DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 02/03/2022. 

Response to Amendment
Claim 8 has been cancelled. 
Claims 1-7, 9-11 and 21 have been examined. 
Claims 1 and 21 have been amended. 
Applicant’s amendments to claims 1 and 21 to add the new limitations: “deriving an access network key for the NAS connection through the non-3GPP access network at the wireless terminal, wherein the access network key is derived based on a NAS count for the wireless terminal, a NAS Connection Identification, NAS CID, for the NAS connection through the non-3GPP access network, a process distinguisher value dedicated for the NAS connection through the non-3GPP access network, and an anchor key”, have changed the scope of the claims. Therefore, applicant's arguments filed on 02/03/2022 have been fully considered but they are not persuasive. As per the applicant’s arguments that prior arts of record fail to teach the limitation, the examiner respectfully disagrees. Prior art of record D1: Page 4: 8. The EAP authentication request/response exchanges between the UE and the AUSF are specific to EAP AKA’. If the EAP AKA’ is successful, then the UE and the AUSF end up sharing an anchor key N3IWF, a non-3GPP-NAS cipher key K-N3GPPNAenc, and a non-3GPP-NAS integrity protection key K-N3GPPNASint in the non-3GPP access mode based on the following formulas: [0133] KN3IWF=KDF(Kamf2 and/or Kseaf2, NAS Count2). [0135]: where NAS Count2 is a count value of a NAS message passing a non-3GPP access point N3IWF, and may be an uplink count value or may be a downlink count value. [0139]: In addition, an independent variable of the key generation algorithm may also include another parameter, such as …, an non-access stratum message count (NAS Count), a security algorithm distinguisher (process distinguisher), a security identifier, a length of SQN ⊕ AK, or a length corresponding to a parameter used for generating a key. [0392] The AMF (or the SEAF) generates an access point key KN3IWF a in a non-3GPP access mode based on parameters such as Kamf2, Kseaf2, NAS Count2, a NAS connection differentiation identifier (NAS CID), and an N3IWF identifier.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-7, 9-11 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record S3-171565 (3GPP TSG SA WG3 (Security) Meeting #87) (hereinafter D1) and prior art of record US 20190253889 to Wu et al (hereinafter Wu).
As per claims 1 and 21, D1 teaches:
A method at a wireless terminal to support communications with a network node of a wireless communication network, the method comprising: 
initiating an internet key exchange, IKE, security association, SA, to establish a Network Access Stratum, NAS, connection between the wireless terminal and the (D1: Page 4: 1a. The UE discovers and associates with the untrusted non-3GPP access network (e.g., WLAN) and gets IP address allocated. This step may involve authentication (e.g., WLAN access authentication) of the UE by the non-3GPP access network and is outside the scope of 3GPP specification. 1b. When the UE decides to connect to NextGen core, the UE discovers the IP address of N3IWF by executing the existing procedure as specified in TS 23.501 and proceeds with the establishment of an IPsec SA as discussed below. 2. The UE proceeds with the establishment of IKE SA with the N3IWF by initiating the IKEv2 signalling procedure according to RFC 7296 and RFC 5998); 
after initiating the IKE SA, transmitting an IKE authorization request through the non-3GPP access network to the N3IWF network node, wherein the IKE authorization request includes an identifier of the wireless terminal (D1: Page 4: 3. Once the IKE SA (phase 1) is initialized, the UE sends an IKE_AUTH request message to the N3IWF. The UE shall include the UE identifier (e.g., the UE permanent identifier or the temporary identifier that was received in a previous registration) in NAI format in the IDi payload); 
deriving an access network key for the NAS connection through the non-3GPP access network at the wireless terminal, wherein the access network key is derived based on … an anchor key (D1: Page 4: 8. The EAP authentication request/response exchanges between the UE and the AUSF are specific to EAP AKA’. If the EAP AKA’ is successful, then the UE and the AUSF end up sharing an anchor key (e.g., EMSK). Page 5: 12. The UE computes an AUTH payload using KN3IWF obtained from the successful authentication (i.e., derived based on the anchor key resulting from the authentication)); and 
receiving an IKE authorization response corresponding to the IKE authorization request, wherein receiving the IKE authorization response comprises performing at least one of integrity protection and/or confidentiality protection for the IKE authorization response using the access network key (D1: Page 5: 13. The N3IWF verifies the AUTH payload received from the UE either in step 3 or in step 12, using the key received from the AMF (i.e., KN3IWF). If the AUTH payload is successfully verified, the N3IWF sends an IKE_AUTH response containing an AUTH payload generated using KN3IWF, to the UE).
D1 teaches deriving the access network key based on an anchor key but does not teach: wherein the access network key is derived based on a NAS count for the wireless terminal, a NAS Connection Identification, NAS CID, for the NAS connection through the non-3GPP access network, a process distinguisher value dedicated for the NAS connection through the non-3GPP access network. However, Wu teaches:
wherein the access network key is derived based on a NAS count for the wireless terminal, a NAS Connection Identification, NAS CID, for the NAS connection through the non-3GPP access network, a process distinguisher value dedicated for the NAS connection through the non-3GPP access network (Wu: [0132] 1114. The AMF (or the SEAF) then generates an access point key KN3IWF, a non-3GPP-NAS cipher key K-N3GPPNAenc, and a non-3GPP-NAS integrity protection key K-N3GPPNASint in the non-3GPP access mode based on the following formulas: [0133] KN3IWF=KDF(Kamf2 and/or Kseaf2, NAS Count2). [0135]: where NAS Count2 is a count value of a NAS message passing a non-3GPP access point N3IWF, and may be an uplink count value or may be a downlink count value. [0139]: In addition, an independent variable of the key generation algorithm may also include another parameter, such as …, an non-access stratum message count (NAS Count), a security algorithm distinguisher (process distinguisher), a security identifier, a length of SQN ⊕ AK, or a length corresponding to a parameter used for generating a key. [0392] The AMF (or the SEAF) generates an access point key KN3IWF a in a non-3GPP access mode based on parameters such as Kamf2, Kseaf2, NAS Count2, a NAS connection differentiation identifier (NAS CID), and an N3IWF identifier).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Wu in the invention of D1 to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).

As per claim 2, D1 in view of Wu teaches:
The method of Claim 1, further comprising: responsive to verifying a payload of the IKE authorization response, establishing an IPsec security association for an IPsec tunnel between the wireless terminal and the N3IWF network node (D1: Page 5: 12. The UE computes an AUTH payload using KN3IWF obtained from the successful authentication (i.e., derived based on the anchor key resulting from the authentication) and sends an IKE_AUTH request containing an AUTH payload generated using the key, to the N3IWF. 13. The N3IWF verifies the AUTH payload received from the UE either in step 3 or in step 12, using the key received from the AMF (i.e., KN3IWF). If the AUTH payload is successfully verified, the N3IWF sends an IKE_AUTH response containing an AUTH payload generated using KN3IWF, to the UE. 14. If the UE successfully verifies the AUTH payload provided by the N3IWF, an IPsec SA is established).

As per claim 3, D1 in view of Wu teaches:
The method of Claim 2, further comprising: after establishing the IPsec security association, performing a security mode command, SMC, procedure for the NAS connection through the non-3GPP access network and the N3IWF network node (D1: Page 5: 14. If the UE successfully verifies the AUTH payload provided by the N3IWF, an IPsec SA is established. 15. The N3IWF sends the NAS SMC received from the AMF in step 10 to the UE over the IPsec SA. 16. The UE sends a NAS SMC complete message over the IPsec SA. 17. The N3IWF forwards the NAS SMC complete message to the AMF over the N2 UL NAS transport).

As per claim 4, D1 in view of Wu teaches:
The method of Claim 1, further comprising: before initiating the IKE SA, providing a NAS connection between the wireless terminal and the network node through a 3GPP (D1: Page 4: 3. UE has an anchor key from a previous registration (e.g., over a 3GPP access)).

As per claim 5, D1 in view of Wu teaches:
The method of Claim 4, wherein deriving the access network key for the NAS connection through the non-3GPP access network precedes transmitting the IKE authorization request, and wherein transmitting the IKE authorization request comprises performing at least one of integrity protection and/or confidentiality protection for the IKE authorization request using the access network key (D1: Page 5: 10. The AMF/SEAF derives a key for N3IWF (KN3IWF) with at least the anchor key at the AMF/SEAF (KSEAF) and the identity of the N3IWF as input to the key derivation after either a successful authentication in or a decision by the network to reuse the anchor key (e.g., from a previous successful authentication that is performed over a different access network) as described in step 8 and sends a N2-Response message containing the KN3IWF. 12. The UE computes an AUTH payload using KN3IWF obtained from the successful authentication (i.e., derived based on the anchor key resulting from the authentication) and sends an IKE_AUTH request containing an AUTH payload generated using the key, to the N3IWF).

As per claim 6, D1 in view of Wu teaches:
The method of Claim 1, further comprising: after transmitting the IKE authorization request, performing Extensible Authentication Protocol, EAP, authentication including derivation of the anchor key (D1: Page 4: 3. Once the IKE SA (phase 1) is initialized, the UE sends an IKE_AUTH request message to the N3IWF. The UE shall include the UE identifier (e.g., the UE permanent identifier or the temporary identifier that was received in a previous registration) in NAI format in the IDi payload. 8. EAP AKA’ is performed between the UE and the AUSF/ARPF. Several EAP authentication request/response message exchanges may take place between the UE and AUSF until EAP AKA’ is completed. Between N3IWF and AMF, EAP authentication request / response messages are encapsulated within authentication request / response messages over N2 interface. Between UE andN3IWF, EAP authentication request / response messages are encapsulated within IKEv2 messages. The EAP authentication request/response exchanges between the UE and the AUSF are specific to EAP AKA’. If the EAP AKA’ is successful, then the UE and the AUSF end up sharing an anchor key (e.g., EMSK)); 
wherein deriving the access network key comprises deriving the access network key for the NAS connection through the non-3GPP access network after performing EAP authentication (D1: Page 5: 10. The AMF/SEAF derives a key for N3IWF (KN3IWF) with at least the anchor key at the AMF/SEAF (KSEAF) and the identity of the N3IWF as input to the key derivation after either a successful authentication. 12. The UE computes an AUTH payload using KN3IWF obtained from the successful authentication (i.e., derived based on the anchor key resulting from the authentication)).

As per claim 7, D1 in view of Wu teaches:
(D1: Page 4: 1a. The UE discovers and associates with the untrusted non-3GPP access network (e.g., WLAN) and gets IP address allocated); and before initiating the IKE SA, discovering an Internet Protocol, IP, address of the N3IWF network node using the connection to the non-3GPP access network; wherein initiating the IKE SA comprises initiating the IKE SA using the IP address of the N3IWF network node (D1: Page 4: 1b. When the UE decides to connect to NextGen core, the UE discovers the IP address of N3IWF by executing the existing procedure as specified in TS 23.501 and proceeds with the establishment of an IPsec SA as discussed below. 2.The UE proceeds with the establishment of IKE SA with the N3IWF by initiating the IKEv2 signalling procedure according to RFC 7296 and RFC 5998.).

As per claim 9, D1 in view of Wu teaches:
The method of Claim 8, wherein the NAS CID for the NAS connection through the non-3GPP access network comprises a NAS CID value dedicated for non-3GPP NAS connections (Wu: [0392] The AMF (or the SEAF) generates an access point key KN3IWF a in a non-3GPP access mode based on parameters such as Kamf2, Kseaf2, NAS Count2, a NAS connection differentiation identifier, and an N3IWF identifier).

As per claim 10, D1 in view of Wu teaches:
(Wu: [0392] The AMF (or the SEAF) generates an access point key KN3IWF a in a non-3GPP access mode based on parameters such as Kamf2, Kseaf2, NAS Count2, a NAS connection differentiation identifier, and an N3IWF identifier).
Wu does not explicitly teach concatenation of the NAS count and the NAS CID. However, the claim would have been obvious because concatenation of two or more values to generate a key was well to one of ordinary skill in the art before the effective filing date of the claimed invention. 

As per claim 11, D1 in view of Wu teaches:
The method of Claim 1, wherein the access network key is derived based on the NAS count and based on a process distinguisher value dedicated for non-3GPP NAS connections (D1: Page 5: 10. The AMF/SEAF derives a key for N3IWF (KN3IWF) with at least the anchor key at the AMF/SEAF (KSEAF) and the identity of the N3IWF as input to the key derivation. Wu: [0132] 1114. The AMF (or the SEAF) then generates an access point key KN3IWF, a non-3GPP-NAS cipher key K-N3GPPNAenc, and a non-3GPP-NAS integrity protection key K-N3GPPNASint in the non-3GPP access mode based on the following formulas: [0133] KN3IWF=KDF(Kamf2 and/or Kseaf2, NAS Count2). [0135]: where NAS Count2 is a count value of a NAS message passing a non-3GPP access point N3IWF, and may be an uplink count value or may be a downlink count value. [0139]: In addition, an independent variable of the key generation algorithm may also include another parameter, such as …, an non-access stratum message count (NAS Count), a security algorithm distinguisher (process distinguisher), a security identifier, a length of SQN ⊕ AK, or a length corresponding to a parameter used for generating a key).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438