Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

2.	Claims 1-3, 6, 14, 16 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. 2014/0140305 to Barrett in view of U.S. Patent 8,855,071 to Sankaran and U.S. Patent Pub. 2013/0310006 to Chen. 

Regarding claims 1 and 14, Barrett teaches a method operational at a radio access network (RAN) node for establishing a first secure connection with a first service network node, comprising:
receiving a first service registration request from a client device (see for example, Figs. 1-2 and 4, as described in sections [0045] to [0047], which teach a UE 101 sending a service request to an eNB 102);
forwarding the first service registration request, comprising a first service identifier and an access node certificate of the RAN node to a connectivity network node under a connectivity context (see for example, Fig. 4 as described in sections [0045] to [0047], which teach the eNB 102 forwarding the service request to the MME 105, where the MME is the “connectivity node” and see sections [0041], [0054] to [0057], which teach an “IP context” the “RRC context” which are “connectivity contexts”, as recited);

In an analogous art, Sankaran teaches a mobile device sending an eNB a request for a session service request.  See for example, column 8 line 46, to column 9, line 3, which describe a “session service registration request” received at the eNB from the mobile device, which is then sent to the MME and see column 17 lines 51-62. 
In an analogous art, Chen teaches a wireless system which receives requests for mobile services, and generates a certificate between the eNB and the RNC as described in sections [0217] to [0236], which relate to Fig. 8.  It is also noted that the MME does not have the IP sec key generated between the eNB and the RNC (see section [0245]).  
Therefore, as Barrett teaches security associations between nodes and as Chen explicitly teaches that the security association is based on a certificate associated with the RAN node (eNB), it would have been obvious to modify Barrett with this security association as Chen teaches the benefits of this association.   
Regarding the features of:    
“establishing the first secure connection under a first service context of a plurality of simultaneous distinct service contexts separate from the connectivity context, through the connectivity network node, with the first service network node identified by the first service identifier based on the access node certificate of the RAN node forwarded to the first service network node by the connectivity network node; and 

In other words, as Barrett and Sankaran teach connectivity and service contexts, modifying the eNB of Barret to include it’s certificate (as in Chen), exchanges security keys and establishes a secure connection from eNB to destination server (as in Chen), where the secure channel passes through the MME (“connectivity node”) of Barret.
Regarding the amendment to claim 1 now reciting “after establishment of a connectivity context between the client device and a connectivity network node via the RAN node, the first service registration request including a first service identifier that is usable by at least one of the RAN node and the connectivity network node to identify and select a first service network node”, as described above, Sakaran teaches a “first service identifier”.  It is noted that this claim language recites “is useable”, which does not require that the service identifier is actually used, and there is no claimed use yet. 

receiving a second service registration request from the client device;
forwarding the second service registration request, comprising a second service identifier and the access node certificate to the connectivity network node under the connectivity context; 
establishing a second secure connection under a second service context of the plurality of simultaneous distinct service contexts, through the connectivity network node, with a second service network node identified by the second service identifier, based on the access node certificate forwarded to the second service network node by the connectivity network node; and
receiving a second security key from the second service network node through  the connectivity network node under the second service context, wherein: the second security key is secured against access by the connectivity network node by the second secure connection under the second service context, the first service context and the second service context are distinct simultaneous service contexts that are separate from the connectivity context, and
the first and second secured connections, associated with the respective simultaneous distinct service contexts, are multiplexed over a single Laver 2 connection of a communication protocol stack”, as described above in the rejection of claim 1, see column 8 line 46, to column 9, line 3 of Sankaran, which also describes a “second service registration request” received from the mobile device, which is sent to the MME.  
Regarding the language of “the first and second secured connections, associated with the respective simultaneous distinct service contexts, are multiplexed over a single Laver 2 connection of a communication protocol stack”, as layer 2 communications are via the MAC layer (as shown in Fig. 13 of Barrett) and as all communications from a single UE are addressed to the same MAC address of the UE, the eNB of Barrett will direct (multiplex) all connections over this single layer connection as now recited.
Regarding claims 3 and 16, which now recite “further comprising:
receiving a second service registration request from the client device; and  establishing a second secure connection under a second service context of the plurality of simultaneous distinct service contexts, through the connectivity network node, with a second service network node, different from the first service network node, based on the access node certificate forwarded to the second service network node by the connectivity network node, wherein the first service context and the second service context are simultaneous service contexts and are separate from the connectivity context, 

Regarding claim 6, which recites “wherein establishing the first secure  connection with the first service network node further comprises: receiving a secure connection request from the connectivity network node which originated from the service network node”, both Barrett and Sankaran teach establishing the secure connection by receiving the connection request at the MME which is sent from the eNB, as recited.  

Regarding claim 31, which recites “wherein the first secure connection between the RAN and the first service network node is secured using a security context unknown to the connectivity node”, as described above, as Chen teaches that the MME does not know the IPsec key (generated between the eNB and the RNC), the combination of references teach and/or render obvious this feature, as recited.
 

Claims 5 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Sankaran and Chen as applied to claims 1 and 14 above, and further in view of U.S. Patent 2015/0351148 to Jha (hereinafter “Jha”).

Regarding claims 5 and 17, which recite “wherein establishing the first secure connection with the first service network node further comprises: determining whether the RAN node has a pre-existing secure connection with the first service network node prior to establishing the first secure connection with the first service network node; if the pre-existing secure connection is available, reusing the pre-existing secure connection with the first service network node; and if the pre-existing secure connection is not available, establishing the first secure connection with the first service network node”, see for example, columns 8-9 of Sankaran, which teach receiving an initial attach message or an “activate” message, where the “activate” message determines that the already was a pre-existing connection, and see  152 in Fig. 3 of Barrett, which teaches a registered and idle mode, where the mobile terminal has already registered with and established a pre-existing connection. 
Therefore, the combination of Barrett and Sankaran would appear to teach and/or render obvious these features, however as these references do not explicitly teach “reusing the previous connection”, Jha is added.  
In an analogous art, Jha teaches a wireless system which assigns resources and reuses previous connections (if stored).  See for example, section [0025], which explicitly teaches that the bearers and security information from the previous connection are reused. 
Therefore, as Barrett/Sankaran teach initializing and “activating” connections, and as Jha teaches reusing connection data, it would have been obvious to modify the .   


Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Chen and Sankaran as applied to claims 1 and 14 above, and further in view of either one of U.S. Patent Pubs. 2014/0302820 to Jones or 2014/0241317 to Jamadagni.
Regarding claims 7 and 18, which now recite “wherein the security key serves to secure communications between the RAN node and the client device”, as Barrett and Sankaran do not explicitly teach using keys, Jones or Jamadagni is added.
	In analogous art, both Jones and Jamadagni teach using keys between the eNB and the client device.  See for example, section [0018] of Jones and section [0048] of Jamadagni.
	Therefore, as Barrett/Sankaran teach using secure connections, and as both Jones and Jamadagni teach using keys between the eNB and the client device, it would have been obvious to modify the Barrett/Sankaran combination, with either one of Jones and Jamadagni, as keys are conventionality used for secure connections. 


Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Sankaran and Chen as applied to claims 1 and 14 above, and further in view of one of U.S. Patent 8,964,695 to Bachmann or U.S. Patent Pub. 2012/0100833 to Gao.

In analogous art, Bachmann teaches using certificates to establish a secure connection between nodes.  See column 9, line 15 and column 27, line 6, which teach sending device identifier information along with the certificate itself to ensure security. Sections [0018] to [0019] of Gao also teach that the base station and the service node exchange certificates. 
	Therefore, as Barrett/Sankaran teach sending service request connections, Chen teaches using certificates, and as Bachmann or Gao teach including the certificate in the connection process, it would have been obvious to modify the combination of Barrett/Sankaran/Chen to include the certificate, as is conventional and as for reasons as taught in Bachmann/Gao.  


Claims 21, 28 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Sankaran and Chen as applied to claim 1 above. 

Regarding claims 21 and 30, which now recite “a method operational at a service network node for establishing a secure connection with a radio access network (RAN) node, comprising: 

establishing the secure connection with the RAN node based on the access node certificate of the RAN node forwarded to the service network node by the connectivity network node (see secure connection established in Chen forwarded through the MME of Barret); and 
transmit a first security key to the RAN node through the connectivity network node, wherein the first security key is secured against access by the connectivity network node by the secure connection (key exchange of Chen, via MME of Barret).
Regarding the changes to claims 21 and 30, which are similar to claim 1, see the rejection of claim 1 above. 
Regarding claim 28, which now recites “wherein establishing the secure connection further comprises sending service network node information to the RAN node”, see for example, columns 13-14 of Sankaran, which teach “the service node sending the address to the radio access network node” and Chen which teaches sending security parameters, as recited.


Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Sankaran and Chen as applied to claim 28, and further in view of Bachmann or Gao. 

Regarding claim 29, which recites “wherein the service network node information comprises at least a certificate associated with the service network node”, as Barrett, Sankaran and Chen do not teach including the certificate, Bachmann/Gao is added. 
In analogous art, Bachmann teaches using certificates to establish a secure connection between nodes.  See column 9, line 15 and column 27, line 6, which teach sending device identifier information along with the certificate itself.  See also sections [0018] to [0019] of Gao, which teach a certificate of the service node.
	Therefore, as Barrett/Sankaran teach sending service request connections, Chen teaches each node using it’s certificate, and as Bachmann teaches including the certificate in the connection process, it would have been obvious to modify the Barrett/Sankaran/Chen combination to include the certificate, as is conventional and as for reasons as taught in Bachmann/Gao.  


Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Chen and Sankaran as applied to claim 21 above, and further in view of Jha.
Regarding claim 22, which now recites “wherein establishing the secure connection with the RAN node further comprises:

if the pre-existing secure connection is available, reusing the pre-existing secure connection with the RAN node; and 
if the pre-existing secure connection is not available, establishing the secure connection with the RAN node”, Jha is added. 
In an analogous art, Jha teaches a wireless system which assigns resources and reuses previous connections (if stored).  See for example, section [0025], which explicitly teaches that the bearers and security information from the previous connection are reused prior to establishing a new connection.  
Therefore, as Barrett/Sankaran teach initializing and “activating” connections, and as Jha teaches reusing connection data, it would have been obvious to modify the Barrett/Sankaran combination, as Jha teaches the benefits and conventionality of reusing previous connection information.   


Claims 24 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Barrett, Sankaran and Chen as applied to claim 21, and further in view of either one of U.S. Patent Pub. 2010/0056156 to Xu or U.S. Patent Pub. 2010/0173610 to Kitazoe.


In an analogous art, Xu and Kitazoe teach wireless systems which use keys (for both Access Straum (AS) and Non-Access Stratum (NAS) layers) which are sent to the UE.  See for example, sections [0017] and [0088] to [0089] of Xu and section [0077] of Kitazoe.  
Therefore, as Barrett/Sankaran teach using secure connections, and as Xu and Kitazoe teach using keys for secure connections, it would have been obvious to modify the Barrett/Sankaran combination with one of Xu/Kitazoe, as secure connections generated with keys are conventional and desired.     
Regarding claim 26, which recites “wherein the first security key serves to secure access stratum communications”, see the rejection of claims 24-25 above, which both address security keys in the access stratum layer, as recited.

Response to Arguments
Regarding Applicant’s remarks filed on 5-3-21, these are now moot in view of the new grounds of rejection.  As set forth above, Sankaran teaches a first service identifier (see column 17 lines 51-62) and the added language “is useable” does not require the use of “first service identifier.”  Also, there is no subsequent use of this identifier claimed, as claim 1 recites that the identifier is “forwarded under the context” and does not positively recite any use of the service identifier.     

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lester Kincaid can be reached on (571)272-7922.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/STEVEN S KELLEY/Primary Examiner, Art Unit 2646