DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on January 05, 2022.
In the amendment dated on January 05, 2022, claim 26 has been amended, 27-28 have been canceled and all other claims are previously presented.
Claims 1-2, 5-16 and 19-26 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Peter Flanagan of registration number 58,178, on February 10, 2022.  During the telephone conference, Mr. Flanagan has agreed and authorized the examiner to further amend Claims 1-2, 5-16 and 19-26 on the amendment dated on January 05, 2022.

Claims
Replacing Claims 1-2, 5-16 and 19-26 on the amendment dated on January 05, 2022 with the following:
Claims:
1.  A method, comprising:
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the user equipment and the network element, wherein the network element comprises a gateway or an application server;
transmitting data for the application over the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the user equipment and the network element; and
receiving a response message at the user equipment from the network element through the secure data transmission path, 
wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level. 

2.  The method according to claim 1, wherein the application is a machine-to-machine application.

	3-4.  	(Cancelled)  


6.  The method according to claim 5, wherein the tunnel is a generic routing encapsulation tunnel or a general packet radio service tunneling protocol tunnel. 

7.  
A method, comprising:
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the user equipment and the network element, wherein the network element comprises a gateway or an application server;
deriving credentials for establishing the secure data transmission path from a universal integrated circuit card in the user equipment;
transmitting data for the application over the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the user equipment and the network element; and
receiving a response message at the user equipment from the network element through the secure data transmission path.



	9.  The method according to claim 1, wherein the user equipment transmits the data over the pre-configured radio bearer when the user equipment initially registers with a network.

	10.  The method according to claim 1, further comprising:
receiving an identification of the network element from a network entity.

11.  The method according to claim 1, wherein the data includes a security token.

12.  The method according to claim 11, wherein the security token is transmitted over the pre-configured radio bearer from the user equipment to the access node. 
	
13.  The method according to claim 11, further comprising:
receiving the security token at the user equipment from a network entity.

14.  The method according to claim 11, wherein the security token is valid for a predetermined period of time.

	15.  A method, comprising:

receiving data for the application through the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the network element and the user equipment; and
transmitting the data from the network element to a destination server, 
wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level.

16.  The method according to claim 15, wherein the application is a machine-to-machine application.

17-18 		(Cancelled)  

19.  The method according to claim 15, wherein the secure data transmission path comprises a tunnel established between the network element and the access node.


21.  The method according to claim 15, wherein an address of the application server is included in the data.

22.  
A method, comprising:
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the network element and the user equipment, wherein the network element comprises a gateway or an application server; 
receiving data for the application through the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the network element and the user equipment; and
transmitting the data from the network element to a destination server
receiving credentials for establishing a secure data transmission path from a control plane node, wherein the credentials for establishing the secure data transmission path are derived from a universal integrated circuit card in the user equipment. 
 


24.  The method according to claim 23, comprising:
	wherein the security token is used in the establishing a tunnel between the access node and the network element.
	
25.  An apparatus, comprising:
at least one processor; and 
at least one memory including computer program code,
wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to perform a process comprising:
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the user equipment and the network element, wherein the network element comprises a gateway or an application server;
transmitting data for the application over the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the user equipment and the network element; and
, 
wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level.

26.  A computer program product embodied on a non-transitory computer-readable medium, said medium encoding instructions that, when executed in hardware, perform a process, the process comprising: 
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the user equipment and the network element, wherein the network element comprises a gateway or an application server;
transmitting data for the application over the secure data transmission path using a pre-configured radio bearer, wherein the radio bearer is pre-configured for data transmission between the user equipment and an access node located between the user equipment and the network element; and
receiving a response message at the user equipment from the network element through the secure data transmission path, 
wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level.

27-28.  	(Cancelled).

Allowable Subject Matter
Claims 1-2, 5-16 and 19-26 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented in the amendment dated on January 05, 2022 and the examiner’s amendment dated on February 15, 2022.
Specifically, the independent claim 1 now recites limitations as follows
“A method, comprising:
establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to transmit data between the user equipment and the network element, wherein the network element comprises a gateway or an application server;

receiving a response message at the user equipment from the network element through the secure data transmission path, 
wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level”. 

The cited reference Truchan et al. (US PGPUB. # US 2019/0116031) discloses, a secure transmission path to transfer data between a user equipment and a network equipment. In particularly Truchan discloses, FIG. 1 is a network signaling diagram that illustrates the reduced signaling burden during a UE's transition from an idle state to a connected state as provided under the SDFP optimization. FIG. 1 illustrates the 3GPP sequence flow (TR 23.887) for this scheme, showing the interaction between an Evolved Node B (“eNodeB” or “eNB”) 10, a UE 12 that is being served by the eNB 10, a Serving Gateway (SGW) 14, and a Packet Gateway (PGW) 16. In the embodiment illustrated in FIG. 1, the SGW 14 and the PGW 16 are already communicating via a S5/S8 tunnel 100. The UE 12 sends to the eNB 10 a random access preamble 102), and the eNB 10 responds to the UE 12 with a random access response (message 104). The UE 12 sends to the eNB 10 a Radio Resource Control (RRC) Connection Request (message 106), which includes a System Architecture Evolution (SAE) Temporary Mobile Subscriber Identity (S-TMSI), and a small data indicator. The eNB 10 responds by sending to the UE 12 a RRC Connection Setup (message 108). The UE 12 responds by sending to the eNB 10 an RRC Connection Setup Complete (message 110). In this manner, a Data Radio Bearer (DRB) channel 112 is established between the eNB 10 and the UE 12. (Fig. 1(100, 112,110), ¶4). The UE 12 then sends to the eNB 10 an IP packet and SGW Bearer Resource Identifier (ID) (message 114). The eNB 10 establishes an S1 Tunnel 116 to the SGW 14 over the identified SGW bearer resource. In the example illustrated in FIG. 1, the eNB 10 sends a General Packet Radio Service (GPRS) Tunneling Protocol—User plane (GTP-U) message 118 to SGW 14 via the S1 Tunnel 116. The GTP-U message 118 includes an IP packet and a Fully Qualified Tunnel Endpoint Identifier (F-TEID). The SGW 14 sends a GTP-U IP Packet (message 120) to the PGW 16 via the S5/S8 Tunnel 100. The PGW 16, which forwards the message as an IP packet (message 122) to its destination. (Fig. 1(114, 120), ¶5). Truchan discloses a gateway in the network element and transmit data over a pre-configured radio bearer. The radio bearer is pre-configured and located between the user equipment and the network element. (Fig. 1, ¶4-¶5)
The reference by Song et al. (US PGPUB. # US 2013/0201924) discloses, some applications using machine-to-machine (M2M) communications, a very large number of UEs (e.g., mobile devices) may have to be connected to the wireless network with each UE generating data traffic with a fairly low duty cycle. One skilled in the art would understand that an example of a UE, such as an M2M device (or machine-type communication (MTC) device) is a mobile device. In some embodiments, mobile devices used for M2M applications are known as M2M devices. Examples for such applications include smart meters, building monitoring and safety systems, smart vending machines, eHealth for disease management, remote monitoring of industrial machines or installations or M2M applications that rely on battery powered mobile devices without frequent recharging. Mobile devices using M2M generally only exchange small data packets while a wireless connection is established. However, if a large number of such M2M devices make connections, the aggregate load on the wireless network may become significant even for small data transmissions. Minimizing overhead for each individual connection, therefore, may reduce the aggregate load on the wireless network. FIG. 3 illustrates a prior art call flow S300 for evolved packet system (EPS) bearer small data transmission. With reference to FIGS. 1-3, at step 1, a user equipment (UE) 310 (which, for instance, may be similar to or include one or components of the UE 201 and/or the UEs 296A-296J) sends a radio resource control (RRC) (Fig. 3, ¶27-¶28).
The reference by Bachmann et al. (US PGPUB. # US 2011/0261787) discloses, when the mobile node attaches to its HPLMN (or to any other PLMN), the serving PDN-GW 203 therein will assign an IP address to the mobile node that is used by the mobile node for IP communication (303). When having established IP connectivity to the access network, or rather to the PLMN, the mobile node may look up a trusted packet data gateway, an ePDG 302 that is reachable in the PLMN using the white list and black list. For this purpose, the mobile node selects one of the APNs in the white list for which an ePDG is indicted as reachable (here, APN: IMS). In case the ePDG's external IP address is not known from the white list or black list, the mobile node could use a DNS service to resolve a reachable ePDG's external IP address. In this connection the external IP address denotes the ePDG's IP address reachable from a PON matching the selected APN. In the example of FIG. 3, the external IP address of the ePDG is the IP address configured on its interface reachable from PDN #2 (APN: IMS). If there is a reachable ePDG 302 that can be identified by the mobile node, the mobile node tries to pre-establish (304) a secure tunnel (Fig. 3, ¶70-¶71).
Ching-Yu Liao (US PGPUB. # US 2013/0080597) discloses, a method of handling small data transmission for a core network is disclosed, wherein the core network comprises a data base, a network gateway node and a network control node. The method comprises the network gateway node receiving a service request message from a machine-type communication (MTC) server, wherein information of the service request message is eligible for the small data transmission between a mobile device and the network gateway node; and the network gateway node including a small data transmission indicator in the service request message, wherein the small data transmission indicator indicates the small data transmission. (Abstract)
Jain et al. (US PGPUB. # US 2014/0254490) discloses, configurations for transmitting small data payloads such as, for example, Machine Type Communication (MTC) data in a wireless communication network. A system may include features to implement an interworking function (IWF) to receive, from a machine type communication (MTC) server, a trigger to send a data payload, which is smaller than a preconfigured threshold, to a user equipment (UE) over a wireless communication network, and send, over a first reference point to a first module including a Mobility Management Entity (MME) or a Serving GPRS (General Packet Radio Service) Support Node (SGSN) or a second reference point to a second module including a Home Location Register (HLR) or a Home Subscriber Server (HSS), the data payload and a request to forward the data payload to the UE. (Abstract)
Chandramouli et al. (US PGPUB. # US 2014/0219182) discloses, a method can include preparing an attach request to be sent to a network element, wherein the attach request includes an indication of a device trigger capability of a user equipment. The method can also include activating the user equipment in response to a received device trigger. (Abstract)
Griot et al. (US PGPUB. # US 2015/0281966) discloses, it can be determined that credentials have not been configured for accessing a network. In this case, a provisioning server supported by the network for obtaining credentials is selected, and a request to establish a connection (Abstract)
Palanisamy et al. (US PGPUB. # US 2018/0152984) discloses, the standards organization 3GPP is exploring new small data delivery techniques for machine-type communications (MTC). It is recognized herein that existing approaches leave the "small data" decision to the service capability server (SCS) for downlink data and to the user equipment (UE) for uplink data. A user equipment (UE) or the core network can identify the services (or flows) that should be characterized as Small Data, and can make decisions as to when to employ optimized Small Data procedures. (Abstract)
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “….wherein the secure data transmission path comprises a secure tunnel between the user equipment and the network element, and
wherein the security tunnel provides at least confidentiality or integrity protection on internet protocol (IP) level”, in combination with the rest of the limitations recited in the independent claim(s) for claim 1.
“…..establishing, after registration of an application with a network element, a secure data transmission path for the application based on a trigger from the application or a user equipment, based on a policy, or based on a need of the application, wherein the secure data transmission path is used to 
deriving credentials for establishing the secure data transmission path from a universal integrated circuit card in the user equipment”, in combination with the rest of the limitations recited in the independent claim(s) for claim 7.
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 7 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 15 is also a method claim of above method claim 1 and Claim 25 is an apparatus claim of above method claim 1, and Claim 26 is computer program product embodied on a non-transitory computer-readable medium of above method claim 1and therefore, they are also allowed.
Claim 22 is also a method Claim of above method Claim 7 and therefore it is also allowed.
Claims 2, 5-6 and 8-14 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 16, 19-21 and 23-24depend on the allowed claim 15, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498