Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-22 have been examined.

Drawings
2.	The drawings filed on 12/15/2020 are acceptable for examination proceedings.
Specification
3.	The specification filed on 12/15/2020 is acceptable for examination proceedings.

Information Disclosure Statement
4.	The information disclosure statement (IDS) submitted on 03/29/2022. Accordingly, the information disclosure statement is being considered by the examiner.

Internet Communications
5. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 
Double Patenting
6.	A rejection based on double patenting of the "same invention" type finds its support in the language of 35 U.S.C. 101 which states that "whoever invents or discovers any new and useful process ... may obtain a patent therefor ..."  (Emphasis added).  Thus, the term "same invention," in this context, means an invention drawn to identical subject matter.  See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970).

A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the conflicting claims so they are no longer coextensive in scope.  The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.


7.	Claims 1-22 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-21 of co-pending US Patent No. 10,868,803.  This is a provisional double patenting rejection since the conflicting claims have not in fact been patented. 

8.	Below is a table of comparison between independent claims of the instant application and that of US patent No. 10,868,803.

US Patent No. 10,868,803
Instant / current application No. 17/123,093
1. A method, comprising: configuring, based on hardware characteristics of a radio access device, a first security certificate; setting up a first encrypted tunnel with a first security server using the first security certificate, the first security server configured to grant permission via the first security certificate for obtaining a second security certificate providing access to an operator core network; tearing down the first encrypted tunnel; and setting up a second encrypted tunnel to a second security server within the operator core network using the second security certificate, the second encrypted tunnel configured to allow the radio access device to securely communicate with the operator core network for providing connectivity for user devices to the operator core network, wherein the first encrypted tunnel and the second encrypted tunnel to use a single transport port, thereby enabling the radio access device to obtain the second security certificate via the first encrypted tunnel, wherein the first security certificate is a factory-installed certificate, and wherein the second security certificate is an operational certificate containing security information specific to the operator core network, the security information not present on the radio access device prior to issuance of the second security certificate.
1. A method, comprising: configuring, based on hardware characteristics of a radio access device, a first security certificate; setting up a first encrypted tunnel with a first security server using the first security certificate, the first security server configured to grant permission via the first security certificate for obtaining a second security certificate providing access to an operator core network; tearing down the first encrypted tunnel; and setting up a second encrypted tunnel to a second security server within the operator core network using the second security certificate, the second encrypted tunnel configured to allow the radio access device to securely communicate with the operator core network for providing connectivity for user devices to the operator core network, wherein the second security certificate is an operational certificate containing security information specific to the operator core network, and wherein the first encrypted tunnel and the second encrypted tunnel use a single transport port, thereby enabling the radio access device to obtain the second security certificate via the first encrypted tunnel.  
10. The method of claim 1, wherein the first security certificate is a factory-installed certificate, and wherein the security information is not present on the radio access device prior to issuance of the second security certificate.  
2. The method of claim 1, further comprising configuring the first security certificate not based on characteristics of a telecom operator network.
2. The method of claim 1, further comprising configuring the first security certificate not based on characteristics of a telecom operator network.  
3. The method of claim 1, further comprising setting up the first encrypted tunnel when the radio access device is booted from a factory-configured default state.
3. The method of claim 1, further comprising setting up the first encrypted tunnel when the radio access device is booted from a factory-configured default state.  
4. The method of claim 1, wherein the hardware characteristics of the radio access device include a hardware identifier of a radio interface in the radio access device.
4. The method of claim 1, wherein the hardware characteristics of the radio access device include a hardware identifier of a radio interface in the radio access device.  
5. The method of claim 1, wherein the first security server is configured to permit communications over Transmission Control Protocol (TCP) port number 4500.
5. The method of claim 1, wherein the first security server is configured to permit communications over Transmission Control Protocol (TCP) port number 4500.  
6. The method of claim 1, wherein the first encrypted tunnel and the second encrypted tunnel are encrypted using an IPsec protocol.
6. The method of claim 1, wherein the first encrypted tunnel and the second encrypted tunnel are encrypted using an IPsec protocol.  
7. The method of claim 1, wherein the first security server and the second security server are certificate authorities in a public key infrastructure (PKI).
7. The method of claim 1, wherein the first security server and the second security server are certificate authorities in a public key infrastructure (PKI).  
8. The method of claim 1, wherein the first security certificate is configured to limit traffic using IPsec traffic selectors.
8. The method of claim 1, wherein the first security certificate is configured to limit traffic using IPsec traffic selectors.  
9. The method of claim 1, wherein the radio access device is a small cell, femto cell, macro cell, wireless access point, or wireless access gateway.
9. The method of claim 1, wherein the radio access device is a small cell, femto cell, macro cell, wireless access point, or wireless access gateway.  
10. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, proxying public key infrastructure (PKI) communications between the radio access device and the operator core network.
11. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, proxying public key infrastructure (PKI) communications between the radio access device and the operator core network.  
11. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, requesting the second security certificate on behalf of the radio access device.
12. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, requesting the second security certificate on behalf of the radio access device.  
12. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, managing security certificates for a plurality of radio access devices.
13. The method of claim 1, further comprising, at a gateway situated between the radio access device and the operator core network, managing security certificates for a plurality of radio access devices.  
13. The method of claim 1, wherein the first security server is a gateway situated between the radio access device and the operator core network.
14. The method of claim 1, wherein the first security server is a gateway situated between the radio access device and the operator core network.  
14. The method of claim 1, wherein the radio access device is a virtualized radio access device in a radio access network.
15. The method of claim 1, wherein the radio access device is a virtualized radio access device in a radio access network.  
15. The method of claim 1, wherein the first encrypted tunnel and the second encrypted tunnel transport certificate management protocol messages.
16. The method of claim 1, wherein the first encrypted tunnel and the second encrypted tunnel transport certificate management protocol messages.  
16. The method of claim 1, further comprising sending provisioning configuration for the radio access device through the first encrypted tunnel from the first security server to the radio access device.
17. The method of claim 1, further comprising sending provisioning configuration for the radio access device through the first encrypted tunnel from the first security server to the radio access device.  
17. A non-transitory computer-readable medium containing instructions which, when executed on a processor, perform steps comprising: configuring, based on hardware characteristics of a radio access device, a first security certificate; setting up a first encrypted tunnel with a first security server using the first security certificate, the first security server configured to grant permission via the first security certificate for obtaining a second security certificate providing access to an operator core network; tearing down the first encrypted tunnel; and setting up a second encrypted tunnel to a second security server within the operator core network using the second security certificate, the second encrypted tunnel configured to allow the radio access device to securely communicate with the operator core network for providing connectivity for user devices to the operator core network, wherein the first security certificate is a factory-installed certificate, and wherein the second security certificate is an operational certificate containing security information specific to the operator core network, the security information not present on the radio access device prior to issuance of the second security certificate, thereby enabling the radio access device to obtain the second security certificate via the first encrypted tunnel.
18. A non-transitory computer-readable medium containing instructions which, when executed on a processor, perform steps comprising: configuring, based on hardware characteristics of a radio access device, a first security certificate; setting up a first encrypted tunnel with a first security server using the first security certificate, the first security server configured to grant permission via the first security certificate for obtaining a second security certificate providing access to an operator core network; tearing down the first encrypted tunnel; and setting up a second encrypted tunnel to a second security server within the operator core network using the second security certificate, the second encrypted tunnel configured to allow the radio access device to securely communicate with the operator core network for providing connectivity for user devices to the operator core network, thereby enabling the radio access device to obtain the second security certificate via the first encrypted tunnel.  

10. The method of claim 1, wherein the first security certificate is a factory-installed certificate, and wherein the security information is not present on the radio access device prior to issuance of the second security certificate.  
3. The method of claim 1, further comprising setting up the first encrypted tunnel when the radio access device is booted from a factory-configured default state.
20. The computer-readable medium of claim 15, the steps further comprising setting up the first encrypted tunnel when the radio access device is booted from a factory-configured default state.  
20. The steps of claim 17, wherein the hardware characteristics of the radio access device include a hardware identifier of a radio interface in the radio access device, wherein the first security server is configured to permit communications over Transmission Control Protocol (TCP) port number 4500, wherein the first encrypted tunnel and the second encrypted tunnel are encrypted using an IPsec protocol, wherein the first security server and the second security server are certificate authorities in a public key infrastructure (PKI), wherein the first security certificate is configured to limit traffic using IPsec traffic selectors, wherein the radio access device is a small cell, femto cell, macro cell, wireless access point, or wireless access gateway, wherein the first security certificate is a factory-installed certificate, and wherein the second security certificate is an operational certificate containing security information specific to the operator core network, the security information not present on the radio access device prior to issuance of the second security certificate.
21. The computer-readable medium of claim 15, wherein the hardware characteristics of the radio access device include a hardware identifier of a radio interface in the radio access device, wherein the first security server is configured to permit communications over Transmission Control Protocol (TCP) port number 4500, wherein the first encrypted tunnel and the second encrypted tunnel are encrypted using an IPsec protocol, wherein the first security server and the second security server are certificate authorities in a public key infrastructure (PKI), wherein the first security certificate is configured to limit traffic using IPsec traffic selectors, wherein the radio access device is a small cell, femto cell, macro cell, wireless access point, or wireless access gateway, wherein the first security certificate is a factory-installed certificate, and wherein the second security certificate is an operational certificate containing security information specific to the operator core network, the security information not present on the radio access device prior to issuance of the second security certificate.  
21. A method, comprising: receiving, at a security gateway situated between a radio access device and an operator core network, a first request for a first encrypted tunnel using a first certificate from a radio access device; validating the first certificate using identifying information of the radio access device in the first certificate; granting permission, at the security gateway, for the radio access device to obtain a second security certificate providing access to the operator core network; requesting, at the security gateway, on behalf of the radio access device, the second security certificate from a second security gateway in the operator core network; sending, at the security gateway, the second security certificate to the radio access device using the first encrypted tunnel wherein the first security certificate is a factory-installed certificate, and wherein the second security certificate is an operational certificate containing security information specific to the operator core network, the security information not present on the radio access device prior to issuance of the second security certificate; and tearing down the first encrypted tunnel.
22. A method, comprising: receiving, at a security gateway situated between a radio access device and an operator core network, a first request for a first encrypted tunnel using a first certificate from a radio access device; validating the first certificate using identifying information of the radio access device in the first certificate; granting permission, at the security gateway, for the radio access device to obtain a second security certificate providing access to the operator core network; requesting, at the security gateway, on behalf of the radio access device, the second security certificate from a second security gateway in the operator core network; sending, at the security gateway, the second security certificate to the radio access device using the first encrypted tunnel; and tearing down the first encrypted tunnel.  


Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Mansion   





A.G.
July 30, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434