Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-3 and 7-9 have been amended. Claims 1-14 have been examined.

2.	Applicant's arguments filed 01/13/2022 have been fully considered but they are not persuasive.

Claim Interpretation
3.	For claims 4, 7-8 and 11-12, the phrases “at least one of” and “or” have been given the broadest, reasonable interpretation of only requiring a single element from the given list in order to satisfy the requirements of the limitation.

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

5.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


Claim Rejections - 35 USC § 103
6.	Claims 1-4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Muhanna et al. (U.S. Patent Application Publication 2017/0264439; hereafter “Muhanna”), and further in view of You et al. (U.S. Patent Application Publication 2021/0289353; hereafter “You”).
	For claim 1, Muhanna teaches an apparatus for a user equipment (UE) to provide subscriber privacy protection in a cellular network (note paragraph [0042], UE), the apparatus comprising:
	a memory interface to send or receive, to or from a memory device (note paragraph [0100], memory), a home network public key (note paragraph [0046], home network public key may be stored in memory of UE); and
	a baseband processor coupled to the memory interface (note paragraph [0100], processor) to:
	encrypt a permanent subscription identifier using the home network public key to produce a concealed identifier, wherein the concealed identifier includes an international mobile subscriber identity (IMSI) (note paragraph [0047], UE encrypts IMSI and MAC with home network public key); and
	generate a message for a serving network comprising the concealed identifier (note paragraph [0047], UE generates message 420 for serving network base station and MME).

	Muhanna differs from the claimed invention in that they fail to teach:
the IMSI including a mobile country code (MCC) and a mobile network code (MNC) that are both unencrypted;

	You teaches:
	the IMSI including a mobile country code (MCC) and a mobile network code (MNC) that are both unencrypted (note paragraph [0092] of You, UE encrypts IMSI with public key while keeping MCC and MNC unchanged);

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted IMSI of Muhanna and the encrypted IMSI while leaving the MCC and MNC unencrypted of You. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of encrypting an IMSI with the public key of the home network while leaving the MCC and MNC unchanged to allow for protection of the sensitive IMSI data while still leaving the publicly known MCC and MNC in clear text for routing and transmission.


	For claim 2, the combination of Muhanna and You teaches claim 1, wherein the concealed identifier includes a subscription identifier, and wherein to encrypt the permanent subscription identifier, the baseband processor is configured to encrypt the subscription identifier using the home public network key without encrypting the MCC or 

	For claim 3, the combination of Muhanna and You teaches claim 2, wherein the subscription identifier comprises a mobile subscriber identification number (MSIN) (note paragraphs [0006] and [0092] of You, IMSI and MSIN).

	For claim 4, the combination of Muhanna and You teaches claim 1, wherein the message comprises an attach message or other message used in a procedure to establish a signaling connection between the UE and the serving network (note Fig. 4 and paragraphs [0047] and [0050] of Muhanna, message 420 is used in a procedure to establish a signaling connection between UE and serving network).

	For claim 7, the combination of Muhanna and You teaches claim 1, wherein the baseband processor is further configured to use a nonce value to encrypt the permanent subscription identifier (note paragraph [0047] of Muhanna, RAND1 is used to encrypt IMSI in MAC) to introduce randomness for at least one of nontraceability or unlinkability between the message and one or more other messages communicated between the serving network and the UE (note paragraph [0037] of Muhanna, use of random numbers is useful in generating different instances of a key).


s 9-12 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Muhanna and You, and further in view of Molina et al. (U.S. Patent Application Publication 2016/0277926; hereafter “Molina”).

	For claim 9, Muhanna teaches a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions to, when executed, instruct a processor (note paragraph [0100], instructions stored on memory, executed by processor) of a home public land mobile network (PLMN) (note paragraph [0042], home network), the computer-readable instructions to:
	process an authentication request to authenticate a user equipment (UE), wherein the authentication request includes a concealed identifier (note paragraph [0048], HSS receives UE authentication request message 430);
	extract, from the concealed identifier, an international mobile subscriber identity (IMSI) and an encrypted subscription identifier;
	decrypt the encrypted subscription identifier to obtain a permanent subscription identifier and a replay detection value (note paragraph [0048], HSS decrypts the encrypted portion to obtain IMSI and MAC);
	and
	if, based on the value, the replay attack is not detected (note paragraph [0049], after verifying the integrity of the encrypted portions, HSS may generate authentication vectors):
	use the permanent subscription identifier to identify the UE (note paragraph [0049], IMSI of UE);

	generate a authentication information message comprising the authentication vector and the permanent subscription identifier (note paragraph [0049], generate message 435 carrying authentication vector and IMSI of the UE).

	Muhanna differs from the claimed invention that they fail to teach:
	extract, from the concealed identifier, an international mobile subscriber identity (IMSI) and an encrypted subscription identifier, the IMSI including a mobile country code (MCC) and a mobile network code (MNC), wherein the MCC and the MNC are unencrypted in the concealed identifier;

	You teaches:
	extract, from the concealed identifier, an international mobile subscriber identity (IMSI) and an encrypted subscription identifier, the IMSI including a mobile country code (MCC) and a mobile network code (MNC), wherein the MCC and the MNC are unencrypted in the concealed identifier (note paragraphs [0092] and [0095], home network decrypts the encrypted IMSI; which keeps the MCC and MNC unchanged while encrypting the IMSI with a public key);

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted IMSI of Muhanna and the encrypted IMSI while leaving the MCC and MNC unencrypted of You. It would have 

	The combination of Muhanna and You differ from the claimed invention in that they fail to teach:
	if, based on the replay detection value, a replay attack is detected, generate an authentication reject message;

	Molina teaches:
	if, based on the replay detection value, a replay attack is detected, generate an authentication reject message (note paragraph [0028], message 86 authentication error message);

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Muhanna and You and the authentication error message of Molina. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of detecting an attack through a stale MAC (Muhanna) and sending an error message indicating an authentication rejection (Molina).



	For claim 10, the combination of Muhanna, You and Molina teaches claim 9, wherein the replay detection value comprises a random or other nonce value (note paragraph [0047] of Muhanna, RAND1 is used to encrypt IMSI in MAC), and wherein the computer- readable instructions are further to:
	determine whether the replay detection value number has been previously obtained or received (note paragraphs [0048] and [0096] of Muhanna, received Counter value is compared with counter maintained by HSS to detect replay attack);
	if the replay detection value number has been previously obtained or received, determine that the replay attack is detected (note paragraph [0048] of Muhanna, if counter is stale, attack is detected); and
	if the replay detection value number has not been previously obtained or received, determine that the replay attack is not detected (note paragraph [0048] of Muhanna, if request message is fresh, no attack is detected and message integrity is verified).

	For claim 11, the combination of Muhanna, You and Molina teaches claim 9, wherein the replay detection value is based on a timestamp or counter value generated by the UE (note paragraphs [0048] and [0052] of Muhanna, UE message includes counter), and wherein the computer- readable instructions are furtherto:
	determine whether the timestamp or counter value is within an allowed range (note paragraphs [0048] and [0096] of Muhanna, received Counter value is compared 
	if the timestamp or counter value is not within the allowed range, determine that the replay attack is detected (note paragraph [0048] of Muhanna, if counter is stale, attack is detected); and
	if the timestamp or counter value is within an allowed range, determine that the replay attack is not detected (note paragraph [0048] of Muhanna, if request message is fresh, no attack is detected and message integrity is verified).

	For claim 12, the combination of Muhanna, You and Molina teaches claim 11, wherein the replay detection value comprises a keyed hash function of the timestamp or counter value (note paragraph [0047] of Muhanna, MAC signature is made with keyed hash using KIARINT), wherein the keyed hash function uses a symmetric key shared between the UE and the home PLMN (note paragraph [0047] of Muhanna, MAC signature is made with keyed hash using KIARINT), and wherein the computer-readable instructions are further to verify that the replay detection value is derived correctly from the timestamp or counter value and the symmetric key according to the keyed hash function (note paragraph [0048] of Muhanna, MAC signature is compared with MAC computed with keyed hash and KIARINT).


8.	Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Muhanna and You as applied to claim 1 above, and further in view of .
	For claim 5, the combination of Muhanna and You differs from the claimed invention in that they fail to teach:
	wherein the baseband processor is further configured to: decrypt a fresh home network public key received from a home public land mobile network (PLMN); and store, through the memory interface, the fresh home network public key in the memory device for use with subsequent messages to the serving network.

	Malthankar teaches:
	wherein the baseband processor is further configured to: decrypt a fresh home network public key received from a home public land mobile network (PLMN); and store, through the memory interface, the fresh home network public key in the memory device for use with subsequent messages to the serving network (note paragraph [0085], UE receives and stores carrier public key updates through HTTPS, i.e. decrypting using the session key established in the HTTPS connection).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Muhanna and You and the updating of carrier public keys through HTTPS of Malthankar. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of encrypting an IMSI with the public key of the home 


	For claim 6, the combination of Muhanna, You and Malthankar teaches claim 5, wherein the baseband processor is configured to decrypt the fresh home network public key using a symmetric key shared between the UE and the home PLMN (note paragraph [0085] of Malthankar, UE receives and stores carrier public key updates through HTTPS, i.e. decrypting using the symmetric session key established in the HTTPS connection).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the IMSI encrypted with a home network public key of Muhanna and the updating of carrier public keys through HTTPS of Malthankar. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of encrypting an IMSI with the public key of the home network (Muhanna) and sending updates of the public key to the UE securely through HTTPS (Malthankar).


9.	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Muhanna and You as applied to claim 1 above, and further in view of .
	For claim 8, the combination of Muhanna and You differs from the claimed invention in that they fail to teach:
	wherein the baseband processor is further configured to use a timestamp value to encrypt the permanent subscription identifier to introduce randomness for at least one of nontraceability or unlinkability between the message and one or more other messages communicated between the serving network and the UE.

	Hamandi teaches:
	wherein the baseband processor is further configured to use a timestamp value to encrypt the permanent subscription identifier to introduce randomness for at least one of nontraceability or unlinkability between the message and one or more other messages communicated between the serving network and the UE (note 5.1 User Identities, IMSI is encrypted with a Timestamp to randomize the encrypted IMSI).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Muhanna and You and the IMSI encrypted with a timestamp of Hamandi. It would have been obvious because a simple substitution of one known element (ISMI encrypted with a timestamp of Hamandi) for another (IMSI encrypted with a random number of Muhanna) would yield the predictable results of encrypting an IMSI with a timestamp and a counter value to randomize the encrypted IMSI and prevent replay attacks.


10.	Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Muhanna, You and Molina as applied to claim 9 above, and further in view of Lee et al. (U.S. Patent Application Publication 2016/0094988; hereafter “Lee”).
	For claim 13, the combination of Muhanna, You and Molina differs from the claimed invention in that they fail to teach:
	wherein the computer-readable instructions are further to conceal the permanent subscription identifier in the authentication information message with a key shared between an access and mobility function (AMF) of a serving network and a security anchor function (SEAF) of the home PLMN.

	Lee teaches:
	wherein the computer-readable instructions are further to conceal the permanent subscription identifier in the authentication information message with a key shared between an access and mobility function (AMF) of a serving network and a security anchor function (SEAF) of the home PLMN (note Fig. 7 and paragraphs [0063] and [0070], connection between serving network and home network is protected with Diameter protocol using TLS, i.e. with a key shared between the serving access function and the home security function).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Muhanna, You and 


	For claim 14, the combination of Muhanna, You, Molina and Lee claim 13, wherein the computer- readable instructions are further to forward the authentication information message from the home PLMN through the AMF to the UE to complete an attach procedure (note paragraphs [0049]-[0050], authentication data response message 435 is sent by HSS to the UE through the MME to complete attach procedure).


Response to Arguments
11.	For claims 1 and 9, Applicant argues “the rejected claims are patentable over the art of record based on at least the third criterion of obviousness: none of the references alone or in combination teach, suggest, or disclose each claim limitation of the independent claims” (note Remarks, pages 14-15).
	Examiner disagrees. As shown in the rejection above, Muhanna discloses an UE authentication method that uses a public key to encrypt an IMSI (note paragraph [0047]). You discloses a UE encrypting an IMSI were the MCC and MNC of the IMSI are 
	The combination of Muhanna and You thus teaches the amended limitations of claims 1 and 9 including:
	1. an encrypted portion (paragraph [0092] of You, MSIN is encrypted using a public key)
	2. an IMSI including a mobile country code (MCC and a mobile network code (MNC) where the MCC and the MNC are unencrypted (paragraph [0092] of You, MCC and MNC are left unchanged, i.e. unencrypted, while MSIN is encrypted).

	Applicant argues “none of the references alone or in combination teach, suggest, or disclose each claim limitation of the independent claims”. However, Applicant has not provided how the amended claim limitations distinguish from the cited paragraphs of You which show the encryption of a portion of the IMSI while leaving the MCC and MNC unencrypted.
Applicant's argument fails to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.


	For claims 1 and 9, Applicant further argues, “Any combination of Muhanna and You would defeat the purpose of Muhanna to achieve an encrypted IMSI that would 
	Examiner disagrees. Applicant notes paragraphs [0036] and [0045] of Muhanna state that conventional systems are vulnerable since they use an “unencrypted IMSI”. However, Muhanna specifically states their system encrypts “UE specific information” (note Abstract, paragraphs [0005], [0047] and various others). You discloses an “encrypted IMSI” that encrypts the “UE specific information” of the MSIN. The MCC and MNC are not “UE specific information” since every UE in the country with the same network provider will have the same MCC and MNC.
	Since You discloses an IMSI encryption method that encrypts the UE specific information it would not defeat the purpose of Muhanna by combining You with the encrypted IMSI of Muhanna.

	For claims 1 and 9, Applicant further argues, “The only motivation to combine the two references would based on impermissible hindsight, as it would rely on Applicant's own disclosure” (note Remarks, page 17).
	Examiner disagrees. A teaching, suggestion or motivation is one rationale for supporting a conclusion of obviousness, but it is not the only one (note MPEP 2141 III.    RATIONALES TO SUPPORT REJECTIONS UNDER 35 U.S.C. 103). As shown in the rejection above, Examiner noted it would have been obvious to one of ordinary skill in the art to combine Muhanna and You because combining the prior art elements (encrypting the IMSI in an authentication request of Muhanna; encrypting the IMSI by encrypting the MSIN while leaving the MCC and MNC unencrypted of You) would yield 
	The rationale is not impermissible hindsight which relies on Applicant’s disclosure since it comes from the prior art teaches of Muhanna and You. Note paragraph [0094] of You discloses the unencrypted MCC and MNC used to search for the home network of the UE.
	Therefore, the Examiner has provided:
	1) a finding that the prior art included each element claimed (authentication request message with encrypted IMSI of Muhanna; encrypted IMSI with unencrypted MCC and MNC of You)
	2) a finding that one of ordinary skill in the art could have combined the elements as claimed by known methods, and that in combination, each element merely performs the same function as it does separately (authentication message of Muhanna could be sent with encrypted MSIN and unencrypted MCC and MNC of You);
	3) a finding that one of ordinary skill in the art would have recognized that the results of the combination were predictable (You discloses the use of unencrypted MCC and MNC in searching for home network and with encrypted and decrypting the UE specific MSIN; i.e. results of combination were predictable since the prior art disclosed how it would work).
	Therefore, the combination of Muhanna and You has a proper rationale for a 103 combination and discloses all the claimed limitations.

Conclusion
12.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

13.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/David J Pearson/Primary Examiner, Art Unit 2438