ALLOWABILITY NOTICE

EXAMINER'S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Edward Kim on April 26, 2022. 

The application has been amended as follows: 
1.	(Original) A method, comprising:
receiving, by a device and from a user equipment (UE), a first request associated with enabling the UE to access a network;
identifying, by the device and in a first entry of a routing table of the network, a first authentication manager that is mapped to a first routing indicator of the first request; 
routing, by the device, the first request to the first authentication manager to permit the first authentication manager to authenticate the UE; 
receiving, by the device and from the first authentication manager, a derivative key and a subscription permanent identifier (SUPI) of the UE, wherein the derivative key is based on de-concealing the SUPI to authenticate the UE; 
generating, by the device and based on the derivative key and the SUPI, a second routing indicator associated with the UE;
selecting, by the device and from a plurality of authentication managers of the network, a second authentication manager for a subsequent authentication of the UE; and
storing, by the device and in a second entry of the routing table, the second routing indicator in association with an identifier of the second authentication manager for routing a second request from the UE.

2.	(Original) The method of claim 1, wherein the first request corresponds to an activation request to activate a subscription associated with the UE and the network, and
wherein the second request corresponds to a registration request from the UE.

3.	(Original) The method of claim 1, wherein the first request includes:
the first routing indicator; and
a subscription concealed identifier (SUCI) that conceals the SUPI.

4.	(Original) The method of claim 1, wherein the first routing indicator is different from the second routing indicator and are both configured to be:
associated with the UE, and
unique routing indicators relative to other routing indicators in other entries of the routing table.	

5.	(Original) The method of claim 1, wherein purging the first entry comprises:
clearing the first routing indicator from the first entry to permit the first authentication manager to be mapped, via the first entry, to a different routing indicator from the first routing indicator.

6.	(Currently Amended) The method of claim 1, wherein the second authentication manager is selected based on at least one of:
information associated with a location of the UE,
information associated with a location of the device,
information associated with a location of the second authentication manager, or
the second entry indicating that the second authentication manager is available for the subsequent authentication.

7.	(Original) The method of claim 1, further comprising:
receiving, from the UE, the second request that includes a new routing indicator,
wherein the new routing indicator is generated based on the UE being identified by the SUPI and the derivative key being generated from the SUPI; and
routing, based on the second entry, the second request to the second authentication manager to permit the second authentication manager to authenticate the UE.

8.	(Currently Amended) A system comprising:
one or more [[an ]]authentication managers
a routing manager, of the network, configured to: 
receive, from a user equipment (UE), a first request associated with enabling the UE to access the network;
identify a first routing indicator in the first request;
determine, using a first entry associated with a routing table of the network, that [[the ]]a first authentication manager, of the one or more authentication managers, is to process the first request to authenticate the UE;
route, the first request to the first authentication manager to authenticate the UE;
receive, from the first authentication manager, a derivative key and a subscription permanent identifier (SUPI) of the UE, wherein the derivative key is based on de-concealing the SUPI to authenticate the UE;
generate, based on the derivative key and the SUPI, a second routing indicator associated with the UE;
select, from a plurality of authentication managers of the network, a second authentication manager, of the one or more authentication managers, for a subsequent authentication of the UE; and
store, in a second entry of the routing table, the second routing indicator in associated with an identifier of the second authentication manager for routing a second request from the UE. 



9.	(Currently Amended) The system of claim 8, wherein the first request corresponds to an activation request associated with the UE activating a subscription to the network,
wherein the routing indicator includes a unique routing indicator that is used only by the UE to activate the subscription, and
wherein the routing manager is further configured to receive a subsequent request, associated with enabling the UE to connect to the network, that includes a new routing indicator that is different from the unique routing indicator.

10.	(Currently Amended) The system of claim 9, wherein the routing manager is further configured to forward the first request to the first authentication manager to cause the first authentication manager to:
authenticate, based on receiving the first request, the UE by:
decrypting a subscription concealed identifier (SUCI) to identify the SUPI
authenticating the UE based on the SUPI.[[;]] 






11.	(Currently Amended) The system of claim 8, wherein the network is a 5th generation New Radio (5G/NR) network, 
wherein the routing manager is associated with an access and mobility management function (AMF) of the 5G/NR network, and 
wherein the first authentication manager is associated with a subscriber identity de-concealing function (SIDF) of the 5G/NR network.

12.	(Canceled Herein) 

13.	(Currently Amended) The system of claim 8, wherein the routing manager is configured to route the first request to cause the first authentication manager to:
decrypt, based on receiving the first request and using a concealment key, a subscription concealed identifier (SUCI) of the first request to de-conceal the SUPI 
authenticate the UE based on an expected subscription permanent identifier (E-SUPI) matching the de-concealed SUPI,
wherein the E-SUPI is mapped to the concealment key in a de-conceal entry of a de-concealing table of the first authentication manager; 
purge the de-conceal entry to remove the concealment key; 
generate, based on the routing indicator and the SUPI, a new concealment key; and
store, in a second de-conceal entry of the de-concealing table, the new concealment key and a new expected SUPI associated with the UE,
wherein the new expected SUPI is generated based on the SUPI and the new concealment key.

14.	(Currently Amended) The system of claim 8, wherein the routing manager is configured to route the first request to cause the first authentication manager to:
identify, based on the first routing indicator, [[an ]]a third entry of a de-concealing table that includes the routing indicator and an expected subscription permanent identifier (E-SUPI);
identify, from the first request, a concealed subscription permanent identifier (C-SUPI) of the UE; and
authenticate the UE based on the E-SUPI corresponding to the C-SUPI.

15.	(Currently Amended) A device, comprising:
one or more processors configured to:
receive, from a user equipment (UE), a first request associated with enabling the UE to access a network, wherein the first request includes a first routing indicator;
identify [[an ]]a first authentication manager, of the network, that is mapped to the first routing indicator in [[an ]]a first entry of a routing table of the network;
route the first request to the first authentication manager of the network to permit the first authentication manager to authenticate the UE; 
receive, from the first authentication manager, a derivative key and a subscription permanent identifier (SUPI) of the UE, wherein the derivative key is based on de-concealing the SUPI to authenticate the UE;
generate, based on the derivative key and the SUPI, a second routing indicator associated with the UE;
select, from a plurality of authentication managers of the network, a second authentication manager for a subsequent authentication of the UE; and
store, in a second entry of the routing table, the second routing indicator in associated with an identifier of the second authentication manager for routing a second request from the UE. 



16.	(Currently Amended) The device of claim 15, wherein the first request corresponds to at least one of:
an activation request associated with the UE activating a subscription to the network, or
a registration request associated with the UE connecting to the network.

17.	(Currently Amended) The device of claim 15, wherein the network is a 5th generation New Radio (5G/NR) network, and 
wherein the first authentication manager comprises subscriber identity de-concealing function (SIDF) of the 5G/NR network.

18.	(Canceled Herein) 

19.	(Canceled Herein) 

20.	(Canceled Herein) 

21.	(New) The system of claim 8, wherein the routing manager is further configured to:
purge the first entry of the routing table that maps the first routing indicator to the first authentication manager.

22.	(New) The device of claim 15, wherein the one or more processors are further configured to:
purge the first entry of the routing table that maps the first routing indicator to the first authentication manager.

23.	(New) The device of claim 15, wherein the one or more processors are further configured to:
purge the second entry of the routing table.





Reasons for Allowance

The following is an examiner’s statement of reasons for allowance: 
The closest prior art of record is US-20200204985-A1 to AN et al. and US-20210051468-A1 to BASKARAN et al.
An discloses generating a Subscription Concealed Identifier (SUCI), which is an encrypted version of the SUPI (see for example, para 0022, 0026, 0027). 
Baskaran discloses authenticating a device using an authentication manager (see for example, paragraphs 0008, 0043).

The prior art of record does not disclose (with respect to independent claim 1 by example only, as the other independent claims have similar limitations) the following limitations, in combination with the other limitations of the independent claims:  
generating, by the device and based on the derivative key and the SUPI, a second routing indicator associated with the UE; selecting, by the device and from a plurality of authentication managers of the network, a second authentication manager for a subsequent authentication of the UE; and storing, by the device and in a second entry of the routing table, the second routing indicator in association with an identifier of the second authentication manager for routing a second request from the UE.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERICA NAVAR whose telephone number is (571)270-5888. The examiner can normally be reached 8 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong Hu can be reached on 571-272-3965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ERICA NAVAR/Primary Examiner, Art Unit 2643