DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/4/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 8-9, 12, 15-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha et al (PGPUB 2017/0244705), and further in view of Wang et al (PGPUB 2019/0149990).

Regarding Claim 8:
(paragraph 38-39, processor, memory storing instructions): 
receive, at a network node associated with a first network from a User Equipment (UE), a initiate request comprising a key name associated with a previously-authenticated session of the UE at a second network (abstract, method of establishing a connection with a core network supporting a plurality of access networks through a first network, and reusing authentication and/or allocated resource information for a second network; paragraph 76-78, UE requests service to 5G base station (5GBS) (i.e. “second network”) and is identified using GUTI and assigned tunnel endpoint identifier (TEID); universal control entity (UCE) manages session creation and transfers ID information to CGW; paragraph 81-84, UE makes request to WiFi base station (WiFiBS) (i.e. “first network”) to create session using GUTI (i.e. “key name”); WiFiBS includes GUTI included in request and MAC of UE in session creation request message and transmits to UCE), the first network comprising one of a 5G network or a Wi-Fi network and the second network comprising a different one of the 5G network or the Wi-Fi network (paragraph 70, 76-78, network connection through 5GBS; paragraph 81-84, network connection through WiFiBS; paragraph 93, during a handover between different access networks, it is possible to minimize a delay occurring due to re-authentication and continue a session which has been underway before the handover without changing an address; further, even when access networks differ from each other, it is possible to reuse authentication information for a previous access network without additional authentication); 
send the initiate request with the key name to an authentication server associated with the first network and the second network (paragraph 82-83, WiFiBS transmits session creation request to UCE including GUTI; paragraph 63-65, UCE includes authentication manager and resource manager; authentication manager generates and transmits temporary identifier to UE when UE requests signaling connection through first access network; when session creation request including temporary ID is received from UE through second access network, authentication manager authenticates UE using temporary ID; temporary ID may be GUTI); 
receive, from the authentication server, key information (paragraph 66, when the UE requests the signaling connection through the first access, the authentication manager exchanges index information of a cipher key with the UE and transfers the index information of the cipher key exchanged with the UE to the second access network (i.e. “first network” as claimed); when the UE uses the data service through the second access network after the signaling connection is established, data is ciphered by reusing the index information of the cipher key in a section between the UE and the second access network); and 
authenticate a session between the UE and the first network based on a session key generated by the UE and associated with the key name (paragraph 70, 71, UCE transmits information for UE to generate authentication key; index information shared between UCE and UE allows UE to cipher information using cipher keys shared between UCE and UE using index information).
	Ha does not explicitly teach wherein the initiate request is a re-authentication initiate request;
	receiving, from the authentication server, a re-authentication master session key (MSK) associated with the previously-authenticated session of the UE authenticated for the second network based on the key name and integrity protected message; and
	authenticating the session based on the session key and the integrity protected message.
	However, Wang teaches the concept wherein an initiate request is a re-authentication initiate request (paragraph 89, Fast re-authentication procedure; paragraph 116, network authentication entity receives request from UE and determines whether request is for authentication or fast re-authentication);
(paragraph 122, network authentication entity continues with Fast Re-authentication procedure; if authentication is successful, network authentication entity creates Master Session Key and includes in security context; security context saved in database of network authentication entity; paragraph 121, network authentication entity transmits the keys or keys further derived from the security context to the network entities such as Wi-Fi AP or base station defined by 3GPP; the security context may be transmitted at step 1060 together with the Master Session Key to be generated in step 1055) associated with a previously-authenticated session of a UE authenticated for a second network based on a key name and integrity protected message (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; the second part pertains to a second access technology in the UE obtaining part of the security context established through the first access technology to authenticate with the core network; paragraph 114, communication device 2 generates and transmits a response containing the Fast Re-authentication ID, secret key and counter; paragraph 119-120, the network authentication entity initiates Fast Re-authentication procedure from a UE by first determining whether the message contains a flag on the origin of the Fast Re-authentication ID; the network authentication entity then determines the origin of the Fast Re-authentication ID; if the flag indicates that the origin of Fast Re-authentication ID belongs to communication device, then the network authentication entity proceeds to step 1045 to simply update a communication context such as the counter in the security context; if the flag indicates that the origin of the Fast Re-authentication ID does not belong to the communication device, the network authentication entity proceeds to step 1050; therefore, as “Fast Re-authentication ID” determines a security context, it can be considered a “key name”; paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)); and
	authenticating a session based on a session key and the integrity protected message (paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the fast re-authentication initiation teachings of Wang with the reusing authentication information of a first network for a second network teachings of Ha, in order to create a system with the benefit that communication devices in a UE can share security context to authenticate with the core network, which reduces the steps for a UE to authenticate with the core network when one of the communication devices has previously performed a full authentication with the core network, and with the further advantage that the authentication process is improved as the number of interactions is required between the UE and core network is substantially reduced (Wang, paragraph 8).

Regarding Claim 9:
Ha in view of Wang teaches the non-transitory computer-readable storage medium of claim 8.  In addition Wang teaches wherein, prior to receiving the re-authentication initiate request, the UE was authenticated for the second network to yield the previously-authenticated session between the UE and a second network node associated with the second network (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; paragraph 105, communication device 1 authenticates with core network to obtain security context; security context includes Fast Re-authentication ID; paragraph 106, communication device 1 saves Fast Re-authenticaiton ID), the UE being authenticated based on the key name (paragraph 108, communication device 2 uses Fast Re-authentication ID to authenticate with core network).
The rationale to combine Ha and Wang is the same as provided for claim 8 due to the overlapping subject matter between claims 8 and 9.

Regarding Claim 12:
Ha in view of Wang teaches the non-transitory computer-readable storage medium of claim 8.  In addition, Wang teaches wherein the first network and the second network share an administrative domain or belong to a same enterprise (paragraph 4, trusted Wi-Fi access refers to the case where the Access Point for the user equipment to connect to is deployed by the 3GPP cellular network telecommunications operator themselves, i.e. “belong to the same enterprise”).
The rationale to combine Ha and Wang is the same as provided for claim 8 due to the overlapping subject matter between claims 8 and 12.

Regarding Claims 1, 5:
	These are the computer-implemented method claims corresponding to the non-transitory computer-readable storage medium of claims 8, 12, respectively, and are therefore rejected for corresponding reasons.

Regarding Claim 2:
Ha in view of Wang teaches the computer-implemented method of claim 1.  In addition, Wang teaches wherein, prior to receiving the re-authentication initiate request, the UE was authenticated for the second network to yield the previously-authenticated session between the UE and a second network (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; paragraph 105, communication device 1 authenticates with core network to obtain security context; security context includes Fast Re-authentication ID; paragraph 106, communication device 1 saves Fast Re-authentication ID), the UE being authenticated based on the key name and the integrity protected message (paragraph 108, communication device 2 uses Fast Re-authentication ID to authenticate with core network; paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)).
The rationale to combine Ha and Wang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.

Regarding Claim 15:
Ha teaches a system, comprising: 
one or more processors (paragraph 38-39, processor, memory storing instructions); and 
memory including instructions that, when executed by the one or more processors, cause the one or more processors to (paragraph 38-39, processor, memory storing instructions): 
store, at an authentication server, a key name, the key name associated with a successful authentication of a user equipment (UE) for a first network to yield an authenticated session between the UE and a first network node, the first network comprising a 5G network or a Wi-Fi network (abstract, method of establishing a connection with a core network supporting a plurality of access networks through a first network, and reusing authentication and/or allocated resource information for a second network; paragraph 76-78, UE requests service to 5G base station (5GBS) (i.e. “second network”) and is identified using GUTI and assigned tunnel endpoint identifier (TEID); universal control entity (UCE) manages session creation and transfers ID information to CGW; paragraph 81-84, UE makes request to WiFi base station (WiFiBS) (i.e. “first network”) to create session using GUTI (i.e. “key name”); WiFiBS includes GUTI included in request and MAC of UE in session creation request message and transmits to UCE); 
receive, from a second network node associated with a second network, an initiate message comprising the key name, the initiate message requesting authentication of the UE for the second network based on the key name, the second network comprising a different one of the 5G network or the Wi-Fi network (paragraph 82-83, WiFiBS transmits session creation request to UCE including GUTI; paragraph 63-65, UCE includes authentication manager and resource manager; authentication manager generates and transmits temporary identifier to UE when UE requests signaling connection through first access network; when session creation request including temporary ID is received from UE through second access network, authentication manager authenticates UE using temporary ID; temporary ID may be GUTI); and 
authenticate the second network node based on the key name, wherein authenticating the second network node comprises reusing a security context from the successful authentication of the UE for the first network for a handover from the first network to the second network (paragraph 70, 71, UCE transmits information for UE to generate authentication key; index information shared between UCE and UE allows UE to cipher information using cipher keys shared between UCE and UE using index information; paragraph 93, during a handover between different access networks, it is possible to minimize a delay occurring due to re-authentication and continue a session which has been underway before the handover without changing an address; further, even when access networks differ from each other, it is possible to reuse authentication information for a previous access network without additional authentication).

wherein the initiate message is a re-authentication initiate message comprising an integrity protected message.
However, Wang teaches the concept of storing, at an authentication server, a security context (paragraph 118, network authentication entity generates a security context including Fast Re-authentication ID, and saves a copy of the security context in a database of the network authentication entity); and
wherein an initiate message is a re-authentication initiate message comprising an integrity protected message (paragraph 89, Fast re-authentication procedure; paragraph 116, network authentication entity receives request from UE and determines whether request is for authentication or fast re-authentication; paragraph 31, re-authentication request message comprises message authentication code (MAC)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine to combine the fast re-authentication initiation teachings of Wang with the reusing authentication information of a first network for a second network teachings of Ha, in order to create a system with the benefit that communication devices in a UE can share security context to authenticate with the core network, which reduces the steps for a UE to authenticate with the core network when one of the communication devices has previously performed a full authentication with the core network, and with the further advantage that the authentication process is improved as the number of interactions is required between the UE and core network is substantially reduced (Wang, paragraph 8).

Regarding Claim 16:
(paragraph 93, handover between different access networks; paragraph 47, access networks includes 5G base station and WiFi base station; networks can be seen as interchangeable; therefore, the first network is either of Wi-Fi or 5G, and vice-versa).

Regarding Claim 17:
Ha in view of Wang teaches the system of claim 15.  In addition, Ha teaches wherein the first network is the 5G network and the second network is the Wi-Fi network (paragraph 93, handover between different access networks; paragraph 47, access networks includes 5G base station and WiFi base station; networks can be seen as interchangeable; therefore, the first network is either of Wi-Fi or 5G, and vice-versa).

Regarding Claim 18:
Ha in view of Wang teaches the system of claim 15.  In addition, Wang teaches wherein the first network and the second network share an administrative domain or belong to a same enterprise (paragraph 4, trusted Wi-Fi access refers to the case where the Access Point for the user equipment to connect to is deployed by the 3GPP cellular network telecommunications operator themselves, i.e. “belong to the same enterprise”).
The rationale to combine Ha and Wang is the same as provided for claim 15 due to the overlapping subject matter between claims 15 and 18. 

Claims 3-4, 10-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang, and further in view of Bhandaru et al (PGPUB 2018/0115424).

Regarding Claim 10:
Ha in view of Wang teaches the non-transitory computer-readable storage medium of claim 8.
Neither Ha nor Wang explicitly teaches wherein instructions to authenticate the session further comprising instructions to: 
send, by the network node, a response to the UE that the network node has the re- authentication MSK; 
generate, by the network node, a first temporal key and receiving a generated second temporal key from the UE; and 
confirm the first temporal key and second temporal key match.
However, Bhandaru teaches the concept of sending, by a network node, a response to a UE that the network node has the re-authentication MSK (paragraph 49-50, EAP-RP frame sent to AP which is to be sent to serer; AP sends EAP-RP frame to server and receives EAP-RP secret key (e.g. master session key); paragraph 52, AP derives key, e.g. pairwise transient key (PTK) using EAP-RP secret key (i.e. MSK); paragraph 53, AP generates key confirmation element of an AP that includes key authorization field generated using derived key; paragraph 54, AP transmits second frame including key confirmation element to electronic device STA; paragraph 58, STA performs key confirmation by comparing key authorization field with key authorization verifier constructed by STA);
generating, by the network node, a first temporal key and receiving a generated second temporal key from the UE (paragraph 57, STA derives pairwise transient key PTK; paragraph 60, STA generates key confirmation element of STA that includes key authorization field based on derived key; key authorization field can be considered second temporal key; paragraph 61, STA transmits the third frame including key confirmation element to AP; paragraph 64, AP constructs key authorization verifier using same elements as STA); and
(paragraph 64, if key authorization field received from STA matches key authorization verifier constructed by AP, key confirmation is successfully performed).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the verifying the temporal keys teachings of Bhandaru with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, in order to provide cryptographic verification between a sending and receiving device that both devices were authentic and in possession of the same keys based on cryptographically secure methods such as use of elements signed or generated using the corresponding keys.

Regarding Claim 11:
Ha in view of Wang and Bhandaru teaches the non-transitory computer-readable storage medium of claim 10.  In addition, Bhandaru teaches wherein the first temporal key and the generated second temporal key are independently generated based on the session key (paragraph 57, STA derives pairwise transient key PTK; paragraph 60, STA generates key confirmation element of STA that includes key authorization field based on derived key; key authorization field can be considered second temporal key; paragraph 61, STA transmits the third frame including key confirmation element to AP; paragraph 64, AP constructs key authorization verifier using same elements as STA).
The rationale to combine Ha and Bhandaru is the same as provided for claim 10 due to the overlapping subject matter between claims 10 and 11.

Regarding Claims 3-4:
.

Claims 6, 13, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang, and further in view of Wifvesson (PGPUB 2020/0059783).

Regarding Claim 13:
Ha in view of Wang teaches the non-transitory computer-readable storage medium of claim 8.
Neither Ha nor Wang explicitly teaches wherein the re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request.
However, Wifvesson teaches wherein a re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request (paragraph 15, RFC 6696 specifies EAP extension for EAP re-authentication protocol (ERP); paragraph 83, wireless terminal UE includes UE capability indication for support of ERP in a 5G Attach Request message).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine ERP support teachings of Wifvesson with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, in order to support the EAP re-authentication protocol as specified in RFC 6696 in a 5G authentication system, thereby providing the benefit of faster re-authentication, as per Wifvesson paragraph 16.

Regarding Claim 6:


Regarding Claim 19:
Ha in view of Wang teaches the system of claim 15.
Neither Ha nor Wang explicitly teaches wherein the re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request.
However, Wifvesson teaches wherein a re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request (paragraph 15, RFC 6696 specifies EAP extension for EAP re-authentication protocol (ERP); paragraph 83, wireless terminal UE includes UE capability indication for support of ERP in a 5G Attach Request message).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine ERP support teachings of Wifvesson with the reusing authentication information of a first network for a second network teachings of Ha, in order to support the EAP re-authentication protocol as specified in RFC 6696 in a 5G authentication system, thereby providing the benefit of faster re-authentication, as per Wifvesson paragraph 16.

Claims 7, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang, and further in view of Lee et al (PGPUB 2016/0134610).

Regarding Claim 14:

Neither Ha nor Wang nor Wifvesson explicitly teaches wherein the EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS).
However, Lee teaches the concept wherein an EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS) (paragraph 46, wireless station includes re-authentication component; in some examples, re-authentication may include EAP re-authentication; paragraph 47, key hierarchy is EAP-RP hierarchy; paragraph 48, root key of the key hierarchy includes extended master session key; EMSK named using EAP Session-ID based on method being used, e.g. EAP-TLS).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the EAP-TLS support teachings of Lee with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang and Wifvesson, in order to improve the security of the EAP-RP process by incorporating the well-known cryptographic security features which are part of Transport Level Security (TLS), including robust transport encryption thereby ensuring confidentiality.

Regarding Claim 7:
	This is the computer-implemented method claim corresponding to the non-transitory computer-readable storage medium of claim 14, and is therefore rejected for corresponding reasons.

Regarding Claim 20:

Neither Ha nor Wang nor Wifvesson explicitly teaches wherein the EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS).
However, Lee teaches the concept wherein an EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS) (paragraph 46, wireless station includes re-authentication component; in some examples, re-authentication may include EAP re-authentication; paragraph 47, key hierarchy is EAP-RP hierarchy; paragraph 48, root key of the key hierarchy includes extended master session key; EMSK named using EAP Session-ID based on method being used, e.g. EAP-TLS).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the EAP-TLS support teachings of Lee with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang and Wifvesson, in order to improve the security of the EAP-RP process by incorporating the well-known cryptographic security features which are part of Transport Level Security (TLS), including robust transport encryption thereby ensuring confidentiality.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491