DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Remark

This communication is considered fully responsive to the amendment filed on 07/05/22.
a. Independent claims 1, 8, and 15 have been amended.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6-9, 13-16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Welin et al. (US 2016/0135074, “Welin”) in view of Canpolat et al. (US 2021/0329499, “Canpolat”) and further in view of Hu (US 2016/0057108, “Hu”).
Regarding claim 1, Welin discloses a method comprising:
- receiving, from a client device and at a network device of a network, a request to establish an encrypted tunnel through the network such that data-plane traffic flows between the client device and a service via the encrypted tunnel (See S110 fig.6 and ¶.89, receiving data packet flow. The RAT circuitries in the Radio Base Modules 14-20 (FIG. 2) receive the user data packets from different UEs connected to the access node 12; See S130 fig.6 and ¶.91, encrypting and encapsulating one or more received data packets as payload in an IP data packet to be sent over an aggregated encrypted IPsec tunnel; Examiner’s Note: Canpolat discloses the limitation of “receiving a request”);
- determining that the data-plane traffic is of a particular traffic class from among a group of traffic classes, the particular traffic class being associated with a particular quality of service (QoS) performance metric (See ¶.16, an access technology index is inserted in the header of the IPsec tunnel is that it makes it possible to differentiate the data flow based on radio or fixed access technologies even if they belong to the same traffic class, i.e. require the same Quality of Service, and the IP packets are sent inside the same IPsec tunnel from a node, e.g. a Radio Base Station; See ¶.46, each IP data packet may further be marked with a QoS class based on the traffic class used by the user equipment for the specific service regardless of which access technology each data packet originates from. The controller further comprises marking means which is configured to marking to IPsec tunnel headers thereby enabling identification of the access technology enabling enhanced scheduling treatment based on access technology; See ¶.71, the AT index is in inserted in the Reserved field or Security Parameters Index field of the AH header. The Reserved field is 16 bits long and filled with zeros. The Security Parameters Index (SPI) field, 8 bits of the 32 bits may be reserved for the AT index. According to one embodiment, 8 bits of said 16 bits may be used for the AT index—3 bits for identifying the originating AT and 5 bits for a hash identifier code. The new 8 bit long AT index in the Reserved field or SPI field is used for supporting Hierarchical QoS scheduling and load balancing; See ¶.111, traffic for the same traffic class is queued in the same QoS queue, but the technology marking makes it possible to apply QoS policies or profiles for traffic per technology and traffic class at each aggregation point/node in a network and queue the traffic in the same or different QoS queues);
- generating a security parameter index (SPI) value to be used by the client device for the data-plane traffic (See fig.3, Security Parameter Index (SPI); See ¶.82, according to this embodiment, the AT index is in inserted in the Security Parameter Index field. The SPI field is 32 bits long. For example, 8 bits of said 32 bits may be used for the AT index-3 bits for identifying the originating AT and 5 bits for a hash identifier code, and remaining 24 bits are used as the normal SPI identifier. The new 8 bit long AT index in the SPI field is used for supporting Hierarchical QoS scheduling and load balancing; See ¶.46, each IP data packet may further be marked with a QoS class based on the traffic class used by the user equipment for the specific service regardless of which access technology each data packet originates from. The controller 22 further comprises marking means 24 which is configured to marking to IPsec tunnel headers thereby enabling identification of the access technology enabling enhanced scheduling treatment based on access technology; See ¶.89, the header comprises QoS information, e.g. Traffic class; See ¶.111, Traffic for the same traffic class is queued in the same QoS queue, but the technology marking makes it possible to apply QoS policies or profiles for traffic per technology and traffic class at each aggregation point/node in a network and queue the traffic in the same or different QoS queues; See ¶.112, The hash identifier code in the AT index is further used by the routing and/or switching means 52:3 for achieving load balancing e.g. when Equal Cost Multi Path (ECMP) or Link Aggregation Group (LAG) protocol is used; Examiner’s Note; Canpolat further discloses the method of generating);
- sending, to the client device, an indication of the SPI value (See S150 fig.6 and ¶.96, sending the IP data packets via the aggregated encrypted IPsec tunnel. The controller is configured to send by means of a sender the IP data packets through the same established IPsec tunnel from the RBS to a destination gateway: Examiner’s Note: Canpolat discloses the limitations “sending the SPI value to the client”); 
- receiving, at a load balancing node associated with the network, a data packet of the data-plane traffic that includes the SPI value (See ¶.17, the access technology index enables load balancing using the hashing identifier between different routes/paths in a data and telecommunication network and hierarchical QoS scheduling; See ¶.40, enable load balancing, i.e. distribute data packet flows between data paths in the communications network, by using the hash identifier code and/or AT identifier code as input parameter together with a 5 tuple of parameters for the IP data packet flow in the hash algorithm for computing the hash code. Optionally, QoS may also be used as input parameter in the hash algorithm; Examiner’s Note: Hu discloses a load balancing node); and
- based at least in part on the data packet including the SPI value, sending the data packet through the network such that the data packet is handled according to the particular QoS performance metric (See fig.9 and ¶.40, enable load balancing, i.e. distribute data packet flows between data paths in the communications network, by using the hash identifier code and/or AT identifier code as input parameter together with a 5 tuple of parameters for the IP data packet flow in the hash algorithm for computing the hash code. Optionally, QoS may also be used as input parameter in the hash algorithm; See fig.8A-B and ¶.56, different routing paths have different values. For load balancing in a data communication network, e.g. transport network, it is therefore possible to route IPsec tunnels marked with the same AT identifier code by means of the AT index comprising a hash identifier code).
Welin does not explicitly disclose the method of “receiving, from a client device, a request to establish an encrypted tunnel and sending, to the client device, an indication of the SPI value.”
However, Canpolat discloses the method of receiving, from a client device, a request to establish an encrypted tunnel and sending, to the client device, an indication of the SPI value (See 806-810 fig.8, sending the request frame to an access point and identify a response frame received from the AP; See ¶.227, at block 806, the device may generate a request frame, either an ADDTS frame (e.g., FIGS. 3A-3B) or a QoS Negotiation frame (e.g., (FIGS. 4A-4B). The request frame may include a requested 802.11 user priority and an IPSec information element that includes the IPSec SPI field of block 804. See ¶.292, identify a frame received, using a cellular stack, from a second device, the frame indicative of 5G QoS characteristics; determine an IP Security (IPSec) Security Parameter Index (SPI) field for IPSec association, the IPSec SPI field comprising a first value for an IPSec child security association or a second value for a signaling IPSec association established between the second device and the device; generate, using a wireless local area network station (WLAN STA) of the device, a request frame, the request frame comprising a requested 802.11 User Priority, and comprising an IPSec information element, the IPSec information element comprising an IPSec Security Protocol field indicative of an encapsulated security protocol, the IPSec information element further comprising the IPSec SPI field and a destination IP address; send the request frame to an access point device; and identify a response frame received, from the access point device, using the WLAN STA, the response frame indicative of an admission or rejection of the requested 802.11 User Priority; See further ¶.305, ¶.309, and ¶.313).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of “receiving, from a client device, a request to establish an encrypted tunnel and sending, to the client device, an indication of the SPI value” as taught by Canpolat into the system of Welin, so that it provides a way of ensuring that the QoS differentiation within WLAN access can be provided for these 5G QoS flows carried over Wi-Fi access taking into account 5G QoS characteristics, to satisfy end-to-end QoS requirements for applications/services no matter which radio access carries the traffic (Canpolat, See ¶.24).”
Welin discloses the method of “the access technology index enables load balancing using the hashing identifier between different routes/paths in a data and telecommunication network and hierarchical QoS scheduling (See ¶.17 and ¶.40), but does not explicitly disclose the limitation “a load balancing node.” 
However, Hu discloses a load balancing node (See 122 fig.1 and ¶.7, a load balancer (LB) disposed between IPsec clients and IPsec processing units forwards IPsec traffic therebetween in accordance with a mapping list provided by a central control module, wherein the mapping list allocates traffic to each PU in accordance with one or more of Internet Key Exchange (IKE), Encapsulating Security Payload (ESP), Authentication Header (AH) Security Parameter Index (SPI) information associated with a particular IPsec packet or stream received by the load balancer).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply “a load balancing node” as taught by Hu into the system of Welin and Canpolat, so that it provides a way of receiving IPsec traffic via the load balancer (Hu, See ¶.8).
Welin discloses that “each IP data packet may further be marked with a QoS class based on the traffic class (See ¶.46), but does not explicitly disclose newly added limitations “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class.”
However, Canpolat discloses the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class (Canpolat, See ¶.55, the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class); the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class (Canpolat, See ¶.23, these PDU sessions carry user data traffic over 5G QoS flows. A 5G quality of service (QoS) flow is the finest granularity for QoS differentiation within the 5G system. For 5G QoS flows which are to be carried over WLAN access (either for single access PDU session or MA PDU session), the N3IWF/TNGF receives 5G QoS profile information with a QoS Flow Identifier (QFI), QoS characteristics and parameters from the 5G Core Network; See ¶.36,  the present disclosure describes a WLAN AP-initiated (network centric) QoS negotiation mechanism within the WLAN access to establish QoS traffic streams and provide QoS differentiation for 5G user data flows and 5G signaling carried over trusted Wi-Fi access, to ensure end-to-end Quality of Service over Wi-Fi in 5G systems).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class” as taught by Canpolat into the system of Welin, so that it provides a way for WLAN access to establish QoS traffic streams and provide QoS differentiation for user data flows (Canpolat, See ¶.36).

Regarding claim 2, Welin discloses “generating the SPI value comprises: generating, based at least in part on the particular traffic class, a first combination of bits representing the particular QoS performance metric of which the data packet is to be handled; generating a second combination of bits representing a security association; and masking the first combination of bits and the second combination of bits such that the first combination of bits comprises a first portion of the SPI value and the second combination of bits comprises a second portion of the SPI value (See ¶.16, an access technology index is inserted in the header of the IPsec tunnel is that it makes it possible to differentiate the data flow based on radio or fixed access technologies even if they belong to the same traffic class, i.e. require the same Quality of Service, and the IP packets are sent inside the same IPsec tunnel from a node, e.g. a Radio Base Station; See ¶.46, each IP data packet may further be marked with a QoS class based on the traffic class used by the user equipment for the specific service regardless of which access technology each data packet originates from. The controller further comprises marking means which is configured to marking to IPsec tunnel headers thereby enabling identification of the access technology enabling enhanced scheduling treatment based on access technology; See ¶.71, the AT index is in inserted in the Reserved field or Security Parameters Index field of the AH header. The Reserved field is 16 bits long and filled with zeros. The Security Parameters Index (SPI) field, 8 bits of the 32 bits may be reserved for the AT index. According to one embodiment, 8 bits of said 16 bits may be used for the AT index—3 bits for identifying the originating AT and 5 bits for a hash identifier code. The new 8 bit long AT index in the Reserved field or SPI field is used for supporting Hierarchical QoS scheduling and load balancing; See ¶.111, traffic for the same traffic class is queued in the same QoS queue, but the technology marking makes it possible to apply QoS policies or profiles for traffic per technology and traffic class at each aggregation point/node in a network and queue the traffic in the same or different QoS queues).”

Regarding claim 6, Welin discloses “wherein sending the data packet through the network comprises sending the data packet through the network using an equal-cost multi-path (ECMP) routing algorithm based at least in part on the SPI value and a 5-tuple of the data packet (See ¶.112, ECMP).”

Regarding claim 7, Welin and Canpolat do not explicitly disclose what Hu discloses “wherein generating the SPI value comprises generating multiple SPI values to be used by the client device for the data-plane traffic, each one of the multiple SPI values corresponding with a respective traffic class, each respective traffic class (See ¶.35, IPsec packets/traffic parameter values, i.e. SPI; See ¶.36, a first range of SPI values X …a second range of SPI values Y).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of “generating the SPI value comprises generating multiple SPI values to be used by the client device for the data-plane traffic, each one of the multiple SPI values corresponding with a respective traffic class, each respective traffic class” as taught by Hu into the system of Welin and Canpolat, so that it provides a way of identifying the selected IPsec processing according to SPI values (Hu, See ¶.34-36).

Regarding claim 8, it is a system claim corresponding to the method claim 1, except the limitations “one or more processors and one or more non-transitory computer-readable media (See ¶.14, a processor and memory)” and is therefore rejected for the similar reasons set forth in the rejection of the claim.

Regarding claims 9, 13, and 14, they are claims corresponding to claims 2, 6, & 7, respectively and are therefore rejected for the similar reasons set forth in the rejection of the claims.

Regarding claim 15, it is a non-transitory computer-readable media claim corresponding to the method claim 1 and is therefore rejected for the similar reasons set forth in the rejection of the claim.

Regarding claims 16 and 20, they are claims corresponding to claims 2 & 7, respectively and are therefore rejected for the similar reasons set forth in the rejection of the claims.

Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Welin in view of Canpolat and Hu and further in view of Vaarala et al. (US 2017/0093799, “Vaarala”).
Regarding claim 3, Welin, Canpolat, and Hu do not explicitly disclose what Vaarala discloses “the first combination of bits is represented by a first hexadecimal digit and the second combination of bits is represented by multiple hexadecimal digits (Vaarala, See fig.3 and ¶.84, In terms of FIG. 3, the outer source address would be “c-addr-1” (195.1.2.3), the outer destination address “c-addr-2” (212.90.65.1), while the SPI field would be “c-SPI-2” (0x12341234). The notation 0xNNNNNNNN indicates a 32-bit unsigned integer value, encoded using a hexadecimal notation (base 16). The inner source address is processed by IPSec in the first computer, and would typically be encrypted. In this example, the inner source address would be the static address of the mobile terminal, e.g. 10.0.0.1).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of “the first combination of bits is represented by a first hexadecimal digit and the second combination of bits is represented by multiple hexadecimal digits” as taught by Vaarala into the system of Welin, Canpolat, and Hu, so that it provides a way for a unique identify to be read from the secure message including SPP values in format of hexadecimal (Vaarala, See claim 8).

Regarding claims 10 and 17, they are claims corresponding to claims 3 & 3, respectively and are therefore rejected for the similar reasons set forth in the rejection of the claims.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Welin in view of Canpolat and Hu and further in view of Preda et al. (US 2021/0329456, “Preda”).
Regarding claim 4, Welin, Canpolat, and Hu do not explicitly disclose what Preda discloses “a first portion of the SPI value is a first identifier corresponding with the particular traffic class and a second portion of the SPI value is a second identifier corresponding with a security association of the network (See ¶.12, the generation of the SPI value is based at least in part on the data associated with the UE. In some embodiments of this aspect, the data used to derive the unique identifier and generate the SPI value uniquely identifies IPsec traffic associated with the UE for IP-level filtering of traffic between the first network node and the second network node; See ¶.15, the SPI value based at least in part on a unique identifier for a user equipment, UE, and the SPI value being unique to an IPsec session associated with the UE).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of “a first portion of the SPI value is a first identifier corresponding with the particular traffic class and a second portion of the SPI value is a second identifier corresponding with a security association of the network” as taught by Preda into the system of Welin, Canpolat, and Hu, so that it provides a way of observing IP security and traffic according to the unique identifier of a UE (Preda, See ¶.15).

Regarding claims 11 and 18, they are claims corresponding to claims 4 & 4, respectively and are therefore rejected for the similar reasons set forth in the rejection of the claims.
 
Allowable Subject Matter

Claims 5, 12, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Response to Arguments
Applicant's arguments filed have been considered. But, in view of the applicant’s amendment to the claims, examiner has clarified and remapped the rejection to the argued claim limitations, which are newly added claim limitations, using the prior art of record in the current prosecution of the claims. Specially, Canpolat discloses or suggests the newly added claim limitations as rejected in claim 1.
At pages 10-11, applicant’s key argument is that the primary prior art, Welin fails to disclose the newly added claim limitations, “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class.”
In reply, Welin discloses that “each IP data packet may further be marked with a QoS class based on the traffic class (See ¶.46), but does not explicitly disclose newly added limitations “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class.”
However, Canpolat discloses the newly added limitations “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class (Canpolat, See ¶.55, the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class); the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class (Canpolat, See ¶.23, these PDU sessions carry user data traffic over 5G QoS flows. A 5G quality of service (QoS) flow is the finest granularity for QoS differentiation within the 5G system. For 5G QoS flows which are to be carried over WLAN access (either for single access PDU session or MA PDU session), the N3IWF/TNGF receives 5G QoS profile information with a QoS Flow Identifier (QFI), QoS characteristics and parameters from the 5G Core Network; See ¶.36,  the present disclosure describes a WLAN AP-initiated (network centric) QoS negotiation mechanism within the WLAN access to establish QoS traffic streams and provide QoS differentiation for 5G user data flows and 5G signaling carried over trusted Wi-Fi access, to ensure end-to-end Quality of Service over Wi-Fi in 5G systems).”
Therefore, one of ordinary skill in the art applies the method of “the SPI value indicative of the particular traffic class for handling the data-plane traffic, the SPI value being distinguishable from another SPI value that is indicative of another traffic class; the particular QoS performance metric distinguishable from another QoS performance metric associated with the other traffic class” as taught by Canpolat into the system of Welin in order for WLAN access to establish QoS traffic streams and provide QoS differentiation for user data flows. Therefore, the examiner disagrees respectfully.

                                                                  Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

   Contact Information

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jung Park whose telephone number is 571-272-8565. The examiner can normally be reached on Mon-Fri during 7:00-3:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Derrick Ferris can be reached on 571-272-3123.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JUNG H PARK/Primary Examiner, Art Unit 2411