Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copies have been filed on March 20, 2020.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 16, 2019 has been considered.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. 
Such claim limitation is: 
a generator configured to generate a test case in claim 12.
a transceiver configured to transmit the generated test case in claim 12.
an analyzer configured to diagnose security for the security property in claim 12.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Reason for allowance
Claims 1-18 are allowed. The following is an examiner’s statement of reasons for allowance. After consideration of the applicant’s correspondence filed on March 10, 2020, through examination of the claims with application, further search, the pertinent prior arts of record cited in PTO-892, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole and claims 1, 8 and 12 having the particular features have been found in condition for allowance. 

This application relates to technologies of analyzing dynamic security of a control plane, for automatically detecting vulnerabilities generated due to incorrect implementation and operation settings of network equipment and a terminal in a mobile communication network. Detecting abnormal operations and security threats occurring in the control plane procedures and finding and solving the cause thereof is a very important. For example, detailed control plane procedures and operations of the mobile communication network are defined in a standard organization known3GPP and a detailed implementation method is not specified and conforms to implementation of vendors or policies of network operators. Because, test cases, provided in 3GPP standards for the conformance test, are configured with only operations and messages in the form of failing to violate the standards, they verify only standard operation procedure. Thus, processes or test cases capable of verifying whether to correctly process an abnormal operation which violates the standards are not defined in the standards. Furthermore, there is no process capable of performing a conformance test for standards of mobile communication network equipment, especially when a commercial mobile communication network uses equipment of several vendors and as a vendor of each piece of equipment is changed, forms of operations and vulnerabilities of control plane protocols are varied. Thus, because a detailed operation implementation scheme is not defined on the standards and because there is no a standardized test process for non-standard operations of network equipment and terminals and message transmission, incorrect implementations are made by vendors implementing mobile communication equipment and terminals or vulnerabilities on control plane protocols may occur according to incorrect network configuration policies and settings of network operators. 

The claimed invention provides a dynamic security analysis method for automatically detecting vulnerabilities generated due to incorrect implementation and operation settings of network equipment and a terminal, which take charge of control plane protocol communication of a mobile communication network and a system therefor. The recited claims mainly provide a dynamic security analysis method or system for generating a test case causing an abnormal operation unsuitable for a control plane protocol specification, analyzing a control plane message response and state change information, which are generated when executing the test case, detecting an abnormal operation (or vulnerabilities) of target equipment, and diagnosing the cause of the abnormal operation (or vulnerabilities) and a system therefor.

The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Mohsin, Muhammad. "Security policy management for a cooperative firewall." (2018).
The prior art Muhammad, discusses testing inefficiencies on running on LTE test cases and put forward graph based test case execution methodology to address the inefficiencies. The prior further discusses protocol conformance testing validating whether a device complies with LTE protocol specifications or not. LTE EPS Mobility Management (EMM) protocol support functions related to mobility of UE, that include device registration, authentication and security, location update and deregistration with the LTE network (Page 9: Section 4: LTE Testing Efficiency).  Section 4.2 discuses LTE testing as a graph structure. LTE testing efficiencies through graph data structure is approached. However, Muhammad does not disclose the features claimed by applicant.

Luken (US 20070064621 A1) discloses: Customers, to get their requirements tested, are forced to interact with a large number of testing groups, often resulting in missed coverage gaps in design, unclear testing assignments, etc. because of the numbers of testing groups involved and the incompatibility between the testing groups, by creating problems of overlapping coverage, test gap, and a lack of visibility into the testing coverage. Luken presents solution that are capable of providing a quick comparison between the source requirements requested by the customers and the test results from the various testing groups tasked to test the source requirements. As a result, a common test interface (CTI) interface that provides for common elements that are flexible for use by network design environment and the various testing environments, which consolidates requirements tracking, result reporting, and quality analysis. The CTI provides an interface to universally track testing and source requirements for all customers and all testing groups using one language or schema supporting the CTI interface. However, Luken does not disclose the features claimed by applicant.

Kumar (US 20170251077 A1) discusses denial of service attacks that are a threat to network elements which result in a control plane processor of a network element being made unavailable for the normal processing of control plane functions. This is generally achieved purposefully by an attacker, or unknowingly by a benign source, by flooding the control plane processor with control plane network data messages. The control plane network data may be innocuous, and are only sent to the control plane for the purpose of consuming processing resources. Kumar presents, the network element determines whether the control plane network data can be enqueued on an output queue specific to the input port for the control plane network data. When the control plane network data cannot be queued on an output queue specific to the input port, a policer test is applied to the control plane network data based on a combination of the input port and the class of the control plane network data. Kumar further discuses, the control plane network data is stored in a common queue for the class of control plane network data when a bandwidth requirement associated with a policer applying the policer test is satisfied. However, Kumar does not disclose the features claimed by applicant.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494