Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 08/23/2022 has been acknowledged. Claims 21-41, as originally filed, are currently pending and have been considered below. Claim 21 and 37 are independent claim. Claim 41 is added new.

Double Patenting rejection is withdrawn in view of Terminal Disclaimer filed on 08/23/2022.

Priority
This application is a 371 of PCT/EP2019/062986 filed on 05/20/2019. PCT/EP2019/062986 claims the benefit of PRO 62/674,179 filed on 05/21/2018.

Remarks and Response
Applicant’s arguments filed in the amendments on 08/23/2022 have been fully considered but they are not persuasive. The reasons set forth below.

Response to Arguments
On pages 8 of the remarks, applicant argued that Bykampadi fails to disclose any security policy that indicates which one or more portions of the content of a field in a message are to be used by inter-domain security measures by indicating how to parse the content of the field.
Examiner respectfully disagrees. Independent claim 21 recites limitations in alternate form. Claim 21 recites:
performing inter-domain security measures according to a security policy that indicates: 
which one or more portions of the content ………..used by the inter-domain security measures; 
and/or 
which types of messages are to be used by the inter- domain security measures.
There is an OR clause in the claim which puts the limitation in alternate form. The limitation “which types of messages are to be used by the inter- domain security measures” is still taught by reference Bykampadi. ¶[0047], the SEPP is the entity that resides at the perimeter of the network and performs Application Layer Security (ALS) on information elements in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052].

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim 21-41 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bykampadi (US Patent Application Publication No 2019/0253395 A1).  

Regarding Claim 21, Bykampadi discloses a method performed by network equipment configured as a proxy for one of multiple different core network domains of a wireless communication system, the method comprising: 
receiving a message that has been, or is to be, transmitted between the different core network domains (Bykampadi, Fig-3, ¶[0046], a visiting public land mobile network (VPLMN) operatively coupled via an intermediate Internetwork Packet Exchange (IPX) network to a home public land mobile network (HPLMN). The presence of a Security Edge Protection Proxy (SEPP) at the edge of each PLM network); and 
performing inter-domain security measures according to a security policy that indicates (Bykampadi, Fig-3, ¶[0046], visiting public land mobile network (VPLMN) operatively coupled via an intermediate Internetwork Packet Exchange (IPX) network to a home public land mobile network (HPLMN). The presence of a Security Edge Protection Proxy (SEPP) at the edge of each PLM network): 
which one or more portions of the content of a field in the message are to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface); and/or 
which types of messages are to be used by the inter- domain security measures (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 22, Bykampadi discloses the method of claim 21, wherein the security policy indicates which one or more portions of the content of a field in the message are to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, Fig-3, ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 23, Bykampadi discloses the method of claim 21, wherein the security policy indicates which types of messages are to be used by the inter-domain security measures. (Bykampadi, Fig-3, ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 24, Bykampadi discloses the method of claim 21, wherein the security policy indicates which portion of the content of a field in message is a public land mobile network identity or a fully qualified domain name to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the public land mobile network identity or a fully qualified domain name that is to be used by the inter-domain security measures (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).

Regarding Claim 25, Bykampadi discloses the method of claim 21, wherein the security policy indicates which portion of the content of a field in the message is a subscriber permanent identifier, SUPI, to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the SUPI that is to be used by the inter-domain security measures (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN).

Regarding Claim 26, Bykampadi discloses the method of claim 21, wherein the inter-domain security measures include inter-domain anti-spoofing measures for securing the core network domain for which the proxy is configured against spoofing of the message (Bykampadi, Fig-3, ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 27, Bykampadi discloses the method of claim 21, wherein the network equipment is configured as a first proxy for a first core network domain, wherein said receiving comprises receiving the message from a second proxy that is a proxy for a second core network domain, and wherein performing the inter-domain security measures using the one or more indicated portions comprises verifying whether a core network domain identified from the one or more indicated portions is the second core network domain for which the second proxy is a proxy (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).

Regarding Claim 28, Bykampadi discloses the method of claim 21, wherein the message has been transmitted between the different core network domains, and wherein performing the inter-domain security measures using the one or more indicated portions comprises:
determining an expected identifier that is expected for the one or more indicated portions (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner); and 
verifying whether an identifier associated with a proxy from which the message was received matches the expected identifier (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).

Regarding Claim 29, Bykampadi discloses the method of claim 21, further comprising receiving the security policy from a discovery service (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 30, Bykampadi discloses the method of claim 21, wherein the one or more portions that are to be used by the inter-domain security measures according to the security policy include one or more of: a public land mobile network identity, a fully qualified domain name, or a subscriber permanent identifier, SUPI (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN. Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).

Regarding Claim 31, Bykampadi discloses the method of claim 21, wherein the security policy includes one or more regular expressions, one or more search patterns, and/or one or more substrings with which the network equipment is to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN. Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner. ¶[0078], a proposed HTTP request message format which includes a separate security indicator value in every JavaScript Object Notation (JSON) based IE in the HTTP message body).

Regarding Claim 32, Bykampadi discloses the method of claim 22, wherein the method further comprises extracting the one or more portions of the content of the field for using in the inter-domain security measures, by parsing the content using the security policy (Bykampadi, ¶[0065] - ¶[0070], parses the HTTP message payload beginning from the first IE. Once the SEPP parses the message completely, it transmits the secure message over the N32 interface).

Regarding Claim 33, Bykampadi discloses the method of claim 22, wherein the message is a Hypertext Transfer Protocol (HTTP) message and the field is an HTTP field (Bykampadi, ¶[0065] - ¶[0070], parses the HTTP message payload beginning from the first IE. Once the SEPP parses the message completely, it transmits the secure message over the N32 interface).

Regarding Claim 34, Bykampadi discloses the method of claim 22, wherein the message is an application layer message (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 35, Bykampadi discloses the method of claim 21, wherein the network equipment is configured as a Security Edge Protection Proxy, SEPP (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP).

Regarding Claim 36, Bykampadi discloses the method of claim 21, wherein the core network domains comprise core networks of different public land mobile networks, PLMNs (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).

Regarding Claim 37, Bykampadi discloses network equipment configured as a proxy for one of multiple different core network domains of a wireless communication system, wherein the network equipment comprises communication circuitry and processing circuitry wherein the network equipment is configured to: 
receive a message that has been, or is to be, transmitted between the different core network domains (Bykampadi, Fig-3, ¶[0046], a visiting public land mobile network (VPLMN) operatively coupled via an intermediate Internetwork Packet Exchange (IPX) network to a home public land mobile network (HPLMN). The presence of a Security Edge Protection Proxy (SEPP) at the edge of each PLM network); and 
perform inter-domain security measures according to a security policy that indicates (Bykampadi, Fig-3, ¶[0046], visiting public land mobile network (VPLMN) operatively coupled via an intermediate Internetwork Packet Exchange (IPX) network to a home public land mobile network (HPLMN). The presence of a Security Edge Protection Proxy (SEPP) at the edge of each PLM network): 
which one or more portions of the content of a field in the message are to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface);
and/or 
which types of messages are to be used by the inter- domain security measures (Bykampadi, Fig-3, ¶[0047], SEPP resides at the perimeter of the network and perform Application layer security (ALS) on information element in HTTP messages before the messages are sent externally over a roaming interface. ¶[0052], the application layer traffic comprises all the IEs in the HTTP message payload and sensitive information in the HTTP message header. Not all the IEs get the same security treatment in SEPP. Some IEs require e2e encryption, some only requires e2e integrity protection, while some IEs require e2e integrity protection. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 38, Bykampadi discloses the network equipment of claim 37, wherein the security policy indicates which one or more portions of the content of a field in the message are to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN. Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner. ¶[0063], NFs are aware of how IEs need to be secured. An NF sets the indicator value in each of the IEs in the message as it constructs the HTTP request message to be sent over the roaming interface).

Regarding Claim 39, Bykampadi discloses the network equipment of claim 37, wherein the security policy indicates which portion of the content of a field in the message is a public land mobile network identity, a fully qualified domain name, or a subscriber permanent identifier, SUPI, to be used by the inter-domain security measures by indicating how to parse the content of the field in order to identify the public land mobile network identity, the fully qualified domain name, or the SUPI that is to be used by the inter-domain security measures (Bykampadi, Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner). 

Regarding Claim 40, Bykampadi discloses the network equipment of claim 37, wherein the security policy includes one or more regular expressions, one or more search patterns, and/or one or more substrings with which the network equipment is to parse the content of the field in order to identify the one or more portions that are to be used by the inter-domain security measures (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN. Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner. ¶[0078], a proposed HTTP request message format which includes a separate security indicator value in every JavaScript Object Notation (JSON) based IE in the HTTP message body). 

Regarding Claim 41, Bykampadi discloses the method of claim 22, wherein the security policy indicates how to parse the content of the field, in order to identify the one or more portions that are to be used by the inter- domain security measures, with information that is agnostic as to a type, structure, and formatting of the content of the field (Bykampadi, ¶[0052], some of the IEs include a permanent subscription identity (SUPI) of the UE or encrypted SUPI, an IP address of the UE, an IP address of the NFs or their identifiers within a PLMN. Fig-4, ¶[0074]- ¶[0077], the AMF NF first sends the HTTP request message to its local SEPP. The vSEPP applies ALS and sends secure message on the N32 interface to AUSF NFs in HPLMN. The hSEPP is at the edge of the HPLMN and received all incoming HTTP messages from its roaming partner).


Conclusion
THIS ACTION IS MADE FINAL. See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433