Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
Claims 33-52 are presented for examination.
Claims 1-32 are cancelled.
Election/Restrictions
Claims 49-51 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected Group III (claims 49-51), there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 12/17/25.
Applicant’s remarks dated 12/17/25 to examine Group I and Group II together is persuasive. Accordingly, Group I and Group II have been rejoined, the restriction requirement of Group II claims 42-48 as set forth in the Office action mailed on 8/4/25 is hereby withdrawn. In view of the withdrawal of the restriction requirement as to the rejoined inventions, applicant(s) are advised that if any claim presented in a divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to provisional statutory and/or nonstatutory double patenting rejections over the claims of the instant application. Once the restriction requirement is withdrawn, the provisions of 35 U.S.C. 121 are no longer applicable. See In re Ziegler, 443 F.2d 1211, 1215, 170 USPQ 129, 131-32 (CCPA 1971). See also MPEP § 804.01.
Claims 49-51 are withdrawn.
Claims 33-48, 52 are subject to examination.
Priority
The claim for domestic priority (63/152,190) as claimed in this application under 35 U.S.C. 119(e) is acknowledged.
The claimed priority of PCT (PCT/EP2022/054331 02/22/2022) in this application under 35 U.S.C. 371, is acknowledged.
Response to Amendment
The preliminary amendment, paper dated 8/21/23 (claims) is acknowledged.
Drawings
The figures submitted on the filing date of this application (8/21/23) are acknowledged.
Information Disclosure Statement
The information disclosure statement filed on 8/21/23 is in compliance with the provisions of 37 CFR 1.97, and has been considered and a copy is enclosed with this Office Action.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 33-41, 44-46, 52 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 33, 43, 44, 52 recites the limitation "re-routed". There is insufficient antecedent basis for this limitation in the claim. The claimed steps, receiving, protecting and transmitting do not contain “routing” the request and the protected security context. Hence, it is not clear what “re-routed” refers to in the claim.
Claims 34-41 depends upon claim 33, Claims 45, 46 depends upon claim 44, and hence subject to the same rejections.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 33, 38, 40, 42, 52 is/are rejected under 35 U.S.C. 103 as being unpatentable over RAMLE et al., 20190261157 in view of Ben-Henda 10542428 and Wu et al., 20200229049.
Referring to claim(s) 33, Ramle substantially discloses, a method performed by a core network node in a wireless communication network, the method comprising: receiving a registration request that requests registration of a wireless device with the wireless communication network (
[0049] As mentioned above, UE 102 needs to register with the network to receive services that require registration. Referring now to FIG. 1, FIG. 1 illustrates an exemplary 5G communication system 100. The 5G (wireless) communication system 100 illustrates a point to point reference point representation. As shown in FIG. 1, a UE 102 communicates with an access network (AN) 108 (e.g., a radio AN ((R)AN)), which communicates with an AMF 104, which communicates with other core network functions, such as UDM 120.
[0093] a core network node (e.g., AMF 104) (a.k.a., “control node”) receives from the UE a registration message, wherein the registration message comprises a requested network slice identity (NSI) and a slice index value paired with the requested NSI (r-NSI). For example, the registration message may be message m202 or m302 described above in connection with FIGS. 2-3.
[0003] A user equipment (UE) (i.e., a device capable of wireless communication with a radio access network node, such as, for example, a smartphone, a laptop, a tablet, a smart sensor, an appliance, etc.) needs to register with a network in order to receive services which require registration. A registration procedure is utilized in the following situations: (1) when the UE initially registers to a 5G system; (2) when the UE initiates a registration procedure due to mobility, e.g. when the UE changes to a new Tracking Area (TA) in idle mode; (3) when the UE performs a periodic update due to expiration of a predefined time period of inactivity, etc.)
information shared between the wireless device and the core network node, transmitting, to a radio network node in the wireless communication network, signaling that includes the registration request, wherein the signaling indicates the registration request, a target core network node in the wireless communication network
[0100] FIG. 8 is a diagram showing functional modules of a control node according to some embodiments. As shown in FIG. 8, the control node includes: a first receiving module (802) operable to receive from the UE a registration message, wherein the registration message comprises a requested network slice identity (NSI) (e.g., an S-NSSAI) and a slice index value paired with the requested NSI (r-NSI). The control node further includes a transmitting module (804) configured to employ a transmitter to transmit a slice selection data request towards a unified data management (UDM) in response to the control node receiving the registration message. The control node further includes a second receiving module (806) operable to receive a slice selection data response message from the UDM
RAMLE does not specifically mention about, which Ben-Henda discloses, the security context; and the registration request and security context are to be re-routed (
(12) transferring a security context during a handover of a user equipment. The method comprises sending a first handover message to a source mobility management function in a core network of the wireless communication network to initiate a handover of a user equipment; receiving, responsive to the first handover message, a second handover message from the source mobility management function, the second handover message including a transparent container; forwarding the transparent container to the user equipment; receiving a key change indication indicating that a non-access stratum key has been changed; and forwarding the key change indication to the user equipment.
receiving, from a source mobility management function in a core network, a new non-access stratum key; establishing a new security context based on the new non-access stratum key; receive an information block from the target base station, said information block including a key change indication indicating that a non-access stratum key has been changed; and sending, to the source mobility management function, a transparent container including the key change indication received from the target base station, col., 3, lines 3- 12
(20) receiving a handover message from a source base station in first mobility management domain of the wireless communication network, said handover message including a transparent container and a key change indication indicating that a non-access stratum key has been changed; performing a handover from the source base station to a target base station in a second mobility management domain of the wireless communication network; and establishing, responsive to the key change indication, a new security context with a target mobility management function, said new security context including a new non-access stratum key, col., 4, lines 5-14
(22) receiving a handover message from a source base station in first mobility management domain of the wireless communication network, said handover message including a transparent container and a key change indication indicating that a core network key has been changed; performing a handover from the source base station to a target base station in a second mobility management domain of the wireless communication network; and establishing, responsive to the key change indication, a new security context with a target mobility management function, said new security context including a new core network key) col., 4, lines 25-32.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing security context. For the handover procedure, transferring a security context would enable defining the privilege and access control settings under which a process, user, or container operates. This would enable enforcing of authentication, authorization, and isolation rules to protect resources from unauthorized access or modification, col., 3, lines 3- 12.
RAMLE and Ben-Henda does not specifically mention about, which Wu discloses, protecting comprises encrypting (para 137).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing encryption. Encryption would enable transforming data to ensure that only authorized parties can access the information. Encryption would enable maintaining data confidentiality, integrity, and security, para 137.
Referring to claim(s) 38, Ben-Henda discloses wherein the signaling further includes one or more parameters, wherein at least one of the one or more parameters is associated with the registration request, is associated with a procedure for the radio network node to route the registration request to the target core network node, or is associated with cryptographic material usable by the target core network node to decrypt and/or verify an integrity of the protected security context,
(9) The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the source AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms. (cie only) col., 3, lines 55-60,
(42) FIG. 7 illustrates an exemplary handover procedure where the target base station 25 generates a handover command, denoted HO-CMD, including the key change indication and/or key derivation parameter. Steps 1-3 are the same as described in FIG. 2. At step 4, the source AMF 40 sends a forward relocation request message (or 5G equivalent) including the new KCN key along with any relevant security parameters, such as the UE capabilities, to the target AMF 40. In this embodiment, the source AMF 40 also includes a freshness parameter or other key derivation parameter used to derive the new KCN key in the forward relocation request. The target AMF 40 uses this KCN key to set up a new security context and derive a new AS key, col 9, lines 15-23
(43) At step 5, the target AMF 40 sends a handover request (or 5G equivalent) to the target base station 25. The handover request includes a key change indication, along with the freshness parameter received from the source AMF 40 and all relevant security parameters, such as the new AS key and the UE capabilities. As noted above, the key change indication may comprise an explicit key change indicator flag set to a value indicating that the KCN key has been changed. The key derivation parameter may also serve as an implicit key change indication. This establishes the UE 70 security context at the target base station 25, col., 9, lines 15-23.
packaging the security context and the one or more parameters into a container, wherein protecting the security context comprises protecting the container, and wherein the signaling includes the protected container (
(10) In response to the handover request, the target base station generates a handover command and sends the handover command to the target AMF. The handover command includes the key change indication and/or key derivation parameter. The target AMF generates and sends a transparent container to the source base station including the handover command. The transparent container is forwarded by the source AMF and source base station all the way down to the UE. Col., 3, lines 60-65.
Referring to claim(s) 40, RAMLE discloses wherein the core network node implements an access and mobility function (AMF), and wherein the target core network node implements a target AMF (
[0065] In step s220, a Target AMF 204b transmits a Registration Response/Accept message m212 towards the UE. The registration response message may include a list of Allowed S-NSSAIs in the VPLMN (i.e. aS-NSSAIs) and corresponding slice indexes. This will enable the UE to populate a list of S-NSSAI and slice index, which may be stored in the UE and used for this particular VPLMN at a later registration attempt in the VPLMN. For example, the UE may not be able to identify all aS-NSSAIs because they are local to the VPLMN, but the UE may be able to use the associated slice index value to enable the UE to correlate with the request and store the information for later use.
[0066] In step s222, the UE transmits a registration complete message m214 towards the target AMF to acknowledge if a new 5G-GUTI was assigned.
[0077] In step s302, the UE transmits a registration message m302 towards the (R)AN. As with registration message m202 discussed above, registration message m302 may include a requested S-NSSAI and an associated slice index. Continuing with the example, since the UE had previously been registered in the VPLMN and received registration response message m212 with a list of allowed vS-NSSAI and associated slice indexes (see FIG. 2), the UE may thereby include in registration message m303 requested S-NSSAI slices that are supported by the VPLMN and the associated slice indexes. Specifically, since the UE wants to use applications corresponding to hS-NSSAI B and C with slice index 2 and 3 respectively, the UE includes in message m302 as Requested S-NSSAI and corresponding slice index (ii, 2) and (iii, 3) based on values in its S-NSSAI table for this specific VPLMN. At the RRC-level the UE provides ii and iii. Since these slices are supported by the VPLMN, the RAN routes the UE request to an AMF supporting these slices, in this case the initial AMF (which may not necessarily be in the same AMF in FIG. 2).
9. The method of claim 1, wherein the control node comprises a core access and mobility management function (AMF) of a home network and the accept message is received from an AMF in the visited network.
Referring to claim(s) 42, Ramle a method performed by a core network node in a wireless communication network, the method comprising: receiving, from a radio network node in the wireless communication network, signaling that includes a registration request and information, wherein the registration request requests registration of a wireless device with the wireless communication network (
[0049] As mentioned above, UE 102 needs to register with the network to receive services that require registration. Referring now to FIG. 1, FIG. 1 illustrates an exemplary 5G communication system 100. The 5G (wireless) communication system 100 illustrates a point to point reference point representation. As shown in FIG. 1, a UE 102 communicates with an access network (AN) 108 (e.g., a radio AN ((R)AN)), which communicates with an AMF 104, which communicates with other core network functions, such as UDM 120.
[0093] a core network node (e.g., AMF 104) (a.k.a., “control node”) receives from the UE a registration message, wherein the registration message comprises a requested network slice identity (NSI) and a slice index value paired with the requested NSI (r-NSI). For example, the registration message may be message m202 or m302 described above in connection with FIGS. 2-3.
[0003] A user equipment (UE) (i.e., a device capable of wireless communication with a radio access network node, such as, for example, a smartphone, a laptop, a tablet, a smart sensor, an appliance, etc.) needs to register with a network in order to receive services which require registration. A registration procedure is utilized in the following situations: (1) when the UE initially registers to a 5G system; (2) when the UE initiates a registration procedure due to mobility, e.g. when the UE changes to a new Tracking Area (TA) in idle mode; (3) when the UE performs a periodic update due to expiration of a predefined time period of inactivity, etc.)
wherein the information is shared between the wireless device and another core network node; performing one or more security actions on the information, wherein the one or more security actions include processing the protected security context in order to obtain the security context; and handling the registration request using the information (
[0100] FIG. 8 is a diagram showing functional modules of a control node according to some embodiments. As shown in FIG. 8, the control node includes: a first receiving module (802) operable to receive from the UE a registration message, wherein the registration message comprises a requested network slice identity (NSI) (e.g., an S-NSSAI) and a slice index value paired with the requested NSI (r-NSI). The control node further includes a transmitting module (804) configured to employ a transmitter to transmit a slice selection data request towards a unified data management (UDM) in response to the control node receiving the registration message. The control node further includes a second receiving module (806) operable to receive a slice selection data response message from the UDM
RAMLE does not specifically mention about, which Ben-Henda discloses, the security context; and the registration request (
(12) transferring a security context during a handover of a user equipment. The method comprises sending a first handover message to a source mobility management function in a core network of the wireless communication network to initiate a handover of a user equipment; receiving, responsive to the first handover message, a second handover message from the source mobility management function, the second handover message including a transparent container; forwarding the transparent container to the user equipment; receiving a key change indication indicating that a non-access stratum key has been changed; and forwarding the key change indication to the user equipment.
receiving, from a source mobility management function in a core network, a new non-access stratum key; establishing a new security context based on the new non-access stratum key; receive an information block from the target base station, said information block including a key change indication indicating that a non-access stratum key has been changed; and sending, to the source mobility management function, a transparent container including the key change indication received from the target base station, col., 3, lines 3- 12
(20) receiving a handover message from a source base station in first mobility management domain of the wireless communication network, said handover message including a transparent container and a key change indication indicating that a non-access stratum key has been changed; performing a handover from the source base station to a target base station in a second mobility management domain of the wireless communication network; and establishing, responsive to the key change indication, a new security context with a target mobility management function, said new security context including a new non-access stratum key, col., 4, lines 5-14
(22) receiving a handover message from a source base station in first mobility management domain of the wireless communication network, said handover message including a transparent container and a key change indication indicating that a core network key has been changed; performing a handover from the source base station to a target base station in a second mobility management domain of the wireless communication network; and establishing, responsive to the key change indication, a new security context with a target mobility management function, said new security context including a new core network key) col., 4, lines 25-32.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing security context. For the handover procedure, transferring a security context would enable defining the privilege and access control settings under which a process, user, or container operates. This would enable enforcing of authentication, authorization, and isolation rules to protect resources from unauthorized access or modification, col., 4, lines 5-14.
RAMLE and Ben-Henda does not specifically mention about, which Wu discloses, protecting comprises encrypting and decrypting (para 137).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing encryption. Encryption would enable transforming data to ensure that only authorized parties can access the information. Encryption would enable maintaining data confidentiality, integrity, and security, para 137.
Referring to claim 52, the core network node claim is similarly analyzed and rejected for the same rationale as the method claim 33.
Claim(s) 34, 43, is/are rejected under 35 U.S.C. 103 as being unpatentable over RAMLE in view of Ben-Henda, Wu and Baskaran et al., 20230262453.
Referring to claim(s) 34, RAMLE, Ben-Henda and Wu do not specifically mention about, which Baskaran discloses, wherein protecting the security context comprises protecting the security context with cryptographic material that: is specific to the target core network node or to a target core network node set to which the target core network node belongs; and/or is shared between the core network node and the target core network node or is shared between the core network node and a target core network node set to which the target core network node belongs.
[0005] One method of a Common Network Function (“NF”) in a mobile communication network includes deriving a Reroute Security Context, the Reroute Security Context containing at least an integrity key for Reroute Non-Access Stratum (“NAS”) integrity protection and an encryption key for Reroute NAS ciphering protection and deriving a first authentication parameter for authenticating a Target AMF. The method includes receiving a Key Request message from a Security Anchor Function (“SEAF”) co-located with the Target AMF following an AMF reallocation during a UE Registration procedure, where the Key Request message includes at least one of: a UE identifier, Target AMF information, a second authentication parameter and a Reroute Key indication. The method includes verifying the Key Request message by determining whether the second authentication parameter matches the first authentication parameter derived for authenticating the Target AMF. The method includes deriving a new security context for the Target AMF/SEAF in response to successfully verifying the Key Request message, where the new security context is derived from a primary UE security context. The method includes sending a Key Response message to the Target AMF/SEAF, where the Key Response message includes at least one of: the new security context, a Subscription Permanent Identifier (“SUPI”) associated with the UE identifier, an Anti-Bidding down Between Architectures (“ABBA”) parameter having a special value and a New NAS Security Context Indicator (“N-NSCI”).
[0007] One method of a target AMF having a co-located SEAF includes receiving a Reroute NAS message for a UE, the Reroute NAS message including at least one of: a User Subscription Identifier of a UE, a KSI and an authentication parameter, where an N14 interface with an initial AMF is not supported. The method includes determining to fetch a Reroute NAS Security Context based on the authentication parameter and sending a Key Request message to a common NF, where the Key Request message includes at least one of: the authentication parameter, AMF information, a Reroute Key Indicator, and the KSI. The method includes receiving a Key Response message from the common NF to the Target AMF, where the Key Response message includes at least one of: a SUPI related to the received User Subscription Identifier, a N-NSCI, an ABBA parameter having a special value, a new security context, and a Reroute NAS Security Context containing at least an integrity key for Reroute NAS integrity verification and an encryption key for Reroute NAS de-ciphering, where the new security context is derived from a primary UE security context.
[0166] Required: Knasint,’ Knasenc,’ NAS_Sec_ID (the hash code to authenticate the Target AMF), ngKSI (i.e., a key set identifier)
[0266] The processor 705 derives the authentication parameter using at least one of: the integrity key, the encryption key, the User Subscription Identifier, the Target AMF Information, and the first Key, storing the derived Reroute Security context, the User Subscription Identifier(s), and/or the authentication parameter in local memory
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing cryptographic material that is specific to the node. Encryption would enable transforming data to ensure that only authorized parties can access the information. The material for encryption specific would enable maintaining data confidentiality, integrity, and security, para 7.
Referring to claim(s) 43, Ben-Henda discloses, the registration request and security context are re-routed as cited in claims 42. RAMLE, Ben-Henda and Wu do not specifically mention about, which Baskaran discloses, performing one or more security actions on the protected security context with cryptographic material that: is specific to the core network node or to a core network node set to which the core network node belongs; and/or is shared between the core network node and another core network node from which the registration request was routed or is shared between a core network node set to which the core network node belongs and another core network node from which the registration request was routed.
[0005] One method of a Common Network Function (“NF”) in a mobile communication network includes deriving a Reroute Security Context, the Reroute Security Context containing at least an integrity key for Reroute Non-Access Stratum (“NAS”) integrity protection and an encryption key for Reroute NAS ciphering protection and deriving a first authentication parameter for authenticating a Target AMF. The method includes receiving a Key Request message from a Security Anchor Function (“SEAF”) co-located with the Target AMF following an AMF reallocation during a UE Registration procedure, where the Key Request message includes at least one of: a UE identifier, Target AMF information, a second authentication parameter and a Reroute Key indication. The method includes verifying the Key Request message by determining whether the second authentication parameter matches the first authentication parameter derived for authenticating the Target AMF. The method includes deriving a new security context for the Target AMF/SEAF in response to successfully verifying the Key Request message, where the new security context is derived from a primary UE security context. The method includes sending a Key Response message to the Target AMF/SEAF, where the Key Response message includes at least one of: the new security context, a Subscription Permanent Identifier (“SUPI”) associated with the UE identifier, an Anti-Bidding down Between Architectures (“ABBA”) parameter having a special value and a New NAS Security Context Indicator (“N-NSCI”).
[0007] One method of a target AMF having a co-located SEAF includes receiving a Reroute NAS message for a UE, the Reroute NAS message including at least one of: a User Subscription Identifier of a UE, a KSI and an authentication parameter, where an N14 interface with an initial AMF is not supported. The method includes determining to fetch a Reroute NAS Security Context based on the authentication parameter and sending a Key Request message to a common NF, where the Key Request message includes at least one of: the authentication parameter, AMF information, a Reroute Key Indicator, and the KSI. The method includes receiving a Key Response message from the common NF to the Target AMF, where the Key Response message includes at least one of: a SUPI related to the received User Subscription Identifier, a N-NSCI, an ABBA parameter having a special value, a new security context, and a Reroute NAS Security Context containing at least an integrity key for Reroute NAS integrity verification and an encryption key for Reroute NAS de-ciphering, where the new security context is derived from a primary UE security context.
[0166] Required: Knasint,’ Knasenc,’ NAS_Sec_ID (the hash code to authenticate the Target AMF), ngKSI (i.e., a key set identifier)
[0266] The processor 705 derives the authentication parameter using at least one of: the integrity key, the encryption key, the User Subscription Identifier, the Target AMF Information, and the first Key, storing the derived Reroute Security context, the User Subscription Identifier(s), and/or the authentication parameter in local memory
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing cryptographic material that is specific to the node. Encryption would enable transforming data to ensure that only authorized parties can access the information. The material for encryption specific would enable maintaining data confidentiality, integrity, and security, para 7.
Claim(s) 35, 37, 41, 44, 46, is/are rejected under 35 U.S.C. 103 as being unpatentable over RAMLE in view of Ben-Henda, Wu, Baskaran and Vikberg et al., 20140051445.
Referring to claim(s) 35, Baskaran discloses obtaining, from a network node cryptographic material with which to protect the security context, as cited in claim 34. RAMLE, Ben-Henda, Baskaran and Wu do not specifically mention about, which Vikberg discloses, common network node that is accessible to both the core network node and the target core network node
[0110] FIG. 4 depicts a wireless communications system 100 in which some embodiments herein may be implemented. In these embodiments the target network node and source network node are different network nodes after the handover. FIG. 4 differs from FIG. 1 in that the wireless communications system 100 further comprises a target network node 170 and in that the network node here referred to as 440, is a source network node. After handover, the identified cache session continues from the network node 440, via the target network node 170, and via the target base station 120 to the base station as indicated by the dashed arrows 190. The target network node 170 may be a RAN network node being common for the different RATs within the wireless communications system 100, such as for the first RAT and the second RAT within the wireless communications system 100. The target network node 170 comprises a memory and logics to perform caching. This means that copies of content in e.g. the Internet such as a media stream, are stored in the network node. The content is in this way moved closer to the mobile users.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing common network node. The common network node would enable storing of information that is shared among other nodes. Having the common network node closer to the users would enable faster access to information provided by the common network node to the users, para 110.
Referring to claim(s) 44, Baskaran discloses obtaining, from a network node from which the registration request was re-routed, cryptographic material with which to perform the one or more security actions on the protected security context, as cited in claim 42. RAMLE, Ben-Henda, Baskaran and Wu do not specifically mention about, which Vikberg discloses, common network node that is accessible to both the core network node and the target core network node
[0110] FIG. 4 depicts a wireless communications system 100 in which some embodiments herein may be implemented. In these embodiments the target network node and source network node are different network nodes after the handover. FIG. 4 differs from FIG. 1 in that the wireless communications system 100 further comprises a target network node 170 and in that the network node here referred to as 440, is a source network node. After handover, the identified cache session continues from the network node 440, via the target network node 170, and via the target base station 120 to the base station as indicated by the dashed arrows 190. The target network node 170 may be a RAN network node being common for the different RATs within the wireless communications system 100, such as for the first RAT and the second RAT within the wireless communications system 100. The target network node 170 comprises a memory and logics to perform caching. This means that copies of content in e.g. the Internet such as a media stream, are stored in the network node. The content is in this way moved closer to the mobile users.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing common network node. The common network node would enable storing of information that is shared among other nodes. Having the common network node closer to the users would enable faster access to information provided by the common network node to the users, para 110.
Referring to claim(s) 37, Vikberg discloses common network node, para 110. RAMLE discloses, implements a network slice selection function (NSSF) and serves multiple network slices of the wireless communication network (
[0077] In step s302, the UE transmits a registration message m302 towards the (R)AN. As with registration message m202 discussed above, registration message m302 may include a requested S-NSSAI and an associated slice index. Continuing with the example, since the UE had previously been registered in the VPLMN and received registration response message m212 with a list of allowed vS-NSSAI and associated slice indexes (see FIG. 2), the UE may thereby include in registration message m303 requested S-NSSAI slices that are supported by the VPLMN and the associated slice indexes. Specifically, since the UE wants to use applications corresponding to hS-NSSAI B and C with slice index 2 and 3 respectively, the UE includes in message m302 as Requested S-NSSAI and corresponding slice index (ii, 2) and (iii, 3) based on values in its S-NSSAI table for this specific VPLMN. At the RRC-level the UE provides ii and iii. Since these slices are supported by the VPLMN, the RAN routes the UE request to an AMF supporting these slices, in this case the initial AMF (which may not necessarily be in the same AMF in FIG. 2).
Referring to claim(s) 41, Vikberg discloses wherein the core network node lacks a direct interface with the target core network node, para 110.
Referring to claim(s) 46, Vikberg discloses common network node, para 110. RAMLE discloses, implements a network slice selection function (NSSF) and serves multiple network slices of the wireless communication network (
[0077] In step s302, the UE transmits a registration message m302 towards the (R)AN. As with registration message m202 discussed above, registration message m302 may include a requested S-NSSAI and an associated slice index. Continuing with the example, since the UE had previously been registered in the VPLMN and received registration response message m212 with a list of allowed vS-NSSAI and associated slice indexes (see FIG. 2), the UE may thereby include in registration message m303 requested S-NSSAI slices that are supported by the VPLMN and the associated slice indexes. Specifically, since the UE wants to use applications corresponding to hS-NSSAI B and C with slice index 2 and 3 respectively, the UE includes in message m302 as Requested S-NSSAI and corresponding slice index (ii, 2) and (iii, 3) based on values in its S-NSSAI table for this specific VPLMN. At the RRC-level the UE provides ii and iii. Since these slices are supported by the VPLMN, the RAN routes the UE request to an AMF supporting these slices, in this case the initial AMF (which may not necessarily be in the same AMF in FIG. 2).
Claim(s) 36, 45, is/are rejected under 35 U.S.C. 103 as being unpatentable over RAMLE in view of Ben-Henda, Wu, Baskaran, Vikberg and ZHANG et al., 20160105915.
Referring to claim(s) 36, RAMLE, Ben-Henda, Baskaran, Vikberg and Wu do not specifically mention about, which Zhang discloses, transmitting, to the common network node, a request for the cryptographic material and for a cryptographic material reference associated with the cryptographic material, wherein the request includes at least: an identifier or address of the target core network node, or an identifier or address of a target core network node set to which the target core network node belongs; an identifier or address of the core network node, or an identifier or address of a core network node set to which the core network node belongs; and the registration request (para 68); and receiving the cryptographic material and the cryptographic material reference in response to the request (para 96); wherein the signaling transmitted to the radio network node further includes the cryptographic material reference, wherein the cryptographic material reference comprises an identifier of the cryptographic material or comprises a token specific to the cryptographic material (para 61).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing additional information in the request. The information in the request would enable verifying whether the request is authentic, para 68.
Referring to claim(s) 45, RAMLE, Ben-Henda, Baskaran, Vikberg and Wu do not specifically mention about, which Zhang discloses, wherein said obtaining comprises: transmitting, to the common network node, a request for the cryptographic material, wherein the request includes at least: a cryptographic material reference associated with the cryptographic material (para 68); an identifier or address of the core network node, or an identifier or address of a core network node set to which the core network node belongs (para 68); an identifier or address of the another core network node, or an identifier or address of another core network node set to which the another core network node belongs; and the registration request; and receiving the cryptographic material in response to the request; wherein the received signaling further includes the cryptographic material reference, wherein the cryptographic material reference comprises an identifier of the cryptographic material or comprises a token specific to the cryptographic material (para 61).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing additional information in the request. The information in the request would enable verifying whether the request is authentic, para 68.
Claim(s) 39, 47, 48, is/are rejected under 35 U.S.C. 103 as being unpatentable over RAMLE et al., 20190261157 in view of Ben-Henda 10542428 and Wu et al., 20200229049 and Zhang.
Referring to claim(s) 39, RAMLE in view of Ben-Henda, Wu do not disclose, which Zhang discloses wherein the one or more parameters include at least one of any one or more of: an uplink or downlink non-access stratum count value; a horizontal key derivation indicator that indicates whether or not the core network node has performed horizontal key derivation to derive a cryptographic key included in the security context; a timestamp usable to verify a validity of cryptographic material usable by the target core network node to decrypt and/or verify an integrity of the protected security context; and an address of the target core network node (para 68).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing parameter information. The parameter information would enable verifying whether the request is authentic, para 68.
Referring to claim(s) 47, RAMLE in view of Ben-Henda, Wu do not disclose, which Zhang discloses wherein the one or more parameters include at least one of any one or more of: an uplink or downlink non-access stratum count value; a horizontal key derivation indicator that indicates whether or not the core network node has performed horizontal key derivation to derive a cryptographic key included in the security context; a timestamp usable to verify a validity of cryptographic material usable by the target core network node to decrypt and/or verify an integrity of the protected security context; and an address of the target core network node (para 68).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing parameter information. The parameter information would enable verifying whether the request is authentic, para 68.
Referring to claim(s) 48, RAMLE in view of Ben-Henda, Wu do not disclose, which Zhang discloses wherein the one or more parameters include at least one of any one or more of: an uplink or downlink non-access stratum count value; a horizontal key derivation indicator that indicates whether or not the core network node has performed horizontal key derivation to derive a cryptographic key included in the security context; a timestamp usable to verify a validity of cryptographic material usable by the target core network node to decrypt and/or verify an integrity of the protected security context; and an address of the target core network node (para 68).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by Ramle to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing parameter information. The parameter information would enable verifying whether the request is authentic, para 68.
Conclusion
Pertinent prior arts:
Li et al., 11399330, abstract.
For encrypted security content,
Miklós et al., 9788294 A NAS message is the control messages that are exchanged between the UE and the core network which are not radio-related messages. However, the NAS messages are encrypted
Hanlon et al., 20120246240, para 31.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973. The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2496
Prosecution Insights