DETAILED ACTION
This action is in response to the amendment filed on June 30, 2022. Claims 15-27 are
pending. Claims 15, 17, 21 -25, and 27 are amended. Of such, claims 15-21 represent a device, claims 22-26 represent a method, and claim 27
represents a non-transitory computer program product directed to network function messaging.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pages 7-14 filed on June 30, 2022, with respect to the rejection(s) of claim(s) 15-27 in view of ETSI (NPL ETSI 133 501 V15.5.0) have been considered but are not persuasive. 
On page 8, the applicant argues that ETSI fails to teach the formation of a transport layer security protected first control plane connection between the first security edge proxy and a second security edge proxy so that the first security edge proxy is a transport security client and the second security edge proxy is a transport layer security server for the first control plane connection; and the formation of a transport layer security protected second control plane connection between the first security edge proxy and the second security edge proxy so that the first security edge proxy is a transport layer security server and the second security edge proxy is a transport layer security client for a second control plane connection. 
This argument is not persuasive. 
On page 128, ETSI discloses the establishment of a first and second connection between the SEPP’s which are noted as N32-C connections “When the negotiated security mechanism to use over N32, according to the procedure in clause 13.5, is PRINS (described in clause 13.2), the SEPPs use the established TLS connection (henceforth referred to as N32-c connection) to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs. A second N32-c connection is established by the receiving SEPP to enable it to not only receive but also send HTTP Requests”. In section 13.1, page 126-127, ETSI further discloses the establishment of the Transport Layer Security (TLS) between the two SEPP’s “If there are no IPX entities between the SEPPs, TLS shall be used between the SEPPs. If there are IPX entities between SEPPs, PRINS (application layer security on the N32-f interface) shall be used for protection between the SEPPs”. The formation of the transport layer security between the first security edge proxy and a second edge proxy allows the sending and receiving of HTTP messages “the SEPPs use the established TLS connection (henceforth referred to as N32-c connection) to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs.” as stated on page 128, section 13.2.2.1. 
On pages 11-12, the applicant argues that’s ETSI does not disclose that the SEPP is somehow to form a first unique identifier representing a logical connection context information for message protection on a first logical connection that is associated with the first control plane connection; form a second unique identifier representing a logical connection context information for message protection on a second logical connection that is associated with the second control plane connection. Further arguing that ETSI does not disclose the how the operations are associated with the control plane or logical connections. 
This argument is not persuasive. 
On page 128, ETSI discloses “Parameter exchange: The SEPPs exchange security related configuration parameters that they need to protect HTTP messages exchanged between the two Network Functions (NF) in their respective networks.” And on page 129, ETSI further discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” ETSI teaches the exchange of unique identifiers “precontext IDs” that are used to establish the connection and protect the message associated with the control plane connection. Further on page 129, ETSI discloses “N32-f precontext identifier values.N32-f precontext identifier values, as specified in clause 13.2.2.4.1, are used by each SEPP to construct a common N32-f context ID that identifies the set of security related configuration parameters applicable to a protected message received from a SEPP in a different PLMN.”
The applicant further argues the amended limitations of claims 15, 22, and 27 to include “exchanging pre-context identifications between the first security edge proxy and the second security edge proxy for combining to form a unique identifier” are not taught in the referenced prior art ETSI. 
This argument is not persuasive. 
On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” The precontext ID describes the identifier in the limitation. On page 129, ETSI further discloses the exchange of parameters “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.” Lastly, the combination limitation as described by the applicant can be found in ETSI, page 131 “The SEPPs shall create the N32-f context ID by combining the two N32-f precontext IDs, obtained during the N32-c negotiation. To avoid collision of the N32-f context ID value, the SEPPs shall select the N32-f precontext ID as a random value during the exchange over N32-c.”
Lastly, the applicant argues that in ETSI, the keys are not formed with a first and second unique identifier, or that the keys are used for a first and second logical encryption. 
This argument is not persuasive. 
On page 137, ETSI discloses “The master key shall be obtained from the TLS exporter. The export function takes 3 arguments: Label, Context, Length(in octets) of the desired output.” One of the three arguments disclosed by ETSI is the Context ID. The Context ID (described on page 129) is the precontext identifier which is related to the configuration parameters applicable to protect messages received from a SEPP. 
For at least the above reasons Applicant’s arguments are not persuasive. 
Claim Objections
The objections to claims 23-27 are withdrawn in light of the amendments to the claims. 
Claim Rejections - 35 USC § 112
The rejection to claims 15-22 are withdrawn in light of the amendments to the claims. 
Claim Rejections - 35 USC § 101
The rejection to claim 27 regarding non-statutory subject matter is withdrawn in light of the amendments to the claim. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 15-27 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated over ETSI (NPL ETSI TS 133 501 V15.5.0), hereinafter referred to as ETSI.
	Regarding Claim 15, ETSI discloses:
A first security edge proxy serving a first network function, comprising; a communication circuitry; a data storage; and a processing circuitry configured to cause, using the communication circuitry and non-transitory memory (on page 30, section 5.9.3.2, ETSI discloses “The SEPP shall act as a non-transparent proxy node. The SEPP shall protect application layer control plane messages between two NFs belonging to different PLMNs that use the N32 interface to communicate with each other” on page 30, section 5.9.3.2, ETSI further discloses “implementing separate certificate storages”): forming a transport layer security protected first control plane connection between the first security edge proxy and a second security edge proxy so that the first security edge proxy is a transport layer security client and the second security edge proxy is a transport layer security server for the first control plane connection (on page 128, section 13.2.2.1, ETSI discloses “the SEPPs use the established TLS connection (henceforth referred to as N32-c connection)to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs”); and forming a transport layer security protected second control plane connection between the first security edge proxy and the second security edge proxy so that the first security edge proxy is a transport layer security server and the second security edge proxy is a transport layer security client for the second control plane connection (on page 128, section 13.2.2.1, ETSI discloses “A second N32-c connection is established by the receiving SEPP to enable it to not only receive but also send HTTP Requests” on page 129, section 13.2.2.2, ETSI further discloses “The responding SEPP in the first N32-c connection shall now setup a second N32-c connection by establishing a mutually authenticated TLS connection with the peer SEPP”); wherein the forming of the transport layer security protected first control plane connection comprises forming a first shared secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); and the forming of the transport layer security protected second control plane connection comprises forming a second shared secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); and the processing circuitry is further configured to: obtain a first master key from the first shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); obtain a second master key from the second shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); exchange pre-context identifications between the first security edge proxy and the second security edge proxy for combining to form a first unique identifier representing a logical connection context information for message protection on a first logical connection that is associated with the first control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.” On page 131, ETSI further discloses “The SEPPs shall create the N32-f context ID by combining the two N32-f precontext IDs, obtained during the N32-c negotiation. To avoid collision of the N32-f context ID value, the SEPPs shall select the N32-f precontext ID as a random value during the exchange over N32-c.”) form a second unique identifier representing a logical connection context information for message protection on a second logical connection that is associated with the second control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.”) form, based on the first master key and the first unique identifier, a first session key for first logical connection encryption (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”); and form, based on the second master key and the second unique identifier, a second session key for second logical connection encryption  (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”).
	Regarding Claim 16, ETSI discloses:
The first security edge proxy of claim 15, wherein the processing circuitry is further configured to form a first initialization vector randomizer for the encryption of the first logical connection request to the second security edge proxy  (on page 139, section 13.2.4.7, ETSI discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object – Initialization Vector, Additional Authenticated Data value (clearTextEncapsulatedMessage in "aad") and JWE Authentication Tag ( "tag")”).
	Regarding Claim 17, ETSI discloses:
	The first security edge proxy of claim 15, wherein the processing circuitry is further configured to form a second initialization vector randomizer for the decryption of the second logical connection request from the second security edge proxy (on page 139, section 13.2.4.7, ETSI discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object – Initialization Vector, Additional Authenticated Data value (clearTextEncapsulatedMessage in "aad") and JWE Authentication Tag ( "tag")”).
	Regarding Claim 18, ETSI discloses:
	The first security edge proxy of claim 15, wherein: the first logical connection is protected by application layer security; the second logical connection is protected by application layer security (on page 129, section 13.2.2.2, ETSI discloses “any further N32-c communication that may occur over time while application layer security is applied to N32-f, or any further N32-c and N32-f communication, if TLS is used to protect N32-f.”); and the application layer security employs different cipher suites for the first and second logical connections (on page 129, section 13.2.2.2, ETSI discloses “The responding SEPP shall compare the received cipher suites to its own supported cipher suites and shall
select, based on its local policy, a cipher suite, which is supported by both initiating SEPP and responding SEPP”).
	Regarding Claim 19, ETSI discloses:
	The first security edge proxy of claim 15, wherein the processing circuitry is further configured to cause encrypting, using the first shared secret, first control data for transmission over the first control plane connection (on page 134, section 13.2.4.1, ETSI discloses “Encryption of IEs shall take place end to end between cSEPP and pSEPP.”); and the processing circuitry is further configured to cause decrypting, using the second shared secret, second control data received over the second control plane connection (on page 131, section 13.2.2.4.1, ETSI discloses “During transfer of application data over N32-f, the SEPP shall include the N32-f context ID in a separate IE in the metadata part of the JSON structure, see clause 13.2.4.2. The receiving SEPP shall use this information to apply the correct key and parameters during decryption and validation” and on page 139, section 13.2.4.7, ETSI further discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object”).
	Regarding Claim 20, ETSI discloses:
	The first security edge proxy of claim 19, wherein the application layer security employs JSON Web Encryption, JWE (on page 137, section 13.2.4.4.0, ETSI discloses “The SEPP shall use JSON Web Encryption (JWE) as specified in RFC 7516 [59] for the protection of reformatted HTTP messages between the SEPPs”).
	Regarding Claim 21, ETSI discloses:
The first security edge proxy of claim 15, wherein the first master key may be formed using a transport layer security exporter function associated with the first control connection (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.”); and the second master key may be formed using a TLS exporter function associated with the second control connection (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.”).
	Regarding Claim 22, ETSI discloses:
	A method, wherein the method is performed in a security edge proxy, the method comprising: forming a transport layer security protected first control plane connection between a first security edge proxy and a second security edge proxy so that the first security edge proxy is a transport layer security client and the second security edge proxy is a transport layer security server for the first control plane connection(on page 128, section 13.2.2.1, ETSI discloses “the SEPPs use the established TLS connection (henceforth referred to as N32-c connection)to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs”); and forming a transport layer security protected second control plane connection between the first security edge proxy and the second security edge proxy so that the first security edge proxy is a transport layer security server and the second security edge proxy is a transport layer security client server for the second control plane connection (on page 128, section 13.2.2.1, ETSI discloses “A second N32-c connection is established by the receiving SEPP to enable it to not only receive but also send HTTP Requests” on page 129, section 13.2.2.2, ETSI further discloses “The responding SEPP in the first N32-c connection shall now setup a second N32-c connection by establishing a mutually authenticated TLS connection with the peer SEPP”); wherein the forming of the transport layer security protected first control plane connection comprises forming a first shared 4Docket No. NC307444-US-PCTCustomer No. 73658 secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); and the forming of the transport layer security protected second control plane connection comprises forming a second shared secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); the method further comprising: obtaining a first master key from the first shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); obtaining a second master key from the second shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); exchanging pre-context identifications between the first security edge proxy and the second security edge proxy for combining to form a first unique identifier representing a logical connection context information for message protection on a first logical connection that is associated with the first control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.” On page 131, ETSI further dsicloses “The SEPPs shall create the N32-f context ID by combining the two N32-f precontext IDs, obtained during the N32-c negotiation. To avoid collision of the N32-f context ID value, the SEPPs shall select the N32-f precontext ID as a random value during the exchange over N32-c.”) forming a second unique identifier representing a logical connection context information for message protection on a second logical connection that is associated with the second control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.”) forming, based on the first master key and the first unique identifier, a first session key for first logical connection encryption (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”); and forming, based on the second master key and the second unique identifier, a second session key for second logical connection encryption  (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”).
	Regarding Claim 23, ETSI discloses:
	The method of claim 22, further comprising forming a first initialization vector randomizer for the encryption of the first logical connection request to the second security edge proxy (on page 139, section 13.2.4.7, ETSI discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object – Initialization Vector, Additional Authenticated Data value (clearTextEncapsulatedMessage in "aad") and JWE Authentication Tag ( "tag")”).
	Regarding Claim 24, ETSI discloses:
	The method of claim 22, further comprising forming a second initialization vector randomizer for the decryption of the second logical connection request from the second security edge proxy (on page 139, section 13.2.4.7, ETSI discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object – Initialization Vector, Additional Authenticated Data value (clearTextEncapsulatedMessage in "aad") and JWE Authentication Tag ( "tag")”).
	Regarding Claim 25, ETSI discloses:
	The method of claim 22, further comprising: protecting the first logical connection by application layer security; protecting the second logical connection by application layer security (on page 129, section 13.2.2.2, ETSI discloses “any further N32-c communication that may occur over time while application layer security is applied to N32-f, or any further N32-c and N32-f communication, if TLS is used to protect N32-f.”); and employing different application layer security cipher suites for the first and second logical connections (on page 129, section 13.2.2.2, ETSI discloses “The responding SEPP shall compare the received cipher suites to its own supported cipher suites and shall
select, based on its local policy, a cipher suite, which is supported by both initiating SEPP and responding SEPP”).
	Regarding Claim 26, ETSI discloses:
	The method of claim 23, further comprising: encrypting, using the first shared secret, first control data for transmission over the first control plane connection (on page 134, section 13.2.4.1, ETSI discloses “Encryption of IEs shall take place end to end between cSEPP and pSEPP.”); and decrypting, using the second shared secret, second control data received over the second control plane connection (on page 131, section 13.2.2.4.1, ETSI discloses “During transfer of application data over N32-f, the SEPP shall include the N32-f context ID in a separate IE in the metadata part of the JSON structure, see clause 13.2.4.2. The receiving SEPP shall use this information to apply the correct key and parameters during decryption and validation” and on page 139, section 13.2.4.7, ETSI further discloses “The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object”).
	Regarding Claim 27, ETSI discloses:
A non-transitory computer program product comprising computer executable program code  embodied on a non-transitory memory configured to perform: forming a transport layer security protected first control plane connection between the first security edge proxy and the second security edge proxy so that the first security edge proxy is a transport layer security client and the second security edge proxy is a transport layer security server for the first control plane connection (on page 128, section 13.2.2.1, ETSI discloses “the SEPPs use the established TLS connection (henceforth referred to as N32-c connection)to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs”); and forming a transport layer security protected second control plane connection between the first security edge proxy and the second security edge proxy so that the first security edge proxy is a transport layer security server and the second security edge proxy is a transport layer security client server for the second control plane connection (on page 128, section 13.2.2.1, ETSI discloses “A second N32-c connection is established by the receiving SEPP to enable it to not only receive but also send HTTP Requests” on page 129, section 13.2.2.2, ETSI further discloses “The responding SEPP in the first N32-c connection shall now setup a second N32-c connection by establishing a mutually authenticated TLS connection with the peer SEPP”); wherein the forming of the transport layer security protected first control plane connection comprises forming a first shared secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); and the forming of the transport layer security protected second control plane connection comprises forming a second shared secret (on page 128, section 13.2.2.1, ETSI discloses “The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key required”); the method further comprising: obtaining a first master key from the first shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); obtaining a second master key from the second shared secret (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” on page 137, section 13.2.4.4.1, ETSI further discloses “The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.”); exchanging pre-context identifications between the first security edge proxy and the second security edge proxy for combining to form a first unique identifier representing a logical connection context information for message protection on a first logical connection that is associated with the first control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.” On page 131, ETSI further dsicloses “The SEPPs shall create the N32-f context ID by combining the two N32-f precontext IDs, obtained during the N32-c negotiation. To avoid collision of the N32-f context ID value, the SEPPs shall select the N32-f precontext ID as a random value during the exchange over N32-c.”); forming a second unique identifier representing a logical connection context information for message protection on a second logical connection that is associated with the second control plane connection (On page 129, ETSI discloses “The SEPP shall provide a N32-f precontext ID for the responding SEPP. The precontext IDs are 32-bit random integers, represented as 0-left padded strings of hexadecimal digits.” On page 129, ETSI further discloses “The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP including the selected cipher suite for protecting the NF service related signaling over N32. The responding SEPP shall provide a N32-f precontext ID for the initiating SEPP.”); forming, based on the first master key and the first unique identifier, a first session key for first logical connection encryption  (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”);  and forming, based on the second master key and the second unique identifier, a second session key for second logical connection encryption (on page 129, section 13.2.2.2, ETSI discloses “The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.” and on page 137, section 13.2.4.4.1, ETSI discloses “The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP/2 sessions”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Xu et al. (US Publication Number 2021/0044569) discloses a method for sending signal messages through an IPS proxy from a first network element to another network element. 
He et al. (US Publication Number 2020/0344604) discloses a method for performing verification using a shared key to send a message between network elements. 
Saarinen et al. (US Publication Number 2021/0014680) discloses a method of wireless communication to transmit protected messages.
Lehtovirta et al. (US Publication Number 2021/0014284) discloses a security negotiation mechanism between security gateways.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/              Examiner, Art Unit 2492                                                                                                                                                                                          
/SALEH NAJJAR/               Supervisory Patent Examiner, Art Unit 2492