DETAILED ACTION

Claims 1,4-5,13-14, and 20-29 are allowed. Claims 2-3,6-12, and 15-19 have been cancelled. Claims 20-29 are new.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments 

Applicant's remarks filed on 05/31/2022 with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments. 
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with John Cao on 06/29/2022.

This listing of claims will replace all prior versions and listings of claims in the application:

IN THE CLAIMS:
1. (Previously Presented) A registration method based on a service-based architecture, comprising:
receiving, by a control network element, a registration request sent by a function network element, wherein the registration request comprises a security parameter; and
verifying, by the control network element, correctness of the security parameter, and determining validity of the registration request based on the correctness of the security parameter, wherein the security parameter comprises a token, and the token is generated by a management network element and sent to the function network element, wherein the token is generated by the management network element by encrypting a digital signature, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a public key of the control network element, wherein
the digital signature is generated by the management network element by performing a digital signature algorithm on the function network element profile, the identifier of the function network element, and the shared key between the function network element and the control network element based on a private key of the management network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using a private key of the control network element, to obtain the digital signature; and
verifying correctness of the digital signature using a public key of the management network element and signed content, wherein
the signed content comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile.

2-3. (Canceled) 

4. (Previously Presented) The method according to claim 1, wherein the token is generated by the management network element by encrypting a message authentication code, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a symmetric key shared between the management network element and the control network element, wherein
the message authentication code is generated by the management network element by performing a message authentication code algorithm on the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile based on the symmetric key shared between the management network element and the control network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using the symmetric key, to obtain the message authentication code; and
verifying correctness of the message authentication code using the symmetric key and content that is protected by the message authentication code, wherein
the content protected by the message authentication code comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile, and may further comprise an identifier of the control network element.

5. (Previously Presented) The method according to claim 1, wherein after the receiving, by a control network element, a registration request sent by a function network element, the method further comprises:
establishing, by the control network element when determining that the registration request is valid, a secure channel with the function network element based on a session key or a derivation key of a session key; wherein
the control network element obtains the session key by decrypting the token, wherein the token is generated based on the session key, and the session key is generated by the management network element by encrypting an identifier of the function network element based on a preset root key; or the control network element obtains the session key from the management network element, wherein the session key is generated by the management network element by encrypting the identifier of the function network element based on a derivation key, and the derivation key is obtained by the management network element by performing key derivation on a preset root key, or the derivation key is a key of the function network element that is stored by the management network element.

6-12. (Canceled)

13. (Previously Presented) The method according to claim 1, further comprising:
sending, by the control network element, a registration response to the function network element, wherein the registration response indicates whether the function network element is successfully registered.

14. (Previously Presented) The method according to claim 4, further comprising:
generating, by the control network element, an additional message authentication code by performing a message authentication code algorithm on an identifier of the control network element and the identifier of the function network element based on the symmetric key shared between the management network element and the control network element; and
sending, by the control network element, a registration response to the function network element, wherein the registration response includes the additional message authentication code.

15-19. (Canceled) 

20. (New) A registration apparatus, comprising:
one or more hardware processor configured to perform operations of:
receiving, by a control network element, a registration request sent by a function network element, wherein the registration request comprises a security parameter; and
verifying, by the control network element, correctness of the security parameter, and determining validity of the registration request based on the correctness of the security parameter, wherein the security parameter comprises a token, and the token is generated by a management network element and sent to the function network element, wherein the token is generated by the management network element by encrypting a digital signature, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a public key of the control network element, wherein
the digital signature is generated by the management network element by performing a digital signature algorithm on the function network element profile, the identifier of the function network element, and the shared key between the function network element and the control network element based on a private key of the management network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using a private key of the control network element, to obtain the digital signature; and
verifying correctness of the digital signature using a public key of the management network element and signed content, wherein
the signed content comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile.

21. (New) The apparatus according to claim 20, wherein the token is generated by the management network element by encrypting a message authentication code, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a symmetric key shared between the management network element and the control network element, wherein
the message authentication code is generated by the management network element by performing a message authentication code algorithm on the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile based on the symmetric key shared between the management network element and the control network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using the symmetric key, to obtain the message authentication code; and
verifying correctness of the message authentication code using the symmetric key and content that is protected by the message authentication code, wherein
the content protected by the message authentication code comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile, and may further comprise an identifier of the control network element.

22. (New) The apparatus according to claim 20, wherein after the receiving, by a control network element, a registration request sent by a function network element, the operations further comprise:
establishing, by the control network element when determining that the registration request is valid, a secure channel with the function network element based on a session key or a derivation key of a session key; wherein
the control network element obtains the session key by decrypting the token, wherein the token is generated based on the session key, and the session key is generated by the management network element by encrypting an identifier of the function network element based on a preset root key; or the control network element obtains the session key from the management network element, wherein the session key is generated by the management network element by encrypting the identifier of the function network element based on a derivation key, and the derivation key is obtained by the management network element by performing key derivation on a preset root key, or the derivation key is a key of the function network element that is stored by the management network element.

23. (New) The apparatus according to claim 20, wherein the operations further comprise:
sending, by the control network element, a registration response to the function network element, wherein the registration response indicates whether the function network element is successfully registered.

24. (New) The apparatus according to claim 21, wherein the operations further comprise:
generating, by the control network element, an additional message authentication code by performing a message authentication code algorithm on an identifier of the control network element and the identifier of the function network element based on the symmetric key shared between the management network element and the control network element; and
sending, by the control network element, a registration response to the function network element, wherein the registration response includes the additional message authentication code.

25. (New) A non-transitory computer-readable storage medium storing instructions, which when executed by one or more processors, cause the one or more processors to perform operations comprising:
receiving, by a control network element, a registration request sent by a function network element, wherein the registration request comprises a security parameter; and
verifying, by the control network element, correctness of the security parameter, and determining validity of the registration request based on the correctness of the security parameter, wherein the security parameter comprises a token, and the token is generated by a management network element and sent to the function network element, wherein the token is generated by the management network element by encrypting a digital signature, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a public key of the control network element, wherein
the digital signature is generated by the management network element by performing a digital signature algorithm on the function network element profile, the identifier of the function network element, and the shared key between the function network element and the control network element based on a private key of the management network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using a private key of the control network element, to obtain the digital signature; and
verifying correctness of the digital signature using a public key of the management network element and signed content, wherein
the signed content comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile.

26. (New) The non-transitory computer-readable storage medium according to claim 25, wherein the token is generated by the management network element by encrypting a message authentication code, a function network element profile, an identifier of the function network element, and a shared key between the function network element and the control network element based on a symmetric key shared between the management network element and the control network element, wherein
the message authentication code is generated by the management network element by performing a message authentication code algorithm on the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile based on the symmetric key shared between the management network element and the control network element; and
the verifying, by the control network element, correctness of the security parameter comprises:
decrypting, by the control network element, the token using the symmetric key, to obtain the message authentication code; and
verifying correctness of the message authentication code using the symmetric key and content that is protected by the message authentication code, wherein
the content protected by the message authentication code comprises the shared key between the function network element and the control network element, the identifier of the function network element, and the function network element profile, and may further comprise an identifier of the control network element.

27. (New) The non-transitory computer-readable storage medium according to claim 25, wherein after the receiving, by a control network element, a registration request sent by a function network element, the operations further comprise:
establishing, by the control network element when determining that the registration request is valid, a secure channel with the function network element based on a session key or a derivation key of a session key; wherein
the control network element obtains the session key by decrypting the token, wherein the token is generated based on the session key, and the session key is generated by the management network element by encrypting an identifier of the function network element based on a preset root key; or the control network element obtains the session key from the management network element, wherein the session key is generated by the management network element by encrypting the identifier of the function network element based on a derivation key, and the derivation key is obtained by the management network element by performing key derivation on a preset root key, or the derivation key is a key of the function network element that is stored by the management network element.

28. (New) The non-transitory computer-readable storage medium according to claim 25, wherein the operations further comprise:
sending, by the control network element, a registration response to the function network element, wherein the registration response indicates whether the function network element is successfully registered.

29. (New) The non-transitory computer-readable storage medium according to claim 26, wherein the operations further comprise:
generating, by the control network element, an additional message authentication code by performing a message authentication code algorithm on an identifier of the control network element and the identifier of the function network element based on the symmetric key shared between the management network element and the control network element; and
sending, by the control network element, a registration response to the function network element, wherein the registration response includes the additional message authentication code.


Allowable Subject Matter

Claims 1,4-5,13-14, and 20-29 are allowed.

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant’s remarks Applicant's remarks filed on 05/31/2022 with respect to the art rejection of the claims have been fully considered and they are persuasive as amended,  as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
    
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance.
Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493