DETAILED ACTION
Responsive to the Applicant reply filed on 01/31/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in following.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/31/2022 has been entered.

Response to Amendment
The amendment filed 01/31/2022 has been entered. Claims 1, 12 and 17 have been amended. Claim 2 has been canceled. Claims 1, 3-15 and 17-22 remain pending in the application.

Response to Arguments
Applicant’s arguments with respect to independent claims 1, 12 and 17 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 11, 12, 17 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over ETSI TS 129 503 V15.2.1. hereinafter “V15.2.1” in view of 4G and 5G networks security techniques and algorithms hereinafter “ITU” in view of in view of ETSI TS 133 501 V15.2.0 hereinafter “V15.2.0”.
Regarding claim 1, (Currently Amended) V15.2.1 discloses a method comprising: 
at a home network associated with a user equipment, wherein the home network includes a unified data management entity and an authentication server function (pp. 14, 5. Services offered by the UDM): 
obtaining, at the unified data management entity, an authentication request to authenticate the user equipment to a serving network (pp. 38, Fig. 5.4.2.2.2-1, NF service consumer [“authentication server”, corresponding AUSF below, defined on pp. 37] and UDM [“unified data management entity”, See 3.2 Abbreviation in pp. 13]; 1. The NF service consumer sends a POST request (custom method: generate-auth-data) to the resource representing the UE's security information); 
generating, at the unified data management entity, an authentication vector of a mobile security protocol (pp. 38, Authentication Information Retrieval operation: NF service consumer (AUSF) retrieves authentication information for the UE from the UDM (see also 3GPP TS 33.501 [6] subclause 6.1.2) [“generating an authentication vector”]. The UDM responds with "200 OK" with the message body containing the authentication data information [See Fig. 5.4.2.2.2-1, 2a. AuthenticationInfoResult “authentication vector”]; pp. 101, Table 6.3.6.1-1: Nudm_UEAU specific Data Types, AuthenticationInfoResult 6.3.6.2.3 Contains an Authentication Vector (AV) [“authentication vector”]), 
providing, at the unified data management entity, the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process (pp. 37, The Nudm_UEAuthentication service is used by the AUSF to request the UDM to select an authentication method, calculate a fresh authentication vector (AV) if required for the selected method, and provide it to the AUSF by means of the Get service operation; pp. 98, Table 6.3.3.1-1, The UDM calculates a fresh authentication vector based on the received information and the stored security information [analogues to “multi-factor”] for the SUPI if 5G-AKA or EAP-AKA' is selected; pp. 38, Fig. 5.4.2.2.2-1, 2a. The UDM responds with "200 OK" with the message body containing the authentication data information [“providing the authentication vector”]); and 
Although V15.2.1 teaches “a fresh authentication vector (AV)”, it may not explicitly teach, but ITU, which is a same field of endeavor, discloses the method, wherein the authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process (pp.6, X.1158 Multi-factor authentication mechanisms using a mobile device [“X.1158” also listed, attached in a current OC and considered pertinent to applicant's disclosure in conclusion of current OC]). 
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by V15.2.1with the teachings of ITU to include an indication that the user equipment is to be authenticated using a multi-factor authentication process. One of ordinary skill in the art would have been motivated to make this modification because Multi-factor authentication may keep data and systems secure by adding roadblocks that stop bad actors in their tracks. Even if a password or other authentication method is compromised, it's extremely rare that a hacker also has a second or third authentication factor.
pp. 34-35, Figure 6.1.3.1-1: Authentication procedure for EAP-AKA'; 10. The AUSF [“authentication server function”] shall send an EAP Success message to the SEAF inside Nausf_UEAuthentication_Authenticate Response, which shall forward it transparently to the UE. Nausf_UEAuthentication_Authenticate Response message contains the KSEAF).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by V15.2.1 and ITU with the teachings of V15.2.0 to authenticate, at the authentication server function, the user equipment to the serving network based on the response. One of ordinary skill in the art would have been motivated to make this modification because it allow primary authentication and key agreement procedures that enable mutual authentication between the UE and the network.  It may also provide keying material that can be used between the UE and the serving network in subsequent security procedures (pp. 31). Therefore, it allows a unified authentication framework, better UE identity protection, enhanced home-network control, and more key separation in key derivation.

Regarding claim 11, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses the method of claim 1, wherein the mobile security protocol is a mobile security protocol for a fifth generation cellular network technology ([V15.2.1: pp. 12] Scope The 5G System stage 2 architecture and procedures are specified in 3GPP TS 23.501 [2] and 3GPP TS 23.502 [3]).

Regarding claim 12, (Currently Amended) it is a system that respectively corresponds to claim 1. Therefore, the claims are rejected for at least the same reasons as the method of claim 1.
 

Regarding claim 17, (Currently Amended)  it is a non-transitory readable storage medium encoded with instructions that respectively corresponds to claim 1. Therefore, the claims are rejected for at least the same reasons as the method of claim 1.

Regarding claim 22, (New) the combination of V15.2.1, ITU and V15.2.0 discloses the method of claim 1, further comprising obtaining the authentication request from, and providing the authentication vector to, a security anchor function of the serving network ([V15.2.0: pp. 34-35, Figure 6.1.3.1-1: Authentication procedure for EAP-AKA'] 10. The AUSF shall send an EAP Success message to the SEAF [“security anchor function of the serving network”] inside Nausf_UEAuthentication_Authenticate Response, which shall forward it transparently to the UE).


Claims 3 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over ETSI TS 129 503 V15.2.1. hereinafter “V15.2.1” in view of 4G and 5G networks security techniques and algorithms hereinafter “ITU” in view of in view of ETSI TS 133 501 V15.2.0 hereinafter “V15.2.0” as applied to claim 1 above, and further in view of Lee et al. (US 20160262021 A1 hereinafter “Lee”).
Regarding claim 3, (Original) the combination of V15.2.1, ITU and V15.2.0 may not explicitly discloses but Lee, which is a same field of endeavor, discloses the method of claim 1, further comprising: at the home network: initiating the multi-factor authentication process using an identity provider entity (¶0078, at action 504 the UE 102, UEs may not have a subscription to a home network, sends an authentication request to the eNB 104; ¶0083, For added security for the action 504, multi-factor authentication (MFA) may also be used; ¶0086-0087, At action 508, the MME 106 transmits the modified authentication request, including MFA above, to the server 116, then it proceeds with compiling an authorization vector at action 510).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by V15.2.1, ITU and V15.2.0 with the teachings of Lee to authenticate, at the authentication server function, the user equipment to the serving network based on the response. One of ordinary skill in the art would have been motivated to make this modification because multi-factor authentication (MFA) may also be used for any of the equations of added security [¶0083]. Therefore, MFA may reduce fraud and identity theft by requiring additional security measures that thieves can rarely access.

Regarding claim 8, (Original) the combination of V15.2.1, ITU and V15.2.0 may not explicitly discloses but Lee, which is a same field of endeavor, discloses the method of claim 1, wherein the multi-factor authentication process involves a multi- factor authentication one time password or a derivative of the multi-factor authentication one time password (¶0083, For added security for any of the equations described above, multi-factor authentication (MFA) may also be used. When used, the derivation of the client token may incorporate another credential referred to as a one-time passcode (OTP)).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by V15.2.1, ITU and V15.2.0 with the teachings of Lee to authenticate, at the authentication server function, the user equipment to the serving network based on the response. One of ordinary skill in the art would have been motivated to make this modification because Mobile device apps rely on the token device and PIN to generate the one-time password for multi-factor authentication. Therefore, it enable avoiding common pitfalls that IT administrators and security managers face with password security.


Claims 4-7, 13-15 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over ETSI TS 129 503 V15.2.1. hereinafter “V15.2.1” in view of 4G and 5G networks security techniques and algorithms hereinafter “ITU” in view of in view of ETSI TS 133 501 V15.2.0 hereinafter “V15.2.0” as applied to claims 1, 12 and 17 above, and further in view of Khosravi et al. (US 20170289118 A1 hereinafter “Khosravi”).
Regarding claim 4, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “at the home network: initiating the multi-factor authentication process locally.”
In a same field of endeavor, Khosravi discloses the method of claim 1, further comprising: at the home network: initiating the multi-factor authentication process locally (¶0015, The user device 110 includes a transceiver 111 which used to communicate over various wireless networks, such as a cellular network LTE or 5G; ¶0024, The WAL application 200 interfaces with a multi-function authentication (MFA) host 202 to obtain the list. The MFA host 202 maintains a list of enrolled devices in local secured memory [“multi-factor authentication process locally”]).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Khosravi to initiate the multi-factor authentication process locally. One of ordinary skill in the art would have been motivated to make this modification because the local secured memory may provide the multi-function authentication (MFA) host maintained list of enrolled devices [or “initiate the multi-factor authentication process locally”] in the environments. The user or application specific data may be securely stored in the local memory of the devices and be used for the authentication of the user device. Therefore, MFA may reduce fraud and identity theft by requiring additional security measures that thieves can rarely access.

Regarding claim 5, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment that is associated with a given enterprise is to be authenticated to the serving network using the multi-factor authentication process, wherein the user equipment is associated with the given enterprise”.
Khosravi discloses the method of claim 1, wherein generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment that is associated with a given enterprise is to be authenticated to the serving network using the multi-factor authentication process, wherein the user equipment is associated with the given enterprise (¶0015, The user device 110 includes a transceiver 111 which used to communicate over various wireless networks, such as a cellular network LTE or 5G; ¶0011, User proximity or presence near a computer or other secured computing resource [“any user equipment that is associated with a given enterprise”], is an important factor in determining whether the user should be authenticated to the computer (e.g., logged in or allowed to use different enterprise apps [“given enterprise”]) in a Multi-factor Authentication (MFA) system; ¶0024, The WAL application 200 interfaces with a multi-function authentication (MFA) host 202 to obtain the list [“authentication vector”]).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Khosravi to generating the authentication vector includes generating the authentication vector based on the MFA host may interface with the Bluetooth host to obtain a list of devices [or “authentication vector”] currently connected to the compute device, and return the list to the WAL application (message/operation). The user device is provided in the list that is returned and the user (message/operation), and the user selects the appropriate device to enroll (message/operation). A Bluetooth authenticator may operate over a secure channel with the MFA host, in order to provide heightened security over typical Bluetooth security. Thus, a Bluetooth message is sent to the user device to connect the WAL application and a client app executing [or “user equipment is associated with the given enterprise”] on the user device (message/operation) for the authentication (¶0024-0026).

Regarding claim 6, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment to be authenticated to the serving network, is to be authenticated to the serving network using the multi-factor authentication process.”
Khosravi discloses the method of claim 1, wherein generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment to be authenticated to the serving network, is to be authenticated to the serving network using the multi-factor authentication process (¶0015, The user device 110 includes a transceiver 111 which used to communicate over various wireless networks, such as a cellular network LTE or 5G; ¶0011, User proximity or presence near a computer or other secured computing resource, is an important factor in determining whether the user should be authenticated to the computer (e.g., logged in or allowed to use different enterprise apps) in a Multi-factor Authentication (MFA) system; ¶0024, The WAL application 200 interfaces with a multi-function authentication (MFA) host 202 to obtain the list [“authentication vector”]).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Khosravi to generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment that is associated with a given enterprise is to be authenticated to the serving network using the multi-factor authentication process, wherein the user equipment is associated with the given enterprise. One of ordinary skill in the art would have been motivated to make this modification because the MFA host may interface with the Bluetooth host to obtain a list of devices currently connected [or “authentication vector”] to the compute device, and return the list to the WAL application (message/operation). The user device is provided in the list that is returned and the user (message/operation), and the user selects the appropriate device to enroll (message/operation). A Bluetooth authenticator may operate over a secure channel with the MFA host, in order to provide heightened security over typical Bluetooth security. Thus, a Bluetooth message is sent to the user device to connect the WAL application and a client app executing [or “user equipment is associated with the given enterprise”] on the user device (message/operation) for the authentication (¶0024-0026).

Regarding claim 7, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that the user equipment is to be authenticated to the serving network using the multi-factor 
Khosravi discloses the method of claim 1, wherein generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that the user equipment is to be authenticated to the serving network using the multi-factor authentication process at a given time or a given location, wherein the user equipment is to be authenticated to the serving network at the given time or the given location (¶0015, The user device 110 includes a transceiver 111 which used to communicate over various wireless networks, such as a cellular network LTE or 5G; ¶0011, User proximity or presence near a computer or other secured computing resource [“given location”], is an important factor in determining whether the user should be authenticated to the computer (e.g., logged in or allowed to use different enterprise apps) in a Multi-factor Authentication (MFA) system; ¶0024, The WAL application 200 interfaces with a multi-function authentication (MFA) host 202 to obtain the list [“authentication vector”]).  
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Khosravi to generating the authentication vector includes generating the authentication vector based on a multi-factor authentication policy that indicates that any user equipment that is associated with a given enterprise is to be authenticated to the serving network using the multi-factor authentication process, wherein the user equipment is associated with the given enterprise. One of ordinary skill in the art would have been motivated to make this modification because the MFA host may interface with the Bluetooth host to obtain a list of devices currently connected [or “authentication vector”] to the compute device, and return the list to the WAL application (message/operation). The user device is provided in the list that is returned and the user (message/operation), and the user selects the appropriate device to enroll (message/operation). A Bluetooth authenticator may operate over a secure channel with the MFA host, in order to provide heightened security over typical Bluetooth [or “a given time or a given location”] security (¶0024-0026).

Regarding claim 13 and 18, (Original) they are an apparatus and a non-transitory readable storage medium encoded with instructions that respectively corresponds to claim 5. Therefore, the claims are rejected for at least the same reasons as the method of claim 5.

Regarding claim 14 and 19, (Original) they are an apparatus and a non-transitory readable storage medium encoded with instructions that respectively corresponds to claim 6. Therefore, the claims are rejected for at least the same reasons as the method of claim 6.

Regarding claim 15 and 20, (Original) they are an apparatus and a non-transitory readable storage medium encoded with instructions that respectively corresponds to claim 7. Therefore, the claims are rejected for at least the same reasons as the method of claim 7.


Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over ETSI TS 129 503 V15.2.1. hereinafter “V15.2.1” in view of 4G and 5G networks security techniques and algorithms hereinafter “ITU” in view of in view of ETSI TS 133 501 V15.2.0 hereinafter “V15.2.0” as applied to claim 1 above, and further in view of Moyer et al. (US 20180232937 A1 hereinafter “Moyer”).
Regarding clam 9, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “the mobile security protocol is a fifth generation cellular network technology authentication and key agreement (5G-AKA) protocol, and 
In a same field of endeavor, Moyer discloses the method of claim 1, wherein the mobile security protocol is a fifth generation cellular network technology authentication and key agreement (5G-AKA) protocol, and the authentication vector includes an authentication token including the indication that the user equipment is to be authenticated using the multi-factor authentication process (¶0022, the network can comprise a secure high-speed network comprising 5G, WiMAX, and/or so forth; ¶0047, the security and auditing management 120 can issue and manage digital certificates [“authentication token”] used for enabling user authentication. the security and auditing management 120 can implement various definable authentications such as a PKI-based authentication protocol, Authentication and Key Agreement (AKA) scheme, and/or other authentication protocol such as multi-factor authentication and SAS certification for data encryption and decryption).  
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Moyer to include that the mobile security protocol is a fifth generation cellular network technology authentication and key agreement (5G-AKA) protocol, and the authentication vector includes an authentication token including the indication that the user equipment is to be authenticated using the multi-factor authentication process. One of ordinary skill in the art would have been motivated to make this modification because the security and auditing management [or “the method”] can also facilitate in authenticating a user using one or more of the aforementioned authentication methods and protocols for the virtual reality content [or specific application of the user device] (¶0035).

Regarding claim 10, (Original) the combination of V15.2.1, ITU and V15.2.0 discloses teaches all elements of the current invention as stated in claim 1 above except “the mobile security protocol is an extensible authentication protocol authentication and key agreement prime (EAP-AKA') protocol.”
Moyer discloses the method of claim 1, wherein the mobile security protocol is an extensible authentication protocol authentication and key agreement prime (EAP-AKA') protocol (¶0047, the security and auditing management 120 can implement such as Authentication and Key Agreement ( AKA) scheme, and/or other authentication protocol such as multi-factor authentication and SAS certification for data encryption and decryption), and the authentication vector includes an EAP request including the indication that the user equipment is to be authenticated using the multi-factor authentication process (¶0043, the security and auditing management 120 can conduct various definable authentications such as multi-factor authentication, SAS certification, Password Authentication Protocol (PAP), challenge-handshake authentication protocol (CHAP), extensible authentication protocol (EAP), database authentication, and/or other authentication methods and protocols can be used).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Moyer to include that the mobile security protocol is an extensible authentication protocol authentication and key agreement prime (EAP-AKA') protocol, and the authentication vector includes an EAP request including the indication that the user equipment is to be authenticated using the multi-factor authentication process. One of ordinary skill in the art would have been motivated to make this modification because the security and auditing management [or “the method”] can also facilitate in authenticating a user using one or more of the aforementioned authentication methods and protocols for the virtual reality content [or specific application of the user device](¶0035).

21 is rejected under 35 U.S.C. 103 as being unpatentable over ETSI TS 129 503 V15.2.1. hereinafter “V15.2.1” in view of 4G and 5G networks security techniques and algorithms hereinafter “ITU” in view of in view of ETSI TS 133 501 V15.2.0 hereinafter “V15.2.0” as applied to claim 1 above, and further in view of Glozman et al. (US 20200053072 A1 hereinafter “Glozman”).
Regarding claim 21, (New) the combination of V15.2.1, ITU and V15.2.0 may not explicitly teaches, but Glozman, which is a same field of endeavor, discloses the method of claim 1, wherein the home network is a private enterprise network (¶0063, the second computing device [“user equipment”] is operative in a public mobile network operating on a standard such as 3G, 4G or 5G or in a private network (e.g. a wireless network in hospital)). 
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by the combination of V15.2.1, ITU and V15.2.0 with the teachings of Glozman to include a home network that is a private enterprise network. One of ordinary skill in the art would have been motivated to make this modification because it may involve an initial session setup in the physician office, populating the patient's phone with a unique identifier which could match that phone to a particular patient record in the hospital information system [or private network] (¶0136).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
• ITU-T X.1158 (11/2014)- TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU: Multi-factor authentication mechanisms using a mobile device.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.S./Examiner, Art Unit 2493                                                                                                                                                                                                         

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493