TREATMENT OF MALICIOUS USER EQUIPMENT IN A WIRELESS COMMUNICATION NETWORK

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority It is noted that the present application is a 371 National Phase Patent Application of PCT/SE2021/050205, for which the 371(c) filing date is March 09, 2021. Response to Arguments Applicant’s arguments, see page 7, filed 01/05/2026, with respect to claims 4 and 11, 35 U.S.C. § 112(b) have been fully considered and are persuasive. The rejection of claims 4 and 11 has been withdrawn. Applicant’s arguments, see pages 8-11, filed 01/05/2026, with respect to claims 1-15, 35 U.S.C. § 102 & 103 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1-2, 5, 7-9, 12, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Koral (US-20220286853-A1) in view of Yadav (US-20190207976-A1) in further view of RYOO (US-20190191483-A1). Regarding Claim 1, Koral discloses a method for handling radio communication of a malicious user equipment, UE (par.25, Fig.2:20, network equipment), in a wireless communication network (paragraph [0025], Fig.2, "the network management device 10 can communicate with network equipment 20 (network devices, user equipment devices, etc.), either directly or indirectly via one or more eNBs, gNBs, or other devices (not shown), via one or more communication networks."), the method being performed by a network node (paragraph [0018], Fig.1:10, "The network management device 10, when implemented in this manner, can reside on the same communication network as the network equipment 20 or on a different network (e.g., such that the controller can communicate with respective network devices via a separate system)…network management device 10 can include, or have the functionality of, an Open Radio Access Network (Open RAN or O-RAN) RAN Intelligent Controller (RIC)…Examples of a network management device 10 implemented in this manner are described in further detail below with respect to FIGS. 3 and 5. Also or alternatively, the network management device 10 can include and/or otherwise interact with any other suitable network device or devices, such as a base station, an access point, an eNB or gNB," and paragraph [0027], Fig.2, "To mitigate the risk of network service disruption described above, the network management device 10 shown in system 200 can utilize modified network functions," (i.e., network management device in paragraph 18 can be any function of RIC or reside in an access point, an eNB or gNB.)), wherein the method comprises comprising: obtaining information identifying the malicious UE attached to the wireless communication network (paragraph [0033], "signaling messages sent by network equipment 20 to the base station 40 can be monitored to determine their frequency, e.g., by a signaling monitor component 210 as described above. This monitoring can be performed by the base station 40 for the network equipment 20, or alternatively a network packet analyzer and/or other suitable network entities can be utilized to perform the monitoring. Information relating to the frequency of signaling events can then be provided to an aggressive device detection/reassignment module 312 associated with a RAN controller 310 that provides network monitoring and control functionality for the underlying communication network or a portion of the network (e.g., a portion corresponding to a geographical region, etc.)." and paragraph [0034], Fig.3, "The aggressive device detection/reassignment module 312 shown in system 300 can detect aggressive devices…" (i.e., a module 312 detecting an aggressive devices such as network.)); and performing at least one action (par.51, perform various measures) to deter (paragraph [0028], "The network management device 10 shown in system 200 further includes a device classification component that, in response to the signaling event frequency associated with the network equipment 20 as detected by the signaling monitor component 210 being greater than a frequency threshold, can classify the network equipment 20 as aggressive network equipment." and paragraph [0051], Fig.8, "In an aspect, a restrictive MMF 32 can perform various measures to facilitate access to network services by aggressive devices while avoiding overload conditions. For instance, a restrictive MMF 32 can set up a stricter threshold of accepted requests per device than a standard MMF 30 due to all of the devices handled by the restrictive MMF 32 being classified as aggressive." (i.e., The limitation "without terminating the radio communication" is read as any action to deter the malicious UE except for terminating communication. This is describing a scenario wherein a malicious UE that is already connected to the network can be reassigned to a different MMF.)). However, Koral does not disclose wherein performing the at least one action comprises transmitting an anonymous response message to the malicious UE, the anonymous response message being a non-relevant message to the malicious UE, in response to a radio resource control (RRC) connection request from the malicious UE. Yadav discloses performing at least one action to deter (paragraph [0080], Fig.3, "In using tunneling to forward malicious user access requests from the network environment 302 to the decoy network environment 304, the malicious user can be unaware or agnostic that the access requests are actually being sent from the network environment 302 to the decoy network environment 304. Accordingly, the malicious user can be tricked into thinking that they are actually interacting with the network environment 302." (i.e., having the network environment 304 responding to the malicious UE instead of network environment 302 is reading on as sending anonymous response message. A scenario wherein the malicious UE is attempting to access the network, this will be clear with RYOO reference.)), the anonymous response message being a non-relevant message to the malicious UE, in response to a (paragraph [0082], Fig.3, "In response to network service access requests received from the network environment 302, the decoy network environment 304 can generate network service access responses. Network service access responses can include actual responses to fill network service access requests or dummy or fake responses to network service access responses." (i.e., sending dummy or fake responses to network access.)), Koral and Yadav are considered to be analogous to the claimed invention because they are solving the same problem of managing malicious users that are attempting to gain access to the network. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral to implement the method of Yadav as there is a need for gathering network intrusion counter-intelligence in order to prevent future attacks or access and Yadav discloses of reduce a risk of a breach by employing a decoy environment (Yadav, paragraph [0019], “The disclosed technology addresses the need in the art for gathering network intrusion counter-intelligence.” and paragraph [0078], “implementing the decoy network environment 304 separate from an enterprise network can reduce a risk that the decoy network environment 304 is breached, thereby exposing the entire enterprise network to a malicious user.”). However, Koral in view of Yadav do not explicitly disclose in response to a radio resource control (RRC) connection request from the malicious UE. RYOO discloses in response to a radio resource control (RRC) connection request from the malicious UE in response to a radio resource control (RRC) connection request from the malicious UE (paragraph [0085], "switching from the RRC connected state 210 to the RRC inactive state 220 may be caused by a connection inactivation message or a connection deactivation message, and switching from the RRC inactive state 220 to the RRC connected state 210 may be caused by a connection resumption message or a connection activation message.…" and paragraph [0235], Fig.16:1610:1620:1630, "More specifically, at step 1620, the terminal 110 in the RRC inactive state 1610 may transmit an RRC connection request message to the base station 120." and paragraph [0236], "At step 1630, the base station 120 may transmit an RRC connection response message to the terminal 110." (i.e., malicious UE attempting to reconnect to the base station. Examiner is reading "without terminating" as in the UE is RRC inactive state thus still able to communicate with the UE but before the RRC connected.)). Koral in view of Yadav and RYOO are considered to be analogous to the claimed invention because they are in the same field Security arrangements; Authentication; Protecting privacy or anonymity. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral to use the method of RYOO of RRC connection since the RRC connection messages are the new 5G feature in order for the UE to connect to the base station as its power efficient (RYOO, paragraph [0063]), and also improve the general network of Koral for increase radio resource usage efficiency (RYOO, paragraph [0026], “the reduction of RRC release messages for RRC state transition can increase the cost efficiency by reducing the power consumption of the 5G base station (RU or TRP), and can increase the radio resource usage efficiency by reducing the ambient interference between 5G cells.”). Regarding Claim 2, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 1. Koral further discloses further comprising: controlling allocation of resources to the malicious UE to allow the malicious UE to retain the radio communication with the wireless communication network (paragraph [0048], "Rather than merely blocking aggressive devices, the restrictive MMF 32 can be configured to still provide service to aggressive devices that are associated with benign users," and paragraph [0051], “a restrictive MMF 32 can set up a stricter threshold of accepted requests per device than a standard MMF 30 due to all of the devices” and paragraph [0053], “MMF 32 that can compute and assign a time delay to aggressive network equipment via a delay manager component 910…the delay manager component 910 can refrain from involving one or more other network functions, such as those shown in FIG. 7,” (i.e., MMF 32 still providing service with a stricter threshold and control allocation of resources to the malicious UE such as refrain other network functions.)). Regarding Claim 5, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 1. Koral further discloses performing at least one action to deter a possible malicious attack on said wireless communication network by the malicious UE (paragraph [0056], Fig.10, "As shown in FIG. 10, the restrictive MMF 32 of system 1000 includes a malicious activity detection component 1010 that can determine whether network equipment 20 is engaging in malicious activity." and paragraph [0057], "In response to determining that network equipment 20 is engaging in malicious behavior, the malicious activity detection component 1010 can apply a specialized policy" (i.e., MMF 32 can detect malicious behavior and responds to the behavior by applying a policy.)). Regarding Claim 7, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 1. Koral further discloses wherein the network node is one or more of: a radio network including a base station (paragraph [0018], Fig.1:10, "The network management device 10, when implemented in this manner, can reside on the same communication network as the network equipment 20 or on a different network (e.g., such that the controller can communicate with respective network devices via a separate system)…network management device 10 can include, or have the functionality of, an Open Radio Access Network (Open RAN or O-RAN) RAN Intelligent Controller (RIC)…Examples of a network management device 10 implemented in this manner are described in further detail below with respect to FIGS. 3 and 5. Also or alternatively, the network management device 10 can include and/or otherwise interact with any other suitable network device or devices, such as a base station, an access point, an eNB or gNB,"), a non-real time RIC (paragraph [0018], “) …network management device 10 can include, or have the functionality of, an Open Radio Access Network (Open RAN or O-RAN) RAN Intelligent Controller (RIC)…”), a core network including access and mobility management function, AMF, mobility management entity, MME (paragraph [0048], Fig.2:32, "In an aspect, a restrictive MMF 32 can be an MMF (e.g., an AMF, a MME, etc.)… the restrictive MMF 32 can be configured to still provide service to aggressive devices that are associated with benign users, e.g., devices that are aggressive due to a design fault, devices that are compromised by an attacker without the knowledge of the user, etc." (i.e., the MMF could be AMF or MME.)). Regarding Claim 8, which is similar in scope to claim 1, thus rejected under the same rationale. Regarding Claim 9, which is similar in scope to claim 2, thus rejected under the same rationale. Regarding Claim 12, which is similar in scope to claim 5, thus rejected under the same rationale. Regarding Claim 14, which is similar in scope to claim 7, thus rejected under the same rationale. Regarding Claim 15, which is similar in scope to claim 1, thus rejected under the same rationale. Examiner further notes Koral disclose a non-transitory computer readable medium (Koral, Fig.1:16, and paragraph [0017], “a non-transitory machine-readable medium as described herein can include executable instructions that, when executed by a processor, facilitate performance of operations.”). Claim(s) 4, and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koral (US-20220286853-A1) in view of Yadav (US-20190207976-A1) in view of RYOO (US-20190191483-A1) in further view of ZHANG (US-20150009939-A1). Regarding Claim 4, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 2. However, Koral in view of Yadav in further view of RYOO do not disclose wherein the step of controlling allocation of resources to the malicious UE comprises: scheduling a pre-determined number of resource blocks to the malicious UE. Zhang discloses wherein the step of controlling allocation of resources to the malicious UE comprises: scheduling a pre-determined number of resource blocks to the malicious UE (paragraph [0068], Fig.1, “101, Obtain the number N.sub.0 of an RB that a network side device of a communication system can assign to one UE and the one UE can schedule in maximum.” and paragraph [0072], “102, Calculate a resource indication value RIV according to the number N.sub.0 of the RB which the network side device of the communication system can assign to the one UE and the UE can schedule in maximum” (i.e., Scheduling resource assigned to the UE via a resource indication value (RIV) in DCI.)). Koral in view of Yadav in further view of RYOO and Zhang are considered to be analogous to the claimed invention because they are in the same field wireless communication. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral in order to implement the method of Zhang (Zhang, Fig.1) to allocate resource to the user device that could be the malicious device as it would save number of bits used by resource indication and lower signaling cost (Zhang, abstract, “In contrast to the prior art, it may save the number of bits used by the resource indication and lower signaling cost.”). Regarding Claim 11, which is similar in scope to claim 4, thus rejected under the same rationale. Claim(s) 6 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koral (US-20220286853-A1) in view of Yadav (US-20190207976-A1) in view of RYOO (US-20190191483-A1) in further view of WANG (US-20210014689-A1). Regarding Claim 6, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 5. Koral further discloses wherein performing at least one action to deter a possible malicious attack on said wireless communication network by the malicious UE comprises one or more of: sending a response to the received packet (paragraph [0057], Fig.10, "By way of example, the malicious activity detection component 1010 can send malicious network equipment 20 an error code or other notification that blocks the network equipment 20 from the network for a defined period of time." (i.e., sending a response to the network device 20 based on malicious activity.)). Yadav further discloses forwarding the received packet to an intrusion analysis tool (paragraph [0037], “the network traffic monitoring system 100 can include a data mover module 108 for retrieving data from the collectors 106 and making the data available to network clients, such as the components of the analytics engine 110.” and paragraph [0039], “The analytics engine 110 can be provided with examples of network states corresponding to an attack…” and paragraph [0040], “the analytics engine 110 can be used to identify observations which differ from other examples in a dataset. For example, if a training set of example data with known outlier labels exists, supervised anomaly detection techniques can be used.”), Logging information associated with the received packet (paragraph [0046], “The process attributes 136 relate to process data corresponding to each flow, and can include process name (e.g., bash, httpd, netstat, etc.), ID, parent process ID, path (e.g., /usr2/username/bin/, /usr/local/bin, /usr/bin, etc.), CPU utilization, memory utilization, memory address, scheduling information, nice value, flags, priority, status, start time, terminal type, CPU time taken by the process, the command that started the process, and information regarding a process owner (e.g., user name, ID, user's real name, e-mail address, user's groups, terminal information, login time, expiration date of login, idle time, and information regarding files and/or directories of the user).”), However, Koral in view of Yadav in further view of RYOO do not disclose ignoring to send a response to the received packet. WANG discloses ignoring to send a response to the received packet (paragraph [0053], Fig.3, "In an embodiment of the present disclosure, the request signaling that is initiated by the rogue device and that is related to access to the wireless communication network includes: a random access request, an RRC connection request, and a connection establishment completion message. Ignoring the request signaling may indicate not responding to the request signaling, for example, not performing resource allocation for the request signaling." and paragraph [0078], "If the same terminal repeatedly initiates the random access request, a random access channel (RACH) request message of the terminal may be ignored and not responded to." (i.e., not responding to the RACH/RRC connection request message sent by the rogue device.)). Koral in view of Yadav in further view of RYOO and WANG are considered to be analogous to the claimed invention because they are in the same field wireless communication. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral to incorporate of ignoring requests received from the malicious device (Koral, Fig.2:20, network device) in order to save resources for the network that could be used for other non-rogue devices in the network and might encourage the rogue device to be removed without using additional resources. Regarding Claim 13, which is similar in scope to claim 6, thus rejected under the same rationale. Claim(s) 3 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koral (US-20220286853-A1) in view of Yadav (US-20190207976-A1) in view of RYOO (US-20190191483-A1) in view of in view of WANG (US-20210014689-A1) in further view of HAN (US-20180262911-A1). Regarding Claim 3, Koral in view of Yadav in further view of RYOO discloses all the limitation of claim 1. However, Koral in view of Yadav in further view of RYOO do not disclose transmitting a response message to the malicious UE in response to a retransmitted request message from the malicious UE, or ignoring to respond to the malicious UE. HAN discloses wherein the step of performing at least one action to deter serving the malicious UE without terminating the radio communication of the malicious UE with the wireless communication network comprises one or more of: transmitting a response message (par.74, ACK messages) to the malicious UE in response to a retransmitted request message from the malicious UE (paragraph [0073], Fig.2:223, "At a step 223, the two access points 120 detecting the message each send ACK messages 162 to the rogue station 152. This has the effect that the ACK message 162 from the destination is broken by one or more ACK messages 162 from the access points 120." and paragraph [0074], "At a step 224, the rogue station 152, not having received an (unbroken) ACK message 162 from the destination, assumes that its original message 161 was not received. The rogue station 152 waits some amount of time and retries sending the original message. The method 200 returns to the step 221, where it repeats until the rogue station 152 gives up."(i.e., Access point 120 determines there is a rogue device par.60-65 and when the rogue device sent a message, the Rogue device receives multiple ACK that believes is broken up and therefor retries again until it gives up.)). Koral in view of Yadav in further view of RYOO and HAN are considered to be analogous to the claimed invention because they are in the same field wireless communication. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral to have incorporated HAN of sending multiple ANK in order to deter the malicious or rogue device from continuous attempting to gain resources of the wireless network (HAN, abstract, “When the rogue device retries sending of its message, the responsive ACK message is similarly interfered with, until the rogue device concludes that its connection has been lost.”). However, Koral in view of Yadav in view of RYOO in further view of HAN do not disclose ignoring to respond to the malicious UE. WANG discloses wherein the step of performing at least one action to deter or delay serving the malicious UE without terminating the radio communication of the malicious UE with the wireless communication network comprises one or more of (Examiner points to Fig.3 wherein the access network either 102, 103 performs the step of deter serving the malicious UE): ignoring to respond to the malicious UE (paragraph [0053], Fig.3, "In an embodiment of the present disclosure, the request signaling that is initiated by the rogue device and that is related to access to the wireless communication network includes: a random access request, an RRC connection request, and a connection establishment completion message. Ignoring the request signaling may indicate not responding to the request signaling, for example, not performing resource allocation for the request signaling." and paragraph [0078], “If the same terminal repeatedly initiates the random access request, a random access channel (RACH) request message of the terminal may be ignored and not responded to.” (i.e., Actively ignoring the RRC connection request or random access request. Examiner further notes paragraph 78 when the terminal repeatedly initiates a message, that message can be ignored.)). Koral in view of Yadav in view of RYOO in further view of HAN and WANG are considered to be analogous to the claimed invention because they are in the same field wireless communication. Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Koral to incorporate of ignoring requests received from the malicious device (Koral, Fig.2:20, network device) in order to save resources for the network that could be used for other non-rogue devices in the network and might encourage the rogue device to be removed without using additional resources. Regarding Claim 10, which is similar in scope to claim 3, thus rejected under the same rationale. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Erkin S. Abdullaev whose telephone number is (571)272-4135. The examiner can normally be reached Monday - Friday - 8:00 am - 5:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wesley Kim can be reached at (571)272-7867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. ERKIN S. ABDULLAEV Examiner Art Unit 2648 /ERKIN ABDULLAEV/Examiner, Art Unit 2648 /WESLEY L KIM/Supervisory Patent Examiner, Art Unit 2648