DETAILED ACTION
This office action is in response to the correspondence filed on 11/24/2025. This application is a 371 National Stage of PCT/EP2021/081267 and has a foreign application EP21382858.5 filed 09/24/2021. Claims 57-75 are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claims 57, 64, 72, and 74 have been considered. The following are the applicant arguments recited in the Remarks followed by Examiner's response:
Applicant argues that Borovikov fails to disclose or suggest is "at least one of a session management function and access mobility management function operating in a communications system... Borovikov explicitly discloses that the mobile device determines trusted wireless access points. (Remarks, pg. 12-13)
Examiner respectfully disagrees. Not only that the mobile device in Borovikov is capable of performing the access mobility management function detailed in the body of the claim and as mapped to Borovikov in the Non-Final Office Action; merely alleging that the prior art is not capable of a named function without adding specific details of what the Applicant means by “a session management function and access mobility management function” that is distinctive from what is already stated in the claim does not help to distinguish the instant application from the prior art.
Examiner encourages applicant to further amend the claims to distinguish the invention and clarify the difference with support by the specification.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 57-62, 64-69, and 72-75 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Borovikov et al. (US Pat No. 9,742,769 B2, referred to as Borovikov).
Regarding claims 57 and 72, taking claim 57 as exemplary, Borovikov anticipates,
57. A computer-implemented method, performed by a first node, for handling security, the first node beinq at least one of a session management function and access mobility management function operating in a communications system, the method comprising: (Borovikov: Coln. 1, ls. 64-67; determining on the mobile device (first node that is capable of access mobility management) requesting a connection trusted wireless access points that are acceptable for establishing the connection to the network.)
determining, out of one or more second nodes operating in the communications system, which one or more selected second nodes fulfil one or more security criteria to handle data, the determining being based on a respective first indication indicating one or more respective characteristics of a respective security infrastructure of the one or more selected second nodes; and (Borovikov: Claim 8; identify one or more wireless access points (second node) available to connect to a network to access a data hosted on a computer in the network; calculate an access point coefficient for each of the one or more identified wireless access points based on values representing a plurality of access point characteristics and further based on significance factors corresponding to the access point characteristics, wherein the plurality of access point characteristics include at least one of a period of operation of each of the one or more wireless access points, an existence of security incidents for each of the one or more wireless access points, a trust level for each of the one or more wireless access points, and a frequency of changing setup parameters of each of the one or more wireless access points; and calculate a network resource coefficient for the data hosted on the computer based on values representing a plurality of network resource characteristics and further based on significance factors corresponding to the network resource characteristics, wherein the plurality of network resource characteristics include network security requirements and authentication requirements to access the data; compare each calculated access point coefficient to the calculated network resource coefficient; determine based on the comparison of each calculated access point coefficient to the calculated network resource coefficient, at least one trusted wireless access point of the one or more identified wireless access points that is acceptable (fulfill) for establishing a connection to access the data (handle data) hosted on the computer in the network responsive to the calculated access point coefficient of the trusted wireless access point being equal to or greater than the calculated network resource coefficient;)
sending a request to establish a connection to one of the selected second nodes. (Borovikov: Claim 8; establish a connection to the network via the trusted wireless access points to access the data hosted on the computer.)
Regarding claims 58, 65, 73, and 75, taking claim 58 as exemplary, Borovikov anticipates,
58. The computer-implemented method according to claim 57, wherein the one or more respective characteristics indicate whether or not a respective second node is capable of at least one of:
booting into a defined and trusted configuration;
storing cryptographically secure information; (Borovikov: Coln. 2, ls. 15-17; a control scheme for encryption keys, a network protection technology… (manage encrypted information).)
providing memory isolation;
providing secure input and output; (Borovikov: Coln. 2, ls. 15-17; a control scheme for encryption keys, a network protection technology… (manage encrypted/secure information).)
computing hashes of information; and
enabling remote attestation.
Regarding claims 59 and 66, taking claim 59 as exemplary, Borovikov anticipates,
59. The computer-implemented method according to claim 57, wherein each of the one or more respective characteristics are attributes indicated in an information element (IE) comprised in a respective profile corresponding to the one or more second nodes. (Borovikov: Coln. 4, ls. 24-26; access point may be connected to the Internet service provider 102 using one of the standard methods: ADSL or 3G technology, or the Fast Ethernet local-area network (corresponding IE used in the protocol).)
Regarding claim 60, Borovikov anticipates,
60. The computer-implemented method according to claim 57 wherein the method further comprises:
sending a previous indication to a third node operating in the communications system, the previous indication requesting to indicate the one or more respective characteristics of the respective security infrastructure of the respective one or more second nodes; and (Borovikov: Fig. 3; Coln. 7, ls. 44-48; a database 303 (third node) may be used to store the information (store information sent to the database) on the characteristics of the access points (second nodes) to which a previous connection was made and to store the required characteristics of the network resource 105.)
obtaining the respective first indication from the third node based on the sent previous indication. (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 (obtaining from the database the information which contains the characteristics of the access points/second nodes) to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points.)
Regarding claim 61, Borovikov anticipates,
61. The computer-implemented method according to claim 60, wherein the respective first indication is comprised in a message, the message further comprises a list, and wherein one of:
the list indicates the one or more selected second nodes fulfilling the one or more security criteria, as selected by the third node; and (Borovikov: Fig. 3; Coln. 7, ls. 44-48; a database 303 may be used to store the information (store a list) on the characteristics of the access points (second nodes) to which a previous connection was made and to store the required characteristics of the network resource 105 (third node).)
the list indicates the one or more second nodes, and (Borovikov: Fig. 3; Coln. 7, ls. 44-48;) the determining comprises selecting the one or more selected second nodes from the list, based on the obtained respective first indication. (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points.)
Regarding claim 62, Borovikov anticipates,
62. The computer-implemented method according to claim 60, and wherein the method further comprises:
selecting a subset of the selected second nodes, or out of the one or more second nodes, based on one or more additional criteria, and (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points (selecting a subset of the selected access points/second nodes).) wherein the request to establish the connection is sent to at least one of one of the selected second nodes comprised in the subset. (Borovikov: Claim 8; establish a connection to the network via the trusted wireless access points to access the data hosted on the computer.)
Regarding claims 64 and 74, taking claim 64 as exemplary, Borovikov anticipates,
64. A computer-implemented method, performed by a third node, for handling security, the third node operating in a communications system, the method comprising: (Borovikov: Fig. 3; Coln. 7, ls. 44; database 303 (third node).)
receiving a previous indication from a first node operating in the communications system, the first node being at least one of a session management function and access mobility management function and the previous indication requesting to indicate one or more respective characteristics of a respective security infrastructure of respective one or more second nodes operating in the communications system; and (Borovikov: Fig. 3; device 100 (first node is capable of access mobility management); Coln. 7, ls. 44-48; a database 303 may be used to store the information (store received information) on the characteristics of the access points (second nodes) to which a previous connection was made and to store the required characteristics of the network resource 105.)
sending a respective first indication to the first node, based on the received previous indication, the respective first indication indicating one or more respective characteristics of a respective security infrastructure of the one or more second nodes. (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 (database sends the requested information which contains the characteristics of the access points/second nodes) to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points (this information is used by the first node.).)
Regarding claim 67, Borovikov anticipates,
67. The computer-implemented method according to claim 64, wherein the respective first indication is comprised in a message, the message further comprising a list comprising the one or more second nodes. (Borovikov: Fig. 3; Coln. 7, ls. 44-48; a database 303 may be used to store the information (store a list) on the characteristics of the access points (second nodes) to which a previous connection was made and to store the required characteristics of the network resource 105.)
Regarding claim 68, Borovikov anticipates,
68. The computer-implemented method according to claim 64, wherein the respective first indication is comprised in a message, wherein the method further comprises:
selecting one or more selected second nodes fulfilling one or more security criteria indicated in the previous indication, and wherein the one or more selected second nodes are comprised in a list comprised in the message. (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points.)
Regarding claim 69, Borovikov anticipates,
69. The computer-implemented method according to claim 64, wherein the method further comprises:
receiving a respective first message indicating a respective first indication from the respective one or more second nodes, the respective first indication indicating one or more respective characteristics of a respective security infrastructure of the respective one or more second nodes. (Borovikov: Fig. 3; Coln. 7, ls. 44-48; a database 303 may be used to store the information (store information received by the database) on the characteristics of the access points (second nodes) to which a previous connection was made and to store the required characteristics of the network resource 105.)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 63, and 70-71 are rejected under 35 U.S.C. 103 as being unpatentable over Borovikov, in view of Frank et al. (US Pub No. 2023/0146465 A1, referred to as Frank).
Regarding claims 63 and 71, taking claim 63 as exemplary, Borovikov discloses,
63. The computer-implemented method according to claim 57,
Borovikov discloses,
wherein the communications system is a …[3G] network, (Borovikov: Coln. 4, ls. 24-26; access point may be connected to the Internet service provider 102 using one of the standard methods: ADSL or 3G technology, or the Fast Ethernet local-area network (corresponding IE used in the protocol).) and wherein at least one of:
the first node is a first network function; (Borovikov: Coln. 1, ls. 64-67; determining on the mobile device (first node/first network function) requesting a connection trusted wireless access points that are acceptable for establishing the connection to the network.)
the one or more second nodes are second network functions; and (Borovikov: Coln. 1, ls. 64-67; determining on the mobile device requesting a connection trusted wireless access points (second node/second network function) that are acceptable for establishing the connection to the network.)
the third node is a network repository function. (Borovikov: Fig. 3; Coln. 7, ls. 44; database 303 (third node/repository function).)
Borovikov does not explicitly disclose, however Frank teaches,
…the communications system is a Fifth Generation, 5G, network, (Frank: [0047]; the various access points 60, 61 may also be addressed by different access technologies (e.g., WLAN, 5G, wired).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Frank into the combination of Borovikov and with a motivation to make a simple substitution of one known element for another to obtain predictable results, i.e. 5G for 3G.
Regarding claim 70, Borovikov discloses,
70. The computer-implemented method according to claim 69, wherein the method further comprises:
Borovikov discloses,
…wherein the sent respective first indication is based on the received …respective first indication. (Borovikov: Fig. 3; Coln. 7, ls. 48-50; the control module 301 uses the database 303 (database sends the requested information which contains the characteristics of the access points/second nodes) to obtain the characteristics of the available access points 101 and the required characteristics of the network resources 105. ls. 54-56; device 100 may select to use the wireless access point with the highest coefficient of all available access points (this information is used by the first node.).)
Borovikov does not explicitly disclose, however Frank teaches,
receiving an updated respective first message indicating an updated respective first indication from at least one of the respective one or more second nodes, and… (Frank: [0010]; a change in the access point (second nodes) or in the virtual network, which requires a new onboarding including a re-transmitted configuration file to the device (updated indication).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Frank into the teachings of Borovikov with a motivation to keep on-to-date information of access points and ensure security by providing updated the access point configuration information when it is changed.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Liu; Yong et al. US-PGPUB US 20160149901 A1 Method for enabling service-configurable wireless connections
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569. The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KA SHAN CHOY/Primary Examiner, Art Unit 2435