Prosecution Insights
Last updated: July 17, 2026
Application No. 18/447,093

WIRELESS NETWORK SERVICE SECURITY ARCHITECTURE

Final Rejection §102
Filed
Aug 09, 2023
Examiner
SHEDRICK, CHARLES TERRELL
Art Unit
2646
Tech Center
2600 — Communications
Assignee
Qualcomm Incorporated
OA Round
2 (Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
87%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allowance Rate
782 granted / 1007 resolved
+15.7% vs TC avg
Moderate +9% lift
Without
With
+9.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
28 currently pending
Career history
1041
Total Applications
across all art units

Statute-Specific Performance

§101
2.6%
-37.4% vs TC avg
§103
71.4%
+31.4% vs TC avg
§102
18.1%
-21.9% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1007 resolved cases

Office Action

§102
CTFR 18/447,093 CTFR 81246 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Response to Arguments 07-37 AIA Applicant's arguments filed 2/5/26 have been fully considered but they are not persuasive. Applicant argues Zhang fails to teach or at least reasonably suggest at least "transmitting, by a wireless device to a security service of the wireless network, a first service access request for accessing a service of the wireless network, wherein the service is separate from the security service," as recited in claim 1. The Office appears to map the key request message of Zhang to the recited first service access request. Of note, the key request message of Zhang is sent by the SM to the KMS. However, both the SM and KMS are network elements of the wireless network rather than a UE or other wireless device. For at least this reason, Applicant submits that Zhang fails to teach or at least reasonably suggest at least "transmitting, by a wireless device to a security service of the wireless network, a first service access request for accessing a service of the wireless network, wherein the service is separate from the security service," as recited in claim 1. However, The Examiner respectfully disagrees. Zhang teaches in at least figures 4, 5 and 7 “…UE 1 initiates a session request after the UE is attached to a network. In this case, the UE 1 may provide a security requirement 2 and/or a security requirement 5, so that a policy control network element determines a security policy based on more security requirements…” – 0145 . “The security policy determining module may be disposed in the UE 1 , the network element (for example, the AN, the MM, the AU, the KMS, the AAA, the SM, or the policy control network element) in the carrier network, the gateway, the network element (for example, the DN server) in the DN, or the UE 2 shown in FIG. 1. A security policy may be determined in a network attachment process of the UE, or may be determined after the UE is attached to a network . Therefore, it appears based on the context of Zhang, the instant claims are anticipated. The Examiner further suggest the Applicant also review the cited pertinent prior are of record in the conclusion regarding the "transmitting, by a wireless device to a security service of the wireless network, a first service access request for accessing a service of the wireless network, wherein the service is separate from the security service,". Independent claims 15, 18, and 30 recite features that are similar to distinguishing features of claim 1 discussed above. Therefore, it is respectfully submitted that claims 1, 15, 18, and 30 are not in condition for allowance for at least the same reasons. Dependent claims 2-7, 16-17, 19-24 and 31-32 are dependent either directly or indirectly from one of the independent claims discussed above. The dependent claims incorporate by reference all the limitations of the claim to which they refer and are therefore not in condition for allowance . Claim Rejections - 35 USC § 102 07-07-aia AIA 07-07 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – 07-08-aia AIA (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. 07-15-aia AIA Claim(s) 1-7, 15-24 and 30-32 , is/are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Zhang et al. EP 4135256, hereinafter, ‘Zhang’ . Consider Claims 1, and as applied to Independent Claims 15, 18 (e.g., the Apparatus /UE Hardware architecture illustrated in figures 19 and 20) and 30(e.g., the Apparatus /UE Hardware architecture illustrated in figures 19 and 20) , Zhang teaches a method for accessing a wireless network ( i.e., key configuration method, a security policy determining method -0001 ), comprising: transmitting, to a security service of the wireless network, a first service access request for accessing a service of the wireless network, wherein the service is separate from the security service( e.g., see at least 0169 and figure 8 “ FIG. 8 specifically includes the following steps. 1. An SM sends a key request message to a KMS. The key request message includes a UE ID and a security policy, and optionally, may further include a network ID and/or a service parameter. Specific content of the UE ID, the security requirement, the network ID, and the service parameter is the same as that described above. Details are not described herein again. For a manner of obtaining the security policy, refer to FIG. 2 to FIG. 7. If the security policy is determined by a policy control network element, the policy control network element sends the security policy to the SM…” ); receiving, from the security service in response to the first service access request, service security information for accessing the service; deriving a service key based on the service security information ( e.g., see 0169 in addition to the context of 0172-173 see communication of security policy ); transmitting, to the service, a second service access request, the second service access request encoded based on the derived service key( e.g., see at least 0169 ); and establishing a first security context with the service based on the derived service key ( see security context as noted in 0171-179 ). ( Note: the UE ID which is transmitted in the request can include a temporary identifier as noted in at least 0117 which meets the claimed temporary identifier ) Consider Claims 2 and 19 , Zhang teaches wherein the first service access request comprises an initial service access request, and further comprising: performing an authentication and key agreement procedure to generate a session root key ( e.g., see Key generation procedure as described in 0166 – key configuration and generation ); and establishing a second security context with the security service based on the session root key ( i.e., see shared Key in at least 0185 ). Consider Claims 3 and 20, Zhang teaches wherein the service key is derived based on the session root key and a parameter(e.g., see at least paragraphs [0169]-[0170], [0173], [0185]-[0187]- shared key K -"session root key"-serves as basis for the generation of the protection key based on the security policy comprised in the request for protection key, sent from the SM entity to the KMS entity) . Consider Claims 4 and 21 , Zhang teaches wherein the parameter comprises a service identifier ( e.g., see at least 0169,-the key request sent from the SM entity to the KMS entity comprises, along with the UE ID and the security policy of figure 8, also, optionally, "a service parameter" -0117 may be "used by the network to identity a service or an application of the user, and a related service feature, including at least one of a service ID … "service identifier" ). Consider Claims 5 and 22 , Zhang teaches wherein the service security information includes a service access token, and wherein the second service access request includes the service access token ( e.g ., this is met based on the understanding that the encoding of security requirements or "security policy" in a form of a "service access token" would correspond to encoding data representative to a security policy, based on which the protection keys for integrity protection and/or encryption is disclosed to be generated by the KMS entity. At least paragraph [0147] teaches that the security requirements based on which the security policy is generated, follows a two-way authentication process ). Consider Claims 6, 17, 23 and 32 , Zhang teaches wherein the service access token includes information indicating that the service access token is created by the security service and authorization information for accessing the service( e.g ., as also noted above - this is met based on the understanding that the encoding of security requirements or "security policy" in a form of a "service access token" would correspond to encoding data representative to a security policy, based on which the protection keys for integrity protection and/or encryption is disclosed to be generated by the KMS entity. At least paragraph [0147] teaches that the security requirements based on which the security policy is generated, follows a two-way authentication process ). Consider Claims 7 and 24 , Zhang teaches wherein the service comprises a roaming wireless network ( e.g., see at least 0068 and 0254 in the roaming scenario where the network is deployed and that the security requirements may be those of a visited or a home network ). Consider Claims 16 and 31, Zhang teaches wherein the service access request includes a service access token for the service; and further comprising: verifying the service access token was created by the security service; and providing services to the wireless device based on the service access token ( e.g., see adding protection to the session -0180 – verification is met based on meeting the appropriate security requirements -which is based on policy requirements ) . Conclusion 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US Patent Pub. No.: 20210168594 A1 teaches receiving, by a user plane gateway, a service request message from user equipment UE, where the service request message is used to request to establish a connection between the UE and a service server in a data network. The user plane gateway and the UE separately generate an encryption key and an integrity protection key based on the service request message, and activate encryption protection and/or integrity protection based on the generated encryption key and integrity protection key. PNG media_image1.png 436 548 media_image1.png Greyscale US 20220337408 A1 teaches the UE 310 may generate an initial application key and send a request for communication to the AF associated with the service application. The AF may obtain the initial application key from the AAnF. The AAnF in the meanwhile may generate a new random number (NewRAND) or a new anchor key identifier and send the NewRAND or the new anchor key identifier to the UE 310 via the AF. The UE may then generate a new application key based on the NewRAND or the new anchor key identifier, and use the new application key to request and establish an actual communication session with the service application. The NewRAND and new anchor key identifier used for generating the new application key may be referred to as a key seed for the generation of the new application key. PNG media_image2.png 606 770 media_image2.png Greyscale THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES TERRELL SHEDRICK whose telephone number is (571)272-8621. The examiner can normally be reached 8A-5P. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew D Anderson can be reached at 571 272 4177. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHARLES T SHEDRICK/Primary Examiner, Art Unit 2646 Application/Control Number: 18/447,093 Page 2 Art Unit: 2646 Application/Control Number: 18/447,093 Page 3 Art Unit: 2646 Application/Control Number: 18/447,093 Page 5 Art Unit: 2646 Application/Control Number: 18/447,093 Page 6 Art Unit: 2646 Application/Control Number: 18/447,093 Page 7 Art Unit: 2646
Read full office action

Prosecution Timeline

Aug 09, 2023
Application Filed
Nov 05, 2025
Non-Final Rejection mailed — §102
Feb 05, 2026
Response Filed
Jun 01, 2026
Final Rejection mailed — §102 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684579
MULTIPLE BANDWIDTH OPERATION
8y 11m to grant Granted Jul 14, 2026
Patent 12684549
USER EQUIPMENTS, BASE STATIONS AND METHODS FOR MULTI-CELLULAR OPERATION
3y 6m to grant Granted Jul 14, 2026
Patent 12684515
METHOD AND APPARATUS FOR DEPLOYING PRIVATE NETWORKS
3y 6m to grant Granted Jul 14, 2026
Patent 12684518
METHOD, DEVICE, AND SYSTEM FOR CORE NETWORK DEVICE RE-ALLOCATION IN WIRELESS NETWORK
2y 11m to grant Granted Jul 14, 2026
Patent 12672086
Periodic Registration Update Procedure for Non-Allowed Service Areas
3y 1m to grant Granted Jun 30, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
87%
With Interview (+9.4%)
2y 8m (~0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 1007 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month