Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 17/123,038 filed on 12/15/2020.
Claims 1- 20 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/15/2020 and 07/15/2022, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3-8, 10, 12-17, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by He et al. (U.S. 20200344604 A1; Hereinafter "He").
Regarding claim 1, He teaches a method for message validation in fifth generation (5G) communications networks, the method comprising (He: para [0007], “a method for performing verification by using a shared key and an apparatus, to protect a network from a spoofing attack.”): 
at a first network node of a first network (He: para[0164], “The communications system 400 may include a first network element 41 and a second network element 42.”):  
obtaining, from at least one authentication and key agreement (AKA) procedure related message associated with a user device (UE) communicating via a second network (He: para[0283], a security edge protection proxy (SEPP) is introduced into a 5G network as a security edge proxy gateway, to implement topology hiding and message filtering”, “the AMF to perform an authentication and key agreement (AKA)”), authentication information (shared key) identifying the user device (He: para [0292], “the SEPP2 may actively obtain, from the UDM, a shared key corresponding to at least one of a plurality of user identifiers and/or network identifier information.”); 
storing the authentication information in a data store for validating subsequent messages (He: para[0228], “The first network element stores a correspondence between the shared key and at least one of the user identifier and the first network identifier information,”);
receiving a request message associated with the user device (He: para [0289-0297], “S803. The AMF sends a registration request message (for example, Nudm_UECM_Registration) including the optional nonce and information about the protected PLMN ID to a UDM, where the information about the protected PLMN ID is, for example, an encrypted PLMN, a MAC value of a PLMN, or a hash value of a PLMN”); 
determining, using the authentication information (shared key), that the request message is invalid (He: para[0293-300], “when receiving a registration request message from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network”); and 
in response to determining that the request message is invalid, performing an invalid message action (He: para[0295], “if the obtained PLMN ID is inconsistent with the PLMN ID carried in the registration request message, the SEPP2 gives a rejection response and a rejection cause, so that the AMF can re-initiate an authentication procedure or reject the current registration based on the configuration rejection cause”).
Regarding claim 3, He teaches the independent claim 1. He additionally teaches wherein the request message includes a 5G core request message (He: para[0287], “S801. UE initiates a registration request message (Registration Request) to an AMF.”, “a security edge protection proxy (SEPP) is introduced into a 5G network as a security edge proxy gateway, to implement topology hiding and message filtering. Functions of the AMF and the UDM may also be transferred to the security edge proxy gateway.”).
Regarding claim 4, He teaches the independent claim 1. He additionally teaches wherein the at least one AKA procedure related message includes one or more data types that include the authentication information(He: para[0401], “the foregoing is described by using a 5G-AKA procedure, para[0418-0419], “S1214. After the authentication confirmation succeeds, the AUSF sends an authentication confirmation notification response message to the UDM, where the message carries the shared key Kamf-udm between the AMF and the UDM.S1215. The UDM records a relationship among an SUPI, the PLMN ID, an authentication result, and Kamf-udm.”, para[0373], “he foregoing is described by using a 5G-AKA procedure”).
Regarding claim 5, He teaches the independent claim 1. He additionally teaches wherein the authentication information (shared key) includes an authentication status, a network identifier, a network node identifier, a subscription permanent identifier (SUPI), a serving network name, or a public land mobile network (PLMN) identifier (He: para[0292, “a shared key corresponding to at least one of a plurality of user identifiers and/or network identifier information.” “user identifier (for example, a SubID or an SUPI)”, “the identifier (for example, the PLMN ID or the AMF ID) related to the serving network.”).
Regarding claim 6, He teaches the independent claim 1. He additionally teaches wherein the first network node includes a security edge protection proxy (SEPP), a 5G core network function, a network proxy, or a network gateway (He: para[0164], “The first network element 41 may be an access and mobility management network element or a security edge proxy gateway in the visited network.”).
Regarding claim 7, He teaches the independent claim 1. He additionally teaches wherein the at least one AKA procedure related message is sent via a second network node of the second network, wherein the second network node includes a consumer network function (NF), a policy control function (PCF), an access and mobility management Function (AMF), a session management function (SMF), a network repository function (NRF), a network slice selection function (NSSF), or a 5G core network function (He: para[0308], “the first network element is a UDM or a first security edge protection proxy, and the second network element is an AMF or a second security edge protection proxy. To be specific, the first network element may be a UDM, and the second network element may be an AMF”).
Regarding claim 8, He teaches the independent claim 1. He additionally teaches wherein the invalid message action includes discarding the request message or notifying a network operator or a management system (He: para[0295], “if the obtained PLMN ID is inconsistent with the PLMN ID carried in the registration request message, the SEPP2 gives a rejection response and a rejection cause, so that the AMF can re-initiate an authentication procedure or reject the current registration based on the configuration rejection cause”).
Regarding claim 10, He teaches a system for message validation in fifth generation (5G) communications networks, the system comprising:
 a first network node of a first network comprising (He: para[0164], “The communications system 400 may include a first network element 41 and a second network element 42.”): 
at least one processor (He: para[0020], “the first network element includes a communications interface, a memory, and a processor.”); and 
a memory, wherein the first network node is configured for: obtaining, from at least one authentication and key agreement (AKA) procedure related message associated with a user device communicating via a second network(He: para[0283], a security edge protection proxy (SEPP) is introduced into a 5G network as a security edge proxy gateway, to implement topology hiding and message filtering”, “the AMF to perform an authentication and key agreement (AKA)”), authentication information identifying the user device (He: para [0292], “the SEPP2 may actively obtain, from the UDM, a shared key corresponding to at least one of a plurality of user identifiers and/or network identifier information.”);
storing the authentication information in a data store for validating subsequent messages; (He: para[0228], “The first network element stores a correspondence between the shared key and at least one of the user identifier and the first network identifier information,”);
receiving a request message associated with the user device (He: para [0289], “S803. The AMF sends a registration request message (for example, Nudm_UECM_Registration) including the optional nonce and information about the protected PLMN ID to a UDM, where the information about the protected PLMN ID is, for example, an encrypted PLMN, a MAC value of a PLMN, or a hash value of a PLMN”);
determining, using the authentication information, that the request message is invalid(He: para[0293-300], “when receiving a registration request message from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network”); and 
in response to determining that the request message is invalid, performing an invalid message action(He: para[0295], “if the obtained PLMN ID is inconsistent with the PLMN ID carried in the registration request message, the SEPP2 gives a rejection response and a rejection cause, so that the AMF can re-initiate an authentication procedure or reject the current registration based on the configuration rejection cause”).
Regarding claim 12, claim 12 is rejected under the same rational as claim 3.
Regarding claim 13, claim 13 is rejected under the same rational as claim 4.
Regarding claim 14, claim 14 is rejected under the same rational as claim 5.
Regarding claim 15, claim 15 is rejected under the same rational as claim 6.
Regarding claim 16, claim 16 is rejected under the same rational as claim 7.
Regarding claim 17, claim 17 is rejected under the same rational as claim 8.
Regarding claim 19, He teaches a non-transitory computer readable medium having stored thereon executable instructions that when executed by at least one processor of a computer cause the computer to perform steps comprising (He: para[0619], “The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions according to the embodiments of this application are all or partially generated. The computer may be a general-purpose computer, a dedicated computer, a computer network, or another programmable apparatus. The computer instructions may be stored in a computer readable storage medium,”):       
at a first network node of a first network (He: para[0164], “The communications system 400 may include a first network element 41 and a second network element 42.”):  
obtaining, from at least one authentication and key agreement (AKA) procedure related message associated with a user device communicating via a second network(He: para[0283], a security edge protection proxy (SEPP) is introduced into a 5G network as a security edge proxy gateway, to implement topology hiding and message filtering”, “the AMF to perform an authentication and key agreement (AKA)”), authentication information identifying the user device(He: para [0292], “the SEPP2 may actively obtain, from the UDM, a shared key corresponding to at least one of a plurality of user identifiers and/or network identifier information.”);
storing the authentication information in a data store for validating subsequent messages(He: para[0228], “The first network element stores a correspondence between the shared key and at least one of the user identifier and the first network identifier information,”);
receiving a request message associated with the user device(He: para [0289], “S803. The AMF sends a registration request message (for example, Nudm_UECM_Registration) including the optional nonce and information about the protected PLMN ID to a UDM, where the information about the protected PLMN ID is, for example, an encrypted PLMN, a MAC value of a PLMN, or a hash value of a PLMN”);
determining, using the authentication information, that the request message is invalid (He: para[0293-300], “when receiving a registration request message from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network”); and 
in response to determining that the request message is invalid, performing an invalid message action (He: para[0295], “if the obtained PLMN ID is inconsistent with the PLMN ID carried in the registration request message, the SEPP2 gives a rejection response and a rejection cause, so that the AMF can re-initiate an authentication procedure or reject the current registration based on the configuration rejection cause”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over He et al. (U.S. 20200344604 A1; Hereinafter "He") in view of Lee et al. (U.S. 20200359218 A1; Hereinafter “Lee”).
Regarding claim 2, He teaches the independent claim 1. 
He does not explicitly teach wherein determining, using the authentication information, that the request message is invalid comprises retrieving, using an user device identifier in the request message, the authentication information from the data store and determining that the authentication information fails to confirm that the user device is roaming in the network from which the request message originates.
However, in an analogous art, Lee teaches wherein determining, using the authentication information, that the request message is invalid comprises retrieving, using an user device identifier in the request message, the authentication information from the data store (Lee: para[0174], “the AAF receives a request message requesting verification of an access token from the AF. Specifically, the AF may identify the AAF for verifying the access token, based on the access token included in the request message received from the UE.”) and determining that the authentication information fails to confirm that the user device is roaming in the network from which the request message originates (Lee: para[0174-0176], “If it is determined that the verification of the access token has failed, the AAF may transmit, to the AF, a verification response message indicating the reason why the verification of the access token has failed. In this case, the reason for failure of the verification, such as the case where the access token is invalid due to the elapse of the valid time or the case where the requested resource does not belong to the authority of the access token, may be transmitted to the AF.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Lee into the method of He to include wherein the first network is a home public land mobile network (PLMN) and the second network is a visited PLMN because it will improve the security of the system by determining non-authentication in an environment in which the terminal is safely connected to a service provider network (Lee: para [0097]).
Regarding claim 11, claim 11 is rejected under the same rational as claim 2
Regarding claim 20, claim 20 is rejected under the same rational as claim 2.
Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over He et al. (U.S. 20200344604 A1; Hereinafter "He") in view of Holtmanns et al. (W.O 2020174121 A1; Hereinafter “Holtmanns”).
Regarding claim 9, He teaches the independent claim 1. 
He does not explicitly teach wherein the first network is a home public land mobile network (PLMN) and the second network is a visited PLMN.
However, in an analogous art, Holtmanns teaches wherein the first network is a home public land mobile network (PLMN) and the second network is a visited PLMN (Holtmanns: para[0015], “the internetwork interconnect allows secure communication between a service-consuming NF e.g. in a visited PLMN and a service-producing NF e.g. in a home PLMN,”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Holtmanns into the method of He to include wherein the first network is a home public land mobile network (PLMN) and the second network is a visited PLMN because it will provide a secure communication between mobile networks (Holtmanns: para [0095]).
Regarding claim 18, claim 18 is rejected under the same rational as claim 9.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 US 20220124079-A1, Systems and Method for Authenticating User Devises
US 20120110637 A1, Systems, Methods, And Apparatuses For Facilitating Authorization Of A Roaming Mobile Terminal. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./Examiner, Art Unit 2437     
/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437