DETAILED ACTION
1.	This action is responsive to communications regarding the applicant’s amendments and arguments, filed on 07/16/2021.
2. 	Claims 1-18 are pending.
Notice of Pre-AIA  or AIA  Status
3. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Arguments and Amendments
4.	Applicant’s arguments, see page 1-2 on remarks, filed 07/16/2021, with respect to the rejection(s) of claim(s) 1-18 under 103 rejections have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Sundar Sciram (US 9585153).
5.	Applicant’s arguments filed on 07/16/2021, with respect to the 35 U.S.C 112 second paragraph rejections of claims 1-18 have been fully considered and persuasive. Therefore, the rejections of claims 1-18 have been withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

(s) 1 is rejected under 35U.S.C 103 as being unpatentable over Colin Kahn (US 20160127894), in view of Sundar Sciram (US 9585153), hereinafter Sciram. 

	Regarding claim 1:
	Kahn discloses receiving, by a first network side device, a first message from a terminal wherein the first 5message carries ciphertext of context information of the terminal, and the ciphertext of the context information is information obtained by encrypting the context information of the terminal the wireless end device may be configured to encrypt context information of the wireless end device, based on a security key associated with attachment of the wireless end device to a wireless communication network, to form encrypted context information, generate a packet including a header and a payload where the header includes the encrypted context information, and propagate the packet toward a wireless access node of the wireless communication network (Kahn, paragraph 13). 
Obtaining by the first network side device, a first key, and decrypting the ciphertext of the context information based on the first key, to obtain the context information the controller may be configured to receive the encrypted context information from the wireless access node, decrypt the encrypted context information based on a security key associated with attachment of the wireless end device to the wireless communication network to recover the context information of the wireless end device, and determine, based on the context information, whether the wireless end device is permitted to communicate via the wireless communication network. These and various other embodiments and advantages of the capability for connectionless wireless access may be further understood when considered within the context of an exemplary wireless communication system as depicted in FIG. 1. (Kahn, paragraph 13); and establishing, by the first network side device, a communication connection for the terminal using the context information the configuration of wireless communication network 120 to support connectionless communication by wireless end device 110 via wireless communication network 120 may include configuration of wireless access node 121 based on data handling context information received from controller 123 (Kahn, paragraph 48).
	However, Kahn fails to teach wherein the context information comprises charging context information. Sciram teaches MME 104 then stores this CA provisioning information as part of the SubscriberCapabili ty Information in the UE context information it maintains for UE 101 (Sciram, column 4, [lines 47-49]), and further The alternative approach involves restricting the Aggregate Maximum Bit Rate (AMBR) allowed per access point name (APN) for the subscriber. For example, for every APN defined in the HSS and configured for a user, the Max Requested-Bandwidth in the uplink (UL) and downlink (DL) is provided (Sciram, column 6, [lines 22-28]). Examiner interprets Aggregate Maximum Bit Rate (AMBR) is charging context information. Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sciram with that of Kahn in order to determine that a call involving a user equipment (UE) is eligible for carrier aggregation.


7.	Claim(s) 2 is rejected under 35U.S.C 103 as being unpatentable over Colin Kahn (US 20160127894), in view of Sundar Sciram (US 9585153), and further in view of Robert Statica (US 9698976), hereinafter Statica.

Regarding claim 2:
Kahn discloses receiving, by the first network side device, the first message from the terminal generate a packet including a header and a payload where the header includes the encrypted context information, and propagate the packet toward a wireless access node of the wireless communication network (Kahn, paragraph 13), but fail to disclose a step before receiving: encrypting, by the first network side device, the context information of the terminal based on the first key, to obtain the ciphertext of the context information of the terminal; and 15sending, by the first network side device, a second message to the terminal, wherein the second message carries the ciphertext of the context information of the terminal. Statica teaches at 1206, the received public key is used to encrypt information, such as a message, or other information (e.g., a symmetric key which in turn is used to encrypt the message). The key reference value associated with the received public key is included in the message metadata or otherwise incorporated into the message payload. Finally, at 1208, device 114 sends the message (e.g., to platform 102 for retrieval by Alice). Note that using techniques described, Alice's device(s) need not be online (e.g., connected to platform 102) at the time Bob composes and/or sends messages to her (Statica, column 10, [lines 51-62]). Before sending encrypted message to Alice, Bob used public key to encrypt the message. Bob could be a network side device and Alice is the terminal device. Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn with that of Statica in order to allow users of client devices to exchange messages securely with one another or other users (Statica, column 5, [lines 53-55]).

8.	Claim(s) 3, 9-11, 14-16 are  rejected under 35U.S.C 103 as being unpatentable over Colin Kahn (US 20160127894), in view of Sundar Sciram (US 9585153), and Robert Statica (US 9698976), further in view of Lifeng Yang (US 9735962).

Regarding claim 3:
Kahn, Sciram, Statica and Yang disclose wherein before sending, by the first network side device, the second message to the terminal, the method further comprises: encrypting, by the first network side device, the first key based on a second key, to obtain 20ciphertext of the first key wherein the second message further carries the ciphertext of the first key; and the first message further carries the ciphertext of the first key, and wherein obtaining, by the first network side device, the first key comprises: decrypting, by the first network side device, the ciphertext of the first key in the first message 25based on the second key, to obtain the first key decrypting the encrypted key encryption key, using plaintext controller encryption key, to obtain a plaintext key encryption key, decrypting the encrypted data encryption key, using the plaintext key encryption key, to obtain plaintext data encryption key, then encrypting the set of host data, using the plaintext data encryption key, to generate a set of encrypted host data (Yang, column 2, [lines 1-10]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn with that of Yang in order to avoid a malicious user gaining unauthorized access to encryption keys that may be used to decrypt previously encrypted host data (Yang, column 1, [lines 45-55]).


Kahn, Sciram, Statica and Yang disclose obtaining, by a terminal, ciphertext of context information of the terminal when the terminal receives a paging message configured to page the terminal or when the terminal detects a to-be-sent uplink message the wireless access nodes 121 are configured to support wireless communications of wireless end device 110, including wireless uplink transmission from wireless end device 110 (Kahn, paragraph 19); and sending, by the terminal, a first message to a first network side device, wherein the first message carries the ciphertext of the context information of the terminal generate a packet including a header and a payload where the header includes the encrypted context information, and propagate the packet toward a wireless access node of the wireless communication network (Kahn, paragraph 13); wherein the context information is used by the first network side device to establish a communication for the terminal the configuration of wireless communication network 120 to support connectionless communication by wireless end device 110 via wireless communication network 120 may include configuration of wireless access node 121 based on data handling context information received from controller 123 (Kahn, paragraph 48) after the ciphertext of the context information is decrypted by the first network side device using a first key and wherein the context information comprises charging context information  decrypting the encrypted key encryption key, using plaintext controller encryption key, to obtain a plaintext key encryption key, decrypting the encrypted data encryption key, using the plaintext key encryption key (Yang, column 2, [lines 1-10]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn with that of Yang in order to avoid a malicious user gaining unauthorized access to encryption keys that may be used to decrypt previously encrypted host data (Yang, column 1, [lines 45-55]).

Regarding claim 10: 
Kahn discloses wherein the method further comprises: receiving, by the terminal, a second message from the first network side device or a second 30network side device, wherein the second message carries the ciphertext of the context information of the terminal; and storing, by the terminal, the ciphertext of the context information of the terminal wireless access node 121 receives the data handling context information of wireless end device 110 and stores the data handling context information of wireless end device 110 (Kahn, paragraph 49).

Regarding claim 11:
Kahn, Sciram, Statica and Yang disclose wherein the first message and the second message further carry ciphertext of a first key generate the encrypted key encryption key by encrypting the plaintext key encryption key using the plaintext controller encryption key (Yang, column 3, [lines 1-3]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn with that of Yang in order to avoid a malicious user gaining unauthorized access to encryption keys that may be used to decrypt previously encrypted host data (Yang, column 1, [lines 45-55]).

Regarding claim 14:
Claim 14 is rejected under the same reason set forth in rejection of claim 9

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 10.

Regarding claim 16:
Claim 11 is rejected under the same reason set forth in rejection of claim 11

9.	Claim(s) 4-7, 12, 17, 18 are rejected under 35U.S.C 103 as being unpatentable over Colin Kahn (US 20160127894), in view of Sundar Sciram (US 9585153), and Robert Statica (US 9698976), Lifeng Yang (US 9735962), further in view of Chengyong Yao (US 9806889), hereinafter Yao.

Regarding claim 4:
Kahn, Sciram, Statica, Yang disclose  decrypting, by the first network side device, the ciphertext of the first key in the first message based on the second 5key, to obtain the first key (please see the the first decrypting unit 14 is used for decrypting the cipher text AT_TK1 by using DIK2 by using DIK2 to obtain clear texts AT and TK1; the second transmission key component generating unit 15 is used for generating a third random number as the second transmission key component TK2; the first transmission key computation unit 16 is used for performing XOR on TK1 and TK2 to obtain a transmission key TK and calculating SHA256 verification value of TK to obtain TK_SHA2; the third receiving unit 23 is used for receiving a key cipher text sent by the RKS server 3, wherein the key cipher text is obtained through encrypting the key to be downloaded by TK (Yao, column 10, [lines 39-50]), and further the server identity verifying unit 13 is used for verifying if the digital signature of RKS_WCRT_PK is valid by using the root public key certificate RKS_RCRT_PK, wherein, RKS_RCRT_PK is pre-installed in the firmware when the device terminal 1 is delivered; the key server root certificate RKS_RCRT has a pair of non-symmetric keys; in the case of RSA key, the minimum digits are 2048; RKS_RCRT consists of a root public key certificate RKS_RCRT_PK and the root private key certificate RKS_RCRT_SK; and RKS_RCRT_PK is used to verify the validity of RKS_WCRT_PK. RKS_RCRT_SK is used to generate the digital signature to sign RKS_WCRT_PK. RKS_RCRT needs to be stored in secure media; the root private key certificate RKS_RCRT_SK requires strict protection, can be stored in the IC card, and can only be used for signing the working certificate public key RKS_WCRT_PK (Yao, column 9, [lines 32-45]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to verify the integrity and validity of the message. 

Kahn, Sciram, Statica, Yang disclose wherein  generating, by the first network side device, the signature information based on a third key, the ciphertext of the context information of the terminal, and the ciphertext of the first key comprises: signing, by the first network side device based on the third key, the ciphertext of the context 10information of the terminal, validity time information corresponding to the context information of the terminal, and the ciphertext of the first key, to generate the signature information, wherein the second message further carries the validity time information; and the first message further carries the validity time information, and wherein verifying, by the first network side device, the signature information based on the third key and based on the ciphertext of 15the context information of the terminal and the ciphertext of the first key that are in the first message comprises: verifying, by the first network side device, the signature information based on the third key and based on the ciphertext of the context information of the terminal, the ciphertext of the first key, and the validity time information that are in the first message the first encrypting unit 17 is used for encrypting a divergence factor by using RKS_WCRT_PK to obtain a divergence factory cipher text when the server verifying unit 13 judges that the digital signature is valid; the first sending unit 18 is used for sending the divergence factory cipher text to the RKS server 3; the second receiving unit 19 is used for receiving the cipher text AT_TK1 sent by the RKS server, wherein the cipher text AT_TK1 is obtained through encrypting the authentication token AT and the first transmission key component TK1 by the secondary device identity authentication key DIK2; the DIK2 is generated by calling the secondary device identity authentication key generating function according to the device sequence number DSN and a primary device identity authentication key DIK1. Wherein, the secondary device identity authentication key DIK2 and the divergence factor are generated by the local key parent POS in the production stage of the device terminal 1 (Yao, column 9, [lines 46-65]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to verify the integrity and validity of the message. 

	

Kahn, Sciram, Statica, Yang disclose signature information based on a third key, the ciphertext of the context information of the terminal, the ciphertext of the first key, and a device identifier, wherein the second message further carries the device identifier and the signature information; and  25the first message further carries the signature information and the device identifier, and wherein before decrypting, by the first network side device, the ciphertext of the first key in the first message based on the second key, to obtain the first key, the method further comprises: verifying, by the first network side device, the signature information in the first message based on the third key and based on the ciphertext of the context information of the terminal, the ciphertext 30of the first key, and the device identifier that are in the first message; and when the verification on the signature information in the first message succeeds, decrypting, by the first network side device, the ciphertext of the first key in the first message based on the second key, to obtain the first key the first decrypting unit 14 is used for decrypting the cipher text AT_TK1 by using DIK2 by using DIK2 to obtain clear texts AT and TK1; the second transmission key component generating unit 15 is used for generating a third random number as the second transmission key component TK2; the first transmission key computation unit 16 is used for performing XOR on TK1 and TK2 to obtain a transmission key TK and calculating SHA256 verification value of TK to obtain TK_SHA2; the third receiving unit 23 is used for receiving a key cipher text sent by the RKS server 3, wherein the key cipher text is obtained through encrypting the key to be downloaded by TK (Yao, column 10, [lines 39-50]), and further the server identity verifying unit 13 is used for verifying if the digital signature of RKS_WCRT_PK is valid by using the root public key certificate RKS_RCRT_PK, wherein, RKS_RCRT_PK is pre-installed in the firmware when the device terminal 1 is delivered; the key server root certificate RKS_RCRT has a pair of non-symmetric keys; in the case of RSA key, the minimum digits are 2048; RKS_RCRT consists of a root public key certificate RKS_RCRT_PK and the root private key certificate RKS_RCRT_SK; and RKS_RCRT_PK is used to verify the validity of RKS_WCRT_PK. RKS_RCRT_SK is used to generate the digital signature to sign RKS_WCRT_PK. RKS_RCRT needs to be stored in secure media; the root private key certificate RKS_RCRT_SK requires strict protection, can be stored in the IC card, and can only be used for signing the working certificate public key RKS_WCRT_PK (Yao, column 9, [lines 32-45]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to verify the integrity and validity of the message. 

Regarding claim 7:
Kahn, Sciram, Statica, Yang disclose wherein the first message further carries ciphertext of the 31Attorney Docket No.: 088963-1158172 (094800US)  first key, signature information, and a device identifier, wherein the ciphertext of the first key is ciphertext obtained by a device, indicated by the device identifier, by encrypting the first key based on a second key, and the signature information is signature information generated by the device, indicated by the device identifier, based on a third key, the ciphertext of the context information of 5the terminal, the ciphertext of the first key, and the device identifier; and wherein obtaining, by the first network side device, the first key, and decrypting the ciphertext of the context information based on the first key, to obtain the context information comprises: when the device identifier is a device identifier of the first network side device, verifying, by the first network side device, the signature information in the first message based on the third key and 10based on the ciphertext of the context information of the terminal, the ciphertext of the first key, and the device identifier that are in the first message; if the verification on the signature information in the first message succeeds, decrypting the ciphertext of the first key in the first message based on the second key, to obtain the first key; and decrypting the ciphertext of the context information based on the first key, to obtain the context information; and  wherein 15the method further comprises: when the device identifier is not the device identifier of the first network side device, sending, by the first network side device, the first message to the device indicated by the device identifier, and receiving the context information from the device indicated by the device identifier the first identification of the first device is at least partly based on the encrypted feature character string and is published through near field communication. The present disclosure also provides another example method for establishing a communication between devices. When a second device searches a first identification of a first device, a second private key is used to decrypt the first identification. The first device has or is associated with a first public key and a first private key. The second device has or is associated with a second public key and the second private key. A feature character string is generated for the first device. The second public key of the second device is obtained. The first identification is a published identification in which the feature character string is encrypted by using the second public key (Li, column 3, [lines 5-22]), and the first decrypting unit 14 is used for decrypting the cipher text AT_TK1 by using DIK2 by using DIK2 to obtain clear texts AT and TK1; the second transmission key component generating unit 15 is used for generating a third random number as the second transmission key component TK2; the first transmission key computation unit 16 is used for performing XOR on TK1 and TK2 to obtain a transmission key TK and calculating SHA256 verification value of TK to obtain TK_SHA2; the third receiving unit 23 is used for receiving a key cipher text sent by the RKS server 3, wherein the key cipher text is obtained through encrypting the key to be downloaded by TK (Yao, column 10, [lines 39-50]), and further the server identity verifying unit 13 is used for verifying if the digital signature of RKS_WCRT_PK is valid by using the root public key certificate RKS_RCRT_PK, wherein, RKS_RCRT_PK is pre-installed in the firmware when the device terminal 1 is delivered; the key server root certificate RKS_RCRT has a pair of non-symmetric keys; in the case of RSA key, the minimum digits are 2048; RKS_RCRT consists of a root public key certificate RKS_RCRT_PK and the root private key certificate RKS_RCRT_SK; and RKS_RCRT_PK is used to verify the validity of RKS_WCRT_PK. RKS_RCRT_SK is used to generate the digital signature to sign RKS_WCRT_PK. RKS_RCRT needs to be stored in secure media; the root private key certificate RKS_RCRT_SK requires strict protection, can be stored in the IC card, and can only be used for signing the working certificate public key RKS_WCRT_PK (Yao, column 9, [lines 32-45]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to verify the integrity and validity of the message. 

Regarding claim 12: 
Kahn, Sciram, Statica, Yang disclose wherein the first message and the second message further carry signature information the server identity verifying unit 13 is used for verifying if the digital signature of RKS_WCRT_PK is valid by using the root public key certificate RKS_RCRT_PK, wherein, RKS_RCRT_PK is pre-installed in the firmware when the device terminal 1 is delivered; the key server root certificate RKS_RCRT has a pair of non-symmetric keys (Yao, column 9, [lines 32-38]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to ensuring the payment security of the bank card and protecting the property security of the card holder (Yao, column 1, [lines 60-63]).
Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 12.

Regarding claim 18:
Kahn, Sciram, Statica, Yang disclose wherein the first message and the second message further carry validity time information corresponding to the context information of the terminal and a device identifier of a network side device sending the second message the DIK2 is generated by calling the secondary device identity authentication key generating function according to the device sequence number DSN and a primary device identity authentication key DIK1. Wherein, the secondary device identity authentication key DIK2 and the divergence factor are generated by the local key parent POS in the production stage of the device terminal 1 (Yao, column 9, [lines 46-51]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Kahn in view of Yao in order to verify the integrity and validity of the message. 

10.	Claim 8 is rejected under 35U.S.C 103 as being unpatentable over Colin Kahn (US 20160127894), in view of Sundar Sciram (US 9585153), and further in view of Hans-Olof Sundell (US 9232544), hereinafter Sundell.

Regarding claim 8:
	Kahn, Sciram and Sundell disclose wherein the method further comprises:  20deleting, by the first network side device, the context information of the terminal when the terminal enters a registration idle (ECM-IDLE) state. Sundell teaches wherein once an ECM IDLE status has been set, and the serving gateway node is subsequently receiving a Downlink Data Notification Acknowledge message (Sundell, column 3, [lines 30-33]), and the serving gateway node being adapted for sending a Delete Session Request message to the packet gateway node, and deleting a context for the packet data network connection (Sundell, column 3, [lines 65-68]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Brown in view of Sundell in order to provide a serving gateway node being adapted for operating in a network in which a control-plane tunnel between a mobility management entity and a serving gateway node, a control plane tunnel between the serving gateway node and a packet gate way node (Sundell, column 3, [lines 47-52]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson L Jeffrey can be reached on (469) 295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for 
/Jeffrey Nickerson/             Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                           
/THANH H LE/             Examiner, Art Unit 2432