DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
2. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


3. 	Claims 1-3, 5, 8-10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Zhong (US 20170150411 A1) in view of Wang (WO 2017185999 A1).

4. 	Regarding Claim 1, Zhong discloses, a key distribution method, comprising: receiving, by an identity management server, an ID registration request message that is sent by a terminal by using a unified access gateway UAG, to request to register an ID of the terminal, wherein the ID registration request message comprises AAA authentication information (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME); sending the network access identifier by the HSS to an access gateway of the target network, for the access gateway to generate a seed key according to the network access identifier; receiving the seed key by the HSS from the access gateway and sending the seed key to the terminal, calculating a local key and a local identifier according to the seed key, and sending the local key and the local identifier to an authentication, authorization and accounting (AAA) server of the target network, for the AAA server ); determining, by the identity management server based on the AAA authentication information, whether AAA authentication on the terminal succeeds (Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information:); and if the AAA authentication on the terminal succeeds, allocating the ID to the terminal, and sending the ID of the terminal to a key management server (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME). [0011], sending the identity information and the network access identifier to the HSS when the identity of the terminal is authenticated successfully.); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
receiving, by the identity management server, a private key of the terminal that is sent by the key management server, wherein the private key is generated by the key management server by using the identity ID of the terminal as a public key (Wang, [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device. The first public key of the terminal device corresponding to the private key.  [2954], The first key of the terminal device is the first private key of the terminal device, and the device identifier of the terminal device is the first public key of the terminal device corresponding to the first private key.); 

Zhong does not explicitly disclose the following limitations that Wang teaches:
negotiating, by the terminal and the identity management server, to generate a first key (Wang, [2345], the user management server and the service center server can be preset in advance, or it can be a key negotiated after the user and the key management); 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a private key to generate the management server of the terminal and to negotiate both by the first key to enhance security.

and sending, by the identity management server to the terminal by using the UAG, the ID and the private key of the terminal that are encrypted by using the first key (Zhong, [0031], the access gateway sends the seed key to the HSS, the access gateway is further configured to: generate a second random number, and encrypt the seed key, the first random number and the second random number; and send the seed key, the first random number and the second random number to the HSS after encrypting.).

5. 	Regarding Claim 2, Zhong and Wang disclose, the method according to claim 1, wherein the determining, by the identity Zhong, [0021], the AAA server determines that the re-authentication process with the terminal); receiving, by the identity management server, an AAA authentication result of the terminal that is sent by the AAA server (Zhong, [0046], a terminal sends identity information of the terminal and a network access identifier of a target network to a home subscriber server (HSS) through a mobile management entity (MME), sends the local key and the local identifier to an authentication, authorization and accounting (AAA) server ); and determining, by the identity management server based on the AAA authentication result, whether the AAA authentication on the terminal succeeds (Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information).

6. 	Regarding Claim 3, Zhong and Wand disclose, the method according to claim 1, wherein before the receiving, by an identity management server, an ID registration request message that is sent by a terminal by using the UAG, the method further comprises: receiving, by the identity management server, the AAA authentication information of the terminal that is sent by the AAA server (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME); sending the network access identifier by the HSS to an access gateway of the target network, for the access gateway to generate a seed key according to the network access identifier; receiving the seed key by the HSS from the access gateway and sending the seed key to the terminal, calculating a local key and a local identifier according to the seed key, and sending the local key and the local identifier to an authentication, authorization and accounting (AAA) server of the target network, for the AAA server ); and the determining, by the identity management server based on the AAA authentication information, whether AAA authentication on the terminal succeeds specifically comprises: determining, by the identity management server, whether the AAA authentication information of the terminal that is sent by the AAA server is the same as the AAA authentication information comprised in the ID registration request message sent by the terminal ( Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information [0022], when the access point determines that the first handoff key is the same as the second handoff key, executing a connection key generation operation with the terminal, for the terminal to connect to the access point using the connection key.); and if the AAA authentication information of the terminal that is sent by the AAA server is the same as the AAA authentication information comprised in the ID registration request message sent by the terminal, determining that the AAA authentication on the terminal succeeds ( Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information).

7. 	Regarding Claim 5, Zhong and Wang disclose, a key distribution method, comprising: sending, by a terminal, an ID registration request message to an identity management server by using a unified access gateway UAG, to request to register an ID of the terminal, wherein the ID registration request message comprises AAA authentication information (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME); sending the network access identifier by the HSS to an access gateway of the target network, for the access gateway to generate a seed key according to the network access identifier; receiving the seed key by the HSS from the access gateway and sending the seed key to the terminal, calculating a local key and a local identifier according to the seed key, and sending the local key and the local identifier to an authentication, authorization and accounting (AAA) server of the target network, for the AAA server ); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
negotiating, by the terminal and the identity management server, to generate a first key (Wang, [2345], the user management server and the service center server can be preset in advance, or it can be a key negotiated after the user and the key management); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
receiving, by the terminal, the ID of the terminal and a private key of the terminal that are encrypted by using the first key and that are sent by the identity management server, wherein the private key is generated by a key management server by using the identity ID of the terminal as a public key (Wang, [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device. The first public key of the terminal device corresponding to the private key.  [2954], The first key of the terminal device is the first private key of the terminal device, and the device identifier of the terminal device is the first public key of the terminal device corresponding to the first private key.); and obtaining, by the terminal, the ID of the terminal and the private key of the terminal through decryption by using the first key (Zhong, [0088], the access gateway 208, the HSS 206 decrypts the message by using its private key, and calculates a local key (LK) and a local identifier (LID) according to parameters acquired from decryption, a detailed formula is provided below: [0089], LK=f(CK, IK, Ki, n1); LID=f(CK, IK, n1), in which fK is a message identifier function that uses a key K, CK is a cryptographic key, and IK is an integrity key.).

8. 	Regarding Claim 8, Zhong and Wang disclose, an identity management server, comprising: a receiving module, wherein the receiving module is configured to receive an ID registration request message that is sent by a terminal by using a unified access gateway UAG, to request to register an ID of the terminal, wherein the ID registration request message comprises AAA authentication information; and a processing module, wherein the processing module is configured to: determine, based on the AAA authentication information, whether AAA authentication on the terminal succeeds (Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information:); and if the AAA authentication on the terminal succeeds, allocate the ID to the terminal, and send the ID of the terminal to a key management server (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME). [0011], sending the identity information and the network access identifier to the HSS when the identity of the terminal is authenticated successfully.); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
wherein the receiving module is further configured to receive a private key of the terminal that is sent by the key management server, wherein the private key is generated by the key management server by using the identity ID of the terminal as a public key (Wang, [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device. The first public key of the terminal device corresponding to the private key.  [2954], The first key of the terminal device is the first private key of the terminal device, and the device identifier of the terminal device is the first public key of the terminal device corresponding to the first private key.); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
and the processing module is further configured to negotiate with the terminal to generate a first key (Wang, [2345], the user management server and the service center server can be preset in advance, or it can be a key negotiated after the user and the key management); and a sending module, wherein the sending module is configured to send, to the terminal by using the UAG, the ID and the private key of the terminal that are encrypted by using the first key (Zhong, [0031], the access gateway sends the seed key to the HSS, the access gateway is further configured to: generate a second random number, and encrypt the seed key, the first random number and the second random number; and send the seed key, the first random number and the second random number to the HSS after encrypting.).

9. 	Regarding Claim 9, Zhong and Wang disclose, the server according to claim 8, wherein the sending module is further configured to send AAA authentication information of the terminal to an AAA server (Zhong, [0021], the AAA server determines that the re-authentication process with the terminal); the receiving module is further configured to receive an AAA authentication result of the terminal that is sent by the AAA server (Zhong, [0046], a terminal sends identity information of the terminal and a network access identifier of a target network to a home subscriber server (HSS) through a mobile management entity (MME), sends the local key and the local identifier to an authentication, authorization and accounting (AAA) server ); and the processing module is further configured to determine, based on the AAA authentication result, whether the AAA authentication on the terminal succeeds (Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information).

10. 	Regarding Claim 10, Zhong and Wang disclose, the server according to claim 8, wherein the receiving module is further configured to receive AAA authentication information of the terminal that is sent by the AAA server (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME); sending the network access identifier by the HSS to an access gateway of the target network, for the access gateway to generate a seed key according to the network access identifier; receiving the seed key by the HSS from the access gateway and sending the seed key to the terminal, calculating a local key and a local identifier according to the seed key, and sending the local key and the local identifier to an authentication, authorization and accounting (AAA) server of the target network, for the AAA server ); and the processing module is specifically configured to: determine whether the AAA authentication information of the terminal that is sent by the AAA server is the same as the AAA authentication information comprised in the ID registration request message sent by the terminal ( Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information [0022], when the access point determines that the first handoff key is the same as the second handoff key, executing a connection key generation operation with the terminal, for the terminal to connect to the access point using the connection key.); and if the AAA authentication information of the terminal that is sent by the AAA server is the same as the AAA authentication information comprised in the ID registration request message sent by the terminal, determine that the AAA authentication on the terminal succeeds ( Zhong, [0021], receiving the response data from the terminal by the access point, and returning successfully authenticated information to the terminal when an authentication of the terminal is determined to be passed according to the response data; executing a re-authentication process with the AAA server by the terminal when the terminal receives the successfully authenticated information).

11. 	Regarding Claim 12, Zhong and Wang disclose, a terminal, comprising: a sending module, wherein the sending module is configured to send an ID registration request message to an identity management server by using a unified access gateway UAG, to request to register an ID of the terminal, wherein the ID registration request message comprises AAA authentication information (Zhong, [0009], sending identity information of a terminal and a network access identifier of a target network to a home subscriber server (HSS) using the terminal through a mobile management entity (MME); sending the network access identifier by the HSS to an access gateway of the target network, for the access gateway to generate a seed key according to the network access identifier; receiving the seed key by the HSS from the access gateway and sending the seed key to the terminal, calculating a local key and a local identifier according to the seed key, and sending the local key and the local identifier to an authentication, authorization and accounting (AAA) server of the target network, for the AAA server ); 
Zhong does not expliclty disclose the following limitations that Wang teaches:
a processing module, wherein the processing module is configured to negotiate with the identity management server to generate a first key (Wang, [2345], the user management server and the service center server can be preset in advance, or it can be a key negotiated after the user and the key management); 
Zhong does not expliclty disclose the following limitations that Wang teaches:
and a receiving module, wherein the receiving module is configured to receive the ID of the terminal and a private key of the terminal that are encrypted by using the first key and that are sent by the identity management server, wherein the private key is generated by a key management server by using the identity ID of the terminal as a public key ( Wang, [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device. The first public key of the terminal device corresponding to the private key.  [2954], The first key of the terminal device is the first private key of the terminal device, and the device identifier of the terminal device is the first public key of the terminal device corresponding to the first private key.); wherein the processing module is further configured to obtain the ID of the terminal and the private key of the terminal through decryption by using the first key (Zhong, [0088], the access gateway 208, the HSS 206 decrypts the message by using its private key, and calculates a local key (LK) and a local identifier (LID) according to parameters acquired from decryption, a detailed formula is provided below: [0089], LK=f(CK, IK, Ki, n1); LID=f(CK, IK, n1), in which fK is a message identifier function that uses a key K, CK is a cryptographic key, and IK is an integrity key.).

12. 	Claims 4, 6-7, 11 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Zhong (US 20170150411 A1) and (WO 2017185999 A1) in view of Nath US 2008/0310425 A1.

Regarding Claim 4, Zhong, Wang and Nath disclose, the method according to claim 1, 
Zhong does not explicitly disclose the following limitations that Wang teaches:
wherein after the sending, by the identity management server to the terminal by using the UAG, the ID and the private key of the terminal that are encrypted by using the first key, the method further comprises: receiving, by the identity management server, a mapping registration request message sent by the terminal, to request a mapping management server to register the terminal, wherein the mapping registration request message comprises the ID of the terminal, a location of the terminal, and a first random number encrypted by using an ID of the identity management server, and the mapping registration request message is signed by using the private key of the terminal (Wang, [0039], The service center server receives the first key request message sent by the user management server, where the first key request message is used to instruct the service center server to generate the first key of the terminal device managed by the user management server; according to the first key request message Generate the first key of the terminal device, and send the first key to the user management server. [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
verifying, by the identity management server by using the ID of the terminal, a signature obtained by using the private key of the terminal (Wang, [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; ); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
obtaining the first random number through decryption by using a private key of the identity management server ( Wang, [0748], The network authentication server decrypts the encrypted first random number according to the first key, obtains the first random number. [0956], The network authentication server decrypts the encrypted first random number according to the network authentication private key of the network authentication server); 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the registration request message of the terminal by verify the identity management server with in the terminal and using a signature within the private key to enhance security.

Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and sending a mapping authentication request message to the mapping management server (Nath, [0067], The occurrence of such an event may also trigger the sending of a mapping message from the wireless device to the device management server); 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
receiving, by the identity management server, a second random number that is generated and sent by the mapping management server (Nath, [0033], The mapping of the phone number or MSISDN to a device IMEI is known to the management server and changes infrequently. ); 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the mapping of the authentication within the management server to enhance security features.

Zhong does not explicitly disclose the following limitations that Wang teaches:
and sending, by the identity management server to the terminal, the second random number that is signed by using the private key of the identity management server and that is encrypted by using the ID of the terminal, so that the terminal obtains the second random number through decryption by using the private key of the terminal and verifies, by using the ID of the identity management server, a signature obtained by using the private key of the identity management server, the terminal and the mapping management server obtain the second key through calculation based on the first random number, the second random number, the ID of the terminal(Wang, [0121], The terminal device receives the second message verification code and the encrypted second random number 07-01-2022 3 sent by the network authentication server, and decrypts the encrypted second random number according to the first key to obtain the second random number, and the encrypted second random number The random number is obtained by the network authentication server using the first key to encrypt the second random number. [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; [2398], f generating the first key, the identification of the user management server can be added to generate the first key with different complexity for the terminal devices managed by different user management servers, that is, the service center server can manage the terminal), 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention using a random number to encrypt the signed private key and decrypt the terminal to enhance security.

Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and an ID of the mapping management server, and the mapping management server provides the terminal with an ID-locator mapping query service ( Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include identification of the management server that provides the mapping of the terminal to enhance security.

13. 	Regarding Claim 6, Zhong, Wang and Nath disclose, the method according to claim 5, 
Zhong does not explicitly disclose the following limitations that Wang teaches:
wherein after the obtaining, by the terminal, the ID of the terminal and the private key of the terminal through decryption by using the first key, the method further comprises: negotiating, by the terminal and a mapping management server, to generate a second key, wherein the second key is used to encrypt a communication message between the terminal and the mapping management server (Wang, [2345], the user management server and the service center server can be preset in advance, or it can be a key negotiated after the user and the key management); 

Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and the mapping management server provides the terminal with an ID-locator mapping query service ( Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).

14. 	Regarding Claim 7, Zhong, Wang and Nath disclose, the method according to claim 5, 
Zhong does not expliclty disclose the following limitations that Wang teaches:
wherein after the obtaining, by the terminal, the ID of the terminal and the private key of the terminal through decryption by using the first key, the method further comprises: sending, by the terminal, a mapping registration request message to the identity management server by using the UAG, to request the mapping management server to register the terminal, wherein the mapping registration request message comprises the ID of the terminal, a locator of the terminal, and a first random number encrypted by using an ID of the identity management server, and the mapping registration request message is signed by using the private key of the terminal (Wang, [0039], The service center server receives the first key request message sent by the user management server, where the first key request message is used to instruct the service center server to generate the first key of the terminal device managed by the user management server; according to the first key request message Generate the first key of the terminal device, and send the first key to the user management server. [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device); 
Zhong does not expliclty disclose the following limitations that Wang teaches:
receiving, by the terminal, a second random number that is signed by using a private key of the identity management server, encrypted by using the ID of the terminal, and sent by the identity management server (Wang, [0975], Encryption processing, the encrypted communication key is obtained, the second digital signature is generated according to the network authentication private key of the network authentication server, the first random number and the second random number, and the second random number and the encrypted communication key are generated); 
Zhong does not expliclty disclose the following limitations that Wang teaches:
verifying, by the terminal by using the ID of the identity management server, a signature obtained by using the private key of the identity management server (Wang, [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; ); 

Zhong does not expliclty disclose the following limitations that Wang teaches:
and obtaining the second random number through decryption by using the private key of the terminal (Wang, [0748], The network authentication server decrypts the encrypted first random number according to the first key, obtains the first random number. [0956], The network authentication server decrypts the encrypted first random number according to the network authentication private key of the network authentication server); 

Zhong does not expliclty disclose the following limitations that Wang teaches:
and obtaining, by the terminal, the second key through calculation based on the first random number, the second random number, the ID of the terminal, and an ID of the mapping management server, wherein the second key is used to encrypt a communication message between the terminal and the mapping management server(Wang, [0121], The terminal device receives the second message verification code and the encrypted second random number 07-01-2022 3 sent by the network authentication server, and decrypts the encrypted second random number according to the first key to obtain the second random number, and the encrypted second random number The random number is obtained by the network authentication server using the first key to encrypt the second random number. [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; [2398], f generating the first key, the identification of the user management server can be added to generate the first key with different complexity for the terminal devices managed by different user management servers, that is, the service center server can manage the terminal); 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and the mapping management server provides the terminal with the ID-locator mapping query service (Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).

15. 	Regarding Claim 11, Zhong, Wang and Nath disclose, the server according to claim 8, 
Zhong does not explicitly disclose the following limitations that Wang teaches:
wherein the receiving module is further configured to receive a mapping registration request message sent by the terminal, to request a mapping management server to register the terminal, wherein the mapping registration request message comprises the ID of the terminal, a location of the terminal, and a first random number encrypted by using an ID of the identity management server, and the mapping registration request message is signed by using the private key of the terminal (Wang, [0039], The service center server receives the first key request message sent by the user management server, where the first key request message is used to instruct the service center server to generate the first key of the terminal device managed by the user management server; according to the first key request message Generate the first key of the terminal device, and send the first key to the user management server. [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
the processing module is further configured to: verify, by using the ID of the terminal, a signature obtained by using the private key of the terminal (Wang, [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; ); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
obtain the first random number through decryption by using the private key of the identity management server ( Wang, [0748], The network authentication server decrypts the encrypted first random number according to the first key, obtains the first random number. [0956], The network authentication server decrypts the encrypted first random number according to the network authentication private key of the network authentication server); 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and send a mapping authentication request message to the mapping management server (Nath, [0067], The occurrence of such an event may also trigger the sending of a mapping message from the wireless device to the device management server. ); 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
the receiving module is further configured to receive a second random number that is generated and sent by the mapping management server (Nath, [0033], The mapping of the phone number or MSISDN to a device IMEI is known to the management server and changes infrequently); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
and the sending module is further configured to: send, to the terminal, the second random number that is signed by using the private key of the identity management server and that is encrypted by using the ID of the terminal, so that the terminal obtains the second random number through decryption by using the private key of the terminal and verifies, by using the ID of the identity management server, a signature obtained by using the private key of the identity management server, the terminal and the mapping management server obtain the second key through calculation based on the first random number, the second random number, the ID of the terminal (Wang, [0121], The terminal device receives the second message verification code and the encrypted second random number 07-01-2022 3 sent by the network authentication server, and decrypts the encrypted second random number according to the first key to obtain the second random number, and the encrypted second random number The random number is obtained by the network authentication server using the first key to encrypt the second random number. [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; [2398], f generating the first key, the identification of the user management server can be added to generate the first key with different complexity for the terminal devices managed by different user management servers, that is, the service center server can manage the terminal ), 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and an ID of the mapping management server, and the mapping management server provides the terminal with an ID-locator mapping query service (Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).

16. 	Regarding Claim 13, Zhong, Wang and Nath disclose, the terminal according to claim 12, 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
wherein the processing module is further configured to negotiate with the mapping management server for a second key, wherein the second key is used to encrypt a communication message between the terminal and the mapping management server, and the mapping management server provides the terminal with an ID-locator mapping query service (Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).

17. 	Regarding Claim 14, Zhong, Wang and Nath disclose, the terminal according to claim 12, 
Zhong does not explicitly disclose the following limitations that Wang teaches:
wherein the sending module is further configured to send a mapping registration request message to the identity management server to request the mapping management server to register the terminal, wherein the mapping registration request message comprises the ID of the terminal, a locator of the terminal, and a first random number encrypted by using an ID of the identity management server, and the mapping registration request message is signed by using the private key of the terminal (Wang, [0039], The service center server receives the first key request message sent by the user management server, where the first key request message is used to instruct the service center server to generate the first key of the terminal device managed by the user management server; according to the first key request message Generate the first key of the terminal device, and send the first key to the user management server. [0069], The private key and the device identification of the terminal device are used to generate the first key of the terminal device based on the device identity generation algorithm; the first key of the terminal device is the first private key of the terminal device, and the device identification of the terminal device is the same as the first key of the terminal device); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
the receiving module is configured to receive a second random number that is signed by using a private key of the identity management server, encrypted by using the ID of the terminal, and sent by the identity management server (Wang, [0975], Encryption processing, the encrypted communication key is obtained, the second digital signature is generated according to the network authentication private key of the network authentication server, the first random number and the second random number, and the second random number and the encrypted communication key are generated); 
Zhong does not explicitly disclose the following limitations that Wang teaches:

the processing module is configured to: verify, by using the ID of the identity management server, a signature obtained by using the private key of the identity management server (Wang, [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; ); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
and obtain the second random number through decryption by using the private key of the terminal ( Wang, [0748], The network authentication server decrypts the encrypted first random number according to the first key, obtains the first random number. [0956], The network authentication server decrypts the encrypted first random number according to the network authentication private key of the network authentication server); 
Zhong does not explicitly disclose the following limitations that Wang teaches:
and the processing module is further configured to obtain the second key through calculation based on the first random number, the second random number, the ID of the terminal, and an ID of the mapping management server, wherein the second key is used to encrypt a communication message between the terminal and the mapping management server (Wang, [0121], The terminal device receives the second message verification code and the encrypted second random number 07-01-2022 3 sent by the network authentication server, and decrypts the encrypted second random number according to the first key to obtain the second random number, and the encrypted second random number The random number is obtained by the network authentication server using the first key to encrypt the second random number. [0962], Generate a second digital signature from the network authentication private key, the first random number, and the second random number of the authentication server, and send the encrypted second random number and the second digital signature to the terminal device; [2398], f generating the first key, the identification of the user management server can be added to generate the first key with different complexity for the terminal devices managed by different user management servers, that is, the service center server can manage the terminal), 
Zhong and Wang does not explicitly disclose the following limitations that Nath teaches:
and the mapping management server provides the terminal with the ID-locator mapping query service ( Nath, [0063], the AAA server can communicate the identity/address mapping of the device to the management server. [0056], Whenever a wireless device 110 is detected within the coverage area of the wireless communication system 100, the HLR 140 is informed of the device's current location and queried for authenticating the device to provide services).



Conclusion
18. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433


/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433