DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
Claims 1,8 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1,8 recite “receiving, by an AMF, an N2 message broadcast by a genuine base station (gNB).” The specification, however, does not provide written description support for an N2 message being broadcast to (and received by) the AMF. Rather, the specification uses “broadcast” solely in the context of air-interface/system information transmissions from a gNB/eNB to a UE. For example, the specification explains that paging is “broadcast… over a radio link” by each gNB/eNB (Spec., ¶[6]) and that a gNB “broadcasts/transmits” a TAI in SIB1 (Spec., ¶[49]), with additional descriptions repeatedly referring to a genuine/fake gNB “broadcasting” its TAI/TAC in its cell (e.g., Spec., ¶¶[85], [94], [118]). In contrast, when describing N2 signaling, the specification states only that the AMF receives an N2 message from a genuine gNB (Spec., ¶[21]) and that the genuine gNB “sends the N2 Message… to the AMF” (Spec., ¶[119]), including examples such as an “N2 Initial UE message” and/or “N2 Notification procedure” (Spec., ¶[94]). Nowhere does the specification describe the N2 message itself as being “broadcast,” nor does it describe an AMF receiving any N2 message via broadcast. Accordingly, the specification fails to reasonably convey possession of the claimed subject matter requiring an AMF to receive an N2 message broadcast by a gNB.
Furthermore, the claimed limitation requiring an AMF to receive a broadcast N2 message from a base station is technically inconsistent with the architecture of a 5G network. In a 5G system, the N2 interface is the control-plane interface between the base station (gNB) in the access network and the Access and Mobility Management Function (AMF) in the core network. Communications over the N2 interface occur over the network backhaul using standard network transport protocols and are direct signaling messages exchanged between specific network nodes. By contrast, the term “broadcast” refers to wireless transmissions over the air interface from the base station to user equipment (UE), where the same radio signal is transmitted to multiple devices within coverage of the cell. Because the AMF is not a wireless device and does not receive radio broadcast transmissions from the base station, it cannot receive a broadcast message over the air interface. Instead, the base station communicates with the AMF through directed signaling over the wired or backhaul network via the N2 interface. Accordingly, an AMF receiving a broadcast N2 message from a base station is not consistent with how N2 signaling operates in a 5G network architecture.
For purposes of examination, the limitation “receiving, by the AMF, a broadcast N2 message from the base station” will be interpreted as the AMF receiving an N2 message transmitted from the base station. This interpretation is applied because N2 signaling occurs as directed communication between the base station and the AMF, rather than as a broadcast transmission. Accordingly, the limitation will be treated as requiring that the AMF receives an N2 message from the base station during further examination of the claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1,4,8,11 are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP ( “3GPP TR 33.809 V0.110, hereinafter 3GPP” ), in view of Park et al. (US 20200329524, hereinafter Park)
Regarding claim 1, 3GPP discloses a method performed by an access and mobility management function (AMF) entity in a wireless network, the method comprising:
receiving an initial non-access stratum (NAS) message from a user equipment (UE) (Page 23: Section 6.5.2: Par. 2: Lines 4-5; The UE sends a NAS message to the AMF);
receiving an N2 message from a genuine base station (Page 23: Section 6.5.2: Par. 2: Lines 2-3; The gNB forwards a message to the AMF through the N2 interface; A message sent through the N2 interface is a N2 message);
identifying at least one parameter received in the initial NAS message, and at least one parameter received in the N2 message (Page 23: Section 6.5.2: Par. 2; The N2 message includes “Location Info-gNB”. The NAS message includes “Location Info-UE”. The AMF identifies these parameters and compares them);
and sending a NAS reject message including the at least one parameter received in the N2 message to the UE in response to determining that the at least one parameter received in the initial NAS message do not match with the at least one parameter received in the N2 message (Page 23: Section 6.5.2: Par. 6; If the AMF determines that the Location Info-UE and Location Info-gNB are inconsistent, a registration reject message is sent with the location positioning of the UE (parameter sent by N2 message); Registration reject messages sent from the AMF to the UE are NAS messages are NAS messages).
3GPP further discloses that if the AMF determines that the Location Info-UE and Location Info-gNB are consistent, subsequent procedures are normally performed (Page 23: Section 6.5.2: Par. 5) but does not disclose the subsequent procedures include sending a NAS accept message with indication to the UE.
Park, however, discloses a UE sending a NAS registration request message (Par. 171: Lines 5-6; The UE may send a RRC message; Par. 171: Lines 10-13; The RRC message may comprise a NAS registration request message) and the subsequent procedure of the AMF sending a NAS accept message to the UE (Par. 174: Lines 5-8; The AMF sends a NAS accept message to the UE).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have the AMF send a NAS accept message with indication to the UE when the parameters received in the NAS message and the N2 message match, as taught by Park, because sending a NAS accept message is an obvious subsequent procedure following the NAS registration request message and informs the UE that the registration procedure has been successfully completed.
Regarding claim 4 as applied to claim 1, 3GPP discloses wherein the initial NAS message is protected based on a NAS security context (Section 6.5.2: Par. 3: Lines 1-2; Initial NAS message can be protected by the NAS protection mechanism).
Regarding claim 8, the rejection of claim 1 addresses all the limitations presented in claim 8. Therefore, all the limitations of claim 8 have been addressed.
An AMF capable of performing the recited functions necessarily includes a memory and a processor operably coupled to the memory.
Regarding claim 11 as applied to claim 8, the rejection of claim 4 addresses all the limitations in claim 11. Therefore, all the limitations of claim 11 are addressed.
Claims 2, 9 are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP ( “3GPP TR 33.809 V0.110, hereinafter 3GPP” ), in view of Park et al. (US 20200329524, hereinafter Park) in further view of Kim et al. (US 20180227699 A1, hereinafter Kim).
Regarding claim 2 as applied to claim 1, 3GPP discloses storing at least one of the at least one parameter received in the initial N2 message (Section 6.5.2: Par. 2: Lines 2-4; Location information reported by the gNB via the N2 message is stored by the AMF).
3GPP in view of Park does not disclose storing the at least one parameter received in the initial NAS message.
Kim, however, discloses storing the at least one parameter received in the initial NAS message (Par. 185: Lines 1-5; AMF stores location information of the UE sent through NAS message).
Therefore, it would have been obvious to person of ordinary skill in the art before the effective filing date of the applicants claimed invention to have incorporated the ability to store the parameters included in the NAS message of Kim, with the ability to store the parameters included in the N2 message of 3GPP in view of Park, to provide the AMF with a complete record of both UE and gNB reported information. This would allow for consistent checks across both sets of parameters to improve detection of mismatches.
Regarding claim 9 as applied to claim 8, the rejection of claim 2 addresses all the limitations presented in claim 9. Therefore, the limitations of claim 9 are addressed.
Claims 3,10 are rejected under 35 U.S.C. 103 as being unpatentable over 3GPP ( “3GPP TR 33.809 V0.110, hereinafter 3GPP” ) in view of Park et al. (US 20200329524, hereinafter Park) in further view of Kim et al. (US 20190007500 A1, hereinafter Kim2).
Regarding claim 3 as applied to claim 1, 3GPP in view of Park does not disclose wherein each of the at least one parameter received in the initial NAS message and the at least one parameter received in the N2 message comprises at least one of a tracking area identity (TAI), a closed group identifier (CAG ID), and a physical cell identifier (PCI).
Kim2, however, discloses wherein each of the at least one parameter received in the initial NAS message and the at least one parameter received in the N2 message comprises at least one of a tracking area identity (TAI), a closed group identifier (CAG ID), and a physical cell identifier (PCI) (Par. 297: Lines 1-4; The NAS registration request includes the last visited TAI, and a N2 message including the NAS registration request is sent to the AMF; The N2 message also includes the TAI).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the applicants claimed invention to have incorporated the teachings of Kim2 regarding the inclusion of parameters such as TAI, into the method of 3GPP in view of Park. Doing so would allow the AMF to compare additional mobility and cell identifiers when validating UE and RAN reported information, thereby improving security.
Regarding claim 10 as applied to claim 8, the rejection of claim 3 addresses all the limitations presented in claim 10. Therefore, the limitations of claim 10 are addressed.
Claims 5, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 20200344605, hereinafter Lee) in view of Moisanen et al. (US 20170215132, hereinafter Moisanen) in further view of 3GPP ( “3GPP TR 33.809 V0.110, hereinafter 3GPP” )
Regarding claim 5, Lee discloses a method performed by a user equipment (UE) in a wireless network, the method comprising:
receiving a system information block (SIB) from each of a genuine base station and a fake base station, wherein the SIB comprises at least one parameter including at least one of a tracking area identity (TAI), and a closed access group identifier (CAG ID) (Par. 105: Lines 1-4; A verified base station may send a SIB to a UE; Par. 105: Lines 6-14; A fake base station may receive and modify the set of information (SIB), and transmit this modified SIB to the UE; Par. 98: Lines 6-10; Parameters for the SIB include (TAC); A TAC included means the TAI is included as the TAC is a part of the TAI).
Lee does not disclose including the at least one parameter in an initial non-access stratum (NAS) message, wherein the at least one parameter is selected from one of the genuine base station and the fake base station based on a signal strength of the one of the genuine base station and the fake base station,
sending the initial NAS message with the at least one parameter to an access and mobility function (AMF) entity;
and receiving a NAS reject message including at least one parameter sent by the genuine base station from the AMF entity, in case that the at least one parameter does not match at least one parameter sent by the genuine base station.
Moisanen, however, discloses wherein the at least one parameter is selected from one of the genuine base station and the fake base station based on a signal strength of the one of the genuine base station and the fake base station (Par. 24: Lines 8-11; A fake base station can copy parameters from an authentic cell and pretend to be the authentic base station; Par. 25: Lines 1-7; A UE may select a fake cell if it detects a stronger transmitting signal that the surrounding cells; Par. 33: Lines 12-18; When the UE selects the fake cell, the UE receives the system parameters from the false base station to make the UE ready to communicate with the false base station).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Moisanen such that the at least one parameter is selected from one of the genuine base station and the fake base station based on signal strength, because selecting the parameters of the stronger detected cell would have been a predictable way to use the cell on which the UE is most likely to camp during cell selection or reselection, thereby allowing the UE to proceed using the system information of the cell actually chosen for access and improving consistency between cell selection and subsequent access procedures.
Lee in view of Moisanen does not disclose including the at least one parameter in an initial non-access stratum (NAS) message, sending the initial NAS message with the at least one parameter to an access and mobility function (AMF) entity;
and receiving a NAS reject message including at least one parameter sent by the genuine base station from the AMF entity, in case that the at least one parameter does not match at least one parameter sent by the genuine base station.
3GPP, however, discloses including at least one parameter in an initial non-access stratum (NAS) message (Page 23: Section 6.5.2: Par. 2: Lines 4-5; The UE sends a NAS message to the AMF that includes Location-Info UE (parameter)), sending the initial NAS message with the at least one parameter to an access and mobility function (AMF) entity (Page 23: Section 6.5.2: Par. 2: Lines 4-5; The UE sends a NAS message to the AMF that includes Location-Info UE (parameter));
and receiving a NAS reject message including at least one parameter sent by the genuine base station from the AMF entity, in case that the at least one parameter does not match at least one parameter sent by the genuine base station (Page 23: Section 6.5.2: Par. 6; If the AMF determines that the Location Info-UE and Location Info-gNB (sent by the base station) are inconsistent, a registration reject message is sent from the AMF to the UE indicating the location positioning of the UE (parameter); Registration reject messages are in the form of a NAS message).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to further modify Lee in view of Moisanen with 3GPP such that the UE includes the at least one parameter in an initial NAS message, sends the initial NAS message with the parameter to the AMF entity, and receives a NAS reject message including the at least one parameter sent by the genuine base station when the parameters do not match, because providing the selected cell-related parameter to the AMF and allowing the AMF to compare it with corresponding base-station-provided information would have been a predictable way to verify whether the UE is attempting access through a legitimate cell, thereby improving detection of spoofed or inconsistent cell information and reducing the likelihood of the UE continuing registration based on false broadcast information.
Regarding claim 12, the rejection of claim 5 addresses all the substantive method limitations. Claim 12 further recites that the UE comprises a memory, processor, and controller, which are inherent components of a UE in a wireless network configured to perform the recited functions. Therefore, all the limitations of claim 12 are addressed by the rejection of claim 5.
Claims 6,7,13,14 are rejected under 35 U.S.C. 103 as being unpatentable Lee et al. (US 20200344605, hereinafter Lee) in view of Moisanen et al. (US 20170215132, hereinafter Moisanen) in further view of 3GPP ( “3GPP TR 33.809 V0.110, hereinafter 3GPP” ) in further view of Park et al. (US 20200329524, hereinafter Park) in further view of Kunz et al. (US 20200288320, hereinafter Kunz)
Regarding claim 6 as applied to claim 5, the Lee in view of Moisanen in further view of 3GPP, do not disclose detecting that the UE is camped on the genuine base station in response to receiving a NAS accept message from the AMF entity, and
detecting that the UE is camped on the fake base station in response to receiving the NAS reject message from the AMF entity and performing at least one action to mitigate a man in the middle (MitM) attack.
3GPP, however, discloses performing subsequent procedures in response to determining that the parameters included in the NAS message and N2 message in the registration request are consistent and sending, from the AMF to the UE, a registration reject message in response to the parameters being inconsistent (Page 23: Section 6.5.2: Par. 2,5 and 6). Furthermore, Park discloses that subsequent procedures to a registration request message include a registration accept message (Par. 171: Lines 5-6; The UE may send a RRC message; Par. 171: Lines 10-13; The RRC message may comprise a NAS registration request message; Par. 174: Lines 5-8; The AMF sends a NAS accept message to the UE). Because 3GPP discloses continuation of the registration procedure when parameters match and Park discloses that such continuation includes a NAS registration accept message, the UE receives a NAS accept message when the parameters are consistent, indicating connection to a valid base station.
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lee in view of Moisanen in further view of 3GPP with the teachings of Park such that the UE treats receipt of a NAS registration accept message as indicating successful network registration and receipt of a NAS reject message as indicating unsuccessful registration due to inconsistent parameters, because using the outcome of the registration procedure to determine whether network access is valid or invalid improves the UE’s ability to avoid connecting to rogue or misconfigured base stations and thereby enhances network security and reliability.
Lee in view of Moisanen in further view of 3GPP in further view of Park does not disclose detecting that the UE is camped on the fake base station in response to receiving the NAS reject message from the AMF entity and performing at least one action to mitigate a man in the middle (MitM) attack.
Kunz, however, discloses detecting that the UE is camped on the fake base station in response to receiving the NAS reject message from the AMF entity and performing at least one action to mitigate a man in the middle (MitM) attack (Par. 71: Lines 4-9; The AMF may transmit a NAS reject message to the UE if parameters don’t match; Par. 71: Lines 9-13; The UE may determine that it is camping at a false base station and perform cell reselection (mitigate attack)).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lee in view of Moisanen in further view of 3GPP and Park with the teachings of Kunz such that, upon receipt of a NAS reject message indicating inconsistent parameters, the UE determines that it is camped on a false base station and performs cell reselection, because enabling the UE to react to rejected registration attempts by leaving a suspected rogue cell improves network security and prevents continued communication through a potential man-in-the-middle attacker.
Regarding claim 13 as applied to claim 12, the rejection of claim 6 addresses all the limitations presented in claim 13. Therefore, the limitations of claim 13 are addressed.
Regarding claim 7 as applied to claim 6, the combination of Lee, Moisanen, 3GPP, and Park does not disclose wherein performing the at least one action comprises at least one of:
performing a cell-reselection procedure, and selecting a suitable cell other than a current cell;
entering a 5th generation mobility management (5GMM) deregistered limited service state or a 5GMM deregistered public land mobile network (PLMN) search state;
performing a radio resource control (RRC) re-establishment procedure in the suitable cell; and
performing a registration procedure for a mobility registration and a periodic registration update from the suitable cell.
Kunz, however, discloses wherein performing the at least one action comprises:
performing a cell-reselection procedure, and selecting a suitable cell other than a current cell (Par. 85: Lines 1-5; UE will perform cell reselection if it detects a false base station);
entering a 5th generation mobility management (5GMM) deregistered limited service state or a 5GMM deregistered public land mobile network (PLMN) search state (No patentable weight given due to the optional language “at least one of”);
performing a radio resource control (RRC) re-establishment procedure in the suitable cell (No patentable weight given due to the optional language “at least one of”); and
performing a registration procedure for a mobility registration and a periodic registration update from the suitable cell (No patentable weight given due to the optional language “at least one of”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the applicant’s claimed invention to have incorporated the teaching of Kunz regarding the UE’s use of cell reselection into the method of Lee in view of Moisanen in further view of 3GPP in further view of Park. Doing so would provide the UE with standardized recovery mechanisms when detecting that it is camped on a fake base station, thereby ensuring service continuity, maintaining security, and mitigating attacks.
Regarding claim 14 as applied to claim 12, the rejection of claim 7 addresses all the limitations presented in claim 14. Therefore, the limitations of claim 14 are addressed.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FABIAN BOTELLO whose telephone number is (571)272-4439. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wesley Kim can be reached at (572) 272-7867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/FABIAN BOTELLO/Examiner, Art Unit 2648
/WESLEY L KIM/Supervisory Patent Examiner, Art Unit 2648