AUTHENTICATION PROCEDURE

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Amendment filed on 06/18/2025. In the instant Amendment, claim 20 has been added; claims 1, 3, 6, 9-11, and 17-19 have been amended; and claims 1, 9,16, 18, are independent claims. Claims 1-20 have been examined and are pending. This Action is made Final In light of Applicant’s amendments, objection to the drawing and claims 17 and 19 has been withdrawn. Response to Arguments Applicant's arguments filed 06/18/2025 regarding claim, 1-19 have been fully considered but they are not persuasive. Applicant argues that Lee’s SMF 430 cannot correspond to the claim ed “local node” because it is part of the core network rather than a device connected via a local connection. Applicant further argues that Lee only discloses session establishment between a UE and logical data networks, not between a local node and an external network. These argument are not persuasive . Under the broadest reasonable interpretation of “local node”, the term encompasses any entity connected to the apparatus (e.g. UE) for purposes of establishing a session. Lee discloses that UE 115 transmits a session request message establish a PDU session with one or more logical data network 425 (Lee para[40-41], [88-90], fig. 4). Logical data networks 425 may interface with third-party AAA servers or external networks for services authorization (Lee, para[41], [91]). Thus, Lee teaches transmitting a request via UE to the core network to open a session between an entity connected through the UE and an external network. Applicant’s narrow interpretation improperly imports limitation (e.g. restricting “local node” to an IoT device) not recited in the claim. Applicant argues that Lee only discloses secondary authentication between UE 115 and an AAA component 445, not between a local node and an external network as recited in the claim. This argument is also not persuasive. Lee expressly teaches that SMF 430 may deliver authentication messages exchanged between UE 115 and third-party AAA component 44 (Lee para[96-97]. This demonstrate relaying of secondary authentication messages through the core network without the SMF itself serving as an endpoint of the authentication. The claim merely requires that the apparatus relays authentication messages between a node and an external network via a core network; it does not exclude scenarios where the node is the UE or an equivalent entity. Furthermore, it would have been obvious to a person ordinary skill in the art to apply Lee’s relay mechanism to a UE that is serving as a pass-through for a connected device (e.g., an IoT node), since the principle of relaying authentication messages whiteout accessing endpoint credentials is the same. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 5-7, 9-11, 13-14, 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Oh Lee et al. (U.S. PGPub. No. 20180227302 A1; Hereinafter “Lee”) in view of Ene et al. (U.S. PGPub. No 20230245085 A1; Hereinafter “Ene”). As per claims 1, 9 Lee teaches an apparatus (UE 115) comprising (Lee: fig. 1, 4, para [88], “FIG. 4 illustrates an example of a wireless communication system 400 for wireless communication that supports session management authorization token in accordance with aspects of the present disclosure. The wireless communication system 400 may include a UE 115, that may be examples of UE 115 as described herein with reference to FIG. 1”): at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to (Lee: para[26], “The apparatus may include a processor, memory in electronic communication with the processor, and instructions stored in the memory.”): transmit to a core network, a request to open a protocol session, between a local node (SMF 430), connected to the apparatus via a local connection, and an external network (Third party AAA 445), that is external to the core network (Lee: para [88-90], “UE 115 may transmit a session request message to establish a session with one or more logical data networks of the group of logical data networks 425. The session may be a PDU session with one or more of the logical data networks 425. In some aspects, UE 115 and SMF component 430 may establish a SM NAS security connection, and the UE 115 may transmit the session request message over the established SM NAS security connection.”, para[40-41], “the SMF may be part of a Home Public Land Mobile Network (HPLMN).. The SMF may also interface with a third-party authentication, authorization, and accounting (AAA) server (e.g., that may authorize sponsored zero-rated sessions)”); relay at least one message of a secondary authentication process between the local node and the external network via the core network (Lee: para[88-97], “SMF component 430 may determine whether a secondary authentication between UE 115 and the third-party AAA component 445 is required for approving the PDU session. The secondary authentication may be performed based on authentication message exchanged between UE 115, the SMF component 430, and the third-party AAA component 445…SMF component 430 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445.” ), and Lee does not clearly teach if the secondary authentication process is successful, relay packets comprised in a protocol session between the node and the external network without participating in the protocol session as an endpoint. However, in the related art Ene teaches if the secondary authentication process is successful, relay packets comprised in the protocol session between the local node and the external network without participating in the protocol session as an endpoint (Ene: fig. 7-8, para[150-155] “When the user activates the purchasing buttons, they trigger a PDU session setup including a secondary authentication as in the previous embodiments. The UE device will send a PDU session establishment request 742 to the core network and include the token from the cookie identifying the UE device…. The payments system will acknowledge the authentication and/or authorization of the connection to the UE device and the core network will finalize 810 the PDU session setup and it may inform 812 the payment system about the newly assigned IP-address (now continued on FIG. 8. The UE device can now request 818 the account specific code and/or information for purchase options which are then presented 830 to the user”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update Lee with Ene, it will enhance security by adding an extra layer of verification and improve the reliability of the system. As per claims 2, 10, Lee in view of Ene teaches the independent claim 1. Lee teaches comprising a user equipment (UE) of the core network (Lee: fig. 1, 2, para [44-47], “UE 115 may be configured to transmit a session request message to network device 105, to establish a session for a logical data network. In some examples, UE 115 may be configured to receive a session response message from network device 105.”). As per claims 3, 11, Lee in view of Ene teaches the independent claim 2. Lee teaches wherein the request is configured to cause the core network to inform the external network of the request to open the protocol session (Lee: para[88-97], “SMF component 430 may determine whether a secondary authentication between UE 115 and the third-party AAA component 445 is required for approving the PDU session. The secondary authentication may be performed based on authentication message exchanged between UE 115, the SMF component 430, and the third-party AAA component 445…SMF component 430 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445.” ), Ene teaches transmit to the external network an authorization code associated with the UE indicating that the UE is allowed to connect to the external network (Ene: para[153], “The UE device will send a PDU session establishment request 742 to the core network and include the token from the cookie identifying the UE device…The transmission of the token in the request from the UE device to the core network and the subsequent transmission 748 from the core network to the AAA server 131 of the payment system together with a GPSI thus allows an association of a previous account, yet unrelated to the 5G subscriber identity, with the GPSI.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update Lee with Ene, it will enhance security by adding an extra layer of verification and improve the reliability of the system. As per claims 5, 13, Lee in view of Ene teaches the dependent claim 2. Lee teaches wherein the protocol session is a packet data unit session network (Lee: para [88-90], “UE 115 may transmit a session request message to establish a session with one or more logical data networks of the group of logical data networks 425. The session may be a PDU session with one or more of the logical data networks 425. In some aspects, UE 115 and SMF component 430 may establish a SM NAS security connection, and the UE 115 may transmit the session request message over the established SM NAS security connection.”), and wherein the packet data unit session is cryptographically protected using cryptographic information the UE does not store (Lee: para[42], [105] “The AMF may apply a different session authorization policy on a PDU session associated with each of the subscriptions based on one or more subscription demands (e.g., security needs such as encryption and integrity protection algorithms, and security termination points).”). As per claim 6, 13, Lee in view of Ene teaches the dependent claim 2. Lee teaches transmit the request to open the protocol session as a response to a connection request message received from the local node (Lee: para[98] “SMF component 430 may transmit SM NAS security mode command to UE 115. The SM NAS security mode command may include a selected security algorithm by the SMF component 430 and optionally service policy determined by the SMF component 430. The SM NAS security mode command may also include supported algorithms and session requirements provided by UE 115 (i.e., replays that UE 115 has transmitted in the session request message to make the UE 115 confirm the session parameters that the SMF component 430 received in a session request message, and therefore prevent bidding down attacks). In some examples, a hash of the supported algorithms and session requirements may be provided in the SM NAS security” ). As per claims 7, 14, Lee in view of Ene teaches the independent claim 1. Lee teaches wherein the local connection comprises a short-range wireless connection (Lee: para55], “Wireless communication system 100 may operate in an ultra-high frequency (UHF) frequency region using frequency bands from 700 MHz to 2600 MHz (2.6 GHz), ..Transmission of UHF waves is characterized by smaller antennas and shorter range (e.g., less than 100 km) compared to transmission using the smaller frequencies (and longer waves) of the high frequency (HF) or very high frequency (VHF) portion of the spectrum.”). As per claim 16, Lee teaches an apparatus (third-party AAA) comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to (Lee: para[26], “The apparatus may include a processor, memory in electronic communication with the processor, and instructions stored in the memory.”): receive from a core network a message comprising (Lee: para[88-97], “SMF component 430 may determine whether a secondary authentication between UE 115 and the third-party AAA component 445 is required for approving the PDU session. The secondary authentication may be performed based on authentication message exchanged between UE 115, the SMF component 430, and the third-party AAA component 445…SMF component 430 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445.” ), verify, (Lee: para[97], “the third-party AAA component 445 may transmit the key response message based on verifying that the UE is authorized to establish the PDU session.” ); perform at least one authentication exchange with the node via the core network and the UE (Lee: para[88-97], “SMF component 430 may determine whether a secondary authentication between UE 115 and the third-party AAA component 445 is required for approving the PDU session. The secondary authentication may be performed based on authentication message exchanged between UE 115, the SMF component 430, and the third-party AAA component 445…SMF component 430 may deliver authentication message exchanges between the UE 115 and third-party AAA component 445.” ), and if the node is allowed to access the external network via the UE, and the authentication exchange is successful, transmit an indication of authentication success to the core network (Lee: para[97-98], “, the SMF component 430 may receive an indication from the third-party AAA component 445 that the UE 115 is authorized to establish the PDU session for the logical data network….the third-party AAA component 445 may transmit the key response message based on verifying that the UE is authorized to establish the PDU session. In some examples, the SMF key may be transmitted based an extensible authentication protocol (EAP)” ). Lee does not explicitly teach receive from a core network a message comprising an identity of a node connected to a user equipment (UE), and an authorization code associated with the UE; verify, based on the authorization code, whether the node is allowed to access, via the UE, an external network that is external to the core network. However, in the related art, Ene teaches receive from a core network a message comprising an identity of a node connected to a user equipment (UE), and an authorization code associated with the UE (Ene: fig. 7-8, para[150-155], “The UE device will send a PDU session establishment request 742 to the core network and include the token from the cookie identifying the UE device…The transmission of the token in the request from the UE device to the core network and the subsequent transmission 748 from the core network to the AAA server 131 of the payment system together with a GPSI thus allows an association of a previous account, yet unrelated to the 5G subscriber identity, with the GPSI.”); verify, based on the authorization code, whether the node is allowed to access, via the UE, an external network that is external to the core network (Ene: fig. 7-8, para[150-155] “The transmission of the token in the request from the UE device to the core network and the subsequent transmission 748 from the core network to the AAA server 131 of the payment system together with a GPSI thus allows an association of a previous account,…the payments system will determine 760 the account, either associated with the provided GPSI, if any, or associated with the provided token or cookie-based identity, and it will merge accounts, if multiple accounts are found. If no account is found, a new account is created. The payments system will acknowledge the authentication and/or authorization of the connection to the UE device and the core network will finalize 810 the PDU session setup and it may inform 812 the payment system about the newly assigned IP-address”); Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update Lee with Ene, it will enhance security by adding an extra layer of verification and improve the reliability of the system. As per claim 17, Lee in view of Ene teaches the independent claim 16. Lee teaches performed by an authentication server (third party AAA) of the external network (Lee: para[88], “The wireless communication system 400 may include a UE 115, that may be examples of UE 115 as described herein with reference to FIG. 1. The wireless communication system 400 may also include a AMF component 405, a SEAF component 410, an AUSF/ARPF component 415, a RAN component 420, a group of logical data networks (i.e., network slices) 425, and a third-party AAA component 445.”). As per claim 18, Lee teaches an apparatus (SMF) comprising (Lee: fig. 1, 4, para [88], “FIG. 4 illustrates an example of a wireless communication system 400 for wireless communication that supports session management authorization token in accordance with aspects of the present disclosure. The wireless communication system 400 may include a UE 115, that may be examples of UE 115 as described herein with reference to FIG. 1…SMF”): at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to (Lee: para[26], “The apparatus may include a processor, memory in electronic communication with the processor, and instructions stored in the memory.”): receive a request to open a protocol session between a node connected to a user equipment (UE) of a core network and an external network that is external to a core network where the apparatus is comprised, the request identifying the UE (Lee: para [88-90], “UE 115 may transmit a session request message to establish a session with one or more logical data networks of the group of logical data networks 425. The session may be a PDU session with one or more of the logical data networks 425. In some aspects, UE 115 and SMF component 430 may establish a SM NAS security connection, and the UE 115 may transmit the session request message over the established SM NAS security connection.”, para[40-41], “the SMF may be part of a Home Public Land Mobile Network (HPLMN).. The SMF may also interface with a third-party authentication, authorization, and accounting (AAA) server (e.g., that may authorize sponsored zero-rated sessions)”); verify, based on subscription data associated with the UE, whether the UE is allowed to act as gateway toward the external network (Lee: para[92], “SMF component 430 in communication with UPF component 435 via communication links 460, and Third-party AAA component 445 and AUSF/ARPF component 215 may verify that the UE 115 is authorized to establish the PDU session for a corresponding logical data network (e.g., at least one logical data network slice from the group of logical data networks 425)”). Lee does not explicitly teach if the UE is allowed to act as a gateway toward the external network send an authorization code associated with the UE to an authentication server of the external network. However, in the related art, Ene teaches if the UE is allowed to act as a gateway toward the external network, send an authorization code associated with the UE to an authentication server of the external network (Ene: para[150-153], “The UE device will send a PDU session establishment request 742 to the core network and include the token from the cookie identifying the UE device…The transmission of the token in the request from the UE device to the core network and the subsequent transmission 748 from the core network to the AAA server 131 of the payment system together with a GPSI thus allows an association of a previous account, yet unrelated to the 5G subscriber identity, with the GPSI.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update Lee with Ene, it will enhance security by adding an extra layer of verification and improve the reliability of the system. As per claim 19, Lee in view of Ene teaches the independent claim 18. Lee teaches comprising an entity (SMF) of the core network (Lee: para[92], “SMF component 430 in communication with UPF component 435 via communication links 460, and Third-party AAA component 445 and AUSF/ARPF component 215 may verify that the UE 115 is authorized to establish the PDU session for a corresponding logical data network (e.g., at least one logical data network slice from the group of logical data networks 425)”). Claims 4, 12, are rejected under 35 U.S.C. 103 as being unpatentable over Oh Lee et al. (U.S. PGPub. No. 20180227302 A1; Hereinafter “Lee”) in view of Ene et al. (U.S. PGPub. No 20230245085 A1; Hereinafter “Ene”) and Lei et al. (U.S. PGPub. No. 2022/0086145 A1; Hereinafter "Lei"). As per claims 4, 12, Lee in view of Ene teaches the dependent claim 3. Lei teaches wherein the authorization code is not included in the request to open the protocol session and is not stored in the UE (Lei: para[237-240] “Optionally, the AMF sends a user ID indication to the AAA-S located in the DN. The user ID indication may be understood as the foregoing first indication. Optionally, the AMF sends an authentication indication to the AAA-S located in the DN.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Lee with Lei, it will enhance security by adding an extra layer of verification and improve the reliability of the system. Claims 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Oh Lee et al. (U.S. PGPub. No. 20180227302 A1; Hereinafter “Lee”) in view of Ene et al. (U.S. PGPub. No 20230245085 A1; Hereinafter “Ene”) and Poltorak (U.S. PGPub. No. 20230217195 A1; Hereinafter “Poltorak”). As per claims 8, 15 Lee in view of Ene teaches the dependent claim 7. Poltorak teaches wherein the short-range wireless connection comprises a wireless local area network connection or a wireless connection between 2.402 GHz and 2.48 GHz (Poltorak: para[58], [113], “Bluetooth (IEEE-802.15.1) is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz, and building personal area networks (PANs)’, “the presence of capillary gateways such as smartphones and/or proxy nodes that support both Bluetooth and cellular connectivity in the mesh area network extends the accessibility of extremely low-power, storage and memory constrained devices into the core network up and to the cloud.). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Lee with the short range connection off Lee, it will provide rapid response to threats, enhanced visibility of security operations, and quick mitigation of incidents. Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Oh Lee et al. (U.S. PGPub. No. 20180227302 A1; Hereinafter “Lee”) in view of Ene et al. (U.S. PGPub. No 20230245085 A1; Hereinafter “Ene”) and Starsinic et al. (U.S. PGPub. No. 20210235266 A1; Hereinafter “Starsinic”). As per claim 20, Lee in view of Ene teaches the independent claim 1. Lee in view of Ene does not teach wherein: the local node comprises an internet of things (IoT) element. However, in the related art, Starsinic teaches wherein: the local node comprises an internet of things (IoT) element (Starsinic: fig. 3, para[23], [34],“ it is further recognized herein that addressing the technical problem of identifying users may be valuable in the Internet of Things (IoT). For example, referring to FIG. 3, a capillary device 302, such as a wearable device or smart home appliance (with no SIM), can connect to a remote server 304 by using a UE 306 as a gateway or relay to a core network 308..”) Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Lee with the process of Starsinic, it will provide enhanced visibility of security operations (Starsinic, para[46]). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571)-270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /L.L.N./Examiner, Art Unit 2437 /ALI S ABYANEH/Primary Examiner, Art Unit 2437