access layer authentication request response (i.e. authentication response) includes access points group identifier (i.e. GUMMEI)), so that the target access point authenticates the user equipment according to the access layer authentication request response message (Lee: para. 0077, 0085, target MME (i.e. target access point) authenticates the UE according to the security association).
     It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include authenticating, by the user equipment, a network according to an access layer authentication request message comprising an access points group identifier and transmitted by a target access point in the access points group; and transmitting, by the user equipment, an access layer authentication request response message comprising the access points group identifier to the target access point after authentication of the network is passed, so that the target access point authenticates the user equipment according to the access layer authentication request response message of Lee’s method with the method of Targali, the motivation is that this is an improvement in mobility procedures involving mobility management entity relocation (Lee: para. 0003).
     As per claim 3, Targali and Lee disclose the method according to claim 2.
     Targali further discloses wherein authenticating, by the user equipment, the network according to the access layer authentication request message (Targali: para. 0030-0031,0045, 0048  authenticating, by the UE, the network according to the access layer authentication request message (i.e. discovery), mutual authentication is performed with the UE). 
     Targali does not explicitly disclose comprising the access points group identifier and transmitted by the target access point in the access points group, comprises: determining, by the 
     However, in analogous art Lee discloses comprising the access points group identifier (Lee: para. 0032-0033, access points group identifier (i.e. MME identifier/GUMMEI) and transmitted by the target access point in the access points group (Lee: para. 0083, transmitting by the target access point (i.e. target MME), comprises: determining, by the user equipment, a second authentication token according to a random number in the access layer authentication request message (Lee: para. 0070, determining, by the user equipment (i.e. UE) a second authentication token (i.e. AUTN) according to a random number (i.e. RAND); and determining, by the user equipment, that the authentication of the network is passed if the second authentication token and a first authentication token in the access layer authentication request message are same (Lee: para. 0070, mutual authentication is performed with a UE, the second authentication token (AUTN) and first authentication (AUTN) are the same in order to establish mutual authentication).
     It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the access points group identifier and transmitted by the target access point in the access points group, comprises: determining, by the user equipment, a second authentication token according to a random number in the access layer authentication request message; and determining, by the user equipment, that the authentication of the network is passed if the second authentication token and a first authentication token in the access layer authentication request message are same of Lee with the method of Targali, is that this is an (Lee: para. 0038).

     As per claim 4, Targali and Lee disclose the method according to claim 3.
     Lee further discloses wherein transmitting, by the user equipment, the access layer authentication request response message comprising the access points group identifier to the target access point after the authentication of the network is passed (Lee: para. 0064, 0068, 0085,  a network according to an access layer authentication request message (i.e. AKA procedure authentication key agreement) comprising an access point group identifier (i.e. MME group identity/MMEGI) transmitting, by the UE, access layer authentication request response (i.e. authentication response)), comprises: determining, by the user equipment, an authentication response parameter according to the random number after the authentication of the network is passed (Lee: para. 0068, 0071, 0077, 0085, once mutual authentication is passed, the authentication request response (i.e. authentication response), authentication response parameter (i.e. Kasme) is determined); and transmitting, by the user equipment, the access layer authentication request response message comprising the access points group identifier and the authentication response parameter to the target access point, so that the target access point authenticates the user equipment according to the access points group identifier and the authentication response parameter (Lee: para. 0077, 0085, transmitting, by the UE, the authentication response message including access points group identifier (GUMMEI/MMEGI) and (Kasme); target MME (i.e. target access point) authenticates the UE according to the security association, authentication response parameter (i.e. Kasme)). 
     Same motivation as claim 3 above.
     As per claim 8, Targali discloses the method according to claim 7.   
     Targali further discloses wherein authenticating, by the local service center, the user equipment according to the network layer authentication request response message transmitted by the user equipment (Targali: para. 0045, 0048, mutual authentication which includes the Idp/AS (i.e. local service center), with the UE uses network layer authentication, there is mutual authentication between the two devices local service center and UE, thus there is a response message).
      Targali does not explicitly discloses determining, by the local service center, that authentication of the user equipment is passed if an authentication response parameter comprised in the network layer authentication request response message and an expected response parameter in the network layer authentication parameter are same .
     However, in analogous art of Lee discloses determining, by the local service center, that authentication of the user equipment is passed if an authentication response parameter comprised in the network layer authentication request response message and an expected response parameter in the network layer authentication parameter are same (Lee: para. 0068, determining, by the local service center (i.e. SKMF), that authentication of the user equipment (i.e. UE), mutual authentication, authentication response, and XRES (i.e. expected response)). 
     It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to include determining, by the local service center, that authentication of the user equipment is passed if an authentication response parameter comprised in the network layer authentication request response message and an expected response parameter in the network layer authentication parameter are same of the method of Lee with Targali, is that this is an (Lee: para. 0038).

     As per claim 9, Targali discloses the method according to claim 5.
     Targali further discloses wherein instructing, by the local service center, the access points group to perform access layer mutual authentication with the user equipment (Targali: para. 0048, 0053, See Fig. 14 access points group; instructing, by the local service center (i.e. Idp/AS), the access points group (i.e. available APs).
      Targali does not explicitly disclose comprises: determining, by the local service center, a target access point in the access points group; and instructing, by the local service center, the target access point to perform access layer mutual authentication with the user equipment.
      However, in analogous art of Lee further discloses determining, by the local service center, a target access point in the access points group (Lee: para. 0081-0082, determining, by the local service center (i.e. SKMF), a target access point (i.e. target MME) in the access points group (i.e. MME)) ; and instructing, by the local service center, the target access point to perform access layer mutual authentication with the user equipment (Lee: para. 0064, 0077, 0085, access layer mutual authentication request message (i.e. AKA procedure authentication key agreement) comprising an access point group identifier (i.e. MME group identity/MMEGI). 
      It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include determining, by the local service center, a target access point in the access points group; and instructing, by the local service center, the target access point to perform access layer mutual authentication with the user equipment of Lee’s method with the method of Targali, the motivation is that this is an improvement in mobility procedures involving (Lee: para. 0003).
      As per claim 10, Targali and Lee discloses the method according to claim 9.
      Lee further discloses wherein instructing, by the local service center, the target access point to perform access layer mutual authentication with the user equipment (Lee: para. 0070-0072, instructing, by the local service center (i.e. SKMF), the target access point (i.e. target MME) to perform access layer mutual authentication with the user equipment, need to have the Kasme in order to perform for the target access point to perform mutual authentication with UE), comprises: transmitting, by the local service center, to the target access point an access points group identifier corresponding to the access points group (Lee: para. 0064, 0070-0072, transmitting, by the local service center (i.e. SKMF), to the target access point (i.e. target MME) and access points group identifier (i.e. MMEGI); a network according to an access layer authentication request message (i.e. AKA procedure authentication key agreement) comprising an access point group identifier (i.e. MME group identity/MMEGI) and transmitted by a target access point in the access points group (Lee: para. 0064-0066, handover involving MME relocation, the target MME (i.e. target access point) in the access points group(i.e. MME group)), and an access layer authentication parameter corresponding to the user equipment, so that the target access point performs access layer mutual authentication with the user equipment (Lee: para. 0077, 0080, authentication parameter (i.e. Kasme) corresponding to the UE, so that the target MME perform mutual authentication with UE)  according to the access points group identifier and the access layer authentication parameter (Lee: para. 0064, 0068, authentication parameter (i.e. authentication vectors) corresponding to the UE, so that the target access point (i.e. target MME) performs mutual authentication with UE, according to the access points group identifier (i.e. MME group/identity/MMEGI)).

    As per claim 11, Targali and Lee discloses the method according to claim 10.
    Targali further discloses wherein the local service center determines the access layer authentication parameter corresponding to the user equipment by: obtaining the access layer authentication parameter corresponding to the user equipment from a network service center; or determining the access layer authentication parameter corresponding to the user equipment, according to a network layer authentication parameter corresponding to the user equipment, and the access points group identifier (Targali: para. 0030-0031, 0037, obtaining the access layer authentication parameter corresponding to the user equipment from a network service center, only one needs to be disclosed , (i.e. Idp/AS), a network layer authentication parameter corresponding to the authentication vectors from an operator’s authentication center (i.e. network service center)). 
     As per claim 13, Targali discloses the method according to claim 12.
     Targali does disclose wherein performing, by the access point, access layer mutual authentication with the user equipment corresponding to the access layer authentication parameter (Targali: para. 0048, performing, by the access point (i.e. AP), access layer mutual authentication with the UE, mutual authentication #20 is completed before access to network access domain #12(i.e. AP, the Examiner asserts that the mutual authentication between the UE and Idp/AS is completed, mutual authentication requires authentication parameter).
     Targali does not explicitly disclose comprises: transmitting, by the access point, an access layer authentication request message comprising an access points group identifier and the access layer authentication parameter to the user equipment, so that the user equipment authenticates a network according to the access layer authentication request message; and authenticating, by the 
     However, in analogous art of  Lee discloses transmitting, by the access point, an access layer authentication request message comprising an access points group identifier and the access layer authentication parameter to the user equipment (Lee: para. 0080, transmitting by the MME (i.e. access point) an access layer authentication request message includes access points group identifier (i.e. GUMMEI) and authentication parameter (i.e. Kasme)), so that the user equipment authenticates a network according to the access layer authentication request message; and authenticating, by the access point, the user equipment according to an access layer authentication request response message if the access point receives from the user equipment the access layer authentication request response message (Lee: para. 0083, 0085, UE authenticates a network according to context request message, and authenticating, by the access point (i.e. MME), the user equipment), the  comprising the access points group identifier (Lee: para. 0064, 0068, 0085, authenticates a network, and authenticating, by the MME, the UE according to an access layer request message including access points group identifier (i.e. MME group/identity/MMEGI)).
     Same motivation as claim 2 above.
     As per claim 14, Targali and Lee disclose the method according to claim 13.
     The combination of Targali and Lee further discloses wherein authenticating, by the access point, the user equipment according to the access layer authentication request response message (Targali: para. 0048, authenticating, by the access point (i.e. AP/domain), the UE, both the AP and UE perform mutual authentication, this includes a response message because mutual authentication could not pass if there is no response message) comprising the access points group identifier and transmitted by the user equipment (Lee: para. 0032-0033, access points group identifier (i.e. MME identifier/GUMMEI) transmitted by the UE), comprises: determining, by the access point, that authentication of the user equipment is passed (Targali: para. 0058, Phase 3, UE accesses the AP after the access layer mutual authentication is passed (i.e. 4-way handshake protocol), the UE has secure access to the AP after performing the 4-way handshake protocol)  if an authentication response parameter comprised in the access layer authentication request response message and an expected response parameter in the access layer authentication parameter are same (Lee: para. 0085, authentication response parameter (i.e. Kasme) are the same than secure communication can take place).
     Same motivation as claim 2 above.


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


  5/21/2021
/J.E.J/Examiner, Art Unit 2439                              



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439