DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-8, 12-14, 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Liu (20230292121).
Regarding claim 1, Liu discloses, a method (fig. 4, 10 and 13) at a first network node (310, 312 and 318, fig. 4) in a first network (404, fig. 4) for jointly authenticating a user equipment (UE, fig. 4) in the first network (404, fig. 4) and a second network (402, fig. 4), the method (fig. 4, 10 and 13) comprising:
receiving, from a second network node (314, fig. 10, 13) in the second network (402, fig. 4), a first authentication request for the UE (fig. 10, step S2-3, ¶ 0089, fig. 13, , step S2-3, ¶ 0105, AMF element 314 then sends the authentication request to AUSF element 310 (S2) and inserts the encrypted subset of NAS protocol IEs in the authentication request, along with other information. AUSF element 310 then sends the authentication request to UDM element 312 (S3).);
determining whether the UE is successfully authenticated or not at least partially based on one or more authentication configurations for the first network (¶ 0090, 0106, In response to the authentication request, UDM element 312 decrypts the subset of NAS protocol IEs using the HPLMN private key i.e., using the information according to the protection scheme selected for SUCI so that the subset of NAS protocol IEs are readable. UDM element 312 also hosts functions related to the Authentication Credential Repository and Processing Function, which selects an authentication method and computes the authentication data and keying materials e.g., tokens for the AUSF element 310. UDM element 312 formats or generates an authentication response i.e., Nudm_UEAuthentication Get Response, and inserts the decrypted subset of NAS protocol IEs, the authentication vector (AV), and other information in the authentication response and AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element); and
transmitting, to the second network node (314, fig. 10, 13), a first authentication response indicating whether the UE is successfully authenticated or not based on a result of the determination (¶ 0090-0091,106-0107, fig. 10, 13, step 5, sends the authentication response to AMF element 314 (S5). AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element 314 and sends an authentication response i.e., Nausf_UEAuthentication_Authenticate Response to AMF element 314 indicating success/failure of the authentication.).
Regarding claim 2, Liu discloses in claim 1, further Liu discloses,
transmitting, to a third network node (312, fig. 10) at which the one or more authentication configurations are managed, an authentication configuration request for the UE; and receiving, from the third network node (312, fig. 10), an authentication configuration response comprising at least an authentication vector for authenticating the UE (¶ 0090, 0106, UDM element 312 formats or generates an authentication response i.e., Nudm_UEAuthentication_Get Response for AUSF/AMF, and inserts the decrypted subset of NAS protocol IEs, the authentication vector (AV), and other information in the authentication response. UDM element 312 then sends the authentication response to AUSF/AMF).
Regarding claims 3, 14, Liu discloses in claim 1, further Liu discloses,
transmitting, to the second network node (314, fig. 10, 13), a second authentication request comprising a challenge for the UE (S7, fig. 10), which is generated at least partially based on the authentication vector received from the third network node (¶ 0090-0091, UDM element 312 formats or generates an authentication response i.e., Nudm_UEAuthentication_Get Response for AUSF/AMF, and inserts the decrypted subset of NAS protocol IEs, the authentication vector (AV), and other information in the authentication response. UDM element 312 then sends the authentication response to AUSF/AMF); and
receiving, from the second network node, a second authentication response comprising a response to the challenge (¶ 0091-0092, 0107, AMF element 314 initiates a NAS security procedure to establish a NAS security context. AMF element 314 selects a NAS security algorithm or multiple algorithms for ciphering and integrity protection. AMF element 314 formats or generates a Security Mode Command message, and inserts an indicator of the NAS security algorithm(s), the ngKSI, and other information in the Security Mode Command message. AMF element 314 then sends the Security Mode Command message to UE 110 S10).
Regarding claim 4, Liu discloses in claim 1, further Liu discloses,
the response received from the second network node and a correct response which is received in the authentication configuration response from the third network node or calculated at the first network node; and determining that the UE (275) is successfully authenticated or not based on the comparison (¶ 0090-0091,106-0107, fig. 10, 13, step 5, sends the authentication response to AMF element 314 (S5). AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element 314).
Regarding claim 5, Liu discloses in claim 1, further Liu discloses, wherein the first authentication request and the first authentication response are generated according to a first authentication framework (fig. 10, step S2-3, ¶ 0089, fig. 13, , step S2-3, ¶ 0105, AMF element 314 then sends the authentication request to AUSF element 310 (S2) and inserts the encrypted subset of NAS protocol IEs in the authentication request, along with other information. AUSF element 310 then sends the authentication request to UDM element 312 (S3).), and the second authentication request and the second authentication response are generated according to a second authentication framework different from the first authentication framework (¶ 0091, AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element 314 (S7). AMF element 314 formats or generates another authentication request i.e., Nausf_UEAuthentication_Authenticate Request, and inserts the response token from UE 110 in the authentication request, along with other information. AMF element 314 then sends the authentication request to AUSF element 310 (S8). AUSF element 310 verifies whether the response token from UE 110 matches an expected response token, and sends an authentication response i.e., Nausf_UEAuthentication_Authenticate Response to AMF element 314 indicating success/failure of the authentication).
Regarding claim 6, Liu discloses in claim 1, further Liu discloses, wherein the first authentication framework is 5th Generation - Authentication and Key Agreement (5G-AKA) or Extensible Authentication Protocol -Authentication and Key Agreement (EAP-AKA'), and the second authentication framework is a Lightweight Directory Access Protocol (LDAP)-based framework (¶ 0081, 0088, authentication procedure to authenticate UE 110 (step 908). The authentication procedure e.g., Authentication and Key Agreement (AKA) is used to perform mutual authentication and NAS protocol IEs may consist of a 5G).
Regarding claim 7, Liu discloses in claim 1, further Liu discloses,
generating the authentication configuration request from the first authentication request (¶ 0088-0089, UE 110 may also insert other information in the initial registration request, such as the SUCI generated b.sub.y UE 110. In this example, UE 110 encrypts the subset of NAS protocol IEs using the HPLMN public key, and sends the initial registration request to AMF element 314 (S1). The protection scheme and public key identifier used for encryption is the same as the protection scheme and public key identifier indicated in the SUCI. However, as was described above, encryption of the subset of NAS protocol IEs using the HPLMN public key is optional. If the protection scheme of SUCI is NULL, then the subset of NAS protocol IEs is not encrypted).
Regarding claim 8, Liu discloses in claim 1, further Liu discloses, transmitting, to the third network node, an authentication result confirmation request indicating the result of the authentication for the UE; and receiving, from the third network node (240, 290), an authentication result confirmation response acknowledging the result of the authentication for the UE (¶ 0091-0092, AMF element 314 formats or generates another authentication request (i.e., Nausf_UEAuthentication_Authenticate Request), and inserts the response token from UE 110 in the authentication request, along with other information. AMF element 314 then sends the authentication request to AUSF element 310 (S8). AUSF element 310 verifies whether the response token from UE 110 matches an expected response token, and sends an authentication response i.e., Nausf_UEAuthentication_Authenticate Response) to AMF element 314 indicating success/failure of the authentication.).
Regarding claims 12, 18, Liu discloses in claim 1, further Liu discloses, a first network node (fig. 7), comprising: a processor (730); a memory (732) storing instructions (710) which, when executed by the processor (706), enables the first network node to perform the method of claim 1 (¶ 0066, 0068).
Regarding claims 17, 19, Liu discloses in claim 1, further Liu discloses, a first network node (fig. 7), comprising: a processor (730); a memory (732) storing instructions (710) which, when executed by the processor (706), enables the first network node to perform the method of claim 1 (¶ 0066, 0068).
Regarding claim 13, Liu discloses in claim 1, further Liu discloses, a method at a second network node in a second network for jointly authenticating a user equipment (UE) in a first network and the second network, the method comprising (abstract, fig. 4, 10, 13 and 21):
receiving, from a fourth network node in the first network, a registration request for the UE (¶ 0088, UE 110 encrypts the subset of NAS protocol IEs using the HPLMN public key, and sends the initial registration request via RAN 120 to AMF element 314 (S1).);
transmitting, to a first network node in the first network, a first authentication request for the UE (fig. 10, step S2-3, ¶ 0089, fig. 13, , step S2-3, ¶ 0105, AMF element 314 then sends the authentication request to AUSF element 310 (S2) and inserts the encrypted subset of NAS protocol IEs in the authentication request, along with other information. AUSF element 310 then sends the authentication request to UDM element 312 (S3).);
receiving, from the first network node, a first authentication response indicating whether the UE is successfully authenticated or not based on a result of the determination (¶ 0090, 0106, In response to the authentication request, UDM element 312 decrypts the subset of NAS protocol IEs using the HPLMN private key i.e., using the information according to the protection scheme selected for SUCI so that the subset of NAS protocol IEs are readable. UDM element 312 also hosts functions related to the Authentication Credential Repository and Processing Function, which selects an authentication method and computes the authentication data and keying materials e.g., tokens for the AUSF element 310. UDM element 312 formats or generates an authentication response i.e., Nudm_UEAuthentication Get Response, and inserts the decrypted subset of NAS protocol IEs, the authentication vector (AV), and other information in the authentication response and AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element); and
transmitting, to the fourth network node, a registration response at least partially based on the first authentication response received from the first network node (¶ 0090-0091,106-0107, fig. 10, 13, step 5, sends the authentication response to AMF element 314 (S5). AMF element 314 is configured to perform an authentication procedure with UE 110 using information provided by UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 attempts to validate the authentication token. If successful, UE 110 computes a response token, and sends an authentication response with the response token, which is received by AMF element 314).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 9-11, 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Liu (20230292121) in view of Gundavelli et al (20240314559).
Regarding claims 9, 15, Liu discloses in claim 1, further Liu discloses, wherein the first network node (310/312, fig. 10), the second network node is an Access and Mobility Management Function ((310/312, fig. 10)/Security Anchor Function (SEAF), and the third network node is an LDAP server in the first network (318, ¶ 0058).
Regarding claim 10, 16, Liu discloses in claim 1, further Liu discloses, wherein the first network node (310/312, fig. 10), the second network node (314, fig. 10) is an Access and Mobility Management Function (AMF, fig. 10)/Security Anchor Function (SEAF), and the third network node is a Unified Data Management in the second network (312. fig. 3, ¶ 0060).
Regarding claim 11, 16, Liu discloses in claim 1, further Liu discloses, wherein the first network, and the second network is a network operated by a Mobile Network Operator (fig. 10).
Liu does not specifically disclose, a node in the private network operated by an enterprise.
In the same field of endeavor, Gundavelli et al discloses, a node in the private network operated by an enterprise (¶ 0013-0017, UE that has completed secondary authentication on an MNO/SP network and then later roams into an enterprise private WWA access network operated by an enterprise entity e.g., any combination of a private 4G/Long Term Evolution (4G/LTE), 5G, nG, and/or Citizen Broadband Radio Service (CBRS) access network operated by the enterprise entity). Such subsequent authentication to the enterprise private WWA access network following secondary authentication performed via the MNO/SP domain can be characterized as a ‘fast roaming’ event for the UE transitioning into the enterprise private wireless wide a, as opposed to an initial authentication that would otherwise involve a complete authentication message exchange and key generation between the UE and the enterprise domain.). Therefore, before the effective filing date of the claim invention, it would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the device of Liu by specifically adding feature in order to enhance system performance to the method enables facilitating roaming between different networks in an efficient manner. The method enables allowing a user equipment (UE) to communicate with the network equipment (NEE) in an effective manner, so that the user equipment can access the network resources of the network in a reliable manner as taught by Gundavelli et al.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHAWAR IQBAL whose telephone number is (571)272-7909. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong Hu can be reached at 5712723965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHAWAR IQBAL/Primary Examiner, Art Unit 2643