DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-13, 15, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Obaidi et al (US 20210136569 A1) in view of Senarath et al (US 20160352924 A1).
Regarding claims 1, 7, Obaidi et al discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), comprising: a wireless wide area network interface device of the RAN system transceiving data within a 5G New Radio frequency band (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015) with a first endpoint computing device (data access devices 108 or IoT device 106; the data access device 108 may be a smartphone, a laptop computer, a tablet computer; computing nodes 300 transmit and receive data from other network devices  paragraph 0017-0018, 0048; note that the secure endpoint application 118 may include a data policy module 220, a data notation module 222, a data security module 224, a data access module 226, a data encryption module 228, a data transport module 230, and a distributed ledger module 232; paragraph 0040 ); the WWAN interface device (user interface 206: the user interface 206 may enable a user to provide inputs and receive outputs from the secure endpoint device 200; the user interface 206 may include a data output device, and one or more data input devices; paragraph 0033) having a processor (the one or more processors 208 and the memory 210 of the secure endpoint device 200 may implement an operating system 214, device software 216, one or more applications 218, and the secure endpoint application 118; paragraph 0036) executing code of the secure network slice orchestration system for receiving an instruction (the hub device 110 may establish an isolated network connection with each legacy device via an unlicensed communication link, such as Wi-Fi, Bluetooth, and so forth; in addition, the online portal may be accessed via a dashboard website or a client application on a remote user device ; the device management module 312 may further assign a network slice to the user device ; paragraph 0053-0054) from a client solutions management platform assign a network slice within the 5G NR frequency band with an identification of the first endpoint computing device (the device management module 312 may use a device information table 326 to identify a device type of the user device based on the device identifier of the device; the device management module 312 may send a data protection policy that corresponds to the user identifier of the user device to the device ; paragraph 0053), based on a security profile associating the first endpoint computing device (the device software 216 may include software components that enable the secure endpoint device 200 to perform functions; for instance, the device software 216 may include basic input/output system, bootrom, or a bootloader that boots up the secure endpoint device 200 and executes the operating system 214; paragraph 0040, 0047) with a security tier based on security measures adopted at the first endpoint computing device (the device management module 312 may check the device identifier against an application installation log 324 to determine whether the user device has a secure endpoint application (secure endpoint application 118) installed; the application installation log 324 may include device identifiers of user devices that have installed secure endpoint applications, date and time of installation on each user device, software version information of the application installed on each user device, and other relevant information; paragraph 0051-0052); a software defined network (SDN) controller establishing the network slice within a sub- portion of the 5G NR frequency band via establishing a first virtual WWAN access point at the WWAN interface device (the device management module 312 may retrieve a device protection policy that corresponds to the device type from a data policy database 328 according to a data policy assignment table and push the policy to the secure endpoint application on the user device; the device management module 312 may further assign a network slice to the user device ; for instance, the device identifier of the user device may be added to an access control registry 332 that is used by the corresponding network gateway of the APN associated with the network slice; paragraph 0053, 0060-0061).
However, Obaidi et al does not specifically disclose the features of a software defined network (SDN) controller establishing the network slice within a sub- portion of the 5G NR frequency band via establishing a first virtual WWAN access point at the WWAN interface device ; the secure network slice orchestration system receiving an endpoint device identification code from the first endpoint device to authorize use of the first virtual WWAN access point; and the SDN controller and WWAN interface device transceiving data in the network slice with the first endpoint computing device via the first virtual WWAN access point.
On the other hand, Senarath et al, from the same field of endeavor, discloses the features of a software defined network controller (a CSM-service makes use of the requirements of a customer to interact with a controller 210 (or set of controllers 210) that can provide Software Defined Network control functions, Software Defined Protocol Functions, Software Defined Resource Allocation functions, Software Defined Topology functions; note that configuration of the network slices may be based on software defined networking, network function virtualization and network orchestration ; paragraph 0088, 0128) establishing the network slice (the CSM function further carries out the steps of establishing a unique global user ID based on the customer, UE, and device context for that UE; sharing the unique global user ID with a plurality of local CSM functions; paragraph 0015-0016) within a sub- portion of the 5G NR frequency band (network slicing relates to the ability of a network, such as a 5G communication network accessible by wireless devices, to provide multiple logical network slices on demand; paragraph 0089) via establishing (a service-specific VN is established using the virtual nodes, functions and links defined by the earlier operations to provide the service A; paragraph 0241) a first virtual WWAN access point at the WWAN interface device (the G-CSM 920 interfaces with the SDN controller 910 for virtual network setup; paragraph 0239); the secure network slice orchestration system (network slicing may correspond to the allocation of pooled resources to offer different services to different customers or groups of customers; furthermore, the Orchestrator function further is configured to create end-to-end the G-CSM function can communicate with the Orchestrator function; paragraph 0094-0095) receiving an endpoint device identification code (receive context from at least one of the plurality of local CSM functions associated with the unique global user ID; receive relevant information from other functions of the virtual network; in addition, the G-CSM 920 identifies the requested service, service level ; paragraph 0020, 0152, 0238) from the first endpoint device to authorize (the Orchestrator function can be configured to coordinate, authorize release and engage the NFVI resources by interaction with the VIM function; the Orchestrator function further is configured to create end-to-end the G-CSM function can communicate with the Orchestrator function; paragraph 0094, 0096) use of the first virtual WWAN access point (the service selection operation 201 may associate at least one of a customer identity, a device identity, and a service level with that service; the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment and charging rules to be established for each of those one or more services; paragraph 0141); and the SDN controller (CSM 220 interfaces with the controller 210 for a virtual network setup based upon the service selection operation 201l; in addition, the VN setup instructions allow the controller 210 to map the requirements from the CSM 220 to the available infrastructure 215; paragraph 0142) and WWAN interface device (the controller 910 informs G-CSM 910 of the VN establishment; in addition, the G-CSM 920 informs the customer of the VN establishment ; paragraph 0242-0243) transceiving data in the network slice (each service can be provided by a network slice instantiated to provide a service; a first connectivity service can be provided by slice A and a second connectivity service can be provided by slice B; paragraph 0199) with the first endpoint computing device (the CSM 1020 may send network update instructions to the controller 1010 to adjust the allocated network resources to meet the promised quality ; the controller 1010 may engage in QoS enforcement be sending updated instructions to the infrastructure ; paragraph 0251, 0281) via the first virtual WWAN access point (the service selection operation 201 may further define one or more devices, UE's 225, that will access the one or more services; the service selection operation 201 may associate at least one of a customer identity, a device identity, and a service level with that service; the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment ; note that a service-specific VN is established using the virtual nodes, functions and links defined by the earlier operations to provide the service A; furthermore, CSM-service-A can inform the device traffic controller or network traffic filters to instruct them to filter traffic, prioritize, block, on a device-type or traffic-type basis; paragraph 0241, 0238, 0261). Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was made to apply the technique of Senarath to the communication system of Obaidi in order to provide a method for Customer Service Management in a communication network for enabling the SDN controller to receive network policies to automatically and promptly react to new attacks.
Regarding claim 2, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the network slice (the network slice is a 5G network slice provided by the wireless carrier network) operates in a 5G NR Frequency Range (FR) 2 mm-wave high-band including radio frequencies above 6 GH (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015; note that the secure endpoint application may send the data file to the additional secure endpoint device via a network slice of the wireless carrier network that is assigned to the device; the secure endpoint application may use the network slice via an APN of a corresponding network gateway; paragraph 0074).  
Regarding claim 3, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the network slice (the network slice is a 5G network slice provided by the wireless carrier network) operates in a 5G NR FR1 mid-band including radio frequencies between 1 GHz and 6 GHz (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015; note that the secure endpoint application may send the data file to the additional secure endpoint device via a network slice of the wireless carrier network that is assigned to the device; the secure endpoint application may use the network slice via an APN of a corresponding network gateway; paragraph 0074).  
Regarding claim 4, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the network slice (the network slice is a 5G network slice provided by the wireless carrier network)  operates in a 5G NR FR1 private low-band including radio frequencies below 1 GHz (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015; note that the secure endpoint application may send the data file to the additional secure endpoint device via a network slice of the wireless carrier network that is assigned to the device; the secure endpoint application may use the network slice via an APN of a corresponding network gateway; paragraph 0074). 
Regarding claim 5, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the network slice (the network slice is a 5G network slice provided by the wireless carrier network) operates in a 5G NR FR1 public low-band including radio frequencies below 1 GHz (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015; note that the secure endpoint application may send the data file to the additional secure endpoint device via a network slice of the wireless carrier network that is assigned to the device; the secure endpoint application may use the network slice via an APN of a corresponding network gateway; paragraph 0074).
Regarding claims 8, 13, Obaidi et al discloses a method (fig. 1, fig. 5) for establishing (the wireless carrier network 102 establishes a network slice; in addition, the wireless carrier network 102 may have previously distributed a list of authorization codes to the enterprise that desires to establish the secure LAN; paragraph 0016, 0051) a network slice for transceiving data via a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020) of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access Networks: figs. 1-2), comprising: generating (generate and store information; the operating system 214 may also process data using the one or more processors 208 to generate output based on input that is received via the user interface 206; paragraph 0037), at a processor (the one or more processors 208 and the memory 210 of the secure endpoint device 200 may implement an operating system 214, device software 216, one or more applications 218, and the secure endpoint application 118; paragraph 0036) executing instructions of a client solutions management platform , a security profile (malicious actors may use such data to construct digital identity profiles of consumers to engage in illegal activities such as identity theft or financial fraud) for a plurality of endpoint computing devices (the device management module 312 may use a device information table 326 to identify a device type of the user device based on the device identifier of the device; the device management module 312 may send a data protection policy that corresponds to the user identifier of the user device to the device ; paragraph 0053), including an identification of the plurality of endpoint computing devices (the secure endpoint application may assign an ownership identifier to the data file according to the data protection policy; for instance, a secure endpoint device that is a part of a secure LAN that is operated by a particular entity may be required to label each data file generated by the IoT device with an ownership identifier of the particular entity; paragraph 0068), and associating the plurality of endpoint computing devices (the device software 216 may include software components that enable the secure endpoint device 200 to perform functions; for instance, the device software 216 may include basic input/output system, bootrom, or a bootloader that boots up the secure endpoint device 200 and executes the operating system 214; paragraph 0040, 0047) with one of a plurality of security tiers (the data notation module 222 may apply the data protection policy to mark the data files that are generated by the secure endpoint device 200 with metadata; paragraph 0042) based on monitoring security measures in place at each of the plurality of endpoint computing devices (the data file may include a constant stream of user biometric data; each data file that is generated by the secure endpoint device 200 may be marked with an ownership identifier, a data sensitivity level, and so forth based on the data protection policy; furthermore, the data encryption module 228 may encrypt the data files that are generated by the secure endpoint device 200 according to an encryption level specified in the data protection policy prior to delivery to other secure endpoint devices ; paragraph 0042, 0045); transmitting a RAN system instruction to the secure network slice orchestration system at the RAN system, via a RAN network interface device (user interface 206: the user interface 206 may enable a user to provide inputs and receive outputs from the secure endpoint device 200; the user interface 206 may include a data output device, and one or more data input devices; paragraph 0033), to assign to a plurality of software defined network generated network slices (the device management module 312 may assign a network device to the user device; for instance, the device identifier of the user device may be added to an access control registry 332 that is used by the corresponding network gateway of the APN associated with the network device; paragraph 0053) within one or more 5G New Radio frequency bands (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015) within which the RAN system transceives data to an identification of the plurality of endpoint computing devices assigned to each network slice (the IoT device 106 may use the APN to access the assigned  network slice 122 to exchange data with other devices, such as the one or more network devices 104; in addition, the device management module 312 may use a device information table 326 to identify a device type of the user device based on the device identifier of the device; paragraph 0053), including at least one network slice (each of these devices may be assigned a network slice for communicating with devices within the secure LAN 112; for instance, each of the devices may be assigned to use the network slice 122 ; paragraph 0020, 0053) for each of the plurality of security tiers (the data files may be sent and received via a network slice that corresponds to the APN; for instance, the IP data packets that are transported by the data transport module 230 may be labeled with the APN of the  network slice, an identifier of the secure endpoint device and other identification information that ensures the appropriate routing of the data files by the network gateway; paragraph 0046).
However, Obaidi et al does not specifically disclose the features of transmitting an endpoint computing device instruction to a first endpoint computing device assigning a virtual access point generated at a wireless wide area network interface device at the RAN system for transceiving data within one of the plurality of network slices assigned to a subgroup of the plurality of endpoint computing devices associated with a same one of the plurality of security tiers.  
On the other hand, Senarath et al, from the same field of endeavor, discloses the features of transmitting (the device traffic controller 1215 instructs the specific devices to control their traffic to meet the traffic capability of the slice; paragraph 0277) an endpoint computing device instruction to a first endpoint computing device (the CSM 1020 may send network update instructions to the controller 1010 to adjust the allocated network resources to meet the promised quality ; the controller 1010 may engage in QoS enforcement be sending updated instructions to the infrastructure ; paragraph 0251, 0281) assigning a virtual access point (the service selection operation 201 may associate at least one of a customer identity, a device identity, and a service level with that service; the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment and charging rules to be established for each of those one or more services; paragraph 0141) generated at a wireless wide area network interface device (the G-CSM 920 interfaces with the SDN controller 910 for virtual network setup; paragraph 0239) at the RAN system for transceiving data (each service can be provided by a network slice instantiated to provide a service; a first connectivity service can be provided by slice A and a second connectivity service can be provided by slice B; paragraph 0199) within one of the plurality of network slices (network slicing may correspond to the allocation of pooled resources to offer different services to different customers or groups of customers; furthermore, the Orchestrator function further is configured to create end-to-end the G-CSM function can communicate with the Orchestrator function; paragraph 0094-0095) assigned to a subgroup of the plurality of endpoint computing devices (network slicing relates to the ability of a network, such as a 5G communication network accessible by wireless devices, to provide multiple logical network slices on demand; paragraph 0089) associated with a same one of the plurality of security tiers (the Orchestrator function can be configured to coordinate, authorize release and engage the NFVI resources by interaction with the VIM function; the Orchestrator function further is configured to create end-to-end, the G-CSM function can communicate with the Orchestrator function; paragraph 0094, 0096; furthermore, the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment ; note that a service-specific VN is established using the virtual nodes, functions and links defined by the earlier operations to provide the service A; furthermore, CSM-service-A can inform the device traffic controller or network traffic filters to instruct them to filter traffic, prioritize, block, on a device-type or traffic-type basis; paragraph 0241, 0238, 0261). Senarath et al also discloses the features of a security profile identified for each of the plurality of endpoint computing devices (Customer searches the information database 705 to find a matching service offer and makes a service request to an interested network operator's Service Negotiator; paragrpah0204-0206) enabling a match (the G-CSM 715 compares the service profiles and policies stored in CSPP and if matches with a service profile or several service profiles, it will send them to the VNAC in the orchestrator 720 to check the admissibility or to provide options for further negotiation; paragraph 0208) with an endpoint computing device identification to authorize communication via an assigned virtual access point at the RAN system (paragraph 0208-0212).Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was made to apply the technique of Senarath to the communication system of Obaidi in order to provide a method for Customer Service Management in a communication network for enabling the SDN controller to receive network policies to automatically and promptly react to new attacks.
Regarding claim 9, Obaidi et al as modified discloses a method (fig. 1, fig. 5) for establishing (the wireless carrier network 102 establishes a network slice; in addition, the wireless carrier network 102 may have previously distributed a list of authorization codes to the enterprise that desires to establish the secure LAN; paragraph 0016, 0051) a network slice for transceiving data via a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020) of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access Networks: figs. 1-2), wherein one of the plurality of security tiers is assigned to a plurality of limited access/restricted endpoint computing devices having a level of limited data or outside network access (restrict the user device to sending the data files to authorized user devices of specific types, mandate that the user device encrypts data files prior to delivering them to the authorized user devices; in addition, the data storage restrictions may specify whether the IoT device 106 is able to store data files in the memory of the IoT device 106; if so, the data storage restrictions may further specify the amount of time that the data files can be stored in the memory; paragraph 0013, 0021-0022).
Regarding claim 10, Obaidi et al as modified discloses a method (fig. 1, fig. 5) for establishing (the wireless carrier network 102 establishes a network slice; in addition, the wireless carrier network 102 may have previously distributed a list of authorization codes to the enterprise that desires to establish the secure LAN; paragraph 0016, 0051) a network slice for transceiving data via a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020) of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access Networks: figs. 1-2), wherein one of the plurality of security tiers is assigned to a plurality of unmanaged endpoint computing devices (the data protection engine may allocate various network slices to different types of data that are transported by the wireless carrier network; the types of data may be specified based on the ownership of the data, the sensitivity level of the data, storage and access restrictions placed on the data, and other factors ; note that the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0011, 0015, 0020).
Regarding claim 11, Obaidi et al as modified discloses a method (fig. 1, fig. 5) for establishing (the wireless carrier network 102 establishes a network slice; in addition, the wireless carrier network 102 may have previously distributed a list of authorization codes to the enterprise that desires to establish the secure LAN; paragraph 0016, 0051) a network slice for transceiving data via a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020) of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access Networks: figs. 1-2), wherein one of the plurality of security tiers is assigned to a plurality of physically secured endpoint computing devices (the data files may be sent and received via a network slice that corresponds to the APN; for instance, the IP data packets that are transported by the data transport module 230 may be labeled with the APN of the  network slice, an identifier of the secure endpoint device and other identification information that ensures the appropriate routing of the data files by the network gateway; paragraph 0046).
Regarding claim 12, Obaidi et al as modified discloses a method (fig. 1, fig. 5) for establishing (the wireless carrier network 102 establishes a network slice; in addition, the wireless carrier network 102 may have previously distributed a list of authorization codes to the enterprise that desires to establish the secure LAN; paragraph 0016, 0051) a network slice for transceiving data via a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020) of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access Networks: figs. 1-2), wherein one of the plurality of security tiers is assigned to endpoint computing devices having communications via out-of-band controls (the device management module 312 may use a device information table 326 to identify a device type of the user device based on the device identifier of the device; the device management module 312 may send a data protection policy that corresponds to the user identifier of the user device to the device ; paragraph 0053; in addition, the device software 216 may include basic input/output system, bootrom, or a bootloader that boots up the secure endpoint device 200 and executes the operating system 214; paragraph 0040, 0047).   
	Regarding claim 15, Obaidi et al discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) gNodeB operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), comprising: a wireless wide area network interface device of the RAN system transceiving data within a 5G New Radio frequency band (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015) with a first endpoint computing device (data access devices 108 or IoT device 106; the data access device 108 may be a smartphone, a laptop computer, a tablet computer; computing nodes 300 transmit and receive data from other network devices  paragraph 0017-0018, 0048; note that the secure endpoint application 118 may include a data policy module 220, a data notation module 222, a data security module 224, a data access module 226, a data encryption module 228, a data transport module 230, and a distributed ledger module 232; paragraph 0040), comprising: a wireless wide area network interface device of the gNodeB transceiving data within a plurality of 5G New Radio frequency bands (the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015) with a plurality of endpoint computing devices (the device management module 312 may use a device information table 326 to identify a device type of the user device based on the device identifier of the device; the device management module 312 may send a data protection policy that corresponds to the user identifier of the user device to the device ; paragraph 0053), where the plurality of endpoint computing devices have been assigned to one of a plurality of security tiers (the data notation module 222 may apply the data protection policy to mark the data files that are generated by the secure endpoint device 200 with metadata; paragraph 0042) by a client solutions management platform monitoring security measures in place at each of the plurality of endpoint computing devices (the data file may include a constant stream of user biometric data; each data file that is generated by the secure endpoint device 200 may be marked with an ownership identifier, a data sensitivity level, and so forth based on the data protection policy; furthermore, the data encryption module 228 may encrypt the data files that are generated by the secure endpoint device 200 according to an encryption level specified in the data protection policy prior to delivery to other secure endpoint devices ; paragraph 0042, 0045); the WWAN interface device (user interface 206: the user interface 206 may enable a user to provide inputs and receive outputs from the secure endpoint device 200; the user interface 206 may include a data output device, and one or more data input devices; paragraph 0033) receiving a communications profile from the CSM platform identifying endpoint computing devices (the secure endpoint application may assign an ownership identifier to the data file according to the data protection policy; for instance, a secure endpoint device that is a part of a secure LAN that is operated by a particular entity may be required to label each data file generated by the IoT device with an ownership identifier of the particular entity; paragraph 0068), assigned to each of a plurality of network slices (the device management module 312 may assign a network device to the user device; for instance, the device identifier of the user device may be added to an access control registry 332 that is used by the corresponding network gateway of the APN associated with the network device; paragraph 0053) within the plurality of 5G NR frequency bands such that the network slices are associated with one of the plurality of security tiers; a software defined network controller isolating data (the hub device 110 may establish an isolated network connection with each legacy device via an unlicensed communication link, such as Wi-Fi, Bluetooth, and so forth; paragraph 0027). 
However, Obaidi et al does not specifically disclose the features of a software defined network controller transceived within a first sub- portion of at least one of the plurality of 5G NR frequency bands from data transceived within the remainder of the plurality of 5G NR frequency bands to establish a first network slice of the plurality of network slices; the secure network slice orchestration system executing code for determining a first of the plurality of endpoint computing devices assigned to a first of the plurality of security tiers is associated with the first network slice within the communications profile received from the CSM platform; and the SDN controller of the RAN system establishing a first virtual WWAN access point transceiving data within the first network slice with the first of the plurality of endpoint computing devices
On the other hand, Senarath et al, from the same field of endeavor, discloses the features of a software defined network controller (a CSM-service makes use of the requirements of a customer to interact with a controller 210 (or set of controllers 210) that can provide Software Defined Network control functions, Software Defined Protocol Functions, Software Defined Resource Allocation functions, Software Defined Topology functions; note that configuration of the network slices may be based on software defined networking, network function virtualization and network orchestration ; paragraph 0088, 0128) establishing the network slice (the CSM function further carries out the steps of establishing a unique global user ID based on the customer, UE, and device context for that UE; sharing the unique global user ID with a plurality of local CSM functions; paragraph 0015-0016) within a sub- portion of the 5G NR frequency band (network slicing relates to the ability of a network, such as a 5G communication network accessible by wireless devices, to provide multiple logical network slices on demand; paragraph 0089) via establishing (a service-specific VN is established using the virtual nodes, functions and links defined by the earlier operations to provide the service A; paragraph 0241) a first virtual WWAN access point at the WWAN interface device (the G-CSM 920 interfaces with the SDN controller 910 for virtual network setup; paragraph 0239); the secure network slice orchestration system (network slicing may correspond to the allocation of pooled resources to offer different services to different customers or groups of customers; furthermore, the Orchestrator function further is configured to create end-to-end the G-CSM function can communicate with the Orchestrator function; paragraph 0094-0095) executing code for determining a first of the plurality of endpoint computing devices assigned to a first of the plurality of security tiers is associated with the first network slice within the communications profile received from the CSM platform (receive context from at least one of the plurality of local CSM functions associated with the unique global user ID; receive relevant information from other functions of the virtual network; in addition, the G-CSM 920 identifies the requested service, service level ; paragraph 0020, 0152, 0238) assigned to a first of the plurality of security tiers is associated with the first network slice within the communications profile received from the CSM (the Orchestrator function can be configured to coordinate, authorize release and engage the NFVI resources by interaction with the VIM function; the Orchestrator function further is configured to create end-to-end the G-CSM function can communicate with the Orchestrator function; paragraph 0094, 0096) use of the first virtual WWAN access point (the service selection operation 201 may associate at least one of a customer identity, a device identity, and a service level with that service; the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment and charging rules to be established for each of those one or more services; paragraph 0141); and the SDN controller (CSM 220 interfaces with the controller 210 for a virtual network setup based upon the service selection operation 201l; in addition, the VN setup instructions allow the controller 210 to map the requirements from the CSM 220 to the available infrastructure 215; paragraph 0142) and WWAN interface device (the controller 910 informs G-CSM 910 of the VN establishment; in addition, the G-CSM 920 informs the customer of the VN establishment ; paragraph 0242-0243) transceiving data in the network slice (each service can be provided by a network slice instantiated to provide a service; a first connectivity service can be provided by slice A and a second connectivity service can be provided by slice B; paragraph 0199) with the first endpoint computing device (the CSM 1020 may send network update instructions to the controller 1010 to adjust the allocated network resources to meet the promised quality ; the controller 1010 may engage in QoS enforcement be sending updated instructions to the infrastructure ; paragraph 0251, 0281) via the first virtual WWAN access point (the service selection operation 201 may further define one or more devices, UE's 225, that will access the one or more services; the service selection operation 201 may associate at least one of a customer identity, a device identity, and a service level with that service; the information provided in the service selection operation 201 allows the CSM 220 to develop a series of parameters for VN establishment ; note that a service-specific VN is established using the virtual nodes, functions and links defined by the earlier operations to provide the service A; furthermore, CSM-service-A can inform the device traffic controller or network traffic filters to instruct them to filter traffic, prioritize, block, on a device-type or traffic-type basis; paragraph 0241, 0238, 0261). Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was made to apply the technique of Senarath to the communication system of Obaidi in order to provide a method for Customer Service Management in a communication network for enabling the SDN controller to receive network policies to automatically and promptly react to new attacks.
	Regarding claim 18, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) gNodeB operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the first network slice transceives data in a separate 5G NR frequency band than the second network slice (access device 134; hub device 110: at least one of these devices  may be assigned a different network slice by the data protection engine 116; furthermore, the hub device 110 may establish an isolated network connection with each legacy device via an unlicensed communication link, such as Wi-Fi, Bluetooth, and so forth; paragraph 0025, 0027). 
	Regarding claim 19, Obaidi et al as modified discloses an information handling system of a Radio Access Network system (the wireless carrier network 102 may include multiple Radio Access  Networks: figs. 1-2) gNodeB operating a secure network slice orchestration system (the data protection policy may include an Access Point Name of a network gateway for the network slice assigned to the IoT device 106, such as the network slice 122; in addition, the IoT device 106 may use the APN to access the assigned network slice 122 to exchange data with other devices, such as the one or more network devices 104; paragraph 0015, 0020), wherein the first endpoint computing device (data access device 108; paragraph 0017) and the second endpoint computing device (IoT device 106) transceive data within the same 5G NR frequency band network slice (the network slice is a 5G network slice provided by the wireless carrier network; the wireless carrier network may be a 5G wireless carrier network or a wireless carrier network that conforms to some other wireless communication standards ; paragraph 0011, 0015; note that the secure endpoint application may send the data file to the additional secure endpoint device via a network slice of the wireless carrier network that is assigned to the device ;paragraph 0019, 0074).  

Claims 6, 17, are rejected under 35 U.S.C. 103 as being unpatentable over Obaidi et al (US 20210136569 A1) in view of Senarath et al (US 20160352924 A1) as applied to claims 1, 15 above, and further in view of Ashrafi (US 20180343567 A1).
Regarding claims 6, 17, Obaidi and Senarath disclose everything claimed as explained above, except the features of a secure network slice orchestration system that determines a second endpoint computing device of the plurality of endpoint computing devices assigned to the first of the plurality of security tiers is associated with the first network slice from the communications profiles received from the CSM platform; and the SDN controller of the RAN system enabling the first virtual WWAN access point for transceiving data within the first network slice with the second of the plurality of endpoint computing devices.
However, Ashrafi discloses the features of a secure network slice orchestration system (edge cloud orchestration functionalities 748 are implemented within the core cloud network 721; cloud orchestration functionalities 750 are implemented on top of the virtualized network functions 742; in addition, a transport software defined network 752 enables control of transport between the mobile edge 713 and core cloud 721; paragraph 0100) that determines  (determine by the SDN controller 2408 and is implemented in the forwarding devices 2204 through forwarding table ; paragraph 0159, 0229) a second endpoint computing device (first and second user devices 902 each implement first and second applications 904, 906 in the case of device 902A and second and third applications 906, 908 in the case of device 902B; the user devices 902 are in wireless communication with antennas 910 and 912; paragraph 0105) of the plurality of endpoint computing devices (a plurality of transceivers are associated with each of the plurality of nodes within the mesh network, where each of the transceivers implement a software defined radio that may be configured within a plurality of transceiving configurations; in addition, one server is configured to select a first slice portion of the first plurality of control layers of the wireless communications network and a first slice portion of at least a portion of the plurality transceivers in a first transceiving configuration to support operation of a first application or service and to select a second slice portion of the first plurality of control layers of the wireless communications network and a second slice portion of at least the portion of the plurality transceivers in a second transceiving configuration to support operation of a second application or service.; paragraph 0005, 0101) assigned to the first of the plurality of security tiers is associated with the first network slice (slice 630; each network slice 1468 is derived from one unified physical network infrastructure) from the communications profiles received from the CSM platform (slice 630, slice 632 and slice 634 each utilize various, differing and adaptable portions of the control layers 606 in order to operate a particular application using particular resources; furthermore, a slice  630, 632, 634 can be uniquely and adaptively configured to utilize only those network control layers 606 and only those portions of the network control layers that are necessary in order to have the application function in a desired fashion ; paragraph 0097) and the SDN controller of the RAN system (an SDN-based system for creating the connections with the small cell network 2602; paragraph 0209) enabling the first virtual WWAN access point (SDN controller 2702 enables connections to a number of different small cell backhaul nodes 2704; the SDN controller 2602 is based on OpenDaylight and controls adaptively powering on/off small cells 2704 ; paragraph 0209, 0215) for transceiving data within the first network slice with the second of the plurality of endpoint computing devices (first and second user devices 902 each implement first and second applications 904, 906 in the case of device 902A and second and third applications 906, 908 in the case of device 902B; the user devices 902 are in wireless communication with antennas 910 and 912; a first slice is associated with application 904 and consists of links 920, 926 and resources 938 and 940;the first  slice  provides ultra-reliable, low bandwidth, long rang and high mobility connection; a second slice is associated with application 906 and consist of links 918, 924 and resources 932, 934 and 936; the second slice provides the highest bandwidth for short range connections; a final slice is associated with application 908 and consist of links 922, 928 and resources 940 and 942 paragraph 0105, 0108).
Furthermore, the RAN system  (CloudRAN supports  5G; paragraph 0113-0114) is a gNodeB base station with plural 5G antenna systems (a private network with SDR-based massive MIMO, MulteFire and network slicing ; paragraph 0069) operating via one or more WWAN interface devices (the user devices 902 are in wireless communication with antennas 910 and 912 ;  antenna 910 is associated with the digital radio network while antennas 912 are associated with an analog, digital or packet radio network; each of the antennas 910, 912 are connected to a dense wavelength division multiplexer 914; paragraph  0105, 0109, 0117). Note that the concept of software defined networking will be able to address these issues and provide a mmWave or MulteFire based mobile network or private network (paragraph 0226. 0104). Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was made to apply the technique of Ashrafi to the modified system of Senarath and Obaidi in order to provide a network functions virtualization method to virtualize the network functions for allowing network operators and service providers to implement network functions in software and virtualization technologies.
Allowable Subject Matter
Claims 14, 16, 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARCEAU MILORD whose telephone number is (571)272-7853. The examiner can normally be reached 10-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CHARLES APPIAH can be reached on 571-2727904. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MARCEAU MILORD
Examiner
Art Unit 2641



/MARCEAU MILORD/Primary Examiner, Art Unit 2641