DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Claim Objections
Claims 1, 8, 15 are objected to because of the following informalities:  
Claims 1, 8, 15 contain the following: “generated by the EU”.  This should be “generated by the UE”.
Claims 1, 8, 15 contain no antecedent basis for “the re-authorization MSK”.  There is only prior reference to “a re-authentication master session key (MSK)”.
Claim 8 contains the following: “based the re-authorization MSK”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 8-9, 12, 15-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha et al (PGPUB 2017/0244705), and further in view of Wang et al (PGPUB 2019/0149990) and Wienzek et al (Fast Re-Authentication for Handovers in Wireless Communication Networks).

Regarding Claim 8:
Ha teaches a non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to (paragraph 38-39, processor, memory storing instructions): 
receive, at a network node associated with a first network from a User Equipment (UE), a initiate request comprising a key name associated with a previously-authenticated session of the UE at a second network (abstract, method of establishing a connection with a core network supporting a plurality of access networks through a first network, and reusing authentication and/or allocated resource information for a second network; paragraph 76-78, UE requests service to 5G base station (5GBS) (i.e. “second network”) and is identified using GUTI and assigned tunnel endpoint identifier (TEID); universal control entity (UCE) manages session creation and transfers ID information to CGW; paragraph 81-84, UE makes request to WiFi base station (WiFiBS) (i.e. “first network”) to create session using GUTI (i.e. “key name”); WiFiBS includes GUTI included in request and MAC of UE in session creation request message and transmits to UCE), the first network comprising one of a 5G network or a Wi-Fi network and the second network comprising a different one of the 5G network or the Wi-Fi network (paragraph 70, 76-78, network connection through 5GBS; paragraph 81-84, network connection through WiFiBS; paragraph 93, during a handover between different access networks, it is possible to minimize a delay occurring due to re-authentication and continue a session which has been underway before the handover without changing an address; further, even when access networks differ from each other, it is possible to reuse authentication information for a previous access network without additional authentication); 
send the initiate request with the key name to an authentication server associated with the first network and the second network (paragraph 82-83, WiFiBS transmits session creation request to UCE including GUTI; paragraph 63-65, UCE includes authentication manager and resource manager; authentication manager generates and transmits temporary identifier to UE when UE requests signaling connection through first access network; when session creation request including temporary ID is received from UE through second access network, authentication manager authenticates UE using temporary ID; temporary ID may be GUTI); 
receive, from the authentication server, key information (paragraph 66, when the UE requests the signaling connection through the first access, the authentication manager exchanges index information of a cipher key with the UE and transfers the index information of the cipher key exchanged with the UE to the second access network (i.e. “first network” as claimed); when the UE uses the data service through the second access network after the signaling connection is established, data is ciphered by reusing the index information of the cipher key in a section between the UE and the second access network); and 
authenticate a session between the UE and the first network based on a session key generated by the UE and associated with the key name (paragraph 70, 71, UCE transmits information for UE to generate authentication key; index information shared between UCE and UE allows UE to cipher information using cipher keys shared between UCE and UE using index information).
	Ha does not explicitly teach wherein the initiate request is a re-authentication initiate request;
sending an integrity protected message to the authentication server;
	receiving, from the authentication server, a re-authentication master session key (MSK) associated with the previously-authenticated session of the UE authenticated for the second network based on the key name and the integrity protected message; and
	authenticating the session based on the session key and the integrity protected message.
	However, Wang teaches the concept wherein an initiate request is a re-authentication initiate request (paragraph 89, Fast re-authentication procedure; paragraph 116, network authentication entity receives request from UE and determines whether request is for authentication or fast re-authentication);
	sending an integrity protected message to an authentication server (paragraph 201, UE transmits response comprising Message Authentication Code (MAC) to base station or Wi-Fi AP; paragraph 202, base station or Wi-Fi AP forward response to network authentication entity); and 
receiving, from the authentication server, a re-authentication master session key (MSK) (paragraph 122, network authentication entity continues with Fast Re-authentication procedure; if authentication is successful, network authentication entity creates Master Session Key and includes in security context; security context saved in database of network authentication entity; paragraph 121, network authentication entity transmits the keys or keys further derived from the security context to the network entities such as Wi-Fi AP or base station defined by 3GPP; the security context may be transmitted at step 1060 together with the Master Session Key to be generated in step 1055) associated with a previously-authenticated session of a UE authenticated for a second network based on the key name and the integrity protected message (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; the second part pertains to a second access technology in the UE obtaining part of the security context established through the first access technology to authenticate with the core network; paragraph 114, communication device 2 generates and transmits a response containing the Fast Re-authentication ID, secret key and counter; paragraph 119-120, the network authentication entity initiates Fast Re-authentication procedure from a UE by first determining whether the message contains a flag on the origin of the Fast Re-authentication ID; the network authentication entity then determines the origin of the Fast Re-authentication ID; if the flag indicates that the origin of Fast Re-authentication ID belongs to communication device, then the network authentication entity proceeds to step 1045 to simply update a communication context such as the counter in the security context; if the flag indicates that the origin of the Fast Re-authentication ID does not belong to the communication device, the network authentication entity proceeds to step 1050; therefore, as “Fast Re-authentication ID” determines a security context, it can be considered a “key name”; paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)); and
	authenticating a session based on a session key and the integrity protected message (paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the fast re-authentication initiation teachings of Wang with the reusing authentication information of a first network for a second network teachings of Ha, in order to create a system with the benefit that communication devices in a UE can share security context to authenticate with the core network, which reduces the steps for a UE to authenticate with the core network when one of the communication devices has previously performed a full authentication with the core network, and with the further advantage that the authentication process is improved as the number of interactions is required between the UE and core network is substantially reduced (Wang, paragraph 8).
	Neither Ha nor Wang explicitly teaches receiving an integrity protected message generated by the EU using a key associated with the key name; and
	authenticating a session between the UE and the first network based the re-authorization MSK.
	However, Wienzek teaches the concept of receiving an integrity protected message generated by a UE using a key associated with a key name (abstract, fast re-authentication for network handover using Extensible Authentication Protocol (EAP); page 6-7 section 3.2, mobile node (MN) provides ReAuthTicket comprising MN_ID and HMACnMK(PublnAR); last component is hashed message authentication code (HMAC) computed over PublnAR and seeded with nMK; nMK is randomly chosen master key; MN_ID is the ID of the MN and is used to bind nMK to that particular MN); and
	authenticating a session between the UE and a first network based on a re-authorization MSK (page 7-8 section 3.2, a successful verification of the HMAC proves that the issuer of the ReAuthTicket knows nMK; MN is successfully authenticated).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the keyed HMAC teachings of Wienzek with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, in order to provide additional security strength to an authentication protocol by generating a MAC with the added entropy of the master key, allowing proof of possession of the master key as well as making the MAC more difficult to spoof or reproduce by an unauthorized party.

Regarding Claim 9:
Ha in view of Wang and Wienzek teaches the non-transitory computer-readable storage medium of claim 8.  In addition Wang teaches wherein, prior to receiving the re-authentication initiate request, the UE was authenticated for the second network to yield the previously-authenticated session between the UE and a second network node associated with the second network (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; paragraph 105, communication device 1 authenticates with core network to obtain security context; security context includes Fast Re-authentication ID; paragraph 106, communication device 1 saves Fast Re-authenticaiton ID), the UE being authenticated based on the key name (paragraph 108, communication device 2 uses Fast Re-authentication ID to authenticate with core network).
The rationale to combine Ha and Wang is the same as provided for claim 8 due to the overlapping subject matter between claims 8 and 9.

Regarding Claim 12:
Ha in view of Wang and Wienzek teaches the non-transitory computer-readable storage medium of claim 8.  In addition, Wang teaches wherein the first network and the second network share an administrative domain or belong to a same enterprise (paragraph 4, trusted Wi-Fi access refers to the case where the Access Point for the user equipment to connect to is deployed by the 3GPP cellular network telecommunications operator themselves, i.e. “belong to the same enterprise”).
The rationale to combine Ha and Wang is the same as provided for claim 8 due to the overlapping subject matter between claims 8 and 12.

Regarding Claims 1, 5:
	These are the broader computer-implemented method claims corresponding to the non-transitory computer-readable storage medium of claims 8, 12, respectively, and are therefore rejected for corresponding reasons.

Regarding Claim 2:
Ha in view of Wang and Wienzek teaches the computer-implemented method of claim 1.  In addition, Wang teaches wherein, prior to receiving the re-authentication initiate request, the UE was authenticated for the second network to yield the previously-authenticated session between the UE and a second network node associated with the second network (paragraph 96, unified authentication framework consists of two parts 510 and 520; the first part 510 pertains to a first access technology in a UE authenticating with the core network to obtain certain security context; paragraph 105, communication device 1 authenticates with core network to obtain security context; security context includes Fast Re-authentication ID; paragraph 106, communication device 1 saves Fast Re-authentication ID), the UE being authenticated based on the key name and the integrity protected message (paragraph 108, communication device 2 uses Fast Re-authentication ID to authenticate with core network; paragraph 207-208, UE receives message comprising MAC from network authentication entity and authenticates entity by verifying correctness of MAC by decrypting elements of message and regenerating MAC with secret key (SK)).
The rationale to combine Ha and Wang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.

Regarding Claim 15:
Ha teaches a system, comprising: 
one or more processors (paragraph 38-39, processor, memory storing instructions); and 
memory including instructions that, when executed by the one or more processors, cause the one or more processors to (paragraph 38-39, processor, memory storing instructions): 
store, at an authentication server, a key name, the key name associated with a successful authentication of a user equipment (UE) for a first network to yield an authenticated session between the UE and a first network node, the first network comprising a 5G network or a Wi-Fi network (abstract, method of establishing a connection with a core network supporting a plurality of access networks through a first network, and reusing authentication and/or allocated resource information for a second network; paragraph 76-78, UE requests service to 5G base station (5GBS) (i.e. “second network”) and is identified using GUTI and assigned tunnel endpoint identifier (TEID); universal control entity (UCE) manages session creation and transfers ID information to CGW; paragraph 81-84, UE makes request to WiFi base station (WiFiBS) (i.e. “first network”) to create session using GUTI (i.e. “key name”); WiFiBS includes GUTI included in request and MAC of UE in session creation request message and transmits to UCE); 
receive, from a second network node associated with a second network, an initiate message comprising the key name, the initiate message requesting authentication of the UE for the second network based on the key name, the second network comprising a different one of the 5G network or the Wi-Fi network (paragraph 82-83, WiFiBS transmits session creation request to UCE including GUTI; paragraph 63-65, UCE includes authentication manager and resource manager; authentication manager generates and transmits temporary identifier to UE when UE requests signaling connection through first access network; when session creation request including temporary ID is received from UE through second access network, authentication manager authenticates UE using temporary ID; temporary ID may be GUTI); and 
authenticate the second network node based on the key name, wherein authenticating the second network node comprises reusing a security context from the successful authentication of the UE for the first network for a handover from the first network to the second network (paragraph 70, 71, UCE transmits information for UE to generate authentication key; index information shared between UCE and UE allows UE to cipher information using cipher keys shared between UCE and UE using index information; paragraph 93, during a handover between different access networks, it is possible to minimize a delay occurring due to re-authentication and continue a session which has been underway before the handover without changing an address; further, even when access networks differ from each other, it is possible to reuse authentication information for a previous access network without additional authentication).
Ha does not explicitly teach storing, at the authentication server, a security context; and
wherein the initiate message is a re-authentication initiate message comprising an integrity protected message.
However, Wang teaches the concept of storing, at an authentication server, a security context (paragraph 118, network authentication entity generates a security context including Fast Re-authentication ID, and saves a copy of the security context in a database of the network authentication entity); and
wherein an initiate message is a re-authentication initiate message comprising an integrity protected message (paragraph 89, Fast re-authentication procedure; paragraph 116, network authentication entity receives request from UE and determines whether request is for authentication or fast re-authentication; paragraph 31, re-authentication request message comprises message authentication code (MAC)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine to combine the fast re-authentication initiation teachings of Wang with the reusing authentication information of a first network for a second network teachings of Ha, in order to create a system with the benefit that communication devices in a UE can share security context to authenticate with the core network, which reduces the steps for a UE to authenticate with the core network when one of the communication devices has previously performed a full authentication with the core network, and with the further advantage that the authentication process is improved as the number of interactions is required between the UE and core network is substantially reduced (Wang, paragraph 8).
Neither Ha nor Wang explicitly teaches the integrity protected message generated by the EU using a key associated with the key name.
However, Wienzek teaches the concept of receiving, from a second network node associated with a second network, an integrity protected message generated by a UE using a key associated with a key name (page 6-7 section 3.2, old access router (AR) receives AuthTicket from mobile node MN comprising MN_ID and nMK, protected with key SK, and forwards Ticket to new AR over secured channel to new AR; information protected using session key SK; new AR uses SK to verify MN_ID matches MN_ID received from MN; message is therefore integrity protected, as any change to the encrypted message will result in the resulting values not matching).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the integrity protected message teachings of Wienzek with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, in order to provide additional security strength to an authentication protocol by generating a message with the added entropy of a secret key, allowing proof of possession of the secret key as well as making the integrity protected message more difficult to maliciously alter by an unauthorized party without detection.

Regarding Claim 16:
Ha in view of Wang and Wienzek teaches the system of claim 15.  In addition, Ha teaches wherein the first network is the Wi-Fi network and the second network is the 5G network (paragraph 93, handover between different access networks; paragraph 47, access networks includes 5G base station and WiFi base station; networks can be seen as interchangeable; therefore, the first network is either of Wi-Fi or 5G, and vice-versa).

Regarding Claim 17:
Ha in view of Wang and Wienzek teaches the system of claim 15.  In addition, Ha teaches wherein the first network is the 5G network and the second network is the Wi-Fi network (paragraph 93, handover between different access networks; paragraph 47, access networks includes 5G base station and WiFi base station; networks can be seen as interchangeable; therefore, the first network is either of Wi-Fi or 5G, and vice-versa).

Regarding Claim 18:
Ha in view of Wang and Wienzek teaches the system of claim 15.  In addition, Wang teaches wherein the first network and the second network share an administrative domain or belong to a same enterprise (paragraph 4, trusted Wi-Fi access refers to the case where the Access Point for the user equipment to connect to is deployed by the 3GPP cellular network telecommunications operator themselves, i.e. “belong to the same enterprise”).
The rationale to combine Ha and Wang is the same as provided for claim 15 due to the overlapping subject matter between claims 15 and 18. 

Claims 3-4, 10-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang and Wienzek, and further in view of Bhandaru et al (PGPUB 2018/0115424).

Regarding Claim 10:
Ha in view of Wang and Wienzek teaches the non-transitory computer-readable storage medium of claim 8.
Neither Ha nor Wang nor Wienzek explicitly teaches wherein instructions to authenticate the session further comprising instructions to: 
send, by the network node, a response to the UE that the network node has the re- authentication MSK; 
generate, by the network node, a first temporal key and receiving a generated second temporal key from the UE; and 
confirm the first temporal key and second temporal key match.
However, Bhandaru teaches the concept of sending, by a network node, a response to a UE that the network node has the re-authentication MSK (paragraph 49-50, EAP-RP frame sent to AP which is to be sent to serer; AP sends EAP-RP frame to server and receives EAP-RP secret key (e.g. master session key); paragraph 52, AP derives key, e.g. pairwise transient key (PTK) using EAP-RP secret key (i.e. MSK); paragraph 53, AP generates key confirmation element of an AP that includes key authorization field generated using derived key; paragraph 54, AP transmits second frame including key confirmation element to electronic device STA; paragraph 58, STA performs key confirmation by comparing key authorization field with key authorization verifier constructed by STA);
generating, by the network node, a first temporal key and receiving a generated second temporal key from the UE (paragraph 57, STA derives pairwise transient key PTK; paragraph 60, STA generates key confirmation element of STA that includes key authorization field based on derived key; key authorization field can be considered second temporal key; paragraph 61, STA transmits the third frame including key confirmation element to AP; paragraph 64, AP constructs key authorization verifier using same elements as STA); and
confirming the first temporal key and second temporal key match (paragraph 64, if key authorization field received from STA matches key authorization verifier constructed by AP, key confirmation is successfully performed).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the verifying the temporal keys teachings of Bhandaru with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang and Wienzek, in order to provide cryptographic verification between a sending and receiving device that both devices were authentic and in possession of the same keys based on cryptographically secure methods such as use of elements signed or generated using the corresponding keys.

Regarding Claim 11:
Ha in view of Wang, Wienzek, and Bhandaru teaches the non-transitory computer-readable storage medium of claim 10.  In addition, Bhandaru teaches wherein the first temporal key and the generated second temporal key are independently generated based on the session key (paragraph 57, STA derives pairwise transient key PTK; paragraph 60, STA generates key confirmation element of STA that includes key authorization field based on derived key; key authorization field can be considered second temporal key; paragraph 61, STA transmits the third frame including key confirmation element to AP; paragraph 64, AP constructs key authorization verifier using same elements as STA).
The rationale to combine Ha and Bhandaru is the same as provided for claim 10 due to the overlapping subject matter between claims 10 and 11.

Regarding Claims 3-4:
	These are the computer-implemented method claims corresponding to the non-transitory computer-readable storage medium of claims 10-11, respectively, and are therefore rejected for corresponding reasons.

Claims 6, 13, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang and Wienzek, and further in view of Wifvesson (PGPUB 2020/0059783).

Regarding Claim 13:
Ha in view of Wang and Wienzek teaches the non-transitory computer-readable storage medium of claim 8.
Neither Ha nor Wang nor Wienzek explicitly teaches wherein the re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request.
However, Wifvesson teaches wherein a re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request (paragraph 15, RFC 6696 specifies EAP extension for EAP re-authentication protocol (ERP); paragraph 83, wireless terminal UE includes UE capability indication for support of ERP in a 5G Attach Request message).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine ERP support teachings of Wifvesson with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang and Wienzek, in order to support the EAP re-authentication protocol as specified in RFC 6696 in a 5G authentication system, thereby providing the benefit of faster re-authentication, as per Wifvesson paragraph 16.

Regarding Claim 6:
	This is the computer-implemented method claim corresponding to the non-transitory computer-readable storage medium of claim 13, and is therefore rejected for corresponding reasons.

Regarding Claim 19:
Ha in view of Wang and Wienzek teaches the system of claim 15.
Neither Ha nor Wang nor Wienzek explicitly teaches wherein the re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request.
However, Wifvesson teaches wherein a re-authentication initiate message is an Extensible Authentication Protocol Re-Authentication Protocol (EAP-RP) re-authentication initiate request (paragraph 15, RFC 6696 specifies EAP extension for EAP re-authentication protocol (ERP); paragraph 83, wireless terminal UE includes UE capability indication for support of ERP in a 5G Attach Request message).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine ERP support teachings of Wifvesson with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang and Wienzek, in order to support the EAP re-authentication protocol as specified in RFC 6696 in a 5G authentication system, thereby providing the benefit of faster re-authentication, as per Wifvesson paragraph 16.

Claims 7, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ha in view of Wang, Wienzek, and Wifvesson, and further in view of Lee et al (PGPUB 2016/0134610).

Regarding Claim 14:
Ha in view of Wang, Wienzek, and Wifvesson teaches the non-transitory computer-readable storage medium of claim 13.
Neither Ha nor Wang nor Wienzek nor Wifvesson explicitly teaches wherein the EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP-Tunneled TLS (EAP-TTLS).
However, Lee teaches the concept wherein an EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS) (paragraph 46, wireless station includes re-authentication component; in some examples, re-authentication may include EAP re-authentication; paragraph 47, key hierarchy is EAP-RP hierarchy; paragraph 48, root key of the key hierarchy includes extended master session key; EMSK named using EAP Session-ID based on method being used, e.g. EAP-TLS).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the EAP-TLS support teachings of Lee with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, Wienzek, and Wifvesson, in order to improve the security of the EAP-RP process by incorporating the well-known cryptographic security features which are part of Transport Level Security (TLS), including robust transport encryption thereby ensuring confidentiality.

Regarding Claim 7:
	This is the computer-implemented method claim corresponding to the non-transitory computer-readable storage medium of claim 14, and is therefore rejected for corresponding reasons.

Regarding Claim 20:
Ha in view of Wang, Wienzek, and Wifvesson teaches the system of claim 19.
Neither Ha nor Wang nor Wienzek nor Wifvesson explicitly teaches wherein the EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS).
However, Lee teaches the concept wherein an EAP-RP re-authentication initiate request implements one or more EAP extensions suitable for wireless networks including EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), or EAP- Tunneled TLS (EAP-TTLS) (paragraph 46, wireless station includes re-authentication component; in some examples, re-authentication may include EAP re-authentication; paragraph 47, key hierarchy is EAP-RP hierarchy; paragraph 48, root key of the key hierarchy includes extended master session key; EMSK named using EAP Session-ID based on method being used, e.g. EAP-TLS).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the EAP-TLS support teachings of Lee with the reusing authentication information of a first network for a second network teachings of Ha in view of Wang, Wienzek, and Wifvesson, in order to improve the security of the EAP-RP process by incorporating the well-known cryptographic security features which are part of Transport Level Security (TLS), including robust transport encryption thereby ensuring confidentiality.

Response to Arguments
Applicant's arguments filed 6/27/2022 have been fully considered but they are not persuasive. 

Regarding the rejection of claims under 35 USC 103:
Applicant’s arguments: The UE requesting service disclosed in these paragraphs however states nothing associated with the initiate request including a key name associated with a previously-authenticated session of the UE at a second network and an integrity protected message generated by the EU using a key associated with the key name. The integrity protected message as it is defined in the claim relates it to the previously-authenticated session of the UE. There is no suggestion that the UE request includes such a feature. Next, the Office Action on page 4 does conceded that H does not disclose that the initiate request is a "re-authentication" initiate request and cites Wang for filling in the missing disclosure.

Examiner’s response: However, Ha does teach the initiate request including a key name associated with a previously-authenticated session of the UE at a second network.  Ha teaches the request includes a GUTI, which is an identifier used to associate the device across networks (paragraph 76-78, 81-84).  The key name need not identify the key specifically; the claim merely requires use of a key “associated with” the key name.  For instance, the name of a security context which includes keys could be seen as a “key name”, or any identifier, such as a session identifier.  The only element missing from Ha is receiving an integrity protected message, generated using a key associated with a key name.  However, a new ground(s) for rejection is provided above which does teach this additional subject matter, as added by amendment.
Examiner further notes that the integrity protected message as it is defined in the claim only relates to the previously-authenticated session due to being generated by a key which is “associated with” a key name which is “associated with” a previously-authenticated session.  As there is no subject matter related to generating the key name nor how frequently the key is generated, there is nothing in the claim which indicates that the integrity protected message is related to the previously-authenticated session.

Applicant’s arguments: The analysis however is unpersuasive for the following reasons. Claim 8 recites that the system will receive, from the authentication server, a re-authentication master session key (MSK) associated with the previously-authenticated session of the UE authenticated for the second network based on the key name and the integrity protected message and authenticate a session between the UE and the first network based the re-authorization MSK and on a session key generated by the UE and associated with the key name and the integrity protected message. The claim requires a session with the second network and then the first network. The transition from the second network to the first network and the authentication of a session between the UE and the first network is of course part of the claim. The weakness in the analysis is that Wang does not involve the concept recited in claim 8 of authenticating a session between the UE and the first network based the re-authorization MSK and on a session key generated by the UE and associated with the key name and the integrity protected message. There is not handoff concept in Wang.

Examiner’s response: Examiner disagrees.  Wang is directed to fast re-authentication using authentication information from one network technology, e.g. 3GPP, to authenticate to another network technology, e.g. WiFi (e.g. paragraph 19-20, 92-93).  This can effectively be seen as a handoff between different networks.  The only element missing from Ha and Wang, as argued above, is authenticating the session between the UE and the first network based on the “re-authorization” MSK.  However, a new ground(s) for rejection is provided above which does teach this amended subject matter.

Applicant’s arguments: Indeed, paragraph [0010] of Wang defines the "UE" in that case as having a first communication device and a second communication device. The "fast re-authentication procedure" of Wang does not involve a handoff from one network to another but rather involves using a security context for one of the communication devices of the UE to do a "fast re- authentication" of the other communication device of the same UE. Both communication devices are described as communicating with "the core network" in Wang. In cited paragraph 96, it is suggested that the first part 510 and the second part 520 might relate to the two networks recited in claim 8. However, that is not the case, these two parts are the two communication devices on the same UE. The both communicate with the same "core network."
Thus, if the references were combined "according to their established functions" as is required in an obviousness analysis, the features of claim 8 would not be achieved. This is because Wang's teachings would enable a single UE with a first communication device and a second communication device to get the security context for the first communication device to communicate with the core network to be used to do a fast re-authentication for the second communication device of the UE to be able to communicate with the core network. This has nothing to do with a handoff or a transition from one network to another. Wang would help a UE from Ha that has a first communication device and a second communication device as part of the same UE to be authenticated for communication with the network. The law on obviousness requires the analysis to not cause the person considering the combination of references to force or invent changes in the teachings of the art to match the claims. This is why the teachings of the prior art are combined according to their established functions because on of skill in the art not knowing the invention does not have the benefit of the goal as defined by the claims. 
 In this case, the "fast re-authentication initiation" teachings of Wang have nothing to do with a handoff scenario and thus it would not be obvious to incorporate similar teachings from Wang and morph those teachings into Ha as defined by the claims. Applicant submits that the analysis in the Office Action almost makes the point. The conclusion in the analysis is that the benefit of this blending of the teachings would be "that communication devices in a UE can share security context to authenticate with the core network". This is an accurate statement. But that defines what Wang brings to the analysis which is not a handoff scenario as it is defined in claim 8. In other words, enabling the two "communication devices" of the UE in Wang to share a security context in order to enable them to perform a "fast re-authentication" of the second communication device does nothing to help transition from one network to another.

Examiner’s response: Wang’s UE is using two separate communication devices to communicate through two separate networks involving different network technologies to connect to a core network.  Applicant’s invention is using a user device to communicate through a first and second network involving different network technologies to connect to an authentication server associated with both networks.  If the “core network” of Wang indicates that all the involved devices must be part of a single network, then Applicant’s invention similarly involves a single “core network”.  Examiner does not believe this is the case for either Applicant’s invention or Wang.  Furthermore, Wang, paragraph 160 and corresponding Fig. 15, clearly show the UE communicating with the network authentication entity through a cellular base station and/or Wi-Fi AP.
Examiner further notes that Applicant’s claims do not appear to be directed to the concept of Handoff or handover; the claims merely recite a re-authentication process.  According to Applicant’s claims, the UE may remain connected to both networks at once, thus not requiring a handoff or network transition.  As such, there is no need to “morph” the teachings of Ha and Wang to arrive at Applicant’s invention.  Ha and Wang are both directed to authentication with a core network across multiple technologies, as is Applicant’s invention.  The only elements missing from Ha and Wang are the newly amended features, i.e.  “receiving… an integrity protected message generated by the EU using a key associated with the key name”, and “authenticating a session… based on the re-authorization MSK”, as in claim 8.  However, a new ground(s) for rejection is provided above which does teach this newly amended subject matter.

	Applicant’s arguments with regard to independent claims 1 and 15 are similar to those regarding claim 8 and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491