Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 11/07/2025, which included no amendments to the claims and no cancellation of claims. Claims 1-17 are currently pending in the filing of 11/07/2025, claims 1-17 were also pending in the previous filing of 6/13/2025.
Response to Applicant’s Arguments Regarding 35 U.S.C. § 103
The applicant’s remarks, on pages 7-12 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
The applicant’s response included no amendments to the claims, instead the applicant relies upon arguments alone. The substance of the applicant’s remarks / arguments begins at the top of page 9 and continue through to page 11, all of which are included below in single space format, with the applicant’s emphasis in bold, and the examiner’s emphasis in bold and underline combined. The examiner’s responses to the applicant’s arguments are included below in double space format.
As previously argued, neither Zhang nor Zhao disclose a "block cipher encryption function configured to generate the encrypted sequence number having the same number of bits as the previously received sequence number and the sequence number having 48 bits". Instead, Zhang and Zhao both fail to disclose using a block cipher encryption function.
The Office Action has newly cited Brooker and has stated that Brooker discloses a block cipher encryption function to generate the encrypted sequence number having the same number of bits as the previously received sequence number. Therefore, the Office Action alleges that the claimed invention is obvious in view of Zhang, Zhao, and Brooker. However, Applicant respectfully disagrees for the reasons set out below.
The claimed invention provides the advantage of improving the security of the encrypted sequence number by using a longer encryption key while ensuring there is no impact on the protocols and interfaces between the communication device and the network. With the encrypted sequence number having the same number of bits as the previously received sequence number, the functionality of the communication device is unchanged compared to conventional methods of encryption. The invention provides an improved security of the encrypted sequence number, while also complying with the AKA protocol which requires that the sequence number be 48 bits long. None of the methods in the cited documents can achieve this, as will be discussed below.
Zhang does not disclose encryption using a block cipher encryption function to generate an encrypted sequence length of 48 bits, nor does Zhang disclose a sequence number encryption key having a length greater than 48 bits. Zhang does not consider the length of either the encrypted sequence, or the length of the encryption key. Therefore, when considering the teachings of Zhang, one of ordinary skill in the art would not find any disclosure of a method which could be used for sequence numbers having 48 bits, nor any teaching to use a sequence number encryption key having a length greater than 48 bits. Without disclosure of a method in which the sequence number is 48 bits, Zhang does not provide a method which complies with AKA protocol.
Regarding the applicant’s above arguments addressing Zhang’s teaching of, “generate a sequence number encryption key derived from the random number and the key stored in the memory, the sequence number having an encryption key larger than 48 bits to encrypt the sequence number,” (emphasis added) the previous rejection specifically cited Zhang, Col. 6, line 11-12, Col 6, lines 38-41, and Col. 6, lines 56-61, and specifically argued that function f and specifically f5 / f5k(RAND) are used to generated keys that are used to encrypt, by XORing the data with the generated keys, both SQNMS (Sequence Number) and the MAC-S, where the previous rejection argued that the MAC-S is at least 64 bits and that function f can therefore generate larger keys than the Sequence Number (e.g., 48 bits).
The previous rejection addressing the limitation of, “the sequence number having an encryption key larger than 48 bits to encrypt the sequence number,” the Office action also stated that “Additionally, it would be a matter of design choice to choose or create a key that is greater than 48 bits, where only the necessary number of bits were used with the XOR to mask / encrypt the sequence number.” (emphasis added) Examiner asserts that it is well known in the art of computer security and encryption that using larger encryption keys provides additional security, and it is also well known in the art of computer security and encryption that using encryption keys that are larger than the data itself also provides added security, because in both cases of encryption of larger data and smaller data the use of larger encryption keys increases security because larger encryption keys are more difficult to determine (i.e., crack) using a brute force attack. For example, in the art of computer security and encryption, it has been well known since the late 1990s that DES 56 bit keys may be compromised with a brute force attack, and thus DES 56 bit encryption keys are now considered to be insecure. In contrast, currently AES-128 bit encryption keys are considered to be practically immune from a brute force attack, and thus, AES 128 bit encryption is considered secure. Barring any additional advantage stated by the applicant for using larger keys with the particular feature of encrypting a 48 bit Sequence Number, the examiner maintains that using a larger encryption key (i.e., larger than 48 bits) is a matter of design choice, as asserted in the previous rejection of claim 1, because it would be obvious to one of ordinary skill in the art of computer security and encryption when considering that smaller encryption keys are less secure, and more susceptible to a brute force attack, as explained above.
In detail, Zhang, Col. 6, lines 1-12 and 25-28, teach encryption using f1, f2, f3, f4, and f5 in detail, which all use the same function f to generate the keys, with the same inputs (k, RAND) being used by function f in f2 to f5, as discussed in Zhang, Col. 6, lines 7-14, where the keys generated by f2, f3, f4, and f5 are used to obscure different inputs / parameters, which have different sizes. Additionally, examiner asserts that f3 generates CK (cipher key) that is 128 bits, f4 generates IK (integrity key) that is 128 bits, and f5 generates AK (anonymity key) used to conceal the Sequence Number, where f3 – f5 are all based on function f with at least the same inputs of (k, RAND) as discussed in cited Zhang, Col. 6. In support of the examiner’s assertion, Zhang, Col. 6, line 27 also incorporates by reference NPL - “3GPP TS 33.105 V.3.6.0 (2000-12)”, which is considered as part of Zhang, on at least pages 11-13, teaches function f is used by all of f1, f2, f3, f4, and f5, with variations in inputs, to generate the encryption keys to obscure data of different lengths. Specifically, page 13 of Zang’s incorporated by reference NPL - “3GPP TS 33.105 V.3.6.0 (2000-12)” teaches f3 generates CK (cipher key) that is 128 bits and f4 generates IK (integrity key) that is 128 bits. Thus, function f produces 128 bit keys, and further, as discussed above, function f is also used by f5 to generate AK (anonymity key) that is used to encrypt the Sequence Number. Therefore, using function f to generate a key larger than 48 bits is well withing the ability of function f, which can generate 128 bit keys, and would be within the capabilities of one of ordinary skill in the art of computer security and encryption to choose as a design choice a larger key to increase security.
Therefore, in view of the above remarks by the examiner, the applicant’s arguments regarding Zhang were not persuasive, and the examiner asserts Zhang teaches, “generate a sequence number encryption key derived from the random number and the key stored in the memory, the sequence number having an encryption key larger than 48 bits to encrypt the sequence number”, as recited in claim 1. (emphasis added) Thus, the rejection regarding Zhang will be maintained.
Additionally, Brooker, as discussed further below, teaches block encryption of a Sequence Number using a key larger than the typical Sequence Number being encrypted, such as using a 128 bit AES key to encrypt data.
As mentioned, the Office Action has newly cited Brooker and has stated that the reference discloses using block ciphers to preserve the length of the identifier. However, Brooker does not disclose a sequence number having 48 bits. Therefore, Brooker does not disclose using a block cipher encryption function to generate an encrypted sequence length of 48 bits and thus cannot be …. (examiner emphasis in bold and underline & applicant’s emphasis in bold alone)
PAGE 9 ABOVE
… AKA compatible. Although, Brooker discloses a custom-length block cipher, this does not disclose a block cipher function which is able to generate a sequence length of 48 bits.
PAGE 10 ABOVE
Regarding the applicant’s arguments above addressing Brooker, the feature of block cipher encryption function / format preserving encryption, the previous rejection of claim 1 cited: “Brooker, Col. 2, lines 35-38 teaches that the obfuscated / obscured identifiers may be sequence numbers. Col. 3, lines 34-38 teach cryptography, a key and an input being used to encrypt the identifier. Col. 8, lines 3-16 teach the use of block ciphers, such as AES-FFX.” (emphasis added). Brookers, at Col. 8, lines 3-16, teaches format preserving encryption, which takes an input data of X bits and outputs an encrypted data of X bits, and specifically teaches block ciphers in Col. 8, lines 9-11, where one of skill in the art understands that block ciphers correspond to format preserving encryption.
Regarding the alleged failure to teach the limitation of “a sequence number encryption key having a length greater than 48 bits”, (emphasis added) which applicant argues with regards to Zhang (above) and Zhao (below), which have been emphasized in the applicant’s arguments regarding Zhang and Zhao, the examiner asserts that Brooker teaches the use of AES-FFX, which is AES format preserving encryption, as indicated above in Brooker, Col. 8, lines 3-16. Additionally, as is well known in the art, AES (Advanced Encryption Standard) supports three key sizes: 128 bits, 192 bits, and 256 bits, with longer keys offering stronger security against brute-force attacks but slightly higher computational cost. Examiner asserts that a 128 bit key size is larger than 48 bits. Thus, Brooker, Col. 8, lines 3-16 teaching of the use of block cipher encryption, specifically, AES-FFX teaches using a block cipher / format preserving encryption with a key that is larger than 48 bits.
Furthermore, as argued with regards to Zhang above, it is well understood in the art of security that the size of the key used for (symmetric) encryption determines the security level of the key. Additionally, in the art of block encryption, the use of encryption keys with a number of bits greater than the number of bits of data being encrypted is common, if not preferred, to maintain security when encrypting data with a small number of bits.
Therefore, in view of the above remarks by the examiner, the examiner asserts that Brooker also teaches the limitation of, “the sequence number having an encryption key larger than 48 bits to encrypt the sequence number”, as recited in claim 1. (emphasis added) Thus, the rejection regarding Brooker will be maintained.
Additionally, Zhao does not disclose encryption using a block cipher encryption function to generate an encrypted sequence length of 48 bits. The Office Action points to paragraph 67 of the reference as disclosing a sequence number having 48 bits. However, there is no disclosure of a method generating a 48-bit sequence by a block cipher encryption function. Nor is there any disclosure of a sequence number encryption key having a length greater than 48 bits.
The Office Action alleges that it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang and Brooker to utilize block ciphers to maintain the size of the identifier to increase security. However, Applicant submits that Brooker does not disclose that the use of a block cipher to maintain the size of the identifier / sequence number after encryption / obfuscation would increase security.
PAGE 10 ABOVE
Regarding the above arguments directed to Zhao, the previous rejection of claim 1 did not assert that Zhao teaches “a sequence number encryption key having a length greater than 48 bits”. Instead, Zhao is relied upon as explicitly teaching a 48 bit Sequence Number.
One of ordinary skill in the art would also not find any teaching of how the method in Zhang could be adapted to include the block cipher of Brooker, as Zhang only discloses how to use a XOR function. There is simply no disclosure in Brooker which would motivate one of ordinary skill in the art to adapt Zhang to use a block cipher instead of a XOR function, as there is no teaching that this would have any advantage.
In contrast, the inventors of the present invention have realized that by encrypting the sequence number with a 48-bit block cipher, a key longer than 48 bits can be used, while maintaining a sequence length of 48 bits. This allows for much improved security over using an XOR function, which requires a key length of 48 bits. Thus, for the reasons described herein, the claimed invention is non-obvious.
Even if one of ordinary skill in the art did combine Zhang and Brooker in the allegedly obvious manner discussed in the Office Action, the result would still not teach or suggest each and every element of the claims, because neither Zhang nor Brooker disclose a sequence having 48 bits. The Office Action has alleged that one of ordinary skill could combine Zhao with Zhang and Brooker to provide the capability of using a sequence number of 48 bits. However, neither Zhang nor Brooker are compatible with AKA, as they do not provide a sequence number with length of 48 bits. Therefore, Zhang and Brooker would not be combined with Zhao, as one skilled in the art would not know that the teachings of Zhang and Brooker could even be combined with Zhao. (examiner emphasis in bold and underline & applicant’s emphasis in bold alone)
PAGE 10 ABOVE
The claimed invention provides a method of encryption using a block cipher encryption function to generate an encrypted sequence length of 48 bits. As shown by each of the cited references, no method was previously known which could generate an encrypted sequence of 48 bits using a block cipher encryption function. Therefore, contrary to the what is alleged in the Office Action, one of ordinary skill in the art would simply not combine the teachings of Zhang, Brooker, and Zhao as the claimed invention would not be obvious from the combination of those references, when such a solution has not been found previously. Additionally, there is no teaching in any of the three references of a sequence number encryption key having a length greater than 48 bits, in addition to a sequence number having 48 bits. If one of ordinary skill in the art were looking to improve security of an encryption, they would not arrive at the claimed invention, even when considering the cited references, as they would find no teaching or motivation to combine the references, nor would they find teaching of how to combine the methods disclosed in each.
Accordingly, the Office Action has failed to demonstrate a prima facie case of obviousness at least because the combination of the cited references fails to teach or suggest each and every element of the amended claims. In addition, the Office Action has not articulated a rational reason while one of skill in the art would find a teaching or motivation the cited references to combine the cited references to reach the claimed inventions. Thus, Applicant requests the rejection of the claims be withdrawn. (examiner emphasis in bold and underline & applicant’s emphasis in bold alone)
PAGE 11 ABOVE
Regarding the above remarks directed to Zhang, Brooker, and Zhao, alleged failure to teach, “a sequence number encryption key having a length greater than 48 bits,” the examiner disagrees for at least the reasons given above regarding Zhang and Brooker. Thus, the examiner asserts that either Zhang or Brooker teach, “a sequence number encryption key having a length greater than 48 bits,” and that Zhao explicitly teaches a Sequence Number of 48 bits. Therefore, the applicant’s arguments were not persuasive, and thus, the rejections under of 35 U.S.C. 103 are maintained.
Claim Interpretation under U.S.C. 112(f):
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term "means" or "step" or a term used as a substitute for "means" that is a generic placeholder (also called a nonce term or a nonstructural term having no specific structural meaning) for performing the claimed function;
(B) the term "means" or "step" or the generic placeholder is modified by functional language, typically, but not always linked by the transition word "for" (e.g., "means for'') or another linking word or phrase, such as "configured to" or "so that"; and
(C) the term "means" or "step" or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word "means" (or "step") in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations use a generic placeholder. First, (e.g., receiver circuitry) that is coupled with functional language (e.g., " ... configured to receive ... ") without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such limitations are in claim 7. Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification (e.g., the structural/physical connections shown in fig. 2, 208 and paragraphs [0035] and [0037] of the applicant's printed publication.) as performing the claimed functions, and equivalents thereof. Second, (e.g., processing module) that is coupled with functional language (e.g., " ... being configured to receive ... ") without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such limitations are in claim 7. Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification (e.g., the structural/physical connections shown in fig. 2, 200 and in paragraphs [0035] and [0037] of the applicant's printed publication) as performing the claimed functions, and equivalents thereof. Third, (e.g., transmitter circuitry) that is coupled with functional language (e.g., " ... being configured to send …") without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such limitations are in claim 7. Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification (e.g., the structural/physical connections shown in fig. 2, 210 and paragraphs [0035] and [0037] of the applicant's printed publication.) as performing the claimed functions, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C.
112(f), applicant may: (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-12, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over US 7574599 to Zhang (hereinafter Zhang), in view of US 9596263 to Brooker (hereinafter Brooker), in view of US 20100011220 to Zhao et al. (hereinafter Zhao).
Regarding claim 1, Zhang teaches,
A processing module for a communication device, the processing module comprising: (fig. 2, MS 10 (mobile station))
memory storing a key; and (Col. 5, lines 27-30 teaches the secret key “k” that is shared between the devices.)
one or more processing elements coupled to the memory and configured to: (fig. 4, computer 400 including processor coupled to memory. Col. 13, lines 33-46.)
receive a current sequence number and a random number provided by a network entity; (Col. 5, lines 60-63 and Col 6, lines 38-41 teach receiving SQNHE and RAND from the HE.) (See generally, Sec. 1.1 Distribution of Authentication Data from HE to SN in Col. 5 and Sec. 1.2 Authentication and Key Agreement in Col. 6)
determine whether a value of the current sequence number is within a range determined by reference to a value of a previously received sequence number stored in the memory; (Col. 6, lines 51-56 and fig. 2 step 260 teaching sequence number being determined to be in correct range and not in correct range.) (Abstract teaches using random number / nonces to prevent replay attacks in systems that use sequence number counters, which is similar to the problem regarding replay attacks discussed at the end of [0008] and [0011] in the applicant’s printed publication.)
when the value of the current sequence number is not within the range determined by reference to the value of the previously received sequence number: (Col. 6, lines 54-56 teaching sequence number SQNHE not in the correct range, performing the resynchronization, described below in detail.) (Zhang in Col. 6, 52-63 teaches the re-synchronization message using the encrypted / masked sequence number counter SQNMS of the user’s device MS 10, to re-synch the counter when the counter SQNHE is not in the range of SQNMS.)
generate a sequence number encryption key derived from the random number and the key stored in the memory, (Col. 6, lines 56-60, teaching generating an encryption key by performing f5k(RAND) function, which is later used to mask/encrypt the SQNMS as discussed below. Note: Col. 6, line 11-12 teach f5k = f5 using RAND (“random number”) and k (shared key) (“key stored in the memory”). Col. 5, lines 27-30 teaches the secret key “k” that is shared between the devices. Col 6, lines 38-41 teach that RAND is received from the HE by the USIM of the mobile station 10 as shown in fig. 2, 220 and 230.) the sequence number encryption key having a length greater than 48 bits; (Col 6, lines 57-61, teach the sequence number encryption key f5k (RAND) is used to encrypt, using XOR, both SQNMS and the MAC-S, which are concatenated (i.e., linked). One of skill in the art understands that a sequence number is usually 32 bits and that MAC-S is at least 64 bits, which together are more than 48 bits because the XOR (encryption / masking) is a one for one function. Additionally, it would be a matter of design choice to choose or create a key that is greater than 48 bits, where only the necessary number of bits were used with the XOR to mask / encrypt the sequence number, to increase security by using a longer key.)
encrypt using a (Col. 6, lines 57-60, teaching creating re-synchronization token AUTS message by concealing (encrypting) the sequence number (SQNMS) by performing an XOR (⊕) using the key, SQNMS ⊕ f5k(RAND)) wherein the (Due to the use of the XOR (⊕) on the SQNMS with f5k(RAND), the number of bits of the SQNMS after encryption are a one for one transformation that include the same number of bits as that before encryption, and thus, the same number of bits of a previously used encryption number is maintained. See also rejection of claim 3.)
provide the encrypted sequence number for sending in a response message to the network entity. (Col 6, lines 54-57 describes sending AUTS token to VLR for re-synchronization when the received token from the HE is not in range.)
Zhang fails to explicitly teach a block cipher encryption function that uses a sequence number and that also preserves the length of bits of the encrypted / obfuscated sequence number,
However, Brooker teaches,
encrypt using a block cipher encryption function, the (Brooker, Col. 2, lines 35-38 teaches that the obfuscated / obscured identifiers may be sequence numbers. Col. 3, lines 34-38 teach cryptography, a key and an input being used to encrypt the identifier. Col. 8, lines 3-16 teach the use of block ciphers, such as AES-FFX. Examiner notes that AES and AES-FFX encryption keys are at least 128 bits long, which is longer than the typical Sequence Number (e.g., 48 bits).)
wherein the block cipher encryption function is configured to generate the encrypted sequence number having the same number of bits as the previously received sequence number, (Brooker, Col. 8, lines 3-16 teach format preserving encryption using block ciphers that preserve the length of the identifier, and also teach AES-FFZ format preservation. AES is well known in the art to use 128 bit and 256 bit keys. See also claim 14 teaching format preservation of the obfuscated identifiers. Col. 4, lines 17-20, teaches block ciphers equal to the length of the identifier to be obfuscated. Col. 4, lines 27-30 teach the use of custom length block ciphers that have a block size that matches the size of the identifier.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16). One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang with additional capability of Brooker, to utilize block ciphers that preserve format, such as AES-FFX, in order to maintain the size of the identifier / sequence number after encryption / obfuscation, in order to increase security by using AES-FFX which may use large keys.
Zhang and Brooker fail to teach a sequence number of 48 bits,
However, Zhao teaches,
(Zhao, [0067] and claim 13 both teach a 48 bit sequence number (SQN)), where claim 13 teaches the first and second sequence number have the same number of bits.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally specifically teaches a sequence number of 48 bits ([0067]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang and Brooker with additional capability of using a sequence number of 48 bits, as taught by Zhao, in order to use a specific sequence length of bits to prevent replay attacks, and therefore, increase security.
Regarding claim 2, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Brooker, teaches,
wherein the block cipher encryption function is a format-preserving encryption, FPE, function.
(Brooker, Col. 8, lines 3-16 teach format preserving encryption using block ciphers that preserve the length of the identifier, and also teach AES-FFZ format preservation. AES is well known in the art to use 128 bit and 256 bit keys. See also claim 14 teaching format preservation of the obfuscated identifiers. Col. 4, lines 17-20, teaches block ciphers equal to the length of the identifier to be obfuscated. Col. 4, lines 27-30 teach the use of custom length block ciphers that have a block size that matches the size of the identifier.)
Regarding claim 3, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang teaches,
wherein the previously received sequence number is a previously received sequence number that has been accepted by the processing module and stored in the processing module. (The examiner notes that the previously received sequence number in Zhang would be stored in the UE when it was accepted in an earlier authentication, as taught by Col. 6 line 65 to Col. 7, line 4. Examiner notes that a failure to increment the sequence number after authentication, by not sending additional information, would result in the previously received sequence number being presently stored in the user device without being incremented, for example, due to the lack of exchange of data.)
Regarding claim 5, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang teaches,
wherein the one or more processing elements are configured to:
when the value of the current sequence number is within the range, accept the current sequence number and store the current sequence number in the memory. (The examiner interprets this feature as, updating the stored sequence number to be the (received) current sequence number, when the current sequence number is in the acceptable range. Col. 6, lines 52-54 teaches verifying that the received sequence number SQN is in an acceptable range, and Col 6, line 65 to Col 7, line 2 teaches that when the received SQN is in an acceptable range, the USMI sets SQNMS equal to the received SQN.)
Regarding claim 6, Zhang, Brooker, and Zhao teach,
The processing module of claim1,
Zhao teaches the following,
wherein the previously received sequence number is one of a plurality of previously received sequence numbers accepted and stored in the processing module. ([0030] and [0150] teach multiple previously stored sequence numbers.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally teaches storing multiple previously used sequence numbers in a (network) device and a user terminal ([0030]) for re-synchronizing. One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang with additional capability of storing multiple previously stored sequence numbers, as taught by Zhao, for the purpose of increasing resistance to replay attacks ([0150] of Zhao).
Regarding claim 7, Zhang, Brooker, and Zhao teach,
A communication device, comprising:
receiver circuitry (Zhang, fig. 4, 430) configured to receive a message including a current sequence number and a random number, the current sequence number and the random number provided by a network entity;
a processing module, (Zhang, fig. 4, 410) the processing module being coupled to the receiver circuitry, one or more processing elements of the processing module being configured to receive the current sequence number and the random number included in the message received by the receiver circuitry; and
transmitter circuitry (Zhang, fig. 4, 430) coupled to the processing module, the transmitter circuitry being configured to send the response message to the network entity, the response message including an encrypted sequence number,
wherein the processing module comprises:
memory storing a key; and
the one or more processing elements, the one or more processing elements being coupled to the memory and configured to:
determine whether a value of the current sequence number is within a range determined by reference to a value of a previously received sequence number stored in the memory;
when the value of the current sequence number is not within the range determined by reference to the value of the previously received sequence number:
generate a sequence number encryption key derived from the random number and the key stored in the memory, the sequence number encryption key having a length greater than 48 bits;
encrypt using a block cipher encryption function, the previously received sequence number with the sequence number encryption key to provide the encrypted sequence number, wherein the block cipher encryption function is configured to generate the encrypted sequence number having the same number of bits as the previously received sequence number and the sequence number having 48 bits; and
provide the encrypted sequence number for sending in a response message to the network entity.
Claim 7 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 8, Zhang, Brooker, and Zhao teach,
The communication device of claim 7,
Zhang teaches,
wherein the received message is an authentication message (Col. 6. line 41 teaching receiving the AUTN with RAND in a message.) and the response message is a synchronization failure message. (Col. 6, lines 54-57 teaches generating the synchronization failure message.)
Regarding claim 9, Zhang, Brooker, and Zhao teach,
A communication system, comprising:
Zhang teaches,
a communication network including a network entity; and (fig. 2, 60 and/or 80)
the communication device of claim 7 configured to communicate with the communication network. (fig. 2, 10)
Regarding claim 10, Zhang, Brooker, and Zhao teach,
A method, comprising:
receiving, at a processing module of a communication device, a current sequence number and a random number provided by a network entity;
determining, by the processing module, whether a value of the current sequence number is within a range determined by reference to a value of a previously received sequence number stored in the processing module;
when the value of the current sequence number is not within the range determined by reference to the value of the previously received sequence number:
generating, by the processing module, a sequence number encryption key derived from the random number and a key stored in the processing module, the sequence number encryption key having a length greater than 48 bits;
encrypting, by the processing module, using a block cipher encryption function, the previously received sequence number with the sequence number encryption key to provide an encrypted sequence number, wherein the block cipher encryption function is configured to generate the encrypted sequence number having the same number of bits as the previously received sequence number and the sequence number having 48 bits; and
providing, by the processing module, the encrypted sequence number for sending in a response message to the network entity.
Claim 10 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 11, Zhang, Brooker, and Zhao teach,
The method of claim 10,
wherein the block cipher encryption function is a format preserving encryption, FPE, function. Claim 11 is rejected using the same basis of arguments used to reject claim 2 above.
Regarding claim 12, Zhang, Brooker, and Zhao teach,
The method of claim 10,
wherein the previously received sequence number is a previously received sequence number that has been accepted by the processing module and stored in the processing module.
Claim 12 is rejected using the same basis of arguments used to reject claim 3 above.
Regarding claim 14, Zhang, Brooker, and Zhao teach,
The method of claim 10, further comprising
when the value of the current sequence number is within the range, accepting, by the processing module, the current sequence number and storing the current sequence number in the processing module.
Claim 14 is rejected using the same basis of arguments used to reject claim 5 above.
Regarding claim 15, Zhang, Brooker, and Zhao teach,
The method of claim 10, further comprising:
Zhang teaches,
receiving, by the communication device, an authentication message including a current sequence number and a random number provided by the network entity; and (Col. 6. line 41 teaching receiving the AUTN, which includes SQN, and RAND in a message.)
sending, by the communication device, the response message including the encrypted sequence number. (Col. 6, lines 54-57 teaches generating the synchronization failure message.)
Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang, in view of Brooker, in view of Zhao, in view of US 20020191544 Cheng et al. (hereinafter Cheng).
Regarding claim 3, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang, Brooker, and Zhao fail to explicitly teach a previously received sequence number that is accepted (being in an acceptable range) and currently stored in the memory because the previously received sequence number is updated with the most currently received sequence number, unless the previously received sequence number is the same as the currently received sequence number,
However, Cheng explicitly teaches a previously received sequence number being the same with a present sequence number,
wherein the previously received sequence number is a previously received sequence number that has been accepted by the processing module and stored in the processing module. (Cheng in [0015] teaches the previously received sequence number being the same as the present sequence number.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally specifically teaches a sequence number of 48 bits ([0067]), with Cheng, which also teaches using the previously received sequence number as the same as the current sequence number when an abort occurs ([0015]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang, Brooker, and Zhao with additional capability of using the same sequence number for two authentications, for example, when retransmission occurs.
Regarding claim 12, Zhang, Brooker, Zhao, and Cheng teach,
The method of claim 10,
wherein the previously received sequence number is a previously received sequence number that has been accepted by the processing module and stored in the processing module.
Claim 12 is rejected using the same basis of arguments used to reject claim 3 above.
Claims 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang, in view of Brooker, in view of Zhao, in view of NPL - ‘New Privacy Threat on 3G, 4G and Upcoming 5G AKA Protocols’ by Ravishankar Borgaonkar et al. 2019 (hereinafter Borgaonkar).
Regarding claim 4, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang, Brooker, and Zhao fail to specifically teach an encryption key of 128 bit,
However, Borgaonkar teaches the following,
wherein the sequence number encryption key has a length of 128 bits or at most 128 bits. (page 19, section E.1, teaches using function F5 to create the encryption key that is XORed with the sequence number SQN of the user for re-synchronization. It is well understood that F5 function in 3GPP may generate a 128-bit value. See for example: 3GPP TS 35.208 version 5.0.0 Release 5 where f5 outputs 128-bit encryption, on at least page 6. Additionally, it would be a matter of design choice to choose a function that outputs a 128-bit key, and it would be within the capabilities of one of ordinary skill in the art to utilize a 128-bit key to encrypt information less than 128 bits.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally specifically teaches a sequence number of 48 bits ([0067]), with Borgaonkar, which also teaches concealing a sequence number at the user device by using a random number and a shared key in order to generate an AUTS that is used for re-synchronization to prevent replay attacks, in order to generate a 128 bit concealment key (“sequence number encryption key”) that is used to conceal the sequence number at the user device in order to increase security and prevent replay attacks while maintaining functionality of an existing protocol. One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang, Brooker, and Zhao with the specific capability of utilizing a 128-bit key, in order to use that key to prevent replay attacks, as taught by Borgaonkar.
Regarding claim 13, Zhang, Brooker, Zhao, and Borgaonkar teach,
The method of claim 10,
wherein the sequence number encryption key has a length of 128 bits or at most 128 bits.
Claim 13 is rejected using the same basis of arguments used to reject claim 4 above.
Claims 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang, in view of Brooker, in view of Zhao, in view of US 20170272944 to Link, II (hereinafter Link).
Regarding claim 16, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang, Brooker, and Zhao fail to teach detecting a higher value than the last sequence number,
Link teaches,
wherein determining whether a value of the current sequence number is within a range determined by reference to a value of a previously received sequence number stored in the memory comprises: ([0112] teaches a received sequence number matching or being withing a range of 2 or 3, either higher or lower.)
determining that the current sequence number has a value that is larger than a value of the previously received sequence number. ([0112] teaches a received sequence number matching or being withing a range of 2 or 3, either higher or lower.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally specifically teaches at [0112] a sequence number of 48 bits, with Link, which also teaches the use of encrypted sequence numbers being use to authenticate a device and service to prevent replay or man in the middle attacks by verifying a sequence number matcher or is in a range of 2-3 higher or lower than the last sequence number before performing a resynchronization process at [0113]. One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang, Brooker, and Zhao, with additional capability of allowing slight discrepancies in the sequence number, as taught by Link, to improve efficiency of the network by decreasing the number of re-synchronizations while maintaining security by not allowing sequencing numbers that are far off, which indicates an attack.
Regarding claim 17, Zhang, Brooker, and Zhao teach,
The processing module of claim 1,
Zhang, Brooker, and Zhao fail to teach that the received sequence number is within a threshold of the stored sequence number,
Link teaches,
wherein determining whether a value of the current sequence number is within a range determined by reference to a value of a previously received sequence number stored in the memory comprises: ([0112] teaches a received sequence number matching or being withing a range of 2 or 3, either higher or lower.)
determining that a difference between the current sequence number and the previously received sequence number is less than a predetermined threshold value. ([0112] teaches a received sequence number matching or being withing a range of 2 or 3, either higher or lower.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhang, which teaches concealing a sequencing number at a user device, by XORing the sequence number with a key, the key being generated using f5k and inputting random number, which is provided by the network, and a shared key (k in f5k) in order to generate the encrypted sequence number for an AUTS (Col. 6, lines 52-64) that is used for re-synchronization to prevent replay attacks (Zhang, Abstract), with Brooker, which also teaches authentication key agreement and sequence numbers as identifiers where the identifiers are obfuscated / encrypted (Col. 2, lines 35-38), and further teach the use of block ciphers that preserve the format / number of bits of the identifier, after obfuscation, by using format preserving obfuscation or custom length block ciphers (Col. 8, lines 3-16), with Zhao, which also teaches resynchronizing sequence number during AKA authentication to prevent replay attacks (Abstract and [0011-12]), and additionally specifically teaches at [0112] a sequence number of 48 bits, with Link, which also teaches the use of encrypted sequence numbers being use to authenticate a device and service to prevent replay or man in the middle attacks by verifying a sequence number matcher or is in a range of 2-3 higher or lower than the last sequence number before performing a resynchronization process at [0113]. One of ordinary skill in the art would have been motivated to perform such an addition to provide Zhang, Brooker, and Zhao, with additional capability of allowing slight discrepancies in the sequence number, as taught by Link, to improve efficiency of the network by decreasing the number of re-synchronizations while maintaining security by not allowing sequencing numbers that are far off, which indicates an attack.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495