Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
2.	Claims 1, 7, 14 and 20 are objected to because of the following informalities:  
a)	The acronym “API” in claims 1, 7, 14, and 20 should be presented what is stand for; 
b)	The acronym “TLS” in claims 1, 7, 14, and 20 should be presented what is stand for;  
Appropriate correction is required.
Claim Rejections - 35 USC § 102
3.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

A)	Claims 1-5, 7-11, 14-18 and 20-24 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by RAJADURAI (US 20190149576 A1). 
As per claim 1, RAJADURAI discloses a device (RAJADURAI, ¶0040, a device) comprising: a memory storing instructions; and one or more processors configured to execute the instructions (RAJADURAI, ¶0040, memory for storing computer or software programs or instructions and processor such as CPU to execute the programs) to:  

 	As per claim 2 as applied to claim 1 above, RAJADURAI discloses establish a TLS session with the application server (RAJADURAI, Fig.4 and ¶0074, establish a TLS session with the CCF 106).  
 	As per claim 3 as applied to claim 1 above, RAJADURAI discloses wherein the Onboard API invoker response message includes Onboard Secret information remaining the same during onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding response includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
 	As per claim 4 as applied to claim 1 above, RAJADURAI discloses sends a second request message to the application server for obtaining permission to access a 
 	As per claim 5 as applied to claim 4 above, RAJADURAI discloses wherein the second request message includes the application server related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
As per claim 7, RAJADURAI discloses an application server (RAJADURAI, ¶0042, CAPIF core function or CCF 106 (i.e. server, ¶0059)) comprising: a memory storing instructions; and one or more processors configured to execute the instructions (RAJADURAI, ¶0040, memory for storing computer or software programs or instructions and processor such as CPU to execute the programs) to:  
receive an Onboard API invoker request message from a device (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 (i.e. server, ¶0059) during registration or onboarding from a device; also see ¶0047, onboard API invoker 102) after authentication using TLS with the application server (RAJADURAI, ¶0075, after successful establishment of the secure TLS session with CCF 106; also see ¶0048, authenticating using TLS by the CCF 106); and send an Onboard API invoker response message from the application server (RAJADURAI, Fig.4 and ¶0081, receive API invoker response from CCF 106), the Onboard API 
As per claim 8 as applied to claim 7 above, RAJADURAI discloses establish a TLS session with the application server (RAJADURAI, Fig.4 and ¶0074, establish a TLS session with the CCF 106).  
 	As per claim 9 as applied to claim 7 above, RAJADURAI discloses wherein the Onboard API invoker response message includes Onboard Secret information remaining the same during onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding response includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
As per claim 10 as applied to claim 7 above, RAJADURAI discloses sends a second request message to the application server for obtaining permission to access a service API after the authentication (RAJADURAI, Fig.4 and ¶0075 and ¶0072, sending requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication) ; and receives a second response message from the application server, the second response message including an access token specific to the device (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving response including access tokens rights of the client or device 102).
 	As per claim 11 as applied to claim 10 above, RAJADURAI discloses wherein the second request message includes the application server related API invoker ID and 
As per claim 14, RAJADURAI discloses an information processing method in a device (RAJADURAI, Fig.4 and ¶0073, security information processing method at a client or device) comprising: 
sending an Onboard API invoker request message to an application server (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 (i.e. server, ¶0059) during registration or onboarding; also see ¶0047, onboard API invoker 102) after authentication using TLS with the application server (RAJADURAI, ¶0075, after successful establishment of the secure TLS session with CCF 106; also see ¶0048, authenticating using TLS by the CCF 106); and receiving an Onboard API invoker response message from the application server (RAJADURAI, Fig.4 and ¶0081, receive API invoker response from CCF 106), the Onboard API invoker response message including an application server related API invoker ID which is assigned by the application server (RAJADURAI, Fig.4 and ¶0075 and ¶0081, response including API invoker client identifier which is generated or assigned by the CCF 106; also see ¶0048, identity and credentials of API Invoker 102).
As per claim 15 as applied to claim 14 above, RAJADURAI discloses establishing a TLS session with the application server (RAJADURAI, Fig.4 and ¶0074, establish a TLS session with the CCF 106).  
 	As per claim 16 as applied to claim 14 above, RAJADURAI discloses wherein the Onboard API invoker response message includes Onboard Secret information remaining the same during onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, 
 	As per claim 17 as applied to claim 14 above, RAJADURAI discloses sending a second request message to the application server for obtaining permission to access a service API after the authentication (RAJADURAI, Fig.4 and ¶0075 and ¶0072, sending requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication) ; and receiving a second response message from the application server, the second response message including an access token specific to the device (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving response including access tokens rights of the client or device 102).
 	As per claim 18 as applied to claim 17 above, RAJADURAI discloses wherein the second request message includes the application server related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
As per claim 20, RAJADURAI discloses an information processing method in an application server (RAJADURAI, Fig.4 and ¶0073, security information processing method at CAPIF core function or CCF 106 (i.e. server, ¶0059)) comprising: 
receiving an Onboard API invoker request message from a device (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 (i.e. server, ¶0059) during registration or onboarding from a client or device; also see ¶0047, onboard API invoker 102) after authentication using TLS with the application server (RAJADURAI, ¶0075, after successful establishment of the secure TLS session with 
As per claim 21 as applied to claim 20 above, RAJADURAI discloses establishing a TLS session with the application server (RAJADURAI, Fig.4 and ¶0074, establish a TLS session with the CCF 106).  
 	As per claim 22 as applied to claim 20 above, RAJADURAI discloses wherein the Onboard API invoker response message includes Onboard Secret information remaining the same during onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding response includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
	As per claim 23 as applied to claim 20 above, RAJADURAI discloses receiving a second request message from a device for obtaining permission to access a service API after the authentication (RAJADURAI, Fig.4 and ¶0075 and ¶0072, receiving requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication); generating an access token specific to the device (RAJADURAI, Fig.4 and ¶0075, generating an access token right for the client or device 102) and sending a second response message to the device, the second response 
	 As per claim 24 as applied to claim 23 above, RAJADURAI discloses wherein the second request message includes the application server related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
A)	Claims 6, 12-13, 19, and 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over RAJADURAI (US 20190149576 A1) in view of 3GPP TS 23.222 V15.0.0, "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Functional architecture and information flows to support Common API Framework for 3GPP Northbound APIs: Stage 2 (Release 15)". 2018-01. pp. 1-79, hereinafter 3GPP.
 	As per claim 6 as applied to claim 1 above,  RAJADURAI does not disclose sends an offboard API invoker request message to the application server after the authentication using TLS, the offboard API invoker request message including the application server related API invoker ID; and receives an offboard API invoker response message from the application server in response to successful verification of the application server related API invoker ID, the offboard API invoker response message indicating successful offboarding of the device.  
In the same field of endeavor, 3GPP teaches sends an offboard API invoker request message to the application server after the authentication using TLS (3GPP, page 26, section 8.2, sending an offboard API invoker request to the CAPIF core function or CCF after the authentication), the offboard API invoker request message including the application server related API invoker ID (3GPP, page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); and receives an offboard API invoker response message from the application server in response to successful verification of the application server related API invoker ID (3GPP, page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding of the device (3GPP, page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation). 

As per claim 12 as applied to claim 7 above,  RAJADURAI does not disclose receives an offboard API invoker request message from a device after the authentication using TLS, the offboard API invoker request message including the application server related API invoker ID; verify the application server related API invoker ID; cancels enrollment of the device; deletes authorization information of the device; and sends an offboard API invoker response message to the device in response to successful verification of the application server related API invoker ID, the offboard API invoker response message indicating successful offboarding.  
 	In the same field of endeavor, 3GPP teaches receive an offboard API invoker request message from a device after the authentication using TLS (3GPP, page 26, section 8.2, sending or receiving an offboard API invoker request to the CAPIF core function or CCF from the device after the authentication), the offboard API invoker request message including the application server related API invoker ID (3GPP, page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); verify the application server related API invoker ID (3GPP, page 20 section 6.4.6, verification for the API invoker identity); cancels enrollment of the device (3GPP, page 27, part 2, cancel the enrollment of the API invoker); deletes authorization information of the device (3GPP, page 27, part 2, all the authorizations corresponding to 
 	As per claim 13 as applied to claim 12 above, 3GPP further teaches retains information of the device depending on operator policy (3GPP, page 27, part 2, retain information of API invoker as per the operator policy). 
 	As per claim 19 as applied to claim 14 above,  RAJADURAI does not disclose sending an offboard API invoker request message to the application server after the authentication using TLS, the offboard API invoker request message including the application server related API invoker ID; and receiving an offboard API invoker response message from the application server in response to successful verification of the application server related API invoker ID, the offboard API invoker response message indicating successful offboarding of the device.  

 As per claim 25 as applied to claim 20 above,  RAJADURAI does not disclose receiving an offboard API invoker request message from a device after the authentication using TLS, the offboard API invoker request message including the application server related API invoker ID; verifying the application server related API invoker ID; canceling enrollment of the device; deleting authorization information of the 
 	In the same field of endeavor, 3GPP teaches receiving an offboard API invoker request message from a device after the authentication using TLS (3GPP, page 26, section 8.2, sending or receiving an offboard API invoker request to the CAPIF core function or CCF from the device after the authentication), the offboard API invoker request message including the application server related API invoker ID (3GPP, page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); verifying the application server related API invoker ID (3GPP, page 20 section 6.4.6, verification for the API invoker identity); canceling enrollment of the device (3GPP, page 27, part 2, cancel the enrollment of the API invoker); deleting authorization information of the device (3GPP, page 27, part 2, all the authorizations corresponding to the API invoker are revoked or deleted); and sending an offboard API invoker response message to the device in response to successful verification of the application server related API invoker ID (3GPP, page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding (3GPP, page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation).	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP into invention of RAJADURAI in order to trigger offboard API invoker request to 
 	As per claim 26 as applied to claim 25 above, 3GPP further teaches retains information of the device depending on operator policy (3GPP, page 27, part 2, retain information of API invoker as per the operator policy). 
Pertinent Prior Art
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PATTAN (US 20200089552 A1) discloses method and system for providing a network-based northbound application programming interface. The method includes receiving, by an API provider, a request for invoking one or more service APIs from one or more API invoker clients. The method includes utilizing, by the API provider, a CAPIF core function residing at a first domain to provide the one or more service APIs. The method includes providing, by the API provider, the one or more service APIs to the one or more API invoker clients through the CAPIF core function, wherein the API provider comprises one or more service APIs, an API exposing function, an API publishing function and an API management function.
Conclusion
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARIDEH MADANI whose telephone number is (571)272-1249. The examiner can normally be reached Monday through Friday; 9 AM to 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JINSONG HU can be reached on 5712723965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FARIDEH MADANI/Examiner, Art Unit 2643                                                                                                                                                                                                        

/JINSONG HU/Supervisory Patent Examiner, Art Unit 2643