DETAILED ACTION
This Final Office Action is in response to amendment filed on 02/22/2022. Claims 1-9 and 11-20 have been amended. Claim 10 has been cancelled. Claims 1-9 and 11-20  remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 04/07/2020 are accepted.

Response to Arguments 
Applicant stated in Page 8 “In rejecting claim 10, the Examiner asserted that Hutnik disclosed these features. However, Hutnik merely discloses of using different algorithm for protecting data according to the location of the client. Hutnik does not suggest using different algorithm based on whether the attribute of data corresponds to the MCData signaling field or the MCData payload. In particular, according to Hutnik, the algorithm for protecting the data is dependent on the location of the client. In contrast, as recited in the independent claim, "a signaling algorithm used to protect an MC data (MCData) signaling field including a data signaling payload" is selected "based on a local policy ... wherein the signaling algorithm is different from an algorithm used to protect an MCData payload associated with a user payload". For example, in Hutnik the policy is identified based on a location of the terminal.”
Examiner respectfully notes that the argument “Hutnik does not suggest using different algorithm based on whether the attribute of data corresponds to the MCData signaling field or the MCData payload” is not explicitly recited in the claim, as drafted. Examiner further notes that other than the explicit recitation of “payload”, Hutnik discloses the above argued, underlined, claim limitations, as drafted. Specifically, Hutnik discloses that a protection suite is selected based on the local law pertaining to the location of the client, i.e. local policy, where the abstract discloses “A server is adapted to communicate with client devices using a selected one of a plurality of alternative protection suites.”, Paragraph [0010] discloses “a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications”. Hutnik further discloses in e.g. [0025-0030] the advantage of Hutnik’s system where if the user and the associated client traveling to different locations, with different legal requirements and local laws, the server side of the system is capable of selecting a different protection suite, i.e. signaling algorithm, based on the local law, local policy, e.g. [0028] “ This approach, advantageously, pushes the intelligence up into the network, freeing the user from both having to a) know local law and b) remember to reconfigure his computer as he moves from country to country, and/or eliminating the need for the client itself to be configured to perform the necessary functions.”.  Therefore, Hutnik teaches, as further illustrated in Figure 3, that if a user travels from a country that permits e.g. AES, to a country that does not permit AES, e.g. India, then, the system would select a protection suite, i.e. signaling algorithm, that is “different from an algorithm used to protect an MCData [payload] associated with a user [payload]”. Specifically, if the user travels to e.g. India, then, the newly selected protection suite, i.e. signaling algorithm, is going to be different from a previously used protection suite, i.e. signaling algorithm, e.g. AES, where the previously used protection suite used to protect data associated with the user/client. Therefore, short of “payload” pertaining to the amendments, Hutnik discloses the above argued limitations. 
	
Applicant further stated in Page 8 “claim 11, which is directed toward the terminal, recites that the terminal receives "a key download message including a signaling algorithm parameter indicating a signaling algorithm used to protect an MC data (MCData) signaling field"
Examiner respectfully notes that Hutnik discloses the client terminal receiving a message, which includes a proposal indicating which protection suite, signaling algorithm, to be used in protecting communication data between server and client, such that the protection will comply with local law/policy. Particularly, Hutnik discloses in [0010] and further described in [0022, 0024-0025] and illustrated in Figure 2, the server sending a message with a proposal, which indicates a different protection suite, signaling algorithm, [0010] “the responder will specify in the Proposal another protection suite from among those offered by the initiator”. Hutnik does not explicitly refer to the message with the proposal as a key download message, however, Stojanovski discloses the client receiving a key download message, where Col. 7 line 56-64 discloses receiving, by a remote UE, a payload message, which recovers a common secret key. Therefore, Hutnik in view of Stojanovski disclose the above mentioned limitation. 
 Applicant further stated “In view of the above, the applicant submits that Hutnik does not disclose at least "transmitting, to an MC client, a key download message including a signaling algorithm parameter indicating the signaling algorithm... wherein the signaling algorithm is different from an algorithm used to protect an MCData payload associated with a user payload" as recited in the independent claims”.
Examiner notes, as described above, and other than the explicit recitation of “payload”, that Hutnik discloses the above mentioned limitations. Particularly, Hutnik discloses “transmitting, to an MC client, a… message including a signaling algorithm parameter indicating the signaling algorithm”, as described above and disclosed in [0010, 0022, 0024-0025] and illustrated in Figure 2, please see response above. Hutnik does not explicitly refer to the message with the proposal as a key download message, however, Stojanovski discloses the client receiving a key download message, where Col. 7 line 56-64 discloses receiving, by a remote UE, a payload message, which recovers a common secret key. Hutnik further discloses “wherein the signaling algorithm is different from an algorithm used to protect an MCData… associated with a user”, as described above and repeated as follows: Hutnik discloses in e.g. [0025-0030] the advantage of Hutnik’s system where if the user and the associated client traveling to different locations, with different legal requirements and local laws, the server side of the system is capable of selecting a different protection suite, i.e. signaling algorithm, based on the local law, local policy, e.g. [0028] “ This approach, advantageously, pushes the intelligence up into the network, freeing the user from both having to a) know local law and b) remember to reconfigure his computer as he moves from country to country, and/or eliminating the need for the client itself to be configured to perform the necessary functions.”.  Therefore, Hutnik teaches, as further illustrated in Figure 3, that if a user travels from a country that permits e.g. AES, to a country that does not permit AES, e.g. India, then, the system would select a protection suite, i.e. signaling algorithm, that is “different from an algorithm used to protect an MCData [payload] associated with a user [payload]”. Specifically, if the user travels to e.g. India, then, the newly selected protection suite, i.e. signaling algorithm, is going to be different from a previously used protection suite, i.e. signaling algorithm, e.g. AES. Therefore, short of “payload” pertaining to the amendments, Hutnik in view of Stojanovski disclose the above argued limitations. 
The applicant’s remarks, Pages 7-8 regarding prior arts Hutnik in view of Stojanovski pertaining to claims 1, 11, 14 and 19 amendments where the MCData to be protected includes a payload field, are considered moot because the the remarks do not apply in light of the newly found prior art, Alkhatib et. al. (US 20110283017 A1), where Alkhatib explicitly discloses protecting conveyed mission-critical data, which include payloads. Please see detailed rationale and motivation below. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 6, 8, 10-12, 14-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hutnik (US 20080155645 A1), hereinafter Hutnik in view of Stojanovski (US 10079822 B2), hereinafter Stojanovski and further in view of Alkhatib et. al. (US 20110283017 A1), hereinafter Alkhatib.

Regarding claim 1 (Currently Amended), Hutnik teaches a method performed by [a mission critical (MC) service (MCX)] server in a [wireless] communication system (Hutnik Abstract “A server is adapted to communicate with client devices using a selected one of a plurality of alternative protection suites.”, [0020] and Figure 1 illustrates internet communication between client and VPN servers in a VPN service provider, where the communication includes accessing data that may include “mission-critical” data as disclosed [0003]), 
the method comprising: 
selecting, from among a plurality of signaling algorithms, a signaling algorithm used to protect an MC data (MCData) signaling field [including a data signaling payload], based on a local policy (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm...the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, where the responder will select/specify from among a plurality of protection suites, as further disclosed in [0028-0030] and further illustrated in Figure 2, to be used for performing encryption of communicating data, e.g. data  resources 31 as disclosed in [0020], where the selection from a plurality of protection suite, i.e. plurality of signaling algorithms, is based on the local law, i.e. local policy, as disclosed in [0012-0013]);
transmitting, to an MC client, a [key download] message including a signaling algorithm parameter (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm...the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, Figure 2 illustrates server 221 (responder) transmitting “Proposal with selected responder suite” to a client, as further disclosed in [0010, 0022, 0024-0025], where the proposal for the specified/selected protection suite and its encryption algorithm corresponds to signaling algorithm parameter)
the signaling algorithm (Hutnik Figure 2 [0010, 0022, 0024-0025] discloses the protection suites, e.g. (AES), i.e. indicated, to establish communication between server and the client, where the proposal with a protection suite, i.e. encryption algorithm, corresponds to the signaling algorithm parameter indicating the proposed algorithm to be used, which indicates the encryption algorithm used for secured/encrypted communication to access protected resources data, such as database data, as disclosed in [0020], where the data corresponds to MCData signaling field); and 
performing application plane signaling with the MC client by using the signaling algorithm (Hutnik [0010, 0020] discloses performing service in a secure communication, for communicating protected data resources, 31 in Figure 1, e.g.  internal servers, databases etc., with the client 12, where the secure communication is performed using the protection suite, i.e. algorithm specified/selected and proposed by the server, as disclosed in [0022, 0031] and Figure 3 (317, 321), where the service of providing protected data resources and its secure access by the client corresponds to the application plane signaling with the MC client, 
consistent with the description of the application plane signaling as MCData service as described in [0059] and claim 8 of the instant application).  
wherein the signaling algorithm is different from an algorithm used to protect an MCData [payload] associated with a user payload (Hutnik discloses in [0010] the use of a different protection suite, i.e. signaling algorithm, that is proposed by the server 221, from the one offered by the client 12 used by the user, [0025-0030] discloses the case where if the user travels from USA to India, where India does not allow using AES to encrypt MCData, Hutnik teaches the system using a different protection suite, i.e. signaling algorithm, than the one used when the user was in USA, in order to comply with Indian laws, which does not permit using AES).
While Hutnik discloses the aforementioned limitations, where the communication for server and client is secured/protected based on the server transmitting a protection/encryption algorithm used for protecting communication data, e.g. database resource data, etc., Hutnik further discloses negotiating encryption key, Hutnik further discloses in the background of the disclosure that the communication data may be mission critical data, however, Hutnik does not explicitly disclose in the body of the disclose the below limitation.
Stojanovski discloses wireless communication for mission critical service for a system including a servers and client (Stojanovski discloses User Equipment, i.e. client, and server in wireless communication to receive mission critical content, 
Col. 1 line 56-60 “improvements for securely receiving critical communication content associated with a critical communication service (e.g., MCPTT) that may involve use of wireless mobile telecommunication cellular or wireless mobile broadband technologies.”,
Col. 2 line 37-63 “MCPTT supports an enhanced PTT service, suitable for mission critical scenarios and is based upon 3GPP EPS services. MCPTT is typically a session initiation protocol (SIP) based service that may be provided via a centralized MCPTT server residing in a network (e.g., a 3GPP EPS network). The MCPTT server may be an IP Multimedia Subsystem (IMS) application server”
Col. 3 line 4-18 “remote UEs may utilize a relay UE's direct attachment to the network to receive critical communication services from the MCPTT server…A solution is needed to allow the remote UE to agree to common key material with the MCPTT server that can be used to securely relay a master session key. The master session key may be for use by only the remote UE to decrypt encrypted critical communication content sent from the MCPTT server”),
Stojanovski further discloses transmitting to client key download message (Stojanovski discloses in Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).
Hutnik in view of Stojanovski discloses the aforementioned limitations, where mission critical data is communicated, via wireless communication and through the internet between two entities, where mission critical data are received in encrypted/protected form, which would have been obvious for one of ordinary skill in the art before the filing date of the claimed invention to conceive of the encrypted data as encrypted packets comprising encrypted payloads as communications via the internet performed in integers of packets. However, Hutnik in view of Stojanovski do not explicitly disclose protecting (MCData) signaling field including a data signaling payload.
Alkhatib discloses protecting (MCData) signaling field including a data signaling payload (Alkhatib discloses conveying mission critical data in a form of encapsulated packet, which include body/payload, [0008] “The secure tunnel ensures safe and direct passage of the data packets across a network, and, potentially, over firewalls and other protective measures, when connecting across data centers and across enterprise private networks.”, [0070] “the tunnel 206 (e.g., intra-data-center tunnel) may be established and secured to protectively pass the encapsulated data packets 280 across the network 205…when the customer is creating or conveying mission-critical data of high sensitivity, the secure tunnel 206 may include enhanced protective measures to ensure the safe transmittal of the encapsulated data packets 280.”, Figure 4 illustrates the protected packet 280 comprising payload 420, [0062] “Referring to FIG. 4, a schematic depiction of an exemplary structure of a data packet 280 that is encapsulated by the source-side VM switch 223 is shown...This encapsulated data packet 280 is structured with a body 420 and an expanded header 400…the encapsulated data packet 280 may store a payload in the body 420. The expanded header 400 is configured with frames 310, 320, and 410 to indicate a VM switch that is local to the destination of the payload…the frame 310 includes the source MAC address and the destination MAC address, while the frame 320 includes the source IP address and the destination IP address…The frame 410 is populated with locators (e.g., IP addresses) of the source-side VM switch 223 and of the destination-side VM switch 221 determined from the index. As such, the encapsulated data packet 280 is addressed to traverse the network 205 via a secure tunnel 206 directly to the appropriate node (e.g., first node 211) on which the destination network adapter 240 resides.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski to incorporate the teaching of Alkhatib to utilize the above feature, with the motivation of establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of a V-net., as recognized by (Alkhatib Abstract).

Regarding claim 2 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 1, 
Hutnik does not explicitly disclose the below limitations
Stojanovski discloses wherein the MCData signaling further includes end to end security parameter (Stojanovski discloses in Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”, where the protected secret value SSV, corresponding to end to end security parameter, is part of the protected MCData required to establish secure communication of further MCData between two ends sharing the secret value SSV or common key ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).
Hutnik in view of Stojanovski do not explicitly disclose the below limitations
Alkhatib discloses wherein the MCData signaling further includes MCData signaling parameter (Alkhatib discloses conveying mission critical data in a form of encapsulated packet, which include body/payload, [0008] “The secure tunnel ensures safe and direct passage of the data packets across a network, and, potentially, over firewalls and other protective measures, when connecting across data centers and across enterprise private networks.”, [0070] “the tunnel 206 (e.g., intra-data-center tunnel) may be established and secured to protectively pass the encapsulated data packets 280 across the network 205…when the customer is creating or conveying mission-critical data of high sensitivity, the secure tunnel 206 may include enhanced protective measures to ensure the safe transmittal of the encapsulated data packets 280.”, Figure 4 illustrates the protected packet 280 comprising payload 420, [0062] “Referring to FIG. 4, a schematic depiction of an exemplary structure of a data packet 280 that is encapsulated by the source-side VM switch 223 is shown...This encapsulated data packet 280 is structured with a body 420 and an expanded header 400…the encapsulated data packet 280 may store a payload in the body 420. The expanded header 400 is configured with frames 310, 320, and 410 to indicate a VM switch that is local to the destination of the payload…the frame 310 includes the source MAC address and the destination MAC address, while the frame 320 includes the source IP address and the destination IP address…The frame 410 is populated with locators (e.g., IP addresses) of the source-side VM switch 223 and of the destination-side VM switch 221 determined from the index. As such, the encapsulated data packet 280 is addressed to traverse the network 205 via a secure tunnel 206 directly to the appropriate node (e.g., first node 211) on which the destination network adapter 240 resides.”, where the protected header corresponds to MCData signaling parameter ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski to incorporate the teaching of Alkhatib to utilize the above feature, with the motivation of establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of a V-net., as recognized by (Alkhatib Abstract).

Claims 12, 15 and 20 are directed to a method, server and client, respectively, associated with the method claimed in claim 2. Claims 12, 15 and 20 are similar in scope to claim 2, and are therefore rejected with the same rationale and motivation as claim 2.

Regarding claim 6 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 1,
Hutnik discloses the negotiation for encryption key between client and server, however. Hutnik does not explicitly discloses the message includes key. 
Stojanovski discloses wherein the key download message further includes client-server key (CSK) or a multicast signaling key - 30 -0502-0621 (SH-61292-US-SR)(Stojanovski discloses in Col. 3 line 11-13 “A solution is needed to allow the remote UE to agree to common key material with the MCPTT server”, Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”, where payload corresponds to the key download message and represents the KMS public key, shared between the MCPTT server 220 and the UE 230, encrypting the security key SSV ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).

Regarding claim 8 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 1, wherein an MC service provided by the application plane signaling comprises at least one of an MCData service, a mission critical push to talk (MCPTT) service, or an MC video (MCVideo) service (Hutnik discloses in [0020] providing database data and resource data resources, corresponding to the MCData service).
Furthermore, Hutnik does not explicitly disclose other types, e.g. MCPTT.
Stojanovski discloses MC service including a mission critical push to talk (MCPTT) service (Stojanovski Col. 3 line 11-13 and Figure 1 illustrates (MCPTT server)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of providing supporting organizations with mission critical services, organizations associated with public safety, transportation, utilities, industrial or nuclear plant operations., as recognized by (Stojanovski, Col. 1 line 21-30).

Regarding claim 10 (Cancelled). 

Regarding claim 11 (Currently Amended), Hutnik teaches a method performed by a mission critical (MC) client in a [wireless] communication system (Hutnik Abstract “A server is adapted to communicate with client devices using a selected one of a plurality of alternative protection suites.”, [0020] and Figure 1 illustrates internet communication between client and VPN servers in a VPN service provider, where the communication includes accessing data that may include “mission-critical” data as disclosed [0003]), the method comprising: 
receiving, from an [MC service (MCX)] server, a [key download] message including a signaling algorithm parameter (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm….the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, Figure 2 illustrates server 221 (responder) transmitting “Proposal with selected responder suite” to a client, as further disclosed in [0010, 0022, 0024-0025], where the proposal for the protection suite and its encryption algorithm in the message sent to the client terminal corresponds to signaling algorithm parameter)
a signaling algorithm used to protect an MC data (MCData) signaling field  [including a data signaling payload] (Hutnik [0010, 0022, 0024-0025] discloses the protection suites, e.g. (AES), i.e. indicated, to establish communication between server and the client, where the protection suite, i.e. encryption algorithm, corresponds to the signaling algorithm parameter indicating the proposed algorithm to be used, which indicates the encryption algorithm used for secure/encrypted communication to access protected resources data, such as database data, as disclosed in [0020], where the data corresponds to MCDtata signaling field information),
wherein the signaling algorithm is selected, from among a plurality of signaling algorithms, based on a local policy (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm...the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, where the responder will select/specify from among a plurality of protection suites, as further disclosed in [0028-0030] and further illustrated in Figure 2, to be used for performing encryption of communicating data, e.g. data  resources 31 as disclosed in [0020], where the selection from a plurality of protection suite, i.e. plurality of signaling algorithms, is based on the local law, i.e. local policy, as disclosed in [0012-0013]); and 
performing application plane signaling with the MCX server by using the signaling algorithm (Hutnik [0020] discloses performing service in a secure communication with the protected data resources, 31 in Figure 1, e.g.  internal servers, databases etc., with the client 12, where the secure communication is performed using the protection suite, i.e. algorithm specified/selected and proposed by the server, as disclosed in [0022], where the service of providing protected data resources and its secure access by the client corresponds to the application plane signaling with the MC client,
consistent with the description of the application plane signaling as MCData service as described in [0059] and claim 8 of the instant application),
wherein the signaling algorithm is different from an algorithm used to protect an MCData [payload] associated with a user payload (Hutnik discloses in [0010] the use of a different protection suite, i.e. signaling algorithm, that is proposed by the server 221, from the one offered by the client 12 used by the user, [0025-0030] discloses the case where if the user travels from USA to India, where India does not allow using AES to encrypt MCData, Hutnik teaches the system using a different protection suite, i.e. signaling algorithm, than the one used when the user was in USA, in order to comply with Indian laws, which does not permit using AES).  
While Hutnik discloses the aforementioned limitations, where the communication for server and client is secured/protected based on the server transmitting a protection/encryption algorithm used for protecting communication data, e.g. database resource data, etc., Hutnik further discloses negotiating encryption key, and Hutnik further discloses in the background of the disclosure that the communication data may be mission critical data, however, Hutnik does not explicitly disclose the below limitation.
Stojanovski discloses wireless communication system with mission critical service for a system including a servers and client (Stojanovski discloses User Equipment, i.e. client, and server in communication to receive mission critical content, Col. 1 line 56-60 “improvements for securely receiving critical communication content associated with a critical communication service (e.g., MCPTT) that may involve use of wireless mobile telecommunication cellular or wireless mobile broadband technologies.”, Col. 3 line 4-18 “remote UEs may utilize a relay UE's direct attachment to the network to receive critical communication services from the MCPTT server…A solution is needed to allow the remote UE to agree to common key material with the MCPTT server that can be used to securely relay a master session key. The master session key may be for use by only the remote UE to decrypt encrypted critical communication content sent from the MCPTT server”),
Stojanovski further discloses transmitting to client a key, receiving by the client, key download message (Stojanovski discloses in Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).
Hutnik in view of Stojanovski discloses the aforementioned limitations, where mission critical data is communicated, via wireless communication and through the internet between two entities, where mission critical data are received in encrypted/protected form, which would have been obvious for one of ordinary skill in the art before the filing date of the claimed invention to conceive of the encrypted data as encrypted packets comprising encrypted payloads as communications via the internet performed in integers of packets. However, Hutnik in view of Stojanovski do not explicitly disclose protecting (MCData) signaling field including a data signaling payload.
Alkhatib discloses protecting (MCData) signaling field including a data signaling payload (Alkhatib discloses conveying mission critical data in a form of encapsulated packet, which include body/payload, [0008] “The secure tunnel ensures safe and direct passage of the data packets across a network, and, potentially, over firewalls and other protective measures, when connecting across data centers and across enterprise private networks.”, [0070] “the tunnel 206 (e.g., intra-data-center tunnel) may be established and secured to protectively pass the encapsulated data packets 280 across the network 205…when the customer is creating or conveying mission-critical data of high sensitivity, the secure tunnel 206 may include enhanced protective measures to ensure the safe transmittal of the encapsulated data packets 280.”, Figure 4 illustrates the protected packet 280 comprising payload 420, [0062] “Referring to FIG. 4, a schematic depiction of an exemplary structure of a data packet 280 that is encapsulated by the source-side VM switch 223 is shown...This encapsulated data packet 280 is structured with a body 420 and an expanded header 400…the encapsulated data packet 280 may store a payload in the body 420. The expanded header 400 is configured with frames 310, 320, and 410 to indicate a VM switch that is local to the destination of the payload…the frame 310 includes the source MAC address and the destination MAC address, while the frame 320 includes the source IP address and the destination IP address…The frame 410 is populated with locators (e.g., IP addresses) of the source-side VM switch 223 and of the destination-side VM switch 221 determined from the index. As such, the encapsulated data packet 280 is addressed to traverse the network 205 via a secure tunnel 206 directly to the appropriate node (e.g., first node 211) on which the destination network adapter 240 resides.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski to incorporate the teaching of Alkhatib to utilize the above feature, with the motivation of establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of a V-net., as recognized by (Alkhatib Abstract).

Regarding claim 14 (Currently Amended), Hutnik teaches [a mission critical (MC) service (MCX)] server in a [wireless] communication system (Hutnik Abstract “A server is adapted to communicate with client devices using a selected one of a plurality of alternative protection suites.”, [0020] and Figure 1 illustrates a system for wireless communication between client and VPN servers in a VPN service provider, where the communication includes accessing data that may include “mission-critical” data as disclosed [0003]), the [MCX] server comprising: 
a transceiver; and at least one processor (Hutnik [0031] and Figure 3 illustrates the process performed by the server, where the server/responder receives and transmits protection algorithm offers and protection algorithm proposals to the client through the internet as illustrated in Figures 1-2, indicating that there is a processor and transceiver for performing the transmitting and receiving), 
select, from among a plurality of signaling algorithms, a signaling algorithm used to protect an MC data (MCData) signaling field [including a data signaling payload], based on a local policy (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm...the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, where the responder will select/specify from among a plurality of protection suites, as further disclosed in [0028-0030] and further illustrated in Figure 2, to be used for performing encryption of communicating data, e.g. data  resources 31 as disclosed in [0020], where the selection from a plurality of protection suite, i.e. plurality of signaling algorithms, is based on the local law, i.e. local policy, as disclosed in [0012-0013]),
transmit, to an MC clientvia the transceiver, a [key download] message including a signaling algorithm parameter (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm….the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, Figure 2 illustrates server 221 (responder) transmitting “Proposal with selected responder suite” to a client, as further disclosed in [0010, 0022, 0024-0025], where the proposal for the specified/selected protection suite and its encryption algorithm corresponds to signaling algorithm parameter), 
the signaling algorithm (Hutnik [0010, 0022, 0024-0025] discloses the protection suites, e.g. (AES), i.e. indicated, to establish communication between server and the client, where the protection suite, i.e. encryption algorithm, corresponds to the signaling algorithm parameter indicating the proposed algorithm to be used, which indicates the encryption algorithm used for secure/encrypted communication to access protected resources data, such as database data, as disclosed in [0020], where the data corresponds to MCDtata signaling field), and 
perform, via the transceiver, application plane signaling with the MC client by using the signaling algorithm (Hutnik [0020] discloses performing service in a secure communication with the protected data resources, 31 in Figure 1, e.g.  internal servers, databases etc., with the client 12, where the secure communication is performed using the protection suite, i.e. algorithm specified/selected and proposed by the server, as disclosed in [0022], where the secure communication between the server and the client is through transceiver of the server, where the service of providing protected data resources and its secure access by the client corresponds to the application plane signaling with the MC client,
consistent with the description of the application plane signaling as MCData service as described in [0059] and claim 8 of the instant application),
wherein the signaling algorithm is different from an algorithm used to protect an MCData [payload] associated with a user payload (Hutnik discloses in [0010] the use of a different protection suite, i.e. signaling algorithm, that is proposed by the server 221, from the one offered by the client 12 used by the user, [0025-0030] discloses the case where if the user travels from USA to India, where India does not allow using AES to encrypt MCData, Hutnik teaches the system using a different protection suite, i.e. signaling algorithm, than the one used when the user was in USA, in order to comply with Indian laws, which does not permit using AES).  
While Hutnik discloses the aforementioned limitations, where the communication for server and client is secured/protected based on the server transmitting a protection/encryption algorithm used for protecting communication data, e.g. database resource data, etc., Hutnik further discloses negotiating encryption key, and Hutnik further discloses in the background of the disclosure that the communication data may be mission critical data, however, Hutnik does not explicitly disclose the below limitation.
Stojanovski discloses wireless communication system for mission critical service for a system including a servers and client (Stojanovski discloses User Equipment, i.e. client, and server in wireless communication to receive mission critical content, 
Col. 1 line 56-60 “improvements for securely receiving critical communication content associated with a critical communication service (e.g., MCPTT) that may involve use of wireless mobile telecommunication cellular or wireless mobile broadband technologies.”.
Col. 3 line 4-18 “remote UEs may utilize a relay UE's direct attachment to the network to receive critical communication services from the MCPTT server…A solution is needed to allow the remote UE to agree to common key material with the MCPTT server that can be used to securely relay a master session key. The master session key may be for use by only the remote UE to decrypt encrypted critical communication content sent from the MCPTT server”)
Stojanovski further discloses transmitting to client key download message (Stojanovski discloses in Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).
Hutnik in view of Stojanovski discloses the aforementioned limitations, where mission critical data is communicated, via wireless communication and through the internet between two entities, where mission critical data are received in encrypted/protected form, which would have been obvious for one of ordinary skill in the art before the filing date of the claimed invention to conceive of the encrypted data as encrypted packets comprising encrypted payloads as communications via the internet performed in integers of packets. However, Hutnik in view of Stojanovski do not explicitly disclose protecting (MCData) signaling field including a data signaling payload.
Alkhatib discloses protecting (MCData) signaling field including a data signaling payload (Alkhatib discloses conveying mission critical data in a form of encapsulated packet, which include body/payload, [0008] “The secure tunnel ensures safe and direct passage of the data packets across a network, and, potentially, over firewalls and other protective measures, when connecting across data centers and across enterprise private networks.”, [0070] “the tunnel 206 (e.g., intra-data-center tunnel) may be established and secured to protectively pass the encapsulated data packets 280 across the network 205…when the customer is creating or conveying mission-critical data of high sensitivity, the secure tunnel 206 may include enhanced protective measures to ensure the safe transmittal of the encapsulated data packets 280.”, Figure 4 illustrates the protected packet 280 comprising payload 420, [0062] “Referring to FIG. 4, a schematic depiction of an exemplary structure of a data packet 280 that is encapsulated by the source-side VM switch 223 is shown...This encapsulated data packet 280 is structured with a body 420 and an expanded header 400…the encapsulated data packet 280 may store a payload in the body 420. The expanded header 400 is configured with frames 310, 320, and 410 to indicate a VM switch that is local to the destination of the payload…the frame 310 includes the source MAC address and the destination MAC address, while the frame 320 includes the source IP address and the destination IP address…The frame 410 is populated with locators (e.g., IP addresses) of the source-side VM switch 223 and of the destination-side VM switch 221 determined from the index. As such, the encapsulated data packet 280 is addressed to traverse the network 205 via a secure tunnel 206 directly to the appropriate node (e.g., first node 211) on which the destination network adapter 240 resides.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski to incorporate the teaching of Alkhatib to utilize the above feature, with the motivation of establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of a V-net., as recognized by (Alkhatib Abstract).

Regarding claim 19 (Currently Amended), Hutnik teaches a mission critical (MC) client in a [wireless] communication system (Hutnik Abstract “A server is adapted to communicate with client devices using a selected one of a plurality of alternative protection suites.”, [0020] and Figure 1 illustrates a system for internet communication between client and VPN servers in a VPN service provider, where the communication includes accessing data that may include “mission-critical” data as disclosed [0003]), the MC client comprising: a transceiver; and at least one processor  (Hutnik [0020-0023] and illustrates in Figure 2 the client transmitting and receiving  protection suites and consequently negotiations of an encryption key is ensued as disclosed in [0025], indicating the client with processing capability and comprising a transceiver for transmitting and receiving the protection suites), 
receive, from an [MC service (MCX)] servervia the transceiver, a [key download] message including a signaling algorithm parameter (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm….the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, Figure 2 illustrates server 221 (responder) transmitting “Proposal with selected responder suite” to a client, as further disclosed in [0010, 0022, 0024-0025], where the proposal for the protection suite and its encryption algorithm corresponds to signaling algorithm parameter), 
a signaling algorithm used to protect an MC data (MCData) signaling field (Hutnik [0010, 0022, 0024-0025] discloses the protection suites, e.g. (AES), i.e. indicated, to establish communication between server and the client, where the protection suite, i.e. encryption algorithm, corresponds to the signaling algorithm parameter indicating the proposed algorithm to be used, which indicates the encryption algorithm used for secure/encrypted communication to access protected resources data, such as database data, as disclosed in [0020], where the data corresponds to MCDtata signaling field),
[including a data signaling payload], wherein the signaling algorithm is selected, from among a plurality of signaling algorithms, based on a local policy (Hutnik discloses [0010] “…a first entity, or responder (such as the IPSec server of the above example), uses the geographic location of a second entity, or initiator (such as the IPSec client), to modify what would otherwise be the responder's choice of protection suite for the session in the event that that choice includes anything whose use would cause impermissible communications--for example, communications that would violate local law such as by using a particular encryption algorithm...the responder will specify in the Proposal another protection suite from among those offered by the initiator--one that does not include any non-permitted protection parameter values.”, where the responder will select/specify from among a plurality of protection suites, as further disclosed in [0028-0030] and further illustrated in Figure 2, to be used for performing encryption of communicating data, e.g. data  resources 31 as disclosed in [0020], where the selection from a plurality of protection suite, i.e. plurality of signaling algorithms, is based on the local law, i.e. local policy, as disclosed in [0012-0013]), and 
performvia the transceiver, application plane signaling with the MCX server by using the signaling algorithm (Hutnik [0020] discloses performing service in a secure communication with the protected data resources, 31 in Figure 1, e.g.  internal servers, databases etc., with the client 12, where the secure communication is performed using the protection suite, i.e. algorithm, specified/selected and proposed by the server, as disclosed in [0022], where the service of providing protected data resources and its secure access by the client corresponds to the application plane signaling with the MC client,
consistent with the description of the application plane signaling as MCData service as described in [0059] and claim 8 of the instant application),
wherein the signaling algorithm is different from an algorithm used to protect an MCData [payload] associated with a user payload (Hutnik discloses in [0010] the use of a different protection suite, i.e. signaling algorithm, that is proposed by the server 221, from the one offered by the client 12 used by the user, [0025-0030] discloses the case where if the user travels from USA to India, where India does not allow using AES to encrypt MCData, Hutnik teaches the system using a different protection suite, i.e. signaling algorithm, than the one used when the user was in USA, in order to comply with Indian laws, which does not permit using AES).  
While Hutnik discloses the aforementioned limitations, where the communication for server and client is secured/protected based on the server transmitting a protection/encryption algorithm used for protecting communication data, e.g. database resource data, etc., Hutnik further discloses negotiating encryption key, and Hutnik further discloses in the background of the disclosure that the communication data may be mission critical data, however, Hutnik does not explicitly disclose the below limitation.
Stojanovski discloses wireless communication system for mission critical system including a servers and client (Stojanovski discloses User Equipment, i.e. client, and server in wireless communication to receive mission critical content, 
Col. 1 line 56-60 “improvements for securely receiving critical communication content associated with a critical communication service (e.g., MCPTT) that may involve use of wireless mobile telecommunication cellular or wireless mobile broadband technologies.”. Col. 3 line 4-18 “remote UEs may utilize a relay UE's direct attachment to the network to receive critical communication services from the MCPTT server…A solution is needed to allow the remote UE to agree to common key material with the MCPTT server that can be used to securely relay a master session key. The master session key may be for use by only the remote UE to decrypt encrypted critical communication content sent from the MCPTT server”),
Stojanovski further discloses transmitting to client key, receiving by the client, key download message (Stojanovski discloses in Col. 7 line 56-64 “…MCPTT server 220 may use the KMS public key and its ID_nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload. Upon receipt of the SAKKE payload, remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik to incorporate the teaching of Stojanovski to utilize the above feature, with the motivation of only the particular UE decrypting the encrypted critical communication, as recognized by (Stojanovski, Col. 3 line 4-18).
Hutnik in view of Stojanovski discloses the aforementioned limitations, where mission critical data is communicated, via wireless communication and through the internet between two entities, where mission critical data are received in encrypted/protected form, which would have been obvious for one of ordinary skill in the art before the filing date of the claimed invention to conceive of the encrypted data as encrypted packets comprising encrypted payloads as communications via the internet performed in integers of packets. However, Hutnik in view of Stojanovski do not explicitly disclose protecting (MCData) signaling field including a data signaling payload.
Alkhatib discloses protecting (MCData) signaling field including a data signaling payload (Alkhatib discloses conveying mission critical data in a form of encapsulated packet, which include body/payload, [0008] “The secure tunnel ensures safe and direct passage of the data packets across a network, and, potentially, over firewalls and other protective measures, when connecting across data centers and across enterprise private networks.”, [0070] “the tunnel 206 (e.g., intra-data-center tunnel) may be established and secured to protectively pass the encapsulated data packets 280 across the network 205…when the customer is creating or conveying mission-critical data of high sensitivity, the secure tunnel 206 may include enhanced protective measures to ensure the safe transmittal of the encapsulated data packets 280.”, Figure 4 illustrates the protected packet 280 comprising payload 420, [0062] “Referring to FIG. 4, a schematic depiction of an exemplary structure of a data packet 280 that is encapsulated by the source-side VM switch 223 is shown...This encapsulated data packet 280 is structured with a body 420 and an expanded header 400…the encapsulated data packet 280 may store a payload in the body 420. The expanded header 400 is configured with frames 310, 320, and 410 to indicate a VM switch that is local to the destination of the payload…the frame 310 includes the source MAC address and the destination MAC address, while the frame 320 includes the source IP address and the destination IP address…The frame 410 is populated with locators (e.g., IP addresses) of the source-side VM switch 223 and of the destination-side VM switch 221 determined from the index. As such, the encapsulated data packet 280 is addressed to traverse the network 205 via a secure tunnel 206 directly to the appropriate node (e.g., first node 211) on which the destination network adapter 240 resides.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski to incorporate the teaching of Alkhatib to utilize the above feature, with the motivation of establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of a V-net., as recognized by (Alkhatib Abstract).

Claims 3, 5, 13, 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hutnik (US 20080155645 A1), hereinafter Hutnik in view of Stojanovski (US 10079822 B2), hereinafter Stojanovski, Alkhatib et. al. (US 20110283017 A1), hereinafter Alkhatib and further in view of Le (US 20160241389 A1), hereinafter Le.

Regarding claim 3 (Currently Amended), Hutnik in view of Stojanovski teaches the method of claim 1, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm, and further discloses in the background of the disclosure “AES has a block size of 128 bits… AES supports keys of at least 128 bits”, however Hutnik in view of Stojanovski and Alkhatib do not disclose the below limitation in the body of the disclosure. 
LE disclose wherein the signaling algorithm is selected as one of an advanced encryption standard (AES) with 128 bits key length algorithm (DP_AES_128_GCM) or an AES with 256 bits key length algorithm (DP_AES_256_GCM) (Le [0058] “A cipher suite may define a channel strength (e.g., 128 bits, 192 bits, or 256 bits), a key derivation 
function (KDF) (e.g., AES-128, AES-394, or AES-256), an elliptic curve cryptography (ECC) key agreement curve or key generation algorithm (e.g., P-256, P-384, or P-521), a block cipher mode of operation (e.g., Offset Codebook Mode (OCB), Key Wrap, Counter with CBC-MAC (CCM), EAX, Encrypt-then-MAC (EtM), or Galois/Counter Mode (GCM)), a digital signature algorithm (e.g., Elliptic Curve Digital Signature Algorithm (ECDSA) or Digital Signature Algorithm (DSA)), a cryptographic hash function (e.g., SHA-256, SHA-384, or SHA-512), a nonce (e.g., 16 bytes, 24 bytes, or 32 bytes), and the like.”, [0170] “The protocol encryption keys and/or the payload encryption keys may be generated based on the cipher suite in addition to or instead of the shared secrets. For example, the cipher suite may indicate sizes of the keys to be generated and/or the key generation algorithms (e.g., KDFs).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Le to utilize the above feature, by selecting from a finite number of algorithms that define a security and channel strength, as recognized by (Le 0058).

Regarding claim 5 (Currently Amended), Hutnik in view of Stojanovski, Alkhatib and Le teaches the method of claim 3, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm, however, Hutnik in view of Stojanovski and Alkhatib do not teach the below limitation.
Le discloses wherein in case that the signaling algorithm is the DP_AES_256_GCM, (Le [0058] “A cipher suite may define a channel strength (e.g., 128 bits, 192 bits, or 256 bits), a key derivation 
function (KDF) (e.g., AES-128, AES-394, or AES-256), an elliptic curve cryptography (ECC) key agreement curve or key generation algorithm (e.g., P-256, P-384, or P-521), a block cipher mode of operation (e.g., Offset Codebook Mode (OCB), Key Wrap, Counter with CBC-MAC (CCM), EAX, Encrypt-then-MAC (EtM), or Galois/Counter Mode (GCM)), a digital signature algorithm (e.g., Elliptic Curve Digital Signature Algorithm (ECDSA) or Digital Signature Algorithm (DSA)), a cryptographic hash function (e.g., SHA-256, SHA-384, or SHA-512), a nonce (e.g., 16 bytes, 24 bytes, or 32 bytes), and the like.”, [0170] “The protocol encryption keys and/or the payload encryption keys may be generated based on the cipher suite in addition to or instead of the shared secrets. For example, the cipher suite may indicate sizes of the keys to be generated and/or the key generation algorithms (e.g., KDFs).”, where the AES-256 derive 256 payload encryption key, corresponding to the MCData payload cipher key, [0188] “…the cipher suite may specify the use of an AEAD encryption algorithm and a key size of 256 bits for encrypting the payload data.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Le to utilize the above feature, by selecting from a finite number of algorithms that define a security and channel strength, as recognized by (Le 0058).

Regarding claim 13 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 11, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm and Hutnik further discloses in the background of the disclosure “AES has a block size of 128 bits… AES supports keys of at least 128 bits”, however Hutnik in view of Stojanovski and Alkhatib do not disclose the below limitation in the body of the disclosure. 
Le discloses wherein the signaling algorithm one of an advanced encryption standard (AES) with 128 bits key length algorithm (DP_AES_128_GCM) or an AES with 256 bits key length algorithm  (DP AES 256 GCM) (Le [0058] “A cipher suite may define a channel strength (e.g., 128 bits, 192 bits, or 256 bits), a key derivation 
function (KDF) (e.g., AES-128, AES-394, or AES-256), an elliptic curve cryptography (ECC) key agreement curve or key generation algorithm (e.g., P-256, P-384, or P-521), a block cipher mode of operation (e.g., Offset Codebook Mode (OCB), Key Wrap, Counter with CBC-MAC (CCM), EAX, Encrypt-then-MAC (EtM), or Galois/Counter Mode (GCM)), a digital signature algorithm (e.g., Elliptic Curve Digital Signature Algorithm (ECDSA) or Digital Signature Algorithm (DSA)), a cryptographic hash function (e.g., SHA-256, SHA-384, or SHA-512), a nonce (e.g., 16 bytes, 24 bytes, or 32 bytes), and the like.”, [0170] “The protocol encryption keys and/or the payload encryption keys may be generated based on the cipher suite in addition to or instead of the shared secrets. For example, the cipher suite may indicate sizes of the keys to be generated and/or the key generation algorithms (e.g., KDFs).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Le to utilize the above feature, by selecting from a finite number of algorithms that define a security and channel strength, as recognized by (Le 0058).

Regarding claim 16 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 14, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm and Hutnik further discloses in the background of the disclosure “AES has a block size of 128 bits… AES supports keys of at least 128 bits”, however Hutnik in view of Stojanovski and Alkhatib do not disclose the below limitation in the body of the disclosure.
LE disclose wherein the signaling algorithm is one of an advanced encryption standard (AES) with 128 bits key length algorithm (DP_AES_128_GCM) or an AES with 256 bits key length algorithm (DP_AES_258_GCM) (Le [0058] “A cipher suite may define a channel strength (e.g., 128 bits, 192 bits, or 256 bits), a key derivation 
function (KDF) (e.g., AES-128, AES-394, or AES-256), an elliptic curve cryptography (ECC) key agreement curve or key generation algorithm (e.g., P-256, P-384, or P-521), a block cipher mode of operation (e.g., Offset Codebook Mode (OCB), Key Wrap, Counter with CBC-MAC (CCM), EAX, Encrypt-then-MAC (EtM), or Galois/Counter Mode (GCM)), a digital signature algorithm (e.g., Elliptic Curve Digital Signature Algorithm (ECDSA) or Digital Signature Algorithm (DSA)), a cryptographic hash function (e.g., SHA-256, SHA-384, or SHA-512), a nonce (e.g., 16 bytes, 24 bytes, or 32 bytes), and the like.”, [0170] “The protocol encryption keys and/or the payload encryption keys may be generated based on the cipher suite in addition to or instead of the shared secrets. For example, the cipher suite may indicate sizes of the keys to be generated and/or the key generation algorithms (e.g., KDFs).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Le to utilize the above feature, by selecting from a finite number of algorithms that define a security and channel strength, as recognized by (Le 0058).

Regarding claim 18 (Currently Amended), Hutnik in view of Stojanovski, Alkhatib and Le teaches the method of claim 16, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm, however, Hutnik in view of Stojanovski do not teach the below limitation.
Le discloses wherein in case the signaling algorithm is the DP_AES_256_GCM, a key derivation function (KDF) output are used as a MCData payload cipher key (DPCK) (Le [0058] “A cipher suite may define a channel strength (e.g., 128 bits, 192 bits, or 256 bits), a key derivation function (KDF) (e.g., AES-128, AES-394, or AES-256), an elliptic curve cryptography (ECC) key agreement curve or key generation algorithm (e.g., P-256, P-384, or P-521), a block cipher mode of operation (e.g., Offset Codebook Mode (OCB), Key Wrap, Counter with CBC-MAC (CCM), EAX, Encrypt-then-MAC (EtM), or Galois/Counter Mode (GCM)), a digital signature algorithm (e.g., Elliptic Curve Digital Signature Algorithm (ECDSA) or Digital Signature Algorithm (DSA)), a cryptographic hash function (e.g., SHA-256, SHA-384, or SHA-512), a nonce (e.g., 16 bytes, 24 bytes, or 32 bytes), and the like.”, [0170] “The protocol encryption keys and/or the payload encryption keys may be generated based on the cipher suite in addition to or instead of the shared secrets. For example, the cipher suite may indicate sizes of the keys to be generated and/or the key generation algorithms (e.g., KDFs).”, where the AES-256 derive 256 payload encryption key, corresponding to the MCData payload cipher key, [0188] “…the cipher suite may specify the use of an AEAD encryption algorithm and a key size of 256 bits for encrypting the payload data.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Le to utilize the above feature, by selecting from a finite number of algorithms that define a security and channel strength, as recognized by (Le 0058).
  
Claims 4 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hutnik (US 20080155645 A1), hereinafter Hutnik in view of Stojanovski (US 10079822 B2), hereinafter Stojanovski, Alkhatib et. al. (US 20110283017 A1), hereinafter Alkhatib and further in view of Le (US 20160241389 A1), hereinafter Le and further in view of Horn et. al. (US 20150092701 A1), hereinafter Horn.

Regarding claim 4 (Currently Amended), Hutnik in view of Stojanovski, Alkhatib and Le teaches the method of claim 3, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm, however, Hutnik in view of Stojanovski and Alkhatib do not disclose the below limitations.
Le discloses wherein  in case that the signaling algorithm is the DP_AES_128_GCM (Le [0058] discloses AES_128_GCM, rationale and motivation in claim 3 applies).
Hutnik in view of Stojanovski, Alkhatib and Le do not disclose the below limitations.
Horn discloses (Horn [0055] “K.sub.ASME (or Ki)=least or most significant 128/256 bits of KDF (K.sub.device-root, INPUT).
Where: KDF is any key derivation function (e.g., SHA256). The output of the KDF is truncated to either 128-bits or 256-bits depending on whether the network uses 128-bit keys or 256-bit keys. K.sub.device-root is the key that is shared between the UE 415 and the subscription server 435.”, where the key corresponds to a cipher key).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski, Alkhatib and Le to incorporate the teaching of Horn to utilize the above feature, with the motivation accommodating the networks use of key size, as recognized by (Horn [0055]).

Regarding claim 17, Hutnik in view of Stojanovski, Alkhatib and Le teaches the method of claim 16, 
Hutnik discloses a selection of a protection suite, i.e. signaling algorithm, however, Hutnik in view of Stojanovski and Alkhatib do not disclose the below limitations.
Le discloses wherein in case that the algorithm is the DP_AES_128_GCM (Le [0058] discloses AES_128_GCM, rationale and motivation in claim 16 applies).
Hutnik in view of Stojanovski, Alkhatib and Le do not disclose the below limitations.
Horn discloses (Horn [0055] “K.sub.ASME (or Ki)=least or most significant 128/256 bits of KDF (K.sub.device-root, INPUT).
Where: KDF is any key derivation function (e.g., SHA256). The output of the KDF is truncated to either 128-bits or 256-bits depending on whether the network uses 128-bit keys or 256-bit keys. K.sub.device-root is the key that is shared between the UE 415 and the subscription server 435.”, where the key corresponds to a cipher key).   
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski, Alkhatib and Le to incorporate the teaching of Horn to utilize the above feature, with the motivation accommodating the networks use of key size, as recognized by (Horn [0055]).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Hutnik (US 20080155645 A1), hereinafter Hutnik in view of Stojanovski (US 10079822 B2), hereinafter Stojanovski, Alkhatib et. al. (US 20110283017 A1), hereinafter Alkhatib and further in view of Le Saint et al (US 20180375663 A1), hereinafter Saint.

Regarding claim 7 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 1, further comprising: 
Hutnik in view of Stojanovski and Alkhatib do not explicitly disclose the below limitations. 
Saint discloses receiving, from the MC client, a key upload message including a client-server key (CSK) (Saint illustrates in Figure 2 (205) the client transmitting/sending a message including a client ephemeral public key, corresponding to client-server key (CSK), since the key will be used in establishing secure client-server session communication, [0057] “At 205, the client computer 240 can transmit a “request message” including the client ephemeral public key and the client encrypted data to the server computer 280.”); and 
obtaining a MCData payload cipher key (DPCK) as an output of inputting the CSK to a key derivation function (KDF) (Saint illustrates in Figure 2 (209) illustrates the server obtaining a session key using a key derivation function and the shared secret, where the shared secret is initially generated from the client ephemeral public key, where the session key is used for encrypting data/payload and later decrypted at the client, [0061] “At 209, the server computer 280 can determine a second shared secret using the server blinding factor, the server static private key 282, and the client ephemeral public key. The server computer 280 may also determine a second session key using a key derivation function and the second shared secret.”, [0067] “At 215, the client computer 240 can decrypt the encrypted server data using the second shared secret (e.g., using the second session key) to obtain the server blinding factor, the server certificate 288, and the server payload 292.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Saint to utilize the above feature, with the motivation of ensuring secure and non-traceable communication, as recognized by (Saint [0066, 0070]).

Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Hutnik (US 20080155645 A1), hereinafter Hutnik in view of Stojanovski (US 10079822 B2), hereinafter Stojanovski, Alkhatib et. al. (US 20110283017 A1), hereinafter Alkhatib, and further in view of Fard (US 20200100319 A1), hereinafter Fard (Citation from us-provisional-application US 62736238).

Regarding claim 9 (Currently Amended), Hutnik in view of Stojanovski and Alkhatib teaches the method of claim 1, 
Hutnik in view of Stojanovski and Alkhatib do not disclose TLV format.
Fard discloses wherein the MCData signaling field includes the data signaling payload using a tag-length-value (TLV) format (Fard discloses transmitting packet, where its header employs/comprises a TLV guideline, [00279] “a payload of the packet may be employed to transmit and detect the RAI. The packet header may employ/comprise a type, length, value TL V guideline to assist with the detection and/or the detection rules of the packet. In an example, one or more detection rules may be configured in the UPP to detect the RAI.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hutnik in view of Stojanovski and Alkhatib to incorporate the teaching of Fard to utilize the above feature, with the motivation of assisting with the detection rules of the packet, as recognized by (Fard [00279]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497