DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 16, 17, 21, 22, 26 and 27 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Vutukuri et al. (US 2020/0322804, hereinafter Vutukuri).
Regarding claim 16, Vutukuri teaches a method for operating a user equipment (UE) (Wireless communication device – FIG. 4, FIG. 6) in a wireless communication system, the method comprising: 
transmitting, to an operator network system, a dedicated Protocol Data Unit (PDU) session establishment request for user plane (UP) signaling messages (PDU session Establishment Request, step 8 – FIG. 4. “Session establishment request” - FIG. 6, message 608, par [0052], [0053]. “Session” is understood to be PDU session indicated in [0032]);
establishing the dedicated PDU session with the operator network system with integrity protection based on a configuration received from the operator network system (Based on the received policies, the base station determines the radio configuration (including the QoS flow to DRB mapping rules) and performs an RRC reconfiguration to provide the wireless communication device with a new DRB (if required), with or without integrity protection (per the indication in the Security profile obtained from the SMF)- [0060]. The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0062]. Note: “employs the RRC configuration to engage… communication” indicates establishing of the session. During the session, it is the responsibility of the RAN node (i.e., the base station) to ensure that the aggregate bit rate over a given period of time on the DRB for which integrity protection is applicable, does not exceed the maximum rate indicated value indicated at step 624 – [0063]); and
exchanging the UP signaling messages over the established dedicated PDU session (The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0063]. Note:  “UL and DL communication in the user plane” teaches “exchanging UP signaling messages”).
	Regarding claim 17, Vutukuri teaches claim 16 and further teaches determining whether the UE supports an integrity protection data rate capability based on an integrity protection maximum data rate of the UE; transmitting, to an operator network system, the integrity protection data rate capability of the UE when the UE supports the integrity protection data rate capability (the wireless communication device includes the security capability container in the capability IE, which is transmitted to the AMF/SMF (via the base station). The security capability container includes a specific IE indicating the UP integrity protection capability of the of the wireless communication device. Specifically, this includes an IE that indicates up to which data rate the wireless communication device can support user plane integrity protection.  As an example, this may be indicated by including a field called upIntegrityProtectionMaxDataRate field in the security capability container – [0049]).

Regarding claim 21, Vutukuri teaches a method for operating an operator network system in a wireless communication system (operator network system includes Base station and AMF/SMF – FIG. 6), the method comprising: 
receiving, from a user equipment (UE), integrity protection data rate capability of the UE; receiving, from the UE, a dedicated Protocol Data Unit (PDU) session establishment request to establish the dedicated PDU session for exchange of user plane (UP) signaling messages (PDU session Establishment Request, step 8 – FIG. 4. “Session establishment request” - FIG. 6, message 608, par [0052], [0053]. “Session” is understood to be PDU session indicated in [0032]); 
establishing the dedicated PDU session with integrity protection based on the integrity protection data rate capability of the UE (Based on the received policies, the base station determines the radio configuration (including the QoS flow to DRB mapping rules) and performs an RRC reconfiguration to provide the wireless communication device with a new DRB (if required), with or without integrity protection (per the indication in the Security profile obtained from the SMF)- [0060]. The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0062]. Note: “employs the RRC configuration to engage… communication” indicates establishing of the session. During the session, it is the responsibility of the RAN node (i.e., the base station) to ensure that the aggregate bit rate over a given period of time on the DRB for which integrity protection is applicable, does not exceed the maximum rate indicated value indicated at step 624 – [0063]); and
exchanging the UP signaling messages with the UE over the established dedicated PDU session with integrity protection when the UE supports the integrity protection data rate capability (The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0063]. Note:  “UL and DL communication in the user plane” teaches “exchanging UP signaling messages”).
Regarding claim 22, Vutukuri teaches claim 21 and further teaches wherein the integrity protection data rate capability of the UE is received when the UE supports an integrity protection data rate capability based on an integrity protection maximum data rate of the UE (the wireless communication device includes the security capability container in the capability IE, which is transmitted to the AMF/SMF (via the base station). The security capability container includes a specific IE indicating the UP integrity protection capability of the of the wireless communication device. Specifically, this includes an IE that indicates up to which data rate the wireless communication device can support user plane integrity protection.  As an example, this may be indicated by including a field called upIntegrityProtectionMaxDataRate field in the security capability container – [0049]).
Regarding claim 26, Vutukuri teaches a user equipment (UE) in a wireless communication system, the UE (Wireless communication device – FIG. 4, FIG. 6) comprising: a transceiver; and at least one processor operably coupled to the transceiver (FIG. 3), and configured to: 
transmit, to an operator network system, a dedicated Protocol Data Unit (PDU) session establishment request for user plane (UP) signaling messages (PDU session Establishment Request, step 8 – FIG. 4. “Session establishment request” - FIG. 6, message 608, par [0052], [0053]. “Session” is understood to be PDU session indicated in [0032]); 
establish the dedicated PDU session with the operator network system with integrity protection based on a configuration received from the operator network system (Based on the received policies, the base station determines the radio configuration (including the QoS flow to DRB mapping rules) and performs an RRC reconfiguration to provide the wireless communication device with a new DRB (if required), with or without integrity protection (per the indication in the Security profile obtained from the SMF)- [0060]. The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0062]. Note: “employs the RRC configuration to engage… communication” indicates establishing of the session. During the session, it is the responsibility of the RAN node (i.e., the base station) to ensure that the aggregate bit rate over a given period of time on the DRB for which integrity protection is applicable, does not exceed the maximum rate indicated value indicated at step 624 – [0063]); and 
exchange the UP signaling messages over the established dedicated PDU session (The wireless communication device employs the RRC configuration to engage in UL and DL communication in the user plane – [0063]. Note:  “UL and DL communication in the user plane” teaches “exchanging UP signaling messages”).
Regarding claim 27, Vutukuri teaches claim 26 and further teaches wherein the processor is further configured to: determine whether the UE supports an integrity protection data rate capability based on an integrity protection maximum data rate of the UE; transmit, to an operator network system, the integrity protection data rate capability of the UE when the UE supports the integrity protection data rate capability (the wireless communication device includes the security capability container in the capability IE, which is transmitted to the AMF/SMF (via the base station). The security capability container includes a specific IE indicating the UP integrity protection capability of the of the wireless communication device. Specifically, this includes an IE that indicates up to which data rate the wireless communication device can support user plane integrity protection.  As an example, this may be indicated by including a field called upIntegrityProtectionMaxDataRate field in the security capability container – [0049]).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 18, 19, 23, 24, 28, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Vutukuri in view of  Wifvesson et al. (US 2019/0394651, hereinafter Wifvesson).
Regarding claim 18, Vutukuri teaches claim 16 and but fails to teach exchanging the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support an integrity protection data rate capability.
However, Wifvesson teaches exchanging the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support an integrity protection data rate capability (The UE and communication network negotiate whether Integrity Protection of UP data sent between UE and base station shall be enabled or disabled. The UE indicates its support or otherwise for UP integrity protection. The UE may indicate as a capability a maximum data rate for integrity protection of UP data. For example, if the UE indicates 64 kbps as its maximum data rate, the network may be assumed to turn the UP integrity on only for data rates equal or lower than 64 kbps. Higher data rates would not use UP integrity  – [0223]. The UE may inform AMF/MME in UE 5G security capabilities/UE EPS security capability that it supports e.g. integrity algorithms EIA0, EIA1 and EIA2 for UP during the normal UE security capability exchange in the NAS signaling as Registration procedure/Attach procedure/Routing Area Update procedure. (This process would apply to step 1 in FIG. 21.) – [0409]. The core network indicates to the UE in NAS layer, based on the policy decision, whether UP integrity shall be used or not – [00427]).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.
Regarding claim 19, Vutukuri teaches claim 16 and but fails to teach wherein the PDU session establishment request is transmitted using a data network name (DNN) configured by the operator network system.
Wifvesson teaches wherein the PDU session establishment request is transmitted using a data network name (DNN) configured by the operator network system (UE to RAN: Registration Request (Registration type, Permanent ID or Temporary ID, Security parameters, NSSAI, indication of UE's support of UP integrity, and preference to use UP integrity or not… The UE may include an indication of its preference (which may be for all data or per network slice type or slice identifier) of whether to use UP integrity or not in the Registration Request message – [0232]-[0235]. The UE specific UP integrity protection policy may be for all user plane data, or restricted to specific network slice type (e.g. Network Slice Selection Assistance Information, NSSAI) or restricted to specific slice identifier (e.g. Data Network Name, DNN).)
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.
Regarding claim 23, Vutukuri teaches claim 21 and but fails to teach exchanging the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support the integrity protection data rate capability.
However, Wifvesson teaches exchanging the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support the integrity protection data rate capability (The UE and communication network negotiate whether Integrity Protection of UP data sent between UE and base station shall be enabled or disabled. The UE indicates its support or otherwise for UP integrity protection. The UE may indicate as a capability a maximum data rate for integrity protection of UP data. For example, if the UE indicates 64 kbps as its maximum data rate, the network may be assumed to turn the UP integrity on only for data rates equal or lower than 64 kbps. Higher data rates would not use UP integrity  – [0223]. The UE may inform AMF/MME in UE 5G security capabilities/UE EPS security capability that it supports e.g. integrity algorithms EIA0, EIA1 and EIA2 for UP during the normal UE security capability exchange in the NAS signaling as Registration procedure/Attach procedure/Routing Area Update procedure. (This process would apply to step 1 in FIG. 21.) – [0409]. The core network indicates to the UE in NAS layer, based on the policy decision, whether UP integrity shall be used or not – [00427]).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.
Regarding claim 24, Vutukuri teaches claim 21 and but fails to teach wherein the PDU session establishment request is received using a data network name (DNN) configured by the operator network system.
Wifvesson teaches wherein the PDU session establishment request is received using a data network name (DNN) configured by the operator network system (UE to RAN: Registration Request (Registration type, Permanent ID or Temporary ID, Security parameters, NSSAI, indication of UE's support of UP integrity, and preference to use UP integrity or not… The UE may include an indication of its preference (which may be for all data or per network slice type or slice identifier) of whether to use UP integrity or not in the Registration Request message – [0232]-[0235]. The UE specific UP integrity protection policy may be for all user plane data, or restricted to specific network slice type (e.g. Network Slice Selection Assistance Information, NSSAI) or restricted to specific slice identifier (e.g. Data Network Name, DNN).)
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.
Regarding claim 28, Vutukuri teaches claim 26 and but fails to teach to exchange the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support an integrity protection data rate capability.
However, Wifvesson teaches to exchange the UP signaling messages with the UE over a non-access-stratum (NAS) to confirm the integrity protection when the UE does not support an integrity protection data rate capability (The UE and communication network negotiate whether Integrity Protection of UP data sent between UE and base station shall be enabled or disabled. The UE indicates its support or otherwise for UP integrity protection. The UE may indicate as a capability a maximum data rate for integrity protection of UP data. For example, if the UE indicates 64 kbps as its maximum data rate, the network may be assumed to turn the UP integrity on only for data rates equal or lower than 64 kbps. Higher data rates would not use UP integrity  – [0223]. The UE may inform AMF/MME in UE 5G security capabilities/UE EPS security capability that it supports e.g. integrity algorithms EIA0, EIA1 and EIA2 for UP during the normal UE security capability exchange in the NAS signaling as Registration procedure/Attach procedure/Routing Area Update procedure. (This process would apply to step 1 in FIG. 21.) – [0409]. The core network indicates to the UE in NAS layer, based on the policy decision, whether UP integrity shall be used or not – [00427]).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.
Regarding claim 29, Vutukuri teaches claim 26 and but fails to teach wherein the PDU session establishment request is transmitted using a data network name (DNN) configured by the operator network system.
Wifvesson teaches wherein the PDU session establishment request is transmitted using a data network name (DNN) configured by the operator network system (UE to RAN: Registration Request (Registration type, Permanent ID or Temporary ID, Security parameters, NSSAI, indication of UE's support of UP integrity, and preference to use UP integrity or not… The UE may include an indication of its preference (which may be for all data or per network slice type or slice identifier) of whether to use UP integrity or not in the Registration Request message – [0232]-[0235]. The UE specific UP integrity protection policy may be for all user plane data, or restricted to specific network slice type (e.g. Network Slice Selection Assistance Information, NSSAI) or restricted to specific slice identifier (e.g. Data Network Name, DNN).)
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Wifvesson in Vutukuri to provide a negotiation mechanism to achieve desired level of service.

Claims 20, 25 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Vutukuri in view of Reddy (US 2018/0219833).
Regarding claim 20, Vutukuri teaches claim 16 and but fails to teach further comprising: receiving, from the operator network system, domain name system (DNS) security credentials; and exchanging protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane.
Reddy teaches further comprising: receiving, from the operator network system, domain name system (DNS) security credentials; and exchanging protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane (In one implementation the second DNS request and the DNS response are integrity protected using a key value, wherein the key value was previously negotiated with a network – [0063]. Communication from a browser, see  [0013], is user plane communication).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Reddy in Vutukuri for mitigating a domain name system (DNS) amplification attack.
Regarding claim 20, Vutukuri teaches claim 16 and but fails to teach transmitting, to the UE, domain name system (DNS) security credentials; and exchanging protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane.
Reddy teaches transmitting, to the UE, domain name system (DNS) security credentials; and exchanging protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane (In one implementation the second DNS request and the DNS response are integrity protected using a key value, wherein the key value was previously negotiated with a network – [0063]. Communication from a browser, see  [0013], is user plane communication).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Reddy in Vutukuri for mitigating a domain name system (DNS) amplification attack.
Regarding claim 30, Vutukuri teaches claim 26 and but fails to teach to receive, from the operator network system, domain name system (DNS) security credentials; and exchange protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane.
Reddy teaches to receive, from the operator network system, domain name system (DNS) security credentials; and exchange protected DNS protocol messages with a DNS server using the DNS security credentials provided by an operator network system over a user plane (In one implementation the second DNS request and the DNS response are integrity protected using a key value, wherein the key value was previously negotiated with a network – [0063]. Communication from a browser, see  [0013], is user plane communication).
It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate features taught by Reddy in Vutukuri for mitigating a domain name system (DNS) amplification attack.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUOC THAI NGOC VU whose telephone number is (571)270-5901. The examiner can normally be reached M-F, 9:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rafael Perez-Gutierrez can be reached on 571-272-7915. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/QUOC THAI N VU/Primary Examiner, Art Unit 2642