Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/31/2022 has been entered.
 Response to Arguments
3.	Applicant’s arguments with respect to claims have been considered but are moot because of the new ground of rejection.
Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
A)	Claims 1, 3-5, 7-11, 14, 16-18 and 20-24 are rejected under 35 U.S.C. 103 as being unpatentable over RAJADURAI (US 20190149576 A1) in view of 3GPP TR 23.722 V1.0.0, "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Common API Framework for 3GPP Northbound APIs (Release 15)", 2017-09. pp. 1-65 hereinafter 3GPP. 
As per claim 1, RAJADURAI teach a device for invoking an Application Programming Interface (API) (RAJADURAI, ¶0044, a device for API invoker), the device comprising: one or more memories storing instructions; and one or more processors configured to execute the instructions (RAJADURAI, ¶0040, memory for storing computer or software programs or instructions and processor such as CPU to execute the programs) to:  send an Onboard API invoker request message to a Common API Framework (CAPIF) core function (CCF) node (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 node during registration or onboarding; also see ¶0047, onboard API invoker 102) after authentication using a token with the CCF node (RAJADURAI, ¶0075, after successful establishment using access token with CCF 106; also see ¶0048, authenticating using security token by the CCF 106). 
 	However, RAJADURAI does not explicitly teach receive an Onboard API invoker response message from the CCF node, the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID.
	In the same field of endeavor, 3GPP teaches receive an Onboard API invoker response message from the CCF node (3GPP, page 37, Fig 7.2.5.1.2-1, receiving onboard API invoker response from the CAPIF core function or CCF), the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID (3GPP, page 37, Fig 7.2.5.1.2-1, onboard API invoker response including identity information for the API invoker which is given by CAPIF core function and authentication and authorization by the CAPIF which authenticating the API invoker is based on the identity and credentials (i.e. private or secret information) of the API invoker (see page 20, section 7.1.1.1.2); also see section 5.8). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP into invention of RAJADURAI in order for the CAPIF core function to authenticate the API invoker based on the identity and credentials to support API invokers to access the service APIs. 
As per claim 3 as applied to claim 1 above, RAJADURAI further teaches wherein the Onboard Secret information which remain constant during an onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
 	As per claim 4 as applied to claim 1 above, RAJADURAI further teaches sends a second request message to the CCF node for obtaining permission to access a service API after receipt of the Onboard API invoker response message (RAJADURAI, Fig.4 and ¶0075 and ¶0072, sending requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication and receiving response(s)) ; and receives a second response message from the CCF node, the second response message including an access token specific to the device (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving response(s) including access tokens rights of the client or device 102).
As per claim 5 as applied to claim 4 above, RAJADURAI teaches wherein the second request message includes the CCF node related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
As per claim 7, RAJADURAI teaches a Common API Framework (CAPIF) core function (CCF) node (RAJADURAI, ¶0075 and fig.4, a Common API Framework (CAPIF) core function or CCF 106 node), comprising: one or more memories storing instructions; and one or more processors configured to execute the instructions (RAJADURAI, ¶0040, memory for storing computer or software programs or instructions and processor such as CPU to execute the programs) to:  
receive an Onboard API invoker request message from a device (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 (i.e. server, ¶0059) during registration or onboarding from a device; also see ¶0047, onboard API invoker 102) after authentication using a token with the CCF node (RAJADURAI, ¶0075, after successful establishment using access token with CCF 106; also see ¶0048, authenticating using security token by the CCF 106). 
 	However, RAJADURAI does not explicitly teach send an Onboard API invoker response message to the device in response to the Onboard API invoker request message, the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID.
	In the same field of endeavor, 3GPP teaches send an Onboard API invoker response message to the device in response to the Onboard API invoker request message (3GPP, page 37, Fig 7.2.5.1.2-1, sending onboard API invoker response from the CAPIF core function or CCF in response to the API invoker request), the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID (3GPP, page 37, Fig 7.2.5.1.2-1, onboard API invoker response including identity information for the API invoker which is given by CAPIF core function and authentication and authorization by the CAPIF which authenticating the API invoker is based on the identity and credentials (i.e. private or secret information) of the API invoker (see page 20, section 7.1.1.1.2); also see section 5.8). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP into invention of RAJADURAI in order for the CAPIF core function to authenticate the API invoker based on the identity and credentials to support API invokers to access the service APIs. 
As per claim 8 as applied to claim 7 above, RAJADURAI further teaches wherein the device is an API invoker (RAJADURAI, ¶0044, API invoker).  
 	As per claim 9 as applied to claim 7 above, RAJADURAI further teaches wherein the Onboard Secret information remains constant during an onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
As per claim 10 as applied to claim 7 above, RAJADURAI teaches receive a second request message to the device for obtaining permission to access a service API after receipt of the Onboard API invoker response message (RAJADURAI, Fig.4 and ¶0075 and ¶0072, sending/receiving requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication) ; generate an access token specific to the device (RAJADURAI, Fig.4 and ¶0075 and ¶0072, generating access token) and send a second response message to the device, the second response message including the access token (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving/sending response including access tokens rights of the client or device 102).
As per claim 11 as applied to claim 10 above, RAJADURAI teaches wherein the second request message includes the CCF node related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
As per claim 14, RAJADURAI teach a communication method of a device for an Application Programming Interface (API) invoker (RAJADURAI, ¶0044, method for a device for API invoker), the communication method comprising: sending an Onboard API invoker request message to a Common API Framework (CAPIF) core function (CCF) node (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 node during registration or onboarding; also see ¶0047, onboard API invoker 102) after authentication using a token with the CCF node (RAJADURAI, ¶0075, after successful establishment using access token with CCF 106; also see ¶0048, authenticating using security token by the CCF 106). 
 	However, RAJADURAI does not explicitly teach receiving an Onboard API invoker response message from the CCF node, the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID.
In the same field of endeavor, 3GPP teaches receiving an Onboard API invoker response message from the CCF node (3GPP, page 37, Fig 7.2.5.1.2-1, receiving onboard API invoker response from the CAPIF core function or CCF), the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID (3GPP, page 37, Fig 7.2.5.1.2-1, onboard API invoker response including identity information for the API invoker which is given by CAPIF core function and authentication and authorization by the CAPIF which authenticating the API invoker is based on the identity and credentials (i.e. private or secret information) of the API invoker (see page 20, section 7.1.1.1.2); also see section 5.8). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP into invention of RAJADURAI in order for the CAPIF core function to authenticate the API invoker based on the identity and credentials to support API invokers to access the service APIs. 
	As per claim 16 as applied to claim 14 above, RAJADURAI further teaches wherein the Onboard Secret information which remains constant during an onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography).
 	As per claim 17 as applied to claim 14 above, RAJADURAI further teaches sending a second request message to the CCF node for obtaining permission to access a service API after receipt of the Onboard API invoker response message (RAJADURAI, Fig.4 and ¶0075 and ¶0072, sending requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication and receiving response(s)) ; and receiving a second response message from the CCF node, the second response message including an access token specific to the device (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving response(s) including access tokens rights of the client or device 102).
As per claim 18 as applied to claim 17 above, RAJADURAI teaches wherein the second request message includes the CCF node related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration). 
As per claim 20, RAJADURAI teach a communication method of an Application Programming Interface (API) invoker (RAJADURAI, ¶0044, method for a device for API invoker), the communication method comprising: receiving an Onboard API invoker request message from a device (RAJADURAI, ¶0075 and fig.4, sending API invoker https request to the CAPIF core function or CCF 106 node during registration or onboarding; also see ¶0047, onboard API invoker 102) after authentication using a token with the device (RAJADURAI, ¶0075, after successful establishment using access token; also see ¶0048, authenticating using security token). 
 	However, RAJADURAI does not explicitly teach sending an Onboard API invoker response message to the device in response to the Onboard API invoker request message, the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID.
	In the same field of endeavor, 3GPP teaches sending an Onboard API invoker response message to the device in response to the Onboard API invoker request message (3GPP, page 37, Fig 7.2.5.1.2-1, sending onboard API invoker response from the CAPIF core function or CCF in response to the API invoker request), the Onboard API invoker response message including a CCF node related API invoker ID which is assigned by the CCF node and Onboard Secret information which is bound to a CCF specific API invoker ID (3GPP, page 37, Fig 7.2.5.1.2-1, onboard API invoker response including identity information for the API invoker which is given by CAPIF core function and authentication and authorization by the CAPIF which authenticating the API invoker is based on the identity and credentials (i.e. private or secret information) of the API invoker (see page 20, section 7.1.1.1.2); also see section 5.8). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP into invention of RAJADURAI in order for the CAPIF core function to authenticate the API invoker based on the identity and credentials to support API invokers to access the service APIs. 
As per claim 21 as applied to claim 20 above, RAJADURAI further teaches establishing a session with the device (RAJADURAI, Fig.4 and ¶0074, establish a TLS session with device).  
 	As per claim 22 as applied to claim 20 above, RAJADURAI further teaches  wherein the Onboard Secret information remains constant during an onboarding lifetime (RAJADURAI, and ¶0060 and ¶0095, API invoker registration or onboarding includes lifetime of the security credentials (Token)) and access method using TLS-PSK (i.e. master secret) or TLS-certificate or Access Token based or TLS-public key cryptography). 
	As per claim 23 as applied to claim 20 above, RAJADURAI further teaches receiving a second request message from a device for obtaining permission to access a service API after receipt of the Onboard API invoker response message (RAJADURAI, Fig.4 and ¶0075 and ¶0072, receiving requests (first, second or more) to the CCF 106 for granting permissions to access service API after authentication); generating an access token specific to the device (RAJADURAI, Fig.4 and ¶0075, generating an access token right for the client or device 102) and sending a second response message to the device, the second response message including the access token (RAJADURAI, Fig.4 and ¶0075 and ¶0082, receiving response including access tokens rights of the client or device 102).
As per claim 24 as applied to claim 23 above, RAJADURAI further teaches wherein the second request message includes the CCF node related API invoker ID and Onboard Secret information (RAJADURAI, ¶0075 and ¶0060, requests for access tokens includes API Invoker client identifier and secret information during registration).
B)	Claims 6, 12-13, 19, and 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over RAJADURAI (US 20190149576 A1) in view of 3GPP and further in view of  3GPP TS 23.222 V15.0.0, "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Functional architecture and information flows to support Common API Framework for 3GPP Northbound APIs: Stage 2 (Release 15)". 2018-01. pp. 1-79, hereinafter 3GPP (2).
 	As per claim 6 as applied to claim 1 above,  RAJADURAI in view of 3GPP does not teach sends an offboard API invoker request message to the CCF node after the authentication using the token, the offboard API invoker request message including the CCF node related API invoker ID; and receives an offboard API invoker response message from the CCF node in response to successful verification of the CCF node related API invoker ID, the offboard API invoker response message indicating successful offboarding of the device.  
In the same field of endeavor, 3GPP (2) teaches sends an offboard API invoker request message to the CCF node after the authentication using token (3GPP (2), page 26, section 8.2, sending an offboard API invoker request to the CAPIF core function or CCF node after the authentication), the offboard API invoker request message including the CCF node related API invoker ID (3GPP (2), page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); and receives an offboard API invoker response message from the CCF node in response to successful verification of the CCF node related API invoker ID (3GPP (2), page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding of the device (3GPP (2), page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP (2) into invention of RAJADURAI and 3GPP in order to trigger offboard API invoker request to the CAPIF core function to develop the security related information flows for authentication procedure. 
As per claim 12 as applied to claim 7 above,  RAJADURAI in view of 3GPP does not teach receive an offboard API invoker request message from a device after the authentication using token, the offboard API invoker request message including the CCF node related API invoker ID; verify the CCF node related API invoker ID; cancels enrollment of the device; deletes authorization information of the device; and sends an offboard API invoker response message to the device in response to successful verification of the CCF node related API invoker ID, the offboard API invoker response message indicating successful offboarding.  
 	In the same field of endeavor, 3GPP (2) teaches receive an offboard API invoker request message from a device after the authentication using token (3GPP (2), page 26, section 8.2, sending or receiving an offboard API invoker request to the CAPIF core function or CCF from the device after the authentication), the offboard API invoker request message including the CCF node related API invoker ID (3GPP (2), page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); verify the CCF node related API invoker ID (3GPP, page 20 section 6.4.6, verification for the API invoker identity); cancels enrollment of the device (3GPP (2), page 27, part 2, cancel the enrollment of the API invoker); deletes authorization information of the device (3GPP (2), page 27, part 2, all the authorizations corresponding to the API invoker are revoked or deleted); and sends an offboard API invoker response message to the device in response to successful verification of the CCF node related API invoker ID (3GPP (2), page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding (3GPP (2), page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation).		
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP (2) into invention of RAJADURAI and 3GPP in order to trigger offboard API invoker request to the CAPIF core function to develop the security related information flows for authentication procedure. 
 	As per claim 13 as applied to claim 12 above, 3GPP (2) further teaches retains information of the device depending on operator policy (3GPP (2), page 27, part 2, retain information of API invoker as per the operator policy). 
 	As per claim 19 as applied to claim 14 above,  RAJADURAI in view of 3GPP does not teach sending an offboard API invoker request message to the CCF node after the authentication using token, the offboard API invoker request message including the CCF node related API invoker ID; and receiving an offboard API invoker response message from the CCF node in response to successful verification of the CCF node related API invoker ID, the offboard API invoker response message indicating successful offboarding of the device.  
In the same field of endeavor, 3GPP (2) teaches sending an offboard API invoker request message to the CCF node after the authentication using token (3GPP (2), page 26, section 8.2, sending an offboard API invoker request to the CAPIF core function or CCF after the authentication), the offboard API invoker request message including the CCF node related API invoker ID (3GPP (2), page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); and receiving an offboard API invoker response message from the CCF node in response to successful verification of the CCF node related API invoker ID (3GPP (2), page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding of the device (3GPP (2), page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation). 	
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP (2)  into invention of RAJADURAI and 3GPP in order to trigger offboard API invoker request to the CAPIF core function to develop the security related information flows for authentication procedure. 
 As per claim 25 as applied to claim 20 above,  RAJADURAI in view of 3GPP does not teach receiving an offboard API invoker request message from a device after the authentication using token, the offboard API invoker request message including the CCF node related API invoker ID; verifying the CCF node related API invoker ID; canceling enrollment of the device; deleting authorization information of the device; and sending an offboard API invoker response message to the device in response to successful verification of the CCF node related API invoker ID, the offboard API invoker response message indicating successful offboarding.  
 	In the same field of endeavor, 3GPP (2)  teaches receiving an offboard API invoker request message from a device after the authentication using token (3GPP (2), page 26, section 8.2, sending or receiving an offboard API invoker request to the CAPIF core function or CCF from the device after the authentication), the offboard API invoker request message including the CCF node related API invoker ID (3GPP (2), page 26, section 8.2 and table 8.2.21-1, identity information of the API invoker requesting offboarding); verifying the CCF node related API invoker ID (3GPP, page 20 section 6.4.6, verification for the API invoker identity); canceling enrollment of the device (3GPP (2), page 27, part 2, cancel the enrollment of the API invoker); deleting authorization information of the device (3GPP (2), page 27, part 2, all the authorizations corresponding to the API invoker are revoked or deleted); and sending an offboard API invoker response message to the device in response to successful verification of the CCF node related API invoker ID (3GPP (2), page 26, section 8.2.2.2 and page 20 section 6.4.6, , receiving an offboarding API invoker response from the CCF as a result of successful onboarding process or verification for the API invoker identity), the offboard API invoker response message indicating successful offboarding (3GPP (2), page 26, table 8.2.2.2-1, offboard API response indicating the success of the offboarding operation).	
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of applicant’s claimed invention to have incorporated the teaching of 3GPP (2) into invention of RAJADURAI and 3GPP in order to trigger offboard API invoker request to the CAPIF core function to develop the security related information flows for authentication procedure. 
 	As per claim 26 as applied to claim 25 above, 3GPP (2) further teaches retains information of the device depending on operator policy (3GPP (2), page 27, part 2, retain information of API invoker as per the operator policy). 
Conclusion
5.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARIDEH MADANI whose telephone number is (571)272-1249. The examiner can normally be reached Monday through Friday; 9 AM to 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JINSONG HU can be reached on 5712723965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FARIDEH MADANI/           Examiner, Art Unit 2643                                                                                                                                                                                             

/JINSONG HU/           Supervisory Patent Examiner, Art Unit 2643