DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Status of Claims
1.	The following is a final office action in response to the applicant arguments/remarks received on 06/27/2022.
2.	Claims 1, 4, 10, 13 and 18 have been amended.	
3.	No new claim(s) has/have been added.
4.	Claims 1 – 20 are currently pending and have been examined.

Response to Arguments
1.	Applicant’s amendment to claims 1 – 20  filed on 06/27/2022 necessitated a new ground(s) of rejection presented in this Office action. The newly amended limitation to the independent claims changed the scope of the claims. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).    

2.	Claim 18: With  regards to ¶ 0076 of the instant specification  “ a computer readable storage medium…” is to be interpreted as “non-transitory” media only, which excludes waves or signal per se. Hence claims 18 - 20 is statutory. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 10-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Senarath et al (2019/0021010) in view of Andrews  et al. (US 2022/0124486 A1).
Regarding claim 1, Senarath et al teaches a method (see figure 23) comprising: 
procedure (551, 550, 554) of receiving, via (550), by a slicing security management system ((250B, 250A, 573), figure 11)) comprising a processor (“processor” [0010]) , from an application (“application (App”, [0058]) executing on a device “UE”, [0058]), a request (comprising user requirements “business/customer requirements”, [0073]) to initiate a communications session (referred by “traffic”, [0058]) between the application and an application server (“Application Server 200”, [0058]), (see figures 11, and 15, and “Users and service providers create a Service Level Agreement (SLA) to specify the network performance required to meet the user requirements of the user's traffic”, [0003], “ An end-to-end network slice facilitates business service by allocating the network resources in the network slice based on the user requirements specified by the customer's Service Level Agreement (SLA)”, [0058], “The topology of the network functions is determined when devices attach to the NSI 30 (via RAN 84)”, [0060], “ CSNF 550 which receives business/customer requirements”, [0073], and “The Consumer 563 communicates with the BSS 250B”, [0136]));
procedure (551, 550, 554) of receiving, by (551) of the slicing security management system, information (“capabilities exposure “, [0074]) about the communications session (see [0074]); and 
procedure ((551, 550, 554)) of triggering, by  (554) of the slicing security management system, separate notification flows (referred by  “subnet requirements”, [0073]) to provide each element ((referred by “NSSMFs 555, 590”, [0073])) participating in the communications session with sub slices (each sub-slice referred by a network subs-slices instance ((565), figure 11)) and security credentials (“Security”, [0127]) to be used during the communications session, (see [0044, 0069, 0073, 0100-0106, 0120, 0127]),
wherein each of the sub slices to be used during the communications session utilizes a  [¶ 0068 suggests:  “A NSSI is a set of network functions and network function resources that can be combined and managed by the Network Sub-Slice Management Function (NSSMF)” followed by ¶ 0072 which  discloses: “In some embodiments the NSMF 554 is configured to receive network slice requirements, receive sub-slice capability exposure information, and transmit network sub-slice requirements which satisfy the network slice requirements in accordance with the received sub-slice capability exposure information”, [It should be noted in ¶ 133 that capability exposure information includes management capability exposure information and resource capacity exposure information] , next ¶ 0073 discloses “each NSSMF 555, 590 can aggregate capabilities from a number of element managers (EMs) to provide the capabilities for the network slice instance under control of the NSSMF. For example resource capacity exposure information can include: … RAN resources (e.g., bandwidth and coverage)”, it is well known in the art that bandwidth is defined as a range of frequencies within a given band that is used to transmit a signal) and [0120, 0127]  further discloses: “the NSST can include a combination of parameters selected from (a non-exhaustive list): … Security”,),
Senarath discloses  every aspect of claim 1 except explicitly disclosing: wherein each of the sub slices to be used during the communications session utilizes a different frequency range, and wherein each of the sub slices to be used during the communications session is associated with a different one of the security credentials, however such differences is seen in the reference of Andrews, see ¶ 0050 – 0052, that is each network slice is assigned a particular  portion of the spectrum during a particular communication session, ¶ 0014 clearly states that the network slice is based upon a particular security credential. One will noticed that the word sub slice(s) is not present in the reference of Andrews, and only the word slice. However a person having ordinary skill in the art would recognize that the claim set forth above is using the idea which is already known to be applicable to  slices (difference frequency range and different security credentials)  be applied for sub slices. In other words if the sub slices were further sub divided and one apply the concept of what is already done for slices would also be obvious to one having ordinary skill in the art. The above analogy falls under the rational  “Applying a known technique to a known device (method or product) ready for improvement to yield predictable results”. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art.

 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Senarath’s system in view of Andrews. The motivation for making the above modification would have been to implement a secure network slice orchestration system [¶ 0019 of Andrew]. 

-Regarding claim 2, Senarath et al  teaches that receiving, by the slicing security management system, the information about the communications session comprises receiving, by the slicing security management system, a Network Slice Subnet Template (“NSST”, [0073]) comprising an application type of the application (“Network slice type”, [0121], “Network slice subnet type”, [0122]), an expected duration of the communications session (“Service duration”, [0130]), a sensitivity of the application (“Isolation”, [0128]), an expected traffic volume associated with the communications session (“Data exposure”, [0129]) , or a quality of service requirement (“Supported QoS level per session”, [0126]), (see [0073, 0120-0130]).
-Regarding claim 3, Senarath et al  teaches that receiving, by the slicing security management system, the information about the communications session comprises receiving, by the slicing security management system, the information about the communications session from a radio access network (referred by a network sub-slice/sub-slice instance  (e.g., “RAN NSS Geo-A 112A”, [0068]), via a corresponding element (“NSSMFs 555, 590”, [0073]), (see [0044, 0068, 0073]).
-Regarding claim 10, Senarath et al teaches a slicing security management system ((250B, 250A, 573), figure 11)) comprising: a processor (“processor” [0010]); and a memory (“memory” [0010]) having instructions (“instructions” [0010]) stored thereon that, when executed by the processor, cause the processor to perform operations comprising 
procedure (551, 550, 554) of receiving, via (550), by a slicing security management system ((250B, 250A, 573), figure 11)), comprising a processor (“processor” [0010]), from an application (“application (App”, [0058]) executing on a device “UE”, [0058]), a request (comprising user requirements “business/customer requirements”, [0073]) to initiate a communications session (referred by “traffic”, [0058]) between the application and an application server (“Application Server 200”, [0058]), (see figures 11, and 15, and “Users and service providers create a Service Level Agreement (SLA) to specify the network performance required to meet the user requirements of the user's traffic”, [0003], “ An end-to-end network slice facilitates business service by allocating the network resources in the network slice based on the user requirements specified by the customer's Service Level Agreement (SLA)”, [0058], “The topology of the network functions is determined when devices attach to the NSI 30 (via RAN 84)”, [0060], “ CSNF 550 which receives business/customer requirements”, [0073], and “The Consumer 563 communicates with the BSS 250B”, [0136]));
procedure (551, 550, 554) of receiving, by (551) of the slicing security management system, information (“capabilities exposure “, [0074]) about the communications session (see [0074]); and 
procedure ((551, 550, 554)) of triggering, by  (554) of the slicing security management system, separate notification flows (referred by  “subnet requirements”, [0073]) to provide each element ((referred by “NSSMFs 555, 590”, [0073])) participating in the communications session with sub slices (each sub-slice referred by a network subs-slices instance ((565), figure 11)) and security credentials (“Security”, [0127]) to be used during the communications session, (see [0044, 0069, 0073, 0100-0106, 0120, 0127]),
wherein each of the sub slices to be used during the communications session can utilize a, in the manner that each of the sub slices to be used during the communications session utilizes a frequency range based on an individual subnet requirement (referred to  “subnet requirements”, [0073]) from an corresponding element ((referred by “NSSMFs 555, 590”, [0073])), the  individual subnet requirement being in accordance with the sub slice’s capability which can include a particular/different frequency range (“bandwidth and coverage”, [0073]) and a particular/different security credential (“security”, [0127]), (see “A NSSI is a set of network functions and network function resources that can be combined and managed by the Network Sub-Slice Management Function (NSSMF)”, [0068], “In some embodiments the NSMF 554 is configured to receive network slice requirements, receive sub-slice capability exposure information, and transmit network sub-slice requirements which satisfy the network slice requirements in accordance with the received sub-slice capability exposure information”, [0072], “each NSSMF 555, 590 can aggregate capabilities from a number of element managers (EMs) to provide the capabilities for the network slice instance under control of the NSSMF. For example resource capacity exposure information can include: … RAN resources (e.g., bandwidth and coverage)”, [0073]) and “the NSST can include a combination of parameters selected from (a non-exhaustive list): … Security”, [0120, 0127]), wherein as such, for each of the sub slices the frequency range can be  a different frequency range, and the security credential be a different one of the security credentials, (see “the NSMF 554 can transmit subnet requirements on a network slice instance basis, which can differ between different NSSMFs”, [0073], and “the NSST … on a per subnet (i.e., sub-slice) basis”, [0120]).

Senarath discloses  every aspect of claim 10 except explicitly disclosing: wherein each of the sub slices to be used during the communications session utilizes a different frequency range, and wherein each of the sub slices to be used during the communications session is associated with a different one of the security credentials, however such differences is seen in the reference of Andrews, see ¶ 0050 – 0052, that is each network slice is assigned a particular  portion of the spectrum for a particular communication session, ¶ 0014 clearly states that the network slice is based upon a particular security credential. One will noticed that the word sub slice(s) is not present in the reference of Andrews, and only the word slice. However a person having ordinary skill in the art would recognize that the claim set forth above is using the idea which is already known to be applicable to  slices (difference frequency range and different security credentials)  be applied for sub slices. In other words if the sub slices were further sub divided and one apply the concept of what is already done for slices would also be obvious to one having ordinary skill in the art. The above analogy falls under the rational  “Applying a known technique to a known device (method or product) ready for improvement to yield predictable results”. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art.

 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Senarath’s system in view of Andrews. The motivation for making the above modification would have been to implement a secure network slice orchestration system [¶ 0019 of Andrews]. 

-Claim 11 is rejected with similar reasons for claim 2.
-Claim 12 is rejected with similar reasons for claim 3.

Claim 4, Andrews further discloses: The method of claim 1, further comprising providing, by the slicing security management system, a radio access network and the application with [[a]] the different frequency range and the different one of the security credentials to be used for each of the sub slices to be used during the communications session. see ¶ 0050 – 0052, that is each network slice is assigned a particular  portion of the spectrum for communication with regards to a particular communication session, ¶ 0014 clearly states that the network slice is based upon a particular security credential for a particular communication session. See claim 1 for motivation.

-Claim 13 is rejected with similar reasons for claim 4.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.







4.	Claims 5-8, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Senarath et al in view of Andrew et al, and further in view of Niska (2003/0064725) previously cited.
-Regarding claim 5, Senarath et al in view of Andrew et al  teaches a transport network ((86), figure 16A of Senarath et al)  (being a gateway (“UP Gateway”, [0137]) or Senarath et al) for provide connectivity functions of connection between the radio access network ((84), figure 16A of Senarath et al) and with core network ((88), figure 16A of Senarath et al), (see [0173] of Senarath et a), wherein  the transport network is represented by a sub-slice instance (“Network slice subnet instance”, [0044] of Senarath et al) having resources  for the network functions, the resources being configured  with configurations (“network subs-slice requirements”, [0100] of Senarath et al)  instructed from the slicing security management system (see [0044] of Senarath et al), (see [0044, 0100] of Senarath et al).  
Senarath et al  and Andrew  does not clearly teach that the method comprises:  instructing, by the slicing security management system, the transport network to configure a first virtual private network router at a first edge between the radio access network and the transport network; and instructing, by the slicing security management system, the transport network to configure a second virtual private network router at a second edge between the transport network and the core network, as claimed.
In analogous art, Niska teaches that a gateway can be implemented a virtual gateway (200) which comprises a first virtual private network router (210b) having its own resource for connectivity functions at a first edge between a network node (25b) and the gateway and a second virtual private network router (210a) have its own resource for connectivity functions at a second edge between the gateway and another network node (20a) (see figure 3 and [0032]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, Andrew et al  and Niska, to implement Senarath et al  in view of Andrew et al , as taught by Niska, in such a way that since Senarath et al  in view of Andrew et al  does not teach in detail on how the transport network as a gate way is physically implemented, the transport network would be implemented as a virtual gateway comprising a first virtual private network router with its own resource providing a connectivity  function  at a first edge between the radio access network and the transport network and a second virtual private network router with its own resource providing a connectivity  function at a second edge between the transport network and the core network (as taught by Niska), wherein in the method, the slicing security management system would necessarily  instruct the transport network with the configurations to configure the resource of  the first virtual private network router for the connectivity  function  at the first edge between the radio access network and the transport network; and necessarily instruct the transport network to configure the resource of  the second virtual private network router for the connectivity  function  at the second edge between the transport network and the core network.  One skilled in the art would be motivated to make such combination because by doing so, the transport network would be physically obtained as required in the method for providing the connectivity functions.
-Regarding claim 6, Senarath et al  in view of Andrew et al  and Niska teaches that the  connectivity function of the first virtual private network router and the connectivity function of the second virtual private network router provide a virtual private network tunnel (represented by  the respective first virtual private network router or second virtual private network route)  for each of the sub slices (respectively representing the radio access network and the core network) (see [0049] of Senarath et al).
-Regarding claim 7, Senarath et al  in view of Andrew et al  and Niska teaches that the slicing security management system acts as a control manager, wherein the method comprises instructing, by the slicing security management system, the core network  a network sub-slice management function ((555), figure 11 of Senarath et al ) of the slicing security management system to instantiate a virtual machine ((257), figure 11 of Senarath et al) for each sub-slice ((NSSI), figure 11 of Senarath et al) of the sub slices (see [0069] of Senarath et al).
One skilled in the art would be motivated to make such combination because by doing so, the core network would be enhanced with capability of central management provided by the slicing security management system.
-Regarding claim 8, Senarath et al  in view of Andrew et al  and Niska teaches that the slicing security management system acts as a manager ((551), figure 11 of Senarath et al ) instantiating a network slice ((573), figure 11 of Senarath et al)  of service provided via the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session.
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, andrew et al  and Niska.  One skilled in the art would be motivated to make such combination because by doing so, the slicing security management system would be enhanced with capability of synchronizing, by the slicing security management system, information of the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session.

-Regarding claim 14, Senarath et al in view of Andrew et al  teaches a transport network ((86), figure 16A of Senarath et al)  (being a gateway (“UP Gateway”, [0137]) or Senarath et al) for provide connectivity functions of connection between the radio access network ((84), figure 16A of Senarath et al) and with core network ((88), figure 16A of Senarath et al), (see [0173] of Senarath et a), wherein  the transport network is represented by a sub-slice instance (“Network slice subnet instance”, [0044] of Senarath et al) having resources  for the network functions, the resources being configured  with configurations (“network subs-slice requirements”, [0100] of Senarath et al)  instructed from the slicing security management system (see [0044] of Senarath et al), (see [0044, 0100] of Senarath et al), and wherein resultedly, the transport network provides a virtual private network tunnel for each of the sub slices (respectively presenting and belonged to the radio access network and the core network) (see [0049] of Senarath et al).
Senarath et al  and Andrew et al  does not clearly teach that the operations comprise:  instructing the transport network to configure a first virtual private network router at a first edge between the radio access network and the transport network; and instructing, the transport network to configure a second virtual private network router at a second edge between the transport network and the core network, wherein the connectivity function of the first virtual private network router and the connectivity function of the second virtual private network router provide the virtual private network tunnel for each of the sub slices, as claimed.
In analogous art, Niska teaches that a gateway can be implemented a virtual gateway (200) which comprises a first virtual private network router (210b) having its own resource for connectivity functions at a first edge between a network node (25b) and the gateway and a second virtual private network router (210a) have its own resource for connectivity functions at a second edge between the gateway and another network node (20a), wherein the connectivity function of the first virtual private network router and the connectivity function of the second virtual private network router provide a virtual private network tunnel (represented by  the respective first virtual private network router or second virtual private network route)  for the respective network nodes,  (see figure 3 and [0032]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, Andrew et al  and Niska. One skilled in the art would be motivated to make such combination because by doing so, the transport network would be physically obtained as required in the method for providing the connectivity functions.
-  Claim 15 is analyzed with respect to claim 6.
-  Claim 16 is analyzed with respect to claim 8.

5.	Claims 9 and 17  – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Senarath et al previously cited in view Lehane et al (2012/0278430), Niska (2003/0064725)  and  Andrew et al, previously cited. 
-Regarding claim 18, Senarath et al teaches a computer-readable storage medium (“memory” [0010]) having computer-executable instructions (“instructions” [0010]) stored thereon that, when executed by a processor (“processor” [0010]) of a system (comprising (250B, 250A, 573), figure 11))), cause the processor to perform operations comprising: 
procedure (551, 550, 554) of receiving, via (550), by a slicing security management system ((250B, 250A, 573), figure 11)) comprising a processor (“processor” [0010]) , from an application (“application (App”, [0058]) executing on a device “UE”, [0058]), a request (comprising user requirements “business/customer requirements”, [0073]) to initiate a communications session (referred by “traffic”, [0058]) between the application and an application server (“Application Server 200”, [0058]), (see figures 11, and 15, and “Users and service providers create a Service Level Agreement (SLA) to specify the network performance required to meet the user requirements of the user's traffic”, [0003], “ An end-to-end network slice facilitates business service by allocating the network resources in the network slice based on the user requirements specified by the customer's Service Level Agreement (SLA)”, [0058], “The topology of the network functions is determined when devices attach to the NSI 30 (via RAN 84)”, [0060], “ CSNF 550 which receives business/customer requirements”, [0073], and “The Consumer 563 communicates with the BSS 250B”, [0136]));
procedure (551, 550, 554) of receiving, by (551) of the slicing security management system, information (“capabilities exposure “, [0074]) about the communications session (see [0074]); and 
procedure ((551, 550, 554)) of triggering, by  (554) of the slicing security management system, separate notification flows (referred by  “subnet requirements”, [0073]) to provide each element ((referred by “NSSMFs 555, 590”, [0073])) participating in the communications session with sub slices (each sub-slice referred by a network subs-slices instance ((565), figure 11)) and security credentials (“Security”, [0127]) to be used during the communications session, (see [0044, 0069, 0073, 0100-0106, 0120, 0127]).
Senarath et al further teaches that the operations comprise: procedure of providing, by the slicing security management system, a radio access network (referred by a network sub-slice/sub-slice instance  (e.g., “RAN NSS Geo-A 112A”, [0068])), via a corresponding element ( “NSSMFs 555, 590”, [0073]), with the different frequency range (“bandwidth”, 0073])  and the different security credentials (“Security”, [0127]) to be used for each of the sub slices, (see [0068, 0073, 0127]). Senarath et al  further teaches that the slicing security management system acts as a manager ((551), figure 11 of Senarath et al ) instantiating a network slice ((559), figure 11) formed by the sub-slices  in conducting the communications session for the application, (see [0058, 0069]),
in the manner that each of the sub slices to be used during the communications session utilizes a frequency range based on an individual subnet requirement (referred to  “subnet requirements”, [0073]) from an corresponding element ((referred by “NSSMFs 555, 590”, [0073])), the  individual subnet requirement being in accordance with the sub slice’s capability which can include a particular/different frequency range (“bandwidth and coverage”, [0073]) and a particular/different security credential (“security”, [0127]), (see “A NSSI is a set of network functions and network function resources that can be combined and managed by the Network Sub-Slice Management Function (NSSMF)”, [0068], “In some embodiments the NSMF 554 is configured to receive network slice requirements, receive sub-slice capability exposure information, and transmit network sub-slice requirements which satisfy the network slice requirements in accordance with the received sub-slice capability exposure information”, [0072], “each NSSMF 555, 590 can aggregate capabilities from a number of element managers (EMs) to provide the capabilities for the network slice instance under control of the NSSMF. For example resource capacity exposure information can include: … RAN resources (e.g., bandwidth and coverage)”, [0073]) and “the NSST can include a combination of parameters selected from (a non-exhaustive list): … Security”, [0120, 0127]), wherein as such, for each of the sub slices the frequency range can be  a different frequency range, and the security credential be a different one of the security credentials, (see “the NSMF 554 can transmit subnet requirements on a network slice instance basis, which can differ between different NSSMFs”, [0073], and “the NSST … on a per subnet (i.e., sub-slice) basis”, [0120]).
Senarath et al  does not clearly teach whether the operations comprise:  providing the application with a frequency range and the security credentials to be used for each of the sub slices; instructing a transport network operating in communication with the radio access network to configure a first virtual private network router at a first edge between the radio access network and the transport network; instructing the transport network further operating in communication with a core network to configure a second virtual private network router at a second edge between the transport network and the core network; instructing the core network to instantiate a virtual machine for each of the sub slices; synchronizing the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session; and instructing the application to initiate the communications session, as claimed.
In analogous art, Lehane et al  teaches that a manager can be implemented as a central manager (“one or more continuum orchestrators”, [0133]) (represented by (302), figure 3), wherein the central manager (302) can transmit its available information to communication nodes (“components”, [0133]) (represented by nodes (application (referred by UE (202) , RAN (204),  etc.), figure 3) and vice versa, (see figure 3 and [0069, 0070, 0133]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al  and Lehane et al  to implement Senarath et al, as taught by Lehane et al in order to arrive at the claimed feature in such a way that the slicing security management system would also be implemented as a central manager (as taught by Lehane et al), wherein  in the operations, the slicing security management system would exchange/provide the device (representing the application) with the frequency range and the security credentials (as taught by Lehane et al).  One skilled in the art would be motivate to make such combination because by doing so, the slicing security management system would be enhanced as also being a central manager capable of informing the application about the frequency range and the security credentials.
With the implementation, Senarath et al  in view of Lehane et al teaches that the slicing security management system acts as a control manager, wherein the operations comprise:  instructing, by the slicing security management system, a network sub-slice management function ((555), figure 11 of Senarath et al ) of the slicing security management system to instantiate a virtual machine ((257), figure 11 of Senarath et al) for each sub-slice ((NSSI), figure 11 of Senarath et al) of the sub slices (see [0069] of Senarath et al).
Lehane et al  further teaches that a central management “continuum orchestrator 302” can be implemented within a network node “a domain within the continuum 304” as part of a core network, (see “the continuum orchestrator 302 may be part of a domain within the continuum 304”, [0070]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al and Lehane et al , to implement Senarath et al  in view of Lehane, as further taught by Lehane et al, to arrive at the claimed feature in such a way that the slicing security management system would be implemented as part of the core network (as taught by Lehane et al), wherein in the operations, the slicing security management system would instruct the network sub-slice management function ((555), figure 11 of Senarath et al ) of the slicing security management system as a part of the core network to instantiate the virtual machine. One skilled in the art would be motivated to make such combination because by doing so, the core network would be enhanced with capability of central management provided by the slicing security management system.
With the implementation, Senarath et al  in view of Lehane et al  teaches that in the operations, the slicing security management system acts as a manager ((551), figure 11 of Senarath et al ) instantiating a network slice ((573), figure 11 of Senarath et al)  of service provided via the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session.
Lehane et al  further teaches that a  manager “continuum orchestrator” can synchronize information of network nodes “two or more domains” for conducting a communications session “service delivery”, (see [0236]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al and Lehane et al, to implement Senarath et al  in view of Lehane , as further taught by Lehane et al to arrive at the claimed  feature, in such a way that in the operations, the slicing security management system would synchronize information of the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session  (as further taught by Lehane et al).  One skilled in the art would be motivated to make such combination because by doing so, the slicing security management system would be enhanced with capability of synchronizing, by the slicing security management system, information of the radio access network, the transport network, the core network, and the application server in preparation for conducting the communications session.
With the implementation, Senarath et al  in view of Lehane et al further teaches that the operations comprise: instructing, by the slicing security management system (referred by “continuum orchestrator”, [0112] of Lehane et al), the application (referred by the device (“user equipment”, [0106] of Lehane et al) to initiate the communications session (referred by the application’s external communication “user equipment’s external communication capabilities”, [0106] of Lehane et al) with instructions (“domain specific service policies”, [0112] of Lehane et al) sent by the slicing security management system to the application, (see [0106, 0112] of Lehane et al).
Senarath et al in view of Lehane et al also further teaches  a transport network ((86), figure 16A of Senarath et al)  (being a gateway (“UP Gateway”, [0137]) or Senarath et al) for provide connectivity functions of connection between the radio access network ((84), figure 16A of Senarath et al) and with core network ((88), figure 16A of Senarath et al), (see [0173] of Senarath et a), wherein  the transport network is represented by a sub-slice instance (“Network slice subnet instance”, [0044] of Senarath et al) having resources  for the network functions, the resources being configured  with configurations (“network subs-slice requirements”, [0100] of Senarath et al)  instructed from the slicing security management system (see [0044] of Senarath et al), (see [0044, 0100] of Senarath et al). 
In further comparison, Senarath et al  in view of Lehane et al does not clearly teach that the operations comprise:  instructing a transport network operating in communication with the radio access network to configure a first virtual private network router at a first edge between the radio access network and the transport network; instructing the transport network further operating in communication with a core network to configure a second virtual private network router at a second edge between the transport network and the core network, as claimed.
In another analogous art, Niska teaches that a gateway can be implemented a virtual gateway (200) which comprises a first virtual private network router (210b) having its own resource for connectivity functions at a first edge between a network node (25b) and the gateway and a second virtual private network router (210a) have its own resource for connectivity functions at a second edge between the gateway and another network node (20a) (see figure 3 and [0032]).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, Lehane et al  and Niska, to implement Senarath et al  in view of Lehane et al , as taught by Niska, to arrive at the claim feature  in such a way that since Senarath et al  in view of Lehane et al  does not teach in detail on how the transport network as a gate way is physically implemented, the transport network would be implemented as a virtual gateway comprising a first virtual private network router with its own resource providing a connectivity  function  at a first edge between the radio access network and the transport network and a second virtual private network router with its own resource providing a connectivity  function at a second edge between the transport network and the core network (as taught by Niska), wherein in the operations, the slicing security management system would necessarily instruct the transport network with the configurations to configure the resource of  the first virtual private network router for the connectivity  function  at the first edge between the radio access network and the transport network; and necessarily instruct the transport network to configure the resource of  the second virtual private network router for the connectivity  function at the second edge between the transport network and the core network.  One skilled in the art would be motivated to make such combination because by doing so, the transport network would be physically obtained as required in the method for providing the connectivity functions.
Senarath, Lehane and Niska  discloses  every aspect of claim 18 except explicitly disclosing: wherein each of the sub slices to be used during the communications session utilizes a different frequency range, and wherein each of the sub slices to be used during the communications session is associated with a different one of the security credentials, however such differences is seen in the reference of Andrews, see ¶ 0050 – 0052, that is each network slice is assigned a particular  portion of the spectrum for a particular communication session, ¶ 0014 clearly states that the network slice is based upon a particular security credential. One will noticed that the word sub slice(s) is not present in the reference of Andrews, and only the word slice. However a person having ordinary skill in the art would recognize that the claim set forth above is using the idea which is already known to be applicable to  slices (difference frequency range and different security credentials)  be applied for sub slices. In other words if the sub slices were further sub divided and one apply the concept of what is already done for slices would also be obvious to one having ordinary skill in the art. The above analogy falls under the rational  “Applying a known technique to a known device (method or product) ready for improvement to yield predictable results”. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art.

 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Senarath’s system in view of Lehane, Niska and Andrews. The motivation for making the above modification would have been to implement a secure network slice orchestration system [¶ 0019 of Andrews]. 


-Regarding claim 19, Senarath et al  in view of Lehane et al, Nisca and Andrew  teaches that receiving, by the slicing security management system, the information about the communications session comprises receiving, by the slicing security management system, a Network Slice Subnet Template (“NSST”, [0073] of Senarath et al) comprising an application type of the application (“Network slice type”, [0121] of Senarath et al, “Network slice subnet type”, [0122] of Senarath et al), an expected duration of the communications session (“Service duration”, [0130] of Senarath et al), a sensitivity of the application (“Isolation”, [0128] of Senarath et al), an expected traffic volume associated with the communications session (“Data exposure”, [0129] of Senarath et al) , or a quality of service requirement (“Supported QoS level per session”, [0126] of Senarath et al), (see [0073, 0120-0130] of Senarath et al).

-Regarding claim 20, Senarath et al  in view of Lehane et al , Nisca and Andrew teaches that receiving, by the slicing security management system, the information about the communications session comprises receiving, by the slicing security management system, the information about the communications session from a radio access network (referred by a network sub-slice/sub-slice instance  (e.g., “RAN NSS Geo-A 112A”, [0068] of Senarath et al), via a corresponding element (“NSSMFs 555, 590”, [0073] of Senarath et al), (see [0044, 0068, 0073] of Senarath et al).


-Regarding claim 9, In Senarath et al  in view of Andrew et al  and Niska, does not teach that the method comprises: instructing, by the slicing security management system, the application to initiate the communications session, as claimed.
Lehane et al  further teaches that a slicing security management system (referred by “continuum orchestrator”, [0112] of Lehane et al) can instruct an application (referred by the device (“user equipment”, [0106] of Lehane et al) to initiate a communications session (referred by the application’s external communication “user equipment’s external communication capabilities”, [0106] of Lehane et al) with instructions (“domain specific service policies”, [0112] of Lehane et al) sent by the slicing security management system to the application, (see [0106, 0112] of Lehane et al).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, Lehane et al, Niska and Andrew.  One skilled in the art would be motivated to make such combination because by doing so, the slicing security management system would be enhanced with capability of instructing the application to initiate the communications session.

-Regarding claim 17, In Senarath et al  in view of Lehane et al  and Niska, Senarath et al does not teach that the operations comprise: instructing, by the slicing security management system, the application to initiate the communications session, as claimed.
Lehane et al  further teaches that a slicing security management system (referred by “continuum orchestrator”, [0112] of Lehane et al) can instruct an application (referred by the device (“user equipment”, [0106] of Lehane et al) to initiate a communications session (referred by the application’s external communication “user equipment’s external communication capabilities”, [0106] of Lehane et al) with instructions (“domain specific service policies”, [0112] of Lehane et al) sent by the slicing security management system to the application, (see [0106, 0112] of Lehane et al).
Accordingly, it would have been obvious for one skilled in the art before the effective filing date of the invention to have combined Senarath et al, Lehane et al  and Niska, to implement Senarath et al  in view of Lehane and Niska, as taught by Lehane et al, to arrive at the claimed feature in such a way that the operations would comprise:  instructing, by the slicing security management system the application to initiate the communications session with instructions sent by the slicing security management system to the application, (as taught by Lehane et al).  One skilled in the art would be motivated to make such combination because by doing so, the slicing security management system would be enhanced with capability of instructing the application to initiate the communications session.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHARISHI V KHIRODHAR whose telephone number is (571)270-7909. The examiner can normally be reached 6:00 AM - 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PANKAJ KUMAR can be reached on 571-272-3011. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MAHARISHI V. KHIRODHAR
Examiner
Art Unit 2463



/MAHARISHI V KHIRODHAR/Primary Examiner, Art Unit 2463