Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the application filed on 03/29/2022, in which, claim(s) 1-20 is/are pending.

Response to Arguments
Claim Rejections - 35 U.S.C. § 112:
Applicants’ arguments with respect to 112 2nd paragraph with rejection of claim(s) 19 have been fully considered and are persuasive.  The rejection of 112 2nd paragraph have been withdrawn in view of the amendment to claim. 

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Although Bolle does not explicilty discloses “wherein the core network based identifier and the radio access based identifier are distinct identifiers…”. It is unclear what the identifier of the core network based and the identifier of the radio access based have to do with the claimed invention. Since the claim use the wireless identifier identify the wireless device; therefore the identifier of the core network based and the identifier of the radio access based is not even being used.

Applicant’s arguments with respect to the rejection of claim(s) 1-20 have been considered but are moot in view of the new ground(s) of rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 19 and 20 recites the limitation “wherein the core network based identifier and the radio access based identifier are distinct identifiers…” (emphasis added).  There is insufficient antecedent basis for the term “the core network based identifier” (emphasis added) limitation in the claim.
Dependent claims 2-18 are rejected for at least in part for incorporating the deficiency of claim 1 as stated above.
There is only indication of “a core network based identifier of the wireless device”, which is not the same as the identifier of the core network based itself.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-8, 12-15 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bolle et al. (WO 2021/105377 A1 – priority date of 11/29/2019; hereinafter Bolle) in view of Lu et al. (Pub. No.: US 2010/0208698 A1; hereinafter Lu).
Regarding claims 1 and 19, Bolle discloses a method comprising:
receiving, by a processing system including at least one processor, an indication of a request of a wireless device to access a service of a wireless communication network, wherein the wireless communication network includes a radio access network and a core network, wherein the wireless device is served by a wireless access device of the radio access network (the communication device (e.g., wireless device) trying to access wireless service, via access node (e.g., radio access network) and core network node (e.g., a core network) [Bolle; pp. 1-2; fig. 1, 6-8 and associated text]);
obtaining, by the processing system based on the request to access the service of the wireless communication network, an indication of a malicious activity of the wireless device within the wireless communication network, wherein the indication of the malicious activity of the wireless device within the wireless communication network comprises a core network based identifier of the wireless device, wherein the core network based identifier of the wireless device is configured to uniquely identify the wireless device within the core network (identifying a potential malicious service data flow associated with the communication device towards an access node that services and toward a core network node, in which identifier of the communication device, the identifier of the access node, and identifier of the cord network node are included in the packet information [Bolle; pp. 18-20; fig. 6-8 and associated text]);
determining, by the processing system based on the core network based identifier of the wireless device, a radio access network based identifier of the wireless device and a radio access network controller identifier of a radio access network controller of the radio access network that is associated with the wireless access device serving the wireless device, wherein the radio access network based identifier of the wireless device is configured to uniquely identify the wireless device within the radio access network (the cord network node identify the access node (e.g., WLAN, WAN, RAN) and network controller (e.g., RNC, BSC) that service communication device in access to the network, the cord network node that process the data packet from the communication device and generating packet handling rules for potentially malicious data packets [Bolle; pp. 18-20, 38-40; fig. 6-8 and associated text]); and
initiating, by the processing system based on the radio access network based identifier of the wireless device and the radio access network controller identifier of the radio access network controller, a mitigation action for mitigating the malicious activity of the wireless device within the wireless communication network (obtain an identifier that indicates the data packet associated with potentially malicious service data flow, handle the potentially malicious data packet according to the packet handling rule [Bolle; pp. 14-15, 21-23; fig. 3, 6-8 and associated text]). Bolle does not explicilty discloses wherein the core network based identifier and the radio access network based identifier are distinct identifiers; however, in a related and analogous art, Lu teaches this feature.
IN particular, Lu teaches the different in network device having their own identifier use to identify the devices, including core network identifier, access network identifier, etc., [Lu; ¶36; Fig. 1 and associated text]. It would have been obvious before the effective filing date of the claimed invention to modify Bolle in view Lu with the motivation to known identifier for easier to associated data flow between known networks.

Regarding claim 2, Bolle-Lu combination discloses the method of claim 1, wherein the obtaining of the indication of the malicious activity of the wireless device within the wireless communication network comprises:
detecting, by the processing system at an element of the core network, the malicious activity of the wireless device within the wireless communication network (the core network node detects the potentially malicious data packet is within the wireless network [Bolle; pp. 14-15, 21-23; fig. 3, 6-8 and associated text]).

Regarding claim 3, Bolle-Lu combination discloses the method of claim 2, wherein the detecting of the malicious activity of the wireless device within the wireless communication network is based on an analysis of at least one of a call detail record or a key performance indicator (DDoS attack is detected using packet filters, indicator and QFI/5QI values [Bolle; pp. 6, 62; fig. 2-3, 6-8 and associated text]).

Regarding claim 4, Bolle-Lu combination discloses the method of claim 1, wherein the obtaining of the indication of the malicious activity of the wireless device within the wireless communication network comprises:
receiving, by the processing system from an element of the radio access network or an element of the core network, the indication of the malicious activity of the wireless device within the wireless communication network (the core network node detects the potentially malicious data packet is within the wireless network [Bolle; pp. 14-15, 21-23; fig. 3, 6-8 and associated text]).

Regarding claim 5, Bolle-Lu combination discloses the method of claim 1, wherein the determining of the radio access network based identifier and the radio access network controller identifier comprises:
sending, by the processing system, a query including the core network based identifier of the wireless device (a request for the detection report by the security function of the core network node, in which includes the wireless device id [Bolle; pp. 5-6; 18-20, 38-40; fig. 2, 6-8 and associated text]); and
receiving, by the processing system, a response including the radio access network based identifier of the wireless device and the radio access network controller identifier (the reports includes wireless device ID, exception ID, target IP, etc., [Bolle; pp. 5-6; 18-20, 38-40; fig. 2, 6-8 and associated text]).

Regarding claim 6, Bolle-Lu combination discloses the method of claim 1, wherein the radio access network based identifier of the wireless device and the radio access network controller identifier of the radio access network controller are determined based on a mapping of the core network based identifier of the wireless device to the radio access network based identifier of the wireless device, wherein the mapping of the core network based identifier of the wireless device to the radio access network based identifier of the wireless device is determined based on an attachment of the wireless device to the radio access network and a set of records of the core network (the malicious data packet is mapped onto a QoS flow, mapping the malicious data packet with the sender, access node it bypass and target destination [Bolle; pp. 5-6; 18-20, 38-40; fig. 4, 6-8 and associated text]).

Regarding claim 7, Bolle-Lu combination discloses the method of claim 1, wherein the core network based identifier comprises a subscriber identifier (including the mobile subscriber identifier of the UE [Bolle; pg. 17; fig. 4, 6-8 and associated text]).

Regarding claim 8, Bolle-Lu combination discloses the method of claim 7, wherein the subscriber identifier comprises an international mobile subscriber identity (Bolle discloses of a MSI. Since the claim does not distinguished what IMSI function are; therefore it is treated the same as a MSI [Bolle; pg. 17; fig. 4, 6-8 and associated text]).

Regarding claim 12, Bolle-Lu combination discloses the method of claim 1, wherein the initiating of the mitigation action comprises:
sending, by the processing system toward the radio access network, a message indicative that the wireless device has been identified as malicious, wherein the message indicative that the wireless device has been identified as malicious includes the radio access network based identifier of the wireless device and the radio access network controller identifier of the radio access network controller (identifying a potential malicious service data flow associated with the communication device towards an access node that services and toward a core network node, in which identifier of the communication device, the identifier of the access node, and identifier of the cord network node are included in the packet information [Bolle; pp. 18-20; fig. 6-8 and associated text], the cord network node identify the access node (e.g., WLAN, WAN, RAN) and network controller (e.g., RNC, BSC) that service communication device in access to the network, the cord network node that process the data packet from the communication device and generating packet handling rules for potentially malicious data packets [Bolle; pp. 18-20, 38-40; fig. 6-8 and associated text], obtain an identifier that indicates the data packet associated with potentially malicious service data flow, handle the potentially malicious data packet according to the packet handling rule [Bolle; pp. 14-15, 21-23; fig. 3, 6-8 and associated text]).

Regarding claim 13, Bolle-Lu combination discloses the method of claim 1, wherein the initiating of the mitigation action comprises:
sending, by the processing system toward the radio access network controller of the radio access network based on the radio access network controller identifier of the radio access network controller, a message indicative that the wireless device has been identified as malicious, wherein the message indicative that the wireless device has been identified as malicious includes the radio access network based identifier of the wireless device (send alert message of the malicious data packet from the communication device and request suspending of the communication device that contains malicious data packet [Bolle; pp. 16-17; fig. 4, 6-8 and associated text]).

Regarding claim 14, Bolle-Lu combination discloses the method of claim 13, wherein the mitigation action is configured to cause the radio access network controller to at least one of: 
initiate a process for causing the wireless device to be released from the radio access network and initiate a process for blocking the wireless device from accessing the radio access network (suspending of the communication device that contains malicious data packet [Bolle; pp. 16-17; fig. 4, 6-8 and associated text]).

Regarding claim 15, Bolle-Lu combination discloses the method of claim 1, wherein the mitigation action comprises an action configured to cause the wireless device to be released from the radio access network (suspending of the communication device that contains malicious data packet [Bolle; pp. 16-17; fig. 4, 6-8 and associated text]).

Claim 9-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bolle-Lu combination in view of Jain (Pub. No.: US 2020/0314655 A1).
Regarding claim 9, Bolle-Lu combination discloses the method of claim 1, wherein the radio access network based identifier comprises including a wireless device identifier of the wireless device within the radio access network and a mobility management identifier of the wireless device within the radio access network (the cord network node identify the access node (e.g., WLAN, WAN, RAN) and network controller (e.g., RNC, BSC) that service communication device in access to the network, the cord network node that process the data packet from the communication device and generating packet handling rules for potentially malicious data packets [Bolle; pp. 14-17; fig. 3-4 and associated text]). Bolle does not explicilty discloses of a tuple; however, in a related and analogous art, Jain teaches this feature.
In particular, Jain teaches tuple with S1APID uniquely id and UE IP address [Jain; ¶40-42]. It would have been obvious before the effective filing date of the claimed invention to modify Bolle in view of Jain with the motivation for better tracking purposes [Jain; ¶40].

Regarding claim 10, Bolle-Lu-Jain combination discloses the method of claim 9, wherein the wireless device identifier of the wireless device within the radio access network is assigned within the radio access network and the mobility management identifier of the wireless device within the radio access network is assigned within the core network (it is standardized the access network assigned identifier to the communication device and the core network assigned identifier to the access network since it understand its management [Bolle; pp. 14-17; fig. 3-4 and associated text]).

Regarding claim 11, Bolle-Jain combination discloses the method of claim 9, wherein the wireless device identifier of the wireless device within the radio access network comprises a user equipment s1 application protocol identifier and the mobility management identifier of the wireless device within the radio access network comprises a mobility management entity s1 application protocol identifier (Jain teaches the radio access network using S1 Application Protocol with the UE request, in which the S1AP ID is use to uniquely identify the UE [Jain; ¶39]. It would have been obvious before the effective filing date of the claimed invention to modify Bolle in view of Jain with the motivation to easier identify the UE [Jain; ¶39].

Claim 16-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bolle-Lu combination in view of Parsons et al. (Pub. No.: US 2012/0094633 A1; hereinafter Parsons).
Regarding claim 16, Bolle-Lu combination does not explicilty discloses the method of claim 1, wherein the mitigation action comprises an action configured to cause the wireless device to be added to a blacklist of wireless devices which are to be blocked from accessing the radio access network; however, in a related and analogous art, Parsons teaches this feature.
In particular, Parsons teaches adding the IMSI of the wireless device to a blacklist and block the wireless device access when determines that the wireless device is the blacklist [Parson; ¶77-98; Fig. 6-7 and associated text]). It would have been obvious before the effective filing date of the clamed invention to modify Bolle-Lu combination in view of Parsons with the motivation to better secure the wireless network.

Regarding claim 17, Bolle-Lu combination discloses the method of claim 1, further comprising:
receiving, by the processing system, a request of the wireless device to access the radio access network (the communication device (e.g., wireless device) trying to access wireless service, via access node (e.g., radio access network) and core network node (e.g., a core network) [Bolle; pp. 1-2; fig. 1, 6-8 and associated text]).
Bolle does not explicilty discloses the following features; however, in a related and analogous art, Parson teaches these features.
determining, by the processing system based on a blacklist of wireless devices to be blocked from accessing the radio access network, that the wireless device is not permitted to access the radio access network, wherein the wireless device was previously added to the blacklist of wireless devices to be blocked from accessing the radio access network based on the mitigation action for mitigating the malicious activity of the wireless device (adding the IMSI of the wireless device to a blacklist and block the wireless device access when determines that the wireless device is the blacklist [Parson; ¶77-98; Fig. 6-7 and associated text]); and 
initiating, by the processing system based on the request of the wireless device to access the radio access network and based on the determination that the wireless device is not permitted to access the radio access network, a process for blocking the wireless device from accessing the radio access network (receive indication that the wireless device request for communication, detect that the wireless device is on the blacklists, block the wireless device from communication [Parson; ¶77-93; Fig. 6 and associated text]). It would have been obvious before the effective filing date of the clamed invention to modify Bolle-Lu combination in view of Parsons with the motivation to better secure the wireless network.

Regarding claim 18, Bolle-Lu-Parson combination discloses the method of claim 17, wherein the process for blocking the wireless device from accessing the radio access network comprises a process for interrupting a radio access network connection procedure (the wireless device cannot create session when IMSI is on blacklist and MSISDN is revoked [Parson; ¶77-98; Fig. 6-7 and associated text]). It would have been obvious before the effective filing date of the clamed invention to modify Bolle-Lu combination in view of Parsons with the motivation to better secure the wireless network.

Regarding claim 20, Bolle discloses a method comprising:
receiving, by a processing system including at least one processor, a request of a wireless device to access a wireless communication network, wherein the wireless communication network includes a radio access network and a core network (the communication device (e.g., wireless device) trying to access wireless service, via access node (e.g., radio access network) and core network node (e.g., a core network) [Bolle; pp. 1-2; fig. 1, 6-8 and associated text]);
determining, by the processing system based on the request of the wireless device to access the wireless communication network, a radio access network based identifier of the wireless device, wherein the radio access network based identifier of the wireless device is configured to uniquely identify the wireless device within the radio access network (the cord network node identify the access node (e.g., WLAN, WAN, RAN) and network controller (e.g., RNC, BSC) that service communication device in access to the network, the cord network node that process the data packet from the communication device and generating packet handling rules for potentially malicious data packets [Bolle; pp. 18-20, 38-40; fig. 6-8 and associated text]);
identification of a core network based identifier of the wireless device based on the determination that the wireless device engaged in malicious activity within the core network, identification of the radio access network based identifier of the wireless device based on a mapping between the core network based identifier of the wireless device and the radio access network based identifier of the wireless device (identifying a potential malicious service data flow associated with the communication device towards an access node that services and toward a core network node, in which identifier of the communication device, the identifier of the access node, and identifier of the cord network node are included in the packet information [Bolle; pp. 18-20; fig. 6-8 and associated text]).
Bolle does not explicilty discloses wherein the core network based identifier and the radio access network based identifier are distinct identifiers; however, in a related and analogous art, Lu teaches this feature.
IN particular, Lu teaches the different in network device having their own identifier use to identify the devices, including core network identifier, access network identifier, etc., [Lu; ¶36; Fig. 1 and associated text]. It would have been obvious before the effective filing date of the claimed invention to modify Bolle in view Lu with the motivation to known identifier for easier to associated data flow between known networks.
Bolle-Lu combination does not explicilty discloses the following features; however, in a related and analogous art, Parson teaches these features.
determining, by the processing system based on the radio access network based identifier of the wireless device and based on a blacklist of wireless devices to be blocked from accessing the radio access network, that the wireless device is to be blocked from accessing the radio access network, wherein the wireless device was previously added to the blacklist of wireless devices to be blocked from accessing the radio access network based on a determination that the wireless device engaged in malicious activity within the core network, and addition of the radio access network based identifier of the wireless device to the blacklist of wireless devices to be blocked from accessing the radio access network (adding the IMSI of the wireless device to a blacklist and block the wireless device access when determines that the wireless device is the blacklist [Parson; ¶77-98; Fig. 6-7 and associated text]); and
initiating, by the processing system based on the determination that the wireless device is to be blocked from accessing the radio access network, a process for blocking the wireless device from accessing the radio access network (receive indication that the wireless device request for communication, detect that the wireless device is on the blacklists, block the wireless device from communication [Parson; ¶77-93; Fig. 6 and associated text]). It would have been obvious before the effective filing date of the clamed invention to modify Bolle-Lu combination in view of Parsons with the motivation to better secure the wireless network.

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAO Q HO/Primary Examiner, Art Unit 2432