Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The IDS of 5/27/2020, 5/28/2020 and 5/26/2020 were received and considered.
Claims 21-38 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-38 are rejected under 35 U.S.C. 103 as being unpatentable over US 2015/0281958 A1 to Simplicio Junior et al. (Simplicio), US 2018/0270653 A1 to Wifvesson et al. (Wifvesson) and “3GPP TS 33.220 V15.0.0” by 3GPP.
Regarding claim 21, Simplicio discloses a method of establishing a session key at a communication device (further secured connection, Fig. 8, S7.8); wherein the session key is to be shared between the communication device and a network application function (NAF) (Fig. 8, S7.8); wherein a 
Regarding claim 27, the claim is similar in scope to claim 21 and is therefore rejected using a similar rationale.
Regarding claim 30, the claim is similar in scope to claim 21 and is therefore rejected using a similar rationale.
Regarding claim 36, the claim is similar in scope to claim 21 and is therefore rejected using a similar rationale.
Regarding claims 22, 28, 31 and 37, Simplicio, as modified above, lacks receiving an attach response message from the NAF, thereby establishing a communication session based on the session key.  However, 3GPP teaches that the bootstrapping procedure is known to include an attach response message (application answer, p. 30, Fig. 4.4).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Simplicio, as modified above, to include receiving an attach response message from the NAF, thereby establishing a communication session based on the session key.  One of ordinary skill in the art would have been motivated to perform such a modification to confirm continuation of the protocol, as taught by 3GPP.
Regarding claims 23 and 32, Simplicio, as modified above, lacks during the established communication session, deriving a new service bootstrap key and an associated new transaction identifier, to be shared between the communication device and the BSF, by re-applying the GBA procedure.  However, 3GPP teaches that it was known in GBA to derive a new service bootstrap key (Ks) and an associated new transaction identifier (bootstrapping renegotiation request, starting protocol over, p. 20, ¶2).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Simplicio, as modified above, such that during 
Regarding claims 24, 25, 33 and 34, Simplicio, as modified above, lacks discarding the service bootstrap key and the associated transaction identifier previously derived or continuously maintaining the service bootstrap key and the associated transaction identifier previously derived.  However, 3GPP teaches that if the shared key between UE and NAF is invalid, the NAF can set deletion conditions to the corresponding security association for subsequent removal (p. 20, Note 1, p. 34, ¶4).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify to modify Simplicio, as modified above, to include discarding the service bootstrap key and the associated transaction identifier previously derived or continuously maintaining the service bootstrap key and the associated transaction identifier previously derived based on a condition.  One of ordinary skill in the art would have been motivated to perform such a modification to enable automatic key management based on conditions, as taught by 3GPP.
Regarding claims 26, 29, 35 and 38, Simplicio, as modified above, lacks – but 3GPP teaches - discarding the session key when the communication session is terminated (3GPP, p. 24, “Whenever a UICC application is terminated (see section 4.4.8) the shared key Ks established from it in the protocol over the Ub reference point (according to clauses 4.5.2 and 5.3.2) shall be deleted).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Simplicio, as modified above, to include discarding the session key when the communication session is terminated.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize a known practice in computer security and to conform to the GBA protocol specification, as taught by 3GPP.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841.  The examiner can normally be reached on Monday - Friday, 7:00-3:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-38623862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                          

November 9, 2021