Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Claims 1-20 are pending in this office action.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Larson et al. (U.S. Patent No. 10,693,872).

Regarding claims 1 and 8, Larson et al. teaches a method, comprising: one or more memories (fig. 64, ref. num 6404); and one or more processors communicatively coupled to the one or more memories (fig. 64, ref. num 6402); receiving, by a verification device and from a user equipment (UE), authentication data that includes user information associated with a user of the UE (col. 2, lines 14-40); determining, by the verification device and based on the user information, whether the user is authorized to make requests to a service by an application verification device and based on whether the user is authorized to make requests to the service, access to the user to make requests to the service (col. 30, lines 13-36); receiving, by the verification device and from the UE, a request that is intended for the service, wherein the request relates to an action that is to be performed by the service (col. 8, lines 3-19), and wherein the action includes at least one of retrieval or manipulation of data in a database associated with the service (col. 10, lines 33-38); determining, by the verification device and based on the request, whether the user has permission to request the action (col. 23, lines 21-46); providing, by the verification device and based on whether the user has permission to request the action, the request to the service (col. 23, lines 32-46); receiving, by the verification device and from the service, a response to the request (col. 23, lines 32-46); and providing, by the verification device and to the UE, the response (col. 8, lines 3-7).

Regarding claim 2, Larson et al. teaches wherein the service is located on a server device that is accessible according to the API (col. 7, lines 12-29).

Regarding claim 3, Larson et al. teaches wherein determining whether the user is authorized to make the requests to the service is further based on whether an address associated with the UE corresponds to an address assigned to the user (col. 23, lines 21-46).

Regarding claim 4, Larson et al. teaches wherein the UE is a first UE, the user is a first user, and the requests are first requests; and wherein the method further comprises: a second user is not authorized to make second requests to the service and denying access to the second user to make the second requests to the service (col. 3, line 56 through col. 4, line 12).

Regarding claim 5, Larson et al. teaches wherein receiving the request is via a first secure connection between the UE and the verification device, and providing the request is via a second secure connection between the service and the verification device; receiving the response to the request is via the second secure connection; and providing the response is via the first second connection (col. 25, line 42 through col. 26, line 10).

Regarding claim 6, Larson et al. teaches wherein determining whether the user has permission to request the action comprises: determining whether a type of the action of the request corresponds to a permissible type of action associated with the user (col. 23, lines 21-46).

Regarding claims 7 and 11, Larson et al. teaches wherein the first is a first request, and the action is a first action; and wherein the method further comprises: receiving, from the UE, a second request that is intended for the service, wherein the second request relates to a second action that is to be performed by the service, determining, based on the second request, that the user does not have permission to request the second action, and discarding the second request (col. 3, line 56 through col. 4, line 12).

claim 9, Larson et al. teaches wherein the verification device is a reverse proxy server associated with the server (col. 16, lines 29-50).

Regarding claim 10, Larson et al. teaches wherein the request is a first request, and the action is a first action; and wherein the one or more processors are further to: receive, from the UE, a second request that is intended for the server, wherein the second request relates to a second action that is to be performed by the server, determine that the second request is not formatted for processing by the server; and discard the request (col. 3, line 56 through col. 4, line 12).

Regarding claim 12, Larson et al. teaches wherein the one or more processors, when receiving the request from the UE, are to: receive the request via a first secure connection between the UE and the verification device; and wherein the one or more processors, when providing the request to the server, are to: provide the request to the server via a second secure connection between the verification device and the server; wherein the one or more processors, when receiving the response to the request, are to: receive the response to the request via the second secure connection; and wherein the one or more processors, when providing the response to the UE, are to: provide the response to the UE first the first secure connection (col. 25, line 42 through col. 26, line 10).

Regarding claim 13, Larson et al. teaches wherein the request from the UE is encrypted when received, and wherein the one or more processors are further to: perform decryption of 

Regarding claim 14, Larson et al. teaches wherein the authentication data is a public key certificate (col. 19, lines 48-61).

Regarding claim 15, Larson et al. teaches a non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors, cause the one or more processors to: receive, from a user equipment (UE) via a first secure connection, a request that is intended for a service, wherein the request relates to an action that is to be performed by the service, and wherein the action includes at least one of retrieval or manipulation of data in a database associated with the service (col. 8, lines 3-19 and col. 10, lines 33-38); determine, based on the request, whether a user associated with the UE has permission to request the action (col. 23, lines 21-46); provide, via a second secure connection and based on whether the user has permission to request the action, the request to the service (col. 23, lines 32-46); receive, from the service via the second secure connection, a response to the request (col. 23, lines 32-46); and provide, to the UE via the first secure connection, the response (col. 8, lines 3-7).

Regarding claim 16, Larson et al. teaches wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: determine, before determining whether the user has permission to request the action, whether 

Regarding claim 17, Larson et al. teaches wherein the one or more instructions, that cause the one or more processors to determine whether the user has permission to request the action, cause the one or more processors to: determine whether a type of the action of the request corresponds to a permissible type of action associated with the user (col. 23, lines 21-46).

Regarding claim 18, Larson et al. teaches wherein the request is a first request, and the action is a first action; and wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: receive, from the UE, a second request that is intended for the service, wherein the second request relates to a second action that is to be performed by the service, determine, based on the second request, that the user does not have permission to request the second action, and discard the second request (col. 3, line 56 through col. 4, line 12).

Regarding claim 19, Larson et al. teaches wherein the service is accessible according to an application programming interface (col. 7, lines 12-29).

Regarding claim 20, Larson et al. teaches wherein the service is a service capability exposure function or a network exposure function of a network (col. 25, lines 25-41).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON S HOFFMAN whose telephone number is (571)272-3863.  The examiner can normally be reached on Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON S HOFFMAN/Primary Examiner, Art Unit 2433