DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim interpretation – Formal Matters
1.  A double patenting rejection is NOT put forth.

2.  The examiner interprets that the claims are statutory under the requirements and guidelines as set forth in 35 USC 112.  Written support is found and the claims particularly point out the inventive concept(s).

3.  The examiner interprets that the claims are statutory under the requirements and guidelines as set forth in 35 USC 101 (ie. directed to one of the four patent-eligible subject matter categories, no abstract idea, above judicial bar).








Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-6 and 12-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. US 2019/0349200 and further in view of Opsenica et al. US 2018/0310238.
As per claim 1, Wang et al. US 2019/0349200 teaches a system for unified authentication of a user equipment (UE) in a communication network, the system comprising: 
[0005] Implementations of the present specification are intended to provide blockchain data processing methods, apparatuses, processing devices, and systems, each transaction participant can perform identity signature for a related operation in a transaction by using a temporary identity instead of a real identity, and association between a real identity of a transaction participant and the transaction in a blockchain can be removed, thereby effectively ensuring security of the real identity of the transaction participant, improving security of blockchain transaction data, and alleviating association between transactions.

a third party communicatively trusted by and connected to the UE and one or more “participants” (Para #25 teaches that either the users can generate temporary identity information OR they can be generated by another “specified processing device” and then be distributed to the “participants”, which reads on both participants trusting that specified processing device (i.e. it is a trusted thired party).   Furthermore, See Para #40 teaching participants A and B being part of a “consortium” and using Certificates (which are well known to come from a “trusted third arty” Certificate Authority)), the third party configured to: 
[0025] Temporary identity information can usually be generated by a transaction participant, and different transaction participants can independently generate respective temporary identity information. Certainly, in another implementation solution, temporary identity information of all or some of transaction participants can be generated by a specified processing device, and then is distributed to the corresponding transaction participants based on a specific rule. The transaction participant usually is a participant involved in a transaction, for example, participants A and B involved in transaction content. In the present implementation, the transaction participants can further include other agreed participants such as a third party, a guarantor, and a regulator that are not involved in the transaction service content. There can be a plurality of transaction forms for contract creation (formulation) or execution. For example, same contract participants can create different contracts. For example, contract participants A and B can create contract T_C1, and can further create contract T_C2. The same participant can create different contracts with different cooperators. For example, contract participants A and B create contract T_C3, and contract participants A and D can create contract T_C4.
From Para #40:  “..A specific application scenario is shown in FIG. 3. Assume that a target contract involves contract participants A and B.  As members of a consortium blockchain, A and B respectively hold corresponding certificates, and real identity information of A and B is A and B respectively. The certificates can be used to prove that A and B are authorized members of the blockchain, and A and B can create, execute, etc. a contract in the blockchain..”.

obtain identity information indicative of identity of the UE or the “participants” (Para #25 teaches that the participants trust a third party that provides them with temporary identity information, hence the third party inherently must be able to identify the identities of the participants, otherwise it will NOT be a trusted/protected communication.  Also see Para’s #34 and #41-#42 that teach obtaining/knowing the identities of participants A and B); 
[0025] Temporary identity information can usually be generated by a transaction participant, and different transaction participants can independently generate respective temporary identity information. Certainly, in another implementation solution, temporary identity information of all or some of transaction participants can be generated by a specified processing device, and then is distributed to the corresponding transaction participants based on a specific rule.
[0034] In another implementation, the temporary identity information can be periodically replaced based on a predetermined cycle. For example, a temporary key pair of each contract participant is replaced once a day. Replacement cycles can be uniformly predetermined, or different replacement frequencies can be set based on access (for example, a weight, identity of party A or party B, credit rank, and stock rights), etc. of a contract participant. For example, contract participant A is an important asset manager, and a temporary key pair of contract participant A is replaced once a day, and temporary identity information of cooperators B and C of contract participant A is replaced once a week. Therefore, in another implementation of the method in the present specification, the method further includes the following step.
[0041] (1) Users A and B can register entity information and digital identities with a blockchain platform in a form of a smart contract or a non-smart contract by using a blockchain registration authority. The blockchain platform verifies a signature of the registration authority.  After the verification succeeds, the entity information and the digital identities of A and B are stored in the blockchain. The digital identity can include a public key, a private key, etc. of a user. The entity information can include information such as a name and an ID card of the user.
[0042] (2) User A′ and user B′ establish an encryption channel. A′ and B′ can mutually send summaries of the digital identities of each other to the blockchain platform. After identifying that A′ and B′ are authorized users, the platform returns an acknowledgement message to A and B. Otherwise, a declination message is returned, and communication between A′ and B′ stops.

verify the UE and “participants” on whether the UE and the “participants” are authorized to perform communications in the communication network (Para #25 above teaches that the two participants trust the third party to verify the participant’s identities and inherently authorizes them to commuicate, otherwise there would be no temporary identity issued and communications would not be authorized.  Para’s #40 and #43-#45 teach verifying the participants to allow them to communicate); 
[From Para #40] “…The certificates can be used to prove that A and B are authorized members of the blockchain, and A and B can create, execute, etc. a contract in the blockchain..”
[0042] (2) User A′ and user B′ establish an encryption channel. A′ and B′ can mutually send summaries of the digital identities of each other to the blockchain platform. After identifying that A′ and B′ are authorized users, the platform returns an acknowledgement message to A and B. Otherwise, a declination message is returned, and communication between A′ and B′ stops.
[0043] (3) To confirm the identity of B′, A′ can obtain query authorization (namely, a signature for a query request of A) from B′, and submit a query request to the blockchain. Likewise, B′ can submit a query for A′ by performing the present step.
[0044] (4) The blockchain platform verifies the queries and authorization signatures of A′ and B′, and separately sends identity authentication information of A′ and B′ to A′ and B′ after identifying that A′ and B′ are authorized blockchain users. If A′ or B′ is not a blockchain user, a failure message is returned, and communication between A′ and B′ stops.
[0045] (5) After verifying the entity information of each other, A′ and B′ establish an encryption channel by using the digital identities, and exchange messages, for example, exchange temporary public keys.
create mapping information, the mapping information including mappings between each identity indicated by the identity information and a respective temporary authentication identifier (ID)   (Para #25 teaches that a third party can generate temporary identities that are “mapped” to each participant for their communication session – if there is only one identity per participant, then there are only the two identities that are mapped.   NOTE that Para #33 teaches mapping multiple temporary identities to ONE participant, which puts forth multiple mappings/identities for one participant:  “…For example, contract participant A can perform identity signature by using different temporary identity information when signing different contracts with contract participant B, and contract participant A separately uses different temporary identity information for B and C when a contract signed by contract participants A and B is the same as a contract signed by contract participants A and C”.), and 
according to the mapping information, transmit the respective temporary authentication ID to each of the UE and the “participants” that are verified successfully by the third party (Para #25 teaches that the trusted third party issues temporary identities to each participant after they are inherently autheticated.  Also see other paragraphs/passages cited above); and 
the one or more network entities to which the UE is authenticated to access, each of the network entities configured to communicate with the UE or other “participants” based on their respective temporary authentication ID (Para #25 teaches that the two participants can communicate using their temporary identities.  Also see other paragraphs/passages cited above);
but is silent on network entities.
Wang appears to focus more on communications between two users and does not put forth a “network entity”.
At least Opsenica et al. US 2018/0310238 teaches a UE attaching to network entities (eg. network slices, various other networks, etc.) where the network entity has been inherently authenticated by the 3rd party since the 3rd party allows said network entity to contact it and request that the UE be authenticated as well (the examiner notes that wireless/cellular networks inherently authenticate each/every node/user on the network): 
[0044] A network slice may have knowledge of how to identify a UE when deciding whether to grant attachment of a UE to a network slice (e.g. identity management functionality). Alternatively, a network slice may use some form of external entity to identify a UE, such as a Home Subscriber Server (HSS) node used in existing networks, or an Authentication Authorization and Accounting (AAA) node, or any other service specific entity in charge of identity management function(s).
Furthermore, see Opsenica’s Figure 3 which shows that the approved/authenticated UE and network entities can then communicate (whereby the UE can connect to a network slice, etc.), which reads on a “network entity” being involved in communicating with a UE and not just UE-to-UE communications.
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Wang, such that network entities are authenticated, to provide the ability for each/every node on the network to be authenticated prior to communicating (to prevent hacking and to make communications secure).



As per claims 2 and 13, the combo teaches claim 1/12, wherein the third party is further configured to perform at least one* of: 
obtaining the temporary authentication ID from the network entities; and
generating the temporary authentication ID according to the identity information indicative of identity of the UE (See Wang, previous passages/paragraphs cited which teach the trusted authority sending temporary ID’s to the participants based on the information said participants provided to the trusted authority which verified them).  
[0025] Temporary identity information can usually be generated by a transaction participant, and different transaction participants can independently generate respective temporary identity information. Certainly, in another implementation solution, temporary identity information of all or some of transaction participants can be generated by a specified processing device, and then is distributed to the corresponding transaction participants based on a specific rule.
[From Para #40] “…The certificates can be used to prove that A and B are authorized members of the blockchain, and A and B can create, execute, etc. a contract in the blockchain..”
[0041] (1) Users A and B can register entity information and digital identities with a blockchain platform in a form of a smart contract or a non-smart contract by using a blockchain registration authority. The blockchain platform verifies a signature of the registration authority.  After the verification succeeds, the entity information and the digital identities of A and B are stored in the blockchain. The digital identity can include a public key, a private key, etc. of a user. The entity information can include information such as a name and an ID card of the user.
[0042] (2) User A′ and user B′ establish an encryption channel. A′ and B′ can mutually send summaries of the digital identities of each other to the blockchain platform. After identifying that A′ and B′ are authorized users, the platform returns an acknowledgement message to A and B. Otherwise, a declination message is returned, and communication between A′ and B′ stops.

*Alternative language is used, only one limitation need be found.







As per claims 3 and 14, the combo teaches claim 1/12, wherein the third party is further configured to: 
receive a request from the UE or the network entities (See previous passages/paragraphs cited above, at least the request can be received from a participant/entity/UE and identification is provided), the request including one or more of*: 
an identification proof of the UE or the network entities (See previous passages/paragrphs cited above – Para’s #25, #40, #42, etc.), 
the identity information indicative of identity of the UE or the network entities (See previous passages/paragrphs cited above – Para’s #25, #40, #42, etc.),
[0041] (1) Users A and B can register entity information and digital identities with a blockchain platform in a form of a smart contract or a non-smart contract by using a blockchain registration authority. The blockchain platform verifies a signature of the registration authority.  After the verification succeeds, the entity information and the digital identities of A and B are stored in the blockchain. The digital identity can include a public key, a private key, etc. of a user. The entity information can include information such as a name and an ID card of the user.
a preference indicative of a network to which the UE or the network entities prefer to access and a preference indicative of a service to which the UE or the network entities prefer to access or 
a combination thereof indicated by an identification cipher; 
verify whether the received information matches information maintained by the third party (see previous paragraphs/passages teaching that the participants send their identities to the “authority” for verification/storage); and 
upon a successful verification, transmit information indicating one or more subscriptions to the UE or the network entities (the concept of a “subscription” is broadly interpreted since it is not defined in the claim, hence it can be a “policy”, ie. such as the participants “subscribe” to changing their keys on a set schedule, which is taught by Wang):
[0034] In another implementation, the temporary identity information can be periodically replaced based on a predetermined cycle. For example, a temporary key pair of each contract participant is replaced once a day. Replacement cycles can be uniformly predetermined, or different replacement frequencies can be set based on access (for example, a weight, identity of party A or party B, credit rank, and stock rights), etc. of a contract participant. For example, contract participant A is an important asset manager, and a temporary key pair of contract participant A is replaced once a day, and temporary identity information of cooperators B and C of contract participant A is replaced once a week. Therefore, in another implementation of the method in the present specification, the method further includes the following step.
*Alternative language is used, only one limitation need be found.


As per claims 4 and 15, the combo teaches claim 3/14, wherein the request is an authorization request to be authorized on the third party, and the third party is configured to transmit the information by transmitting a response to the request (see previous paragraphs/passages above which teach the UE/participants contacting the third party and being authorized (ie. to communicate) 
but is silent on  wherein the response includes a subscription cipher.  
	In reviewing the applicant’s specification, the examiner notes that a “subscription cipher” is merely jargon/lexicograhpy for messages that can request and/or provide information from/to the UE.   For example, applicant’s specification teaches that the “subscription” can be stored in the UE (see Para #63 and/or #69 below) and “subscription cipher” can be a message sent to the UE that provides information such as a list of available infrastructure, a list of available slices, a list of infrastructure managers, corresponding public keys, a temporary UE ID, authentication UE ID, AAA signature, etc..:

    PNG
    media_image1.png
    264
    1100
    media_image1.png
    Greyscale


    PNG
    media_image2.png
    186
    1247
    media_image2.png
    Greyscale

	Thusly, as seen above, one skilled can merely interpret the concept of a “subscription” and “subscription cipher” as information that is provided to the UE information it of various network parameters, temporary UE ID, etc..   Wang was already shown as providing a temporary UE ID.  That said, the examiner puts forth Opsenica et al. US 2018/0310238 who teaches the UE receiving a list of network slice identities, selecting a network slice and sending a request to attach to the selected network slice (See Figure 3).  Thusly, the UE is sent a “subscription cipher” informing it of network slices, which would be included in a “subscription cipher message (and could even include a GUID, similar to a temporary UE ID as taught by Wang).  
[0048] The embodiments described herein enable selection of a mobile network service (or slice of a network) independently of who owns the network infrastructure or what authentication method or identity is used to identify the user or the UE. This allows applications such as application-based subscription services to be provided, for example where an application in a phone can offer various connectivity options and subscriptions. For instance, a network slice can offer credit-card paid subscription that generates a virtual SIM card upon the first selection of that network slice.
	
[0043]  FIG. 3 shows an example of a method in a network node according to an embodiment, for attaching a user equipment to a mobile communications network. The method comprises advertising a list of network slice identities, step 301, wherein each network slice identity identifies a portion of the mobile communications network that can serve as a logical network for a set of user equipment. The method comprises receiving, step 303, a network slice attachment request from a user equipment, requesting attachment of the user equipment to a selected network slice of the mobile communications network. In step 305 it is determined whether to grant attachment of the user equipment to the network slice. If granted, in step 307 the method comprises informing the user equipment of an initial access point where the user equipment can make an initial attachment directly to the network.

[0044] A network slice may have knowledge of how to identify a UE when deciding whether to grant attachment of a UE to a network slice (e.g. identity management functionality). Alternatively, a network slice may use some form of external entity to identify a UE, such as a Home Subscriber Server (HSS) node used in existing networks, or an Authentication Authorization and Accounting (AAA) node, or any other service specific entity in charge of identity management function(s).
[0045] In one embodiment, prior to the step of receiving a network slice attachment request, the method comprises receiving a request from a user equipment to register with a mobile network operator, MNO, or virtual mobile network operator, MVNO, and assigning a global unique user equipment identity, GUID, to the user equipment, and a default network slice identity of a network slice that the user equipment can use.
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that wherein the response includes a subscription cipher, to provide the ability to send important required information to the UE’s/network entities to support their communicating amongst themselves.


As per claims 5 and 16, the combo teaches claim 4/15, wherein the subscription cipher indicates one or more* of: 
a list of available infrastructure providers and available current public keys associated with the infrastructure providers; 
a list of available slices provided by a network slice provider and serving public keys associated with the network slice provider (See Opsenica (from Claim 4 above) who teaches a list of network slice providers); 
a list of available services provided by a service provider and serving public keys associated with the service provider; 
a list of available infrastructure managers and serving public keys associated with the available infrastructure managers; 
the temporary authentication IDs; 
a signature of an authentication authorization and accounting (AAA) management function in the third party, the signature indicative of authorization to the UE or the network entities; 
a public key and a private key from the UE or the network entities; and 
a public key from the AAA management function in the third party.  
*Alternative language is used, only one limitation need be found.



As per claims 6 and 17, the combo teaches claim 1/12, but is silent on wherein each of the network entities is configured as one or more* of: 
a service provider configured to provide services to the UEs, 
a network slice provider configured to provide network slice resources for the services, 
an infrastructure provider configured to provide an infrastructure to support the services, 
an infrastructure manager configured to manage the infrastructure or a cell under a management of an access node.  
	At least Opesenica et al. US 2018/0310238 teaches the UE receiving a list of network slice identities, selecting a network slice and sending a request to attach to the selected network slice (See Figure 3).  Thusly, the UE is sent a “subscription cipher” informing it of network slices, which would be included in a “subscription cipher message (and could even include a GUID, similar to a temporary UE ID as taught by Wang).  
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combination, such that wherein each of the network entities is configured as one or more* of: a service provider configured to provide services to the UEs, a network slice provider configured to provide network slice resources for the services, an infrastructure provider configured to provide an infrastructure to support the services, an infrastructure manager configured to manage the infrastructure or a cell under a management of an access node, to provide the ability for network slice information to be provided to the UE so it can connect to and use said network slice resources.
*Alternative language is used, only one limitation need be found.
Claim(s) 7 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang/Opsenica and further in view of Kunz et al. US 2020/0280854
As per claims 7 and 18, the combo teaches claim 3/15, but is silent on wherein the request is an initial registration request to be registered with the third party, the request includes information indicating one or more subscriptions include one or more* of: 
the mapping information; 
a temporary session key associated with the UE; 
the temporary authentication IDs; 
a list of available infrastructure providers and serving public keys from the available infrastructure providers; 
a list of available slices provided by a network slice provider and serving public keys from the network slice provider ;     < Discussed below
a list of available services provided by a service provider and serving public keys from the service provider; and
 a list of available infrastructure managers and serving public keys from the available infrastructure managers.  
With regard to “..a list of available slices provided by a network slice provider …”, at least Opsenica et al. US 2018/0310238 teaches the UE receiving a list of network slice identities and then requesting/selecting a network slice and sending a request to attach to the selected network slice (See Figure 3).  Thusly, the UE is sent a “subscription cipher” informing it of network slices, which would be included in a “subscription cipher message (and could even include a GUID, similar to a temporary UE ID as taught by Wang).  
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that wherein the request is an initial registration request to be registered with the third party, the request includes information indicating one or more subscriptions include one or more* of: the mapping information; a temporary session key associated with the UE; the temporary authentication IDs; a list of available infrastructure providers and serving public keys from the available nfrastructure providers; a list of available slices provided by a network slice provider 
With regard to the UE receiving “..serving public keys from the network slice provider..”, at least Kunz et al. US 2020/0280854 teaches a user receiving public keys used to authenticate with the network slice:
[0006] One method of an AMF, e.g., for protecting the user identity and credentials, includes receiving a registration request from a UE, wherein the UE registers with a mobile communication network using a first set of credentials and retrieving a public key for a network slice where slice-specific authentication is required. The second method includes encrypting a second set of credentials using the public key, the second set of credentials used for authentication with the network slice and sending a message to an authentication server, wherein the message includes the encrypted second set of credentials.
The examiner notes that Patil et al. US 2020/0057860 (pertinent but not cited) also teaches a similar design that transmits a public key to the UE associated with the network slice so that the UE can use said network slice’s information.
Patil’s Claim 14:  The method of claim 13, further comprising: encrypting the UE utilization block with a private key of an asymmetric key pair associated with the first network slice; transmitting a blockID of the UE utilization block to the first UE; and transmitting a public key of the same asymmetric key pair associated with the first network slice to the first UE, such that the UE can use the public key to decrypt one or more UE utilization blocks encrypted with the private key.
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that the serving public keys are from the network slice provider, to provide the UE with the keys to encrypt/decrypt information related to connecting to the network slice.
*Alternative language is used, only one limitation need be found.


Allowable Subject Matter
Claims 8-11 and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
	These claims recite highly detailed technical designs that are not found in at least the prior art of record, either alone or in combination:
Claims 8 and 19:  wherein the third party is further configured to: 
sign the one or more subscriptions based on authentication information indicative of authorization to the UE, and 
each of the network entities is further configured to verify the indicated subscriptions based on a public key of the third party.  

Claims 9 and 20: wherein each of the network entities is further configured to manage mobility of the UE by: 
receiving a request for updating the temporary authentication ID, the request including the temporary authentication ID and an ID of an entity that sends the request; 
verifying the temporary authentication ID; 
upon a successful verification, generating one or more new temporary authentication ID and updating local mapping information to include mappings associated with the new temporary authentication IDs; 
notifying the third party and other network entities of the new temporary authentication ID.  

Claim 10: wherein the request is an authorization request further including one or more of: 
an encrypted request entity, 
a random ID, and 
one or more signatures of the network entities associated with the request, each of the signatures indicative of authorization to the UE.  
Claim 11: wherein each of the other network entities is further configured to: 
in response to the request for updating the temporary authentication ID, transmit a response including a service subscription for the UE; and 
generate the signature indicative of authorization to the UE according to received new temporary authentication ID.  



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is found in the PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN M. D'AGOSTA whose telephone number is (571)272-7862. The examiner can normally be reached 8am to 4pm (IFW).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Edan (Dan) Orgad can be reached on 571-272-7884. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/STEPHEN M D AGOSTA/Primary Examiner, Art Unit 2414