DETAILED ACTION
1.	This office action is in response to the communication filed on 11/15/2021.
2.	Claims 9-13 have been withdrawn from further consideration.
3.	Claims 1-13 are pending.

Notice of Pre-AIA  or AIA  Status
4.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Priority
6.	Applicant’s claim for the benefit of a prior-filed provisional application No. 62/191459, filed on 07/12/2015, under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged. 
7.	Applicant’s claim for the benefit of a prior-filed non-provisional application No. 15/160326, filed on 05/20/2016, under 35 U.S.C. 120, 121, or 365(c) is acknowledged.

Continued Examination Under 37 CFR 1.114
11/15/2021 has been entered.

Response to Arguments
9.	Applicant’s arguments, filed on 11/15/2021, have been fully considered but they are not persuasive.
Applicant’s argument: Case fails to teach "obtaining, at the control plane network function implemented at the first network node, a user plane key for a user plane network function implemented at a second network node, wherein the first and second network nodes are independent from a network access node and the client device" and "transferring, from the control plane network function implemented at the first network node, the user plane key to the user plane network function implemented at the second network node"

Applicant’s support: Case does not disclose a transfer of a user plane key between two network entities or nodes that are" independent from a network access node and the client device." 

Examiner’s response: The examiner respectfully directs applicant’s attention to see Case, fig. 1D and paras. 33, 58 where a MME (i.e. first network node), an eNode-B (i.e. second network node), a relay node (i.e. network access node) and a WTRU (i.e. client device) are independent network devices/entities that are independent and communicating, directly or indirectly, to each other over a network. (Note: see para. 115 where a network element/entity, which includes a processor and software stored in a memory, is used alone, i.e. independent network entity.)

In addition, see Case, fig. 2 and para. 72 where the MME derives KeNB (i.e. user plane key) to be used at an eNode-B (eNB), i.e. second network node, for creating an encryption key KUPenc and/or an integrity key KUPint to be used at the eNB for protecting user plane (UP) traffic; see fig. 2 or fig. 8 and para. 72 where the MME transfers the KeNB to the eNB, wherein the eNB uses the KeNB to create an encryption key KUPenc and an integrity key KUPint, wherein KUPint is used for integrity protection for UP traffic between a relay node RN (i.e. a network access node) and the eNB; see para. 62 where traffic is/are data packet(s). In other words, by being used to create at least an integrity key KUPint for integrity protection for UP traffic/packet(s) between a relay node RN (i.e. network access node) and the eNB, the KeNB (i.e. user plane key) enables an integrity protection (i.e. integrity verification) of traffic/packet(s) from/to a relay node RN to/from the eNB. Note: in addition, see Lee, fig. 6, where an eNB receives the KeNB from the MME to create key KUPenc and key KUPint; see para. 161, where KUPenc is used for ciphering; see para. 136 where a key is 
In conclusion, the combination of Case-Lee discloses for: obtaining, at the control plane network function implemented at the MME (i.e. first network node), a KeNB (i.e. user plane key) for a user plane network function implemented at an eNB (i.e. second network node), wherein the MME and the eNB are independent from a relay node (i.e. network access node) and a WTRU/UE (i.e. client device); and transferring, from the control plane network function implemented at the MME, the KeNB to the user plane network function implemented at the eNB, wherein the KeNB enables at least one of decryption or verification of a data packet from the relay node.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness r ejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


10.	Claim(s) 1-8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Case et al. (US 20120297473 A1) in view of Lee et al. (US 20150358813 A1).
Regarding claims 1 and 5:
 
establishing, at a control plane network function implemented at the first network node, a security context for a client device (see fig. 1D and para. 61 where a mobility management gateway (MME), i.e. first network node, performs an authentication (i.e. a security context) to authenticate a client device, e.g. WTRU/UE, wherein the MME provides a control plane function); 
obtaining, at the control plane network function implemented at the first network node, a user plane key for [a user plane network function implemented at] a second network node, wherein the first and second network nodes are independent from a network access node and the client device (see fig. 2 and para. 72 where the MME derives KeNB (i.e. user plane key) to be used at an eNode-B (eNB), (i.e. second network node) for creating an encryption key KUPenc and/or an integrity key KUPint to be used at the eNB for protecting user plane (UP) traffic; see fig. 1D and paras. 33, 58 where a MME, an eNode-B, a relay node (i.e. network access node) and a WTRU are independent network devices/entities that are independent and communicating, directly or indirectly, to each other over a network. Note: in addition, see para. 115 where a network element/entity including a processor with software stored in a memory is used alone, i.e. independent network entity); and 
transferring, from the control plane network function implemented at the first network node, the user plane key to [the user plane network function implemented at] the second network node, wherein the user plane key enables at least one of decryption or verification of a data packet from the network access node (see fig. 2 or fig. 8 and para. 72 where the MME transfers the KeNB to the eNB, wherein the eNB uses the KeNB to create an encryption key KUPenc and an integrity key KUPint, wherein KUPint is used for integrity protection for UP traffic between a relay node RN (i.e. a network access node) and the eNB; see para. 62 where traffic is/are data packet(s). In other words, by being used to create at least an integrity key KUPint for integrity protection for UP traffic/packet(s) between a relay node RN (i.e. network access node) and the eNB, the KeNB (i.e. user plane key) enables an integrity protection (i.e. integrity verification) of traffic/packet(s) from/to a relay node RN to/from the eNB. Note: in addition, see Lee, fig. 6, where an eNB receives the KeNB from the MME to create key KUPenc and key KUPint; see para. 161, where KUPenc is used for ciphering; see para. 136 where a key is used for encryption and decryption; see para. 163 where KUPint is used for integrity; see para. 106 for integrity verification).
Case does not clearly, but Lee discloses:
a user plane network function implemented at a second network node (see Lee, para. 46, where an eNB provides a user plane to a UE).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Case's invention by enhancing it for a user plane network function implemented at a second network node, as taught by Lee, in order for applying different security information to different sets of radio bearers served by an eNodeB (Lee, para. 46).

Regarding claims 2 and 6:
Case as modified discloses:       
wherein the establishing the security context for the client device includes performing a mutual authentication procedure with the client device (see Case, paras. 61, 72 and/or 87 for AKA and/or mutually authentication. In addition, see Lee, para. 98).

Regarding claims 3 and 7:
Case as modified discloses:
deriving the user plane key from a session credential established during the mutual authentication procedure (see Case, para. 72 and/or 87, where KeNB is derived from KASME (i.e. session credential) which is generated during an authentication procedure such as AKA/mutually authentication; see para. 79 where KASME is used as authentication key for authenticating an entity to a network. In addition, see Lee, para. 98, where AKA is a mutual authentication).

Regarding claims 4 and 8: 
Case as modified discloses:
obtaining, at the control plane network function implemented at the first network node, a control plane key for the control plane network function (see Case, fig. 2 and paras. 61, 72, where KASME, KNASenc or KNASint (i.e. a control plane key) is received or derived at the MME providing a control plane function).

Conclusion
:
Mildh et al., US 20180062847 A1, Method, apparatus, and system for providing encryption or integrity protection in a wireless network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAN V. DOAN whose telephone number is 571-272-3809. The examiner can normally be reached on Monday – Thursday, 9:00am – 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID, can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HUAN V DOAN/Primary Examiner, Art Unit 2437