Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7,9-12 are rejected under 35 U.S.C. 103 as being unpatentable over
Liao et al. (US20190387401A1) in view of Ishii et al. (US20180213472A1)
Regarding Claim 1, Liao teaches, A method for providing an IoT device with a communication service for accessing an IP network using equipment included in communication infrastructure, the communication infrastructure being connected to communication infrastructure of an Fig 1
receiving a session generation request including a subscriber identifier for identifying a subscriber of the communication service;[38] In order to re-establish a PDN connection, the UE 110 (e.g., IoT UE) uses a service request procedure. For example, FIG. 2 is a signal flow diagram showing a service request procedure. Fig 2- Nas service request from UE (=iot device) to MME (=communication equipment as to device 200 in spec)
storing an ID in association with the subscriber identifier; [38]- the serving eNB 112 creates an S1 connection with the MME 114 so as to retrieve the UE's context, which stores GTP tunnel information and the security parameters.
transmitting, to a first instance and a second instance included in the equipment, a first provisioning call for generating a GTP-U session between the first instance and the second instance, the first provisioning call including the ID; [37]- In particular, several create session request/response messages are exchanged among the MME 114, the S-GW 117(=the first instance), and the P-GW 118(=second instance), to establish a GTP tunnel(=GTP-U) for each UE's user plane data transmission, during the initial attach request. [38]- As part of the illustrated process, the serving eNB 112 creates an S1 connection with the MME 114 (=first provisioning call including the ID ) so as to retrieve the UE's context(=including the ID), which stores GTP tunnel information and the security parameters.”Modify bearer message”(= transmitting, to a first instance and a second instance) between MME and 117 ( =first instance ) and 118(= second instance)
receiving, from the first instance or the second instance, a transmission source address that serves as a transmission source in the GTP-U session as a response to the first provisioning call; [73]- As shown in Figure 5 and Figure 6, the VPN-SGSN network element is carried out the conversion of VPN access-in management signaling and gn interface mobile management/session management protocol signaling. Terminal is given as the VPN address assignment in the travelling carriage address that the VPN-SGSN network element distributes the GTP agreement;
Ishii teaches, MNO [90]- In the example embodiment, allocation of an appliance(s) in the MNO-EPC 20 (see the EPC 20 in FIG. 1) and an appliance(s) in the vEPC 52 (for example, SGW is one in MNO-EPC 20, PGW is one in vEPC 52, etc.) is arbitrary.
transmitting, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential; and [114]- terminal 1 and the VPN apparatus of the first gateway 51 in the data center 50. A VPN setting unit 512 of the VPN apparatus 511 of the first gateway 51 controls VPN setting and stores setting information in the VPN information storage unit 513.
transmitting connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance.[118]- In FIG. 3B, a connection partner IP address is a private IP address (local IP address) of the VPN client (terminal 1) allocated by the first gateway 51. A connection network is a network to which the VPN communication is transmitted, and is a network address of the VPN tunnel side.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao, MNO; transmitting, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential; transmitting connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance as taught by Ishii to add second set of control signals for additional relay points for handover optionality.
Regarding Claim 2, Liao teaches, The method according to claim 1, wherein the first provisioning call to the second instance further includes the destination address of the first instance. Fig 5 step 528
Regarding Claim 3, Liao teaches, The method according to claim 2, wherein a response to the first provisioning call to the second instance includes the transmission source address. See Fig 5 steap 528
Regarding Claim 4, Liao teaches, The method according to claim 3, wherein the first provisioning call to the first instance is transmitted after the response to the first provisioning call to the second instance is received, and the first provisioning call to the first instance further includes the transmission source address. Fig 5 step 530
Regarding Claim 5, Liao teaches, The method according to claim 4, wherein the first provisioning call to the first instance further includes a destination address of the second instance.[73]- The attach accept message 536 may include a network slice ID, an IP address, and/or security parameters).
Regarding Claim 6,Liao does not teach, The method according to claim 1, wherein the connection information includes a port number of the first instance.
Ishii teaches, The method according to claim 1, wherein the connection information includes a port number of the first instance.[117]- VPN gateway identifier (gateway), authentication header (AH), authentication algorithm, a network identifier of an own apparatus's side and a network identifier of a target side);transport mode definition (source port list, destination port list).
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao, The method according to claim 1, wherein the connection information includes a port number of the first instance as taught by Ishii to add second set of control signals for additional relay points for handover optionality.
Regarding Claim 7, Liao teaches, The method according to claim 1, wherein the IoT device stores the first credential or a second credential corresponding to the first credential.[231]- The AUSF/UDM then sends an AMF group(s) security key(s) delivery message 1424 to one or more AMF(s) (e.g., including the AMF 1114 shown in FIG. 12) with the per-AMF generated group credentials.
Regarding Claim 9, Liao teaches, The method according to claim 1, wherein the session generation request is received from the IoT device.[49]- The SMF 324 is for determining routing policies for a service requested by the UE 320 (e.g., IoT device), and for configuring/reconfiguring routing policies on one or more impacted data gateways (DGWs).
Regarding Claim 10, Liao teaches, The method according to claim 1, wherein the first instance and the second instance are instances in a cloud or a public cloud.[402]- In other embodiments, the components described below may be included in more than one device (e.g., said circuitries may be separately included in more than one device for Cloud-RAN (C-RAN) implementations).
Regarding Claim 11, Liao teaches, A non-transitory computer-readable storage medium storing a program for causing an apparatus to execute a method for providing an IoT device with a communication service for accessing an IP network using equipment included in communication infrastructure, the communication infrastructure being connected to communication infrastructure of an
receiving a session generation request including a subscriber identifier for identifying a subscriber of the communication service; [38] In order to re-establish a PDN connection, the UE 110 (e.g., IoT UE) uses a service request procedure. For example, FIG. 2 is a signal flow diagram showing a service request procedure. Fig 2- Nas service request from UE (=iot device) to MME (=communication equipment as to device 200 in spec)
storing an ID in association with the subscriber identifier; [38]- the serving eNB 112 creates an S1 connection with the MME 114 so as to retrieve the UE's context, which stores GTP tunnel information and the security parameters.
transmitting, to a first instance and a second instance included in the equipment, a first provisioning call for generating a GTP-U session between the first instance and the second instance, the first provisioning call including the ID; [37]- In particular, several create session request/response messages are exchanged among the MME 114, the S-GW 117(=the first instance), and the P-GW 118(=second instance), to establish a GTP tunnel(=GTP-U) for each UE's user plane data transmission, during the initial attach request. [38]- As part of the illustrated process, the serving eNB 112 creates an S1 connection with the MME 114 (=first provisioning call including the ID ) so as to retrieve the UE's context(=including the ID), which stores GTP tunnel information and the security parameters.”Modify bearer message”(= transmitting, to a first instance and a second instance) between MME and 117 ( =first instance ) and 118(= second instance)
receiving, from the first instance or the second instance, a transmission source address that serves as a transmission source in the GTP-U session as a response to the first provisioning call; [73]- As shown in Figure 5 and Figure 6, the VPN-SGSN network element is carried out the conversion of VPN access-in management signaling and gn interface mobile management/session management protocol signaling. Terminal is given as the VPN address assignment in the travelling carriage address that the VPN-SGSN network element distributes the GTP agreement;
Ishii teaches, MNO [90]- In the example embodiment, allocation of an appliance(s) in the MNO-EPC 20 (see the EPC 20 in FIG. 1) and an appliance(s) in the vEPC 52 (for example, SGW is one in MNO-EPC 20, PGW is one in vEPC 52, etc.) is arbitrary.
transmitting, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential; and and [114]- terminal 1 and the VPN apparatus of the first gateway 51 in the data center 50. A VPN setting unit 512 of the VPN apparatus 511 of the first gateway 51 controls VPN setting and stores setting information in the VPN information storage unit 513.
transmitting connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance. [118]- In FIG. 3B, a connection partner IP address is a private IP address (local IP address) of the VPN client (terminal 1) allocated by the first gateway 51. A connection network is a network to which the VPN communication is transmitted, and is a network address of the VPN tunnel side.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao transmitting, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential; and transmitting connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance as taught by Ishii to add second set of control signals for additional relay points for handover optionality.
Regarding Claim 12, Liao teaches, An apparatus for providing an IoT device with a communication service for accessing an IP network using equipment included in communication infrastructure, the communication infrastructure being connected to communication infrastructure of an
receives a session generation request including a subscriber identifier for identifying a subscriber of the communication service, and stores an ID in association with the subscriber identifier, ;[38] In order to re-establish a PDN connection, the UE 110 (e.g., IoT UE) uses a service request procedure. For example, FIG. 2 is a signal flow diagram showing a service request procedure. Fig 2- Nas service request from UE (=iot device) to MME (=communication equipment as to device 200 in spec)
transmits, to a first instance and a second instance included in the equipment, a first provisioning call which is intended to generated a GTP-U session between the first instance and the second instance and which includes the ID, [37]- In particular, several create session request/response messages are exchanged among the MME 114, the S-GW 117(=the first instance), and the P-GW 118(=second instance), to establish a GTP tunnel(=GTP-U) for each UE's user plane data transmission, during the initial attach request. [38]- As part of the illustrated process, the serving eNB 112 creates an S1 connection with the MME 114 (=first provisioning call including the ID ) so as to retrieve the UE's context(=including the ID), which stores GTP tunnel information and the security parameters.”Modify bearer message”(= transmitting, to a first instance and a second instance) between MME and 117 ( =first instance ) and 118(= second instance)
and receives, from the first instance or the second instance, a transmission source address that serves as a transmission source in the GTP-U session as a response to the first provisioning call, [73]- As shown in Figure 5 and Figure 6, the VPN-SGSN network element is carried out the conversion of VPN access-in management signaling and gn interface mobile management/session management protocol signaling. Terminal is given as the VPN address assignment in the travelling carriage address that the VPN-SGSN network element distributes the GTP agreement;
Ishii teaches, MNO [90]- In the example embodiment, allocation of an appliance(s) in the MNO-EPC 20 (see the EPC 20 in FIG. 1) and an appliance(s) in the vEPC 52 (for example, SGW is one in MNO-EPC 20, PGW is one in vEPC 52, etc.) is arbitrary
transmits, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential, and [114]- terminal 1 and the VPN apparatus of the first gateway 51 in the data center 50. A VPN setting unit 512 of the VPN apparatus 511 of the first gateway 51 controls VPN setting and stores setting information in the VPN information storage unit 513.
transmits connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance. .[118]- In FIG. 3B, a connection partner IP address is a private IP address (local IP address) of the VPN client (terminal 1) allocated by the first gateway 51. A connection network is a network to which the VPN communication is transmitted, and is a network address of the VPN tunnel side.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao transmitting, to the first instance, a second provisioning call for generating a VPN session between the IoT device and the first instance, the second provisioning call including the transmission source address and a first credential; and transmitting connection information to the IoT device, the connection information including the transmission source address and a destination address of the first instance as taught by Ishii to add second set of control signals for additional relay points for handover optionality.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over
Liao et al. (US20190387401A1) in view of Ishii et al. (US20180213472A1) in further view of Mildh. Et al. (US20200170071A1)
Regarding Claim 8, Liao in view Ishii does not teach, The method according to claim 1, wherein the first credential is a public key, and the second credential is a secret key corresponding to the public key.
Mildh teaches, The method according to claim 1, wherein the first credential is a public key, and the second credential is a secret key corresponding to the public key.[86]- The UP data packet can also include security information used to verify that the packet is from the correct UE and that it has not been manipulated. The security information can be a secure checksum (e.g., Message Authentication Code) calculated using a security key available in the UE and in the 5GC/UPF.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao in view Ishii, The method according to claim 1, wherein the connection information includes a port number of the first instance as taught by Mildh to add second set of control signals for additional relay points for handover optionality.
Claims 13,14 ,15 are rejected under 35 U.S.C. 103 as being unpatentable over
Ishii et al. (US20180213472A1) ) in view of Liao et al. (US20190387401A1)
Regarding Claim 13, Ishii teaches, A method for providing a communication service for an IoT device accessing an IP network using communication infrastructure, the communication infrastructure including a first instance and a second instance between which a GTP-U session has been generated, and being connected to communication infrastructure of an MNO, the method comprising:
the first instance receiving, from the IoT device, a VPN packet that has encapsulated an IP packet that has been encrypted using the credential or a temporary credential; [108]- For example, since a router or the like installed in a wireless LAN connects to a plurality of terminals (VPN clients), it has a NAPT function that converts a private IP address and a global IP address of a terminal, [109]- n a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303).
the first instance obtaining the credential or the temporary credential corresponding to a transmission source address or a temporary key included in the VPN packet, and decrypting the encrypted IP packet; [109]- In a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303). In NAPT, an IP address field of an IP header and a port number of a TCP/UDP header are changed.
the second instance removing a GTP header from the GTP packet, and transmitting the IP packet used as the GTP payload to an IP network outside or inside the communication infrastructure.[110]- in FIG. 13D, the first IP header is an IP header used for forwarding, and source and destination port numbers of the added UDP header are 500 which is the same port number used in IKE.
Ishii does not teach, the first instance determining the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet; the first instance transmitting, to the second instance, a GTP packet in which the decrypted IP packet is used as a GTP payload;
Liao teaches, the first instance determining the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet;[72]- The IoT device sends IP packets or non-IP packets towards the RAN node, and the RAN node identifies the IP packets based on the source IP address or non-IP packets based on marked network slice ID or group identifier.
the first instance transmitting, to the second instance, a GTP packet in which the decrypted IP packet is used as a GTP payload; and [440]- The General Packet Radio Service (GPRS) Tunneling Protocol for the user plane (GTP-U) layer 2504 may be used for carrying user data within the GPRS core network and between the radio access network and the core network.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Ishii , the first instance determining the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet; the first instance transmitting, to the second instance, a GTP packet in which the decrypted IP packet is used as a GTP payload; as taught by Liao to add second set of control signals for additional relay points for handover optionality.
Regarding Claim 14, Ishii teaches, A non-transitory computer-readable storage medium storing a program for causing communication infrastructure to execute a method for providing a communication service for an IoT device accessing an IP network, the communication infrastructure including a first instance and a second instance between which a GTP-U session has been generated and being connected to communication infrastructure of an MNO, the method comprising:
the first instance receiving, from the IoT device, a VPN packet that has encapsulated an IP packet that has been encrypted using the credential or a temporary credential; [108]- For example, since a router or the like installed in a wireless LAN connects to a plurality of terminals (VPN clients), it has a NAPT function that converts a private IP address and a global IP address of a terminal, [109]- n a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303).
the first instance obtaining the credential or the temporary credential corresponding to a transmission source address or a temporary key included in the VPN packet, and decrypting the encrypted IP packet; ; [109]- In a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303). In NAPT, an IP address field of an IP header and a port number of a TCP/UDP header are changed.
the second instance being capable of transmitting an IP packet to an IP network outside or inside the communication infrastructure; and the 110]- in FIG. 13D, the first IP header is an IP header used for forwarding, and source and destination port numbers of the added UDP header are 500 which is the same port number used in IKE.
Ishii does not teach, the first instance determining the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet, [72]- The IoT device sends IP packets or non-IP packets towards the RAN node, and the RAN node identifies the IP packets based on the source IP address or non-IP packets based on marked network slice ID or group identifier.
first instance transmitting, to the second instance, a GTP packet in which the decrypted IP packet is used as a GTP payload. [440]- The General Packet Radio Service (GPRS) Tunneling Protocol for the user plane (GTP-U) layer 2504 may be used for carrying user data within the GPRS core network and between the radio access network and the core network.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Ishii , the first instance determining the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet first instance transmitting, to the second instance, a GTP packet in which the decrypted IP packet is used as a GTP payload as taught by Liao to add second set of control signals for additional relay points for handover optionality.
Regarding Claim 15, Ishii teaches, Communication infrastructure, the communication infrastructure being for providing a communication service for an IoT device accessing an IP network, and being connected to communication infrastructure of an MNO, the communication infrastructure comprising:
a first instance and a second instance between which a GTP-U session has been generated, wherein the first instance receives, from the IoT device, a VPN packet that has encapsulated an IP packet that has been encrypted using the credential or a temporary credential, [108]- For example, since a router or the like installed in a wireless LAN connects to a plurality of terminals (VPN clients), it has a NAPT function that converts a private IP address and a global IP address of a terminal, [109]- n a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303).
obtains the credential or the temporary credential corresponding to a transmission source address or a temporary key included in the VPN packet, and decrypts the encrypted IP packet, ; [109]- In a tunneling mode of IPSec, an IP header and a data portion (FIG. 13A) are collectively encrypted, and a new IP header (New IP Header in FIG. 13C) is added and transmitted (IETF RFC 4303). In NAPT, an IP address field of an IP header and a port number of a TCP/UDP header are changed.
the second instance removes a GTP header from the GTP packet, and transmits the IP packet used as the GTP payload to an IP network outside or inside the communication infrastructure. .[110]- in FIG. 13D, the first IP header is an IP header used for forwarding, and source and destination port numbers of the added UDP header are 500 which is the same port number used in IKE.
Ishii does not teach, the first instance determines the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet, and transmits a GTP packet in which the decrypted IP packet is used as a GTP payload to the second instance
Liao teaches, the first instance determines the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet, and ;[72]- The IoT device sends IP packets or non-IP packets towards the RAN node, and the RAN node identifies the IP packets based on the source IP address or non-IP packets based on marked network slice ID or group identifier.
transmits a GTP packet in which the decrypted IP packet is used as a GTP payload to the second instance, and [440]- The General Packet Radio Service (GPRS) Tunneling Protocol for the user plane (GTP-U) layer 2504 may be used for carrying user data within the GPRS core network and between the radio access network and the core network.
It would have been obvious to a person having an ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Liao the first instance determines the second instance with reference to correspondence between one or more transmission source addresses and transmission destinations in GTP sessions to which the respective transmission source addresses have been allocated, which is held in the first instance, based on a transmission source address included in a header of the decrypted IP packet, and transmits a GTP packet in which the decrypted IP packet is used as a GTP payload to the second instance as taught by Ishii to add second set of control signals for additional relay points for handover optionality.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anindita Sen whose telephone number is (571)-272-2390. The examiner can normally be reached 7:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Avellino can be reached on (571)-272-3905. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANINDITA SEN/Examiner, Art Unit 2478
/JOSEPH E AVELLINO/Supervisory Patent Examiner, Art Unit 2478