Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The Amendment filed November 12, 2021 has been entered. Claims 1-19 remain pending in the application, claim 20 was cancelled.  Applicant’s amendments to the claims overcome each of the 112(b) rejections.

Response to Applicant’s Arguments regarding 35 U.S.C. 102/103
	The applicant’s response states:

Amended independent claim 1 recites in part, "receiving, by the authentication network element, a first authentication identifier of the UE and a second authentication identifier of the UE, wherein the first authentication identifier of the UE has been authenticated by an authentication server function network element (AUSF) and includes an external identifier and a permanent equipment identification (PEI), wherein the external identifier is obtained by translating a subscriber permanent identifier (SUPI); and the second authentication identifier of the UE is an identifier used by the UE to request to access the DN" (emphasis added). Ben Henda fails to teach at least these features of amended independent claim 1. 
Ben Henda is generally directed to a wireless communication network, and more specifically to a "secondary authentication of a user equipment configured for use in a wireless communication network" (Ben Henda, paragraph [0002]). Although Ben Henda discloses a primary identity (e.g. international subscriber identifier (IMSI) (Ben Henda, paragraph [0079]), and the Office Action alleges that it is well known in the art that "a subscriber permanent identifier (SUPI)... is the equivalent of an international mobile subscriber identifier (IMSI)" (Office Action, page 11), in no way does Ben Henda disclose a first authentication identifier that includes an external identifier and a permanent equipment identification (PEI), let alone that the external identifier is obtained by translating a SUPI. Therefore, Ben Henda does not teach, suggest, or disclose the above recited features of independent claim 1, as amended. 
Liu, Van Phanh, and Stieglitz, either alone or in combination with Ben Henda, fail to cure the deficiencies of Ben Henda discussed above with regards to amended independent claim 1, and the Office Action in any event has not relied on Liu, Van Phanh, and Stieglitz with respect to the above-identified distinguishing features. As such, amended independent claim 1 is allowable. Amended independent claims 10 and 19, although different in scope from amended independent claim 1, recite features similar to those 
Accordingly, reconsideration and withdrawal of the rejection of claims 1-19 under 35 U.S.C. § 112(b) and 35 U.S.C. § 103 is respectfully requested. 


The applicant asserts that the amendments to the independent claims clearly distinguish over the cited references.  
For example, the applicant asserts that the cited references fail to disclose, teach, or suggest the following emphasized recitation, “wherein the first authentication identifier of the UE has been authenticated by an authentication server function network element (AUSF) and includes an external identifier and a permanent equipment identification (PEI), wherein the external identifier is obtained by translating a subscriber permanent identifier (SUPI),” which was added by amendment.
The Examiner asserts that the prior art reject has been modified, as shown below, to include a new grounds for rejection that teaches the above discussed subject matter.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 6-7, 10, 13, 15-16, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0230510 to Ben Henda et al. (hereinafter referred to as “Ben .
Claim 1 recites, 
A network authentication method, comprising: receiving, by an authentication network element, (SMF as described in [0081-82] and depicted in fig. 3 of Ben Henda. The SMF receives primary identity and secondary identity information in 4b of fig. 3, which describe and depict the AMF sharing information with user equipment (UE)) a request to access a data network (DN) by a user equipment (UE); 
(Ben Henda in [0082] and [0090-93] describes the AAA server of the data network receiving information from the AMF, via the SMF, which was received from UE, for the purpose of secondary authentication in order to use the data network.)
receiving, by the authentication network element, (SMF receiving Step 4b fig. 3) a first authentication identifier (primary identity, as describe in [0079], [0081], and [0083] of Ben Henda, also shown in steps 2, 4a, and 4b of fig. 3 of Ben Henda) of the UE and a second authentication identifier of the UE, (secondary identity, as shown in step 4a and 4b of fig. 3 of Ben Henda are described in [0081-82] of Ben Henda) 
wherein the first authentication identifier of the UE has been authenticated by an authentication server function network element (AUSF) …. (See the AUSF communicating with the AMF which communicates with the SMF in fig. 2 of Ben Henda and the see the descriptions of the SMF, AMF, and AUSF in [0054], [0056], and [0062] of Ben Henda. For example, [0062] of Ben Henda states, “the operator may first run the primary (usual) authentication for initial network access towards AUSF/UDM via AMF, followed by a secondary NS-specific authentication possibly under the control of a 3rd party.” Thus, Ben Henda describes the AMF (of 
Ben Henda fails to teach the following,
… and includes an external identifier and a permanent equipment identification (PEI), … 
However, Kazerani in [0100] teaches this feature because the “identifying information” in Kazerani includes both an email address (“external identifier”) and International Mobile Equipment Identity (IMEI) (“permanent equipment identification (PEI)”), and both are used for authentication, as described in the second sentence of [0100] of Kazerani. 
Ben Henda and Kazerani fail to teach the translating of a SUPI into an external identifier.
… wherein the external identifier is obtained by translating a subscriber permanent identifier (SUPI); and
However, ETSI, on pages 71-72 in section “19.7.2 External Identifier”, teaches an IMSI, which is similar to a SUPI, is translatable into a "<Local Identifier>@<Domain Identifier>", which is equivalent to an email address. Please see the applicant’s specification which in [0098] states, “… a format of the SUPI is an international mobile subscriber identity (IMSI) …”
the second authentication identifier of the UE is an identifier used by the UE to request to access the DN; and (Ben Henda in fig. 3 (steps 4a, 4b, and 5) and [0081-83] depict and describe a UE that provides the secondary identity for the purpose of secondary authentication by the AAA server to access the data network (DN) domain.)
verifying, by the authentication network element based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy a first binding relationship, to obtain an authentication result, (Ben Henda in [0087] describes step 7 where binding between the primary identity and the secondary identity are 
wherein the first binding information comprises first binding relationships of one or more pairs of first authentication identifiers and second authentication identifiers, 
(Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”) 
the first authentication identifier in the first binding information indicates an identifier used for authentication performed by the AUSF, (primary identity of Ben Henda, which is used by the AMF and AUSF for primary authentication and then passed to the SMF) and the second authentication identifier in the first binding information indicates an identifier used for authentication for access of the UE to the DN. (secondary identity of Ben Henda, which is used for secondary authentication)
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Kazerani (as described above), in order to provide the specific identifying information of an email address and an IMEI, which are then used to determine if access is appropriate to the system.
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to perform authentication and authorization based on mobile phone identifiers and an email address, as described in [0100] of Kazerani. 
to have modified Ben Henda and Kazerani to incorporate the teachings of ETSI (as described above), in order to identify (and translate between ) a SUPI / IMSI and an external identifier / email address. 
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to translate the email address to an SUPI / IMSI, as described in the cited portion of ETSI. 

Claim 4 recites, 
wherein the first binding information is prestored in a local storage of the authentication network element. (emphasis added) (Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”)

Claim 6 recites, 
wherein the verifying, by the authentication network element based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises:
when the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, (Ben Henda discloses these features Steps 5-9 of fig. 5, which are described in [0082-89]. For example, [0087] describes, “The SMF optionally first authentication identifier”) and secondary identity (“second authentication identifier”), and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”  Additionally, the secondary EAP authentication of step 5 is perform a modified / streamlined EAP authentication by using the PDU session established in step 4 of fig. 3. [0082] states, “If the PDU session establishment request carried the secondary identity of the UE, the SMF can skip the EAP-Identity request, and initiate the EAP authentication directly with the AAA server.”) 
the authentication result is that the request to access the DN succeeds. (Ben Henda discloses these features in [0083], which describes the secondary EAP authentication being used to access the Data Network Name DNN. [0083] states, “The channel related information is either used directly in the cryptographic operations within the secondary EAP authentication, or later when using the master key (i.e. master session key, MSK, or extended MSK, EMSK) created from the secondary authentication for some purposes. The channel information may be one of the following: access network type (e.g. 5G radio, wireless local access network WLAN), the core network type (e.g. 5G core network) or the network slice type or identifier (e.g. Network Slice Selection Assistance Information NSSAI, SM-NSSAI or Data Network Name DNN).” (emphasis added)

Claim 7 recites, 
wherein the verifying, by the authentication network element based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises:
when the first authentication identifier of the UE and the second authentication identifier of the UE do not satisfy the first binding relationship, the authentication result is that the request to access the DN fails. 
(Claim 7 is rejected based on similar reasons given to that for the rejections of claim 6, however, the additional feature of failure of the DN, which is not described in the rejection of claim 6 (above), is also disclosed by Ben Henda in [0089], which states, “Step 9: The SMF sends back a PDU session establishment response depending on the outcome of the secondary authentication. This message may carry the final EAP message, i.e. PDU session establishment accept may carry EAP Success or PDU session establishment failure may carry EAP Failure.” (emphasis added) The channel related information of [0083] also describes a data network (DN) being accessed, where the data network DN is also shown in fig. 3 above the AAA server.) 

Claim 10 recites, 
An authentication network element, wherein the authentication network element (SMF as described in [0081-82] and depicted in fig. 3 of Ben Henda) comprises a transmitter, a receiver, a memory, and a processor coupled to the memory, and the transmitter, the receiver, the memory, and the processor are connected by a bus, wherein (The Examiner asserts that the SMF would inherently include a processor, memory transceiver / communication device (i.e., transmitter and receiver), an a bus that connects the processor, memory and transceiver.)
the receiver is configured to receive a request to access a data network (DN) by a user equipment (UE); (Ben Henda in [0082] and [0090-93] describes the AAA server of the data network receiving information from the AMF, via the SMF, which was received from UE, for the purpose of secondary authentication in order to use the data network. Fig. 3 depicts the AMF receiving primary identify and secondary identity information in 4a of fig. 3, which describe and depict the AMF sharing information with user equipment (UE))
the receiver is further configured to receive a first authentication identifier (emphasis added) (primary identifier, as describe in [0079], [0081], and [0083] of Ben Henda, also shown in steps 2, 4a, and 4b of fig. 3 of Ben Henda) of the UE and a second authentication identifier (emphasis added) (secondary identity, as shown in step 4a and 4b of fig. 3 of Ben Henda are described in [0081-82] of Ben Henda) of the UE, 
wherein the first authentication identifier of the UE has been authenticated by an authentication server function network element (AUSF) … (See the AUSF communicating with the AMF which communicates with the SMF in fig. 2 of Ben Henda and see the descriptions of the SMF, AMF, and AUSF in [0054], [0056], and [0062] of Ben Henda. For example, [0062] of Ben Henda states, “the operator may first run the primary (usual) authentication for initial network access towards AUSF/UDM via AMF, followed by a secondary NS-specific authentication possibly under the control of a 3rd party.” Thus, Ben Henda describes the AMF (of figs. 2-3) using the AUSF (fig. 2) to perform the primary authentication, then this information is passed to SMF in 4b of fig. 3, and then a secondary authentication is performed.) 
Ben Henda fails to teach the following,
… and includes an external identifier and a permanent equipment identification (PEI), … 
However, Kazerani in [0100] teaches this feature because the “identifying information” in Kazerani includes both an email address (“external identifier”) and International Mobile permanent equipment identification (PEI)”), and both are used for authentication, as described in the second sentence of [0100] of Kazerani. 
Ben Henda and Kazerani fail to teach the translating of a SUPI into an external identifier.
… wherein the external identifier is obtained by translating a subscriber permanent identifier (SUPI); and
However, ETSI, on pages 71-72 in section “19.7.2 External Identifier”, teaches an IMSI, which is similar to a SUPI, is translatable into a  "<Local Identifier>@<Domain Identifier>", which is equivalent to an email address. Please see the applicant’s specification which in [0098] states, “… a format of the SUPI is an international mobile subscriber identity (IMSI) …”
the second authentication identifier of the UE is an identifier used by the UE to request to access the DN; (Ben Henda in fig. 3 (steps 4a, 4b, and 5) and [0081-83] depict and describe a UE that provides the secondary identity for the purpose of secondary authentication by the AAA server to access the data network (DN) domain.)
the processor is configured to verify, based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy a first binding relationship, to obtain an authentication result, (Ben Henda in [0087] describes step 7 where binding between the primary identity and the secondary identity are performed. When binding occurs, the SMF may trust a new request from the AMF that carries the primary identity, it may trust that the message originates from the same UE that has the secondary identity.)
wherein the first binding information comprises first binding relationships of one or more pairs of first authentication identifiers and second authentication identifiers, (emphasis added) (Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that 
the first authentication identifier in the first binding information indicates an identifier used for authentication performed by the AUSF, (primary identity of Ben Henda, which is used by the AMF and AUSF for primary authentication and then passed to the SMF) and the second authentication identifier in the first binding information indicates an identifier used for authentication for access of the UE to the DN; and (secondary identity of Ben Henda, which is used for secondary authentication)
the transmitter is configured to send the authentication result to the UE. (Ben Henda, fig. 3 specifically Step 9, transmitting the PDU session establishment response from the SMF to the UE which establishes a cannel between the UE and the DN Domain (shown above the AAA Server in fig. 3 of Ben Henda)
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Kazerani (as described above), in order to provide the specific identifying information of an email address and an IMEI, which are then used to determine if access is appropriate to the system.
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to perform authentication and authorization based on mobile phone identifiers and an email address, as described in [0100] of Kazerani. 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda and Kazerani to 
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to translate the email address to an SUPI / IMSI, as described in the cited portion of ETSI. 

Claim 13 recites, 
wherein the memory is configured to store the first binding information.  (Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”)

Claim 15 recites, 
wherein that the processor is configured to verify, based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises:
when the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, 
(Ben Henda discloses these features Steps 5-9 of fig. 5, which are described in [0082-89]. For example, [0087] describes, “The SMF optionally makes binding between primary identity (“first authentication identifier”) and secondary identity (“second authentication identifier”), and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it 
the authentication result is that the request to access the DN succeeds. (Ben Henda discloses these features in [0083], which describes the secondary EAP authentication being used to access the Data Network Name DNN. [0083] states, “The channel related information is either used directly in the cryptographic operations within the secondary EAP authentication, or later when using the master key (i.e. master session key, MSK, or extended MSK, EMSK) created from the secondary authentication for some purposes. The channel information may be one of the following: access network type (e.g. 5G radio, wireless local access network WLAN), the core network type (e.g. 5G core network) or the network slice type or identifier (e.g. Network Slice Selection Assistance Information NSSAI, SM-NSSAI or Data Network Name DNN).” (emphasis added))

Claim 16 recites, 
wherein that the processor is configured to verify, based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises:
when the first authentication identifier of the UE and the second authentication identifier of the UE do not satisfy the first binding relationship, the authentication result is that the request to access the DN fails. 
(Claim 16 is rejected based on similar reasons given to that for the rejections of claim 6 and 15, however, the additional feature of failure of the DN, which is not described in the rejection of claims 6 and 15 (above), is also disclosed by Ben Henda in [0089], which states, “Step 9: The SMF sends back a PDU session establishment response depending on the outcome of the secondary authentication. This message may carry the final EAP message, i.e. PDU session establishment accept may carry EAP Success or PDU session establishment failure may carry EAP Failure.” (emphasis added) The channel related information of [0083] also describes a data network (DN) being accessed, where the data network DN is also shown in fig. 3 above the AAA server.)

Claim 19 recites, 
A network authentication method, comprising: 
sending, by a session management function entity, (Ben Henda includes a session management function (SMF) which is depicted in fig. 3 in the CN domain and referred to throughout the disclosure of Ben Henda) a first authentication identifier (primary identity of Ben Henda, which is sent to the SMF from the UE, via the AMF/SEAF, in Step 4b of fig. 3) of a user equipment and a second authentication identifier (secondary identity of Ben Henda, which is sent to the SMF from the UE, via the AMF/SEAF, in Step 4b of fig. 3, along with the primary identity) of the user equipment to an authentication, authorization, accounting (AAA) server … 

Ben Henda fails to teach the following,
wherein the first authentication identifier includes an external identifier and a permanent equipment identification (PEI), … 
(However, Kazerani in [0100] teaches this feature because the “identifying information” in Kazerani includes both an email address (“external identifier”) and International Mobile Equipment Identity (IMEI) (“permanent equipment identification (PEI)”), and both are used for authentication, as described in the second sentence of [0100] of Kazerani.)
Ben Henda and Kazerani fail to teach the translating of a SUPI into an external identifier.
… wherein the external identifier is obtained by translating a subscriber permanent identifier (SUPI); and
(However, ETSI, on pages 71-72 in section “19.7.2 External Identifier”, teaches an IMSI, which is similar to a SUPI, is translatable into a  "<Local Identifier>@<Domain Identifier>", which is equivalent to an email address. Please see the applicant’s specification which in [0098] states, “… a format of the SUPI is an international mobile subscriber identity (IMSI) …”)
verifying, by the AAA server, based on a first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result. 
(Ben Henda in [0086] states, “After successful authentication, the AAA exchange may also include the exchange of service/session authorization information to the SMF. In this case, the AAA may provide the SMF with a service authorization profile (or service authorization profile identifier/token) from which the SMF will be able to determine if the requested service is 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Kazerani (as described above), in order to provide the specific identifying information of an email address and an IMEI, which are then used to determine if access is appropriate to the system.
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to perform authentication and authorization based on mobile phone identifiers and an email address, as described in [0100] of Kazerani. 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda and Kazerani to incorporate the teachings of ETSI (as described above), in order to identify (and translate between ) a SUPI / IMSI and an external identifier / email address. 
One of ordinary skill in the art would have been motivated to make this modification in order to provide the ability to translate the email address to an SUPI / IMSI, as described in the cited portion of ETSI. 

Claims 2-3 and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Ben Henda, in view of Kazerani, in view of ETSI, and in view of US 2014/0033291 to Liu (hereinafter referred to as “Liu”).

wherein the first binding information comprises a mapping table, the mapping table comprises one or more entries, and each entry of the one or more entries comprises at least one first binding relationship associated with the UE. (emphasis added) 
(However, Liu teaches the above recitation, Liu in [0012] states, “the binding information server is adapted to store a binding information mapping table of the user.” [0034] states, “The binding information server 202 is adapted to store a binding information mapping table, wherein the binding information mapping table includes the cloud platform account information of the user, a third party application identifier corresponding to the third party application the user registered, the third party application account information and the access information not including the cleartext password generated and issued by the third party application server 203, e.g., the access token information or the encrypted third party application password information.”)
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Liu to incorporate a database in a server that stores the binding relationships used in network authentication using an SMF. 
Additionally, Ben Henda and Liu are both considered to be analogous to the claimed invention because they are in the same field of network authentication using binding relationships.
For example, in Ben Henda the Abstract states, “A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function binding the secondary authentication of the user equipment to a channel over which the secondary authentication is performed.” (emphasis added)
Similarly, Liu’s Abstract states, “A system and a method for visiting a third party application through a cloud platform are disclosed. The method includes: receiving a cloud platform account and cloud platform password information inputted by a user; searching a stored binding information mapping table according to a third party application selected by the user to obtain the third party application and obtain access information.” (emphasis added)

Regarding claim 3, the combination of Ben Henda, Kazerani, ETSI, and Liu teaches, 
wherein the first binding information comprises a database, the database comprises one or more data elements, and each data element of the one or more data elements comprises at least one first binding relationship associated with the UE. 
(While Ben Henda, in [0018] describes different types of first binding information, the Examiner believes that Ben Henda does not appear to specifically teach, “the first binding information comprises a database.” (emphasis added)
However, Liu in [0012] states, “the binding information server is adapted to store a binding information mapping table of the user.” Liu in [0034] states, “The binding information server 202 

Regarding claim 11, the combination of Ben Henda, Kazerani, ETSI, and Liu teaches, 
wherein the first binding information comprises a mapping table, the mapping table comprises one or more entries, and each entry of the one or more entries comprises at least one first binding relationship associated with the UE.  
Claim 11 is rejected for substantially the same reasons given for the rejection of claim 2, which is included above, due to the similarities between claim 2 and claim 11.   

Regarding claim 12, the combination of Ben Henda, Kazerani, ETSI, and Liu teaches, 
wherein the first binding information comprises a database, the database comprises one or more data elements, and each data element of the one or more data elements comprises at least one first binding relationship associated with the UE.    
Claim 12 is rejected for substantially the same reasons given for the rejection of claim 3, which is included above, due to the similarities between claim 3 and claim 12.   

Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Ben Henda, in view of Kazerani, in view of ETSI, and in view of WO 2018109256 to Van Phanh et al. (hereinafter referred to as “Van Phanh”).
Regarding claim 5, Ben Henda, Kazerani, and ETSI teach features of, 
wherein the first binding information is prestored in subscription data of a unified data management network element (UDM); and 
slices based on subscriptions information.” (emphasis added) Ben Henda in [0062] states, “the operator may first run the primary (usual) authentication for initial network access towards AUSF/UDM via AMF, followed by a secondary NS-specific authentication possibly under the control of a 3rd party. This is assuming trust between the 3rd party service provider and the mobile network operator (MNO) who for example is offering access and transport services to this 3rd party in a dedicated network slice instance.” (emphasis added) Also, the UDM in fig. 2 is associated with network slicing, as described in [0059]. Thus, Ben Henda describes access to network slices being authorized by subscription information and a UDM being used for authentication of the slices, as shown in fig. 2)
before the verifying, by the authentication network element based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, 
(Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”) 
However, Ben Henda, Kazerani, and ETSI fail to teach the following recitation of claim 5:
the method comprises: obtaining, by the authentication network element, the first binding information from the subscription data of the UDM. 

Van Phanh [0019] states, “The presently disclosed features enabling the capability to identify the user based on the mobile terminal enquiry to the mobile network have many applications available where users need to prove their identity, and can also be used in case of pre-paid subscriptions. For example, a pre-paid subscriber who has high requirements on privacy, may configure his personal ID to trusted operator to be revealed for emergency situations. Once the binding between the one or more technical device identities and the human user's personal ID has been established, then the device identities can be used to identify the user of also a pre-paid subscription.” (emphasis added)
Additionally, Van Phanh in [0043] states, “A unified data management (UDM) may support authentication related functions and store subscription data and also the association to personal user identifier. The association information may be stored in a common user data repository (UDR), which may be present in the UDM, or in some other element accessed by a 5G function serving the 5G UE for the personal identifier feature. (emphasis added)
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Van Phanh to incorporate receiving the first binding information from the subscription data of an unified data management (UDM). 

For example, in Ben Henda the Abstract states, “A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.” Ben Henda in [0062] teaches the use of a UDM and Ben Henda uses primary and secondary identities (i.e., identifiers) throughout the procedures.   
Van Phanh Abstract states, “According to an example aspect of the present invention, there is provided a method for user identification in a mobile communications system, comprising: receiving, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal, detecting at least one device identifier associated with the request, causing enquiry for a personal identifier associated with the at least one device identifier; and causing transmission of the personal identifier associated with the at least one device identifier.” (emphasis added)

Regarding claim 14, the combination of Ben Henda, Kazerani, ETSI, and Van Phanh teaches, 
The authentication network element according to claim 10, wherein the first binding information is prestored in subscription data of a unified data management network element (UDM); and 
(Ben Henda in [0054] and [0062] describes a unified data management network (UDM) and fig. 2 of Ben Henda depicts the UDM communicating with the AUSF and/or AMF. Ben Henda in [0099] states, “It could be the case that the UE is automatically authorized to access all or some of the slices based on subscriptions information.” (emphasis added) Ben Henda in [0062] states, “the operator may first run the primary (usual) authentication for initial network access towards AUSF/UDM via AMF, followed by a secondary NS-specific authentication possibly under the control of a 3rd party. This is assuming trust between the 3rd party service provider and the mobile network operator (MNO) who for example is offering access and transport services to this 3rd party in a dedicated network slice instance.” (emphasis added) Also, the UDM in fig. 2 is associated with network slicing, as described in [0059]. Thus, Ben Henda describes access to network slices being authorized by subscription information and a UDM being used for authentication of the slices, as shown in fig. 2)
the processor is configured to verify, based on the first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship. 
(Ben Henda in [0087] states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”)

the receiver is configured to obtain the first binding information from the subscription data of the UDM; 
(However, Van Phanh teaches these features. For example, [0019] of Van Phanh (included below) describes the use of subscription information for binding identities, and [0043] of Van Phanh (included below) describes a unified data management (UDM) that is used to support authentication and store subscription data. 
Van Phanh [0019] states, “The presently disclosed features enabling the capability to identify the user based on the mobile terminal enquiry to the mobile network have many applications available where users need to prove their identity, and can also be used in case of pre-paid subscriptions. For example, a pre-paid subscriber who has high requirements on privacy, may configure his personal ID to trusted operator to be revealed for emergency situations. Once the binding between the one or more technical device identities and the human user's personal ID has been established, then the device identities can be used to identify the user of also a pre-paid subscription.” (emphasis added)
Additionally, Van Phanh in [0043] states, “A unified data management (UDM) may support authentication related functions and store subscription data and also the association to personal user identifier. The association information may be stored in a common user data repository (UDR), which may be present in the UDM, or in some other element accessed by a 5G function serving the 5G UE for the personal identifier feature. (emphasis added))

s 8-9 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Ben Henda, in view of Kazerani, in view of ETSI, and in view of US 7,421,503 to Stieglitz et al. (hereinafter referred to as “Stieglitz”).
Regarding claim 8, Ben Henda, Kazerani, and ETSI teach,
wherein the verifying, by the authentication network element based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises: 
(Ben Henda teaches these features Steps 5-9 of fig. 5, which are described in [0082-89]. For example, [0087] describes, “The SMF optionally makes binding between primary identity (“first authentication identifier”) and secondary identity (“second authentication identifier”), and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”  Additionally, the secondary EAP authentication of step 5 is perform a modified / streamlined EAP authentication by using the PDU session established in step 4 of fig. 3. [0082] states, “If the PDU session establishment request carried the secondary identity of the UE, the SMF can skip the EAP-Identity request, and initiate the EAP authentication directly with the AAA server.”)
Ben Henda, Kazerani, and ETSI do not teach the following, 
when the first authentication identifier of the UE and the second authentication identifier of the UE do not satisfy the first binding relationship, 
(The Examiner interprets the previous portion of claim 8 as corresponding to an authentication protocol not working or failing.) 
attempting, by the authentication network element, to authenticate the second authentication identifier of the UE according to an extensible identity authentication protocol (EAP), 
(The Examiner interpret the previous portion of claim 8 as corresponding to using another authentication protocol when the first authentication profile does not work.) 
wherein if the authentication network element has authenticated the second authentication identifier of the UE according to the EAP, the authentication result is that the request to access the DN succeeds.
However, Stieglitz teaches the above recitation, because Stieglitz’s Claim 21 states, “A method as recited in claim 20, wherein one of the authentication outcomes for the outer EAP conversation comprises initiating a third EAP authentication conversation using a third authentication method that is different from the first authentication method and the second authentication method when one or more of the first result and second result represent failure.” (emphasis added)  See also [0021] of Ben Henda, which describes the different versions of EAP being performed using protocol Configuration Options (PCO).” 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ben Henda to incorporate the teachings of Stieglitz to incorporate the use of another protocol when a first or second protocol does not work / fails. 
Additionally, Ben Henda and Stieglitz are both considered to be analogous to the claimed invention because they are in the same field of network authentication using protocols (e.g., EAP).
extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.” Ben Henda in [0062] teaches the use of a UDM and Ben Henda uses primary and secondary identities (i.e., identifiers) throughout the procedures.” (emphasis added)   
Stieglitz’s Abstract states, “A method is disclosed for providing multiple authentication types within an authentication protocol that supports a single type of authentication for a client in communication with an authorization server over a network. One or more authentication request packets compliant with an authentication protocol are sent to the client. Each of the packets comprises a type value that specifies multiple authentication, and a data field having a value that is structured in compliance with the authentication protocol. Each of the packets is associated with one of a plurality of different authentication conversations with the client. A plurality of responses is received from the client for each of the authentication conversations. The sending and receiving steps are repeated until results are determined for the authentication conversations. The client is authenticated based on results of each of the plurality of authentication conversations. Embodiments provide multiple Extensible Authentication Protocol (EAP) authentication methods.” Thus, EAP authentication is clearly taught by Stieglitz.


further comprising: 
updating, (step 7 of fig. 3 of Ben Henda, further described below) bv the authentication network element, the first binding information based on the first authentication identifier of the UE and the second authentication identifier of the UE when the authentication result is that the request to access the DN succeeds. 
(Ben Henda in fig. 3 depicts the primary authentication being established in steps 1-4b, then the secondary authentication is performed in steps 5-6. During the secondary authentication, in Step 7, the updating of the binding information is performed.  Describing step 7, [0087] of Ben Henda states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”)

Regarding claim 17, the combination of Ben Henda, Kazerani, ETSI, and Stieglitz teaches, 
wherein that the processor is configured to verify, based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result comprises: 
first authentication identifier”) and secondary identity (“second authentication identifier”), and stores that locally. When SMF sees a new request from AMF that carries the primary identity, it may trust that the messages originate from the same UE that has the secondary identity.”  Additionally, the secondary EAP authentication of step 5 is perform a modified / streamlined EAP authentication by using the PDU session established in step 4 of fig. 3. [0082] states, “If the PDU session establishment request carried the secondary identity of the UE, the SMF can skip the EAP-Identity request, and initiate the EAP authentication directly with the AAA server.”)
Ben Henda does not teach the following,
when the first authentication identifier of the UE and the second authentication identifier of the UE do not satisfy the first binding relationship, 
(The Examiner interprets the previous portion of claim 8 as corresponding to an authentication protocol not working or failing.) 
attempting, by the authentication network element, to authenticate the second authentication identifier of the UE according to an extensible identity authentication protocol EAP, 
(The Examiner interpret the previous portion of claim 8 as corresponding to using another authentication protocol when the first authentication profile does not work.) 
wherein if the authentication network element has authenticated the second authentication identifier of the UE according to the EAP, the authentication result is that the request to access the DN succeeds; and the processor is configured to update the first binding information based on the first authentication identifier of the UE and the second authentication identifier of the UE. 
when one or more of the first result and second result represent failure.” (emphasis added)  See also [0021] of Ben Henda, which describes the different versions of EAP being performed using protocol Configuration Options (PCO).” 

Regarding claim 18, the combination of Ben Henda and Stieglitz teaches the features of claim 17, as discussed above. Ben Henda further teaches the following features of claim 18, 
wherein the processor is configured to update (step 7 of fig. 3 of Ben Henda, further described below) the first binding information based on the first authentication identifier of the UE and the second authentication identifier of the UE when the authentication result is that the request to access the DN succeeds. 
(Ben Henda in fig. 3 depicts the primary authentication being established in steps 1-4b, then the secondary authentication is performed in steps 5-6. During the secondary authentication, in Step 7, the updating of the binding information is performed.  Describing step 7, [0087] of Ben Henda states, “Step 7: The SMF optionally makes binding between primary identity and secondary identity, and stores that locally. When SMF sees a new request from AMF that carries the primary identity , it may trust that the messages originate from the same UE that has the secondary identity.”)


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495