Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
No foreign priority is claimed.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 06/21/2022 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-12, 15, 18-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Villapakkam et al. (US 2021/0036851 A1, hereinafter Villapakkam).
For claim 1, Villapakkam teaches a device, comprising: a processor; and a memory that stores executable instructions (Fig. 2; para 0039, 0066-0068) that, when executed by the processor, facilitate performance of operations comprising: receiving, from an application instance executing on a user equipment, an initiation of a secure communication session with an application server (para 0042-0044 - requesting application, under the premise of securely communicating with key management service (key management application server), requests to facilitate the same via initiation of secure channel or secure session); 
performing an authentication of the application instance based on a cryptographic requirement and a cryptographic profile (para 0044-0045 - the requesting application is authenticated based on credentials associated with the requesting application including cryptographic credentials of the requesting application as cryptographic profile), wherein the cryptographic requirement is determined from cryptographic information received from the application server, and wherein the cryptographic profile corresponds to an identification of the application instance (para 0034, 0044-0045, 0047 - various elements such as client identifiers, digital certificates/public keys associated with the requesting application are utilized for fulfilling the cryptographic requirements); and 
facilitating secure communication between the application instance and the application server based on the cryptographic profile of the application instance (para 0044-0045, 0055 - secure channel is established and secure communication is performed via the same).

For claim 2, Villapakkam teaches wherein the communication between the application instance and the application server is according to a proprietary transport protocol (para 0037, 0045, 0062 - various standard proprietary transport protocols as usable by the system).

For claim 3, Villapakkam teaches wherein performing the authentication of the application instance comprises determining a cryptographic requirement for the application instance (para 0034, 0044-0045, 0047 - the requesting application is authenticated based on credentials associated with the requesting application including cryptographic credentials of the requesting application as cryptographic profile, wherein various elements such as client identifiers, digital certificates/public keys associated with the requesting application are determined to be cryptographic requirements and are checked for authentication).

For claim 4, Villapakkam teaches the device of claim 3, wherein determining the cryptographic requirement for the application instance is based on cryptographic database stored at an access network device (para 0023, 0032, 0035, 0038, 0041, 0047 - various identifiers such as cryptographic keys, certificates etc. are stored in the storage, which are retrieved selectively for the required cryptographic operations associated with the application authentication process).

For claim 5, Villapakkam teaches the device of claim 3, wherein determining the cryptographic requirement for the application instance is based on cryptographic information received from the application server (para 0034-0035, 0044-0045, 0048 - various identifiers such as cryptographic keys, certificates etc. are stored in the local storage, which are received from the requesting application server selectively for the required cryptographic operations associated with the application authentication process).

For claim 6, Villapakkam teaches the device of claim 5, wherein the cryptographic information received from the application server is employed to update a cryptographic database stored at an access network device (Fig. 1; para 0024, 0026, 0038-0039, 0045, 0053 - key addition and index mapping changes associated with the storage databases stored in the network nodes).

For claim 7, Villapakkam teaches wherein the device is comprised in core-network equipment that is part of the access network, and wherein the core-network equipment is located remotely from the user equipment and is located remotely from the application server (Fig. 1-2; para 0015-0016, 0038-0041 - local and remote arrangements of network equipment with respect to client devices).

For claim 8, Villapakkam teaches wherein the device is comprised in edge-network equipment that is part of the access network, and wherein the edge-network equipment is located remotely from core-network equipment of the access network, is located remotely from the user equipment, and is located remotely from the application server (Fig. 1-2; para 0015-0016, 0037-0038, 0040-0041 - local and remote devices, with edge-network devices such as routers to provide network access).

For claim 9, Villapakkam teaches wherein the device is comprised of user-plane network equipment and control-plane network equipment that are part of the access network, wherein the access network employs control-plane and user-plane separation topology, and wherein the control-plane network equipment is located remotely from the user equipment and is located remotely from the application server (Fig. 1-2; para 0015-0016, 0037-0039, 0045, 0062 - local and remote devices, with controllers that control inter-component or inter-node communications in the control plane using control protocols, and data communication associated with the user device or the client application in the user plane via secure communication channels).

For claim 10, Villapakkam teaches the device of claim 9, wherein the user-plane network equipment is located remotely from the application server (Fig. 1-2; para 0015-0016, 0038, 0044-0045, 0062 - local and remote devices, wherein the data communication associated with the user device or the client application in the user plane via secure communication channels, the devices located remotely or external in the network, with respect to the key storage devices associated with the key management servers).

For claim 11, Villapakkam teaches the device of claim 9, wherein the user-plane network equipment is located remotely from the user equipment (Fig. 1-2; para 0015-0016, 0044-0045, 0062 - local and remote devices, wherein the data communication associated with the user device or the client application in the user plane via secure communication channels, the devices located remotely or external in the network, with respect to the user equipment).

For claim 12, Villapakkam teaches wherein the application instance captures computing resources of the user equipment enabling execution of the application in a manner that limits access to application instance data by other applications executing on the user equipment (para 0039, 0063-0065 - virtualization of resources on the user device enables application execution with restricted access of other applications).

For claim 15, Villapakkam teaches a method, comprising: receiving, by access network equipment comprising a processor, an initiation of a secure communication session between an application instance and an application server, wherein the application instance is uniquely identifiable, and wherein the application instance executes on a user equipment (para 0042-0044 - requesting application, under the premise of securely communicating with key management service (key management application server), requests to facilitate the same via initiation of secure channel or secure session; para 0020-0021, 0034, 0044-0045, 0047 - various elements such as unique client identifiers, digital certificates/public keys associated with the requesting application are utilized for fulfilling the cryptographic requirements); 
communicating, by the access network equipment to the applicant instance, a cryptographic requirement based on an identification of the application instance, wherein the communicating enables the application instance to determine whether a cryptographic profile of the application instance satisfies the cryptographic requirement (para 0034, 0044-0045, 0047 - various elements such as client identifiers, digital certificates/public keys associated with the requesting application are utilized for fulfilling the cryptographic requirements); 
presenting, by the access network equipment, an authentication challenge to the application instance in response to receiving an authentication request from the application instance (para 0043-0045 - key proxy assignment request against which a challenge is presented to provide cryptographic and other profile for authentication); 
determining, by the access network equipment, that an authentication challenge response received from the application instance satisfies a first rule related to the application instance properly employing the cryptographic profile to communicate the authentication challenge response (para 0044-0045, 0047, 0055 - the requesting application is authenticated based on credentials associated with the requesting application including cryptographic credentials of the requesting application as cryptographic profile, wherein the first rule is matching of public key or authentication credential such as application identifier); 
determining, by the access network equipment, that the authentication challenge response received from the application instance satisfies a second rule related to the authentication challenge response satisfying the authentication challenge (para 0044-0045, 0047, 0055 - the requesting application is authenticated based on credentials associated with the requesting application including cryptographic credentials of the requesting application as cryptographic profile, wherein the second rule is matching of certificate or authentication credential); and 
instantiating, by the access network equipment, a communication tunnel facilitating secure communication between the application instance and the application server in accord with the cryptographic profile of the application instance and the identification of the application instance (para 0044-0045, 0055 - secure channel is established and secure communication is performed via the same).

For claim 18, Villapakkam teaches a non-transitory machine-readable medium, comprising executable instructions (para 0039, 0062) that, when executed by a processor, facilitate performance of operations, comprising: in response to an access network equipment receiving an initiation of a secure communication session between an application instance and an application server, authenticating the application instance based on an identity of the application instance (para 0042-0044 - requesting application, under the premise of securely communicating with key management service (key management application server), requests to facilitate the same via initiation of secure channel or secure session), wherein the application instance executes on a user equipment, wherein the application instance employs a cryptographic profile that satisfies a cryptographic requirement (para 0044-0045 - the requesting application is authenticated based on credentials associated with the requesting application including cryptographic credentials of the requesting application as cryptographic profile), and wherein the authenticating determines that a response to a authentication challenge is both satisfactory and was communicated in accord with the cryptographic profile (para 0034, 0044-0045, 0047 - various elements such as client identifiers, digital certificates/public keys associated with the requesting application are utilized for fulfilling the cryptographic requirements, and wherein key proxy assignment request against which a challenge is presented to provide cryptographic and other profile for authentication); and 
establishing a communication tunnel facilitating secure communication between the application instance and the application server in accord with the cryptographic profile of the application instance (para 0044-0045, 0055 - secure channel is established and secure communication is performed via the same).

For claim 19, Villapakkam teaches wherein the secure communication, between the application instance and the application server, employs a proprietary transport protocol (para 0037, 0045, 0062 - various standard proprietary transport protocols as usable by the system).

For claim 20, Villapakkam teaches wherein the access network equipment determines an updateable cryptographic database correlated to application instance identities to enable determining a cryptographic requirement that, when communicated to an application instance, enable the application instance to determine whether the cryptographic profile satisfies the cryptographic requirement (para 0034-0035, 0044-0045, 0048 - various identifiers such as cryptographic keys, certificates etc. are stored in the local storage, which are received from the requesting application server selectively for the required cryptographic operations associated with the application authentication process; Fig. 1; para 0024, 0026, 0038-0039, 0045, 0053 - key addition and index mapping changes associated with the storage databases stored in the network nodes).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13-14, 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Villapakkam et al. (US 2021/0036851 A1, hereinafter Villapakkam), in view of Bernabeu et al. (US 2018/0176211 A1, Bernabeu hereinafter).
For claim 13, Villapakkam teaches wherein the cryptographic profile identifies a combination of an encryption process, and an authentication process (para 0029-0030, 0043-0045, 0054 - authentication and encryption processes as part of cryptographic profile identities).
Villapakkam does not explicitly teach, however Bernabeu teaches cryptographic profile identifying a hash process, and an authentication process (para 0009-0010, 0013, 0036).
Based on Villapakkam in view of Bernabeu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Bernabeu in the system of Villapakkam, in order to utilize various cryptographic mechanisms for the process of authentication and securing of communication as also well known in the art, thereby making the system secure and versatile.

For claim 14, Villapakkam teaches wherein the cryptographic requirement identifies a combination of one or more encryption processes, and one or more authentication processes (para 0029-0030, 0043-0045, 0054 - authentication and encryption processes as part of cryptographic profile identities).
Villapakkam does not explicitly teach, however Bernabeu teaches cryptographic profile identifying a combination of one or more hash processes as part of authentication (para 0009-0010, 0013, 0036).
Based on Villapakkam in view of Bernabeu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Bernabeu in the system of Villapakkam, in order to utilize various cryptographic mechanisms for the process of authentication and securing of communication as also well known in the art, thereby making the system secure and versatile.

For claim 16, Villapakkam teaches method of claim 15, wherein communicating the cryptographic requirement comprises determining one or more encryption process, one or more hash process, and one or more authentication process that correspond to an identity of the application instance (para 0029-0030, 0043-0045, 0054 - authentication and encryption processes as part of cryptographic profile identities).
Villapakkam does not explicitly teach, however Bernabeu teaches cryptographic requirement comprising determining one or more hash process and one or more authentication process (para 0009-0010, 0013, 0036).
Based on Villapakkam in view of Bernabeu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Bernabeu in the system of Villapakkam, in order to utilize various cryptographic mechanisms for the process of authentication and securing of communication as also well known in the art, thereby making the system secure and versatile.

For claim 17, Villapakkam in view of Bernabeu teaches the claimed subject matter as discussed above. Villapakkam further teaches the method of claim 16, wherein determining the one or more encryption processes comprises the access network equipment querying cryptographic information stored by the application server based on the identity of the application instance (para 0020-0021, 0034, 0044-0045, 0047 - various elements such as unique client identifiers, digital certificates/public keys associated with the requesting application are utilized for fulfilling the cryptographic requirements; para 0029-0030, 0043-0045, 0054 - authentication and encryption processes as part of cryptographic profile identities).

    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433