USAGE OF ACCESS TOKEN IN SERVICE BASED ARCHITECTURE

Detailed Action 1. This Office Action is in response to the Applicant’s communication filed on 02/26/2026. In virtue of this communication, claims 1-20 are currently pending in this Office Action. Response to Arguments 2. In Remarks, applicant arguments are mainly based on the amended claim limitations. However, the amended claim limitations are considered obvious. See greater details in the claim rejection section set forth below. Indeed, the claimed feature “an access token comprising a suggested count value” is reasonably interpreted as the number of limit for using token. See MPEP 2111. In the previous office action, “a suggested count value” is ready by 902 of fig. 9 of Krishan (an access toke with a message count limit in par. 0113). To advance the prosecution, further evidence is applied for the amended claim limitations “the first count value determined by the second network device based on the suggested count value”. See rationales in fig. 5 of newly cited prior art Goel. Claim Rejections - 35 USC § 103 3. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 4. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4.Considering objective evidence present in the application indicating obviousness or nonobviousness. 5. Claims 1, 3-8 and 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wu et al. Pub. No.: US 2023/0396602 A1 in view of Krishan et al. Pub. No.: US 2023/0199497 A1 and Goel Patent No.: US 10,819,636 B1. Claim 1 Wu discloses a first network device (NF consumer network element in fig. 2-12) comprising: at least one processor (processing module 1102 in fig. 11 and par. 0368); and at least one memory (a memory 1202 in fig. 12) storing instructions that, when executed by the at least one processor (par. 0372), cause the first network device (par. 0381) at least to: transmit an access token request to a second network device (401a access token obtaining request transmitted from NF service consumer network element in fig. 4a; herein, NRF network element of fig. 4a is a second network device); receive, from the second network device, an access token (403a in fig. 4a, access token received from NRF); PNG media_image1.png 694 678 media_image1.png Greyscale transmit, to a third network device, a service request with the access token (404a in fig. 4, NF service request sent to NF service produce network element); and receive, from the third network device, a service response determined based on the access token (406a NF service response in fig. 4a and see par.0145 and see determination process in 405a in fig. 4a and par. 0143-0144). Although Wu does not disclose: “a suggested count value; a first count value, the first count value determined by the second network device based on the suggested count value; the first count value indicating the number of times the access token is allowed to be used; a service response determined based on the first count value and the access token”, the claim limitations are considered obvious by the following rationales. Firstly, to address the obviousness of the claim limitation “a first count value, the first count value indicating the number of times the access token is allowed to be used”, initially, Wu discloses that generating an access token may include MAC value, NF set ID and parameter for expiration time and an allowed range (par. 0136). Wu’s token expiration time value is similar to the first count value for the number of times. The difference could be within the routine skill in the art because counting times can be requested X times in expiration time, as to “the number of times”, and difference in number is discovering an optimum value. However, to advance the prosecution, the evidence for indicating the number of times is provided. In particular, Krishan teaches access token attribute for message count limit (fig. 5), i.e., a message count for indicating a received number of service requests (see par. 0119). PNG media_image2.png 490 710 media_image2.png Greyscale Secondly, to consider the obviousness of the claim limitation “a service response determined based on the first count value and the access token”, similarly, Wu explains NF service producer network element for verifying token associated with service request (par. 0143-0144) to approve or authorize the service request (406a in fig. 4a). In particular, Krishan teaches producer NF for determining the attributes (fig. 5) of token associated with the service request to reject or accept the service request (603 in fig. 6, 803 in fig. 8 and fig. 9). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu by providing access token attribute as taught in Krishan. Such a modification would have provided a network function to generate and obtain an access token with message count limit attribute so that a malicious hacker could not be reused the token with an expiration time as suggested in par. 0008-0009 of Krishan. Thirdly, to address the obviousness of the amended feature “a suggested count value”, recall that Krishan discloses message count limit value (fig. 5) and thus, Krishan’s fig. 5 would have read on the suggested count value. To advance the prosecution, further evidence for maximum limit for token use is provided herein. It’s merely to show applicant that how the claimed feature can be reasonably interpreted in various ways for revealing the possible strongest obviousness to the claimed feature. In particular, Goel teaches maximum limit for token count (510 in fig. 5). Lastly, to consider the amended claim limitation “the first count value determined by the second network device based on the suggested count value”, recall that Krishan discloses counting the token’s attribute to compare with message count limit (fig. 5). Again, the amended claim limitations could have read by Krishan. Further evidence is courtesy to applicant for revealing obviousness with the multiple evidences to advance the prosecution. In particular, Goel teaches P-tokens + C-tokens = greater than maximum limit (510 in fig. 5, see lines 19-57 of col. 9, previous token and current token are determined to the maximum limit, as to a suggested count value). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu in view of Krishan by providing producer network function service for limiting at service communication proxy as taught in Goel to obtain the claimed invention as specified in the claim. Such a modification would have provided a network function to select producer NF so that the network service could be granted or denied based on the capacity of network function proxies as suggested in col. 1-2 of Goel. Claim 3 Wu, in view of Krishan and Goel, discloses the first network device of claim 1, wherein the first network device is caused to transmit the service request (fig. 4a of Wu) by: determining, based on the first count value, that the service request is allowed to be transmitted (Wu, when authorization does not fail, NF consumer will send the token in 404a in fig. 4a; Krishan, access token in fig. 2 7 6; accordingly, the combined prior art would have been expected by one of ordinary skill in the art to perform equally well to the claim, see MPEP 2143, KSR Exemplary Rationale F). Claim 4 Wu, in view of Krishan and Goel, discloses the first network device of claim 1, wherein the first network device is caused to receive the service response (fig. 4a of Wu) by: receiving a service requested in the service request (Wu, service request response in 406a fig. 4a in par. 0145; Krishan, fig. 2 & 6); or receiving a rejection to the service request (Wu, service response in fig. 710; Krishan, reject service request in fig. 7-8; accordingly, the combined prior art reads on the claim and it’s to note that claim recites alternative limitations). Claim 5 Wu, in view of Krishan and Goel, discloses the first network device of claim 1, wherein the first network device is a network function consumer (NFc) (Wu, NF service consumer network element in fig. 4-10), the second network device is a network repository function (NRF) (Wu, NRF network element in fig. 4a-b), and the third network device is a network function producer (NFp) (Wu, NF service producer network element in fig. 4-10, and thus, the combined prior art reads on the claim). Claim 6 Wu, in view of Krishan and Goel, discloses the first network device of claim 1, wherein the first network device is a network function consumer (NFc) (Wu, NF service consumer network element in fig. 4-10) or a service communication proxy for the NFc (Wu, SCP network element in fig. 4-10), the second network device is a network repository function (NRF) (Wu, NRF network element in fig. 4a-b), and the third network device is a service communication proxy for a network function producer (NFp) (Wu, NF service producer network element in fig. 4-10; accordingly, the combined prior art meets the claim requirement). Claim 7 Wu, in view of Krishan and Goel, discloses the first network device of claim 1, wherein the first network device is a network function consumer (NFc) in a first public land mobile network (PLMN) (Wu, NF service consumer network element in fig. 4a-b and par. 0127 describes that the NF service consumer network element may belong to PLMN in par. 0127), the second network device is a network repository function for a network function producer (NFp) in a second PLMN (Krishan, par. 0032, see service PLMN and producer PLMN in par. 0049-0050), and the third network device is a security edge protection proxy for the NFp (Krishan, SEPP from another PLMN in par. 0032; accordingly, the claim condition could be obvious to one of ordinary skill in the art to perform equally well with the combined prior art: see evidence for inter-PLMN in home network and visitor network in fig. 2-5 and par. 0062 of Singh et al. Pub. No.: US 2022/0294775 A133). Claim 8 Wu discloses a second network device (NRF network element in fig. 2-12) comprising: at least one processor (processing module 1102 in fig. 11 and par. 0368); and at least one memory (a memory 1202 in fig. 12) storing instructions that, when executed by the at least one processor (par. 0372), cause the second network device (par. 0381 at least to: receive an access token request from a first network device (receive token request in step 401a from NF service consumer network element, i.e., a first network device in fig. 4a); determine an access token is allowed to be used (see determination process in 405a in fig. 4a and par. 0143-0144); and transmit, to the first network device, the access token (403a in fig. 4a, access token transmitted from NRF). Although Wu does not disclose “a suggested count value; a first count value indicating the number of times; and the access token associated with the first count value; determined based at least upon the suggested count value”, the claim limitations are considered obvious by the following rationales. Firstly, to consider the obviousness of the claim limitations “a suggested count value; a first count value indicating the number of times; and the access token associated with the first count value”, recall that Wu discloses that generating an access token may include MAC value, NF set ID and parameter for expiration time and an allowed range (par. 0136). Wu’s token expiration time value is similar to the claimed first count value for the number of times. The difference in number could be within the routine skill in the art because the X times can be requested in expiration time, as to “the number of time”, the counting number is discovering an optimum value. However, to advance the prosecution, the evidence for indicating the number of times is provided. In particular, Krishan teaches access token attribute for message count limit (fig. 5), i.e., a message count for indicating a received number of service requests (see par. 0119). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu by providing access token attribute as taught in Krishan. Such a modification would have provided a network function to generate and obtain an access token with message count limit attribute so that a malicious hacker could not be reused the token with an expiration time as suggested in par. 0008-0009 of Krishan. Secondly, to consider the amended claim limitations “a suggested count value; and determine, based at least upon the suggested count value ”, recall that Krishan discloses message count limit value (fig. 5) and thus, Krishan’s fig. 5 would have read on the suggested count value. To advance the prosecution, further evidence for maximum limit for token use is provided herein. It’s merely to show applicant that how the claimed feature can be reasonably interpreted in various ways for revealing the strongest obviousness to the claimed feature. In particular, Goel teaches maximum limit for token count (510 in fig. 5). Additionally, Goel teaches P-tokens + C-tokens = greater than maximum limit (510 in fig. 5, see lines 19-57 of col. 9, previous token and current token are determined to the maximum limit, as to a suggested count value). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu in view of Krishan by providing producer network function service for limiting at service communication proxy as taught in Goel to obtain the claimed invention as specified in the claim. Such a modification would have provided a network function to select producer NF so that the network service could be granted or denied based on the capacity of network function proxies as suggested in col. 1-2 of Goel. Claim 10 Wu, in view of Krishan and Goel, discloses the second network device of claim 9, wherein the second network device is caused to determine the first count value (fig. 2-9 of Krishan) by: determining the first count value based on at least one (fig. 2-9 of Krishan) of the following: the suggested count value, profile parameters associated with a network function consumer (NFc) available at the second network device (Wu, NF service consumer network element in fig. 4-9 and NF profile in par. 0101 & 0110), profile parameters associated with a network function producer (NFp) available at the second network device (Wu, NF service producer network element in fig. 4-9 and NF profile in par. 0101 & 0110; Krishan, NF producer service profile in par. 0028-0029; accordingly, one of ordinary skill in the art would have expected the combined prior art to perform equally well to the claim), or an operator policy (Wu, policy management and policy control function infrastructure in the core network explained in par. 0094, a policy rule explained in par. 0095; Krishan, fig. 4-8; for these reasons, the combined prior art meets the claim requirement as claim recites alternative limitations). Claim 11 Wu, in view of Krishan and Goel, discloses the second network device of claim 10, wherein the first network device is the NFc or a service communication proxy for the NFc (Wu, NF service consumer network element in fig. 4-10), and the second network device is a network repository function (NRF) (Wu, NRF network element in fig. 4a-b; for these reasons, the combined prior art renders the claim obvious). Claim 12 Wu, in view of Krishan and Goel, discloses the second network device of claim 10, wherein the first network device is the NFc (Wu, NF service consumer network element in fig. 4-10), and the second network device is a network repository function (NRF) (Wu, NRF network element in fig. 4a-b; and thus, the combined prior art reads on the clam). Claim 13 Wu, in view of Krishan and Goel, discloses the second network device of claim 10, wherein the first network device is the NFc in a first public land mobile network (PLMN) (Wu, NF service consumer network element in fig. 4a-b and par. 0127 describes that the NF service consumer network element may belong to PLMN in par. 0127), and the second network device is a network repository function for a network function producer (NFp) in a second PLMN (Krishan, par. 0032, see service PLMN and producer PLMN in par. 0049-0050; accordingly, the combined prior art meets the claim requirement). Claim 14 Wu discloses a third network device (NF service producer network element in fig. 2-12) comprising: at least one processor (processing module 1102 in fig. 11 and par. 0368); and at least one memory (a memory 1202 in fig. 12) storing instructions that, when executed by the at least one processor (par. 0372), cause the third network device par. 0381) at least to: receive, from a first network device (NF service consumer network element in fig. 4-9), a service request with an access token (404a NF service request with access token); determine the access token (405a in fig. 4a); determine a service response based on the access token (see determination process in 405a in fig. 4a and par. 0143-0144); and transmit the service response to the first network device (406a NF service response from NF service producer network element in fig. 4a). Although Wu does not disclose: “the access token being associated with a first count value, the first count value indicating the number of times the access token is allowed to be used; the first count value determined by the second network device based on a suggested count value; determine a stored count value based on the access token; determine a service response based on the stored count value”, the claim limitations are considered obvious by the following rationales. Firstly, to address the obviousness of the claim limitation “the access token being associated with a first count value, the first count value indicating the number of times the access token is allowed to be used”, initially, Wu discloses that generating an access token may include MAC value, NF set ID and parameter for expiration time and an allowed range (par. 0136). Wu’s token expiration time value is similar to the first count value for the number of times. The difference in number could be within the routine skill in the art because X times can be requested within the expiration time, as to “the number of times”, and difference in numbers is discovering an optimum value. However, to advance the prosecution, the evidence for indicating the number of times is provided. In particular, Krishan teaches access token attribute for message count limit (fig. 5), i.e., a message count for indicating a received number of service requests (see par. 0119). Secondly, to consider the obviousness of the claim limitation “determine a stored count value based on the access token; determine a service response based on the stored count value”, similarly, Wu explains storing access token (par. 0137, 0219), NF service producer network element for verifying token associated with service request (par. 0143-0144) to deny or authorize the service request (406a in fig. 4a). In particular, Krishan teaches storing “a message count limit” (par 0083 and fig. 5) and producer NF for determining the attributes (fig. 5) of token associated with the service request to reject or accept the service request (803 in fig. 8 and fig. 9). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu by providing access token attribute as taught in Krishan. Such a modification would have provided a network function to generate and obtain an access token with message count limit attribute so that a malicious hacker could not be reused the token with an expiration time as suggested in par. 0008-0009 of Krishan. Lastly, to consider the obviousness of the amended claim limitation “the first count value determined by the second network device based on a suggested count value”, recall that Krishan discloses counting the token’s attribute to compare with message count limit (fig. 5). Again, the amended claim limitations could have read by Krishan. Further evidence is courtesy to applicant for revealing obviousness with the multiple evidences to advance the prosecution. In particular, Goel teaches P-tokens + C-tokens = greater than maximum limit (510 in fig. 5, see lines 19-57 of col. 9, previous token and current token are determined to the maximum limit, as to a suggested count value). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify service authorization of Wu in view of Krishan by providing producer network function service for limiting at service communication proxy as taught in Goel to obtain the claimed invention as specified in the claim. Such a modification would have provided a network function to select producer NF so that the network service could be granted or denied based on the capacity of network function proxies as suggested in col. 1-2 of Goel. Claim 15 Wu, in view of Krishan and Goel, discloses the third network device of claim 14, wherein the third network device is caused to determine the service response (Wu, fig. 4a and fig. 2-9 of Krishan) by: in accordance with a determination that the stored count value is larger than a predetermined value (Wu, par. 0144-0145, expiration for token stored is larger than the token received with lifetime number, 406a in fig. 4; Krishan, message count limit field of fig. 5 stored is compared to in 602 in fig. 6), providing, as the service response, a service requested in the service request (Krishan, 406a in fig. 4a; Krishan, 603 in fig. 6 and par. 0068); and in accordance with a determination that the stored count value is equal to the predetermined value, providing, as the service response, a rejection to the service request (Krishan, message count limit value in fig. 5 stored will be compared with token attribute values associated with service request in fig. 7-8, and par. 0068 & 0094 for rejecting service requests; for these reason, one of ordinary skill in the art would have expected the combined prior art to work equally well to the claim). Claim 16 Wu, in view of Krishan and Goel, discloses the third network device of claim 14, wherein the access token is associated with an identity of a target network function (NF) (Wu, NF instance ID, target NF type in fig. 5 and par. 0077), and wherein the third network device (Wu, NF service producer network element in fig. 2-12) is further caused to: in accordance with a determination that the access token is not stored, store the access token at the third network device (Wu, not storing the service requests without access token or expired access token in par. 0212), the first count value being stored as the stored count value (Wu, storing NF ID and parameters location in the NRF network element in par. 0131 and storing access token not expired in par. 0219; Krishan, message count limit field in fig. 5 stored); in accordance with a determination that a service is provided, decrement the stored count value (Krishan, to check message count limit of fig . 5 for performing fig. 6-8 whether to reject the service request involves counting down the limit, even if not, count down is as intrinsic feature and 3GPP LTE or 5G have timers with such capabilities); or in accordance with a determination that the access token expires, delete the access token from the third network device (Krishan, delete usage metrics or other related data for expired or invalid or unneeded access tokens; for these reasons, the combined prior art would have expected by one of ordinary skill in the art to perform equally to the claim, see MPEP 2143, KSR Exemplary Rationale G). Claim 17 Wu, in view of Krishan and Goel, discloses the third network device of claim 14, wherein the access token is associated with a type of a target network function (NF) (Wu, NF instance ID, target NF type in fig. 5 and par. 0077), and wherein the third network device (Wu, NF service producer network element in fig. 2-12) is further caused to: in accordance with a determination that the access token is not stored (Wu, not storing the service requests without access token or expired access token in par. 0212), store the access token at a fourth network device accessible to a set of NFs, the first count value being stored as the stored count value (Wu, storing NF ID and parameters location in the NRF network element in par. 0131 and storing access token not expired in par. 0219; Krishan, message count limit field in fig. 5 stored); in accordance with a determination that a service is provided, decrement the stored count value (Krishan, to check message count limit of fig . 5 for performing fig. 6-8 whether to reject the service request involves counting down the limit, even if not, count down is as intrinsic feature and 3GPP LTE or 5G have timers with such capabilities); or in accordance with a determination that the access token expires, delete the access token from the fourth network device (Krishan, delete usage metrics or other related data for expired or invalid or unneeded access tokens; for these reasons, the combined prior art would have expected by one of ordinary skill in the art to perform equally to the claim, see MPEP 2143, KSR Exemplary Rationale G). Claim 18 Wu, in view of Krishan and Goel, discloses the third network device of claim 17, wherein the fourth network device is a network repository function (NRF) (Wu, NRF in fig. 4-12), an unstructured data storage function (UDSF), or a central database (Wu, UDM in par. 0094; Krishan, data storage in fig. 4; and thus, the combined prior art meets the claim requirement). Claim 19 Wu, in view of Krishan and Goel, discloses the third network device of claim 14, wherein the first network device is a network function consumer (NFc) (Wu, NF service consumer network element in fig. 4-12), the second network device is a network repository function (NRF) (Wu, NRF network element in fig. 4-12), and the third network device is a network function producer (NFp) (Wu, NF service producer network element in fig. 4-12; and hence, the combined prior art reads on the claim). Claim 20 Wu, in view of Krishan and Goel, discloses the third network device of claim 14, wherein the first network device is a network function consumer (NFc) (Wu, NF service consumer network element in fig. 4-12) or a service communication proxy for the NFc, the second network device is a network repository function (NRF) (Wu, NRF network element in , and the third network device is a service communication proxy for a network function producer (NFp) (Wu, SCP in fig. 3a-b, & 5-6; claim recites alternative limitations and thus, the combined prior art meets the claim requirement); or wherein the first network device is a network function consumer (NFc) in a first public land mobile network (PLMN) (PLMN) (Wu, NF service consumer network element in fig. 4a-b and par. 0127 describes that the NF service consumer network element may belong to PLMN in par. 0127), the second network device is a network repository function for a network function producer (NFp) in a second PLMN (Krishan, par. 0032, see service PLMN and producer PLMN in par. 0049-0050), and the third network device is a security edge protection proxy for the NFp (Krishan, SEPP from another PLMN in par. 0032; Goel, HPLMN in lines 15-35 of col. 5; accordingly, the claim condition could be obvious to one of ordinary skill in the art to perform equally well with the combined prior art: see evidence for inter-PLMN in home network and visitor network in fig. 2-5 and par. 0062 of Singh et al. Pub. No.: US 2022/0294775 A133). Conclusion 6. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information 7. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAN HTUN whose telephone number is (571)270-3190. The examiner can normally be reached Monday - Thursday 7 AM - 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong Hu can be reached on 5712723965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAN HTUN/ Primary Examiner, Art Unit 2643