DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 14 is objected to because of the following informalities: Claim 14 should be dependent of claim 13 and not claim 10 as seen in claim 5, in order to be consistent. “the custom information” lacks antecedent basis if not being dependent of claim 13. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 6 recites the limitation "the hash values" in line 2.  There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites the limitation "the hash values" in line 5.  There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 8, 9, 10, 11, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Singaravelu et al. (US 20190253264, hereinafter Singaravelu), in view of Xiong et al. (US 20170054710, hereinafter Xiong), and in further view of Saint (US 9331990).

Re. claim 1, Singaravelu discloses a method, comprising: receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network (Singaravelu discloses NFV orchestrature and VIM [0121-0138] Fig. 7), a software package and a certificate request token (CRT) for a network function (Singaravelu discloses message defines the validation request for PKI certificate verification by NFVO 111 to VIM 112 [0142]. submitting VNF package [0160] Figs. 6, 7 and 10), 
wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform (Singaravelu discloses virtual network function [0036] [0113]), 
and wherein the CRT is digitally signed by the management function (Singaravelu discloses request is signed [0164-0165]),
deploying, by the VIM, the network function (Singaravelu discloses VNFs can be deployed on separate compute nodes [0017]);
providing, by the VIM, the CRT to the network function (Singaravelu discloses message defines the validation request for PKI certificate verification by VIM 112 to NFVI 113 [0143]).
Although Singaravelu discloses trust anchor platform, Singaravelu does not explicitly teach but Xiong teaches includes a network address of a trust anchor platform for the network function and a profile for the network function (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]); 
obtaining, by the network function and from the CRT, the network address of the trust anchor platform (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]);
generating, by the network function, a certificate signing request (CSR) to request a digital certificate (Xiong teaches the certificate application proxy message includes a VNF instance that requests certificate application, and certificate application information used by the VNF [0185]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu to include a network address of a trust anchor platform for the network function and a profile for the (Xiong [0006]).
Although Singaravelu-Xiong discloses CSR and CRT along with certificate of the trust anchor platform, but Singaravelu-Xiong does not explicitly teach but Saint teaches submitting, by the network function and to the trust anchor platform, the CSR and the CRT (Saint teaches sending the digital certificate request and public key [Col 9 lines 15-29]); 
and receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform (Saint teaches the registration authority decrypts the received public key Kpub[ID] 235 and the proof 245 with the proof of token key Kpt[ID] 205 retrieved from the datastore 210 and then verifies the digital signature using the received public key Kpub[ID] 235. If the two proofs 245, 250 match 255, the entity specific digital certificate request CR[ID] 225 and the public key 235 are sent to the certificate authority CA 115 for generation of an entity specific digital certificate as described above [Col 9 lines 15-29] Figs. 2C1 and 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong to include a network address of a trust anchor platform for the network function and a profile for the network function; generating, by the network function, a certificate signing request (CSR) to request a digital certificate as disclosed by Saint. One of ordinary skill in the art would have been motivated to verify the entity and preventing unauthorized injection of private keys (Saint [Col 1 lines 15-49]).

Re. claim 2, Singaravelu-Xiong-Saint teaches the method of claim 1, further comprising: obtaining, by the management function, a software package for the network function (Singaravelu discloses submitting VNF package [0160]); verifying, by the management function, the authenticity of (NFV system verifies the VNF packages [0178]); generating, by the management function, the CRT (message defines the validation request for PKI certificate verification by NFVO 111 to VIM 112 [0142]); and sending, by the management function and to the VIM, the software package and the CRT (message defines the validation request for PKI certificate verification by NFVO 111 to VIM 112 [0142]).

Re. claim 8, Singaravelu-Xiong-Saint teaches the method of claim 1, Although Singaravelu-Xiong discloses CRT along with certificate of the trust anchor platform, but Singaravelu-Xiong does not explicitly teach but Saint teaches further comprising: validating the CRT by the trust anchor platform; and generating the digital certificate by the trust anchor platform after validating the CRT (Saint teaches The registration authority decrypts the received public key Kpub[ID] 235 and the proof 245 with the proof of token key Kpt[ID] 205 retrieved from the datastore 210 and then verifies the digital signature using the received public key Kpub[ID] 235. If the two proofs 245, 250 match 255, the entity specific digital certificate request CR[ID] 225 and the public key 235 are sent to the certificate authority CA 115 for generation of an entity specific digital certificate as described above [Col 9 lines 15-29] Figs. 2C1 and 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong to include validating the CRT by the trust anchor platform; and generating the digital certificate by the trust anchor platform after validating the CRT as disclosed by Saint. One of ordinary skill in the art would have been motivated to verify the entity and preventing unauthorized injection of private keys (Saint [Col 1 lines 15-49]).

(Singaravelu discloses PKI certificate systems are used to provide authentication service for NFV system [0119]. The validation status of the PKI certificate from secure storage [0154]).

Re. claim 10, Singaravelu discloses a system, comprising: a first network device including a first memory storing first instructions and a first processor configured to execute the first instructions for a virtualization infrastructure manager (VIM) of a virtualized platform to (Singaravelu discloses separate compute nodes [0017]. A secure storage (memory) [0082] and a central control (processor) [0003]): receive, from a management function of a core network, a software package and a certificate request token (CRT) for a network function (Singaravelu discloses NFV orchestrature and VIM [0121-0138]. Message defines the validation request for PKI certificate verification by NFVO 111 to VIM 112 [0142]. submitting VNF package [0160] Figs. 6, 7 and 10), 
wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform platform (Singaravelu discloses virtual network function [0036] [0113]), 
and wherein the CRT is digitally signed by the management function (Singaravelu discloses request is signed [0164-0165]),
deploy the network function (Singaravelu discloses VNFs can be deployed on separate compute nodes [0017]), 
and provide the CRT to the network function (Singaravelu discloses message defines the validation request for PKI certificate verification by VIM 112 to NFVI 113 [0143]).
Although Singaravelu discloses trust anchor platform, Singaravelu does not explicitly teach but Xiong teaches includes a network address of a trust anchor platform for the network function and a (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]), and a second network device including a second memory storing second instructions and a second processor configured to execute the second instructions for the network function of the virtualized platform to (Xiong teaches a device (second device) [0064] a processor [0065]. ROM [0342]): obtain, from the CRT, the network address of the trust anchor platform (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]), generate a certificate signing request (CSR) to request a digital certificate (Xiong teaches the certificate application proxy message includes a VNF instance that requests certificate application, and certificate application information used by the VNF [0185]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu to include a network address of a trust anchor platform for the network function and a profile for the network function; generating, by the network function, a certificate signing request (CSR) to request a digital certificate as disclosed by Xiong. One of ordinary skill in the art would have been motivated to authenticate both parties for preventing malicious user from attacking a network. (Xiong [0006]).
Although Singaravelu-Xiong discloses CSR and CRT along with certificate of the trust anchor platform, but Singaravelu-Xiong does not explicitly teach but Saint teaches submit, to the trust anchor platform, the CSR and the CRT (Saint teaches sending the digital certificate request and public key [Col 9 lines 15-29]), and receive, based on validation of the CSR and CRT, a digital certificate from the trust anchor platform (Saint teaches the registration authority decrypts the received public key Kpub[ID] 235 and the proof 245 with the proof of token key Kpt[ID] 205 retrieved from the datastore 210 and then verifies the digital signature using the received public key Kpub[ID] 235. If the two proofs 245, 250 match 255, the entity specific digital certificate request CR[ID] 225 and the public key 235 are sent to the certificate authority CA 115 for generation of an entity specific digital certificate as described above [Col 9 lines 15-29] Figs. 2C1 and 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong to include a network address of a trust anchor platform for the network function and a profile for the network function; generating, by the network function, a certificate signing request (CSR) to request a digital certificate as disclosed by Saint. One of ordinary skill in the art would have been motivated to verify the entity and preventing unauthorized injection of private keys (Saint [Col 1 lines 15-49]).

Re. claim 11, rejection of claim 10 is included and claim 11 is rejected with the same rationale as applied against claim 2 above. 

Re. claim 17, rejection of claim 10 is included and claim 17 is rejected with the same rationale as applied against claim 8 above. 

Re. claim 18, Singaravelu discloses the limitation of receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network, a software package and a certificate request token (CRT) for a network function (Singaravelu discloses NFV orchestrature and VIM [0121-0138]. Message defines the validation request for PKI certificate verification by NFVO 111 to VIM 112 [0142]. submitting VNF package [0160] Figs. 6, 7 and 10), wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform(Singaravelu discloses virtual network function [0036] [0113]), deploying, by the VIM, the network function Singaravelu discloses VNFs can be deployed on separate compute nodes [0017]); providing, by the VIM, the CRT to the network function (Singaravelu discloses message defines the validation request for PKI certificate verification by VIM 112 to NFVI 113 [0143]).
Although Singaravelu discloses trust anchor platform, Singaravelu does not explicitly teach but Xiong teaches non-transitory computer-readable medium containing instructions executable by at least one processor, the computer-readable medium comprising one or more instructions for (Xiong teaches hese computer program instructions may also be stored in a computer readable memory that can instruct the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory [0344]): wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function and a profile for the network function (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]); obtaining, by the network function and from the CRT, the network address of the trust anchor platform (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]); generating, by the network function, a certificate signing request (CSR) to request a digital certificate (Xiong teaches the initialization parameter includes CA information and a domain name of a certificate management domain [0193]), generate a certificate signing request (CSR) to request a digital certificate (Xiong teaches the certificate application proxy message includes a VNF instance that requests certificate application, and certificate application information used by the VNF [0185]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu to include a network address of a trust anchor platform for the network function and a profile for the network function; generating, by the network function, a certificate signing request (CSR) to request a (Xiong [0006]).
Although Singaravelu-Xiong discloses CSR and CRT along with certificate of the trust anchor platform, but Singaravelu-Xiong does not explicitly teach but Saint teaches submitting, by the network function and to the trust anchor platform, the CSR and the CRT (Saint teaches sending the digital certificate request and public key [Col 9 lines 15-29]); and receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform (Saint teaches the registration authority decrypts the received public key Kpub[ID] 235 and the proof 245 with the proof of token key Kpt[ID] 205 retrieved from the datastore 210 and then verifies the digital signature using the received public key Kpub[ID] 235. If the two proofs 245, 250 match 255, the entity specific digital certificate request CR[ID] 225 and the public key 235 are sent to the certificate authority CA 115 for generation of an entity specific digital certificate as described above [Col 9 lines 15-29] Figs. 2C1 and 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong to include a network address of a trust anchor platform for the network function and a profile for the network function; generating, by the network function, a certificate signing request (CSR) to request a digital certificate as disclosed by Saint. One of ordinary skill in the art would have been motivated to verify the entity and preventing unauthorized injection of private keys (Saint [Col 1 lines 15-49]).

Claims 3, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Singaravelu et al. (US 20190253264, hereinafter Singaravelu), Xiong et al. (US 20170054710, hereinafter Xiong), Saint (US 9331990), and in further view of Patton et al. (US 20180227182, hereinafter Patton).

(Patton teaches VNF requesting a combination of certification and PIN [0051]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong-Saint to include binding, by the network function and prior to the submitting, the CRT to the CSR as disclosed by Patton. One of ordinary skill in the art would have been motivated to ensure that the certificate is valid and not expired (Patton [0022]).

Re. claim 12, rejection of claim 10 is included and claim 12 is rejected with the same rationale as applied against claim 3 above. 

Re. claim 19, rejection of claim 18 is included and claim 19 is rejected with the same rationale as applied against claim 3 above. 

Claims 4, 5, 13, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Singaravelu et al. (US 20190253264, hereinafter Singaravelu), Xiong et al. (US 20170054710, hereinafter Xiong), Saint (US 9331990), and in further view of Zhang et al. (US 20220052992, hereinafter Zhang).

Re. claim 4, Singaravelu-Xiong-Saint teaches the method of claim 1, Although Singaravelu-Xiong-Saint discloses CRT, Singaravelu-Xiong-Saint do not explicitly teach but Zhang teaches wherein the CRT further includes custom information particular to rights granted to the network function (Zhang  teaches the first certificate information includes an NF type of a requester of the token [0472]. Determined that the identity of the requester of the token is consistent with the identity of the second network element, forward the NF service request to a network element [0474]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong-Saint to include wherein the CRT further includes custom information particular to rights granted to the network function as disclosed by Zhang. One of ordinary skill in the art would have been motivated to determine whether an identity represented by the first certificate information is consistent with an identity of the first network element, improve security by receiving a reject message if not valid (Zhang [0036]).

Re. claim 5, Singaravelu-Xiong-Saint teaches the method of claim 4, Although Singaravelu-Xiong-Saint discloses CRT, Singaravelu-Xiong-Saint do not explicitly teach but Zhang teaches wherein the custom information includes one or more of: a type of request, a signature algorithm type, life-cycle management parameters, and a hash value based on the profile (Zhang teaches obtain a token corresponding to an NF service. The token includes first certificate information of a requester of the token. [0036]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Singaravelu-Xiong-Saint to include wherein the custom information includes one or more of: a type of request, a signature algorithm type, life-cycle management parameters, and a hash value based on the profile as disclosed by Zhang. One of ordinary skill in the art would have been motivated to determine whether an identity represented by the first certificate information is consistent with an identity of the first network element, improve security by receiving a reject message if not valid (Zhang [0036]).



Re. claim 14, rejection of claim 10 is included and claim 14 is rejected with the same rationale as applied against claim 5 above. 

Re. claim 20, rejection of claim 18 is included and claim 20 is rejected with the same rationale as applied against claim 5 above. 

Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Singaravelu et al. (US 20190253264, hereinafter Singaravelu), Xiong et al. (US 20170054710, hereinafter Xiong), Saint (US 9331990), and in further view of Ryou et al. (US 20210028923, hereinafter Ryou).

Re. claim 6, Singaravelu-Xiong-Saint-Zhang teaches the method of claim 1, Although Singaravelu-Xiong-Saint-Zhang discloses management function and network function, Singaravelu-Xiong-Saint do not explicitly teach but Ryou teaches further comprising: storing, by the management function and in a database, the hash value associated with an identifier for the network function, wherein the trust anchor platform retrieves the hash value from the database to compare to information in the CRT (Ryou teaches hash chain transmits the hash chain to the server [0082]. The Sec-EM compares the hash chain of the first VNF with a previous stored first VNF hash chain to authenticate the first VNF in step S570. That is, when the received hash chain of the first VNF is the same as the first VNF hash chain which is previously stored, the Sec-EM identifies the VNF as an authenticated VNF and when the hash chain is not the same as the first VNF hash chain, the Sec-EM may identify the VNF as a malicious VNF [0096]).
(Ryou [0005]).

Re. claim 15, rejection of claim 10 is included and claim 15 is rejected with the same rationale as applied against claim 6 above. 

Allowable Subject Matter
Claims 7 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The certificate request token includes a list that contains parameters that supersede parameters in the CSR. The digital certificate that has been verified with the CRT and CSR would have to include CAL parameters.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Feng (US 20170012968) discloses a virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential .
Sood (US 20160337329) discloses the secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496