DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Request for Continuation filed on 12/05/2025.
In the instant Amendment, claims 1, 7, 9, 12, 14, 20, 22, and 25 have been amended, and claims 1, 9, 14, and 22 are independent claims. Claims 1-7, 9, 11-12, 14-20, 22, and 24-25 have been examined and are pending.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/05/2025 has been entered.
Response to Arguments
In light of Applicant’s amendments, the 112 (b) rejection related to the antecedent basis in claims 7, 12, 20, and 25, has been withdrawn.
Applicant's 112 arguments filed 12/05/2025 have been fully considered but they are not persuasive. Applicant called fig. 6 and para [0056], [0068], and [0076], but those portions at most disclose use of latest Kausf, creation of new Kausf, and deletion of new Kausf after Authentication Reject. They do not disclose the claimed “second information corresponding to a first information” or that the second information is derived when the first information is included in the message. The 112 (a) and (b) rejection are maintained.
Applicants’ arguments filed on 12/05/2025 with respect to the 103 rejection of claims 1-20 have been considered but are moot in view of the new ground(s) of rejection, which were necessitated by amendment.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The limitation " The specification describes deletion of Kausf on Authentication Reject, EAP failure, NAS Acknowledgment, or Timer conditions, but does not reasonably convey possession of deleting the first security key based on a second information correspond to a first information, where the second information is derived in a case where the first information is included in the message.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1- are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 9, 14, and 22 recite “a first security key….is deleted based on a second information corresponding to a first information of the communication terminal, and the second information is derived in a case where the first information of the communication terminal is included in the message.”. The scope of this limitation is unclear. The claims do not define what is constitutes the “second information” how the second information “correspond” to the first information, or what degree or type of correspondence is required. The claims also do not specify how the second information is “derived” from, based on, or otherwise related to the first information, nor how the derived second information causes or controls deletion of the first security key. Accordingly, one of ordinary skills in the art would not be reasonably apprised of the metes and bounds of the claims because the claim do not clearly identify information that triggers deletion of the first security key or the required relationship between the first, second information, and the deletion of the first security key. Therefore, claims 1, 9, 14, and 20 are indefinite.
Claims 2-7, 1-12, 13-20, and 24-25 are rejected by virtue of their dependency from the indefinite independent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-7, 9, 11-12, 14-16, 18-20, 22, and 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Rajadurai et al. (U.S. PGPub. No. 20230370840 A1; Hereinafter "Rajadurai") in view of Gupta et al. (U.S. PGPub. 20230122389 A1; Hereinafter "Gupta") and further in view of TS 33.501 (“5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 16.3.0 Release 16)”, Hereinafter “TS 33.501”).
As per claims 1 and 14, Rajadurai teaches a method of a communication terminal (UE 10), the method comprising (Rajadurai: fig. 1, 4A-C, para[007], “provide authentication and key management for handling latest security key (e.g. K.sub.AUSF-2), between a UE and a wireless network”):
sending, to a core network, a message (Rajadurai: para[44-47], “FIG. 1 is a sequence diagram illustrating various operations for initiating an authentication procedure and selecting an authentication method as described in TS 33.501, according to the prior art….At step 101, the UE (10) sends a Non-access stratum (NAS) message (e.g. N1 message) to the SEAF (20), where the NAS message includes a Subscription Concealed Identifier (SUCI) or 5G-Globally Unique Temporary ID (GUTI).”); and
performing an authentication procedure for 5G Authentication and Key Agreement (AKA) (Rajadurai: para [48-54], “operations for a 5G AKA (TS 33.501) authentication procedure, according to the prior art. At step 201, the UDM (40) generates a Fifth-Generation Home Environment Authentication Vector (5G-HEAV) for each authentication get request (Nudm_Authenticate_Get Request)…. At step 207, the USIM of the UE (10) verifies the freshness of the 5G-AV by checking whether the AUTN can be accepted on receiving the RAND and the AUTN from the AMF (20). If the AUTN is accepted, then the USIM of the UE (10) computes a response (RES)…… At step 208, the UE (10) sends the RES* to the SEAF (20) in a NAS authentication response message.”),
wherein the authentication procedure for 5G AKA includes: receiving, from the core network, an authentication request message (Rajadurai: para[52-54], [81], “At step 406, the SEAF (20) (or AMF) sends the RAND, the AUTN to the UE (10) in the NAS authentication request message.”);
computing a first authentication response (Rajadurai: para[53], [82], “At step 207, the USIM of the UE (10) verifies the freshness of the 5G-AV by checking whether the AUTN can be accepted on receiving the RAND and the AUTN from the AMF (20). If the AUTN is accepted, then the USIM of the UE (10) computes a response (RES). Then the USIM of the UE (10) returns the RES, a plurality of integrity keys (IK, CK) to the UE (10). The UE (10) then determines a RES*”); and
returning, to the core network, the first authentication response in an authentication response message (Rajadurai: para [54], [83], “At step 208, the UE (10) sends the RES* to the SEAF (20) in a NAS authentication response message.”),
wherein a first security key is created in the authentication procedure for 5G AKA (Rajadurai: para[ 53], [82], “The UE (10) calculates a new K.sub.AUSF (e.g. K.sub.AUSF #2) from the CK∥IK.”, para [63], “Once authentication is successful, the UDM (40) stores an AUSF instance ID that authenticated the UE (10), while the selected AUSF instance stores key (K.sub.AUSF) is generated as part of the authentication procedure.”) and is deleted (Rajadurai: para[132], [136-138], fig. 8,“ after a primary authentication, when a new partial native 5G NAS security context is created and/or the newly created partial native 5G NAS security context is taken into use through a security mode control procedure, then the newly generated K.sub.AUSF is considered as the latest K.sub.AUSF. Otherwise, the newly created K.sub.AUSF is deleted/ignored/not taken as latest K.sub.AUSF.”).
Rajadurai does not clearly teach the first security key is deleted based on a second information corresponding to a first information of the communication terminal, and the second information is derived in a case where the first information of the communication terminal is included in the message.
However, in the related art, Gupta teaches the first security key is deleted based on a second information corresponding to a first information of the communication terminal (Gupta: para [64], [91-95], fig. 6, claim 6 “transmitting a deregistration request to the second AUSF to delete security context related to the UE in the second AUSF, and wherein deregistration request includes a identifier (ID) of the UE, and wherein the security context includes a security key stored in the second AUSF.”, claim 9 “wherein the ID of the UE is a subscription permanent identifier (SUPI) of the UE”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Rajadurai’s 5G AKA key handling procedure with Gupta’s deletion of UE security context based on UE identifying security context information so that the network can delete stale and superseded security key material associated with the UE, it would improve synchronization of key context management, avoid retaining stale security contexts, and reduce the risk of using obsolete authentication material (Gupta: para[35]).
Rajadurai in view of Gupta does not explicitly teach the second information is derived in a case where the first information of the communication terminal is included in the message.
However, in the related art, TS 33.501 teaches (TS 33.501: 7A.2.4-1, “AUSF shall send Nudm_UEAuthentication_Get Request to the UDM including SUCI. Upon reception of the Nudm_UEAuthentication_Get Request, the UDM shall invoke SIDF if a SUCI is received. SIDF shall de-conceal SUCI to gain SUPI before UDM can process the request.”. TS 33.501 further teaches that in the 5G AKA procedure, in case SUCI was included in the Nudm_UEAuthentication_Get Request, the UDM includes the SUPI in the Nudm_UEAuthentication_Get Response. Thus, SUCI corresponds to the claimed first information, and SUPI corresponds to the claimed second information derived when SUCI is included in the message.
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Rajadurai’s 5G AKA key handling procedure with the SUCI to SUPI derivation process of TS 33.501so that the network can identify the UE security context associated with the derived subscriber information, it would improve synchronization of key context management, and reduce the risk of using obsolete authentication material (TS 33.501: page 229).
Furthermore, Rajadurai also teaches the hardware components of claim 14 such as at least one memory configured to store instructions; and at least one processor configured to execute, according to the instructions (Rajadurai: fig. 10, para[152-153], “the UE (100A) includes a memory (110), a processor (120), a communicator (130), and a security key controller (140)).
As per claims 2 and 15, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches receiving, from the core network, a NAS message (Rajadurai: para[88], “At step 422, the AMF (20) sends a DL NAS transport message to the served UE (10) upon receiving the Nudm_SDM_Notification message. The AMF (20) includes in the DL NAS transport message the transparent container received from the UDM (40).”); and
replacing a second security key with the first security key upon receiving the NAS message (Rajadurai: para[88-89], “At step 423, the UE (10) calculates a UPU-MAC-I.sub.AUSF using the K.sub.AUSF #2 and verifies whether it matches the UPU-MAC-I.sub.AUSF value received in the DL NAS transport message. If successful, then the UE (20) proceeds with further procedure… however, at the home network side the authentication is considered to be successful and updates the newly generated K.sub.AUSF as the latest K.sub.AUSF. Another possible scenario is that the UE (10) considers authentication is successful if the AUTN is successfully verified.”).
As per claims 3 and 16, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches setting a session related to emergency session, wherein the first security key is not stored in the communication terminal in a case where the NAS message selects information indicating null encryption and null ciphering algorithm (Rajadurai: para[144], “K.sub.AUSF handling during emergency sessions, when the UE (100A) initiates a registration procedure with 5GS registration type IE set to “emergency registration” and the NAS SMC procedure signals use of NIA0 and NEA0, then the UE (100A) considers the Authentication procedure as failed and the newly derived K.sub.AUSF will not be considered as latest K.sub.AUSF or existing K.sub.AUSF will not be rewritten or replaced by this newly derived K.sub.AUSF.”).
As per claims 4 and 17, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches wherein the first security key is not stored in the communication terminal in a case where the NAS message selects information indicating null encryption and null ciphering algorithm (Rajadurai: para[144], “K.sub.AUSF handling during emergency sessions, when the UE (100A) initiates a registration procedure with 5GS registration type IE set to “emergency registration” and the NAS SMC procedure signals use of NIA0 and NEA0, then the UE (100A) considers the Authentication procedure as failed and the newly derived K.sub.AUSF will not be considered as latest K.sub.AUSF or existing K.sub.AUSF will not be rewritten or replaced by this newly derived K.sub.AUSF.”).
Rajadurai does not explicitly teaches establishing a Protocol Data Unit (PDU) session related to emergency session.
However, in the related art TS 33.501 teaches establishing a Protocol Data Unit (PDU) session related to emergency session (TS 33.501: 5.2.3-5, 10.2.1.1 “The UE shall first initiate a normal initial registration procedure to register with the 5G network. Upon successful normal registration, the UE initiates the UE requested PDU session establishment procedure to establish a PDU Session to receive emergency services as specified in TS 23.502 [8]. At the time of registration, the security mode control procedure shall be applied to authenticate the UE and setup NAS and AS security. Thus, integrity protection (and optionally ciphering) shall be applied to the emergency bearers as for normal bearers. If authentication fails for any reason, it shall be treated the same way as any registration. Once the IMS Emergency Session is in progress with NAS and AS integrity protection (and optionally ciphering) applied, failure of integrity checking or ciphering (for both NAS and AS) is an unusual circumstance and shall be treated as in the case of a normal bearer.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Rajadurai with the PDU session as discussed in the 3GPP, because it will enable efficient and reliable data transmission and ensure that the UE can communicate seamlessly with the network (TS 33.501: N1.).
As per claims 5 and 18, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches wherein the communication terminal considers an authentication as successful upon receiving the NAS message (Rajadurai: para[87-89], [145], “the network (AMF (200A)) explicitly indicates the result of the primary authentication to the UE (100A) in the NAS message for the primary 5G-AKA authentication method. The AMF (200A) sends authentication result to convey authentication is successful, if the result indication in the Nausf_UEAuthentication_Authenticate Response received from the AUSF (300A) by the AMF (200A) is indicated as successful.”).
As per claims 6, 11, 19, and 24, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches wherein the first security key is new Kausf (Rajadurai: para[82], “At step 407b, The UE (10) overwrites the K.sub.AUSF (e.g. old key: K.sub.AUSF #1) on the calculation of the new K.sub.AUSF (e.g. K.sub.AUSF #2),”).
As per claims 7, 12, 20, and 25, Rajadurai in view of Gupta and TS 33.501 teaches the independent claim 1. Rajadurai additionally teaches wherein the first security key is Kausf established between the communication terminal and the core network (Rajadurai: para[82], “At step 407a, the USIM of the UE (10) verifies the freshness of the 5G-AV by checking whether the AUTN can be accepted on receiving the RAND and the AUTN from the AMF (20). If the AUTN is accepted, then the USIM of the UE (10) computes a response (RES). Then the USIM of the UE (10) returns the RES, the plurality of integrity keys (IK, CK) to the UE (10). The UE (10) then determines a RES* from the RES. The UE (10) calculates a new K.sub.AUSF (e.g. K.sub.AUSF #2) from the CK∥IK.)
As per claims 9 and 22, Rajadurai teaches a method of a first core network apparatus included in a network, the method comprising (Rajadurai: fig 7 A-C, para[107], “The AMF (20) may start illustrative sequence from step 700d, for performing periodic authentication procedures or to refresh/rekeying key hierarchy (from mapped security context to native security context)”):
receiving, from a communication terminal, a message (Rajadurai: para[44-46], “FIG. 1 is a sequence diagram illustrating various operations for initiating an authentication procedure and selecting an authentication method as described in TS 33.501, according to the prior art….At step 101, the UE (10) sends a Non-access stratum (NAS) message (e.g. N1 message) to the SEAF (20), where the NAS message includes a Subscription Concealed Identifier (SUCI) or 5G-Globally Unique Temporary ID (GUTI).”);
sending, to a second core network apparatus (AUSF), a first authentication request message to initiate an authentication with a communication terminal (Rajadurai: para[107], “At step 700d, the AMF (200A) sends the Nausf_UEAuthentication_Authenticate Request message to initiate the re-authentication procedure. The AMF (200A) includes the SUPI and the serving network name in the Nausf_UEAuthentication_Authenticate Request message in case the SEAF has a valid 5G-GUTI and re-authenticates the UE (100A”); and
performing an authentication procedure for 5G Authentication and Key Agreement (AKA) (Rajadurai: para46-48], “At step 102, the SEAF (20) discovers and selects an Authentication Server Function (AUSF) (30) instance and requests the AUSF (30) to start the authentication procedure by sending a Nausf_UEAuthentication_Authenticate Request. Which includes the SUCI or a Subscription Permanent Identifier (SUPI) and a serving network name in case the SEAF (20) has a valid 5G-GUTI and re-authenticates the UE (10). At step 103, the AUSF (30) downloads information required to authenticate the user from the UDM (40) and the AUSF (30) performs an authentication procedure as defined in 3GPP TS 33.501 and TS 24.501 by sending a Nudm_UEAuthentication_Get Request to the UDM (40).”),
wherein the authentication procedure for 5G AKA includes: sending, to the communication terminal, a second authentication request message (Rajadurai: para[107-111], “At step 706, the SEAF (200A) (or AMF) sends the RAND, the AUTN to the UE (100A) in the NAS authentication request message.”),
receiving, from the communication terminal, a first authentication response in a first authentication response message (Rajadurai: para[111-113], “At step 708, the UE (100A) sends the RES* to the SEAF (200A) in the NAS authentication response message. At step 709, the UE (100A) holds storage of the new K.sub.AUSF #2 i.e., the UE (100A) does not overwrite the old K.sub.AUSF #1”); and
receiving, from the second core network apparatus, a second authentication response message corresponding to the first authentication request message (Rajadurai: para[107-110], [120], “the AUSF (300A) then removes the K.sub.SEAF sends the 5G-SEAV (i.e. RAND, AUTN, HXRES*) to the SEAF (200A) (or AMF) in the Nausf_UEAuthentication_Authenticate Response.”); and
wherein a first security key is created in the authentication procedure for 5G AKA (Rajadurai: para[82], “At step 407a, the USIM of the UE (10) verifies the freshness of the 5G-AV by checking whether the AUTN can be accepted on receiving the RAND and the AUTN from the AMF (20). If the AUTN is accepted, then the USIM of the UE (10) computes a response (RES). Then the USIM of the UE (10) returns the RES, the plurality of integrity keys (IK, CK) to the UE (10). The UE (10) then determines a RES* from the RES. The UE (10) calculates a new K.sub.AUSF (e.g. K.sub.AUSF #2) from the CK∥IK.) and is deleted (Rajadurai: para[132], [136-138], fig. 8,“ after a primary authentication, when a new partial native 5G NAS security context is created and/or the newly created partial native 5G NAS security context is taken into use through a security mode control procedure, then the newly generated K.sub.AUSF is considered as the latest K.sub.AUSF. Otherwise, the newly created K.sub.AUSF is deleted/ignored/not taken as latest K.sub.AUSF.”).
Rajadurai does not clearly teach the first security key is deleted based on a second information corresponding to a first information of the communication terminal, and the second information is derived in a case where the first information of the communication terminal is included in the message.
However, in the related art, Gupta teaches the first security key is deleted based on a second information corresponding to a first information of the communication terminal (Gupta: para [64], [91-95], fig. 6, claim 6 “transmitting a deregistration request to the second AUSF to delete security context related to the UE in the second AUSF, and wherein deregistration request includes a identifier (ID) of the UE, and wherein the security context includes a security key stored in the second AUSF.”, claim 9 “wherein the ID of the UE is a subscription permanent identifier (SUPI) of the UE”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Rajadurai’s 5G AKA key handling procedure with Gupta’s deletion of UE security context based on UE identifying security context information so that the network can delete stale and superseded security key material associated with the UE, it would improve synchronization of key context management, avoid retaining stale security contexts, and reduce the risk of using obsolete authentication material (Gupta: para[35]).
Rajadurai in view of Gupta does not explicitly teach the second information is derived in a case where the first information of the communication terminal is included in the message.
However, in the related art, TS 33.501 teaches (TS 33.501: 7A.2.4-1, “AUSF shall send Nudm_UEAuthentication_Get Request to the UDM including SUCI. Upon reception of the Nudm_UEAuthentication_Get Request, the UDM shall invoke SIDF if a SUCI is received. SIDF shall de-conceal SUCI to gain SUPI before UDM can process the request.”. TS 33.501 further teaches that in the 5G AKA procedure, in case SUCI was included in the Nudm_UEAuthentication_Get Request, the UDM includes the SUPI in the Nudm_UEAuthentication_Get Response. Thus, SUCI corresponds to the claimed first information, and SUPI corresponds to the claimed second information derived when SUCI is included in the message.
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Rajadurai’s 5G AKA key handling procedure with the SUCI to SUPI derivation process of TS 33.501so that the network can identify the UE security context associated with the derived subscriber information, it would improve synchronization of key context management, and reduce the risk of using obsolete authentication material (TS 33.501: page 229).
Furthermore, Rajadurai also teaches the hardware components of claim 22 such as at least one memory configured to store instructions; and at least one processor configured to execute, according to the instructions (Qian: fig. 11, para[163-164], “the network entity (200A) includes a memory (210A), a processor (220A), a communicator (230A), and a security key controller (240A).”).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571)-270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/L.L.N./Examiner, Art Unit 2437
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437