DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 08/20/2021 wherein claims 1 – 20 are pending and ready for examination.  

Response to Arguments
Applicant's arguments filed 08/20/2021 have been fully considered but they are not persuasive. 

	Independent Claim 1Applicant Asserts: … Fiorese does not teach or suggest sending its policy “to a secure endpoint application on the user device,” as recited in claim 1 (emphasis added). Instead, Fiorese specifically describes that such policies are held by a Network Slice Section Function (NSSF) in the core of a
Public Land Mobile Network (PLMN) (Fiorese, paragraph 12). This is apparent in the following description of Fiorese, which states (with emphasis added)…Accordingly, since Fiorese specifically describes that its “network slice selection process/approval policies” are held by an NSSF in the core of a PLMN for implementation by the NSSF, Fiorese does not teach or suggest “sending a data
protection policy that corresponds to the device type of the user device for a secure endpoint application on the user device,” as recited in claim 1 (emphasis added).

Examiner Response:  Respectfully, Fiorese teaches sending to a secure endpoint application to the user device at the cited location in the previous Office Action.  Applicant asserts Fiorese does not teach the method step 412 of instant Figure 4.  However, at the cited location of Fiorese [0143] additional network slice selection information is available beyond capacity and services which has been worked out after 5G location based slices, e.g., that some slices with a user plane may be selected or redirected based on the user's geographical or network location would clearly be directed to the user application device such as a GPS. The Examiner maintains the prior art rejection for the reason as specified above and in the previous office action. 

Dependent Claims 2-7 and 9-11
Applicant Asserts: Claims 2-7 and 9-11 ultimately depend from independent claim 1. As discussed
above, claim 1 is allowable over the cited documents. Therefore, claims 2-7 and 9-11
are also allowable over the cited documents of record for at least their dependency from
an allowable bae claim, and also for the additional features that each recites.
Accordingly, Applicant respectfully requests that the Office withdraw the § 103
rejection of claims 2-7 and 9-11.

Examiner Response:  See Examiner Comments for claim1 which apply here for dependent claims 2-7 and 9-11.  

Independent Claims 12
Applicant Asserts: …Accordingly, Fiorese does not teach or suggest “downloading...a data protection
policy that includes an Access Point Name (APN) of a network slice of a wireless carrier
network for the secure endpoint device,” as recited in claim 12 (emphasis added).

Moreover, Raleigh does not remedy the deficiencies of Fiorese with respect to
the above element of claim 12. Raleigh describes using device credentials, such as a
device identification number, to provision a device for service from a provider network
(Raleigh, paragraphs 497 and 498). However, such teachings of Raleigh also do not
teach or suggest the above element of claim 12.  

Examiner Response:  The Examiner does not agree that the prior art of record Fiorese does not teach downloading. Fiorese teaches provisioning at the cited location [0081] trusted and untrusted network functions provision the NSSF.  The Examiner further finds Fiorese teaches LTE APN mapping to physical paths that terminate to the secure endpoint device.  It is for the above reason the Examiner maintains the prior art rejection of claim 12 in view of Fiorese. After further search, the objections to claims 8 and 14 are maintained.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7, 9-13, 15,16,18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Fiorese; Virgilio; US 20210168705 A1, June 3, 2021, hereafter referred to as Fiorese in view of Raleigh; Gregory G. et al, US 20170201850, July 13, 2017, hereafter referred to as Raleigh.

         As to claim 1, Fiorese teaches one or more non-transitory computer-readable media of storing computer-executable instructions – Fiorese [0211] The carrier is one of an non-transitory computer readable medium such as memory) that upon execution cause one or more processors to perform acts comprising:
          receiving a request from a user device to register as a secure endpoint device of a secure local area network (LAN) that is provided by a wireless carrier network – Fiorese [0026 and 0105] since at ‘’26 As described in TS 23.502, section 4.2.2.2.2, when a RAN receives a registration request, it may in some circumstances select an AMF based in part on the Requested NSSAI, if available, and forward the registration message to the AMF based on the N2 connection of the UE.  Here, the claimed ‘secure endpoint device’ is taught by Fiorese as ‘UE’ illustrated in the User Plane of Figure 3A whereas the claimed ‘secure local area network’ is taught by Fiorese as ‘N1-N6’ connections which are secure connections thereby providing a secure local network in the User Plane since at ‘105 receiving a location-based slice restriction comprises receiving a restriction that a User Plane Function (UPF) is selected or redirected based on a user's geographical location and/or network location.  Here, the claimed ‘endpoint’ is taught by Fiorese as ‘redirect’ because redirection may indicated the intended source was the endpoint);         
           sending a data protection policy that corresponds to the device type of the user device to a secure endpoint application on the user device – Fiorese [0143 and 0155] since at ‘43 These additional network slice selection process/approval policies could be for example but not limited to: since at ‘55 special privacy/encryption requirements) following a registration of the user device as a secure endpoint device – Fiorese [0026] As described in TS 23.502, section 4.2.2.2.2, when a RAN receives a registration request, it may in some circumstances select an AMF based in part on the Requested NSSAI, if available, and forward the registration message to the AMF based on the N2 connection of the UE), the data protection policy including an Access Point Name (APN) – Fiorese [0003] There are pre-5G mechanisms that can be considered as precursors to 5G network slicing. One example is the use of different Access Point Names (APNs) for different services.  Here, the claimed ‘data protection policy’ is taught by Fiorese as ‘APNs for different services’);
            allocating a network slice of the wireless carrier network that corresponds to the APN to the user device – Fiorese [0004] These pre-5G mechanisms can be seen as rudimentary network slice solutions because they limit a User Equipment (UE) to a single network slice and don't allow a UE to have multiple network slices for each Protocol Data Unit (PDU) session. Here, the claimed ‘allocating’ is taught by Fiorese as ‘limit’, the network slice providing a communication channel for transporting a data file stored in the user device – Fiorese [0013] The NSSF interfaces with: [0014] The AMF, through the N22 reference point, during UE Registration and PDU session establishment, Here, the claimed ‘communication channel’ is taught by Fiorese as ‘N22 reference point’ whereas the claimed ‘file stored’ is taught by Fiorese as ‘Registration’ because data describing the device stored on the UE is transported via the slice provided via N22 to the AMF which is the device point of presence from the 5g side); and
            transporting the data file to an additional secure endpoint device via the network slice that is allocated to the user device – Fiorese [0167] FIG. 3A illustrates some of the named (point-to-point) interfaces between entities, such as the N1 interface between the UE and the AMF, the N2 interface between the (R)AN and the AMF, the N3 interface between the (R)AN and the UPF, the N4 interface between the UPF and the SMF, the N31 interface for communicating between NSSFs, and so on. Here, the claimed ‘additional secure endpoint device’ is taught by Fiorese as ‘the N3 interface between the (R)AN and the UPF’.   FIORES DOES NOT TEACH identifying a device type of the user device based on device identification information provided by the user device HOWEVER IN AN ANALAGOUS ART DIRECTED AT THE SAME FIELD OF ENDEAVOR RALEIGH TEACHES identifying a device type of the user device based on device identification information provided by the user device - Raleigh  [0497 and 0498] since at ‘97 provisioning includes one or more of the following: a process or result of assigning, programming, storing or embedding into the device and/or network a set of credentials… since at ‘98… the credentials can include one or more of the following: phone number, device identification number, MEID or similar mobile device identifier. Adding Raleigh to Fiorese does no more to Fiorese’s Network Slice Selection Function than it would do if it were added to any other device. The function remains the same. Predictably, providing a device type criteria provided by Raleigh to Network Slice Selection Function of Fiorese. Thus, one of ordinary skill in the art before the effective filing date of the claimed invention of determining Network Slice Selections of Fiorese would have been motivated to update the Network Slice Selection Function with device type criteria provided by Raleigh and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, assuring the device can accommodate the network slice based on the device type criteria provided by Raleigh).

             As to claim 2, the combination of Fiorese and Raleigh teaches one or more non-transitory computer-readable media of claim 1, wherein the network slice is a 5G network slice provided by the wireless carrier network - Fiorese [0165] FIGS. 3A and 3B illustrate different embodiments of a 5G network that supports multi-domain network slice selection and approval according to an embodiment of the present disclosure).

               As to claim 3, the combination of Fiorese and Raleigh teaches one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise recording the transporting of the data file to the additional secure endpoint device in a decentralized distributed ledger via the secure endpoint application  - Fiorese [0190] In one embodiment, information about the untrusted Approver, including, for example, how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF. During the contract negotiation phase, this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data whereas the claimed ‘additional endpoint’ is taught by Fiorese as ‘NEF’ whereas the claimed ‘decentralized distributed ledger’ as ‘blockchain’).

            As to claim 4, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise providing the secure endpoint application to the user device for installation on the user device – Raleigh [0438] … the service downloader 1663 provides a download function to install or update service software elements on the device. In some embodiments, the service downloader 1663 requires a secure signed version of software before a download is accepted. For example, the download can require a unique key for a particular service downloader 1663).  The motivation to consider Fiorese and Raleigh in claim 1 applies here in claim 4).

               As to claim 5, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise encrypting the data file according to an encryption level specified by the data protection policy – Fiorese [0143] These additional network slice selection process/approval policies … may include requirements such as: [0155] special privacy/encryption requirements).

             As to claim 6, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the secure LAN is implemented by an enterprise to replace one or more existing network infrastructure components of the enterprise – Fiorese [0167] FIG. 3A illustrates some of the named (point-to-point) interfaces between entities, such as the N1 interface between the UE and the AMF, the N2 interface between the (R)AN and the AMF, the N3 interface between the (R)AN and the UPF, the N4 interface between the UPF and the SMF, the N31 interface for communicating between NSSFs, and so on. In one embodiment, new named interfaces may be defined for the newly-defined capability for communications between the NSSF and these trusted and untrusted entities. Here, the claimed ‘secure LAN’ is taught by Fiorese as ‘the N2 interface between the (R)AN and the AMF, the N3 interface between the (R)AN and the UPF, the N4 interface between the UPF because these devices are at the user location (User Plane) and the interfaces that connect these devices are secured thereby constituting a secured local network.  The claimed ‘replace’ is taught by Fiorese as ‘new named interfaces’ because the UE may require other services from other plane entities as illustrated via the N6 interface of Figure 3A). 

            As to claim 7, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the APN specifies a network gateway of a network infrastructure in the wireless carrier network that implements the network slice – Fiorese [0003] These APNs may even be allocated to dedicated (physical) Packet Data Network Gateways (PGWs) to provide additional security and resource separation between the "slices").

           As to claim 8, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the secure endpoint application is directed by the data protection policy to configure the data file to self-encrypt using an encryption key at an end of an expiration time period.

           As to claim 9, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the data protection policy further specifies at least one of an ownership identifier – Fiorese [0164] …a NSSF may determine, for each subscriber, the associated or available NSSAIs, as well as the proper approver or owner work flow of a slice, which may be a trusted or an untrusted network function.  Here, the claimed ‘ownership identifier’ is taught by Fiorese as ‘owner workflow’), an encryption level - Raleigh [440] … one or more levels of security or encryption are used to make the link robust to discovery, eavesdropping or compromise); a data sensitivity level - Raleigh [1285] In some embodiments, by providing the service policy implementation and the control of service policy implementation to the preferences of the user… by providing the user with the option of specifying … the level of sensitive user information that is shared with the network or service provider entity, and a data access restriction that is assigned by the secure endpoint application to the data file – Raleigh [0853] In some embodiments, the master user enters restrictions or modifications to permissions through the master device user interface, and the master device sends information about the restrictions or permission modifications to a network element (e.g., a service controller, server, etc. Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique taught by Raleigh to the NSSF of Fiorese would have yielded predicable results and resulted in an improved NSSF, namely, a system that would positively identify ownership, encryption, and sensitivity level logic provided by the “technique” of Raleigh) in the NSSF of Fiorese to determine additional contextual attributes for data access restrictions as provided by Raleigh).

              As to claim 10, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 9, wherein the data access restriction specifies one or more device parameters of secure endpoint devices that are permitted to access the data file - Fiorese [0099] …receiving approval conditions from the authorizing network function comprises receiving a mobility restriction). 

          As to claim 11, the combination of Fiorese and Raleigh teaches the one or more non-transitory computer-readable media of claim 1, wherein the data protection policy further specifies at least one of a data sensitivity level or an ownership identifier of data files from another secure endpoint device that the secure endpoint application is permitted to access – Fiorese [0164] …a NSSF may determine, for each subscriber, the associated or available NSSAIs, as well as the proper approver or owner work flow of a slice, which may be a trusted or an untrusted network function. This allows the approvers to influence the NSSF network slice selection and/or approval process, e.g., to accommodate a contractual relationship.  Here, the claimed ‘ownership identifier’ is taught by Fiorese as ‘owner work flow’ which is associated with a network slice.  The claimed ‘from another’ is taught by Fiorese as ‘contractual relationship’ because external networks may own the slice which must be identified to accommodate owner and network operating policies).

           As to claim 12, Fiorese teaches a secure endpoint device comprising:
          one or more processors; and memory including a plurality of computer-executable components that are executable by the one or more processors to perform a plurality of actions, the plurality of actions - Fiorese [0219] The communication system 1400 further includes the UE 1414 … hardware 1434… the UE 1414 further includes processing circuitry 1438…the UE 1414 further comprises software 1440, which is stored in or accessible by the UE 1414 and executable by the processing circuitry 1438) comprising:
downloading a secure endpoint application– Fiorese [0081] the information provisioned in the network node is provisioned via an Application Programming Interface (API) that allows trusted and untrusted network functions to communicate with the network node.  Here, the  and a data protection policy that includes an Access Point Name (APN) of a network slice of a wireless carrier network to the secure endpoint device – Fiorese [0005]  in LTE allows multiple APNs for the same UE, but with the limitation that all APNs (logical paths) were carried by the same physical path); 
            receiving, at the secure endpoint application, a request for a data file stored on the secure endpoint device – [0082] Flores the API allows trusted and untrusted network functions to communicate with the network node directly or indirectly via a Network Exposure Function (NEF), the request being initiated by an additional secure endpoint application on an additional secure endpoint device - Flores [0084] In some embodiments, the identified API is provisioned in the network node);
in response to determining based on the data protection policy that the additional secure endpoint device is permitted to access the data file – Flores [0084] determining the trust status of the authorizing network function comprises: upon a determination that the authorizing network function is within a domain of the network operator,
           sending the data file to the additional secure endpoint application via the network slice of the wireless carrier network assigned to the secure endpoint device – Flores [0087] …sending the slice selection authorization request to the authorizing network function via the identified network interface comprises sending the request via a NEF); and
         recording the sending of the data file in a decentralized distributed ledger via the secure endpoint application - Fiorese [0190] In one embodiment, information about the untrusted Approver, including, for example, how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF. During the contract negotiation phase, this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data whereas the claimed ‘additional endpoint’ is taught by Fiorese as ‘NEF’ whereas the claimed ‘decentralized distributed ledger’ as ‘blockchain’ FIORES DOES NOT TEACH the data protection policy at least specifying types of user devices that are able to receive data from the secure endpoint device HOWEVER IN AN ANALAGOUS ART DIRECTED AT THE SAME FIELD OF ENDEAVOR RALEIGH TEACHES the data protection policy at least specifying types of user devices that are able to receive data from the secure endpoint device - Raleigh  [0497 and 0498] since at ‘97 provisioning includes one or more of the following: a process or result of assigning, programming, storing or embedding into the device and/or network a set of credentials… since at ‘98… the credentials can include one or more of the following: phone number, device identification number, MEID or similar mobile device identifier.  Adding Raleigh to Fiorese does no more to Fiorese’s Network Slice Selection Function than it would do if it were added to any other device. The function remains the same. Predictably, providing a device type criteria provided by Raleigh to Network Slice Selection Function of Fiorese. Thus, one of ordinary skill in the art before the effective filing date of the claimed invention of determining Network Slice Selections of Fiorese would have been motivated to update the Network Slice Selection Function with device type criteria provided by Raleigh and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, assuring the device can accommodate the network slice based on the device type criteria provided by Raleigh).
   
            As claim 13, the combination of Fiorese and Raleigh teaches the secure endpoint device of claim 12, wherein the data file is inputted by a user of the secure endpoint device or generated by the secure endpoint device – Flores [0226] FIG. 17… includes a host computer, a base station, and a UE …. the UE receives input data provided by the host computer. Additionally or alternatively, in step 1702, the UE provides user data).

14.    The secure endpoint device of claim 12, wherein the actions further comprise at least one of:
        configuring the data file to self-expire at an expiration date and time according to the data protection policy;
       assigning a data access restriction to the data according to the data protection policy;
       assigning an ownership identifier to the data file according to the data protection policy; assigning a data sensitivity level to the data file according to the data protection policy; and encrypting the data file according to an encryption level specified in the data protection
policy.

           As claim 15, the combination of Florese and Raleigh teaches the secure endpoint device of claim 12, wherein the actions further comprise: 
           receiving an additional data file from another secure endpoint device via the secure endpoint application - Flores [0026] As illustrated in FIG. 2, if the RAN receives a registration request (step 200) and determines that it cannot select an appropriate AMF (step 202), the RAN forwards the registration request to an AMF which has been configured, in the RAN, to perform AMF selection (step 204). If the UE context in the AMF does not yet include an Allowed NSSAI; and
          recording the receiving of the additional data file at the secure endpoint application in a decentralized distributed ledger - Fiorese [0190] …how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF… this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data between the UE and AMF whereas the claimed ‘additional endpoint’ is taught by Fiorese as ‘NEF’ whereas the claimed ‘decentralized distributed ledger’ as ‘blockchain’).

             As claim 16, the combination of Florese and Raleigh teaches the secure endpoint device of claim 12, wherein the actions further comprise:
             receiving a request to access an additional data file that is received from another secure endpoint device at the secure endpoint application - Fiorese [0187] If the NSSF cannot autonomously select a slice, e.g., because approval is required from an external network function, then the NSSF determines an authorizing network function for authorizing a network slice);
            decrypting the additional data file to produce a decrypted data file for access via the secure endpoint application – Fiorese [0191] When necessary, to convert a token into an internal Subscriber ID information, the external/untrusted network elements may use external IDs and/or associated tokens, to be translated by the MNO trusted network elements into the real Subscriber ID information via NEF (in LTE, via SCEF));
            provide access to the decrypted data file at the secure endpoint device via the secure endpoint application – Fiorese [0192] Next, the process includes receiving, directly or indirectly from the authorizing network function, a message comprising information including the approval status, and approval conditions of each network slice included in the Candidate NSSAI); and
recording access of the decrypted data file at the secure endpoint device in a decentralized distributed ledger via the secure endpoint application - Fiorese [0190] …how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF… this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data between the UE and AMF whereas the claimed ‘additional endpoint’ is taught by Fiorese as ‘NEF’ whereas the claimed ‘decentralized distributed ledger’ as ‘blockchain’).

             As to claim 18, Claim 18 is a computer-implemented method that is directed to the one or more non-transitory computer-readable media of claim 1.  Therefore, claim 18 is rejected for the reasons as set forth in claim 1.

           As claim 19, the combination of Flores and Raleigh teaches the computer-implemented method of claim 18, further comprising 
         performing data transactions for the data file that includes at least one of
         storing the data file in a secure data store of the user device, decrypting the data file into a decrypted data file, providing access to the decrypted data file, sending the data file to another secure endpoint device using the network slice, modifying the decrypted data file, or 
          rendering the decrypted data file inaccessible, and storing a data transaction record for each data transaction of the data file in a decentralized distributed ledger - Fiorese [0190] In one embodiment, information about the untrusted Approver, including, for example, how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF… this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data whereas the claimed ‘additional endpoint’ is taught by Fiorese as ‘NEF’ whereas the claimed ‘decentralized distributed ledger’ as ‘blockchain’).

Claims 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Fiorese in view of Raleigh, and in further view of Gosnell; Thomas F., US 2100299315, November 25, 2010, hereafter referred to as Gosnell.

             As claim 17, the combination of Fiores and Raleigh teaches the secure endpoint device of claim 12 wherein the actions further comprise: 
            recording an inaccessibility of the data file in a decentralized distributed ledger - Fiorese [0190] …how to communicate with the Approver, may be provisioned in the NSSF via CREATE/DELETE/EDIT Application Programming Interfaces (APIs) that allow trusted and untrusted network functions to access the NSSF database directly or indirectly (via the NEF… this contract negotiation may follow the concept of a self-provisioning relationship between MNOs and Online Services or Enterprise players or MVNOs, and may be implemented using some type of blockchain contract approval process or other secured method for electronic contract negotiation.  Here, the claimed ‘recording’ is taught by Fiorese as ‘create’ because the allowed interface permits the recording of transaction data between the UE and AMF whereas receiving a request to render inaccessible the data file that is stored in the secure endpoint device; encrypting the data file with a unique encryption key from a data store using the secure endpoint application; and
 purging the unique encryption key from the data store used by the secure endpoint application or further encrypting the unique encryption key with an additional encryption key to render the unique encryption key irretrievable, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR GOSNELL TEACHES
            receiving a request to render inaccessible the data file that is stored in the secure endpoint device – Gosnell [0086] If no hold is placed, and the administrator has approved the file destruction, the Storage Manager will scrub the file from all RAID systems where it has been stored);
            encrypting the data file with a unique encryption key from a data store using the secure endpoint application – Gosnell [0114] As files entered into the system 140, storage manager 146 obtains a key that will be used when encrypting the file);
            purging the unique encryption key from the data store used by the secure endpoint application or further encrypting the unique encryption key with an additional encryption key to render the unique encryption key irretrievable – Gosnell [0039] By using different encryption keys for each file, files can be individually removed from the data archiving system by purging the database entry storing the decryption key.  Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique taught by Gosnell to the Network Slice Selection Function of Fiorese would have yielded predicable results and resulted in an improved system, namely, a Slice Selection Function that would positively prevent retrieval of sensitive content by unauthorized requests provided by the “blacklisting” technique of Gosnell).    
        
             As to claim 20, the combination of Fiorese and Raleigh teaches the computer-implemented method of claim 19, further comprising retrieving a data transaction record of a data transaction in response to an audit request for the decentralized distributed ledger or a request for one or more data transaction records of the data file – Gosnell [0047] The back end nodes can be implemented so that services provided by the back end nodes include an audit service…. An audit process can easily be implemented that checks the validity of an asset by recomputing its uFID, verifying the recomputed uFID with the uFID stored in the manifest and then checking the uFID of the manifest. Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique of auditing taught by Gosnell to Fiorese would have yielded predicable results and resulted in an improved system, namely, an auditing capability that would positively support administrative requests for auditing decentralized ledgers, a technique of Gosnell.

Allowable Subject Matter
Claims 8 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
                                                                               /WILLIAM B JONES/ Examiner, Art Unit 2491                                                                                                                                                                                                       11/13/2021


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491