SELF-PROVISIONING IN A PRIVATE CELLULAR ENTERPRISE NETWORK

§101 §102 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The Amendment filed November 3, 2025 has been entered. Claims 1-20 are pending in the application. Applicant has submitted amendments to the claims along with other remarks. Applicant’s amendments regarding the drawings have overcome the objection. Claims 1-20 are still rejected by prior art references, refer to the following rejection for details. Response to Arguments Applicant’s arguments and amendments, see pp. 9-12 of the response, filed November 3, 2025, with respect to the rejection(s) of claim(s) 1-20 under § 102 have been fully considered but are not persuasive. Applicant has made three amendments to the independent claims. These amendments are rejected under § 112(a) as specified below and are rejected under § 102 for the following reasons. Applicant has amended claim 1 to recite negative limitations under the assumption that Draznin requires a pre-provisioned profile, unlimited attach permissions, and the different transmit and receive infrastructure. Draznin does not require a pre-provisioned profile. For example, Draznin states that the subscription profile is optional. ([0064] Process 600 may include providing a profile configuration template . . . For example, user capability management function 210 may provide a subscription profile); ([0067] Process 600 may additionally include storing the subscription profiles). In [0019] Draznin recites only using a PEI for authentication. Further, Draznin discloses authorization through a private portal and not a data network (Private Network Portal 230). Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Applicant has introduced amendments to the claims without indicating where the original specification supported the subject matter. After reviewing the specification, it is unclear where support for these amendments is provided in the original specification. The MPEP provides that “[w]ith respect to newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims.” MPEP § 2163(II). As such, “Applicant has not pointed out where the new (or amended) claim is supported, nor does there appear to be a written description of the claim limitation ‘and that are not pre-provisioned with any subscription profile associated with the core enterprise network,’ ‘with only limited attach permissions that restrict the devices to a registration mode,’ and ‘using the same transmit and receive infrastructure of the private cellular network and without using a separate Wi-Fi or public data network’ in the application as filed.” See, e.g., Hyatt v. Dudas, 492 F.3d 1365, 1370, n.4, 83 USPQ2d 1373, 1376, n.4 (Fed. Cir. 2007). Aside from not indicating support for the elements listed above, Applicant has claimed negative limitations that are not supported by the original disclosure. “The mere absence of a positive recitation is not basis for an exclusion.” MPEP § 2173.05(i). (“Any negative limitation or exclusionary proviso must have basis in the original disclosure.”). As such, the claims are rejected under § 112(a). Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 6-10 and 16-20 are rejected under 35 U.S.C. 101 because the claimed invention lacks patentable utility. Applicant has amended claims 6, 9, 16, and 19 with language that is mutually exclusive, resulting in claim scope that lacks patentable utility. “To satisfy 35 U.S.C. 101, an invention must be ‘useful.’” MPEP § 2107.01(I). The Court of Customs and Patent Appeals has stated, “Practical utility is a shorthand way of attributing ‘real-world’ value to claimed subject matter. In other words, one skilled in the art can use a claimed discovery in a manner which provides some immediate benefit to the public.” Nelson v. Bowler, 626 F.2d 853, 856, 206 USPQ 881, 883 (CCPA 1980). Claims 6-8 and 16-18 are amended to recite, “generating within the core enterprise network and by an internal eSIM profile generator that is not associated with a mobile network operator (MNO).” A mobile network operator (MNO) is not defined in the specification. The broadest reasonable interpretation of an MNO would encompass a core enterprise network. Applicant has positively recited the narrower “core enterprise network” and negatively recited the broader “mobile network operator” such that the recited claim does not have an established scope, which cannot provide the public with a well-defined and particular benefit—as required by MPEP § 2107.01(I)(A). In other words, an Applicant cannot seek patent protection of an invention with claims without scope. Claims 9-10 and 19-20 are amended to recite, “generating at [sic] within the core enterprise network and by an authentication certificate generator distinct from any public network authentication service.” Any public network authorization service is not defined in the specification. The broadest reasonable interpretation of “any public network authorization service” would encompass a core enterprise network. Applicant has positively recited the narrower “core enterprise network” and negatively recited the broader “any public network authorization service” such that the recited claim does not have an established scope, which cannot provide the public with a well-defined and particular benefit—as required by MPEP § 2107.01(I)(A). In other words, an Applicant cannot seek patent protection of an invention with claims without scope. Therefore, 6-10 and 16-20 are rejected under § 101. To the extent that claims 6-10 and 16-20 do encompass claim scope, claims 6-10 and 16-20 continue to be rejected under the previous § 103 rejections. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-5 and 11-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Publication No. 2020/0366677 (hereinafter “Draznin”). Regarding claim 1, Draznin teaches: A method comprising: receiving at a core enterprise network of a private cellular network a device identifier from one or more devices that are to interact with the core enterprise network that do not include a Subscriber Identity Module (SIM) ([0019] Additionally, or alternatively, authentication proxy 122 may authenticate a particular customer device 180 based on a customer device identity, such as a Permanent Equipment Identifier (PEI).) and that are not pre-provisioned with any subscription profile associated with the core enterprise network ([0064] Process 600 may include providing a profile configuration template . . . For example, user capability management function 210 may provide a subscription profile); based on the device identifier, attaching the one or more devices to the core enterprise network ([0060] FIG. 5 illustrates communications for network attachment by a customer device after provisioning, according to implementations described herein. [0061] As shown in FIG. 5, customer device 180-1 may submit a connection request 502 to access device 120. For example, customer device 180-1 may send a radio resource control (RRC) Connection Request message to access device 120 using a shared spectrum. Authentication proxy 122 of access device 120 may access a subscription profile cache (e.g., corresponding to retrieved subscription profiles 424) and determine that customer device 180-1 is registered with private network 115. Authentication proxy 122 may perform a local authentication 506 for customer device 180-1 (e.g., without relying on communications with core network 204) using the subscription profile information.) with only limited attach permissions that restrict the devices to a registration mode ([0033] Exposure function 220 may expose capabilities and features of provider network 125 (or particularly core network 204) to customer devices 180 based on instructions); subsequent to attaching the one or more devices to the core enterprise network, providing to the one or more devices a limited access portal that is configured to receive one or more user authentication credentials from the one or more devices ([0065] Process 600 may include providing a profile configuration template (block 610) and receiving provisioning parameters for end devices in a private network (block 620). For example, user capability management function 210 may provide a subscription profile form to a registered user via private network portal 230. Using the subscription profile form, the user may provide structured input for subscription profile for multiple customer devices 180. User capability management function 210 may receive the user input via private network portal 230.) using the same transmit and receive infrastructure of the private cellular network and without using a separate Wi-Fi or public data network (Private Network Portal 230); receiving from the one or more devices the one or more user authentication credentials ([0034] Access to data and/or services via private network portal 230 may be restricted, for example, to users with registered accounts and secure passwords (or other credentials). [0070] Process 700 may further include retrieving a corresponding subscription profile for the end device (block 730), and authenticating the end device based on the retrieved subscription profile (block 740). For example, in response to a connection request, authentication proxy 122 executing on access device 120 may retrieve a subscription profile for the corresponding customer device 180 and user information from the subscription profile to authenticate the customer device 180.); authenticating the one or more user authentication credentials ([0070] For example, in response to a connection request, authentication proxy 122 executing on access device 120 may retrieve a subscription profile for the corresponding customer device 180 and user information from the subscription profile to authenticate the customer device 180.); and providing full access to network services of the core enterprise network to the one or more devices when the one or more user authentication credentials are authenticated by the core enterprise network, wherein the interactions between the core enterprise network and the one or more devices are done using a transmit and receive infrastructure of the private cellular network ([0072] If the end device is authenticated (block 740—Yes), process 700 may include determining if the end device requires a mobility connection (block 760). For example, if authentication proxy 122 finds a subscription profile for the customer device 180 and authenticates customer device 180, authentication proxy 122 may determine (e.g., based on the subscription profile) whether customer device 180 is provisioned for private network access or public network access.). Regarding claim 2, Draznin inherently teaches: linking the device identifier to the one or more user authentication credentials; and automatically providing full access to the network services based on the linking when the one or more devices disconnect from and then subsequently are attached again to the core enterprise network (linking a device identifier to one or more user authentication credentials (Draznin teaches these elements inherently via 24.501 v17.7.1 - 4.4.2.6, Change of security keys: “When the AMF initiates a re-authentication to create a new 5G NAS security context, the messages exchanged during the authentication procedure are integrity protected and ciphered using the current 5G NAS security context, if any. Both UE and AMF shall continue to use the current 5G NAS security context, until . . . .”). Regarding claim 3, Draznin teaches: wherein the device identifier includes an International Mobile Equipment Identity (IMEI) (Additionally, or alternatively, authentication proxy 122 may authenticate a particular customer device 180 based on a customer device identity, such as a Permanent Equipment Identifier (PEI).). Regarding claim 4, Draznin teaches: wherein the one or more user authentication credentials include one or more of an email address, a username, a password, or a network authentication certificate ([0034] Access to data and/or services via private network portal 230 may be restricted, for example, to users with registered accounts and secure passwords (or other credentials).). Regarding claim 5, Draznin teaches: wherein the transmit and receive infrastructure of the private cellular network is configured for one of 4G LTE or 5G. ([0010] Private networks using cellular wireless standards are a promising connectivity model. The focus in the industry has gravitated toward applying broadband cellular network standards, such as Long Term Evolution (LTE) and 5G standards, to private wireless networks using unlicensed or shared radio frequency (RF) spectrum). Regarding claim 11, Draznin teaches: A non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: receive at a core enterprise network of a private cellular network a device identifier from one or more devices that are to interact with the core enterprise network that do not include a Subscriber Identity Module (SIM) ([0019] Additionally, or alternatively, authentication proxy 122 may authenticate a particular customer device 180 based on a customer device identity, such as a Permanent Equipment Identifier (PEI).) and that are not pre-provisioned with any subscription profile associated with the core enterprise network ([0064] Process 600 may include providing a profile configuration template . . . For example, user capability management function 210 may provide a subscription profile); based on the device identifier, attach the one or more devices to the core enterprise network ([0060] FIG. 5 illustrates communications for network attachment by a customer device after provisioning, according to implementations described herein. [0061] As shown in FIG. 5, customer device 180-1 may submit a connection request 502 to access device 120. For example, customer device 180-1 may send a radio resource control (RRC) Connection Request message to access device 120 using a shared spectrum. Authentication proxy 122 of access device 120 may access a subscription profile cache (e.g., corresponding to retrieved subscription profiles 424) and determine that customer device 180-1 is registered with private network 115. Authentication proxy 122 may perform a local authentication 506 for customer device 180-1 (e.g., without relying on communications with core network 204) using the subscription profile information.) with only limited attach permissions that restrict the devices to a registration mode ([0033] Exposure function 220 may expose capabilities and features of provider network 125 (or particularly core network 204) to customer devices 180 based on instructions); subsequent to attaching the one or more devices to the core enterprise network, provide to the one or more devices a limited access portal that is configured to receive one or more user authentication credentials from the one or more devices ([0065] Process 600 may include providing a profile configuration template (block 610) and receiving provisioning parameters for end devices in a private network (block 620). For example, user capability management function 210 may provide a subscription profile form to a registered user via private network portal 230. Using the subscription profile form, the user may provide structured input for subscription profile for multiple customer devices 180. User capability management function 210 may receive the user input via private network portal 230.) using the same transmit and receive infrastructure of the private cellular network and without using a separate Wi-Fi or public data network (Private Network Portal 230); receive from the one or more devices the one or more user authentication credentials ([0034] Access to data and/or services via private network portal 230 may be restricted, for example, to users with registered accounts and secure passwords (or other credentials). [0070] Process 700 may further include retrieving a corresponding subscription profile for the end device (block 730), and authenticating the end device based on the retrieved subscription profile (block 740). For example, in response to a connection request, authentication proxy 122 executing on access device 120 may retrieve a subscription profile for the corresponding customer device 180 and user information from the subscription profile to authenticate the customer device 180.); authenticate the one or more user authentication credentials ([0070] For example, in response to a connection request, authentication proxy 122 executing on access device 120 may retrieve a subscription profile for the corresponding customer device 180 and user information from the subscription profile to authenticate the customer device 180.); and provide full access to network services of the core enterprise network to the one or more devices when the one or more user authentication credentials are authenticated by the core enterprise network, wherein the interactions between the core enterprise network and the one or more devices are done using a transmit and receive infrastructure of the private cellular network ([0072] If the end device is authenticated (block 740—Yes), process 700 may include determining if the end device requires a mobility connection (block 760). For example, if authentication proxy 122 finds a subscription profile for the customer device 180 and authenticates customer device 180, authentication proxy 122 may determine (e.g., based on the subscription profile) whether customer device 180 is provisioned for private network access or public network access.). Regarding claim 12, Draznin inherently teaches: linking the device identifier to the one or more user authentication credentials; and automatically providing full access to the network services based on the linking when the one or more devices disconnect from and then subsequently are attached again to the core enterprise network (linking a device identifier to one or more user authentication credentials (Draznin teaches these elements inherently via 24.501 v17.7.1 - 4.4.2.6, Change of security keys: “When the AMF initiates a re-authentication to create a new 5G NAS security context, the messages exchanged during the authentication procedure are integrity protected and ciphered using the current 5G NAS security context, if any. Both UE and AMF shall continue to use the current 5G NAS security context, until . . . .”). Regarding claim 13, Draznin teaches: wherein the device identifier includes an International Mobile Equipment Identity (IMEI) (Additionally, or alternatively, authentication proxy 122 may authenticate a particular customer device 180 based on a customer device identity, such as a Permanent Equipment Identifier (PEI).). Regarding claim 14, Draznin teaches: wherein the one or more user authentication credentials include one or more of an email address, a username, a password, or a network authentication certificate ([0034] Access to data and/or services via private network portal 230 may be restricted, for example, to users with registered accounts and secure passwords (or other credentials).). Regarding claim 15, Draznin teaches: wherein the transmit and receive infrastructure of the private cellular network is configured for one of 4G LTE or 5G. ([0010] Private networks using cellular wireless standards are a promising connectivity model. The focus in the industry has gravitated toward applying broadband cellular network standards, such as Long Term Evolution (LTE) and 5G standards, to private wireless networks using unlicensed or shared radio frequency (RF) spectrum). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Publication No. 2022/0400375 (hereinafter “Schmitt”) related to a system and method for phone privacy U.S. Publication No. 2020/0112854 (hereinafter “Namiranian”) related to machine-readable code-based eSIM profile download Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUSTIN BARRY whose telephone number is (571)272-0201. The examiner can normally be reached 8:00am EST to 5:00pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong HU can be reached at (571) 272-3965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAB/ Examiner, Art Unit 2643 /JINSONG HU/ Supervisory Patent Examiner, Art Unit 2643