Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 08/23/2022.
In the instant Amendment, claims 5-6, 15-16 have been cancelled; claims 1, 11 and 20 have been amended; and claims 1, 11, and 20 are independent claims. Claims 1-4, 7-14, 17-20 have been examined and are pending. This Action is made Final
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/7/2022 and 07/16/2022, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner
Response to Arguments
Applicants’ arguments with respect to claims 1-4, 7-14, 17-20 have been considered but are moot in view of the new grounds of rejection, which were necessitated by amendment. 
The rejection of claims 1-4, 7-9, 11-14, 17-20 under 35 U.S.C. 102(a)(1) is withdrawn as the claims have been amended.
Applicant’s arguments in the Instant Amendment, filed on 08/23/2022, with respect to claims 1 and 10 , have been fully considered but are not persuasive.
Applicant’s argument:  “The quoted portion of Jost states that the integrity verification information is a hash of the portion of the message and that the portion of the message is the body (e.g., a JSON body). Jost further describes excluding a path pseudo-header. The quoted portion of Jost does not disclose or suggest using the header or an "authority header" of a request message as recited in claim 1, and Jost teaches away from using a header by describing the exclusion of the path pseudo-header.”
The Examiner disagrees with the Applicant. The Examiner respectfully submits that Jost also teaches the portions of the request message that are specified  to not be modified by the proxies include an authority header. Jost teaches a message where a portion of the message can be modified by the proxy and  that portion is integrity protected, see Jost page 6, line 3-8, “in some embodiments, only a part of the message 22 is integrity protected (e.g., at the application layer), so that another part of the message 22 that is not integrity protected can be modified by the SCP 18 as needed to perform one or more proxy functions.”. Jost further teaches the authority header in page 11 line 14 “In some embodiments, the digitally signed assertion is included in a header of the message 22”. Therefore It would have been obvious to person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Jost into the teachings of Choyi to include performing the hash of the portion that is specified to not be modified by the proxy and that portion include a header because it will allow the service communication proxy to modify the unprotected portion as needed to provide one or more proxy functions, e.g., path modification as part of message routing. Accordingly, Jost would not conflict with Choyi as the prior art must be considered in its entirety and disclosed examples and preferred embodiments do not constitute a teaching away from a broader disclosure or a non-preferred embodiment. “The prior art’s mere disclosure of more than one alternative does not constitute a teaching away from any of these alternatives because such disclosure does not criticize, discredit, or otherwise discourage the solution claimed…."  (MPEP 2145 D. 1. [R-10.2019] or MPEP 2143.01 I. [R-10.2019]).  
Applicant’s argument:  “The cited portion of Jost merely states that the SCP can be deployed at the PLMN level. The cited portion of Jost does not describe that the request message "is an inter-public land mobile network (PLMN) message destined for a different PLMN" as recited in claim 10. Moreover, the cited portion of Jost does not disclose or suggest that the SCP deployed at the PLMN level is "configured for cross-certification" as recited in claim 10.”
The Examiner disagrees with the Applicant.  The Examiner respectfully submits that Jost teaches the inter-public land mobile network. Jost teaches that the communication can be between the same or different network or networks for example the PLMN see Jost page 26 line 26-28, “In Figure 7, processing circuitry 701 may be configured to communicate with network 743b using communication subsystem 731 . Network 743a and network 743b may be the same network or networks or different network or networks.” 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-4, 7-14, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Choyi et al. (U.S. 20210250172 A1; Hereinafter "Choyi") in view Jost et al. (W.O Application 2022043130 A1; Hereinafter “Jost”).
Regarding claim 1, Choyi teaches a method for creating single-use authentication messages, the method comprising (Choyi para [0045], “NF consumer 120 may initiate authentication and secure communications with NRF”): 
creating, at a consumer network function (NF consumer 120) of a core network of a telecommunications network, a message hash of at least a subset of a request message (Choyi: para [0045-0047], fig. 5 “More particularly, as shown at reference 545, NF consumer 120 may generate a hash of the service request (e.g., SReq 520) and digitally sign the hash to generate a cryptographically signed service request object (SReqProtectedObject) using an algorithm and cryptographic parameters listed in the SReq Protection Parameter list. Similarly for the protection required of the NF-P 130 by the NF-C 120, the parameters are listed within the SRes Protection Parameters.”); 
adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function (Choyi: para [0047], “NF consumer 120 may bind the authorization token (e.g., from service response 535) to the proof-of-request (e.g., SReqProtectedObject)”); and 
sending, from the consumer network function, the request message with the CCA token to a producer network function (NF producer 130) (Choyi: para[0048], “NF consumer 120 may submit a service request 550 to SCP 110. Service request 550 may also include the authorization token and SReqProtectedObject, along with an NF consumer 120 certificate. The service request message may be sent to the SCP 110, whose network address (e.g., FQDN or IP address) may be listed within the access token generated by the NRF 140 and/or listed within the SReq Parameters. Based on service request 550, SCP 110 may, at reference 555, initiate a TLS handshake to conduct authentication and establish secure communications with NF producer 130. The SCP 110 obtains the address of the next hop of the connection by using either the “audience” field within the authorization token or the “target” field within the service request to initiate the TLS connection. Acting as a proxy for NF consumer 120, SCP 110 may submit or forward a service request 560 to NF producer 130. Service request 555 may also include the token and SReqProtectedObject received from NF consumer 120, along with the NF consumer 120 certificate.”).
Choyi does not explicitly teach wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network, and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message.
However, in an analogous art, Jost teaches wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network (Jost: page 6 line 3-8, “In this context, some embodiments herein integrity protect the message 22 to at least some extent while still enabling the SCP 18 to perform one or more proxy functions that involve modifications to the message 22. In fact, in some embodiments, only a part of the message 22 is integrity protected (e.g., at the application layer), so that another part of the message 22 that is not integrity protected can be modified by the SCP 18 as needed to perform one or more proxy functions.”,  “some embodiments may integrity protect the second portion 22-2,” Jost teaches the portion that is integrity protected is the portion that cannot be modified), and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message (Jost: page 2 line 5-6, “In some embodiments, the message includes one or more headers and a body, and the portion of the message is the body (e.g., a JSON body).”, “the digitally signed assertion is included in a header of the message 22.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Jost into the method of Choyi to include wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network because it will allow the service communication proxy to modify the unprotected portion as needed to provide one or more proxy functions, e.g., path modification as part of message routing. (Jost: page 1 line 25-28).
Regarding claim 2, Choyi in view of Jost teaches the independent claim 1. Choyi additionally teaches comprising, at the producer network function: validating that the CCA token is signed and not expired (Choyi: para[0049], [0080], “Thus, at reference 965, NF producer 130 may receive service request 960, and verify the token for timeliness and authorization”); 
validating that a hash of the received request message matches the message hash of the CCA token (Choyi: para[0049], “NF producer 130 may receive service request 560. NF producer 130 is able to verify that the proof-of-request was indeed created by NF consumer 120 by verifying the NF consumer's 120 digital signature and verifying the authorization token binding, thereby preventing an intermediate proxy from fraudulently attempting to mimic an authorized NF consumer. More particularly, as shown at reference 565, NF producer 130 may verify the authenticity of the token, verify the SReqProtectedObject, verify the binding, and generate a signed service response object (SResProtectedObject) that includes a binding to the service request.”); and 
sending a response to the consumer network function (Choyi: para[0050], [0080], “NF producer 130 may include the SResProtectedObject in a service response 570 directed to SCP 110. The NF producer 130 may send the service response messages that may contain the service response message containing the parameters: “source”, “target”, “audience”, “NF-P certificate”, “Service Parameters”, “Service Request” and the SResProtectedObject to the SCP 110. SCP 110 may receive service response 570 and may submit or forward a service response 575, including the SResProtectedObject, to NF consumer 120”). 
Regarding claim 3, Choyi in view of Jost teaches the independent claim 1. Choyi additionally teaches comprising, at a proxy (SCP 110) between the consumer network function and producer network function: validating that a hash of the received request message matches the message hash of the CCA token (Choyi: para[0080], “the SCP 110 may optionally verify if the service response received from the NF producer 130 is valid and timely. If the service response contained a SResProtectedObject, the SCP 110 may verify the authenticity and validity of the SResProtectedObject, by using the parameters within the service response message and the NF producer's 130 certificate and matching the service request message that contained the authorization token.”); and 
forwarding the request message to the producer network function in response to validating that the hash of the received request message matches the message hash of the CCA token (Choyi: para[0080], “SCP 110 may receive service response 970 and may submit a service response 975 to NF consumer 120.”).
Regarding claim 4, Choyi in view of Jost teaches the dependent claim 3. Choyi additionally teaches  at the producer network function: validating that the CCA token is signed and not expired (Choyi: para[0049], [0080], “Thus, at reference 965, NF producer 130 may receive service request 960, and verify the token for timeliness and authorization”); and 
sending a response to the consumer network function Choyi: para[0050], [0080], “NF producer 130 may include the SResProtectedObject in a service response 570 directed to SCP 110. The NF producer 130 may send the service response messages that may contain the service response message containing the parameters: “source”, “target”, “audience”, “NF-P certificate”, “Service Parameters”, “Service Request” and the SResProtectedObject to the SCP 110. SCP 110 may receive service response 570 and may submit or forward a service response 575, including the SResProtectedObject, to NF consumer 120”).
Regarding claim 7, Choyi in view of Jost teaches the independent claim 1. Choyi additionally teaches comprising enabling or disabling single-use authentication messages on a per-interface basis for a plurality of different interfaces of the network core (Choyi: para: para[0010], [0024], [0028], “In the example, of FIG. 1, a Services Communications Proxy (SCP) 110 enables communications between various network nodes”, “Assume in FIG. 3 that each of SCP 110, NF consumer 120, and NF producer 130 have been provisioned with an NRF certificate (e.g., an X.509v3 certificate including the NRF's public key) to enable cryptographic exchanges.” ).
Regarding claim 8, Choyi in view of Jost teaches the independent claim 1. Choyi additionally teaches wherein the network core is a 5G network core (Choyi: para[0010], “[0010] FIG. 1 is a diagram of an exemplary environment 100 in which the systems and/or methods, described herein, may be implemented. FIG. 1 may represent network elements in a 5G core network.”).
Regarding claim 9, Choyi in view of Jost teaches the dependent claim 8. Choyi additionally teaches wherein the CCA token comprises a plurality of fields including a network function instance identifier, an issued-at timestamp, an expiration time, and the message hash (Choyi: [0032],[0058], “the claims within the token that may contain information from the original SReq Parameters (e.g. Source, Target, SReq Id, Date/Time, SReq Protection Parameters containing the NF consumer's 120 certificate)”).
Regarding claim 10, Choyi in view of Jost teaches the independent claim 1. Jost teaches wherein the request message is an inter-public land mobile network (PLMN) message destined for a different PLMN configured for cross-certification (Jost: page 9 line 8-9, “The SCP 18 may be deployed in a distributed manner. Note that SCPs, including SCP 18, can be deployed at the Public Land Mobile Network (PLMN) level, shared-slice level, and slice-specific level.” page 26 line 26-28, “In Figure 7, processing circuitry 701 may be configured to communicate with network 743b using communication subsystem 731 . Network 743a and network 743b may be the same network or networks or different network or networks). 
Regarding claim 11, Choyi teaches a system for creating single-use authentication messages, the system comprising: at least one processor and a memory (Choyi: para[0091], “Embodiments described herein may be implemented in many different forms of software executed by hardware. …for example, hardware (e.g., processor 220, etc.), or a combination of hardware and software”); and 
a consumer network function of a core network of a telecommunications network, the consumer network function implemented by the at least one processor and configured for (Choyi: para[0010], “The network function nodes may operate as network function (NF) consumers 120 and/or NF producers 130. For example, using SCP 110, NF consumers 120 may request services from NF producers 130.”):
creating, at a consumer network function (NF consumer 120) of a core network of a telecommunications network, a message hash of at least a subset of a request message (Choyi: para [0045-0047], fig. 5 “More particularly, as shown at reference 545, NF consumer 120 may generate a hash of the service request (e.g., SReq 520) and digitally sign the hash to generate a cryptographically signed service request object (SReqProtectedObject) using an algorithm and cryptographic parameters listed in the SReq Protection Parameter list. Similarly for the protection required of the NF-P 130 by the NF-C 120, the parameters are listed within the SRes Protection Parameters.”); 
adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function (Choyi: para [0047], “NF consumer 120 may bind the authorization token (e.g., from service response 535) to the proof-of-request (e.g., SReqProtectedObject)”); and 
sending, from the consumer network function, the request message with the CCA token to a producer network function (NF producer 130) (Choyi: para[0048], “NF consumer 120 may submit a service request 550 to SCP 110. Service request 550 may also include the authorization token and SReqProtectedObject, along with an NF consumer 120 certificate. The service request message may be sent to the SCP 110, whose network address (e.g., FQDN or IP address) may be listed within the access token generated by the NRF 140 and/or listed within the SReq Parameters. Based on service request 550, SCP 110 may, at reference 555, initiate a TLS handshake to conduct authentication and establish secure communications with NF producer 130. The SCP 110 obtains the address of the next hop of the connection by using either the “audience” field within the authorization token or the “target” field within the service request to initiate the TLS connection. Acting as a proxy for NF consumer 120, SCP 110 may submit or forward a service request 560 to NF producer 130. Service request 555 may also include the token and SReqProtectedObject received from NF consumer 120, along with the NF consumer 120 certificate.”).
Choyi does not explicitly teach wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network, and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message.
However, in an analogous art, Jost teaches wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network (Jost: page 6 line 3-8, “In this context, some embodiments herein integrity protect the message 22 to at least some extent while still enabling the SCP 18 to perform one or more proxy functions that involve modifications to the message 22. In fact, in some embodiments, only a part of the message 22 is integrity protected (e.g., at the application layer), so that another part of the message 22 that is not integrity protected can be modified by the SCP 18 as needed to perform one or more proxy functions.”,  “some embodiments may integrity protect the second portion 22-2,” Jost teaches the portion that is integrity protected is the portion that cannot be modified), and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message (Jost: page 2 line 5-6, “In some embodiments, the message includes one or more headers and a body, and the portion of the message is the body (e.g., a JSON body).”, “the digitally signed assertion is included in a header of the message 22.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Jost into the method of Choyi to include wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network because it will allow the service communication proxy to modify the unprotected portion as needed to provide one or more proxy functions, e.g., path modification as part of message routing. (Jost: page 1 line 25-28).
Regarding claim 12, claim 12 is rejected under the same rational as claim 2.
Regarding claim 13, claim 13 is rejected under the same rational as claim 3.
Regarding claim 14, claim 14 is rejected under the same rational as claim 4.
Regarding claim 17, claim 17 is rejected under the same rational as claim 7.
Regarding claim 18, claim 18 is rejected under the same rational as claim 8.
Regarding claim 19, claim 19 is rejected under the same rational as claim 9.
Regarding claim 20, Choyi teaches a non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer control the computer to perform steps comprising (Choyi: para[0026], “A computer-readable medium may be defined as a non-transitory memory device. A memory device may be implemented within a single physical memory device or spread across multiple physical memory devices. The software instructions may be read into memory 230 from another computer-readable medium or from another device. The software instructions contained in memory 230 may cause processor 220 to perform processes described herein”): 
creating, at a consumer network function (NF consumer 120) of a core network of a telecommunications network, a message hash of at least a subset of a request message (Choyi: para [0045-0047], fig. 5 “More particularly, as shown at reference 545, NF consumer 120 may generate a hash of the service request (e.g., SReq 520) and digitally sign the hash to generate a cryptographically signed service request object (SReqProtectedObject) using an algorithm and cryptographic parameters listed in the SReq Protection Parameter list. Similarly for the protection required of the NF-P 130 by the NF-C 120, the parameters are listed within the SRes Protection Parameters.”); 
adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function (Choyi: para [0047], “NF consumer 120 may bind the authorization token (e.g., from service response 535) to the proof-of-request (e.g., SReqProtectedObject)”); and 
sending, from the consumer network function, the request message with the CCA token to a producer network function (NF producer 130) (Choyi: para[0048], “NF consumer 120 may submit a service request 550 to SCP 110. Service request 550 may also include the authorization token and SReqProtectedObject, along with an NF consumer 120 certificate. The service request message may be sent to the SCP 110, whose network address (e.g., FQDN or IP address) may be listed within the access token generated by the NRF 140 and/or listed within the SReq Parameters. Based on service request 550, SCP 110 may, at reference 555, initiate a TLS handshake to conduct authentication and establish secure communications with NF producer 130. The SCP 110 obtains the address of the next hop of the connection by using either the “audience” field within the authorization token or the “target” field within the service request to initiate the TLS connection. Acting as a proxy for NF consumer 120, SCP 110 may submit or forward a service request 560 to NF producer 130. Service request 555 may also include the token and SReqProtectedObject received from NF consumer 120, along with the NF consumer 120 certificate.”).
Choyi does not explicitly teach wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network, and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message.
However, in an analogous art, Jost teaches wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network (Jost: page 6 line 3-8, “In this context, some embodiments herein integrity protect the message 22 to at least some extent while still enabling the SCP 18 to perform one or more proxy functions that involve modifications to the message 22. In fact, in some embodiments, only a part of the message 22 is integrity protected (e.g., at the application layer), so that another part of the message 22 that is not integrity protected can be modified by the SCP 18 as needed to perform one or more proxy functions.”,  “some embodiments may integrity protect the second portion 22-2,”), and wherein the one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network include an authority header of the request message (Jost: page 2 line 5-6, “In some embodiments, the message includes one or more headers and a body, and the portion of the message is the body (e.g., a JSON body).”, “the digitally signed assertion is included in a header of the message 22.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Jost into the method of Choyi to include wherein creating the message hash comprises using one or more portions of the request message that are specified to not be modified by proxies of the telecommunications network because it will allow the service communication proxy to modify the unprotected portion as needed to provide one or more proxy functions, e.g., path modification as part of message routing. (Jost: page 1 line 25-28).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272 - 4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./
Examiner, Art Unit 2437  
/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437