DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/4/22 has been entered.
 
Response to Arguments
The arguments are moot in view of the new grounds of rejection necessitated by the amended claim scope.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 22-24  are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) the abstract idea of a mental process.  For example limitations:
receiving a UE ID and DNN from a session function device
determining based on the UE ID and DNN subscription data  
sending the subscription data
see  MPEP 2106.04, particularly MPEP 2106.04(a)(2) III MENTAL PROCESSES (C) A claim that requires a computer may still recite a mental process

The judicial exception is not integrated into a practical application because:
firstly, there is no clear practical application recited in the claims
secondly, the limitations in addition to those pointed out as being the abstract idea of a mental process amount to insignificant extra-solution activity which are known in the art including data gathering and selecting a particular data source see MPEP 2106.05(g)

well-understood, routine, conventional computer functions  in addition to the cited abstract idea and does not recite an inventive concept.  see  MPAP 2106.05(d)
	For example the courts have recognized the following computer functions as well understood, 
routine an conventional.
receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); but see DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258, 113 USPQ2d 1097, 1106 (Fed. Cir. 2014) ("Unlike the claims in Ultramercial, the claims at issue here specify how interactions with the Internet are manipulated to yield a desired result‐‐a result that overrides the routine and conventional sequence of events ordinarily triggered by the click of a hyperlink." (emphasis added));

storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93;

MPEP section 2106.05 I is titled THE SEARCH FOR AN INVENTIVE CONCEPT; here, the MPEP make clear that patentability does not rest on novelty or non-obviousness alone, but that there must be an inventive concept.  

Section A provides six examples of what may constitute an inventive concept; applicants claims do not include limitation corresponding to any of the items i-vi.  

Section  A also provides 4 examples of what may not constitute an inventive concept; similarly applicant's claims  do not include limitations that amount to enough to qualify as significantly more than the abstract idea itself because the limitations in addition to the abstract ideas amount to insignificant extra-solution activity, a general linking the use of the judicial exception to a particular technological environment or field of use, and well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. 


To overcome this 101 rejection, applicant should take care to include in the claim an actual inventive concept.  The claim should include a demonstration of a problem to be solved, elements for solving it,  element of solving it  including one or more inventive elements that demonstrates a novel and inventive concept for solving the problem.  The examiner prefers a claim that readily demonstrates and does not seek to diminish  the problem, the solution, how the solution is realized.  An innovative improvement over the prior art that is readily recognizable should be included in the claims.  This improvement should not require a telephone interview to be explained.  The innovative improvement should be conspicuously apparent in the written text of the claim.     see MPEP 2106.05 (I) and (II)  


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s)1, 3-5, and 21-25  are rejected under 35 U.S.C. 102(a)(1) as being anticipated by 3GPP TR 33.899 V1.0.0 (2017-03) hereinafter NPL




As to claim 1, NPL discloses a method, comprising: 
receiving, by a session management function device, pg 389:  SMF/UP-GW 
a session request  pg 389:  message 11 Service Session Request
from an access and mobility management function device, pg 389:  MMF

wherein the session request 
comprises pg 390, item 10, line 2:  The request includes
a user equipment (UE ID) pg 390, item 10, line 2:  the UE identity
and a data network name (DNN) 
pg 390, item 10, line 2:  an indication of security termination at UP-GW
in view of pg 465,   lines 3-4: the UP security should be terminated in the CN  
in further view of  section 5.1.3.2.1, line 6: Core Network (CN)
in further view of pg 192, line 1 SNID i.e. network id
identifying a name of a data network (DN) section 5.1.3.2.1, line 6: Core Network  
to be accessed by the UE:  
section 5.1.3.13.1, 10th paragraph: authentication between UE and core network

sending, pg 119, item 4
by the session management function device  pg 119, SMF
to a unified data manager device, pg 119, UDM
the UE ID and the DNN pg 119, message 3/4 UE Identity, SM-NSSAI
to obtain subscription service data pg 119, message 5  see item 5 'subscription information'
from the unified data manager device; pg 119, UDM

determining, by the session management function device pg 119, SMF
a user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
	according to pg 119 item 7 is in response to pg 119, message 5  
the subscription service data  pg 119, message 5  see item 5 'subscription information'

wherein the user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
indicates whether encryption protection section 5.1.4.8.2.2 Kup – User plane key
is required for protecting user plane data 
pg 80, KUP a user plane protection root key for the user plane protection
transmitted between pg 118 establish AS Security between the UE and NG (R ) AN
an access network (AN) device  pg 118 NG (R) AN
and the UE; pg 118 UE

sending, Figure 5.1.4.5.2.2-1  message 9
by the session management function device, Figure 5.1.4.5.2.2-1  SM
the user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
to the AN device; Figure 5.1.4.5.2.2-1  AN






receiving, Figure 5.1.4.5.2.2-1  message 9
by the AN device, Figure 5.1.4.5.2.2-1  AN
the user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
from the session management function device; 2Atty. Docket: 4747-11600 (85418107US08) Figure 5.1.4.5.2.2-1  SM

determining, pg 118  item 3, The NG (R) AN selects the algorithm
by the AN device, pg 118 NG (R) AN
a security protection algorithm pg 118  item 3, The NG (R) AN selects the algorithm
based on pg 118  item 2
the user plane security mechanism; 
pg 118 item 2 UE Security Capabilities 
in view of pg 119, message 8 security capabilities + items 7, Kup Derivation

generating, pg 118  item 3 derives
by the AN device, pg 118 NG (R) AN
a first user plane protection key pg 118  item 3 derives Kupint, Kupenc, KrrCint, and KrrCenc
based on the security protection algorithm; pg 118  item 3 selects the algorithm for key derivation 

and protecting by, pg 118 establish AS Security between the UE and NG (R ) AN
the AN device, pg 118 NG (R) AN
the user plane data pg 80, KUP a user plane protection root key for the user plane protection
between the AN device pg 118 NG (R) AN
and the UE. pg 118 UE

using the first user plane protection key pg 118  item 3 derives Kupint, Kupenc, KrrCint, and KrrCenc
and the security protection algorithm pg 118  item 3, The NG (R) AN selects the algorithm

when the user plane security mechanism 
pg 118 item 2 UE Security Capabilities 
in view of pg 119, message 8 security capabilities + items 7, Kup Derivation
indicates that the AN device pg 118 NG (R) AN
is to respectively perform   encryption protection   5.1.4.8.2.2 Kup – User plane key
on the user plane data pg 80, KUP a user plane protection root key for the user plane protection
between the AN device pg 116 NG (R) AN
and the UE. pg 116 UE 

As to claim 3, NPL discloses   
sending, pg 118 item 4
by the AN device, pg 118 NG (R) AN
the security protection algorithm pg 118 item 4 AS algorithm ID
to the UE, pg 118 UE

wherein the user plane data pg 80, KUP a user plane protection root key for the user plane protection
is transmitted on a data radio bearer (DRB) channel. pg 376 Step 11 DRB


As to claim 4, NPL discloses   
sending, Figure 5.1.4.5.2.2-1  message 9
by the AN device, Figure 5.1.4.5.2.2-1  AN
 the user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
from Figure 5.1.4.5.2.2-1  message 9
to the UE Figure 5.1.4.5.2.2-1  UE

As to claim 5, NPL discloses   
wherein the AN devices Figure 5.1.4.5.2.2-1  AN
receives Figure 5.1.4.5.2.2-1  message 9
the user plane security mechanism 
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy  in view of  Figure 5.1.4.5.2.2-1  step 8
from Figure 5.1.4.5.2.2-1  message 9
the session management function device  Figure 5.1.4.5.2.2-1  SM

during establishment of a session section 5.1.4.5.2.1 establishment of UE session
between Figure 5.1.4.5.2.2-1  Session Protection
the AN device Figure 5.1.4.5.2.2-1  AN
and the UE. Figure 5.1.4.5.2.2-1  UE 
As to claim 21, NPL discloses   
receiving, pg 119, item 4
by the unified data manager device, pg 119, UDM
the UE ID  pg 119, message 3/4 UE Identity
and the DNN 
pg 390, item 10, line 2:  an indication of security termination at UP-GW
in view of pg 465,   lines 3-4: the UP security should be terminated in the CN  
in further view of  section 5.1.3.2.1, line 6: Core Network (CN)
in further view of pg 192, line 1 SNID i.e. network id
from pg 119, item 4
the session management function device; pg 119, SMF

determining, by the unified data manager device pg 119, UDM
based on the UE ID pg 119, message 3/4 UE Identity
and the DNN, 
pg 390, item 10, line 2:  an indication of security termination at UP-GW
in view of pg 465,   lines 3-4: the UP security should be terminated in the CN  
in further view of  section 5.1.3.2.1, line 6: Core Network (CN)
in further view of pg 192, line 1 SNID i.e. network id
the subscription service data pg 119, message 5  see item 5 'subscription information'

from information section 5.1.4.8.2.2 K
preset on section 5.1.4.8.2.2 K - subscriber credential held in the UDM
the unified data manager device; pg 119, UDM

and sending, pg 119, message 5  see item 5 'UDM sends subscription information'
by the unified data manager device, pg 119, UDM
the subscription service data pg 119, message 5  see item 5 'subscription information'
to the session management function device. pg 119, SMF

Claim 22 is rejected on the basis previously presented in the rejection of claim 1
Claim 23 is rejected on the basis previously presented in the rejection of claim 1
Claim 24 is rejected on the basis previously presented in the rejection of claim 1
Claim 25 is rejected on the basis previously presented in the rejection of claim 1



Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim 7-9 and  16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over by Kgil et al (US 9386045 hereinafter Kgil) in view of YOUN et al (US 2019/0021043 hereinafter Youn) in further view of  NPL


Note:  In C4 39-40  Kgil discloses 'In some instances, a user device can switch role and be used as a target device'.

As to claim 7,   
Kgil discloses a key configuration method, implemented by an access network (AN) device, comprising: 
receiving Fig 3 324
an encryption protection algorithm 
	C17 19-20  AES
in view of  C17 9–15 the security policy may include an encryption rule to 
indicate which  encryption algorithm to use
	in view of C17 65 – C18 3 policy may instruct 372 to use a certain key to 
encrypt
and an integrity protection algorithm 
C17 29 – 43  DSA (digital signature algorithm)
in view of C17 29 – 43  the security policy may include a digital signature rule 
to indicate whether data being exchanged is to be signed with a certificate or not
between Fig 3 
the AN device Fig 3 372 Target Device
and a user equipment (UE);  Fig 3 302 User Device

in response to Fig 3 324 follows Fig 3 314
the AN Fig 3 372 Target Device
receiving an attach request 
Fig 3 314  
in view of  C13 55 challenge response
in further view of Applicant specification [0010] attach request used to perform 
bi-direction authentication
from the UE Fig 3 302 User Device

receiving Fig 3 324
a user plane security mechanism;  Fig 2 224 security policies
from a policy function network element Fig 2 212 in view of  Fig 3 324

wherein the user plane security mechanism Fig 2 224
indicates C17 9 – 15 the security policy may include an encryption rule
whether  at least one of encryption protection or integrity protection
C17 20-22 the encryption rule for an untrusted target device may require the 
    data being exchanged to be encrypted
is required for protecting
C17 20-22 the encryption rule for an untrusted target device may require the 
    data being exchanged to be encrypted
user plane data
C17 20-22 the encryption rule for an untrusted target device may require the 
    data being exchanged to be encrypted
transmitted 
C17 20-22 the encryption rule for an untrusted target device may require the 
    data being exchanged to be encrypted
between the AN Fig 3 372 Target Device
and the UE Fig 3 302 User Device

 
[[wherein the user plane security mechanism  is based on a name of a DN to be accessed by the UE ]]





[[generating ]]
a first user plane protection key
C8 35-42  Security policies may include rules that define which cryptographic 
    keys to use for exchanging data
based on  
C8 35-42  Security policies may include rules that define which 
cryptographic keys to use for exchanging data
in view of  C18 25-35 the additional credentials requested can be used to 
facilitate establishment of the secure communications channel 
the user plane security mechanism Fig 2 224

and protecting 
C17 65 – C18 3 policy may instruct 372 to use a certain key to encrypt
the user data between Fig 3 332
the AN device Fig 3 372 Target Device
and the UE Fig 3 302 User Device
using 
the first user plane protection key
C8 35-42  Security policies may include rules that define which cryptographic 
    keys to use for exchanging data
and the encryption protection algorithm 
C17 19-20  AES
in view of  C17 9 – 15 the security policy may include an encryption rule to 
indicate which  encryption algorithm to use

when C17 65 – C18 3 the security policy may instruct 372 to use a certain key to encrypt
the user plane security mechanism Fig 2 224
indicates that the AN device Fig 3 372 Target Device
is to perform encryption protection 
C 17 20-22 the encryption rule for an untrusted target device may require the 
data being exchanged to be encrypted
on the user plane data Fig 3 332
between 
C8 35-42  Security policies may include rules that define which cryptographic 
    keys to use for exchanging data

the AN device Fig 3 372 Target Device
and the UE. Fig 3 302 User Device

Kgil does not disclose
generating a first user plane protection key
	

Youn teaches
generating a first user plane protection key 
[0063] the MME configures or sets up a security key for messaging between UE 10 and 
MME 51
			in view of  Fig 7 S103 attach request between UE 10 and MME 51


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Kgil with Youn as elements known in the prior art combined to yield predictable results.  For example, Kgil discloses cryptographic keys to use for exchanging data in  C8 35-42  but is silent on how the keys are generated.  Youn cures Kgil' s deficiency by teaching that the MME (similar to Kgil' s Target Device 372) configures/sets up the security key, the combination thereby arriving at the claimed invention.


Neither Kgil nor Youn teach
wherein the user plane security mechanism  is based on a name of a DN to be accessed by 
the UE 
		
	NPL teaches
wherein the user plane security mechanism  
pg 119, message 8 security capabilities 
including  pg 119 item 7, Kup Derivation
and including Figure 5.1.4.5.2.2-1  security policy 
         in view of  Figure 5.1.4.5.2.2-1  step 8
is based on 
pg 119, message 3/4 UE Identity, SM-NSSAI
pg 119, message 5  see item 5 'subscription information'
pg 119 item 7 is in response to pg 119, message 5  

a name of a DN
section 5.1.3.2.1, line 6: Core Network  
in view of pg 119, message 3/4   SM-NSSAI

to be accessed by the UE 
section 5.1.3.13.1, 10th paragraph: authentication between UE and core network



Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Kgil and Youn with NPL as elements known in the prior art combined to yield predictable results.  For example, Kgil discloses  Fig 3 324 SECURITY POLICIES which are used to determine cryptographic keys as outlined in 
C17 58-67 similarly as shown in the messaging diagram of pg 119 messages 3, 4,  and 5 leading to steps 6 and 7 wherein a portion of the  user plane security mechanism  is generated; however, Kgil is silent on the use of a DN for this process.  NPL cures Kgil' s deficiency to arrive at the claimed invention.


Note:  In C4 39-40  Kgil discloses 'In some instances, a user device can switch role and be used as a target device'.
As to claim 8,   
Kgil discloses
the attach request Fig 3 314  

	the user plan data Fig 3 332
Kgil does not disclose
includes an identifier of the UE. a service capability of the UE, and a security requirement indicator, wherein the security requirement indicator indicates at least one of a UE security requirement or a service security requirement, and wherein the attach request further includes an identifier of a service supported by the UE and data network name (DNN) identifying a name of a data network (DN) to be accessed by the UE.

wherein the user plane data comprises at least one of service data flow

	Youn teaches
wherein the user plane data [0149] packet routing
comprises at least one of service data flow [0150] performs different QOS for each service flow

wherein the attach request Fig 7 S103 Attach Requestincludes [0109] inserting the information into an Attach Request
an identifier 
[0055] SIP URI  
in view of   [0055] perform communication to identify one another
in further view of  Fig 5 500 DEVICE IDENTIFIER
of the UE.  Fig 7 10 UE 





















Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Kgil with Youn as elements known in the prior art combined to yield predictable results.  For example, Kgil discloses cryptographic keys to use for exchanging data in  C8 35-42  but is silent on how the keys are generated.  Youn cures Kgil' s deficiency by teaching that the MME (similar to Kgil' s Target Device 372) configures/sets up the security key, the combination thereby arriving at the claimed invention.
As to claim 9,   
Kgil discloses wherein 
protecting C17 65 – C18 3 policy may instruct 372 to use a certain key to encrypt
the data Fig 3 332
between the AN device Fig 3 372 Target Device
 and the UE Fig 3 302 User Device
comprises: 

determining Fig 3 330
a session; 
C5 10 – 13 examples of secure communications channels may include TLS sessions or 
     SSL sessions
[[identity]]

[[and quality of service QoS flow corresponding to a session identified by the session identity]]
and548268-v3/4747-11600125Atty. Docket No. 4747-11600 (85418107US08) protecting data [[within the QoS flow]]corresponding to the session between the AN device and the UE using the encryption protection algorithm.
C17 19-20  AES
in view of  C17 65 – C18 3 policy may instruct 372 to use a certain key to encrypt
in view of C17 20-22 the encryption rule for an untrusted target device may require the 
data being exchanged to be encrypted
	[[wherein the QoS flow comprises the at lease one service data flow]]
Kgil does not disclose
session identity
quality of service QoS flow corresponding to a session identified by the session identity
the QoS flow comprises the at least one service data flow
protecting data within the QoS flow  
	Youn teaches
		a session identity [0066]  IP
that identifies [0066] IP-CAN Session
a session [0156] provide a session

quality of service QoS flow [0159] attributes of a session, e.g. QoS
corresponding to a session [0159] attributes of a session, e.g. QoS
identified by the session identity[0159] attributes of a session, e.g. QoS  in view of [0066]  IP

the QoS flow comprises the service data flow
[0040]  GBR guaranteed bandwidth QoS  vs the non-GRB best effort QoS
[0150] performs different QOS for each service flow

protecting [0160] The NAS supports session management in view of  Fig 2 51 NAS security
data [0157] data transmission
within the QoS flow  [0157] QoS  in view of  [0159] attributes of a session, e.g. QoS


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Kgil with Youn as elements known in the prior art combined to yield predictable results.  For example, Kgil discloses cryptographic keys to use for exchanging data in  C8 35-42  but is silent on how the keys are generated.  Youn cures Kgil' s deficiency by teaching that the MME (similar to Kgil' s Target Device 372) configures/sets up the security key, the combination thereby arriving at the claimed invention.


Claim 16 is rejected on the basis previously presented in the rejection of claim 7. 

As to claim 17,   
Kgil discloses wherein the instructions further cause the processor to be configured to

protect the user plane data 
C17 20-22 the encryption rule for an untrusted target device may require the data being 
exchanged to be encrypted

between the UE Fig 3 302 User Device
and the AN device Fig 3 372 Target Device

using 6Atty. Docket: 4747-11600 (85418107US08) the integrity protection algorithm 
C17 29 – 43  DSA (digital signature algorithm)
in view of C17 29 – 43  the security policy may include a digital signature rule 
to indicate whether data being exchanged is to be signed with a certificate or not

when the user plane security mechanism Fig 2 224 security policies
indicates C17 29-31 security policies may include a digital signature rule
that the UE Fig 3 302 User Device
is to perform 
C17 38-40 the data being exchanged between the user device and target is to be signed
integrity protection 
C17 29 – 43  the security policy may include a digital signature rule 
to indicate whether data being exchanged is to be signed with a certificate or not

on the data 
C17 20-22 the encryption rule for an untrusted target device may require the data being 
exchanged to be encrypted
between the UE Fig 3 302 User Device
and the AN device. Fig 3 372 Target Device 



As to claim 18,   
Kgil discloses wherein the instructions further cause the processor to be configured to:

determine a session identity; 
and protect data 
C17 20-22 the encryption rule for an untrusted target device may require the data being 
exchanged to be encrypted
corresponding to the session [[identity ]]
C5 10 – 13 examples of secure communications channels may include TLS sessions or 
     SSL sessions

between the UE Fig 3 302 User Device
and the AN device Fig 3 372 Target Device

using the encryption protection algorithm. 
C17 19-20  AES
in view of  C17 9 – 15 the security policy may include an encryption rule to indicate 
which  encryption algorithm to use

Kgil does not disclose
session identity
	Youn teaches
		a session identity [0066]  IP
that identifies [0066] IP-CAN Session
a session [0156] provide a session

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Kgil with Youn as elements known in the prior art combined to yield predictable results.  For example, Kgil discloses cryptographic keys to use for exchanging data in  C8 35-42  but is silent on how the keys are generated.  Youn cures Kgil' s deficiency by teaching that the MME (similar to Kgil' s Target Device 372) configures/sets up the security key, the combination thereby arriving at the claimed invention.


Conclusion





Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431