DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on May 7, 2021.  The application contains 20 claims.  Claims 1-20 are directed to a method, and an apparatus for detecting fake network device.  Claims 1-20 are pending.

Claim Objections
3.	Claims 1-20 are objected to because of the following informalities:
Referring to claims 1-20:
	Claims 1-20 are objected, because the claims contain unnecessary line numbers: 5, 10, 15, 20, and 25.
 Referring to claim 2:
	Claim 2 recites “wherein the performing, by the terminal device, security verification on the downlink message comprises:”, where ‘comprises’ should be ‘further comprises”, since Claim 1 recites “performing, by the terminal device, security verification on the downlink message, wherein the security verification comprises at least one of decryption or integrity protection verification”. 

Claim Rejections - 35 USC § 103

4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1-2, 6-7, 11-12, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Shu et al. (WO 2017/113063 A1, published on June 7, 2017, the rejection is based on the English translation), hereinafter “Shu”, in view of Huang et al. (U.S. 2017/0347249 A1), hereinafter “Huang”.
Referring to claims 1, 11:
	 	Shu teaches:
           An information security processing method, comprising (see Shu, fig. 10, the terminal device (on the left), the second network device (in the middle), the first network device (on the right)): 
           sending, by a terminal device, an uplink message to a second network device (see Shu, fig. 10, describes that the terminal device (on the left) sending an uplink message to the second device (in the middle));
          receiving, by the terminal device, a downlink message from the second network device, the downlink message is a message that is generated by a first network device based on the uplink message and on which security processing is performed, wherein the security processing comprises at least one of encryption or integrity protection (see Shu, fig. 10, describes that the terminal device (on the left) receiving a downlink message from the second network device (in the middle), wherein the downlink message is generated by the first network device (on the right) ); p. 13, 1st par. ‘achieve mutual authentication between the network device [i.e., the first network device ] and the user device [i.e.,  the terminal device ], and adopts an encryption protection mechanism and an integrity protection mechanism to implement communication between the user device and the network device [i.e., the first network device ]. Confidentiality and integrity’); and 
         performing, by the terminal device, security verification on the downlink message, wherein the security verification comprises at least one of decryption or integrity protection verification (see Shu, p. 13, 1st par. ‘achieve mutual authentication between the network device [i.e., the first network device ] and the user device [i.e.,  the terminal device ], and adopts an encryption protection mechanism and an integrity protection mechanism to implement communication between the user device and the network device [i.e., the first network device ]. Confidentiality and integrity’).
          However, Shu does not disclose wherein a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message.
		Huang discloses a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message (see Huang, [0036] ‘… comparing the time the short message was received …with a first time… and a second time… An assessment of whether the short message is from the pseudo base station [i.e., from a fake network device ] may be based on the result of the determination.’; [0088] ‘… the first time… the second time … calculate a first time interval between the first time and the second time … determine, when the first time interval is greater than a first preset time interval … the annoying short message from the pseudo base station [i.e., the fake network device ]’). 
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Huang into the system of Shu such that a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message.  Shu teaches " The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Huang’s teaching could enhance the system of Shu, because Huang teaches “An assessment of whether the short message is from the pseudo base station may be based on the result of the determination.” (see Huang, [0036]).
 Referring to claims 2, 12:
		Shu and Huang further disclose:
		wherein the performing, by the terminal device, security verification on the downlink message comprises: 
           performing, by the terminal device, the security verification on the downlink message based on second time information, wherein the second time information is time information determined by the terminal device based on a time point at which the uplink message is sent; and when the security verification performed by the terminal device on the downlink message fails, determining, by the terminal device, that the second network device is a fake network device (see Huang, [0036] ‘… comparing the time the short message was received …with a first time… and a second time… An assessment of whether the short message is from the pseudo base station [i.e., from a fake network device ] may be based on the result of the determination.’; [0004] ‘shorter messages are more easily transmitted to mobile terminals’).
                It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Huang into the system of Shu such that a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message.  Shu teaches "The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Huang’s teaching could enhance the system of Shu, because Huang teaches “An assessment of whether the short message is from the pseudo base station may be based on the result of the determination.” (see Huang, [0036]).
Referring to claims 6, 16:
	 	Shu teaches:
           An information security processing method, comprising (see Shu, fig. 10, the terminal device (on the left), the second network device (in the middle), the first network device (on the right)): 
           receiving, by a first network device, an uplink message from a second network device, wherein the uplink message is sent by a terminal device to the second network device (see Shu, fig. 10, describes that the first network device (on the right) receiving an uplink message from the second device (in the middle), wherein the uplink message is sent from the terminal device (on the left) to the second network device (in the middle) ); and 
           sending, by the first network device, a downlink message to the second network device, the downlink message is generated by the first network device for the uplink message, and the first network device performs security processing on the downlink message, wherein the security processing comprises at least one of encryption or integrity protection (see Shu, fig. 10, describes sending, by the first network device (on the right), a downlink message to the second network device (in the middle), wherein the downlink message is generate by the first network device (on the right); p. 13, 1st par. ‘achieve mutual authentication between the network device [i.e., the first network device ] and the user device [i.e.,  the terminal device ], and adopts an encryption protection mechanism and an integrity protection mechanism to implement communication between the user device and the network device [i.e., the first network device ]. Confidentiality and integrity’).
          However, Shu does not disclose wherein a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message.
		Huang discloses a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message (see Huang, [0036] ‘… comparing the time the short message was received …with a first time… and a second time… An assessment of whether the short message is from the pseudo base station [i.e., from a fake network device ] may be based on the result of the determination.’; [0088] ‘… the first time… the second time … calculate a first time interval between the first time and the second time … determine, when the first time interval is greater than a first preset time interval … the annoying short message from the pseudo base station [i.e., the fake network device ]’). 
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Huang into the system of Shu such that a security processing is performed on the downlink message based on the time information, such as the receiving time of the uplink message.  Shu teaches "The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Huang’s teaching could enhance the system of Shu, because Huang teaches “An assessment of whether the short message is from the pseudo base station may be based on the result of the determination.” (see Huang, [0036]).
 Referring to claims 7, 17:
		Shu and Huang further disclose:
		performing, by the first network device, security processing on the downlink message by using a first key (see Shu, p. 13, 1st par. ‘achieve mutual authentication between the network device [i.e., the first network device ] and the user device [i.e.,  the terminal device ], and adopts an encryption protection mechanism and an integrity protection mechanism to implement communication between the user device and the network device [i.e., the first network device ]. Confidentiality and integrity’).

6.	Claims 3-5, 8-10, 13-15, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shu et al. (WO 2017/113063 A1, published on June 7, 2017, the rejection is based on the English translation), in view of Huang et al. (U.S. 2017/0347249 A1), further in view of Badic et al. (U.S. 2020/0229206 A1), hereinafter “Badic”.
Referring to claims 3, 8, 13, 18:
		Shu and Huang disclose the limitations as described in claim 1. However, they do not disclose the random access procedure. 
	Bavic disclose the random access procedure (see Badic, [0587] ‘random access procedures’).
          It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Badic into the system of Shu to use the random access procedures.  Shu teaches "The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Badic’s teaching could enhance the system of Shu, because Badic discloses “using random access procedures. Virtual cell 5302 may then execute a random access VEF that handles random access procedures for terminal devices trying to connect to virtual cell 5302.” (see Badic, [0587]). 
Referring to claims 4, 9, 14, 19:
		Shu, Huang, and Badic further disclose:
	receiving, by the terminal device, a broadcast message from the first network device, wherein the broadcast message is a message on which the first network device performs security processing, and the broadcast message comprises at least one of random access channel RACH resource configuration information or a system frame number SFN (see Badic, [0609] ‘broadcast’; [1046] ‘RACH procedure’).
            It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Badic into the system of Shu to use the broadcast message, and the random access channel RACH.  Shu teaches "The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Badic’s teaching could enhance the system of Shu, because Badic discloses “using random access procedures. Virtual cell 5302 may then execute a random access VEF that handles random access procedures for terminal devices trying to connect to virtual cell 5302.” (see Badic, [0587]).
Referring to claims 5, 10, 15, 20:
		Shu, Huang, and Badic further disclose:
	wherein the uplink message comprises a message 3 in a random access procedure, and the downlink message comprises a message 4 in the random access procedure (see Shu, fig. 10, describing the uplink message such as a message 3, and downlink message such as a message 4. And, Badic, [0587] ‘random access procedures’).
          It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Badic into the system of Shu to use the random access procedures.  Shu teaches "The present application provides a NAS message processing, a cell list update method, and a device, which are used to solve the technical problem that a user equipment may be subjected to a DoS attack by a pseudo network device.” (see Shu, p. 2, 2nd par.).  Therefore, Badic’s teaching could enhance the system of Shu, because Badic discloses “using random access procedures. Virtual cell 5302 may then execute a random access VEF that handles random access procedures for terminal devices trying to connect to virtual cell 5302.” (see Badic, [0587]).
Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Noonan; Joseph S. et al. (US 11304123 B1) disclose Systems and methods for detecting and controlling transmission devices;
(b)	STOJANOVSKI; Alexandre Saso et al. (US 20220070664 A1) disclose protection of initial non-access stratum protocol message in 5g systems;
(c)	NAKARMI; Prajwol Kumar et al. (US 20210392498 A1) disclose methods, user equipment and network node, for detection of communication with a non-legitimate device;
(d)	Li; Weiqing (US 20210250769 A1) disclose Method for Handling Pseudo Base Station, Mobile Terminal, and Storage Medium;
(e)	LIU; Zhuang et al. (US 20210168608 A1) disclose method and apparatus for configuring and detecting information integrity;
(f)	Rosberg; Odd Helge (US 20210136585 A1) disclose Detecting False Cell Towers.

 	8.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                           




/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492