DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 16/650,997 filed on 3/26/2020.
Claims 15-21 have been examined and are pending in this application. As per the Preliminary Amendment filed on 3/26/2020, claims 1-14 and 22-25 were canceled and claims 15-21 have been amended. Claims 15-21 are pending in this application. 
The examiner notes the IDSs filed have been considered. 

Claim Objections
Claims 15, 16 and 19 are objected to because of the following informalities:  
Regarding Claim 15, 16 and 19; claim 15, 16 and 19 recites the acronym NAS without spelling out in full at its first occurrence. The examiner notes for better clarity to spell out the acronym NAS with its first occurrence.   Appropriate correction is required.








Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 15-16 and 19-21 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Ben Henda et al. (WO 2019/020161 A1).

Regarding Claim 15;
Ben Henda discloses a communication terminal comprising: 
at least one processor (FIG. 9)
and at least one memory operatively coupled with the processor (FIG. 9), wherein the at least one processor is configured to: 
access a network node via a first type access and a second type access (FIG. 8 and FIG.  9 -3GPP and 1st non-3GPP and 2nd non-3GPP); and 
establish a first NAS connection for the first type access and a second NAS connection for the second type access with the network node in a network (FIG. 8 and FIG.  9 -3GPP and 1st non-3GPP and 2nd non-3GPP and page 13 - Although it seems that there may be no need to support more than two NAS connections, it cannot be precluded with certainty that there will not be any future features or enhancements requiring the support of more than two simultaneous NAS connections, one over 3GPP and two over non-3GPP accesses ( e.g., WiFi and satellite). For this reason, it may be better that the new security mechanism is not limited to two connections and that it efficiently supports an arbitrary (up to a limit) number of simultaneous connections and page 14 - According to some embodiments of inventive concepts, methods may be provided to secure parallel NAS connections and page 15 - For the reception of uplink NAS messages and transmission of downlink NAS messages, operations of the NAS Protocol Entity (including the NAS Security Function and the NAS Connection Management Function) of Figure 8 may be performed by processor 703 of network node 501.), 
wherein 
a parameter specific to each of the NAS connections is used to achieve independent NAS security (Page 16 - As discussed above, for each NAS connection, a separate pair of NAS COUNTs, one for each direction, may be used/maintained. Since the security keys are shared and to reduce/avoid key stream reuse, methods for cryptographic separation may be used/required. For this purpose, a NAS connection-specific parameter may be introduced, and this NAS connection-specific parameter may be referred to as the NAS connection identifier and denoted by NAS CONN ID. The NAS CONN ID is a number that is incremented each time a new NAS connection is set up for a wireless terminal. In the security context, each NAS COUNT pair is associated with a unique NAS CONN ID value. The new parameter is used as a differentiator when interacting with the NAS security function to indicate which NAS connection each message belongs to. To keep track of unallocated NAS CONN ID values, an additional parameter may be used/needed. This new parameter, denoted by NEXT NAS CONN ID may also be part of the security context), and 
the parameter includes a value associated with a unique NAS connection identifier for the first type access and the second type access (Page 16 - As discussed above, for each NAS connection, a separate pair of NAS COUNTs, one for each direction, may be used/maintained. Since the security keys are shared and to reduce/avoid key stream reuse, methods for cryptographic separation may be used/required. For this purpose, a NAS connection-specific parameter may be introduced, and this NAS connection-specific parameter may be referred to as the NAS connection identifier and denoted by NAS CONN ID. The NAS CONN ID is a number that is incremented each time a new NAS connection is set up for a wireless terminal. In the security context, each NAS COUNT pair is associated with a unique NAS CONN ID value. The new parameter is used as a differentiator when interacting with the NAS security function to indicate which NAS connection each message belongs to. To keep track of unallocated NAS CONN ID values, an additional parameter may be used/needed. This new parameter, denoted by NEXT NAS CONN ID may also be part of the security context).








Regarding Claim 16;
Ben Henda discloses a core network node comprising: 
at least one processor (FIG 8 - 3GPP and 1st non-3GPP and 2nd non-3GPP);
and at least one memory operatively coupled with the processor (FIG 8 - 3GPP and 1st non-3GPP and 2nd non-3GPP), wherein the at least one processor is configured to: 
register a communication terminal via a first type access and a second type access (FIG 8 - 3GPP and 1st non-3GPP and 2nd non-3GPP and page 2 – A registration request message... page 13 - Although it seems that there may be no need to support more than two NAS connections, it cannot be precluded with certainty that there will not be any future features or enhancements requiring the support of more than two simultaneous NAS connections, one over 3GPP and two over non-3GPP accesses ( e.g., WiFi and satellite). For this reason, it may be better that the new security mechanism is not limited to two connections and that it efficiently supports an arbitrary (up to a limit) number of simultaneous connections and page 14 - According to some embodiments of inventive concepts, methods may be provided to secure parallel NAS connections and Page 15 - For the reception of uplink NAS messages and transmission of downlink NAS messages, operations of the NAS Protocol Entity (including the NAS Security Function and the NAS Connection Management Function) of Figure 8 may be performed by processor 703 of network node 501 and page 15-16 - Figures 8 and 9 illustrate NAS Security Functions at a core network node and at a wireless terminal, respectively... As discussed above, for each NAS connection, a separate pair of NAS COUNTs, one for each direction, may be used/maintained. Since the security keys are shared and to reduce/avoid key stream reuse, methods for cryptographic separation may be used/required. For this purpose, a NAS connection-specific parameter may be introduced, and this NAS connection-specific parameter may be referred to as the NAS connection identifier and denoted by NAS CONN ID.);
have a first NAS connection for the first type access and a second NAS connection for the second type access (FIG 8 - 3GPP and 1st non-3GPP and 2nd non-3GPP and Page 15 - For the reception of uplink NAS messages and transmission of downlink NAS messages, operations of the NAS Protocol Entity (including the NAS Security Function and the NAS Connection Management Function) of Figure 8 may be performed by processor 703 of network node 501.);
trigger NAS SMC (Security Mode Command) processing via the second type access (Page 2 – A registration request message may be transmitted through the second access node to the network node to request the second NAS connection, wherein transmitting the registration request message includes performing integrity protection for the registration request message using the second NAS CID. A security mode command message may be received from the network node through the second access node, wherein the security mode command message corresponds to the registration request message. Responsive to receiving the security mode command message, a security mode complete message may be transmitted from the wireless terminal to the network node through the second access node. Page 15 - s expected that the negotiation takes place once during the establishment and activation of the AMF key, e.g. the NAS SMC procedure-equivalent in 5G. The NAS SMC (Security Mode Command) procedure is described in detail in TS 33.401 (also referred to as reference [2]).)
and transmit a message including an indicator to the communication terminal during the NAS SMC processing (Page 2 – A registration request message may be transmitted through the second access node to the network node to request the second NAS connection, wherein transmitting the registration request message includes performing integrity protection for the registration request message using the second NAS CID. A security mode command message may be received from the network node through the second access node, wherein the security mode command message corresponds to the registration request message. Responsive to receiving the security mode command message, a security mode complete message may be transmitted from the wireless terminal to the network node through the second access node. Page 15 - s expected that the negotiation takes place once during the establishment and activation of the AMF key, e.g. the NAS SMC procedure-equivalent in 5G. The NAS SMC (Security Mode Command) procedure is described in detail in TS 33.401 (also referred to as reference [2]).)

Regarding Claim 19;
Ben Henda discloses communication terminal comprising: 
at least one processor (FIG. 9),; and 
at least one memory operatively coupled with the processor(FIG. 9),, wherein the at least one processor is configured to: 
access a first network node via a first type access and access a second network node via a second type access FIG. 8 and FIG.  9 -3GPP and 1st non-3GPP and 2nd non-3GPP); 
establish a first NAS connection for the first type access and a second NAS connection for the second type access with the first and second network nodes (FIG. 8 and FIG.  9 -3GPP and 1st non-3GPP and 2nd non-3GPP and page 13 - Although it seems that there may be no need to support more than two NAS connections, it cannot be precluded with certainty that there will not be any future features or enhancements requiring the support of more than two simultaneous NAS connections, one over 3GPP and two over non-3GPP accesses ( e.g., WiFi and satellite). For this reason, it may be better that the new security mechanism is not limited to two connections and that it efficiently supports an arbitrary (up to a limit) number of simultaneous connections and page 14 - According to some embodiments of inventive concepts, methods may be provided to secure parallel NAS connections and page 15 - For the reception of uplink NAS messages and transmission of downlink NAS messages, operations of the NAS Protocol Entity (including the NAS Security Function and the NAS Connection Management Function) of Figure 8 may be performed by processor 703 of network node 501.); 
use different security contexts for each of the network nodes and establish individually the respective security contexts (Page 16 - As discussed above, for each NAS connection, a separate pair of NAS COUNTs, one for each direction, may be used/maintained. Since the security keys are shared and to reduce/avoid key stream reuse, methods for cryptographic separation may be used/required. For this purpose, a NAS connection-specific parameter may be introduced, and this NAS connection-specific parameter may be referred to as the NAS connection identifier and denoted by NAS CONN ID. The NAS CONN ID is a number that is incremented each time a new NAS connection is set up for a wireless terminal. In the security context, each NAS COUNT pair is associated with a unique NAS CONN ID value. The new parameter is used as a differentiator when interacting with the NAS security function to indicate which NAS connection each message belongs to. To keep track of unallocated NAS CONN ID values, an additional parameter may be used/needed. This new parameter, denoted by NEXT NAS CONN ID may also be part of the security context).



Regarding Claim 20;
Ben Henda discloses the communication terminal to Claim 19
Ben Henda discloses wherein the first and second network nodes belong to different networks (page 13 - Although it seems that there may be no need to support more than two NAS connections, it cannot be precluded with certainty that there will not be any future features or enhancements requiring the support of more than two simultaneous NAS connections, one over 3GPP and two over non-3GPP accesses (e.g., WiFi and satellite). For this reason, it may be better that the new security mechanism is not limited to two connections and that it efficiently supports an arbitrary (up to a limit) number of simultaneous connections and page 14 - According to some embodiments of inventive concepts, methods may be provided to secure parallel NAS connections).

Regarding Claim 21;
Ben Henda discloses the communication terminal to Claim 15.
Ben Henda discloses wherein the first type access is 3GPP access, and the second type access is non-3GPP access (FIG. 9 and page 13 - Although it seems that there may be no need to support more than two NAS connections, it cannot be precluded with certainty that there will not be any future features or enhancements requiring the support of more than two simultaneous NAS connections, one over 3GPP and two over non-3GPP accesses ( e.g., WiFi and satellite). For this reason, it may be better that the new security mechanism is not limited to two connections and that it efficiently supports an arbitrary (up to a limit) number of simultaneous connections and page 14 - According to some embodiments of inventive concepts, methods may be provided to secure parallel NAS connections).
Claim(s) 17-18 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lee et al. (US 2018/0084414 A1).

Regarding Claim 17;
Lee discloses a communication terminal comprising: 
at least one processor (FIG. 5 – UE); and 
at least one memory operatively coupled with the processor (FIG. 5 – UE), wherein the at least one processor is configured to: 
derive EMSK (Extended Master Session Key) during EAP-TLS (Extended Master Session Key) authentication processing (FIG. 5 – UE – EAP Procedure and [0085] - As a part of performing the EAP procedure, each of the UE 115-c and the authentication server 245-b may derive an MSK and an EMSK. The MSK and EMSK may be derived based at least in part on the authentication credentials and a first set of parameters); and 
use the EMSK so as to derive a security key (FIG. 5 – UE -  Derive First/Other Security Keys and [0087]).

Regarding Claim 18; 
Lee discloses a core network node comprising: 
at least one processor(FIG. 5); and 
at least one memory operatively coupled with the processor (FIG. 5), wherein the at least one processor is configured to: 
acquire EMSK (Extended Master Session Key) during EAP-TLS (Extended Master Session Key) authentication processing (FIG. 5 – EAP Procedure and [0085] - The EAP procedure may be based at least in part on a set of authentication credentials exchanged between the UE 115-c and the authentication server 245-b. As a part of performing the EAP procedure, each of the UE 115-c and the authentication server 245-b may derive (i.e., derive is constructed to be in the breadth of acquire, vice versa) an MSK and an EMSK and [0087] - At 520 and 525, each of the UE 115-c and the authentication server 245-b may independently derive a first security key for the cellular network 205-d. Because the UE 115-c and the authentication server 245-b each determine that the authenticator 235-d is associated with the cellular network 205-d, each of the UE 115-c and the authentication server 245-b may derive the first security key based at least in part on the EMSK).; and 
use the EMSK so as to derive a security key (FIG. 5 – Derive First Security Key/Derive Other Security Key).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KARI L SCHMIDT/            Primary Examiner, Art Unit 2439