DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is in responsive to the communication filed 05/27/2022.

Response to Arguments
Applicant’s arguments, with respect to 35 USC 112 have been fully considered and are persuasive. The 35 USC 112 rejection has been withdrawn in light of claim amendment. 

Applicant’s arguments, with respect to claims over prior art have been fully considered and are persuasive. The 35 USC 103 rejection of claims 1-20 has been withdrawn in light of claim amendment and examiner’s amendment.

Applicant’s arguments, with respect to claim objection have been fully considered and are persuasive. The claim objection has been withdrawn in light of claim amendment. 

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: The present invention is directed towards establishing trust credentials for network functions. Claims 1, 10, and 18 identifies the uniquely features “wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function; obtaining, by the network function and from the CRT, the network address of the trust anchor platform; generating, by the network function, a certificate signing request (CSR) to request a digital certificate; submitting, by the network function and to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR; and  receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters”.

The closest prior art, Singaravelu et al. (US 20190253264) discloses a network function virtualization with the use of PKI system.

The closest prior art, Xioneg et al. (US 20170054710) discloses a virtualized network function manager that receives the request of the certificates that was sent by the virtualized network function. 

The closest prior art, Saint (US 9331990) discloses sending certificate request with public key. This information is then verified for the generation of the digital certificate.

However, either singularly or in combination, the combination of Singaravelu-Xioneg-Saint fails to anticipate or render obvious the claimed limitation of wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function; obtaining, by the network function and from the CRT, the network address of the trust anchor platform; generating, by the network function, a certificate signing request (CSR) to request a digital certificate; submitting, by the network function and to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR; and  receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters.

Therefore, independent claims 1, 10, and 18 along with their respective dependent claims are in condition of allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Thomas Edman on 8/17/2022.
On 8/15/2022, examiner proposed to incorporate the subject matter of claims 7 and 16. That all the independent claims should include "CAL customization parameter that supersede parameters in the CSR". Applicant's representative gave authorization on 8/18/022 to enter amendments to the claims by examiner's amendment to make the case in condition of allowance.

PLEASE AMEND THE CLAIMS AS FOLLOWS:
1.  (Currently amended)  A method, comprising:
receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network, a software package and a certificate request token (CRT) for a network function,
wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and
wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function;
deploying, by the VIM, the network function;
providing, by the VIM, the CRT to the network function;
obtaining, by the network function and from the CRT, the network address of the trust anchor platform;
generating, by the network function, a certificate signing request (CSR) to request a digital certificate;
submitting, by the network function and to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR; and 
receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters.

2.  (Original)  The method of claim 1, further comprising:
obtaining, by the management function, a software package for the network function;
verifying, by the management function, the authenticity of the software package;
generating, by the management function, the CRT; and
sending, by the management function and  to the VIM, the software package and the CRT.

3.  (Original)  The method of claim 1, further comprising:
binding, by the network function and prior to the submitting, the CRT to the CSR.

4.  (Original)  The method of claim 1, wherein the CRT further includes custom information particular to rights granted to the network function.

5.  (Original)  The method of claim 4, wherein the custom information includes one or more of:
a type of request,
a signature algorithm type,
life-cycle management parameters, and 
a hash value based on the profile.

6.  (Previously presented)  The method of claim 5, further comprising:
storing, by the management function and in a database, the hash value associated with an identifier for the network function, 
wherein the trust anchor platform retrieves the hash value from the database to compare to information in the CRT.

7.  (Currently amended)  The method of claim 1, wherein the CAL customization parameters include a validity time period for the digital certificate.

8.  (Original)  The method of claim 1, further comprising:
validating the CRT by the trust anchor platform; and
generating the digital certificate by the trust anchor platform after validating the CRT.

9.  (Original)  The method of claim 1, wherein the trust anchor platform includes a public key infrastructure system.

10.  (Currently amended)  A system, comprising:
a first network device including a first memory storing first instructions and a first processor configured to execute the first instructions for a virtualization infrastructure manager (VIM) of a virtualized platform to:
receive, from a management function of a core network, a software package and a certificate request token (CRT) for a network function,
wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and
wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function,
deploy the network function, and
provide the CRT to the network function; and
a second network device including a second memory storing second instructions and a second processor configured to execute the second instructions for the network function of the virtualized platform to:
obtain, from the CRT, the network address of the trust anchor platform,
generate a certificate signing request (CSR) to request a digital certificate,
submit, to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR, and 
receive, based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters.

11.  (Original)  The system of claim 10, further comprising:
a third network device including a third memory storing second instructions and a third processor configured to execute the third instructions for the management function to:
obtain a software package for the network function;
verify the authenticity of the software package;
generate the CRT; and
send, to the VIM, the software package and the CRT.

12.  (Original)  The system of claim 10, wherein the second processor is further configured to execute the second instructions to:
bind the CRT to the CSR prior to the submitting.

13.  (Original)  The system of claim 10, wherein the CRT further includes custom information particular to rights granted to the network function.

14.  (Previously presented)  The system of claim 13, wherein the custom information includes one or more of:
a type of request,
a signature algorithm type,
life-cycle management parameters, and 
a hash value based on the profile.

15.  (Previously presented)  The system of claim 14, further comprising:
	a fourth network device including a fourth memory storing fourth instructions and a fourth processor configured to execute the fourth instructions for the trust anchor platform,
wherein the first processor is further configured to execute the first instructions to store, in a database, the hash value associated with an identifier for the network function, and 
wherein the fourth processor is configured to execute the fourth instructions to retrieve the hash value from the database to compare to information in CRT.

16.  (Currently amended)  The system of claim 10, wherein the CAL customization parameters include a validity time period for the digital certificate.

17.  (Original)  The system of claim 10, further comprising:
	a fourth network device including a fourth memory storing fourth instructions and a fourth processor configured to execute the fourth instructions for the trust anchor platform to:
validate the both the CSR and the CRT; and
generate the digital certificate after successfully validating the CSR and the CRT.

18.  (Currently amended)  A non-transitory computer-readable medium containing instructions executable by at least one processor, the computer-readable medium comprising one or more instructions for:
receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network, a software package and a certificate request token (CRT) for a network function,
wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and
wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function;
deploying, by the VIM, the network function;
providing, by the VIM, the CRT to the network function;
obtaining, by the network function and from the CRT, the network address of the trust anchor platform;
generating, by the network function, a certificate signing request (CSR) to request a digital certificate;
submitting, by the network function and to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR; and 
receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters.

19.  (Original)  The non-transitory computer-readable medium of claim 18, wherein the one or more instructions for submitting the CSR and the CRT comprise instructions for:
binding the CRT to the CSR.

20.  (Original)  The non-transitory computer-readable medium of claim 18, wherein the custom information includes one or more of:
life-cycle management parameters, and 
a hash value based on the profile.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496