Detailed Action
1.	The Office Action is in response to the Applicant’s communication filed on 01/07/2021. In virtue of this communication, claims 1-20 are currently pending in this Office Action. 

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
    nonobviousness.

5.	Claims 1, 6-9, 11, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Vrzic Pub. No.: US 2017/0142591 A1 in view of Huo Pub. No.: US 2018/0084427 A1, Yavuz et al. Pub. No.: US 2021/0204164 A1 and Marinho et al. Pub. No.: US 2021/0360401 A1.

Claim 1
Vrzic discloses a method, comprising: 
receiving a request (fig. 8, UE attaches to one or more network slices in par. 0086; see attach request in fig. 2-3 & 11-19) for a network slice with a security assurance (par. 0116, attach request would be evaluated for UE usage type, requested service type, account information, security policies; herein, account information could be a fist level of security for account holder and security policies would be a second level or higher levels of security) for the NSD (a network service can be described by a network slice descriptor which is a deployment template for instantiating the NS in par. 0046); 
deploying the network slice using one of the network slice templates (Slice Selection Function SSF in fig. 11-20 would have deployed one or more of MTC slice, eMMB slice and URLLC slice for UE); and
monitoring the parameters of the assets of the network slice for changes to the deployed network slice (2010 & 2016 in fig. 20 are monitoring the parameters of the network slice if changing is required to the deployed network slice).
	Although Vrzic does not disclose: “storing definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices; storing, by a network device, multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD); a requested security assurance level; a security assurance level that corresponds to the requested security assurance level; and the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice”, the claim limitations are considered obvious by the following rationales.
	Firstly, to consider the obviousness of the claim limitations “storing definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices”, it’s to note that claim does not specifically define what are required to be multiple security assurance levels and what the security parameters are. In fact, Vrzic explains authentication as a security layer to protect a user (1422 in fig. 14, 1522 in fig. 15, 1622 in fig. 16, 1812 in fig. 18). In particular, Huo teaches maintaining a database for storing information about subscriber devices and network slices (202 in fig. 2) and a single key and derived keys for 4 independent credentials and 7 credential levels (see Table 3 in par. 0123).

    PNG
    media_image1.png
    209
    302
    media_image1.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify orchestration for network slicing of Vrzic by providing security features in next generation networks as taught in Huo. Such a modification would have included a security network derivation technique to generate an ephemeral root key using a static key and one or more secondary credentials, and to generate a plurality of subordinate keys using the ephemeral root key so that the coordinated credential could be accomplished to provide security to network communications and devices in the next generation network as suggested in par. 0004 & 0007-0009 of Huo.
	Secondly, to consider the obviousness of the claim limitation “storing, by a network device, multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD)”, recall that Vrzic describes a network service descriptor for deploying a template for instantiating the NS and a set of network functions to provide the requested service (par. 0046 and see network slices and network functions in fig. 7-11).  In particular, Huo teaches 4 independent credentials and 7 credential levels (Table 3 on page 8) and the security associations between the user device or the user groups and the device network corresponding to network slice (fig. 16 and Table 4 on page 9). One of ordinary skill in the art would have combined Vrzic’s network service descriptor and Huo’s credential levels to record the network slice with the network service descriptor and the corresponding credential levels to each network slice. However, applicant may argue that Vrzic does not explicitly show multiple network slices with the corresponding network service descriptor. The evidence for how the network slice could be described in Yavuz. In particular, Yavuz teaches defining service type, allowed applications and service level objectives SLO and assigning them to microslice (fig. 3-8).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify orchestration for network slicing of Vrzic in view of Huo by providing microslicing communication networks with service level assured objectives as taught in Yavuz. Such a modification would have included a mircoslicing in wireless communication networks to provide a reliable wireless network infrastructure so that enterprises could have flexibiy created and managed network slices with reduced costs as suggested in par. 0089 of Yavuz.
	Thirdly, to address the obviousness of the claim limitations “a requested security assurance level; and a security assurance level that corresponds to the requested security assurance level”, recall that Vrzic explains a slice request including security policy, as to a security level (UE attaches to one or more network slices in par. 0086; see attach request in fig. 2-3, 8 & 11-19). What’s more, Huo describes the different credential levels for security (Table 3-4 on pages 8-9). Thus, one of ordinary skill in the art would have included confidential level of Huo in the slice request of Vrzic. To advance the prosecution, further evidence for providing security assurance could be seen in Marinho. In particular, Marinho teaches secured network slice SNS (par. 0073) to be assured with 3 different security levels (par. 0110, see fig. 5 and assurance in par.0092-0093).
	Lastly, to consider the obviousness of the claim limitation “the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice”, it’s to note that claim does not specifically define what are required to be the security parameters. Recall that Vrzic explains a slice request including security policy, as to a security level (UE attaches to one or more network slices in par. 0086; see attach request in fig. 2-3, 8 & 11-19). Moreover, Huo displays credential levels for network slice security (Tables 3-4 on pages 8-9 respectively) using security key including a static key and one or more credentials (par. 0036 and fig. 3; herein, security parameters could be reasonably interpreted as security key, a static key and credentials). What’s more, Huo discusses security monitoring (par. 0152, 0153, 0156 and see fig. 17). In particular, Marinho teaches secured network slice SNS (par. 0073) to be assured with 3 different security levels (par. 0110, see fig. 5 and assurance in par.0092-0093).
	For the above reasons, the claim limitations are considered obvious since some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention. See MPEP 2143, KSR Exemplary Rationale F.
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify orchestration for network slicing of Vrzic in view of Huo and Yavuz by providing transit path security assured network slices as taught in Marinho to obtain the claimed invention as specified in the claim. Such a modification would have provided network slices to create the trust and security of communications in 5G architecture so that the enhanced digital certificate would have assured the trust between logical networks including VNF, application servicers, database servers, proxies and entries edges with the flexibility for controlling the permitted and prohibited lists as suggested in par. 0007 & 0009 of Marinho.

Claim 6
Vrzic, in view of Huo, Yavuz, and Marinho, discloses the method of claim 1, wherein the security parameters include an isolation parameter for the assets (Huo, the isolation parameter could be reasonably interpreted as a singly key explained in par. 0124 for credential levels in Table 3, and thus, the combined prior art renders the claim obvious).

Claim 7
Vrzic, in view of Huo, Yavuz, and Marinho, discloses the method of claim 6, wherein the isolation parameter is a parameter selected from one of: 
a physical isolation parameter, a logical isolation parameter (isolation in  tables 4-5 of par. 0146 of Huo), or a cryptographic isolation parameter (Huo, a cryptographic isolation parameter can be reasonably interpreted as a single key in par. 0124; therefore, the combined prior art meets the claim requirement).

Claim 8
Vrzic, in view of Huo, Yavuz, and Marinho, discloses the method of claim 1, wherein receiving the request includes: 
providing a catalog of security parameters (a catalog of security parameters could be reasonably interpreted as table 3 in par. 0124 of Huo), receiving a selection of requested security parameters from the catalog of security parameters (Vrzic, slice selection function SSF in fig. 8-18 for selecting a network slice supporting a request service type and security policies), and associating the requested security parameters with the requested security assurance level (Tables 4-5 in par. 0146 of Huo  associating credential levels to the supporting network in par. 0146; accordingly, one of ordinary skill in the art would have expected the claim to perform equally well with the combined prior art).
Claim 9
Vrzic, in view of Huo, Yavuz, and Marinho, discloses the method of claim 1, wherein receiving the request includes: 
providing a catalog of security parameters (a catalog of security parameters could be reasonably interpreted as table 3 in par. 0124 of Huo), receiving a selection of the requested security assurance level (Vrzic, slice selection function SSF in fig. 8-18 for selecting a network slice supporting a request service type and security policies in view of credential levels in Table 3 in par. 0124 of Huo), and assigning default security parameters associated with the requested security assurance level (Tables 4-5 in par. 0146 of Huo for associating credential levels to the supporting network in par. 0146; accordingly, one of ordinary skill in the art would have expected the claim to perform equally well with the combined prior art).

Claim 11, 15 and 16
	Claims 11, 15 and 16 are device claims corresponding to method claims 1, 6 and 7. All of the limitations in claims 11, 15 and 16 are found reciting for structures of the same scopes of the respective limitations of claims 1, 6 and 7. Accordingly, claims 11, 15 and 16 are considered obvious by the same rationales applied in the rejection of claims 1, 6 and 7 respectively set forth above. Additionally, Vrzic discloses a network device (fig. 4 includes network devices), comprising a processor (any network device in fig. 4 would include at least a typical processor).


Claim 17
Vrzic, in view of Huo, Yavuz, and Marinho, discloses the network device of claim 11, wherein, when receiving the request, the processor is further configured to: 
provide to a user a catalog of security features (a catalog of security parameters could be reasonably interpreted as table 3 in par. 0124 of Huo) for the network slice, or 
provide to the user a list of service requirement on security for the network slice (Tables 4-5 in par. 0146 of Huo for associating credential levels to the supporting network in par. 0146; accordingly, one of ordinary skill in the art would have expected the claim to perform equally well with the combined prior art).

Claim 18 and 20
	Claims 18 and 20 are product claims corresponding to method claims 1 and 8 or device claims 11 and 17. All of the limitations in claims 18 and 20 are found reciting for the same scopes of the respective limitations of claims 1 and 8 or claims 11 and 17. Accordingly, claims 18 and 20 are considered obvious by the same rationales applied in the rejection of claims 1 and 8 or claims 11 and 17 respectively set forth above.

6.	Claims 3, 5, 13, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Vrzic in view of Huo, Yavuz, Marinho, and Verma et al. Patent No.: US 10,531,305 B1.



Claim 3
Although Vrzic, in view of Huo, Yavuz, and Marinho, does not disclose “the method of claim 1, further comprising: detecting, based on the monitoring, a security threat on the network slice; and transferring, in response to the detecting, network traffic from the network slice with the requested security assurance level to another network slice with a higher security assurance level, of the multiple security assurance levels, than the requested security assurance level”, claim 3 is considered obvious by the following rationales.
	Firstly, the claim limitation “detecting, based on the monitoring, a security threat on the network slice” is considered obvious by the rationale fond in Verma. In particular, Verma teaches a security platform (lines 48-67 of col. 5) for extracting a network slice identifier S-NASSAI to apply security for a customer (lines 35-40 of col. 6) in order to provide threat prevention (lines 56-62 of col. 6, lines 18-24 of col. 7), URL filtering (lines 63-67 of col. 6), and threat detection (lines 11-17 of col. 7).
	Secondly, to address the obviousness of the claim limitations “transferring, in response to the detecting, network traffic from the network slice with the requested security assurance level to another network slice with a higher security assurance level, of the multiple security assurance levels, than the requested security assurance level”, recall that Vrzic explains transferring the communication from the congested NS to the NS with the greater quality of service (fig. 20). Furthermore, Huo displays credential levels for network slice security (Tables 3-4 on pages 8-9 respectively) using security key including a static key and one or more credentials (par. 0036 and fig. 3; herein, security parameters could be reasonably interpreted as security key, a static key and credentials). In particular, Verma teaches modifying N4 session during RRC reconfiguration (fig. 2J).
	For the above reasons, claim limitations are considered obvious since some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention. See MPEP 2143, KSR Exemplary Rationales G.
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify orchestration for network slicing of Vrzic in view of Huo, Yavuz, and Marinho by providing service based security as taught in Verma to obtain the claimed invention as specified in the claim. Such a modification would have included a security platform to filter inbound and outbound traffic with a set of security rules or policies so that it could have protected networks from unauthorized access while permitting authorized communications as suggested in lines 7-26 of col. 1 of Verma.

Claim 5
Although Vrzic, in view of Huo, Yavuz, and Marinho, does not disclose: “the method of claim 1, further comprising: detecting, based on the monitoring, a security threat on the network slice; identifying a deployed mitigation asset for the network slice; and automatically adapting the deployed network slice configuration with a different mitigation asset based on the detection of security threat”, claim 5 is considered obvious by the following rationales.
Firstly, the claim limitations “detecting, based on the monitoring, a security threat on the network slice; identifying a deployed mitigation asset for the network slice” are considered obvious by the rationales found in Verma. Recall that Yavuz explains service levels objectives (SLO) for selecting Network Slice (NS) (fig. 3-7) by identifying the NS based on the KPI or quality of service (fig. 11-12). In particular, Verma teaches a security platform (lines 48-67 of col. 5) for extracting a network slice identifier S-NASSAI to apply security for a customer (lines 35-40 of col. 6) in order to provide threat prevention (lines 56-62 of col. 6, lines 18-24 of col. 7), URL filtering (lines 63-67 of col. 6), and threat detection (lines 11-17 of col. 7). Furthermore, Verma teaches RRC reconfiguration (see fig. 2I-2J).
Secondly, to address the obviousness of the claim limitation “automatically adapting the deployed network slice configuration with a different mitigation asset based on the detection of security threat”, recall that Vrzic explains switching the communication from the congested NS to the NS with the greater quality of service (fig. 20). Furthermore, Huo displays credential levels for network slice security (Tables 3-4 on pages 8-9 respectively) using security key including a static key and one or more credentials (par. 0036 and fig. 3; herein, security parameters could be reasonably interpreted as security key, a static key and credentials). In particular, Verma teaches modifying N4 session during RRC reconfiguration (fig. 2J).
For the above reasons, claim limitations are considered obvious since some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention. See MPEP 2143, KSR Exemplary Rationales G.
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify orchestration for network slicing of Vrzic in view of Huo, Yavuz, and Marinho by providing service based security as taught in Verma to obtain the claimed invention as specified in the claim. Such a modification would have included a security platform to filter inbound and outbound traffic with a set of security rules or policies so that it could have protected networks from unauthorized access while permitting authorized communications as suggested in lines 7-26 of col. 1 of Verma.

Claim 13 and 14
	Claims 13-14 are device claims corresponding to method claims 3 and 5. All of the limitations in claims 13-14 are found reciting the same scopes of the respective limitations of claims 3 and 5. Accordingly, claims 13-14 are considered obvious by the same rationales applied in the rejection of claims 3 and 5 respectively set forth above.

Claim 19
	Claim 19 is a product claim corresponding to method claim 3. All of the limitations of claim 19 are found reciting the same scopes of the respective limitations of claim 3. Accordingly, claim 3 is considered obvious by the same rationales applied in the rejection of claim 3 set forth above.



Allowable Subject Matter
7.	Claims 2, 4, 10 and 12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Contact Information
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAN HTUN whose telephone number is (571)270-3190.  The examiner can normally be reached on Monday - Thursday 7 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong Hu can be reached on 5712723965.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SAN HTUN/
Primary Examiner, Art Unit 2643