DETAILED ACTION
	The instant application having Application No. 16/743,630 filed on 01/15/2020 is presented for examination by the Examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4 and 8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 4 recites the limitation “verifying, by the enterprise authentication device, that the user device has an authenticated session with the enterprise network via the first access network based on a session identifier of the authenticated session and an identifier of the second access network, obtained from the user device.” It is unclear if the session identifier of the authenticated session or an identifier of the second access network is obtained from the user device or both of 

Claim 8 recites the limitation “..stores an enterprise key for an established session of the user device with the enterprise network provided via a second access network;” and “correlating an identity of the first access network with an identifier of the established session with the enterprise network via the second access network;” It is unclear if the request or the enterprise key is being provided via a second access network. To expedite prosecution, this limitation is interpreted as either the request or the enterprise is provided via a second access network.
  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Upp et al. (US Patent 10,039,151 B1-hereinafter Upp.)
Regarding claim 1, Upp discloses a method comprising: 
obtaining, by an enterprise authentication device, via a first access network, a request to authenticate a user device onto an enterprise network, wherein the user (at least figure 1, column 3, line 66-column 4, line 27, a request to authenticate mobile device is received/obtained by at least MME (collectively, at least MME & deployable subscription bootstrapping service are interpreted as being equivalent to the recited ‘enterprise authentication device’ to authenticate a mobile device before the mobile device is authorized to receive access to services/components of deployable wireless communication network); 
authenticating, by the enterprise authentication device, the user device to obtain access to the enterprise network via the first access network (at least column 4, lines 22-53, the MME authenticates the mobile device with shared key stored at a remotely located home subscriber server via a first wireless network); and 
generating, by the enterprise authentication device, an enterprise key for the user device to provide access to the enterprise network via a second access network (at least figure 4, steps 420 & 425, column 9, line 50-column 10, line 22, subscription profile with shared symmetric key is generated to provide the mobile device access to the deployable wireless communication network via a second wireless network.)  

Regarding claim 2, Upp discloses the method of claim 1. Upp further discloses: 
associating, by the enterprise authentication device, an identifier of the second access network with the enterprise key (at least figure 4, step 420, column 9, line 50-column 10, line 2, deployable wireless network is associated with shared symmetric key); and 
(at least figure 4, step 430, the subscription profile is sent to the mobile device, the subscription profile includes the unique shared key with the deployable wireless communication network.)  

Regarding claim 3, Upp discloses the method of claim 1. Upp further discloses:
determining, by the enterprise authentication device, that the user device is attempting access to the enterprise network via the second access network (at least figure 4, step 440, column 12, lines 3-35, an attempt to access the deployable wireless communication network via the second wireless network is determined); 
verifying, by the enterprise authentication device, that the user device is authenticated to access the enterprise network (at least column 12, lines 9-35, mobile device is authenticated based on subscription profile to access the deployable wireless communication network); and 
providing, by the enterprise authentication device to an access point of the second access network, the enterprise key based on verifying that the user device is authenticated to access the enterprise network via the first access network (at least column 11, line 20-column 12, line 3, i.e.: access point name of the deployable wireless communication network is assigned/provided by the MME.)  


verifying, by the enterprise authentication device, that the user device has an authenticated session with the enterprise network via the first access network based on a session identifier of the authenticated session and an identifier of the second access network, obtained from the user device (at least column 11, line 64-column 12, line 35, the MME verifies that the mobile device is authenticated based on KASME/ symmetric key stored at the remotely-located home subscriber server and the key derived for the deployable wireless communication network.)  

Regarding claim 5, Upp discloses the method of claim 1.  Upp also discloses obtaining the request to authenticate the user device onto the enterprise network is based on determining that an authentication with the enterprise network is enabled using at least one of a subscription profile of a user associated with the user device and a location of the user device (at least column 10, lines 33-48, 67-column 11, lines 6, 46-63, column 12, lines 3-17, authentication is enabled by using a subscription profile stored and location information.)

Regarding claim 6, Upp discloses the method of claim 1. Upp also discloses wherein the first access network is a cellular access network and the second access network is a wireless local access network (at least figures 1 & 4, column 11, lines 64-column 12, lines 11 and 21-35, when mobile device is authenticated to access the deployable wireless communication network using the remotely-located home subscriber server , the access is inherently via a cellular access network, and when the mobile devices accesses the deployable wireless communication network without using the remotely-located home subscriber server, the access is inherently via a wireless local access network.)  

Regarding claim 7, Upp discloses the method of claim 1, wherein authenticating the user device includes one of: 
performing an extensible authentication protocol (EAP) authentication, wherein the enterprise key is an EAP Master Session key (column 9, line 50-column 10, line 17, i.e.: master base key); or 
performing authentication and key agreement (AKA) authentication, wherein the enterprise key is a Key Access Security Management Entity key (column 9, line 50-column 10, line 17, KASME).  

Regarding claim 8, Upp discloses a method comprising: 
obtaining, by a network device, via a first access network, a request to authenticate a user device to establish another session with an enterprise network (at least figure 4, step 405, a request to authenticate mobile device is obtained), the request including an identifier of an enterprise authentication device that stores an enterprise key for an established session of the user device with the enterprise network provided via a second access network (column 4, lines 7-17 & 31-35, column 8, lines 12-35, and 54-column 9, line , wherein the request includes extensible authentication protocol packets, which identifies the extensible protocol database server, the server stores subscription profile (including shared symmetric key/KASME) with the deployable wireless communication network via a second wireless network); 
obtaining, by the network device from the enterprise authentication device, the enterprise key based on the enterprise authentication device correlating an identity of the first access network with an identifier of the established session with the enterprise network via the second access network (at least column 9, line 50-column 10, lines 2 & 63-column 11, lines 6 and 20-45, subscription profile and key associating with the deployable wireless communication network is obtained); and 
establishing, by the network device via the first access network, the another session with the enterprise network based on the enterprise key (at least column 11, line 64-column 12, line 35, another session is established between mobile device and the deployable wireless communication network is obtained.)

Regarding claim 9, Upp discloses the method of claim 8. Upp also discloses  skipping, by the network device, further authentication of the user device based on obtaining the enterprise key (at least column 12, lines 3-35, no additional authentication is required when mobile device accesses other components/services of the deployable wireless communication network.)

Regarding claim 10, Upp discloses the method of claim 8. Upp further discloses providing, by the network device to the user device, an indicator indicating that fast (at least column 10, lines 49-63, subscription profile is communicated to mobile device.)

Regarding claim 11, Upp discloses the method of claim 8. Upp further discloses selecting, by the network device, the enterprise authentication device from among a plurality of enterprise authentication devices based on a location of the user device  (at least column 4, lines 3-18; 28-35; column 7, lines 10-43; either local database or remotely-located subscriber server is selected based on availability of network service where the mobile device is located); and 
obtaining, by the network device from the enterprise authentication device, the enterprise key, to establish the another session with the enterprise network via the first access network instead of the established session via the second access network (at least column 11, line 20-column 12, line 35, another session is established between mobile device and the deployable wireless communication network using the subscription profile & key obtained.).

Regarding claim 12, Upp discloses the method of claim 8. Upp also disloses wherein the first access network is a wireless local access network operated by an enterprise entity and wherein the second access network is a cellular network operated by a service provider (at least figures 1 & 4, column 11, lines 64-column 12, lines 11 and 21-35, when mobile device is authenticated to access the deployable wireless communication network using the remotely-located home subscriber server , the access is inherently via a cellular access network, and when the mobile devices accesses the deployable wireless communication network without using the remotely-located home subscriber server, the access is inherently via a wireless local access network.)  

Regarding claim 13, Upp discloses the method of claim 8. Upp also discloses  the second access network is a cellular access network is a 4th or 5th generation cellular access network and the first access network is a private radio access network (Figure 1, column 3, lines 33-35, LTE network which uses 4th generation wireless technologies; and column 1, line 67-column 2, line 4, RAN.)

Regarding claim 14, Upp discloses the method of claim 8. Upp also discloses  authenticating, by the network device, the user device based on the enterprise key, wherein the request is an extensible authentication protocol (EAP) identity response and the enterprise key is an EAP Master Session key (at least column 8, lines 24-35, extensible authentication packet & master secret key); 
skipping, by the network device, a remaining portion of an EAP authentication message exchange (at least column 12, lines 3-35, no additional authentication is required when mobile device accesses other components/services of the deployable wireless communication network); and 
(at least column 11, lines 20-63, authentication with the mobile device is performed.)
Claim 15 is rejected for the same rationale as claim 1.
Claim 16 is rejected for the same rationale as claim 2.
Claim 17 is rejected for the same rationale as claim 3.
Claim 18 is rejected for the same rationale as claim 4.
Claim 19 is rejected for the same rationale as claim 6.
Claim 20 is rejected for the same rationale as claim 7.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 





/PHY ANH T VU/           Primary Examiner, Art Unit 2438