REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Claim 1 recites a control signaling processing method, wherein the method is applied to an access network architecture comprising a first network device and a second network device, wherein the first network device is connected to the second network device, the second network device is connected to at least one user equipment (UE), the method is performed by the second network device, the second network device comprises a first protocol layer entity and a second protocol layer entity, and the method comprises:
establishing, by the second network device, a signaling radio bearer between the second network device and UE, wherein the signaling radio bearer is for transmitting control signaling between the second network device and the UE, and the UE is any one of the at least one UE;
determining, by the first protocol layer entity of the second network device, integrity protection parameters and an integrity protection algorithm for performing integrity protection on the control signaling between the second network device and the UE;
determining, by the second protocol layer entity of the second network device, a message authentication code MAC-I based on the integrity protection parameters and the integrity protection algorithm;

receiving, by the second protocol layer entity of the second network device, the control signaling sent by the first protocol layer entity of the second network device; and
sending, by the second protocol layer entity of the second network device, to the UE, the control signaling carrying the MAC-I.

Claim 9 recites a control signaling processing method, performed by user equipment (UE), wherein the method comprises:
establishing, by the UE, a signaling radio bearer between the UE and a second network device, and transmitting control signaling between the UE and the second network device through the signaling radio bearer;
determining, by the UE, integrity protection parameters and an integrity protection algorithm for performing integrity protection on the control signaling;
receiving, by the UE, control signaling sent by the second network device, the control signaling carrying a message authentication code MAC-I; and
performing, by the UE, integrity check on the control signaling based on the integrity protection parameters and the integrity protection algorithm


receiving, by the UE. a security activation command sent by a first network device, wherein the security activation command comprises an integrity protection algorithm for performing integrity protection on a signaling radio bearer between the first network device and the UE and the security activation command is for activating the signaling radio bearer between the first network device and the UE:
generating, by the UE a root key based on the security activation command; and 
generating, by the UE. based on the root key, a key for performing integrity protection on the signaling radio bearer between the second network device and the UE.

Claim 15 recites a control signaling processing method, wherein the method is applied to an access network architecture comprising a first network device and a second network device, wherein the first network device is connected to the second network device, the second network device is connected to at least one user equipment (UE), the method is performed by the second network device, the second network device comprises a first protocol layer entity, and the method comprises:

determining, by the first protocol layer entity of the second network device, integrity protection parameters and an integrity protection algorithm, wherein the integrity protection parameters and the integrity protection algorithm are for performing integrity protection on the control signaling between the second network device and the  UE;
determining, by the first protocol layer entity of the second network device, a message authentication code MAC-I based on the integrity protection parameters and the integrity protection algorithm; and
generating, by the first protocol layer entity of the second network device, the control signaling, and sending, to the UE, the control signaling carrying the MAC-I;
wherein the determining, by the first protocol layer entity of the second network device, the integrity protection parameters and the integrity protection algorithm comprises:
receiving, by the first protocol layer entity of the second network device, a security context establishment request message sent by the first network device, wherein the security context establishment request message comprises: a first key, and at least one integrity protection algorithm that the UE supports;


determining, by the first protocol layer entity of the second network device, the integrity protection algorithm in the at least one integrity protection algorithm that the UE supports.

The related prior art does not anticipate or render obvious the invention above:
Chen et al. (US 20130310006 A1) discloses generating, by the second network device, control signaling between the second network device and user equipment UE (Fig. 8 step 811 and par. 0230 disclose establishing radio bearer between UE and RNC, which is used for transmitting control signal in step 817 – i.e. control bearer); determining, by the second network device, integrity protection parameters and an integrity protection algorithm, wherein the integrity protection parameters and the integrity protection algorithm are for performing integrity protection on the control signaling between the second network device and the user equipment UE (Fig. 8 step 817 and par. 0236 – “The RNC sends an SMC message to the UE, where the SMC message carries: a cipher algorithm and an integrity algorithm that are selected by the RNC according to a UE security capability, a generated parameter value (Fresh) and the UE security capability, and a MAC-I generated according to the IK, an integrity sequence number, the SMC message, a direction indication, and the Fresh through an F9 algorithm, and at the same time, the SMC message is under integrity protection”, which indicated that the integrity protection parameters and an integrity protection algorithm are determined by the second network device); determining, by the second network device, a message authentication code MAC-I based on the integrity protection parameters and the integrity protection algorithm (Fig. 8 step 817 and par. 0236 – “The RNC sends an SMC message to the UE, where the SMC message carries: a cipher algorithm and an integrity algorithm that are selected by the RNC according to a UE security capability, a generated parameter value (Fresh) and the UE security capability, and a MAC-I generated according to the IK, an integrity sequence number, the SMC message, a direction indication, and the Fresh through an F9 algorithm, and at the same time, the SMC message is under integrity protection”); and generating, by the second network device, the control signaling, and sending, to the UE, the control signaling carrying the MAC-I (Fig. 8 step 817 and par. 0236 discloses generating and sending SMC message including MAC-I). However, the reference is silent on details about (1) first and second (2) the interactions between UE and network device to establish the integrity protection as recited in claim 1, 9 and 15. 
Yi et al. (US 20140192631 A1) discloses PDCP layer of network device for generating MAC-I (Fig. 3, Fig. 9 and par. 0100). However, silent on details about (2).
Kubota (US 20110299681 A1) discloses wherein the first protocol layer entity is a Radio Link Control (RLC) entity or a Media Access Control MAC layer entity (par. 0109 – “In block 394, the generated radio link control protocol data units (RLC PDU) are sent to medium access control (MAC) 370 for generation of medium access control protocol data units (MAC-I PDU) 395 and sending them to lower layer 396”). However, silent on details about (2).
Other related reference found by Examiner are listed in “Notice of Reference Cited”.

As discloses above, none of the prior art anticipate the invention of claim 1, 9, and 15. The above references, in combination, do not render obvious the invention of claim 1, 9 and 15. Therefore, claims 1, 9, 15 and their dependent claims are allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUNG HONG whose telephone number is (571) 270-7928.  The examiner can normally be reached on Monday-Friday from 8:00 am to 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JINSONG HU, can be reached on (571) 272-3965.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

/DUNG HONG/
Primary Examiner, Art Unit 2643