Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019.
3.	This communication is in response to Applicant’s claims filed on 08 December 2020. Claims 1-20 remain pending.


Information Disclosure Statement
4.	The Information Disclosure Statements respectfully submitted on 08 December 2020, 26 March 2021, 15 July 2022, and 22 September 2022 have been considered by the Examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bykampadi et al. (Pub No. 2019/0253894) in view of Yang (Pub No. 2020/0267214).
Referring to the rejection of claim 1, Bykampadi et al. discloses a method for automatic key management of network access token public keys for 5G core (5GC) authorization to mitigate security attacks, the method comprising: 
at a network function (NF) repository function (NRF) including at least one processor and a memory: (See Bykampadi et al., Fig. 1 and 2, the network functions, item 202 and 204 is disclosed as NF service consumers and NF service producers, comprising a processor, items 212 and 222 and a memory, items 216 and 226, an authorization server, item 404 is disclosed as a network repository function NRF in visiting and home networks)
maintaining in the memory, a network access token public key database including at least one public key for use by producer NFs in validating network access tokens presented in service requests from consumer NFs; (See Bykampadi et al., para. 65-67, i.e. authorization server is disclosed as a database for maintaining network access tokens, public keys, and different access levels wherein at least one public key for use by the NF Service Producer is provided for verification)
providing, to the producer NFs, a network access token public key status notification subscription interface for allowing the producer NFs to subscribe to receive notification of updates in status of the at least one public key; (See Bykampadi et al., para. 65-66, i.e. a digitally signed access token (JSON Web Token) is provided to the NF Service Producer for allowing the NFs to subscribe and receive a notification status of at least one public key) 
receiving, via the network access token public key status notification subscription interface, a request from a producer NF to be notified of updates in status of the at least one public key, and, in response, creating a subscription for the producer NF; (See Bykampadi et al., para. 33 and 66, i.e. the NF Service Consumer receives a request from the NF Service Producer to be notified and in response, the AMF, item 106 disclosed in Fig. 1 creates the subscription for the NF Service Producer)
determining that an update in status of the at least one public key is needed, in response to determining that the update in status of the at least one public key is needed: updating the status of the at least one public key; (See Bykampadi et al., para. 66 and 80, i.e. the NF Service Producer verifies the status of the received JWT based on the public key’s certificate, if the verification status is successful, the requested NF Service is granted to the NF Service Consumer by the NF Service Producer)
However, Bykampadi et al. fail to explicitly disclose identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key and notifying the producer NF of the update in status of the at least one public key.  
Yang discloses a method and system for enabling status updates in a 5G Core network. 
Yang discloses identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key; (See Yang, Fig. 1 and para. 103-104, identifying from the subscription that the server producer receives status updates via the NRF)
Yang discloses and notifying the producer NF of the update in status of the at least one public key.  (See Yang, para. 104-106, i.e. notifying the service producer of the status update via a web link for query wherein a digitally signed access token JSON is used)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Bykampadi et al.’s security management for roaming service authorization in communication systems with service-based architecture modified with Yang’s method and system for enabling status updates in a 5G Core network. Motivation for such an implementation would enable status updates effectively in a 5G core network (See Yang, para. 30)

Referring to the rejection of claim 2, (Bykampadi et al. modified with Yang) discloses wherein maintaining the network access token public key database includes maintaining, in the network access token public key database, a plurality of public keys, at least some of which are associated with different service access levels. (See Bykampadi et al., para. 65-67, i.e. authorization server is disclosed as a database for maintaining network access tokens, public keys, and different access levels wherein at least one public key for use by the NF Service Producer is provided for verification)

Referring to the rejection of claim 3, (Bykampadi et al. modified with Yang) discloses wherein the different service access levels include a public land mobile network (PLMN) service level, a network slice level, an NF type level, and a service level.  (See Bykampadi et al., para. 37, 50, 80, and 90, i.e. different access levels of public land mobile network (VPLMN and HPLMN), a network slice, an audience of the token is disclosed as the NF type, and the service level comprises the PLMN IDs)

Referring to the rejection of claim 4, (Bykampadi et al. modified with Yang) discloses wherein the at least one public key is associated with one of the service access levels and wherein updating the status of the at least one public key includes revoking the public key at the one service access level. (See Bykampadi et al., para. 93, i.e. the public key is associated with requested services wherein updating includes restricting access to a service access level)

Referring to the rejection of claim 5, (Bykampadi et al. modified with Yang)  discloses wherein providing the public key status notification subscription interface includes providing an interface for receiving subscription requests from the producer NFs, where the subscription requests can include service access level identification information and a request for an immediate key.  (See Bykampadi et al., para. 60 and 63-65, i.e. providing an API for subscriber’s requests from the NF service producers including the identification of the client and request for the public key)

Referring to the rejection of claim 6, (Bykampadi et al. modified with Yang) discloses wherein the subscription request includes the request for an immediate key and further comprising communicating a public key to the producer NF in response to the subscription request. (See Bykampadi et al., para. 84, i.e. the NRF issues the O.Auth 2.0 access tokens and perform automatic access token key management for a public key in response to the request)

Referring to the rejection of claim 7, (Bykampadi et al. modified with Yang)  discloses wherein creating the subscription includes creating or updating a record in the database to identify the NF as a subscriber to the updates in status of the at least one public key.  (See Bykampadi et al., para. 63, i.e. the NF service consumer is identified as a subscriber during the registration with the authorization server wherein a public key is provided)

Referring to the rejection of claim 8, (Bykampadi et al. modified with Yang)  discloses wherein determining that an update in status of the at least one public key is needed includes determining that at least one network access token signed using at least one private key corresponding to the at least one public key has been compromised and updating the status of the at least one public key includes revoking the at least one public key.  (See Bykampadi et al., para. 80 and 93, i.e. the status of the public key needed to determine the JWT access token signed using a private key has been compromised, a status update will prevent access of the JWT from being replayed)
Referring to the rejection of claim 9, (Bykampadi et al. modified with Yang) discloses wherein determining that a change in status of the at least one public key is needed includes determining that a revocation of the at least one public key is needed in response to expiration of a configurable time period and updating the status of the at least one public key includes revoking the at least one public key.  (See Bykampadi et al., para. 80 and 93, i.e. determining if the status of the public key has changed includes revoking the public key in response to expiration time of the JWT access token signed and a status update will restrict access to specific services in the NF Service Producer)

Referring to the rejection of claim 10, (Bykampadi et al. modified with Yang) discloses comprising, at the producer NF: receiving the notification of the update in status of the at least one public key, wherein the notification of the update in status includes at least one replacement public key for the at least one public key; (See Bykampadi et al., para. 80) receiving a service request from a consumer NF, the service request including a network access token; (See Bykampadi et al., para. 80) attempting to validate the service request using the at least one replacement public key; determining that the validation fails; (See Bykampadi et al., para. 80 and 93) and preventing the consumer NF from accessing a service identified in the service request.  (See Bykampadi et al., para. 80 and 93)

Referring to the rejection of claim 11, (Bykampadi et al. modified with Yang) discloses a system for automatic key management of network access token public keys for 5G core (5GC) to mitigate security attacks, the system comprising: 
a network function (NF) repository function (NRF) including at least one processor and a memory; (See Bykampadi et al., Fig. 1 and 2, the network functions, item 202 and 204 is disclosed as NF service consumers and NF service producers, comprising a processor, items 212 and 222 and a memory, items 216 and 226, an authorization server, item 404 is disclosed as a network repository function NRF in visiting and home networks)
a network access token public key database located in the memory and including at least one public key for use by producer NFs in validating network access tokens presented in service requests from consumer NFs; (See Bykampadi et al., para. 65-67, i.e. authorization server is disclosed as a database for maintaining network access tokens, public keys, and different access levels wherein at least one public key for use by the NF Service Producer is provided for verification)
and an automatic access token key manager implemented by the at least one processor for maintaining the network access token public key database, (See Bykampadi et al., Fig. 1 and 2, the automatic access token key manager is disclosed as the AMF (Access and Mobility Management Function), item 106 and the security management processing, items 214 and 224 implemented by a processor for maintaining the authorization server)
providing, to the producer NFs, a network access token public key status notification subscription interface for allowing the producer NFs to subscribe to receive notification of updates in status of the at least one public key, (See Bykampadi et al., para. 65-66, i.e. a digitally signed access token (JSON Web Token) is provided to the NF Service Producer for allowing the NFs to subscribe and receive a notification status of at least one public key)
receiving, via the network access token public key status notification subscription interface, a request from a producer NF to be notified of updates in status of the at least one public key, and, in response, creating a subscription for the producer NF, (See Bykampadi et al., para. 33 and 66, i.e. the NF Service Consumer receives a request from the NF Service Producer to be notified and in response, the AMF, item 106 disclosed in Fig. 1 creates the subscription for the NF Service Producer)
determining that an update in status of the at least one public key is needed, and in response to determining that the update in status of the at least one public key is needed: updating the status of the at least one public key; (See Bykampadi et al., para. 66 and 80, i.e. the NF Service Producer verifies the status of the received JWT based on the public key’s certificate, if the verification status is successful, the requested NF Service is granted to the NF Service Consumer by the NF Service Producer)
However, Bykampadi et al. fail to explicitly disclose identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key and notifying the producer NF of the update in status of the at least one public key.  
Yang discloses a method and system for enabling status updates in a 5G Core network. 
Yang discloses identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key; (See Yang, Fig. 1 and para. 103-104, identifying from the subscription that the server producer receives status updates via the NRF)
Yang discloses and notifying the producer NF of the update in status of the at least one public key.  (See Yang, para. 104-106, i.e. notifying the service producer of the status update via a web link for query wherein a digitally signed access token JSON is used)
The rationale for combining Bykampadi in view of Yang is the same as claim 1.

Referring to the rejection of claim 12, (Bykampadi et al. modified with Yang) discloses wherein the automatic access token key manager is configured to maintain, in the network access token public key database, a plurality of public keys, at least some of which are associated with different service access levels. (See Bykampadi et al., para. 65-67, i.e. authorization server is disclosed as a database for maintaining network access tokens, public keys, and different access levels wherein at least one public key for use by the NF Service Producer is provided for verification)

Referring to the rejection of claim 13, (Bykampadi et al. modified with Yang) discloses wherein the different service access levels include a public land mobile network (PLMN) level, a network slice level, an NF type level, and a service level.  (See Bykampadi et al., para. 37, 50, 80, and 90, i.e. different access levels of public land mobile network (VPLMN and HPLMN), a network slice, an audience of the token is disclosed as the NF type, and the service level comprises the PLMN IDs)

Referring to the rejection of claim 14, (Bykampadi et al. modified with Yang) discloses wherein the at least one public key is associated with one of the service access levels and wherein updating the status of the at least one public key includes revoking the public key at the one service access level.  (See Bykampadi et al., para. 93, i.e. the public key is associated with requested services wherein updating includes restricting access to a service access level)

Referring to the rejection of claim 15, (Bykampadi et al. modified with Yang) discloses wherein the subscription interface is configured to receive subscription requests from the producer NFs, where the subscription requests can include service access level identification information and a request for an immediate key.  (See Bykampadi et al., para. 60 and 63-65, i.e. providing an API for subscriber’s requests from the NF service producers including the identification of the client and request for the public key)

Referring to the rejection of claim 16, (Bykampadi et al. modified with Yang) discloses wherein the subscription request includes the request for an immediate key and, in response, the automatic access token key manager is configured to communicate a public key to the producer NF in response to the subscription request.  (See Bykampadi et al., para. 84, i.e. the NRF issues the O.Auth 2.0 access tokens and perform automatic access token key management for a public key in response to the request)

Referring to the rejection of claim 17, (Bykampadi et al. modified with Yang) discloses wherein, in creating the subscription, the automatic access token key manager is configured to create or update a record in the database to identify the NF as a subscriber to the updates in status of the at least one public key.  (See Bykampadi et al., para. 63, i.e. the NF service consumer is identified as a subscriber during the registration with the authorization server wherein a public key is provided) 

Referring to the rejection of claim 18, (Bykampadi et al. modified with Yang) discloses wherein the automatic access token key manager is configured to determine that an update in status for the at least one public key is needed in response to determining that at least one network access token signed using at least one private key corresponding to the at least one public key has been compromised and to update the status of the at least one public key by revoking the at least one public key.  (See Bykampadi et al., para. 80 and 93, i.e. the status of the public key needed to determine the JWT access token signed using a private key has been compromised, a status update will prevent access of the JWT from being replayed)

Referring to the rejection of claim 19, (Bykampadi et al. modified with Yang) discloses wherein the automatic access token key manager is configured to determine that an update in status for the at least one public key is needed in response to expiration of a configurable time period and to update the status of the at least one public key by revoking the at least one public key.  (See Bykampadi et al., para. 80 and 93, i.e. determining if the status of the public key has changed includes revoking the public key in response to expiration time of the JWT access token signed and a status update will restrict access to specific services in the NF Service Producer)

Referring to the rejection of claim 20, (Bykampadi et al. modified with Yang) discloses a non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer control the computer to perform steps comprising:
maintaining, in the non-transitory computer readable medium, a network access token public key database including at least one public key for use by producer network functions (NFs) in validating network access tokens presented in service requests from consumer NFs; (See Bykampadi et al., para. 65-67, i.e. authorization server is disclosed as a database for maintaining network access tokens, public keys, and different access levels wherein at least one public key for use by the NF Service Producer is provided for verification)
providing, to the producer NFs, a network access token public key status notification subscription interface for allowing the producer NFs to subscribe to receive notification of updates in status of the at least one public key; (See Bykampadi et al., para. 65-66, i.e. a digitally signed access token (JSON Web Token) is provided to the NF Service Producer for allowing the NFs to subscribe and receive a notification status of at least one public key) 
receiving, via the network access token public key status notification subscription interface, a request from a producer NF to be notified of updates in status of the at least one public key, and, in response, creating a subscription for the producer NF; (See Bykampadi et al., para. 33 and 66, i.e. the NF Service Consumer receives a request from the NF Service Producer to be notified and in response, the AMF, item 106 disclosed in Fig. 1 creates the subscription for the NF Service Producer)
determining that an update in status of the at least one public key is needed, in response to determining that the update in status of the at least one public key is needed: updating the status of the at least one public key; (See Bykampadi et al., para. 66 and 80, i.e. the NF Service Producer verifies the status of the received JWT based on the public key’s certificate, if the verification status is successful, the requested NF Service is granted to the NF Service Consumer by the NF Service Producer)
However, Bykampadi et al. fail to explicitly disclose identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key and notifying the producer NF of the update in status of the at least one public key.  
Yang discloses a method and system for enabling status updates in a 5G Core network. 
Yang discloses identifying, from the subscription, that the producer NF is subscribed to receive notification of updates in status of the at least one public key; (See Yang, Fig. 1 and para. 103-104, identifying from the subscription that the server producer receives status updates via the NRF)
Yang discloses and notifying the producer NF of the update in status of the at least one public key.   (See Yang, para. 104-106, i.e. notifying the service producer of the status update via a web link for query wherein a digitally signed access token JSON is used)
The rationale for combining Bykampadi in view of Yang is the same as claim 1.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/COURTNEY D FIELDS/Examiner, Art Unit 2436                                                                                                                                                                                                        December 1, 2022

/KENDALL DOLLY/Primary Examiner, Art Unit 2436