Method for Securing OpenRAN Interfaces

Detailed Action The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims filed on 01/08/2026 has been acknowledged. Claims 1-4, 6-7, 9-16, 18 and 20-24 are currently pending and have been considered below. Claim 1, 10, 14 and 23 are independent claim. Claims 5, 8, 17 and 19 are cancelled. Claims 24 has been added new. Priority The application claims the benefit of 62/968,814 filed on 01/31/2020. Remarks and Response Applicant’s arguments filed in the amendments on 01/08/2026 have been fully considered but are moot in view of new grounds of rejection. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1, 10, 14 and 21 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 application No. 17/977,528 and 17/875,507 in view of Jain (US Patent Application Publication No 2018/0097778 A1) in view of Bhaskaran (US Patent Application Publication No 2021/0112565 A1). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the co-pending application contains every element of claims of the instant application. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). This is a provisional non-statutory double patenting rejection because the conflicting claims have not been patented yet. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 1-2, 9-11, 13-15, and 20-24 are rejected under 35 U.S.C. 103 as being unpatentable over Jain (US Patent Application Publication No 2018/0097778 A1) in view of Bhaskaran (US Patent Application Publication No 2021/0112565 A1). Regarding Claim 1, Jain discloses a method for securing Open Radio Access Network (O-RAN) Interfaces, comprising: placing a stateful firewall (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed). mitigating compromised traffic in a radio access network (RAN) based on observing traffic or packets over a serial or packetized interface between the RU and the DU and detecting compromised traffic or packets (Jain, ¶[0036], the stateful engine may instruct the RX processing module to block the packet if the stateful engine upon processing the metadata classifies the packet as being impermissible under a set of firewall rules. ¶[0038], the system performs stateful packet classification of an incoming packet by looking at connection tracker table, a rules look up table, a container look up table, a stateful engine and an identifier hash unit). wherein messages that comply with a specified messaging protocol pass through the staeful firewall (Jain, ¶[0039], the incoming packet arrives at the stateful engine which processes the header information of the incoming packet in order to monitor. ¶[0040], the result of the look up in the rules table is provided to the stateful engine as packet marking. ¶[0045], the stateful engine uses the stateful information stored in the conn-track table in conjunction with the stateful lookup results in order to make stateful packet classification decisions or stateful firewall decisions). Jain does not explicitly teach the following limitation that Bhaskaran teaches: at a radio unit (RU)/distributed unit (DU) split interface wherein a portion of physical layer processing is performed at an RU and a portion of physical layer processing is performed at a (DU) (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). Fig-7, ¶[0072], lower layer split. ¶[0073], DU can be coupled to RU via fronthaul interface. Fig-8a, ¶[0078]) Jain in view of Bhaskaran are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “high flexibility in radio access network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Jain in view of Bhaskaran to include the idea of end to end slicing in wireless communication system which may include a lower layer split architecture. Network slicing feature accommodate different types of data traffic and usage (Bhaskaran, ¶[0005]-¶[0006]). Regarding Claim 2, Jain in view of Bhaskaran discloses the method of claim 1 further comprising performing network address translation (NAT) at the stateful firewall (Jain, ¶[0098], this is a simple index to address translation that allows the process to immediately locate the matching rule from the rules database without searching). Regarding Claim 9, Jain in view of Bhaskaran discloses the method of claim 1 further comprising the stateful firewall blocking outbound traffic (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed). Regarding Claim 10, Jain discloses a non-transitory computer-readable medium containing instruction for securing Open Radio Access Network (O-RAN) Interfaces, which, when executed, cause a system to perform steps comprising: operating a stateful firewall (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed); mitigating compromised traffic in a radio access network (RAN) based on observing traffic or packets over a serial or packetized interface between the RU and the DU and detecting compromised traffic or packets (Jain, ¶[0036], the stateful engine may instruct the RX processing module to block the packet if the stateful engine upon processing the metadata classifies the packet as being impermissible under a set of firewall rules. ¶[0038], the system performs stateful packet classification of an incoming packet by looking at connection tracker table, a rules look up table, a container look up table, a stateful engine and an identifier hash unit), wherein messages that comply with a specified messaging protocol pass through the stateful firewall (Jain, ¶[0039], the incoming packet arrives at the stateful engine which processes the header information of the incoming packet in order to monitor. ¶[0040], the result of the look up in the rules table is provided to the stateful engine as packet marking. ¶[0045], the stateful engine uses the stateful information stored in the conn-track table in conjunction with the stateful lookup results in order to make stateful packet classification decisions or stateful firewall decisions). Jain does not explicitly teach the following limitation that Bhaskaran teaches: at a radio unit (RU)/distributed unit (DU) split interface wherein a portion of physical layer processing is performed at an RU and a portion of physical layer processing is performed at a (DU) (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). Fig-7, ¶[0072], lower layer split. ¶[0073], DU can be coupled to RU via fronthaul interface. Fig-8a, ¶[0078]); Jain in view of Bhaskaran are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “high flexibility in radio access network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Jain in view of Bhaskaran to include the idea of end to end slicing in wireless communication system which may include a lower layer split architecture. Network slicing feature accommodate different types of data traffic and usage (Bhaskaran, ¶[0005]-¶[0006]). Regarding Claim 11, Jain in view of Bhaskaran discloses the non-transitory computer-readable medium of claim 10, wherein the instructions further comprise instructions for performing network address translation (NAT) at the stateful firewall (Jain, ¶[0098], this is a simple index to address translation that allows the process to immediately locate the matching rule from the rules database without searching). Regarding Claim 13, Jain in view of Bhaskaran discloses the non-transitory computer-readable medium of claim 10, wherein the instructions further comprise instructions for blocking outbound traffic (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed). Regarding Claim 14, Jain discloses a system securing OpenRadio Access Network (O-RAN) Interfaces, comprising: a stateful firewall, executed by the processor (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed), wherein the stateful firewall is configured to mitigate compromised traffic from a radio access network (RAN) based on observing traffic or packets over a serial or packetized interface between the RU and the DU and detecting compromised traffic or packets (Jain, ¶[0036], the stateful engine may instruct the RX processing module to block the packet if the stateful engine upon processing the metadata classifies the packet as being impermissible under a set of firewall rules. ¶[0038], the system performs stateful packet classification of an incoming packet by looking at connection tracker table, a rules look up table, a container look up table, a stateful engine and an identifier hash unit), and to pass through the stateful firewall messages that comply with a specified messaging protocol (Jain, ¶[0039], the incoming packet arrives at the stateful engine which processes the header information of the incoming packet in order to monitor. ¶[0040], the result of the look up in the rules table is provided to the stateful engine as packet marking. ¶[0045], the stateful engine uses the stateful information stored in the conn-track table in conjunction with the stateful lookup results in order to make stateful packet classification decisions or stateful firewall decisions); Jain does not explicitly teach the following limitation that Bhaskaran teaches: at an interface of the RU/DU split wherein a portion of physical layer processing is performed at the RU and a portion of physical layer processing is performed at the DU (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). Fig-7, ¶[0072], lower layer split. ¶[0073], DU can be coupled to RU via fronthaul interface. Fig-8a, ¶[0078]). a base station, including a memory coupled to a processor split into a radio unit (RU) and a distributed unit (DU) (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). Fig-7, ¶[0072], lower layer split. ¶[0073], DU can be coupled to RU via fronthaul interface. Fig-8a, ¶[0078]); Jain in view of Bhaskaran are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “high flexibility in radio access network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Jain in view of Bhaskaran to include the idea of end to end slicing in wireless communication system which may include a lower layer split architecture. Network slicing feature accommodate different types of data traffic and usage (Bhaskaran, ¶[0005]-¶[0006]). Regarding Claim 15, Jain in view of Bhaskaran discloses the system of claim 14, wherein the stateful firewall is configured to perform network address translation (NAT) (Jain, ¶[0098], this is a simple index to address translation that allows the process to immediately locate the matching rule from the rules database without searching). Regarding Claim 20, Jain in view of Bhaskaran discloses the system of claim 14 wherein the stateful firewall blocks outbound traffic (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed). Regarding Claim 21, Jain in view of Bhaskaran discloses the method of claim 1, wherein the RU/DU split interface is an Option 7 RU/DU split interface, and further comprising placing the stateful firewall at both ends of the Option 7 RU/DU split interface (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). ¶[0062], lower level split architecture, option 7. ¶[0072], lower level split architecture in accordance with Option 7-2). Regarding Claim 22, Jain in view of Bhaskaran discloses the method of claim 1, wherein the RU/DU split interface is one of an Option 7, 7.1 or 7.2 RU/DU split interface (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). ¶[0062], lower level split architecture, option 7. ¶[0072], lower level split architecture in accordance with Option 7-2). Regarding Claim 23, Jain discloses a method for securing OpenRAN Interfaces, comprising: placing a packet processor (Jain, ¶[0009], stateful packet classification or stateful firewall operation on incoming packets. ¶[0029], stateful packet classification is based on rules that classifies whether a packet with a particular set of parameters should be allowed); mitigating compromised traffic in a radio access network (RAN) based on observing traffic or packets at the packet processor over a serial or packetized interface between the RU and the DU and detecting compromised traffic or packets (Jain, ¶[0036], the stateful engine may instruct the RX processing module to block the packet if the stateful engine upon processing the metadata classifies the packet as being impermissible under a set of firewall rules. ¶[0038], the system performs stateful packet classification of an incoming packet by looking at connection tracker table, a rules look up table, a container look up table, a stateful engine and an identifier hash unit), wherein messages that comply with a specified messaging protocol pass through the packet processor (Jain, ¶[0039], the incoming packet arrives at the stateful engine which processes the header information of the incoming packet in order to monitor. ¶[0040], the result of the look up in the rules table is provided to the stateful engine as packet marking. ¶[0045], the stateful engine uses the stateful information stored in the conn-track table in conjunction with the stateful lookup results in order to make stateful packet classification decisions or stateful firewall decisions). at a radio unit (RU)/distributed unit (DU) split interface wherein a portion of physical layer processing is performed at an RU and a portion of physical layer processing is performed at a (DU) (Bhaskaran, ¶[0011], the base station can include radio unit (RU), centralized unit (CU), distributed unit (DU). Fig-7, ¶[0072], lower layer split. ¶[0073], DU can be coupled to RU via fronthaul interface. Fig-8a, ¶[0078]). Jain does not explicitly teach the following limitation that Bhaskaran teaches: Jain in view of Bhaskaran are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “high flexibility in radio access network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Jain in view of Bhaskaran to include the idea of end to end slicing in wireless communication system which may include a lower layer split architecture. Network slicing feature accommodate different types of data traffic and usage (Bhaskaran, ¶[0005]-¶[0006]). Regarding Claim 24, Jain in view of Bhaskaran discloses the method of claim 1, wherein observing traffic or packets includes observing Common Public Radio Interface (CPRI) traffic or enhanced Common Public Radio Interface (eCPRI) packets (Bhaskaran, ¶[0054], compliant with common public radio interface (CPRI). ¶[0061], in 5G communication, compressed CPRI over ethernet frame is referred to as eCPRI). Claim 3-4, 6-7, 12, 16, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jain (US Patent Application Publication No 2018/0097778 A1) in view of Bhaskaran (US Patent Application Publication No 2021/0112565 A1) and further in view of Liljenstam (US Patent Application Publication No 2015/0180898 A1). Regarding Claim 3, Jain in view of Bhaskaran does not disclose the following limitation that Liljenstam teaches: the method of claim 1 further comprising placing another stateful firewall at a management node (Liljenstam, ¶[0035], an attack analysis function may receive information from network security nodes, such as firewalls, intrusion detection systems about attacks and unwanted traffic. It can also receive information from operations and management nodes in the network that indicate that some traffic causes network problems). Jain in view of Bhaskaran and Liljenstam are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “mitigating attack and improving the detection of malicious activities”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Jain in view of Bhaskaran and Liljenstam to include the idea of detecting persistency of network node (Liljenstam, ¶[0005]). Regarding Claim 4, Jain in view of Bhaskaran and Liljenstam discloses the method of claim 1 further comprising placing another stateful firewall at a controller node (Liljenstam, ¶[0035], an attack analysis function may receive information from network security nodes, such as firewalls, intrusion detection systems about attacks and unwanted traffic. It can also receive information from operations and management nodes in the network that indicate that some traffic causes network problems). Regarding Claim 6, Jain in view of Bhaskaran and Liljenstam discloses the method of claim 1 further comprising placing the stateful firewall at a base station in the RAN (Liljenstam, ¶[0035], an attack analysis function may receive information from network security nodes, such as firewalls, intrusion detection systems about attacks and unwanted traffic. It can also receive information from operations and management nodes in the network that indicate that some traffic causes network problems). Regarding Claim 7, Jain in view of Bhaskaran and Liljenstam discloses the method of claim 1 further comprising performing aggregation and brokering (Liljenstam, ¶[0015], the communication flows between the first network node and the second network node are aggregated. ¶[0033], receives user plane traffic and aggregates). Regarding Claim 12, Jain in view of Bhaskaran and Liljenstam discloses the non-transitory computer-readable medium of claim 10, wherein the instructions further comprise instructions for performing aggregation and brokering (Liljenstam, ¶[0015], the communication flows between the first network node and the second network node are aggregated. ¶[0033], receives user plane traffic and aggregates). Regarding Claim 16, Jain in view of Bhaskaran and Liljenstam discloses the system of claim 14 wherein another stateful firewall is placed at a management node or at a controller node (Liljenstam, ¶[0035], an attack analysis function may receive information from network security nodes, such as firewalls, intrusion detection systems about attacks and unwanted traffic. It can also receive information from operations and management nodes in the network that indicate that some traffic causes network problems). Regarding Claim 18, Jain in view of Bhaskaran and Liljenstam discloses the system of claim 14 wherein the stateful firewall is placed at the base station itself (Liljenstam, ¶[0035], an attack analysis function may receive information from network security nodes, such as firewalls, intrusion detection systems about attacks and unwanted traffic. It can also receive information from operations and management nodes in the network that indicate that some traffic causes network problems). Conclusion Applicant’s amendment necessitated the new ground(s) of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923. The examiner can normally be reached on M-F (7:30 - 5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /WASIKA NIPA/ Primary Examiner, Art Unit 2433