DETAILED ACTIONNotice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendments
This communication is in response to the amendments filed on 23 December 2021:
	Claims 19, 23, 27 and 31 are amended.
	Claims 1-18, 21-22, 25-26, 29-30 and 33-34 are canceled.
	Claims 19-20, 23-24, 27-28 and 31-32 are pending.



Allowable Subject Matter
Claims 19-20, 23-24, 27-28 and 31-32 are allowed. The following is an examiner’s statement of reasons for allowance:

The instant invention is directed towards techniques for authenticating application program interface (API) invokers using a common application program interface framework (CAPIF). The method includes establishing by a CAPIF core function (CCF) a secure Transport Layers Security (TLS) connection with at least one API invoker, on receiving a connection request from the at least one API invoker to access at least one service API on a CAPIF-2e interface. The method further includes determining by the CCF at least one security method to be used by the at least one API invoker for a CAPIF-2e interface security (C2eIS) of the at least one API on CAPIF-2e interface. 

The closest prior art are as follows:

Cho et al. (U.S. PGPub. 2014/0351446) discloses techniques for providing one or more protocols for one or more electronic devices. The method includes establishing, by an electronic device configured to provide a framework interface by executing instructions stored in a memory, one or more physical channels with an external electronic device, using one or more communication modules, executing, by the electronic device, two or more application programs to interface with the framework interface, and communicating, via the framework interface, data from the two or more application programs through the one or more physical channels to the external electronic device. However, unlike the instant invention, Cho does not disclose “establishing a session with a second entity implementing an authenticating application program interface (API) invoker using a transport layer security (TLS); receiving, from the second entity, a security method request message including information on a security method for a third entity implementing an API exposing function (AEF); identifying a security method for authentication between the second entity and the third entity from at least one of a TLS pre-shared key (TLS-PSK), a TLS public key infrastructure (TLS-PKI), or an OAuth 2.0 based on the information on the security method and an access scenario; and wherein the security method is used to provide an interface authentication and protection of the second entity.” 

Tan et al. (U.S. PGPub. 2020/0007335) discloses techniques for a network function service invocation method including sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element. However, unlike the instant invention, Tan does not disclose “establishing a session with a second entity implementing an authentication application program interface (API) invoker using a transport layer security (TLS); identifying a security method for authentication between the second entity and the third entity from at least one of a TLS pre-shared key (TLS-PSK), a TLS public key infrastructure (TLS-PKI), or an OAuth 2.0 based on the information on the security method and an access scenario; and wherein the security method is used to provide an interface authentication and protection of the second entity.”

Hu et al. (U.S. PGPub. 2017/0249480) discloses techniques for privacy protection for third party data sharing, comprising a set of raw data relating to activity of one or more users in accordance with a communication network being obtained. The communication network is managed by a network operator. The obtained set of raw data is processed in accordance with at least one data isolation policy maintained by the network operator to generate a first set of data comprising at least a portion of the set of raw data with sensitive data associated with the one or more users removed. However, unlike the instant invention, Hu does not disclose “A method performed by a first entity implementing a common application program interface framework (CAPIF) core function (CCF) in a communication system; wherein the security method is used to provide an interface authentication and protection of the second entity.” 

Chen et al. (U.S. PGPub. 2016/0088109) discloses techniques for remotely running an application program. A client acquires an application program from a server, runs the application program on the client, and detects whether the application program triggers an application programming interface (API) invocation request. However, unlike the instant invention, Chen does not disclose “receiving from the second entity, a security method request message including information on a security method for a third entity implementing an API exposing function (AEF); identifying a security method for authentication between the second entity and the third entity; and wherein the security method is used to provide an interface authentication and protection of the second entity.” 

The prior art references above, individually or in combination, do not disclose the claimed limitations. For at least these reasons, claims 19-20, 23-24, 27-28 and 31-32 are allowed.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2433                      

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433