DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 16/814,018 filed on 3/10/2020.
Claims 1-20 have been examined and are pending in this application.
The examiner notes the IDS filed on 6/10/2020 has been considered.

Claim Objections
Claims 9 and 10 are objected to because of the following informalities:  
Regarding Claim 9 and 10; Claims 9 and 10 recite within the limitation “and/or”.  The examiner requests for better clarification if this is to be an “and” statement or an “or” statement.  For the purposes of examination the examiner will interpret the “and/or” as an “or” statement. Appropriate correction is required.









Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the “receiving unit”, “sending unit”, and “processing unit” in claims 11-15 and 17-20.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.










Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 6 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding Claim 6; Claim 6 recites the limitation "the encrypted first user identifier" in limitation 1, line 1.  There is insufficient antecedent basis for this limitation in the claim.










Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 8-10 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by 3GPP TSG SA WG Meeting #122bis, S2-175780, “TS 23.502: AF Influenced PDU session establishment and DN authentication/Authorization via NEF”, August 21-25, 2017, (hereinafter 3GPP).

Regarding Claim 8;
3GPP discloses an authorization method, comprising: 
3GPP discloses receiving, by a network exposure function NEF, an authorization request message sent by a resource control network element, wherein the authorization request message comprises a second user identifier of the terminal device (FIG. 4.3.2.x-1 and pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform and 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF);
sending, by the NEF, the authorization request message to an authorization server, when determining that the authorization request message meets a preset security requirement (FIG. 4.3.2.x-1 and pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform and pp. 8, 4.3.2.x, 4. – The NEF sends the EAP-Request/Identity to the DN-AAA server);
receiving, by the NEF, an authorization response message that is fed back by the authorization server based on the authorization request message (FIG. 4.3.2.x-1 and pp. 8, 4.3.2.x, 6. – The DN AAA server sends EAP Success message to the NEF);  and 
sending, by the NEF, the authorization response message to the resource control network element, when determining that the authorization response message meets the preset security requirement (FIG. 4.3.2.x-1 and pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform and pp. 8, 4.3.2.x, 7. – NEF sends the EAP Success to the SMF).





Regarding Claim 9;
3GPP discloses the method to Claim 8.
3GPP further discloses wherein the determining, by the NEF, that the authorization request message meets a preset security requirement comprises: determining, by the NEF, that pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform) and/or determining that message content of the authorization request message meets a preset security policy.

Regarding Claim 10;
3GPP discloses the method to Claim 8.
3GPP further discloses wherein the determining, by the NEF, that the authorization response message meets the preset security requirement comprises: determining, by the NEF, that the authorization response message sent by the authorization server is allowed to be received (pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform); determining that message content of the authorization response message meets a preset security policy; and/or determining that a destination address of the authorization response message is consistent with a source address of the authorization request message.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 7, 11-13, 16 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP TSG SA WG Meeting #122bis, S2-175780, “TS 23.502: AF Influenced PDU session establishment and DN authentication/Authorization via NEF”, August 21-25, 2017, (hereinafter 3GPP) in view of Sternberg et al. (US 2017/0332421 A1).

Regarding Claim 1;
3GPP discloses an authorization method, comprising: 
(pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
replacing, by the resource control network element, the first user identifier with a second user identifier, and sending an authorization request message to an authorization server by using a network exposure function NEF, wherein the authorization request message comprises the second user identifier of the terminal device (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF);
receiving, by the resource control network element by using the NEF, an authorization response message sent by the authorization server, wherein the authorization response message comprises an authorization result that is obtained by the authorization server by performing authorization based on the second user identifier and the resource usage request message (pp. 6-8, 4.3.2.x, 5. The DN-AAA server and the UE shall exchange EAP messages as required by the EAP method.... 6.  After completion of the authentication, DN-AAA server sends EAP success messages to the NEF.... 7 NEF sends the EAP Success to SMF),
3GPP fails to explicitly disclose allocating, by the resource control network element, a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device
However, in an analogous art, Sternberg teaches allocating, by the resource control network element, a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device (FIG. 22 and [0268]-[0273] – An Indication of whether or not connections is permitted... An indication of whether not connection to requested services or slices can be provided... UE-Service-Descriptors... and [0288] - The AAA server uses the Challenge Vector, the UE-T-ID and the UE's challenge response to confirm that the response is proper and was provided by the UE 2006 that is associated with the UE-T-ID. The AAA Server 2028 responds with an AA-Challenge-Check-Resp message which includes an indication of whether or not authentication was successful. Since the UE 2006 has now been authenticated, the AAA Server 2028 may choose to send subscription information related to the UE 2006 to the RIF 2102 and [0289] and [0293]).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sternberg to the authorization method of 3GPP to include allocating, by the resource control network element, a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device.
One would have been motivated to combine the teachings of Sternberg to 3GPP  to do so as it provides / allows a secure interface... to obtain UE subscription information (Sternberg, [0232]). 

Regarding Claim 2;
3GPP and Sternberg discloses the method to Claim 1.
3GPP further teaches wherein the replacing, by the resource control network element, the first user identifier with a second user identifier comprises: performing, by the resource control network element, identity verification on the first user identifier (pp. 6-7, 4.3.2.x, – 1. SMF checks whether the UE request is complaint with the user subscription and with local polices and 3. The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF), and after determining that the identity verification on the first user identifier succeeds, replacing the first user identifier with the second user identifier (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF);

Regarding Claim 3;
Sternberg discloses the method to Claim 2.
3GPP further discloses wherein the performing, by the resource control network element, identity verification on the first user identifier comprises: determining, by the resource control network element, that the identity verification on the first user identifier succeeds (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF).
Sternberg further teaches [concepts of ] when determining that the first user identifier is a subscriber permanent identifier, a subscriber temporary identity, or a third-party user identifier (Sternberg, [0260] UE-T-ID: A temporary identifier that the RIF 2102 can resolve to a HPLM-ID or MNO-ID. The format of this identifier may be a binary value such as a temporary IMSI or the format of this identifier can be a URI).





Regarding Claim 7;
Sternberg discloses the method to Claim 1.
3GPP further discloses wherein the authorization request message further comprises an application identifier (pp. 6-7, 4.3.2.x, 3. Application ID may included...), and the authorization response message comprises the authorization result that is obtained by the authorization server by performing authorization based on the second user identifier, the application identifier, and the resource usage request message (FIG. 4.3.2.x-1 – Nnef_Communicaiotn...(Message Transfer) to ND-AAA and Nnef_Communicaiton... MessageNotify from DN-AAA via NEF and pp. 6-7, 4.3.2.x, 3. Application ID may included... and p. 10 – 5.2.5.x1. Inputs, Required.... Message content(s)),

Regarding Claim 11;
3GPP resource control network element (p. 7, FIG. 4.3.2.x-1 – SMF), comprising: 
a receiving unit, configured to receive a resource usage request message sent by a terminal device, wherein the resource usage request message comprises a first user identifier of the terminal device (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... ); a processing unit, configured to replace the first user identifier with a second user identifier (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity...); and 
a sending unit, configured to send an authorization request message to an authorization server by using a network exposure function NEF, wherein the authorization request message comprises the second user identifier of the terminal device (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF), wherein 
the receiving unit is further configured to receive, by using the NEF, an authorization response message sent by the authorization server, wherein the authorization response message comprises an authorization result that is obtained by the authorization server by performing authorization based on the second user identifier and the resource usage request message (pp. 6-8, 4.3.2.x, 5. The DN-AAA server and the UE shall exchange EAP messages as required by the EAP method.... 6.  After completion of the authentication, DN-AAA server sends EAP success messages to the NEF.... 7 NEF sends the EAP Success to SMF);
3GPP fails to explicitly disclose the processing unit is further configured to allocate a network resource to the terminal device based on the authorization result; and the sending unit is further configured to send a resource allocation response message to the terminal device.
However, in an analogous art, Sternberg teaches the processing unit is further configured to allocate a network resource to the terminal device based on the authorization result (Sternberg, FIG. 22 and [0268]-[0273] – An Indication of whether or not connections is permitted... An indication of whether not connection to requested services or slices can be provided... UE-Service-Descriptors); and the sending unit is further configured to send a resource allocation response message to the terminal device. (Sternberg, FIG. 22 and [0268]-[0273] – An Indication of whether or not connections is permitted... An indication of whether not connection to requested services or slices can be provided... UE-Service-Descriptors... and [0288] - The AAA server uses the Challenge Vector, the UE-T-ID and the UE's challenge response to confirm that the response is proper and was provided by the UE 2006 that is associated with the UE-T-ID. The AAA Server 2028 responds with an AA-Challenge-Check-Resp message which includes an indication of whether or not authentication was successful. Since the UE 2006 has now been authenticated, the AAA Server 2028 may choose to send subscription information related to the UE 2006 to the RIF 2102 and [0289] and [0293]).
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sternberg to the authorization method of 3GPP to include the processing unit is further configured to allocate a network resource to the terminal device based on the authorization result; and the sending unit is further configured to send a resource allocation response message to the terminal device.
One would have been motivated to combine the teachings of Sternberg to 3GPP to do so as it provides / allows a secure interface... to obtain UE subscription information (Sternberg, [0232]). 

Regarding Claim 12;
3GPP and Sternberg disclose the element to Claim 11.
3GPP wherein when replacing the first user identifier with the second user identifier, the processing unit is specifically configured to: perform identity verification on the first user identifier (pp. 6-7, 4.3.2.x, – 1. SMF checks whether the UE request is complaint with the user subscription and with local polices and 3. The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF), and after determining that the identity verification on the first user identifier succeeds, replace the first user identifier with the second user identifier (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF);
Regarding Claim 13;
3GPP and Sternberg disclose the element to Claim 12.
wherein when performing the identity verification on the first user identifier, the processing unit is specifically configured to: determine that the identity verification on the first user identifier succeeds (pp. 6-7, 4.3.2.x, 3. – The SMF may retrieve the DN-AAA-ID from the UE’s DN specific identity.... Then SMF sends the EAP Request./Identity... DN-AAA-ID ... to the NEF).
Sternberg further teaches [concepts of ] when determining that the first user identifier is a subscriber permanent identifier, a subscriber temporary identity, or a third-party user identifier (Sternberg, [0260] UE-T-ID: A temporary identifier that the RIF 2102 can resolve to a HPLM-ID or MNO-ID. The format of this identifier may be a binary value such as a temporary IMSI or the format of this identifier can be a URI).

Regarding Claim 16;
3GPP and Sternberg disclose the element to Claim 11.
3GPP further discloses wherein the authorization request message further comprises an application identifier (pp. 6-7, 4.3.2.x, 3. Application ID may included...),, and the authorization response message comprises the authorization result that is obtained by the authorization server by performing authorization based on the second user identifier, the application identifier, and the resource usage request message (FIG. 4.3.2.x-1 – Nnef_Communicaiotn...(Message Transfer) to ND-AAA and Nnef_Communicaiton... MessageNotify from DN-AAA via NEF and pp. 6-7, 4.3.2.x, 3. Application ID may included... and p. 10 – 5.2.5.x1. Inputs, Required.... Message content(s)).
Regarding Claim 19;
3GPP and Sternberg disclose the element to Claim 11.
3GPP further discloses wherein before the sending unit sends the authorization request message to the authorization server, the receiving unit is further configured to receive a subscription data response message of the terminal device, wherein the subscription data response message comprises third-party authorization indication information, and the third-party authorization indication information is used to indicate that third-party authorization needs to be performed on the terminal device; or the processing unit is further configured to determine, according to a local configuration policy, that third-party authorization needs to be performed on the terminal device (pp. 6-7, 4.3.2.x, 1. ...UE request is compliant with the user subscription and with local policies.... The policy can be as part of SM policy that gets from PCF, which is whether the “PDU session establishment authentication/authorization” shall be performed or authorized to perform).

Regarding Claim 20;
3GPP and Sternberg disclose the element to Claim 11.
Sternberg further teaches wherein when allocating a network resource to the terminal device based on the authorization result, the processing unit is specifically configured to: if the authorization result is that the terminal device is allowed to use a network resource, allocate a requested network resource to the terminal device (Sternberg, FIG. 22 and [0268]-[0273] – An Indication of whether or not connections is permitted... An indication of whether not connection to requested services or slices can be provided... UE-Service-Descriptors);; or if the authorization result is that the terminal device is not allowed to use a network resource, refuse to (Sternberg, FIG. 22 and [0268]-[0273] – An Indication of whether or not connections is permitted... An indication of whether not connection to requested services or slices can be provided... UE-Service-Descriptors).

Claims 4-6, 14 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP TSG SA WG Meeting #122bis, S2-175780, “TS 23.502: AF Influenced PDU session establishment and DN authentication/Authorization via NEF”, August 21-25, 2017, (hereinafter 3GPP) in view of Sternberg et al. (US 2017/0332421 A1) and further in view of Vinayakray-Jani (US 2009/0138955 A1).

Regarding Claim 4;
3GPP and Sternberg disclose the method to Claim 1.
	3GPP discloses a first user identifier (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
3GPP and Sternberg fail to explicitly disclose wherein the second user identifier is an encrypted ... identifier.
However, in an analogous art, Vinayakray-Jani teaches wherein the second user identifier is an encrypted ... identifier (FIG. 2 and [0042] - The first stage (1) is the generic bootstrapping performed between MT 30 and BSF/HAAA 20 in the home network. BSF/HAAA 20 generates B-TID; shared keys (Ks) also known as a base secret key, and the lifetime of Ks. The B-TID is in Network Access Identifier (NAI) format and generated by taking base64 encoded random challenge value and the server name of BSF/HAAA 20 (for example, base64encode(RAND)@BSFservers_domain name. BSF/HAAA 20 sends a message including B-TID and lifetime of shared key Ks to MT 30 to indicate successful authentication). As reasonably constructed a encoded random challenge value represents an encrypted identifier. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vinayakray-Jani to the authorization method and first user identifier of 3GPP and Sternberg to include wherein the second user identifier is an encrypted ... identifier.
One would have been motivated to combine the teachings of Vinayakray-Jani to 3GPP and Sternberg to do so as it provides / allows a solution to provision Mobile IP specific keys between [a] node and [a] agent (Vinayakray-Jani. [0011]).

Regarding Claim 5;
3GPP and Sternberg disclose the method to Claim 1.
3GPP discloses a first user identifier (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
3GPP and Sternberg fail to explicitly disclose wherein, before the replacing, by the resource control network element, the ... identifier with a second user identifier, the method comprises: generating the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; generating the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using a symmetric encryption algorithm; generating the second user identifier by encrypting the ... identifier and a preset parameter by using a hash encryption algorithm; or generating the second user identifier 
However, in an analogous art, Vinayakray-Jani teaches wherein, before the replacing, by the resource control network element, the first user identifier with a second user identifier, the method comprises: generating the second user identifier by encrypting a public key of the resource control network element, the first user identifier, and a preset parameter by using an asymmetric encryption algorithm; generating the second user identifier by encrypting a public key of the resource control network element, the first user identifier, and a preset parameter by using a symmetric encryption algorithm (Vinayakray-Jani, [0007] - symmetric and [0032] FIG. 3 is a flow diagram showing the signaling messages in the first preferred embodiment making full use of GBA. First, the bootstrapping procedure is performed between MT 30 and BSF 20. During bootstrapping, mutual authentication is performed between the MT 30 and the home network, and base key Ks are generated by MT 10 and BSF 20. Associated Ks include a B-TID and lifetime of Ks. Once bootstrapping completed, MT 30 makes use of the bootstrapped security association with a PMN-NAF. MT 30 conveys the received B-TID and optionally additional parameters if necessary to PMN-NAF 10. Upon receiving the B-TID from MT 30, PMN-NAF 10 contacts BSF 20 over a Zn interface to obtain Ks_ext_NAF. PMN-NAF 10 provides the B-TID and PMN-NAF_ID. BSF 20 derives the Ks_ext_NAF (also known as PMN-AAA key) from base key Ks and provides Ks_ext_NAF and the User Security Setting (USS) profile to PMN-NAF 10. PMN-NAF 10 formulates the registration request to HA-NAF by extending it with B-TID, PMN-NAF_ID and key generation nonce request. Such message is protected by means of PMN-AAA key. The HA-NAF generates the authentication requests and delivers it to BSF/HAAA 20, which eventually verifies the B-TID and PMN-NAF_ID and generates the nonce value. With the generated nonce value and stored PMN-AAA key, it derives NAF. The HA-NAF authorizes the registration request, and stores the PMN-HA key and nonce value. Finally, HA-NAF acknowledges the registration response to PMN-NAF 10 with nonce value. PMN-NAF 10 derives the PMN-HA key from the received nonce value and the PMN-AAA key); generating the second user identifier by encrypting the first user identifier and a preset parameter by using a hash encryption algorithm; or generating the second user identifier by encrypting a nonce of the resource control network element, the first user identifier, and a preset parameter by using a hash encryption algorithm 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vinayakray-Jani to the authorization method and first user identifier of 3GPP and Sternberg to include wherein, before the replacing, by the resource control network element, the ... identifier with a second user identifier, the method comprises: generating the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; generating the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using a symmetric encryption algorithm; generating the second user identifier by encrypting the ... identifier and a preset parameter by using a hash encryption algorithm; or generating the second user identifier by encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm.
One would have been motivated to combine the teachings of Vinayakray-Jani to 3GPP and Sternberg to do so as it provides / allows a solution to provision Mobile IP specific keys between [a] node and [a] agent (Vinayakray-Jani. [0011]).
Regarding Claim 6;
3GPP and Sternberg disclose the method to Claim 1.
3GPP discloses wherein, before the replacing, by the resource control network element, the first user identifier with a second user identifier, the method comprises:... [and] concepts of a first user identifier (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
3GPP and Sternberg fail to explicitly disclose  wherein, before the replacing, by the resource control network element, the ... identifier with a second user identifier, the method comprises: calculating the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm; and the encrypted ... identifier is generated by: encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; encrypting a public key of the resource control network element, ... identifier, and a preset parameter by using a symmetric encryption algorithm; encrypting the ... identifier and a preset parameter by using a hash encryption algorithm;  or encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm.
However, in an analogous art, Vinayakray-Jani teaches wherein, before the replacing, by the resource control network element, the ... identifier with a second user identifier, the method comprises: calculating the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm (Vinayakray-Jani, [0007] - symmetric and [0032] FIG. 3 is a flow diagram showing the signaling messages in the first preferred embodiment making full use of GBA. First, the bootstrapping procedure is performed between MT 30 and BSF 20. During bootstrapping, mutual authentication is performed between the MT 30 and the home network, and base key Ks are generated by MT 10 and BSF 20. Associated Ks include a B-TID and lifetime of Ks. Once bootstrapping completed, MT 30 makes use of the bootstrapped security association with a PMN-NAF. MT 30 conveys the received B-TID and optionally additional parameters if necessary to PMN-NAF 10. Upon receiving the B-TID from MT 30, PMN-NAF 10 contacts BSF 20 over a Zn interface to obtain Ks_ext_NAF. PMN-NAF 10 provides the B-TID and PMN-NAF_ID. BSF 20 derives the Ks_ext_NAF (also known as PMN-AAA key) from base key Ks and provides Ks_ext_NAF and the User Security Setting (USS) profile to PMN-NAF 10. PMN-NAF 10 formulates the registration request to HA-NAF by extending it with B-TID, PMN-NAF_ID and key generation nonce request. Such message is protected by means of PMN-AAA key. The HA-NAF generates the authentication requests and delivers it to BSF/HAAA 20, which eventually verifies the B-TID and PMN-NAF_ID and generates the nonce value. With the generated nonce value and stored PMN-AAA key, it derives NAF. The HA-NAF authorizes the registration request, and stores the PMN-HA key and nonce value. Finally, HA-NAF acknowledges the registration response to PMN-NAF 10 with nonce value. PMN-NAF 10 derives the PMN-HA key from the received nonce value and the PMN-AAA key; and the encrypted ... identifier is generated by: encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; encrypting a public key of the resource control network element, ... identifier, and a preset parameter by using a symmetric encryption algorithm; encrypting the ... identifier and a preset parameter by using a hash encryption algorithm (Vinayakray-Jani, FIG. 2 and [0042] - The first stage (1) is the generic bootstrapping performed between MT 30 and BSF/HAAA 20 in the home network. BSF/HAAA 20 generates B-TID; shared keys (Ks) also known as a base secret key, and the lifetime of Ks. The B-TID is in Network Access Identifier (NAI) format and generated by taking base64 encoded random challenge value and the server name of BSF/HAAA 20 (for example, base64encode(RAND)@BSFservers_domain name. BSF/HAAA 20 sends a message including B-TID and lifetime of shared key Ks to MT 30 to indicate successful authentication). As reasonably constructed a encoded random challenge value represents an encrypted identifier.; or encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm.
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vinayakray-Jani to the authorization method and first user identifier of 3GPP and Sternberg to include wherein, before the replacing, by the resource control network element, the ... identifier with a second user identifier, the method comprises: calculating the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm; and the encrypted ... identifier is generated by: encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; encrypting a public key of the resource control network element, ... identifier, and a preset parameter by using a symmetric encryption algorithm; encrypting the ... identifier and a preset parameter by using a hash encryption algorithm;  or encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm..
One would have been motivated to combine the teachings of Vinayakray-Jani to 3GPP and Sternberg to do so as it provides / allows a solution to provision Mobile IP specific keys between [a] node and [a] agent (Vinayakray-Jani. [0011]).


Regarding Claim 14;
3GPP and Sternberg disclose the element to Claim 11.
3GPP discloses a first user identifier (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
3GPP and Sternberg fail to explicitly disclose wherein, before the replacing the ... identifier with a second user identifier, the processing unit is further configured to: generate the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; generate the second user identifier by encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using a symmetric encryption algorithm; generate the second user identifier by encrypting the ... identifier and a preset parameter by using a hash encryption algorithm; or generate the second user identifier by encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm.
However, in an analogous art, Vinayakray-Jani teaches wherein, before the replacing the ... identifier with a second user identifier, the processing unit is further configured to: generate the second user identifier by encrypting a public key of the resource control network element, the first user identifier, and a preset parameter by using an asymmetric encryption algorithm; generate the second user identifier by encrypting a public key of the resource control network element, the first user identifier, and a preset parameter by using a symmetric encryption algorithm (Vinayakray-Jani [0007] - symmetric and [0032] FIG. 3 is a flow diagram showing the signaling messages in the first preferred embodiment making full use of GBA. First, the bootstrapping procedure is performed between MT 30 and BSF 20. During bootstrapping, mutual authentication is performed between the MT 30 and the home network, and base key Ks are generated by MT 10 and BSF 20. Associated Ks include a B-TID and lifetime of Ks. Once bootstrapping completed, MT 30 makes use of the bootstrapped security association with a PMN-NAF. MT 30 conveys the received B-TID and optionally additional parameters if necessary to PMN-NAF 10. Upon receiving the B-TID from MT 30, PMN-NAF 10 contacts BSF 20 over a Zn interface to obtain Ks_ext_NAF. PMN-NAF 10 provides the B-TID and PMN-NAF_ID. BSF 20 derives the Ks_ext_NAF (also known as PMN-AAA key) from base key Ks and provides Ks_ext_NAF and the User Security Setting (USS) profile to PMN-NAF 10. PMN-NAF 10 formulates the registration request to HA-NAF by extending it with B-TID, PMN-NAF_ID and key generation nonce request. Such message is protected by means of PMN-AAA key. The HA-NAF generates the authentication requests and delivers it to BSF/HAAA 20, which eventually verifies the B-TID and PMN-NAF_ID and generates the nonce value. With the generated nonce value and stored PMN-AAA key, it derives NAF. The HA-NAF authorizes the registration request, and stores the PMN-HA key and nonce value. Finally, HA-NAF acknowledges the registration response to PMN-NAF 10 with nonce value. PMN-NAF 10 derives the PMN-HA key from the received nonce value and the PMN-AAA key); generate the second user identifier by encrypting the first user identifier and a preset parameter by using a hash encryption algorithm; or generate the second user identifier by encrypting a nonce of the resource control network element, the first user identifier, and a preset parameter by using a hash encryption algorithm 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vinayakray-Jani to the element and first user identifier of 3GPP and Sternberg to include wherein, before the replacing the ... identifier with a second user 
One would have been motivated to combine the teachings of Vinayakray-Jani to 3GPP and Sternberg to do so as it provides / allows a solution to provision Mobile IP specific keys between [a] node and [a] agent (Vinayakray-Jani. [0011]).

Regarding Claim 15;
3GPP and Sternberg disclose the element to Claim 11.
3GPP discloses wherein, before the replacing the first user identifier with a second user identifier, the processing unit is further configured to:... [and] concepts of a first user identifier (pp. 6-7, 4.3.2.x , 1. – UE request and 2b. – UE sends an EAP Response Identity message ... THE UE includes its DN-specific identity.... );
3GPP and Sternberg fail to explicitly disclose wherein, before the replacing the ... identifier with a second user identifier, the processing unit is further configured to: calculate the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm; and the encrypted ... identifier is generated by: encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an 
However, in an analogous art, Vinayakray-Jani teaches wherein, before the replacing the ... identifier with a second user identifier, the processing unit is further configured to: calculate the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm (Vinayakray-Jani [0007] - symmetric and [0032] FIG. 3 is a flow diagram showing the signaling messages in the first preferred embodiment making full use of GBA. First, the bootstrapping procedure is performed between MT 30 and BSF 20. During bootstrapping, mutual authentication is performed between the MT 30 and the home network, and base key Ks are generated by MT 10 and BSF 20. Associated Ks include a B-TID and lifetime of Ks. Once bootstrapping completed, MT 30 makes use of the bootstrapped security association with a PMN-NAF. MT 30 conveys the received B-TID and optionally additional parameters if necessary to PMN-NAF 10. Upon receiving the B-TID from MT 30, PMN-NAF 10 contacts BSF 20 over a Zn interface to obtain Ks_ext_NAF. PMN-NAF 10 provides the B-TID and PMN-NAF_ID. BSF 20 derives the Ks_ext_NAF (also known as PMN-AAA key) from base key Ks and provides Ks_ext_NAF and the User Security Setting (USS) profile to PMN-NAF 10. PMN-NAF 10 formulates the registration request to HA-NAF by extending it with B-TID, PMN-NAF_ID and key generation nonce request. Such message is protected by means of PMN-AAA key. The HA-NAF generates the authentication requests and delivers it to BSF/HAAA 20, which eventually verifies the B-TID and PMN-NAF_ID and generates the nonce value. With the generated nonce value and stored PMN-AAA key, it derives NAF. The HA-NAF authorizes the registration request, and stores the PMN-HA key and nonce value. Finally, HA-NAF acknowledges the registration response to PMN-NAF 10 with nonce value. PMN-NAF 10 derives the PMN-HA key from the received nonce value and the PMN-AAA key; and the encrypted ... identifier is generated by: encrypting a public key of the resource control network element, the ... identifier, and a preset parameter by using an asymmetric encryption algorithm; encrypting a public key of the resource control network element, ... identifier, and a preset parameter by using a symmetric encryption algorithm; encrypting the ... identifier and a preset parameter by using a hash encryption algorithm (FIG. 2 and [0042] - The first stage (1) is the generic bootstrapping performed between MT 30 and BSF/HAAA 20 in the home network. BSF/HAAA 20 generates B-TID; shared keys (Ks) also known as a base secret key, and the lifetime of Ks. The B-TID is in Network Access Identifier (NAI) format and generated by taking base64 encoded random challenge value and the server name of BSF/HAAA 20 (for example, base64encode(RAND)@BSFservers_domain name. BSF/HAAA 20 sends a message including B-TID and lifetime of shared key Ks to MT 30 to indicate successful authentication). As reasonably constructed a encoded random challenge value represents an encrypted identifier.; or encrypting a nonce of the resource control network element, the ... identifier, and a preset parameter by using a hash encryption algorithm.
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vinayakray-Jani to the element and first user identifier of 3GPP and Sternberg to include wherein, before the replacing the ... identifier with a second user identifier, the processing unit is further configured to: calculate the second user identifier by using the encrypted ... identifier, a preset variable factor, and a preset encryption algorithm; and 
One would have been motivated to combine the teachings of Vinayakray-Jani to 3GPP and Sternberg to do so as it provides / allows a solution to provision Mobile IP specific keys between [a] node and [a] agent (Vinayakray-Jani. [0011]).












Claims 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP TSG SA WG Meeting #122bis, S2-175780, “TS 23.502: AF Influenced PDU session establishment and DN authentication/Authorization via NEF”, August 21-25, 2017, (hereinafter 3GPP) in view of Sternberg et al. (US 2017/0332421 A1) and further in view of Senese et al. (US 2012/0036567 A1).

Regarding Claim 17;
3GPP and Sternberg disclose the element to Claim 11.
3GPP and Sternberg fail to explicitly disclose wherein the authorization request message further comprises a first message authentication code, and the first message authentication code is used by the authorization server to verify security of the authorization request message; and the authorization response message further comprises a second message authentication code, and the second message authentication code is used by the processing unit to verify security of the authorization response message.
However, in an analogous art, Senese teaches wherein the authorization request message further comprises a first message authentication code, and the first message authentication code is used by the authorization server to verify security of the authorization request message (Senese, FIG. 3 – 306 Auth and Claim 1); and the authorization response message further comprises a second message authentication code, and the second message authentication code is used by the processing unit to verify security of the authorization response message (Senese, FIG. 3 – 308 Auth and Claim 1).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Senese to the element of 3GPP and Sternberg to include 
One would have been motivated to combine the teachings of Senese to 3GPP and Sternberg to do so as it provides / allows secure session establishment by authenticated synchronization... for network access control (Senese, [0005]).

Regarding Claim 18;
3GPP and Sternberg and Senese disclose the element to Claim 17.
3GPP discloses wherein after the receiving unit receives, by using the NEF, the... message sent by the authorization server (p. 8, 4.3.2.x, 6) [and] concepts of using the NEF for communication (FIG. 4.3.2.x-1)
3GPP and Sternberg the sending unit is further configured to: send an authorization acknowledgment message to the authorization server by using the NEF, wherein the authorization acknowledgment message comprises a third message authentication code, and the third message authentication code is used by the authorization server to verify security of the third-party authorization acknowledgment message;
However, in an analogous art, Senese teaches the sending unit is further configured to: send an authorization acknowledgment message to the authorization server ..., wherein the authorization acknowledgment message comprises a third message authentication code, and the (Senese, FIG. 3 – 310 Auth and Claim 1-2).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Senese to the element and NEF of 3GPP and Sternberg to include the sending unit is further configured to: send an authorization acknowledgment message to the authorization server ..., wherein the authorization acknowledgment message comprises a third message authentication code, and the third message authentication code is used by the authorization server to verify security of the third-party authorization acknowledgment message to thereby apply such teachings to the NEF.
One would have been motivated to combine the teachings of Senese to 3GPP and Sternberg to do so as it provides / allows secure session establishment by authenticated synchronization... for network access control (Senese, [0005]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439