Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                           DETAILED ACTION 
This is in response to the communication filed on 08/09/2022. Claims 1-24 are pending in the application.  Claims 1-24 are rejected. 
                                                         Response to Arguments
Applicant’s arguments, see  pages 10 and 11 of remarks, filed on 08/09/2022, with respect to 35 USC 102(a)(1) type rejections of claims 1, 3-7, 9-12 and 21-24 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Eipe et al. reference. 
Examiner notes, no specific arguments were presented with respect to 35 USC 103 type rejections of claims 2, 8, 13-18 and 20 other than ones already  presented in terms of 35 USC 102(a)(1) type rejections. However, any arguments with respect to 35 USC 103 type rejections of claims 2, 8, 13-18 and 20 are now moot in view of new grounds of rejections presented in this office action.

                                                   Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 

Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over publication  3GPP TR 33.868 V0.17.0 (2014-01) Technical Report; Technical Specification Group Services Aspects; Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements; Release 12, 2014 (hereinafter 3GPP TR, 2014-01) in view of US 2013/0128873 A1 (hereinafter Eipe et al)
Regarding claim 1, 3GPP TR, 2014-01 teaches a method for a network access node (note page 83, figure 5.7.4.2.5-1: "eNB"), comprising:
receiving a data packet from a client device (note page 84, figure 5.7.4.2.5-1: step 4 and line 4: “The UE sends the protected small data to the eNB over optimized Uu protocol. The Bearer Resource ID is included in a Uu protocol header or IE. This is needed since the eNB needs to be able to interpret the Bearer Resource”); and
forwarding the data packet to a first network function implemented at a first network device (note page 84, line 7, step 5: “The eNB resolves the Bearer Resource ID to S-GW UL TEID and S-GW IP address, and assembles a GTP-U PDU using information received with small data”; step 6: “The eNB forwards the GTP-U PDU to the S-GW”), wherein the first network function is associated with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB") and is configured to process  (note page 84, line 10, step 7: The S-GW receives the GTP-U PDU including the protected small data and terminates SDTSec (integrity check and/ or decryption) using the small data transfer security context …) at least one of user plane traffic or control plane traffic  (note page 13, figure 4-1: "S-GW" processes "user plane traffic’ shown as normal line) for  the client device when the client device is in a reduced data transfer mode (note page 98, figure 5.7.4.4.4.3.2-1: step 2 and line 2: “Small Data”);
receiving a control message from the first network function associated with the network access node (note page 83-84, figure 5.7.4.2.5-1: step 6: receiving security context; See also page 86, 5.7.4.2.7 S-GW relocation: sharing security context information with first S-GW and UE)
3GPP TR, 2014-01 fails to teach expressly identifying a temporary identifier in the control message, the temporary identifier associated with the client device.
However, Eipe et al teaches identifying a temporary identifier in the control message, the temporary identifier associated with the client device (note para. [0017], [0029], [0057]; home gateway receiving and identifying control/ relayed message containing temporary identifier)
Eipe et al and 3GPP TR, 2014-01  are analogous art because they are from the same field of endeavor of  implementing secure mechanism for mobility management between network nodes. Therefore, before the filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify 3GPP TR, 2014-01   method to further include the features of identifying a temporary identifier in the control message, the temporary identifier associated with the client device taught by Eipe et al reference in order to provide users with an efficient mechanism for  authenticating  a client device using a temporary identifier while preserving privacy of secure/permanent  context information related to client device (note Eipe et al, para. [0017], [0029])
Regarding claim 2, 3GPP TR, 2014-01  teaches the method wherein the first network function associated  (note page 85, line 5;  figure 5.7.4.2.5-1: communication/ connection between "S-GW"  and “eNB”) with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB") 
3GPP TR, 2014-01   fails to teach expressly wherein the first network function is different from a second network function indicated in the data packet, the second network function implemented at a second network device.
However, section 5.7.4.2.7:  “S-GW relocation” of  3GPP TR, 2014-01   discloses “It may be possible that more than one small data transfer security context is derived from the same base key i.e. the KASME, and these small data transfer security contexts are sent to different S-GW’s. An example where this can occur is if the UE is first sharing a small data transfer security context with one S-GW and then later there is a change of S-GW … UE cannot report its security parameters to MME through message  “TAU Request”, because  the SGW relocation is determined by MME, so UE cannot know whether SGW shall relocate before sending “TAU request” (note section 5.7.4.2.7, page 86, lines 3-23) In other words, the client device when sending a packet does not know whether it shall relocate and thus sends a bearer ID, which is related to the source S-GW. This is because whether relocation (e.g. for example, sending to different S-GWs to include sending small data and security context from a source S-GW to a target S-GW ) is needed is decided by the network. 
Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify 3GPP TR, 2014-01  method/ access node/ apparatus to further include the features of  wherein the first network function associated  is different from a second network function indicated in the data packet, the second network function implemented at a second network device  in the case  a client device wants to send a packets to a first network function (i.e. a  target S-GW), which is different from the second network function (i.e  a source S-GW)  This modification would have been obvious because a person having ordinary skill in the art, at the time invention was made, would have been motivated to do so  since 3GPP TR, 2014-01  suggests  relocation of S-GW in different network; and client device sending  a packets to a first network function (i.e. target S-GW), which is different from the second network function (i.e source S-GW) with which the client was already connected (See 3GPP TR, 2014-01,  Section 5.7.4.2.7)
Regarding claim 3, 3GPP TR, 2014-01 teaches the method of claim 1, further comprising:
removing the (note page 83-84, figure 5.7.4.2.5-1: step 11: "eNB TEID" is received and removed; see also page 16, line 5: discarding and replacing temporary identifier); and
transmitting, to the client device, a service relocation message that includes the control message (note page 86, paragraph "S-GW relocation” and lines 36-37:"For TAU, MME can generate new SDT security context and deliver it to target SGW through message "create session request", and MME can also send its security parameters to UE through message “TAU accept”; see also page 16, line 14: validation of trigger indication)
3GPP TR, 2014-01 fails to teach expressly removing the temporary identifier from the control message. 
However, Eipe et al teaches removing the temporary identifier from the control message (note para. [0029], [0049], [0052]: removing temporary identifier information from context/ control information before relocation/ relaying to a different network node)
Regarding claim 4, 3GPP TR, 2014-01 teaches the method of claim 3, wherein the control message includes information associated with the first network function implemented at the first network device (note page 83-84, figure 5.7.4.2.5-1: step 11: "SDTsec" is the encrypted and integrity protection performed by first network device S-GW") Furthermore,  Eipe et al  alternatively teaches the method of claim 3, wherein the control message includes information associated with the first network function implemented at the first network device (note para. [0016], [0057]: control message for carrying out mobility and session management functions)
Regarding claim 5, 3GPP TR, 2014-01 teaches the method of claim 3, wherein the control message includes a client device context generated at the first network function implemented at the first network device, and wherein the client device context includes network state information associated with the client device (note page 84, line 10 : "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context; see also page 76, section 5.7.4.2: eNB storing state and security context information)
Regarding claim 6, 3GPP TR, 2014-01 teaches the method of claim 5, wherein the client device context is encrypted by the first network function implemented at the first network device (note page 84, line 10: "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context)
Regarding claim 7,  3GPP TR, 2014-01 teaches a network access node (note page 83, figure 5.7.4.2.5-1: "eNB"), comprising:
a wireless communication circuit (note page 103, line 3: “radio bearer”; see also page 28, 105: radio link/ interface) configured for communications with a client device (note page 84, figure 5.7.4.2.5-1: : communications with the UE);
a processing circuit  (note page 83, figure 5.7.4.2.5-1: "eNB" node/ device would inherently include a processor ) coupled to the wireless communication circuit, the processing circuit configured to receive a data packet from a client device (note page 84, figure 5.7.4.2.5-1: step 4 and line 4: “The UE sends the protected small data to the eNB over optimized Uu protocol. The Bearer Resource ID is included in a Uu protocol header or IE. This is needed since the eNB needs to be able to interpret the Bearer Resource”); and
forward the data packet to a first network function implemented at a first network device (note page 84, line 7, step 5: “The eNB resolves the Bearer Resource ID to S-GW UL TEID and S-GW IP address, and assembles a GTP-U PDU using information received with small data”; step 6: “The eNB forwards the GTP-U PDU to the S-GW”), wherein the first network function is associated with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB")  and is configured to process (note page 84, line 10, step 7: The S-GW receives the GTP-U PDU including the protected small data and terminates SDTSec (integrity check and/ or decryption) using the small data transfer security context …)  at least one of user plane traffic or control plane traffic  (note page 13, figure 4-1: "S-GW" processes "user plane traffic’ shown as normal line) for the client device when the client device is in a reduced data transfer mode (note page 98, figure 5.7.4.4.4.3.2-1: step 2 and line 2: “Small Data”)
receive a control message from the first network function associated with the network access node (note page 83-84, figure 5.7.4.2.5-1: step 6: receiving security context; See also page 86, 5.7.4.2.7 S-GW relocation: sharing security context information with first S-GW and UE)
3GPP TR, 2014-01 fails to teach expressly identifying a temporary identifier in the control message, the temporary identifier associated with the client device.
However, Eipe et al teaches identifying a temporary identifier in the control message, the temporary identifier associated with the client device (note para. [0017], [0029], [0057]; home gateway receiving and identifying control/ relayed message containing temporary identifier)
Eipe et al and 3GPP TR, 2014-01  are analogous art because they are from the same field of endeavor of  implementing secure mechanism for mobility management between network nodes. Therefore, before the filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify 3GPP TR, 2014-01   access node to further include the features of identifying a temporary identifier in the control message, the temporary identifier associated with the client device taught by Eipe et al reference in order to provide users with an efficient mechanism for  authenticating  a client device using a temporary identifier while preserving privacy of secure/permanent  context information related to client device (note Eipe et al, para. [0017], [0029])
Regarding claim 8, 3GPP TR, 2014-01  teaches wherein the first network function associated  (note page 85, line 5;  figure 5.7.4.2.5-1: communication/ connection between "S-GW"  and “eNB”) with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB") 
3GPP TR, 2014-01   fails to teach expressly wherein the first network function is different from a second network function indicated in the data packet, the second network function implemented at a second network device.
However, section 5.7.4.2.7:  “S-GW relocation” of  3GPP TR, 2014-01   discloses “It may be possible that more than one small data transfer security context is derived from the same base key i.e. the KASME, and these small data transfer security contexts are sent to different S-GW’s. An example where this can occur is if the UE is first sharing a small data transfer security context with one S-GW and then later there is a change of S-GW … UE cannot report its security parameters to MME through message  “TAU Request”, because  the SGW relocation is determined by MME, so UE cannot know whether SGW shall relocate before sending “TAU request” (note section 5.7.4.2.7, page 86, lines 3-23) In other words, the client device when sending a packet does not know whether it shall relocate and thus sends a bearer ID, which is related to the source S-GW. This is because whether relocation (e.g. for example, sending to different S-GWs to include sending small data and security context from a source S-GW to a target S-GW ) is needed is decided by the network. 
Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify 3GPP TR, 2014-01  method/ access node/ apparatus to further include the features of  wherein the first network function associated  is different from a second network function indicated in the data packet, the second network function implemented at a second network device  in the case  a client device wants to send a packets to a first network function (i.e. a  target S-GW), which is different from the second network function (i.e  a source S-GW)  This modification would have been obvious because a person having ordinary skill in the art, at the time invention was made, would have been motivated to do so  since 3GPP TR, 2014-01  suggests  relocation of S-GW in different network; and client device sending  a packets to a first network function (i.e. target S-GW), which is different from the second network function (i.e source S-GW) with which the client was already connected (See 3GPP TR, 2014-01,  Section 5.7.4.2.7)
Regarding claim 9, 3GPP TR, 2014-01 teaches the network access node of claim 7, wherein the processing circuit is further configured to:
remove the (note page 83-84, figure 5.7.4.2.5-1: step 11: "eNB TEID" is received and removed; see also page 16, line 5: discarding and replacing temporary identifier); and
transmit, to the client device, a service relocation message that includes the control message (note page 86, paragraph "S-GW relocation” and lines 36-37:"For TAU, MME can generate new SDT security context and deliver it to target SGW through message "create session request", and MME can also send its security parameters to UE through message “TAU accept”; see also page 16, line 14: validation of trigger indication)
3GPP TR, 2014-01 fails to teach expressly removing the temporary identifier from the control message. 
However, Eipe et al teaches removing the temporary identifier from the control message (note para. [0029], [0049], [0052]: removing temporary identifier information from context/ control information before relocation/ relaying to a different network node)
Regarding claim 10, 3GPP TR, 2014-01 teaches the network access node of claim 9, wherein the control message includes information associated with the first network function implemented at the first network device (note page 83-84, figure 5.7.4.2.5-1: step 11: "SDTsec" is the encrypted and integrity protection performed by first network device S-GW")
Regarding claim 11, 3GPP TR, 2014-01 teaches the network access node of claim 9, wherein the control message includes a client device context generated at the first network function implemented at the first network device, and wherein the client device context includes network state information associated with the client device (note page 84, line 10 : "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context; see also page 76, section 5.7.4.2: eNB storing state and security context information)
Regarding claim 12,  3GPP TR, 2014-01 teaches the network access node of claim 11, wherein the client device context is encrypted by the first network function implemented at the first network device (note page 84, line 10: "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context)
receive a control message from the first network function associated with the network access node (note page 83-84, figure 5.7.4.2.5-1: step 6: receiving security context; See also page 86, 5.7.4.2.7 S-GW relocation: sharing security context information with first S-GW and UE)
3GPP TR, 2014-01 fails to teach expressly identifying a temporary identifier in the control message, the temporary identifier associated with the client device.
However, Eipe et al teaches identifying a temporary identifier in the control message, the temporary identifier associated with the client device (note para. [0017], [0029], [0057]; home gateway receiving and identifying control/ relayed message containing temporary identifier)
Eipe et al and 3GPP TR, 2014-01  are analogous art because they are from the same field of endeavor of  implementing secure mechanism for mobility management between network nodes. Therefore, before the filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify 3GPP TR, 2014-01   access node to further include the features of identifying a temporary identifier in the control message, the temporary identifier associated with the client device taught by Eipe et al reference in order to provide users with an efficient mechanism for  authenticating  a client device using a temporary identifier while preserving privacy of secure/permanent  context information related to client device (note Eipe et al, para. [0017], [0029])
Regarding claim 13, 3GPP TR, 2014-01 teaches 
receive a data packet from a client device (note page 84, figure 5.7.4.2.5-1: step 4 and line 4: “The UE sends the protected small data to the eNB over optimized Uu protocol. The Bearer Resource ID is included in a Uu protocol header or IE. This is needed since the eNB needs to be able to interpret the Bearer Resource”); and
forward the data packet to a first network function implemented at a first network device (note page 84, line 7, step 5: “The eNB resolves the Bearer Resource ID to S-GW UL TEID and S-GW IP address, and assembles a GTP-U PDU using information received with small data”; step 6: “The eNB forwards the GTP-U PDU to the S-GW”), wherein the first network function is associated with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB")  and is configured to process (note page 84, line 10, step 7: The S-GW receives the GTP-U PDU including the protected small data and terminates SDTSec (integrity check and/ or decryption) using the small data transfer security context …)  at least one of user plane traffic or control plane traffic  (note page 13, figure 4-1: "S-GW" processes "user plane traffic’ shown as normal line) for the client device when the client device is in a reduced data transfer mode (note page 98, figure 5.7.4.4.4.3.2-1: step 2 and line 2: “Small Data”)
3GPP TR, 2014-01 fails to teach expressly  a non-transitory processor-readable storage medium having instructions stored thereon, which when executed by at least one processing circuit causes to perform the claimed functionalities.
However,  examiner takes an official notice on that at the time of invention, use of a processor-readable storage medium (e.g. a computer readable storage medium) comprising executable instructions for performing a particular method steps/features was well-known in the art (See cited patent publications/ references in this office action: computer readable medium, or computer readable storage medium) Therefore, at the time of effective filing of the claimed invention, it would have been obvious to ordinary skill in the art to design a non-transitory processor-readable storage medium storing executable instructions for performing the features of claim 13 in order to provide users with a well-known and suitable/portable means for storing .
Regarding claim 14, 3GPP TR, 2014-01  teaches the method wherein the first network function associated  (note page 85, line 5;  figure 5.7.4.2.5-1: communication/ connection between "S-GW"  and “eNB”) with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB") 
3GPP TR, 2014-01   fails to teach expressly wherein the first network function is different from a second network function indicated in the data packet, the second network function implemented at a second network device.
However, section 5.7.4.2.7:  “S-GW relocation” of  3GPP TR, 2014-01   discloses “It may be possible that more than one small data transfer security context is derived from the same base key i.e. the KASME, and these small data transfer security contexts are sent to different S-GW’s. An example where this can occur is if the UE is first sharing a small data transfer security context with one S-GW and then later there is a change of S-GW … UE cannot report its security parameters to MME through message  “TAU Request”, because  the SGW relocation is determined by MME, so UE cannot know whether SGW shall relocate before sending “TAU request” (note section 5.7.4.2.7, page 86, lines 3-23) In other words, the client device when sending a packet does not know whether it shall relocate and thus sends a bearer ID, which is related to the source S-GW. This is because whether relocation (e.g. for example, sending to different S-GWs to include sending small data and security context from a source S-GW to a target S-GW ) is needed is decided by the network. 
Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify 3GPP TR, 2014-01  method/ access node/ apparatus to further include the features of  wherein the first network function associated  is different from a second network function indicated in the data packet, the second network function implemented at a second network device  in the case  a client device wants to send a packets to a first network function (i.e. a  target S-GW), which is different from the second network function (i.e  a source S-GW)  This modification would have been obvious because a person having ordinary skill in the art, at the time invention was made, would have been motivated to do so  since 3GPP TR, 2014-01  suggests  relocation of S-GW in different network; and client device sending  a packets to a first network function (i.e. target S-GW), which is different from the second network function (i.e source S-GW) with which the client was already connected (See 3GPP TR, 2014-01,  Section 5.7.4.2.7)
Regarding claim 15, it is rejected applying as same motivation and rationale applied above rejecting claim 13, furthermore, 3GPP TR, 2014-01 teaches wherein the instructions further cause the at least one processing circuit to:
remove the (note page 83-84, figure 5.7.4.2.5-1: step 11: "eNB TEID" is received and removed; see also page 16, line 5: discarding and replacing temporary identifier); and
transmit, to the client device, a service relocation message that includes the control message (note page 86, paragraph "S-GW relocation” and lines 36-37:"For TAU, MME can generate new SDT security context and deliver it to target SGW through message "create session request", and MME can also send its security parameters to UE through message “TAU accept”; see also page 16, line 14: validation of trigger indication)
3GPP TR, 2014-01 fails to teach expressly removing the temporary identifier from the control message. 
However, Eipe et al teaches removing the temporary identifier from the control message (note para. [0029], [0049], [0052]: removing temporary identifier information from context/ control information before relocation/ relaying to a different network node)
Regarding claim 16, it is rejected applying as same motivation and rationale applied above rejecting claim 15, furthermore, 3GPP TR, 2014-01 teaches wherein the control message includes information associated with the first network function implemented at the first network device (note page 83-84, figure 5.7.4.2.5-1: step 11: "SDTsec" is the encrypted and integrity protection performed by first network device S-GW")
Regarding claim 17, it is rejected applying as same motivation and rationale applied above rejecting claim 15, furthermore, 3GPP TR, 2014-01 teaches wherein the control message includes a client device context generated at the first network function implemented at the first network device, and wherein the client device context includes network state information associated with the client device (note page 84, line 10 : "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context; see also page 76, section 5.7.4.2: eNB storing state and security context information)
Regarding claim 18, it is rejected applying as same motivation and rationale applied above rejecting claim 15, furthermore, 3GPP TR, 2014-01 teaches wherein the client device context is encrypted by the first network function implemented at the first network device (note page 84, line 10: "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context)
Regarding claim 19, 3GPP TR, 2014-01 teaches an apparatus (note page 83, figure 5.7.4.2.5-1: "eNB"), comprising:
means (note page 103, line 3: “radio bearer”; see also page 28, 105: radio link/ interface) for receiving a data packet from a client device (note page 84, figure 5.7.4.2.5-1: : communications with the UE); and
means (note page 83, figure 5.7.4.2.5-1: "eNB" node/ device would inherently include a processor means) for forwarding the data packet to a first network function implemented at a first network device (note page 84, line 7, step 5: “The eNB resolves the Bearer Resource ID to S-GW UL TEID and S-GW IP address, and assembles a GTP-U PDU using information received with small data”; step 6: “The eNB forwards the GTP-U PDU to the S-GW”), wherein the first network function is associated with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB")  and is configured to process (note page 84, line 10, step 7: The S-GW receives the GTP-U PDU including the protected small data and terminates SDTSec (integrity check and/ or decryption) using the small data transfer security context …)  at least one of user plane traffic or control plane traffic  (note page 13, figure 4-1: "S-GW" processes "user plane traffic’ shown as normal line) for the client device when the client device is in a reduced data transfer mode (note page 98, figure 5.7.4.4.4.3.2-1: step 2 and line 2: “Small Data”)
means  (note page 83, figure 5.7.4.2.5-1: "eNB" node/ device would inherently include a processor ) for receiving a control message from the first network function associated with the network access node (note page 83-84, figure 5.7.4.2.5-1: step 6: receiving security context; See also page 86, 5.7.4.2.7 S-GW relocation: sharing security context information with first S-GW and UE)
3GPP TR, 2014-01 fails to teach expressly means for identifying a temporary identifier in the control message, the temporary identifier associated with the client device.
However, Eipe et al teaches means  (note para. [0029], [0057]; home gateway) for identifying a temporary identifier in the control message, the temporary identifier associated with the client device (note para. [0017], [0029], [0057]; home gateway receiving and identifying control/ relayed message containing temporary identifier)
Eipe et al and 3GPP TR, 2014-01  are analogous art because they are from the same field of endeavor of  implementing secure mechanism for mobility management between network nodes. Therefore, before the filing of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify 3GPP TR, 2014-01   access node to further include the features of identifying a temporary identifier in the control message, the temporary identifier associated with the client device taught by Eipe et al reference in order to provide users with an efficient mechanism for  authenticating  a client device using a temporary identifier while preserving privacy of secure/permanent  context information related to client device (note Eipe et al, para. [0017], [0029])
Regarding claim 20, 3GPP TR, 2014-01  teaches wherein the first network function associated  (note page 85, line 5;  figure 5.7.4.2.5-1: communication/ connection between "S-GW"  and “eNB”) with the network access node (note page 83, figure 5.7.4.2.5-1: "eNB") 
3GPP TR, 2014-01   fails to teach expressly wherein the first network function is different from a second network function indicated in the data packet, the second network function implemented at a second network device.
However, section 5.7.4.2.7:  “S-GW relocation” of  3GPP TR, 2014-01   discloses “It may be possible that more than one small data transfer security context is derived from the same base key i.e. the KASME, and these small data transfer security contexts are sent to different S-GW’s. An example where this can occur is if the UE is first sharing a small data transfer security context with one S-GW and then later there is a change of S-GW … UE cannot report its security parameters to MME through message  “TAU Request”, because  the SGW relocation is determined by MME, so UE cannot know whether SGW shall relocate before sending “TAU request” (note section 5.7.4.2.7, page 86, lines 3-23) In other words, the client device when sending a packet does not know whether it shall relocate and thus sends a bearer ID, which is related to the source S-GW. This is because whether relocation (e.g. for example, sending to different S-GWs to include sending small data and security context from a source S-GW to a target S-GW ) is needed is decided by the network. 
Therefore, before the time of effective filing of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify 3GPP TR, 2014-01  method/ access node/ apparatus to further include the features of  wherein the first network function associated  is different from a second network function indicated in the data packet, the second network function implemented at a second network device  in the case  a client device wants to send a packets to a first network function (i.e. a  target S-GW), which is different from the second network function (i.e  a source S-GW)  This modification would have been obvious because a person having ordinary skill in the art, at the time invention was made, would have been motivated to do so  since 3GPP TR, 2014-01  suggests  relocation of S-GW in different network; and client device sending  a packets to a first network function (i.e. target S-GW), which is different from the second network function (i.e source S-GW) with which the client was already connected (See 3GPP TR, 2014-01,  Section 5.7.4.2.7)
Regarding claim 21, 3GPP TR, 2014-01 teaches the apparatus (note page 83, figure 5.7.4.2.5-1: "eNB") of claim 19, further comprising:
means (note page 83, figure 5.7.4.2.5-1: "eNB" node/ device would inherently include a processor means)  removing the (note page 83-84, figure 5.7.4.2.5-1: step 11: "eNB TEID" is received and removed; see also page 16, line 5: discarding and replacing temporary identifier); and
means (note page 83, figure 5.7.4.2.5-1: "eNB" node/ device would inherently include a processor means)  for transmitting, to the client device, a service relocation message that includes the control message (note page 86, paragraph "S-GW relocation” and lines 36-37:"For TAU, MME can generate new SDT security context and deliver it to target SGW through message "create session request", and MME can also send its security parameters to UE through message “TAU accept”; see also page 16, line 14: validation of trigger indication)
3GPP TR, 2014-01 fails to teach expressly removing the temporary identifier from the control message. 
However, Eipe et al teaches removing the temporary identifier from the control message (note para. [0029], [0049], [0052]: removing temporary identifier information from context/ control information before relocation/ relaying to a different network node)
Regarding claim 22, 3GPP TR, 2014-01 teaches the apparatus of claim 21, wherein the control message includes information associated with the first network function implemented at the first network device (note page 83-84, figure 5.7.4.2.5-1: step 11: "SDTsec" is the encrypted and integrity protection performed by first network device S-GW")
Regarding claim 23, 3GPP TR, 2014-01 teaches the apparatus of claim 21, wherein the control message includes a client device context generated at the first network function implemented at the first network device, and wherein the client device context includes network state information associated with the client device (note page 84, line 10 : "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context; see also page 76, section 5.7.4.2: eNB storing state and security context information)
Regarding claim 24, 3GPP TR, 2014-01 teaches the apparatus of claim 23, wherein the client device context is encrypted by the first network function implemented at the first network device (note page 84, line 10: "The S-GW performs protection (e.g. integrity and/ or encryption) of small data in the GTP-U PDU using SDTSec and the small data transfer security context)

                                                   Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-272-3551.  The examiner can normally be reached on M-F from 10:00 AM to 6:30 PM.  Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:// www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jung (Jay) Kim, can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/SHANTO ABEDIN/           Primary Examiner, Art Unit 2494