DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Claim Rejections - 35 USC § 102
Claims 48 and 61
Applicant’s arguments filed on 5/06/2022, directed at the amended claims submitted on 5/06/2022 were considered, but are moot in view of new rejections made below in response to the latest amendments by applicant.

Claim Rejections - 35 USC § 103
Independent Claims 36 and 49
Applicant argues the following:
Li fails to disclose "selectively sending the target plane integrity protection algorithm when the data packet or message size is lower than one or more thresholds and refraining from sending the target plane integrity protection algorithm when the data packet or message size is greater than the one or more thresholds," as recited in amended Claim 36 (and Page 18 of similarly in Claim 49). 
Thus, Li does not cure the noted deficiencies of Nair, and fails to disclose or suggest "the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, a source address, and a size; and  selectively activating integrity protection for onward transmission of the data packet or message comprises: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds," as recited in amended Claim 36 (and similarly Claim 49).

(see Remarks, page 5, last ¶ and page 6, ¶¶ 1 and 2)

The Examiner respectfully disagrees. Amended Claim 36 (and similarly Claim 49) recites "the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, a source address, and a size; and selectively activating integrity protection for onward transmission of the data packet or message comprises: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds" (emphasis added). 
Although Li fails to teach "selectively sending the target plane integrity protection algorithm when the data packet or message size is lower than one or more thresholds and refraining from sending the target plane integrity protection algorithm when the data packet or message size is greater than the one or more thresholds", Li discloses the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, and a source address (see [0124]: “the base station may send, based on some information carried in the request message, a security policy or an identifier of the security policy that is applicable to the terminal device or the current request message of the terminal device. Optionally, the parameter related to the security policy includes at least one of the identifier of the terminal device, a data network name (Data network name, DNN) of the terminal device, an identifier of a slice of the terminal device, quality of service of the terminal device, and a session identifier of the terminal device. Optionally, the parameter related to the security policy includes at least one of the identifier of the terminal device, the DNN of the terminal device, the identifier of the slice of the terminal device, the quality of service of the terminal device, the session identifier of the terminal device, and a flow identifier of the terminal device”. The Examiner interprets a data network name (Data network name, DNN) of the terminal device as a destination address or a source address); and 
selectively activating integrity protection for onward transmission of the data packet or message comprises: 
activating integrity protection for onward transmission of the data packet or message (see Abstract: “A base station obtains a security policy, where the security policy includes integrity protection indication information, and the integrity protection indication information is used to indicate the base station whether to enable integrity protection for a terminal device; and when the integrity protection indication information indicates the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection algorithm to the terminal device”) responsive to a determination of one or more of the following: the destination is associated with one or more first services, and the source address is associated with the one or more first services (see [0147]: “Optionally, the parameter related to the security policy includes a DNN of the terminal device, and a set of security policies is correspondingly set based on the DNN. … For another example, the DNN is a finance related website, and therefore a security policy set for the terminal device needs to have higher security”. The Examiner interprets enabling integrity protection based on the DNN being a finance related website as activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, and the source address is associated with the one or more first services); and 
refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; and the source address is associated with the one or more second services (see [0147]: “Optionally, the parameter related to the security policy includes a DNN of the terminal device, and a set of security policies is correspondingly set based on the DNN. For example, the DNN is Youku. There are many video services in the Youku network, and therefore a security policy set for the terminal device may have a lower latency”. The Examiner interprets disabling integrity protection based on the DNN being the video network Youku requiring lower latency as refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; and the source address is associated with the one or more second services).
Because Li teaches "the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, and a source address; and selectively activating integrity protection for onward transmission of the data packet or message comprises: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, and the source address is associated with the one or more first services; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; and the source address is associated with the one or more second services”, Li teaches "the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, a source address, and a size; and selectively activating integrity protection for onward transmission of the data packet or message comprises: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds" (emphasis added), as recited by amended claims 36 and 49.

Claim Objections
Claims 36 and 49 are objected to because of the following informalities:  they recite "inspecting a data packet or message to determine a characteristic of the data packet or message, the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message”. It appears that “comprises” should have been “comprising”.  Appropriate correction is required.
Claim 36 is objected to because of the following informalities:  they recite "selectively activating integrity protection for onward transmission of the data packet or message to a second node of the wireless communications network based on the determined characteristic, selectively activating integrity protection for onward transmission of the data packet or message comprises: …”. It appears that “comprises” should have been “comprising”.  Appropriate correction is required.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 36-44, 47, 49-57 and 60 are rejected under 35 U.S.C. 103 as being unpatentable over Nair (US 2018/0270668), and further in view of Li (US 2019/0246282).

Regarding claims 36 and 49, Nair teaches A node (see [0027] and Fig. 1: “user equipment (UE) 110”. The Examiner interprets user equipment (UE) 110 as A node) in a wireless communication network (see [0025]: “FIG. 1 illustrates a schematic block diagram of an embodiment of an exemplary wireless network 100”), the node comprising: 
power supply circuitry configured to supply power to the node (see [0080] and Fig. 11: “The UE 110 may further include … AC adapter 1122, battery module 1124, ... The UE 110 may also include a power management unit 1130”); and 
processing circuitry configured to: inspect a data packet or message to determine a characteristic of the data packet or message (see [0062] and Fig. 8: “In 818, the UE 110 monitors for trigger conditions. The UE 110 may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the UE 110 transmits a request to the eNB 106 to enable PDCP integrity protection of the DRB at 820. The request may be included in an RRC Connection Reconfiguration Request. The UE 110 may monitor at lower layers for trigger conditions as well. For example, the respective channels or PDUs for the RLC sublayer 206, the MAC sublayer 204 and/or the physical layer 202 may be monitored by the UE 110 for trigger conditions”. And see [0042]: “For dynamic integrity protection, the DRB is monitored and integrity protection is enabled or disabled based on detected real time conditions or attacks. Appropriate trigger conditions may be defined for enablement of the dynamic integrity protection based on characteristics of the DRB (such as QCI of the DRB)”. And see [0036], [0040], [0043], [0049] and [0050]); and 
selective activate integrity protection for backward transmission of a data packet or message from a second node of the wireless communications network based on the determined characteristic (emphasis added to show the difference between the teaching of the reference and the claim) (see [0063] and Fig. 8: “When trigger conditions are detected, the UE 110 and eNB 106 exchange RRC Connection Reconfiguration messages for the particular data radio bearer (DRB) to initiate PDCP integrity protection. For example, in 820, an information element (IE) in the RRC Connection Reconfiguration Request message includes an indicator to start that the PDCP integrity protection by the eNB 106. The eNB 106 replies with an RRC Connection Reconfiguration Response at 822. The integrity algorithm indicated in the RRC Connection Setup Request message is then applied to the PDCP PDUs for the downlink (DL) DRB by the eNB 106 at 824”. The Examiner interprets eNodeB 106 as a second node of the wireless communications network. And see [0042]: “For dynamic integrity protection, the DRB is monitored and integrity protection is enabled or disabled based on detected real time conditions or attacks. Appropriate trigger conditions may be defined for enablement of the dynamic integrity protection based on characteristics of the DRB (such as QCI of the DRB)”. Also see [0036] and [0040]).

The above embodiment of Nair corresponding to “Signalling to Enable/Disable Integrity Protection in a Downlink (DL) DRB” (see [0058]) and Fig. 8 differs from claims 36 and 49 in that it fails to teach “selectively activate integrity protection for onward transmission of the data packet or message to a second node of the wireless communications network based on the determined characteristic” (emphasis added).
However, a different embodiment of Nair corresponding to “Signalling to Enable/Disable Integrity Protection in an Uplink (UL) DRB” (see [0066]) and Fig. 9 teaches selectively activate integrity protection for (see [0070] and Fig. 9: “When trigger conditions are detected, the UE 110 and eNB 106 exchange RRC Connection Reconfiguration messages for the particular data radio bearer (DRB) to initiate PDCP integrity protection. For example, in 920, an information element (IE) in the RRC Connection Reconfiguration Request message includes an indicator to start the PDCP integrity protection by the UE 110. The UE 110 replies with an RRC Connection Reconfiguration Response at 922. The integrity algorithm indicated in the RRC Connection Setup Request message is then applied to the PDCP PDUs for the uplink (UL) DRB by the UE 110 at 924”. And see [0071]: “The eNodeB 106 receives PDCP PDUs with checksums generated from the PDCP integrity algorithm”. The Examiner interprets eNodeB 106 as a second node of the wireless communications network. The Examiner further interprets the UE 110 applying the integrity algorithm indicated in the RRC Connection Setup Request message to the PDCP PDUs transmitted to the eNodeB 106 (step 924) as selectively activate integrity protection for ).
Because Nair teaches that both the UE 110 (A node) and the eNodeB 106 (a second node) can selectively activate integrity protection for transmission of the data packet or message, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to substitute the eNodeB 106 (a second node) with the UE 110 (A node) in the embodiment of Nair corresponding to “Signalling to Enable/Disable Integrity Protection in a Downlink (DL) DRB” (see [0058]) and Fig. 8 as the node that selectively activates integrity protection for transmission of the data packet or message, as taught in the embodiment of Nair corresponding to “Signalling to Enable/Disable Integrity Protection in an Uplink (UL) DRB” (see [0066]) and Fig. 9. It would have been obvious because doing so predictably achieves the benefit of enabling integrity protection in an Uplink (UL) direction. When such a modification is made, Nair would teach processing circuitry configured to:… selectively activate integrity protection for onward transmission of the data packet or message to a second node of the wireless communications network based on the determined characteristic.
Nair fails to teach wherein: the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, a source address, and a size; and selectively activating integrity protection for onward transmission of the data packet or message based on: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds.
In the same field of endeavor, Li teaches the characteristic of the data packet or message comprises one or more of the following associated with the data packet or message: a destination address, a source address, and a size (see [0124]: “the base station may send, based on some information carried in the request message, a security policy or an identifier of the security policy that is applicable to the terminal device or the current request message of the terminal device. Optionally, the parameter related to the security policy includes at least one of the identifier of the terminal device, a data network name (Data network name, DNN) of the terminal device, an identifier of a slice of the terminal device, quality of service of the terminal device, and a session identifier of the terminal device. Optionally, the parameter related to the security policy includes at least one of the identifier of the terminal device, the DNN of the terminal device, the identifier of the slice of the terminal device, the quality of service of the terminal device, the session identifier of the terminal device, and a flow identifier of the terminal device”. The Examiner interprets a data network name (Data network name, DNN) of the terminal device as a destination address or a source address); and 
selectively activating integrity protection for onward transmission of the data packet or message based on: 
activating integrity protection for onward transmission of the data packet or message (see Abstract: “A base station obtains a security policy, where the security policy includes integrity protection indication information, and the integrity protection indication information is used to indicate the base station whether to enable integrity protection for a terminal device; and when the integrity protection indication information indicates the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection algorithm to the terminal device”) responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds (see [0147]: “Optionally, the parameter related to the security policy includes a DNN of the terminal device, and a set of security policies is correspondingly set based on the DNN. … For another example, the DNN is a finance related website, and therefore a security policy set for the terminal device needs to have higher security”. The Examiner interprets enabling integrity protection based on the DNN being a finance related website as activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services); and 
refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds (see [0147]: “Optionally, the parameter related to the security policy includes a DNN of the terminal device, and a set of security policies is correspondingly set based on the DNN. For example, the DNN is Youku. There are many video services in the Youku network, and therefore a security policy set for the terminal device may have a lower latency”. The Examiner interprets disabling integrity protection based on the DNN being the video network Youku requiring lower latency as refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the node of Nair by letting the characteristic of the data packet or message comprise one or more of the following associated with the data packet or message: a destination address, a source address, and a size; and configuring the processing circuitry to selectively activate integrity protection for onward transmission of the data packet or message based on: activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination is associated with one or more first services, the source address is associated with the one or more first services, and the size is less than one or more thresholds; and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination of one or more of the following: the destination address is associated with one or more second services; the source address is associated with the one or more second services; and the size is greater than the one or more thresholds; as taught by Li. It would have been obvious because Li teaches the following: “In this way, whether to enable integrity protection for the terminal device may be selected flexibly based on the security policy” (see Li [0009]).

Regarding claims 37 and 50, Nair further teaches wherein: a plurality of data radio bearers is established for transmissions to the second node, the plurality of data radio bearers comprising a first data radio bearer being configured for the transmission of data with integrity protection, and a second data radio bearer being configured for the transmission of data without integrity protection (see [0007]: “user equipment (UE) includes a wireless transceiver configured to communicate with a network node and a processing circuitry including at least one processing device and at least one memory device. The processing circuitry establishes a data radio bearer (DRB) with the network node for wireless communication of user plane data over the DRB and determines whether to enable static integrity protection for the DRB for a duration of the DRB. When static integrity protection is determined, integrity protection for a duration of the DRB is enabled”. And see [0067] and Fig. 9: “A data radio bearer (DRB) set-up is performed at 908. For example, the eNB 106 initiates a data radio bearer set up for a particular application by transmitting an RRC connection Set-Up request at 910. An information element (IE) in the RRC Connection Setup request includes a requested QCI for the data radio bearer. The RRC Connection Setup request also includes the information element (IE) called drb-ToAddModList that includes PDCP configuration parameters as currently defined in 3GPP Technical Specification TS 36.331, Version 14.0, Section 5.3.10.3, dated October 2016 and entitled, “Radio Resource Control (RRC) Protocol Specification,” which is hereby incorporated by reference herein. In addition to the currently defined parameters, additional parameters are included to enable or disable PDCP integrity protection. These additional parameters include the Radio bearer id as well as parameters to indicate integrity protection and/or an Integrity Algorithm. The UE 110 responds with a RRC Connection Set-Up response at 912”. And see [0070] and Fig. 9: “The integrity algorithm indicated in the RRC Connection Setup Request message is then applied to the PDCP PDUs for the uplink (UL) DRB by the UE 110 at 924”. The Examiner interprets eNodeB 106 as the second node); and 
the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message to the second node by steering the data packet or message to one of the plurality of data radio bearers based on the determined characteristic (see [0048]: “FIG. 5 illustrates a logical flow diagram of an embodiment of a method 500 for establishing trigger conditions for integrity protection in a data radio bearer. During set up of a data radio bearer (DRB), it is determined whether integrity protection is necessary for the duration of the DRB. If so, integrity protection is enabled at set-up and continues until the DRB end of life. For example, it may be desired that integrity protection is enabled for the duration of a DRB carrying IoT type data. Thus, static integrity protection is decided on a per DRB basis at set up of the DRB”. The Examiner interprets determining whether integrity protection is necessary based on trigger conditions taught in [0048] as the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message to the second node by steering the data packet or message to one of the plurality of data radio bearers based on the determined characteristic).

Regarding claims 38 and 51, Nair further teaches wherein: the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message to the second node by applying a flow indicator value to the data packet or message; and the flow indicator value has one of a plurality of values including a first value associated with the application of integrity protection to the data packet or message and a second value associated with no application of integrity protection to the data packet or message (see [0060] and Fig. 8: “A data radio bearer (DRB) set-up is performed at 808. For example, the UE 110 initiates a data radio bearer set up for a particular application by transmitting an RRC connection Set-Up request at 810. An information element (IE) in the RRC Connection Setup request includes a requested QCI for the data radio bearer. The RRC Connection Setup request also includes the information element (IE) called drb-ToAddModList that includes PDCP configuration parameters as currently defined in 3GPP Technical Specification TS 36.331, Version 14.0, Section 5.3.10.3, dated October 2016 and entitled, “Radio Resource Control (RRC) Protocol Specification,” which is hereby incorporated by reference herein. In addition to the currently defined parameters, additional parameters are included to enable or disable PDCP integrity protection. These additional parameters include the Radio Bearer id as well as parameters to indicate static or dynamic integrity protection for the DRB and Integrity Algorithm”. The Examiner interprets parameters to indicate static integrity protection for the DRB taught in [0060] as a first value associated with the application of integrity protection to the data packet or message. The Examiner interprets parameters to indicate dynamic integrity protection for the DRB taught in [0060] as a second value associated with no application of integrity protection to the data packet or message because dynamic integrity protection for the DRB means the DRB does not have integrity protection when it is first established).

Regarding claims 39 and 52, Nair further teaches wherein the flow indicator comprises a quality- of-service indicator (see [0060] and Fig. 8: “A data radio bearer (DRB) set-up is performed at 808. For example, the UE 110 initiates a data radio bearer set up for a particular application by transmitting an RRC connection Set-Up request at 810. An information element (IE) in the RRC Connection Setup request includes a requested QCI for the data radio bearer. And see [0045]: “In some current wireless networks, various levels of quality of Service (QoS) are defined and assigned a QoS Class Identifier (QCI) value”.  And see [0046]: “the QCI values may be used to establish trigger conditions for PDCP integrity protection. During set-up of an RRC connection, a QCI value is associated with the DRB based on the type of service. The eNB and the UE translate the QCI value associated with the DRB into scheduling parameters, admission policies, queue management thresholds, link layer protocol configurations, etc. When a “Man-in-the-Middle” data attack occurs, such as an external spurious packet injection on a DRB, typically these values are violated. For example, such an attack may result in a higher packet arrival rate than normal, higher packet counts, a varying packet arrival rate, a varying packet size, etc. These parameters may be used as triggers to enable integrity protection by the transmission side of the DRB and filtering at the receiver side of the DRB”).

 Regarding claims 40 and 53, Nair further teaches wherein: the node is a core network node of the wireless communications network (see [0076]: “Certain embodiments described herein indicate that the integrity protection messaging is between the UE and the eNB 106 and terminates with the eNB 106. In other embodiments, the security procedures and signaling described herein may not be terminated at the eNB 106, but in another network node, such as in the User Plane Function (UPF) node”. The Examiner interprets the User Plane Function (UPF) node as the node is a core network node of the wireless communications network); and 
the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message to the second node by forwarding the data packet or message to a third node for onward wireless transmission to the second node (see [0076]: “Certain embodiments described herein indicate that the integrity protection messaging is between the UE and the eNB 106 and terminates with the eNB 106. In other embodiments, the security procedures and signaling described herein may not be terminated at the eNB 106, but in another network node, such as in the User Plane Function (UPF) node”. The Examiner interprets the UE as the second node. The Examiner further interprets the eNB 106 as a third node. Because the User Plane Function (UPF) node transmits data packet or message to the UE by forwarding the data packet or message to the eNB 106 for onward wireless transmission to the UE, Nair teaches the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message to the second node by forwarding the data packet or message to a third node for onward wireless transmission to the second node).

Regarding claims 41 and 54, Nair further teaches wherein: the node is a radio access network node of the wireless communications network (see [0069] and Fig.9: “In 918, the eNodeB 106 monitors for trigger conditions. The eNodeB may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the eNodeB 106 transmits a request to the UE 110 to enable PDCP integrity protection of the DRB at 920”. The Examiner interprets the eNodeB 106 as wherein: the node is a radio access network node of the wireless communications network); and 
the second node comprises a user equipment (UE) (see [0069] and Fig.9: “In 918, the eNodeB 106 monitors for trigger conditions. The eNodeB may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the eNodeB 106 transmits a request to the UE 110 to enable PDCP integrity protection of the DRB at 920”. The Examiner interprets the UE 110 as the second node comprises a user equipment (UE)).

Regarding claims 42 and 55, Nair further teaches wherein: the node is a user equipment (UE) (see [0062] and Fig. 8: “In 818, the UE 110 monitors for trigger conditions. The UE 110 may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the UE 110 transmits a request to the eNB 106 to enable PDCP integrity protection of the DRB at 820”); and 
the second node comprises a radio access network node of the wireless communications network (see [0062] and Fig. 8: “In 818, the UE 110 monitors for trigger conditions. The UE 110 may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the UE 110 transmits a request to the eNB 106 to enable PDCP integrity protection of the DRB at 820”. The Examiner interprets the eNB 106 as the second node comprises a radio access network node of the wireless communications network).

Regarding claims 43 and 56, Nair further teaches wherein the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message based on: 
activating integrity protection for onward transmission of the data packet or message by default (see [0056] and Fig. 7: “FIG. 7 illustrates a logical flow diagram of an embodiment of a method 700 for disabling PDCP integrity protection for a data radio bearer. In 702, PDCP integrity protection is enabled and continues”. The Examiner interprets “PDCP integrity protection is enabled and continues” as activating integrity protection for onward transmission of the data packet or message by default); and
refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination that the characteristic meets one or more exception criteria (see [0056] and Fig. 7: “The respective channels or PDUs for the RLC sublayer 206, the MAC sublayer 204 and/or the physical layer 202 are monitored for one or more trigger conditions at 704. The incoming PDCP PDUs at the PDCP layer are monitored for trigger conditions as well at 706. At 708, it is determined if one or more trigger conditions are still present. If yes, the PDCP integrity protection is continued at 710. If no, the PDCP integrity protection may be disabled at 712”).

Regarding claims 44 and 57, Nair further teaches wherein the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message based on: 
refraining from activating integrity protection for onward transmission of the data packet or message by default (see [0061] and Fig. 8: “When static integrity protection is not requested or otherwise signalled for the DRB, then the UE 110 and eNB 106 may default to dynamic static protection. Both the UE 110 at 814 and the eNB 106 at 816 then set up the data radio bearer for the requested QCI with dynamic integrity protection”. The Examiner interprets “When static integrity protection is not requested or otherwise signalled for the DRB” as refraining from activating integrity protection for onward transmission of the data packet or message by default); and 
activating integrity protection for onward transmission of the data packet or message responsive to a determination that the characteristic meets one or more exception criteria (see [0062]: “In this embodiment of FIG. 8, the UE 110 is the receiver of PDCP PDUs for downlink radio bearers. In 818, the UE 110 monitors for trigger conditions. The UE 110 may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the UE 110 transmits a request to the eNB 106 to enable PDCP integrity protection of the DRB at 820”. And see [0063] and Fig. 8: “When trigger conditions are detected, the UE 110 and eNB 106 exchange RRC Connection Reconfiguration messages for the particular data radio bearer (DRB) to initiate PDCP integrity protection. For example, in 820, an information element (IE) in the RRC Connection Reconfiguration Request message includes an indicator to start that the PDCP integrity protection by the eNB 106. The eNB 106 replies with an RRC Connection Reconfiguration Response at 822. The integrity algorithm indicated in the RRC Connection Setup Request message is then applied to the PDCP PDUs for the downlink (DL) DRB by the eNB 106 at 824”).

Regarding claims 47 and 60, Nair further teaches wherein the processing circuitry is configured to: selectively activate integrity protection for onward transmission of the data packet or message to the second node by applying one or more functions to the determined characteristic to selectively activate integrity protection for onward transmission of the data packet or message (see [0061] and Fig. 8: “the UE 110 and eNB 106 may store a QCI-Trigger Condition table that associates trigger conditions to each QCI value”. And see [0062] and Fig. 8: “The UE 110 may perform monitoring of the PDCP PDUs at the PDCP layer, e.g. to determine whether the PDCP PDUs are conforming to a packet arrival rate for the QCI configured for the DRB. For example, if the packet arrival rate exceeds a threshold defined for the QCI of the DRB, the UE 110 transmits a request to the eNB 106 to enable PDCP integrity protection of the DRB at 820”. The Examiner interprets “a QCI-Trigger Condition table that associates trigger conditions to each QCI value” as one or more functions. And see [0046:] “the QCI values may be used to establish trigger conditions for PDCP integrity protection. During set-up of an RRC connection, a QCI value is associated with the DRB based on the type of service. The eNB and the UE translate the QCI value associated with the DRB into scheduling parameters, admission policies, queue management thresholds, link layer protocol configurations, etc. When a “Man-in-the-Middle” data attack occurs, such as an external spurious packet injection on a DRB, typically these values are violated. For example, such an attack may result in a higher packet arrival rate than normal, higher packet counts, a varying packet arrival rate, a varying packet size, etc. These parameters may be used as triggers to enable integrity protection by the transmission side of the DRB and filtering at the receiver side of the DRB”); and 
receive at least one of the one or more functions from a fourth node of the wireless communications network (see [0061] and Fig. 8: “the UE 110 and eNB 106 may store a QCI-Trigger Condition table that associates trigger conditions to each QCI value. This table may be the same as Table 1 included herein with the Trigger conditions inserted as another column or a separate table or otherwise stored as configuration parameters”. And see [0045]: “Table 1 below provides an example of defined QCI values and associated resource type, priority level, packet delay budget, packet error loss and example services”. The Examiner interprets the entity that provides “Table 1 included herein with the Trigger conditions inserted as another column” as a fourth node of the wireless communications network).

Claims 46 and 59 are rejected under 35 U.S.C. 103 as being unpatentable over Nair (US 2018/0270668), further in view of Li (US 2019/0246282), and further in view of Burbidge (WO 2017/136071).

Regarding claims 46 and 59, Nair modified in view of Li fails to teach wherein: the characteristic of the data packet or message comprises the presence or absence of a cryptographic security protocol applied to the data packet or message; and the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message based on: activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has not been applied to the data packet or message, and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has been applied to the data packet or message.
In the same field of endeavor, Burbidge teaches wherein: the characteristic of the data packet or message comprises the presence or absence of a cryptographic security protocol applied to the data packet or message; and the processing circuitry is configured to selectively activate integrity protection for onward transmission of the data packet or message based on: activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has not been applied to the data packet or message, and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has been applied to the data packet or message (see [0018]: “The PDCP layer 116 can provide access stratum (AS) security for the SRBl by performing ciphering and integrity checking”. And see [0019]: “However, for data over the control plane for NB-IoT, access stratum security may not be essential (as the data is protected by NAS security which is applied within the NAS layers)”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the node of Nair modified in view of Li by letting  the characteristic of the data packet or message comprise the presence or absence of a cryptographic security protocol applied to the data packet or message; and configuring the processing circuitry to selectively activate integrity protection for onward transmission of the data packet or message based on: activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has not been applied to the data packet or message, and refraining from activating integrity protection for onward transmission of the data packet or message responsive to a determination that a cryptographic security protocol has been applied to the data packet or message; as taught by Burbidge. It would have been obvious because Burbidge teaches in [0019]: “In previous solutions, for the SRBl, the PDCP layer can add a 1-byte header (e.g., 3 reserved bits and a 5 bit PDCP sequence number) and a 4-byte message authentication code (e.g., MAC-I) to an RRC packet data unit (PDU) to create a PDCP PDU. … However, for data over the control plane for NB-IoT, access stratum security may not be essential (as the data is protected by NAS security which is applied within the NAS layers). Therefore, the 5-byte overhead (i.e., the header and message authentication code) added by the PDCP layer in the UE can be redundant”.

Claims 48 and 61 are rejected under 35 U.S.C. 103 as being unpatentable over Yang (EP 2523487 A1), and further in view of Yi (US 2011/0188408).

Regarding claim 48, Yang teaches A method in a third node of a wireless communications network (see [0003]: “To solve the problem of network deployment cost, many vendors and standardization organizations begin to introduce RN (Relay Node) into cellular communication system”. And see [0004] and Fig. 1 reproduced below: “Figure 1 is overall LTE-A network architecture with deployed RN. Therein, RN is wirelessly connected to DeNB (Donor Evolved Node B), and access the core network via donor cell”. The Examiner interprets the RN (Relay Node) as a third node of a wireless communications network), the method comprising: 

    PNG
    media_image1.png
    292
    576
    media_image1.png
    Greyscale

receiving, from a first node of the wireless communications network, a data packet or message for onward transmission to a second node of the wireless communications network (see [0005] and Fig. 1: “Downlink data of UE is sent form S-GW/P-GW of UE to the serving RN of UE, and then RN sends downlink data to UE on Uu interface”. And see [0004] and Fig. 1 reproduced below: “Figure 1 is overall LTE-A network architecture with deployed RN. Therein, RN is wirelessly connected to DeNB (Donor Evolved Node B), and access the core network via donor cell”. The Examiner interprets DeNB (Donor Evolved Node B) as a first node of the wireless communications network. The Examiner interprets UE as a second node of the wireless communications network. The Examiner interprets the Relay Node (RN) receiving downlink data from the DeNB (Donor Evolved Node B) for onward transmission to the UE taught by Yang as receiving, from a first node of the wireless communications network, a data packet or message for onward transmission to a second node of the wireless communications network), the data packet or message comprising an indication as to whether integrity protection should be applied for onward transmission to the second node (see [0025]: “Figure 3 is a flow diagram of the method for realizing integrity protection in embodiment 1 of the present invention, comprising the following steps: Step 301, RN receives the message which carries integrity protection information from base station”. And see [0055]: “(1) base station could add indicator per new RN DRB in RadioResourceConfigDedicated IE, the indicator is used for indicating whether to activate integrity protection or not. …. The indicator of integrity activation could use Boolean style, for example, 1 means activation, 0 means non-activation”);
processing the data packet or message for transmission to the second node, including selectively applying integrity protection according to the indication (see [0025] Figure 3 is a flow diagram of the method for realizing integrity protection in embodiment 1 of the present invention, comprising the following steps: Step 301, RN receives the message which carries integrity protection information from base station. Step 302, RN provides integrity protection for being transmitted data according to the integrity protection information”); and 
transmitting the processed data packet or message to the second node  (see [0005] and Fig. 1: “Downlink data of UE is sent form S-GW/P-GW of UE to the serving RN of UE, and then RN sends downlink data to UE on Uu interface”).

Yang differs from claim 48 in that it fails to teach the processing the data packet or message for transmission to the second node further comprising: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection, and adding the MAC to the data packet or message.
In the same field of endeavor, Yi teaches the processing the data packet or message for transmission to the second node further comprising: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection (see [0034]: “FIG. 6 is a diagram illustrating an example of a method of performing integrity protection in a PDCP layer. Similarly to the aforementioned ciphering procedure, in an integrity protection procedure, parameters, such as COUNT based on PDCP SN, bearer which is ID value of RB, Direction having an uplink or downlink value, and integrity protection key (IK) exchanged between a user equipment and a network during RB establishment, are used. A specific code, i.e., MAC-I (Message Authentication Code-Integrity) is generated using the above parameters”), and 
adding the MAC to the data packet or message (see [0034] and Fig. 6: “The integrity protection procedure is different from the aforementioned ciphering procedure in that the generated MAC-I is added to PDCP PDU not undergoing XOR operation with original data”).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to implement the integrity protection of Yang by letting the processing the data packet or message for transmission to the second node further comprise: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection, and adding the MAC to the data packet or message, as taught by Yi. It would have been obvious because Yi teaches that doing so achieves the following benefit: “The PDCP layer of the receiving side, which has received the MAC-I, generates XMAC-I using the same input parameter as that used in the PDCP layer of the transmitting side. Afterwards, XMAC-I is compared with MAC-I, and if two values are equal to each other, it is determined that the data have integrity. If not so, it is determined that the data have been changed” (see [0034]).

Regarding claim 61, Yang teaches A base station for a wireless communication network (see [0022]: “Figure 11 is a structure diagram of base station in embodiment 9 of the present invention”), the base station comprising: 
communication interface circuitry configured to communicate with at least a first node and a second node in the wireless communication network (see [0090] and [0091]: “Figure 11 is a structure diagram of base station in embodiment 9 of the present invention, comprising: receiving module 1110, is use for receiving Initial Context Setup Request message which carrying establishment cause information for E-RAB or E-RAB Setup Request message which carrying establishment cause information for E-RAB from MME which serving RN, sending module 1120 using the establishment cause information which established by E-RAB. Sending module 1120, is used for sending RRC Connection Reconfiguration message which carrying integrity protection information to RN”); and 
processing circuitry operably coupled to the communication interface circuitry, whereby the processing circuitry and the communication interface circuitry are configured to perform operations (see [0092] and Fig. 11: “Executing module 1130, is used for executing integrity protection for being transmitted data according to integrity protection information which sent by sending module 1120”) comprising:
receiving, from a first node of the wireless communications network, a data packet or message for onward transmission to a second node of the wireless communications network (see [0005] and Fig. 1: “Downlink data of UE is sent form S-GW/P-GW of UE to the serving RN of UE, and then RN sends downlink data to UE on Uu interface”. And see [0004] and Fig. 1 reproduced below: “Figure 1 is overall LTE-A network architecture with deployed RN. Therein, RN is wirelessly connected to DeNB (Donor Evolved Node B), and access the core network via donor cell”. The Examiner interprets DeNB (Donor Evolved Node B) as a first node of the wireless communications network. The Examiner interprets UE as a second node of the wireless communications network. The Examiner interprets the Relay Node (RN) receiving downlink data from the DeNB (Donor Evolved Node B) for onward transmission to the UE taught by Yang as receiving, from a first node of the wireless communications network, a data packet or message for onward transmission to a second node of the wireless communications network), the data packet or message comprising an indication as to whether integrity protection should be applied for onward transmission to the second node (see [0025]: “Figure 3 is a flow diagram of the method for realizing integrity protection in embodiment 1 of the present invention, comprising the following steps: Step 301, RN receives the message which carries integrity protection information from base station”. And see [0055]: “(1) base station could add indicator per new RN DRB in RadioResourceConfigDedicated IE, the indicator is used for indicating whether to activate integrity protection or not. …. The indicator of integrity activation could use Boolean style, for example, 1 means activation, 0 means non-activation”);
processing the data packet or message for transmission to the second node, including selectively applying integrity protection according to the indication (see [0025] Figure 3 is a flow diagram of the method for realizing integrity protection in embodiment 1 of the present invention, comprising the following steps: Step 301, RN receives the message which carries integrity protection information from base station. Step 302, RN provides integrity protection for being transmitted data according to the integrity protection information”); and 
transmitting the processed data packet or message to the second node  (see [0005] and Fig. 1: “Downlink data of UE is sent form S-GW/P-GW of UE to the serving RN of UE, and then RN sends downlink data to UE on Uu interface”).

Yang differs from claim 61 in that it fails to teach the processing the data packet or message for transmission to the second node further comprising: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection, and adding the MAC to the data packet or message.
In the same field of endeavor, Yi teaches the processing the data packet or message for transmission to the second node further comprising: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection (see [0034]: “FIG. 6 is a diagram illustrating an example of a method of performing integrity protection in a PDCP layer. Similarly to the aforementioned ciphering procedure, in an integrity protection procedure, parameters, such as COUNT based on PDCP SN, bearer which is ID value of RB, Direction having an uplink or downlink value, and integrity protection key (IK) exchanged between a user equipment and a network during RB establishment, are used. A specific code, i.e., MAC-I (Message Authentication Code-Integrity) is generated using the above parameters”), and 
adding the MAC to the data packet or message (see [0034] and Fig. 6: “The integrity protection procedure is different from the aforementioned ciphering procedure in that the generated MAC-I is added to PDCP PDU not undergoing XOR operation with original data”).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to implement the integrity protection of Yang by letting the processing the data packet or message for transmission to the second node further comprise: calculating, when integrity protection is to be applied, a message authentication code (MAC) associated with integrity protection, and adding the MAC to the data packet or message, as taught by Yi. It would have been obvious because Yi teaches that doing so achieves the following benefit: “The PDCP layer of the receiving side, which has received the MAC-I, generates XMAC-I using the same input parameter as that used in the PDCP layer of the transmitting side. Afterwards, XMAC-I is compared with MAC-I, and if two values are equal to each other, it is determined that the data have integrity. If not so, it is determined that the data have been changed” (see [0034]).

	Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990. The examiner can normally be reached 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZHIMEI ZHU/Examiner, Art Unit 2495                                                                                                                                                                                                        
/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495