DETAILED ACTION
Claims 1, 4-12, and 14 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Hyun Woo Shin (Reg. No. 74319) on June 17, 2021.
The application has been amended as follows: 

1. 	(Currently Amended) A security communication method between virtualized network functions (VNF) in a network function virtualization (NFV) environment, the security communication method comprising:
	generating a hash chain of a VNF image by a virtualized infrastructure manager (VIM) when a VNF in a tenant is instantiated to share the hash chain with an element manager;
	performing authentication between a first VNF and a second VNF by the
a first secret key by the authenticated first VNF based on the hash chain and generating a second secret key by the authenticated second VNF based on a second hash chain
	performingthe first secret key and the second secret key,
	wherein the sharing includes:
	calculating VNF identification information VNFID in the tenant by combining at least one of tenant identification information, VNF identification information, and instance identification information;
	calculating the hash chain by applying the calculated VNF identification information VNFID in the tenant to a hash function and sharing the calculated hash chain with the element manager; and
	when the calculated hash chain is updated, sharing the updated hash chain with the element manager.

2-3.	(Cancelled)

4.	(Currently Amended) The security communication method in a NFV environment of claim 1
	updating the hash chain by applying the
	transmitting the updated hash chain to the element manager.

anthe

6.	(Currently Amended) The security communication method in a NFV environment of claim 1, wherein the performing of authentication includes:
	when an initial message is received from the first VNF, requesting and receiving the second hash chain from the second VNF;
	authenticating the second VNF by comparing the received hash chain of the second VNF with a previous stored second VNF hash chain;
	when the authentication of the second VNF is completed, requesting and receiving the hash chain from the first VNF;
	authenticating the first VNF by comparing the received hash chain of the first VNF with a previous stored first VNF hash chain; and
	transmitting an authentication result of the first VNF and the second VNF to the first VNF.

7.	(Currently Amended) The security communication method in a NFV environment of claim 6, wherein when the second hash chain of the second VNF is a hash chain obtained by encrypting a hash chain which is currently allocated to the second VNF using a hash chain which is most recently allocated to the second VNF as the encryption key, in the authenticating of the second VNF, the encrypted hash chain of the second VNF is decoded using the most recent hash 
	when the hash chain of the first VNF is a hash chain obtained by encrypting a hash chain which is currently allocated to the first VNF using a hash chain which is most recently allocated to the first VNF as the encryption key, in the authenticating of the first VNF, the encrypted hash chain of the first VNF is decoded using the most recent hash chain of the first VNF which is previously stored and the first VNF is authenticated by comparing the decoded hash chain with the first VNF hash chain which is previously stored.

8.	(Currently Amended) The security communication method in a NFV environment of claim 1, wherein the first and second secret keys are generated using a Diffie-Hellman (D-H) algorithm based on the hash chain.

9.	(Currently Amended) The security communication method in a NFV environment of claim 8, wherein the generating of the first and second secret keys includes:
	receiving a first integer p and a second integer q from the element manager by the first VNF and the second VNF, respectively;
	generating a first public key and a second public key using the received first integer p, second integer q, and the hash chain and the second hash chain, by the first VNF and the second VNF;
	transmitting the first public key to the second VNF by the first VNF and transmitting the second public key to the first VNF by the second VNF; and
thethe hash chain and the second public key by the first VNF and generating thethe second hash chain and the first public key by the second VNF,
	wherein the hash chain is a private key.

10.	(Currently Amended) The security communication method in a NFV environment of claim 9, wherein the performing the
	encrypting a message using the first secret key and transmitting the encrypted message to a VNF gateway by the first VNF;
	obtaining setting information for the message, comparing the obtained setting information with a previously stored security policy information by the VNF gateway to transmit the encrypted message to the second VNF when the obtained setting information and the previously stored security policy information coincides with each other; and
	decoding the encrypted message using the second secret key by the second VNF.

11.	(Currently Amended) The security communication method in a NFV environment of claim 10, wherein when the obtained setting information and the previously stored security policy information does not coincide, the VNF gateway blocks the encrypted message.

12.	(Currently Amended) A system for security communication between VNFs in a tenant including a plurality of VNFs in a network function virtualization (NFV) environment, the system comprising:

	a hardware VNF gateway which is located between the plurality of VNFs in the tenant and sets a Sec-catalog in which security policy information for a VNF traffic is set to control the traffic between the VNFs; and
	a virtualized infrastructure manager (VIM) which generates a hash chain of a VNF image when a VNF in the tenant is instantiated to share the hash chain with the element manager,
	wherein the VIM: calculates VNF identification information VNFID in the tenant by combining at least one of tenant identification information, VNF identification information, and instance identification information; calculates the hash chain by applying the calculated VNF identification information VNFID in the tenant to a hash function and sharing the calculated hash chain with the element manager; and when the calculated hash chain is updated, shares the updated hash chain with the element manager, and
	wherein the VNF which is authenticated in the element manager generates a secret key based on the hash chain, encrypts a message with the generated secret key to transmit the message to the VNF gateway, and when the encrypted message is received from the VNF gateway, decodes the encrypted message using the secret key, and the VNF gateway obtains setting information for the message and compares the obtained setting information with the security policy information so that when the obtained setting information and the security policy information coincides with each other, the VNF gateway transmits the encrypted message to the VNF of the other party.

13.	(Cancelled)	

14.	(Currently Amneded) The security communication system in a NFV environment of claim 12, wherein the VIM updates the hash chain by applying the hash function to a previous hash chain when the VNF image is modified

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “generating a hash chain of a VNF image by a virtualized infrastructure manager (VIM) when a VNF in a tenant is instantiated to share the hash chain with an element manager; performing authentication between a first VNF and a second VNF by the element manager using the hash chain; generating a first secret key by the authenticated first VNF based on the hash chain and generating a second secret key by the authenticated second VNF based on a second hash chain; and performing communication by the first VNF and the second VNF using the first secret key and the second secret key, wherein the sharing includes: calculating VNF identification information VNFID in the tenant by combining at least one of tenant identification information, VNF identification information, and instance identification information; calculating the hash chain by applying the calculated VNF identification information VNFID
The following is considered to be the closest prior art of record:
IIyadis (US 2017/0012975) – teaches a network function virtualization security and trust system that authenticates the nodes using an accumulated hash function.
King (US 2010/0042841) – teaches generating a shared key between two devices and using two independent hash functions to generate a utilized key to allow two nodes to communicate securely by encrypting messages using the utilized key.
Wang (US 2017/0302646) – teaches authenticating two VNFs.
Sood (US 2016/0337329) – teaches bootstrapping VNFs.
Sharma (US 2018/0288101) – teaches hashing VNF images and comparing the hashes to ensure that the VNF images have not been tampered with.
Hermoni (US 2018/0337931) – teaches hashing VNF images.
However, the concept of authenticating two VNFs using hash chains, generating secret keys for the VNFs using hash chains, and performing communication between the two VNFs using the secret keys where the hash chains are generated as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1, 4-12, and 14 are considered to be allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/John B King/
Primary Examiner, Art Unit 2498