Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
Claims 1-15 are subject to examination.
Priority
The claimed foreign priority (KOREA, REPUBLIC OF 10-2021-0106944 08/12/2021) in this application under 35 U.S.C. 119(a)-(d) or (f), is acknowledged.
The claimed priority of PCT (371 of PCT/KR2022/012011 08/11/2022) in this application under 35 U.S.C. 371, is acknowledged.
Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because it contains phrases that could be implied. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
Drawings
The figures submitted on the filing date of this application are acknowledged.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5, 7-11, 13-15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wu et al., CN 110121168 A in view of YOO et al., WO 2020067813 A1.
Referring to claim(s) 1, Wu substantially discloses a method performed by a device in a wireless network system, the method comprising: (
CU covers high layer protocol stack of wireless access network and core network of a part of functions, 2nd para, page 13, CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, 10th para, page 17, CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key, 11th para, page 17
identifying protection key generation information of the device (
The algorithm to generate the key of key derivation function may be selected (Key DerivationFunction, KDF) or HMAC-SHA256 algorithm, but is not limited to this. the algorithm parameter brought to the generation key to be used to generate the key, 3rd last para, page 17, the key generating parameter comprises one or more of the following: an instance identifier, CU-UP identifier, DUs identifier, data bearer identifier, the bearer identifier, flow identifier, session identifier, section identifier, a medium access control MAC layer identifier, radio resource control RRC signaling counter, frequency point identifier, cell identifier, fresh parameter, user plane integrity protective algorithm type mark length CU-UP, the user plane integrity protective algorithm type mark length of CU-CP, user plane encryption protection type mark length of CU-UP, a user plane encryption protection type mark length of CU-CP. 1st para, page 11.
generating, by a central unit-control plane (CU-CP) or a central unit-user plane (CU-UP) included in the device, a user plane protection key including at least one of a first protection key for integrity protection (
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17
CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. last fourth para, page 17
of at least one data or signaling transmitted and received in a user plane (
if the corresponding CU-UP is a session establishment process, it may be user plane encrypting protection key and user plane integrity protection key is based on session granularity, different user plane protection key of two session, i.e. different encryption key of one session and another session, and the integrity protection key are different. if CU-UP is corresponding to bearer establishment procedures, such as bear or DRB, possible user plane encrypting protection key and user plane integrity protection key is bearing the granularity, different user plane protection key of two loading, i.e. different encryption key of one bearing and another bearing, at the same time, integrity protection key are different. Last fourth para, page 19.
transmitting, to a user equipment (UE), protection key generation information of the UE for generating the user plane protection key (
after receiving the security negotiation information by the terminal, according to the integrity protection algorithm and ciphering protection algorithm of the CU-UP, generating the corresponding integrity protection key for encrypting protection key and the CU-UP CU-UP. 4th para, page 22
Note: the receiving and the generating the corresponding integrity protection key includes the transmitting for corresponding key at the terminal
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17, generating protection key, comprising the integrity protection key and encryption key, and has the capability negotiation and terminal so as to realize the control plane and user plane security decoupling last fifth para, page 22,
CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. Last fourth para, page 17
The algorithm to generate the key of key derivation function may be selected (Key DerivationFunction, KDF) or HMAC-SHA256 algorithm, but is not limited to this. the algorithm parameter brought to the generation key to be used to generate the key, 3rd last par, page 17
and applying the user plane protection key to the at least one data or signaling transmitted and received in the UE (terminal) and the user plane.
(
if the corresponding CU-UP is a session establishment process, it may be user plane encrypting protection key and user plane integrity protection key is based on session granularity, different user plane protection key of two session, 10th para page 19. Note: Since the user plane protection key protects communication with the user plane and the session with the UE/terminal would be secure using the user plane integrity protection key).
after the terminal sends the first session establishment request to the SMF, starting the integrity protection of the terminal according to the integrity protection indication identity of the CU-UP. 5th para, page 3
Wu does not specifically mention about, which is well-known in the art, which YOO discloses, base station (identifying information on a radio link of a cell associated with a base station. Information indicating downlink transmission stop or resume of a central unit-user plane (CU-UP) included in the base station is transmitted to the CU-UP) based on the information on the radio link, abstract,
Method For Performing Dual-connectivity Of Central Unit-user Plane In Base Station In Wireless Communication System, title).
PNG
media_image1.png
692
740
media_image1.png
Greyscale
PNG
media_image2.png
170
1115
media_image2.png
Greyscale
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the base station. A base station represents an access point for a wireless device to communicate within its coverage area. It connects the device to other networks or devices through a dedicated connection. Base stations have a transceiver, for sending and receiving wireless signals. Hence, the base station would enable a UE to communicate with the CU-CP using a path via the base station for secure communication, para 20.
Referring to claim 13, Yoo discloses a base station (BS) performing in a wireless network system, the BS comprising: a transceiver; and at least one processor, abstract, para 20, figure 3.
Further, the apparatus (BS) of claims is similarly analyzed and rejected for the same rationale as the method claim 1.
Referring to claim 2, Wu discloses, the protection key generation information of the device comprises at least one of a root key, an algorithm type distinguisher indicating a type of the user plane protection key, identification information of an algorithm for generating the protection key, or identification information of the user plane protection key (
integrity protection algorithm ID , encryption protection algorithm ID , integrity protection algorithm ID , encryption protection algorithm ID , para 12, page 15)
the identification information of the user plane protection key comprises at least one of an index value of the protection key, a random value, identification information of a protocol data unit (PDU) session, information of a data radio bearer (DRB), or identification information of the CU-UP (
the key generating parameter comprises one or more of the following: an instance identifier, CU-UP identifier, DUs identifier, session identifier, section identifier, user plane integrity protective algorithm type mark length CU-UP, the user plane integrity protective algorithm type mark length of CU-CP, user plane encryption protection type mark length of CU-UP, a user plane encryption protection type mark length of CU-CP. 2nd para, page 10.
YOO discloses BS, fig. 3.
Referring to claim 9, Yoo discloses a base station (BS) as rejected above. Further, the method of claim 9 is similarly analyzed and rejected for the same rationale as the method claim 2. Wu also discloses, the protection key generation information of the UE is generated based on the protection key generation information of the device, similar to claim 1 (
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17, generating protection key, comprising the integrity protection key and encryption key, and has the capability negotiation and terminal so as to realize the control plane and user plane security decoupling last fifth para, page 22, CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. Last fourth para, page 17, The algorithm to generate the key of key derivation function may be selected (Key DerivationFunction, KDF) or HMAC-SHA256 algorithm, but is not limited to this. the algorithm parameter brought to the generation key to be used to generate the key, 3rd last par, page 17).
Referring to claim 14, the apparatus (BS) of claims is similarly analyzed and rejected for the same rationale as the method claim 2.
Referring to claim 3, Wu discloses, generating the protection key, generation information of the UE based on the protection key generation information of the device, wherein the protection key generation information of the UE comprises at least one of a root key, an algorithm type distinguisher indicating a type of the user plane protection key, identification information of an algorithm for generating the protection key, or identification information of the user plane protection key (
integrity protection algorithm ID , encryption protection algorithm ID , integrity protection algorithm ID , encryption protection algorithm ID , para 12, page 15).
YOO discloses BS, fig. 3.
Referring to claim 8, Yoo discloses a base station (BS) as rejected above. Further, the method of claim 8 is similarly analyzed and rejected for the same rationale as the method claim 3.
Referring to claim 15, the apparatus (BS) of claims is similarly analyzed and rejected for the same rationale as the method claim 3.
Referring to claim 4, Wu discloses, generating, by the CU-CP, the user plane protection key based on the protection key generation information of the device (as cited in claim 1); and transmitting, by the CU-CP, the user plane protection key to the CU-UP (
Optionally, the method further comprises: the CU-CP according to the key generating parameter to generate UP user plane integrity protection key of the CU -. Alternatively, the CU-CP integrity protection key according to the key generating parameter to generate a CU-UP UE, it further comprises: the CU-CP sends user plane integrity protection key of the CU-UP-UP to the CU. Alternatively, the security negotiation information further comprises an encryption protection indication identity of the CU-UP. Optionally, the method further comprises: the CU-CP according to the key generating parameter to generate UP user plane encrypting protection key of the CU -. Optionally, the method further comprises: the CU-CP sends user plane encryption protective key of the CU-UP-UP to the CU. Optionally, the method further comprises: the CU-CP generating the base key; the CU-CP the base key sent to the CU-UP, para 2-10, page 8.
YOO discloses BS, fig. 3
Referring to claim 10, the method of claim 10 is similarly analyzed and rejected for the same rationale as the method claim 4.
Referring to claim 5, Wu discloses, transmitting, by the CU-CP, the protection key generation information of the device to the CU-UP (as cited in claim 4); and generating, by the CU-UP, the user plane protection key based on the protection key generation information of the device (according to the (same) integrity protection algorithm generating of the corresponding key, second last para - fourth last para, page 19, 4th para, page 22). YOO discloses BS, fig. 3
Referring to claim 11, the method of claim 11 is similarly analyzed and rejected for the same rationale as the method claim 5.
Referring to claim(s) 7, Wu substantially discloses a method performed by a user equipment (UE) in a wireless network system, the method comprising: (
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17
CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. last fourth para, page 17
CU covers high layer protocol stack of wireless access network and core network of a part of functions, 2nd para, page 13, CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, 10th para, page 17, CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key, 11th para, page 17
receiving, from a device, protection key generation information of the UE for generating a user plane protection key generated by the device based on protection key generation information of the device
(
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17
CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. last fourth para, page 17
The algorithm to generate the key of key derivation function may be selected (Key DerivationFunction, KDF) or HMAC-SHA256 algorithm, but is not limited to this. the algorithm parameter brought to the generation key to be used to generate the key, 3rd last para, page 17, the key generating parameter comprises one or more of the following: an instance identifier, CU-UP identifier, DUs identifier, data bearer identifier, the bearer identifier, flow identifier, session identifier, section identifier, a medium access control MAC layer identifier, radio resource control RRC signaling counter, frequency point identifier, cell identifier, fresh parameter, user plane integrity protective algorithm type mark length CU-UP, the user plane integrity protective algorithm type mark length of CU-CP, user plane encryption protection type mark length of CU-UP, a user plane encryption protection type mark length of CU-CP. 1st para, page 11.
generating the user plane protection key including at least one of a first protection key for integrity protection of at least one data or signaling transmitted and received in a user plane, based on the protection key generation information of the UE (
after receiving the security negotiation information by the terminal, according to the integrity protection algorithm and ciphering protection algorithm of the CU-UP, generating the corresponding integrity protection key for encrypting protection key and the CU-UP CU-UP. 4th para, page 22
if the corresponding CU-UP is a session establishment process, it may be user plane encrypting protection key and user plane integrity protection key is based on session granularity, different user plane protection key of two session, i.e. different encryption key of one session and another session, and the integrity protection key are different. if CU-UP is corresponding to bearer establishment procedures, such as bear or DRB, possible user plane encrypting protection key and user plane integrity protection key is bearing the granularity, different user plane protection key of two loading, i.e. different encryption key of one bearing and another bearing, at the same time, integrity protection key are different. Last fourth para, page 19.
Note: the receiving and the generating the corresponding integrity protection key includes the transmitting for corresponding key at the terminal
CU-CP and terminal needs to generate key, specifically, generating the CU-UP user plane integrity protection key, user plane encrypting protection key CU-UP and the like, last fifth para, page 17, generating protection key, comprising the integrity protection key and encryption key, and has the capability negotiation and terminal so as to realize the control plane and user plane security decoupling last fifth para, page 22,
CU-CP and terminal may be based on the security key of the access network (Access Network, AN) (denoted as K-AN) generates integrity protection key and encryption key. Last fourth para, page 17
The algorithm to generate the key of key derivation function may be selected (Key DerivationFunction, KDF) or HMAC-SHA256 algorithm, but is not limited to this. the algorithm parameter brought to the generation key to be used to generate the key, 3rd last par, page 17
and applying the user plane protection key to the at least one data or signaling transmitted and received in the device and the user plane.
(
if the corresponding CU-UP is a session establishment process, it may be user plane encrypting protection key and user plane integrity protection key is based on session granularity, different user plane protection key of two session, 10th para page 19. Note: Since the user plane protection key protects communication with the user plane and the session with the UE/terminal would be secure using the user plane integrity protection key).
after the terminal sends the first session establishment request to the SMF, starting the integrity protection of the terminal according to the integrity protection indication identity of the CU-UP. 5th para, page 3
Wu does not specifically mention about, which is well-known in the art, which YOO discloses, base station (identifying information on a radio link of a cell associated with a base station. Information indicating downlink transmission stop or resume of a central unit-user plane (CU-UP) included in the base station is transmitted to the CU-UP) based on the information on the radio link, abstract,
Method For Performing Dual-connectivity Of Central Unit-user Plane In Base Station In Wireless Communication System, title).
PNG
media_image1.png
692
740
media_image1.png
Greyscale
PNG
media_image2.png
170
1115
media_image2.png
Greyscale
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the base station. A base station represents an access point for a wireless device to communicate within its coverage area. It connects the device to other networks or devices through a dedicated connection. Base stations have a transceiver, for sending and receiving wireless signals. Hence, the base station would enable a UE to communicate with the CU-CP using a path via the base station for secure communication, para 20.
Claim(s) 6, 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wu in view of YOO, CHALLA et al., 20210120484 and Li et al., 10798578.
Referring to claim 6, YOO discloses the device being BS as rejected above. Wu discloses receiving, from the UE, a PDU session establishment request;
(the terminal sending first session establishing request, Session Establishment Request PDU, PDU Session ID, para 3, page 3, and transmitting, to a device, a PDU session establishment response based on the PDU session establishment request (PEU sessions including old PDU session ID includes session after the response for the old/previous session, para 3, page 3, para 13, page 26). Wu and Yoo do not disclose, which Challa discloses transmitting, to the UE, a PDU session establishment response based on the PDU session establishment request, wherein the PDU session establishment response comprises the protection key generation information of the UE, abstract.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the response with the information of the UE. Since, Wu sends the request to obtain the key generation information of the UE, the response to it that is disclosed by Challa would provide the requested information using PDU session. The received information would enable generation of a key that would be used for encryption of data that is communicated for security, abstract.
Wu, Challa and Yoo do not disclose, which Li discloses wherein the protection key generation information of the device is identified based on at least one of the PDU session establishment request, device configuration information, or information about a PDU session (
(14) Optionally, the user plane integrity protection algorithm allowed by the base station is a user plane integrity protection algorithm sorted based on a priority, so that a better target user plane integrity protection algorithm on the base station side can be selected. Alternatively, optionally, the user plane integrity protection algorithm supported by the terminal device is a user plane integrity protection algorithm sorted based on a priority, so that a better target user plane integrity protection algorithm on the terminal device side can be selected, determining, by the base station, the target user plane integrity protection algorithm based on the user plane integrity protection algorithm allowed by the base station, Col., 3, lines 39 - 43
the determined target user plane integrity protection algorithm can match the security capability of the terminal device and the security capability of the base station col., 3, lines 33-36
before the sending, by the base station, a target user plane integrity protection algorithm to the terminal device, the method further includes: receiving, by the base station, quality of service of a current session of the terminal device from an SMF entity, and allocating, by the base station, a target data radio bearer to the terminal device based on at least one of the security policy and the quality of service, col., 3, lines 26-30)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing selection of algorithm/information based on the PDU session establishment request, device configuration information, or information about a PDU session. Since, Wu sends the request to obtain the key generation information of the UE, the selection of algorithm/information that is disclosed by Li would provide the requested information. The received information such as an algorithm would enable generation of a key that would be used for encryption of data that is communicated using a better security algorithm that matches the security capability of the device, Col., 3, lines 26 – 43.
Referring to claim 12, Wu discloses transmitting, to the device, a PDU session establishment request (the terminal sending first session establishing request, Session Establishment Request PDU, PDU Session ID, para 3, page 3, PEU sessions including old PDU session ID includes session after the response for the old/previous session, para 3, page 3, para 13, page 26). Yoo discloses BS as rejected above. Wu and Yoo do not disclose, which Challa discloses receiving, from the BS, a PDU session establishment response based on the PDU session establishment request, wherein the PDU session establishment response comprises the protection key generation information of the UE, abstract.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the response with the information of the UE. Since, Wu sends the request to obtain the key generation information of the UE, the response to it that is disclosed by Challa would provide the requested information using PDU session. The received information would enable generation of a key that would be used for encryption of data that is communicated for security, abstract.
Wu, Challa and Yoo do not disclose, which Li discloses wherein the protection key generation information of the device is identified based on at least one of the PDU session establishment request, device configuration information, or information about a PDU session (
(14) Optionally, the user plane integrity protection algorithm allowed by the base station is a user plane integrity protection algorithm sorted based on a priority, so that a better target user plane integrity protection algorithm on the base station side can be selected. Alternatively, optionally, the user plane integrity protection algorithm supported by the terminal device is a user plane integrity protection algorithm sorted based on a priority, so that a better target user plane integrity protection algorithm on the terminal device side can be selected, determining, by the base station, the target user plane integrity protection algorithm based on the user plane integrity protection algorithm allowed by the base station, Col., 3, lines 39 - 43
the determined target user plane integrity protection algorithm can match the security capability of the terminal device and the security capability of the base station col., 3, lines 33-36
before the sending, by the base station, a target user plane integrity protection algorithm to the terminal device, the method further includes: receiving, by the base station, quality of service of a current session of the terminal device from an SMF entity, and allocating, by the base station, a target data radio bearer to the terminal device based on at least one of the security policy and the quality of service, col., 3, lines 26-30)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Wu to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing selection of algorithm/information based on the PDU session establishment request, device configuration information, or information about a PDU session. Since, Wu sends the request to obtain the key generation information of the UE, the selection of algorithm/information that is disclosed by Li would provide the requested information. The received information such as an algorithm would enable generation of a key that would be used for encryption of data that is communicated using a better security algorithm that matches the security capability of the device, Col., 3, lines 26 – 43.
Conclusion
Pertinent References: Huawei, Lenovo, Motorola Mobility, "Correction on support of Pre-shared key derivation for IAB-donor-CU-UP" (IDS 1/26/24).
PNG
media_image3.png
648
702
media_image3.png
Greyscale
Claims submitted dated 1/26/24 are in grey color. Applicant is requested to provide further responses using black color.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973. The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2496