MANAGING MULTICAST DATA COMMUNICATION

DETAILED ACTION 1. This action is responsive to communication filed on 10 November 2025, with acknowledgement of an original application filed on 17 April 2024. 2. Claims 1-6, 12, 15, 18-20, 22-26, 28, and 32-34 are currently pending. Claims 1 and 18 are in independent forms. Claims 12, 15, and 26 has been amended. Claims 7-11, 13-14, 16-17, 21, 27, 29-31, and 35-36 has been canceled. Response to Arguments 3. Applicant's arguments filed on 10 November 2025 have been fully considered but they are not persuasive. I) In response to applicant's arguments on page 8, Applicant argued that Byun, [0011] not teach, disclose, or suggest the transmission of a "data packet" as required by independent claim 1, as Byun, [0011] teaches the transmission of the service identity of the MB service. Further, Byun, [0011] is silent as to the DU determining whether said service identity of an MB service and/or any data packets related thereto, for that matter, are to be transmitted to the plurality of UEs "by using multicast or unicast," as required by independent claim 1. The examiner respectfully disagrees with the argument. The applicant argued that Byun not teach, discloses, or suggest prior to transmitting the data packet to a plurality of UEs, determining, by the RAN, whether the data packet is to be transmitted to the plurality of UEs by using multicast or unicast. Contrary to the applicant assertion, as stated in the office action the Byun reference discloses A DU of a RAN node may transmit, to multiple User Equipments (UEs) in Connection Management (CM)-IDLE state, the service identity of the MB service. Furthermore, the Byun reference discloses If a NG RAN node receives multiple MB Session Resource Setup Request messages for the same TMGI (for example, from several AMFs the NG-RAN is connected to), NG-RAN may store each sender AMF ID in the MB Session CTx, but only performs step S911 once (instead continues at step S912). In step S911, the NG-RAN may join the multicast group (for example, LL MC address) and establish PTM or PTP DL resources for the MB Session. If there are UEs in CM-Connected with RRC INACTIVE state with the TMGI in their UE Contexts, NG-RAN may perform the Network triggered transition from RRC INACTIVE to RRC_CONNECTED procedure for those UEs.In step S912, the NG-RAN may report successful establishment of the MB Session resources by sending MB Session Resource Setup Response message(s) to the AMF. In step S913, the AMF may send MB Session Start Acknowledgement (ACK) to the MB-SMF (see Byun pars. 0185-0189). II) In response to applicant's arguments on page 9, Applicant argued that Lee does not teach or suggest Applicant respectfully submits that the Office Action has not established a prima facie case of obviousness for independent claim 18 at least because the Office Action has not demonstrated that all claim limitations recited by independent claim 18 are taught, disclosed, or suggested in the prior art, either alone or in combination. In particular, the Office Action at 10-11 admitted that Byun fails to teach, disclose, or suggest the elements when the data packet associated with the MBS session is received from the RAN via multicast, selecting, from a plurality of security check schemes and by the UE, a first security check scheme to apply to the data packet; when the data packet associated with the MBS session is received from the RAN via unicast, selecting, by the UE and from the plurality of security check schemes, a second security check scheme to apply to the data packet recited by independent claim 18. The examiner respectfully disagrees with the argument. The applicant argued that Lee does not teach or suggest when the data packet associated with the MBS session is received from the RAN via multicast, selecting, from a plurality of security check schemes and by the UE, a first security check scheme to apply to the data packet; when the data packet associated with the MBS session is received from the RAN via unicast, selecting, by the UE and from the plurality of security check schemes, a second security check scheme to apply to the data packet; and processing the data packet according to the selected security check scheme. Contrary to the applicant assertion, as stated in the office action the Lee reference discloses protections (see Lee par. 0143, the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function) (first security protection). Furthermore, the Lee reference discloses the radio access network node may protect the packets for the multicast or broadcast service using the cell-specific multicast-broadcast key for the cell to which the UE is connected or on which the UE is camped. The radio access network node may protect the packets for the multicast or broadcast service at a packet data convergence protocol (PDCP) layer. the method may further include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee Par. 0039-0040), when the data packet associated with the MBS session is received from the RAN via unicast, selecting, by the UE and from the plurality of security check schemes, a second security check scheme to apply to the data packet; and processing the data packet according to the selected security check scheme. Contrary to the applicant assertion, as stated in the office action the Lee reference discloses protections the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet) (second security protection). Furthermore, the Lee reference discloses the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet). The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels. Claim Rejections - 35 USC § 103 4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claims 1-2, 6, 12, 15, 18, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Byun et al. US Patent Application Publication No. 2022/0015063 (hereinafter Byun) in further view of Lee et al. US Patent Application Publication No. 2021/0067958 (hereinafter Lee). Regarding claim 1, Byun discloses a method in a radio access network (RAN) (Fig. 1, base stations 200) for managing security protection for multicast and/or broadcast services (MBS) (see Byun par. 0302, Multicast and/or Broadcast Services (MBS)), the method comprising: “receiving, by the RAN and from a core network (CN), a data packet associated with an MBS session” (see Byun par. 0011, a method performed by a Distributed Unit (DU) of a Radio Access Network (RAN) node in a wireless communication system is provided. A DU of a RAN node may receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service. A MB session may be set for the MB service.); “prior to transmitting the data packet to a plurality of UEs, determining, by the RAN, whether the data packet is to be transmitted to the plurality of UEs by using multicast or unicast” (see Byun par. 0011, A DU of a RAN node may transmit, to multiple User Equipments (UEs) in Connection Management (CM)-IDLE state, the service identity of the MB service. The multiple UEs may have joined to the MB session. A DU of a RAN node may receive, from at least one UE among the multiple UEs, an RRC message to request the MB service. A DU of a RAN node may forward the RRC message to the CU of the RAN node); Byun does not explicitly discloses when the data packet associated with the MBS session is to be transmitted to the plurality of UEs by using multicast, transmitting, by the RAN, the data packet to the plurality of UEs using a first security protection of a plurality of security protections; and when the data packet associated with the MBS session is to be transmitted by using unicast, transmitting, by the RAN, the data packet to a UE of the plurality of UEs using a second security protection of the plurality of security protections. However, in analogues art, Lee discloses when the data packet associated with the MBS session is to be transmitted to the plurality of UEs by using multicast, transmitting, by the RAN, the data packet to the plurality of UEs using a first security protection of a plurality of security protections (see Lee par. 0143, the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function) (first security protection). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet). The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels); and when the data packet associated with the MBS session is to be transmitted by using unicast, transmitting, by the RAN, the data packet to a UE of the plurality of UEs using a second security protection of the plurality of security protections (see Lee par. 0143, the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet) (second security protection) . The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 2, Byun in view of Lee discloses the method of claim 1, Byun further discloses the receiving of the data packet from the CN includes receiving the data packet from the CN via a downlink (DL) data tunnel (see Lee par. 0095, the communication links 120 between the base stations 102 and the UEs 104 may include uplink (UL) (also referred to as reverse link) transmissions from a UE 104 to a base station 102 and/or downlink (DL) (also referred to as forward link) transmissions from a base station 102 to a UE 104); and the determining of whether the data packet is to be transmitted to the plurality of UEs by using multicast or unicast is based on an identity of the DL data tunnel (see Lee par. 0105, the 5G NR frame structure is assumed to be TDD, with subframe 4 being configured with slot format 28 (with mostly DL), where D is DL, U is UL, and X is flexible for use between DL/UL, and subframe 3 being configured with slot format 34 (with mostly UL). While subframes 3, 4 are shown with slot formats 34, 28, respectively, any particular subframe may be configured with any of the various available slot formats 0-61. Slot formats 0, 1 are all DL, UL, respectively). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 6, Byun in view of Lee discloses the method of claim 1, Lee further discloses at least one of: determining that the data packet is to be transmitted by using multicast to the plurality of UEs (see Lee Abstract, A user equipment (UE) may receive a quality of service (QoS) flow for a multicast or broadcast service that is secured with a multicast-broadcast key. The UE may transmit a data session establishment request to a service management function (SMF) for the multicast or broadcast service. The UE may receive at least one multicast-broadcast key for the PDU session); determining that the data packet is to be transmitted to the plurality of UEs via an MBS radio bearer (MRB); (see Lee par. 0006, The method may include determining a radio bearer (RB) configuration for the multicast or broadcast service. The method may include receiving one or more quality of service (QoS) flow packets for the multicast or broadcast service over the RB) or determining that the data packet is associated with the MBS session. Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 12, Byun in view of Lee discloses the method of claim 2, Lee further discloses determining that the data packet is to be transmitted to only one UE of the plurality of UEs using unicast (see Lee par. 0084, a Session Management Function (SMF) may configure and control one or more quality of service (QoS) flows for the multicast or broadcast service at other nodes including a user plane function (UPF), radio access network (RAN) nodes, and user equipment (UEs). An Access and Mobility Management Function (AMF) may control mobility and non-access stratum (NAS) signaling and transport. The RAN nodes may map the QoS flow to a radio bearer and select broadcast or unicast delivery per UE); or determining that the data packet is to be transmitted to the only one UE of the plurality of UEs via a data radio bearer (DRB). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 15, Byun in view of Lee discloses the method of claim 1, Byun further discloses the transmitting of the data packet to the plurality of UEs or to the UE includes transmitting, by a first node of the RAN, the data packet to the plurality of UEs or to the UE via a second node of the RAN (see Byun par. 0233-0234, The processor may be configured to receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service, wherein a MB session is set for the MB service. The processor may be configured to control the transceiver to transmit, to multiple User Equipments (UEs) in Connection Management (CM)-IDLE state, the service identity of the MB service. The multiple UEs may have joined to the MB session. The processor may be configured to control the transceiver to receive, from at least one UE among the multiple UEs, an RRC message to request the MB service. The processor may be configured to forward the RRC message to the CU of the RAN node); the first node is one of a first central unit (CU) in a first distributed base station included in the RAN, or a first base station (see Byun pars. 0233, 0192, The processor may be configured to receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service, wherein a MB session is set for the MB service. A RAN node (for example, a gNB) may be composed of a Central Unit (CU) and a Distributed Unit (DU). For Multicast and/or Broadcast Services, one or more necessary coordination functions (for example, functions hosted by MCE) may be reside in a Central Unit (CU) of a RAN node; and the second node is one of a distributed unit (DU) in the distributed base station, a second CU in a second distributed base station, or a second base station (see Byun pars. 0243, 0269-0271, The processor may be configured to control the DU to receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service, wherein a MB session is set for the MB service. The processor may be configured to control the DU to transmit, to multiple User Equipments (UEs) in Connection Management (CM)-IDLE state, the service identity of the MB service. a Radio Access Network (RAN) node (for example, a base station such as an eNB or a gNB) (base stations) could efficiently perform paging for Multicast and/or Broadcast Services, a DU of a RAN node could efficiently perform the paging for UEs in RRC_IDLE that have joined the MB session, based on the service identity (for example, Temporary Mobile Group Identity (TMGI)).a CU of a RAN node could efficiently support the paging for UEs joined the MB session, by providing the service identity to the DU of the RAN node). Regarding claim 18, Byun discloses a method in a user equipment (UE) (Fig. 1, wireless devices 100a-100f) for managing security checking for multicast and/or broadcast services (MBS) (see Byun par. 0302, Multicast and/or Broadcast Services (MBS)), the method comprising: “receiving, by the UE from a radio access network (RAN), a data packet associated with an MBS session” (see Byun par. 0011, a method performed by a Distributed Unit (DU) of a Radio Access Network (RAN) node in a wireless communication system is provided. A DU of a RAN node may receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service. A MB session may be set for the MB service.); Byun does not explicitly discloses when the data packet associated with the MBS session is received from the RAN via multicast, selecting, from a plurality of security check schemes and by the UE, a first security check scheme to apply to the data packet; when the data packet associated with the MBS session is received from the RAN via unicast, selecting, by the UE and from the plurality of security check schemes, a second security check scheme to apply to the data packet; and processing the data packet according to the selected security check scheme. However, in analogues art, Lee discloses when the data packet associated with the MBS session is to be transmitted to the plurality of UEs by using multicast, transmitting, by the RAN, the data packet to the plurality of UEs using a first security protection of a plurality of security protections (see Lee par. 0143, the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function) (first security protection). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet). The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels); when the data packet associated with the MBS session is received from the RAN via unicast, selecting, by the UE and from the plurality of security check schemes, a second security check scheme to apply to the data packet (see Lee par. 0143, 0172, the RAN node 402 may protect packets of the QoS flow using the cell-specific key. In an aspect, the RAN node 402 may protect the packets at the PDCP layer using the cell-specific key. For example, the RAN node 402 may encrypt the packets using the cell-specific key with a known cryptographic algorithm (e.g., the PDCP security function). As another example, the RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet) (second security protection) . The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels. At block 1130, the method 1100 may optionally include receiving a security policy indicating a selected security algorithm for the decoding. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the capability component 145 to receive a security policy indicating a selected security algorithm for the decoding); and processing the data packet according to the selected security check scheme (see Lee par. 0021, the at least one processor is configured to: transmit a UE capability message indicating one or more security algorithms; and receive a security policy, via NAS signaling, indicating one or more selected security algorithms for the decoding). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 22, Byun in view of Lee discloses the method of claim 18, Byun further discloses receiving, by the UE, a configuration from the RAN, the configuration for establishing a logical channel with the RAN (see Byun par. 0067, the wireless communication/connections 150a, 150b and 150c may transmit/receive signals through various physical channels. To this end, at least a part of various configuration information configuring processes, various signal processing processes (e.g., channel encoding/decoding, modulation/demodulation, and resource mapping/de-mapping), and resource allocating processes, for transmitting/receiving radio signals, may be performed based on the various proposals of the present disclosure); and determining whether the data packet is received from the RAN via multicast or unicast based on the configuration (see Byun par. 0233, The processor may be configured to receive, from a central unit (CU) of the RAN node, a service identity for a Multicast and/or Broadcast (MB) service, wherein a MB session is set for the MB service. The processor may be configured to control the transceiver to transmit, to multiple User Equipments (UEs) in Connection Management (CM)-IDLE state, the service identity of the MB service. The multiple UEs may have joined to the MB session. The processor may be configured to control the transceiver to receive, from at least one UE among the multiple UEs, an RRC message to request the MB service. The processor may be configured to forward the RRC message to the CU of the RAN node). 8. Claims 3-5, 19-20, 23-26, and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Byun et al. US Patent Application Publication No. 2022/0015063 (hereinafter Byun) in further view of Lee et al. US Patent Application Publication No. 2021/0067958 (hereinafter Lee) in further view of Kunz et al. US Patent Application Publication No. 2020/0037165 (hereinafter Kunz). Regarding claim 3, Byun in view of Lee discloses the method of claim 2, Byun in view of Lee does not explicitly discloses the identity indicates that the DL tunnel is common to the plurality of UEs or that the DL tunnel is specific to only one UE of the plurality of UEs; and the first security protection is a null security protection. However, in analogues art, Kunz discloses the identity indicates that the DL tunnel is common to the plurality of UEs or that the DL tunnel is specific to only one UE of the plurality of UEs; and the first security protection is a null security protection (see Kunz pars. 0083-0087, At step 12, the RAN node 210 sends a RRC Connection Reconfiguration Request to the UE for UP security activation containing indications for the activation of UP integrity protection and ciphering for each DRB according to the security policy (see messaging 334). For asymmetric integrity protection mode, the UE 205 also derives the keys for user plane integrity protection but depending on the direction is using NULL scheme (without MAC-I) for the direction without protection or the UP integrity protection key for the direction with protection. The PDU Session is now set up and integrity protection (or other data security protection) is to be applied to user plane traffic between UE 205 and RAN node 210. At step 17, the UE 205 and RAN node 210 selectively apply integrity protection to user plane traffic of the established PDU session, e.g., according to the UP data security policy (see block 346). For example, asymmetric integrity protection may be applied to all packets in either DL or UL direction). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include sending the data protection policy to the RAN node, wherein the RAN node and UE are to apply integrity protection to user plane traffic according to the data protection policy, wherein a portion of the user plane traffic is to be communicated without the security protection (see Kunz par. 0012). Regarding claim 4, Byun in view of Lee discloses the method of claim 2, Byun in view of Lee does not explicitly discloses the identity indicates that the DL tunnel is common to the plurality of UEs or that the DL tunnel is specific to only one UE of the plurality of UEs; and the first security protection is a non-null security protection. However, in analogues art, Kunz discloses the identity indicates that the DL tunnel is common to the plurality of UEs or that the DL tunnel is specific to only one UE of the plurality of UEs; and the first security protection is a non-null security protection (see Kunz pars 0048-0049, an indication as to which PDCP PDUs carry a MAC-I may be included in the PDCP header. For example, a one-bit Boolean indicator may be included in the header. Here, a value of “true” indicates that the MAC-I is included while the value of “faults” indicates that the MAC-I is not included. Accordingly, the receiver will parse the PDCP PDU based on this indication. All the PDCP PDUs without MAC-I may have the MAC-I padded with zeros. the header part containing the MAC-I and the indicator (e.g., one-bit Boolean flag) may be ciphered/encrypted, but with other header parts (e.g., PDCP SN) being transmitted without being ciphered/encrypted). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include applying security protection to a subset user plane traffic with the UE according to the data protection policy, wherein a portion of the user plane traffic is communicated without the security protection (see Kunz par. 0011). Regarding claim 5, Byun in view of Lee in further view of Kunz discloses the method of claim 4, Lee further discloses wherein the non-null security protection is a common security protection (see Lee par. 0044, The processor may be configured to generate, a key for a multicast or broadcast service carried by a RB, wherein the key is for any UE subscribed to the multicast or broadcast service, wherein packets for the multicast or broadcast service carried by the RB are protected by the key, or a key derived from the key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 19, Byun in view of Lee discloses the method of claim 18, Byun in view of Lee does not explicitly discloses wherein the selecting of the first security check scheme includes: selecting a null security scheme so that the UE refrains from applying any security keys to thereby implement a null-security check; or selecting a non-null security scheme so that the UE applies a security key to the received data packet. However, in analogues art, Kunz discloses selecting a null security scheme so that the UE refrains from applying any security keys to thereby implement a null-security check; or selecting a non-null security scheme so that the UE applies a security key to the received data packet (see Kunz pars 0048-0049, 0140 an indication as to which PDCP PDUs carry a MAC-I may be included in the PDCP header. For example, a one-bit Boolean indicator may be included in the header. Here, a value of “true” indicates that the MAC-I is included while the value of “faults” indicates that the MAC-I is not included. Accordingly, the receiver will parse the PDCP PDU based on this indication. All the PDCP PDUs without MAC-I may have the MAC-I padded with zeros. the header part containing the MAC-I and the indicator (e.g., one-bit Boolean flag) may be ciphered/encrypted, but with other header parts (e.g., PDCP SN) being transmitted without being ciphered/encrypted, a first method for selective security protection of user plane traffic, according to embodiments of the disclosure. The first method may be implemented by a UE, such as a remote unit 105, the UE 205 and/or the user equipment apparatus 400. The first method includes sending a UE security capability to a mobile communication network and receiving an indication of data protection policy. The first method includes applying a security protection to a subset of user plane traffic with the mobile communication network according to the data protection policy, wherein a portion of the user plane traffic is communicated without the security protection ). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include applying security protection to a subset user plane traffic with the UE according to the data protection policy, wherein a portion of the user plane traffic is communicated without the security protection (see Kunz par. 0011). Regarding claim 20, Byun in view of Lee in further view Kunz discloses the method of claim 19, Lee further discloses the security key includes a common security key associated with a multicast and/or broadcast service (MBS) or a UE-specific security key allocated to the UE, or the security key is associated with a decryption procedure or an integrity check procedure (see Lee par. 0018, the processor may be configured to decode the one or more QoS flow packets using the at least one multicast-broadcast key, or a key derived from the at least one multicast-broadcast key, wherein decoding includes decrypting, verifying an integrity, or a combination thereof). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Regarding claim 23, Byun in view of Lee discloses the method of claim 22, Byun further discloses the configuration includes a group radio network temporary identifier (G-RNTI),an identity that indicates that the logical channel is a multicast traffic channel (MTCH), or an identity that indicates that the logical channel is a dedicated traffic channel (DTCH) or a dedicated control channel (DCCH) (see Byun par. 0116, dedicated control channel (DCCH) is a point-to-point bi-directional logical channel that transmits dedicated control information between a UE and the network and used by UEs having an RRC connection. Dedicated traffic channel (DTCH) is a point-to-point logical channel, dedicated to one UE, for the transfer of user information. A DTCH can exist in both uplink and downlink); but Byun in view of Lee does not explicitly discloses the first security check scheme includes a null security protection. However, in analogues art, Kunz discloses the first security check scheme includes a null security protection (see Kunz pars. 0084, At step 12, the RAN node 210 sends a RRC Connection Reconfiguration Request to the UE for UP security activation containing indications for the activation of UP integrity protection and ciphering for each DRB according to the security policy (see messaging 334). For asymmetric integrity protection mode, the UE 205 also derives the keys for user plane integrity protection but depending on the direction is using NULL scheme (without MAC-I) for the direction without protection or the UP integrity protection key for the direction with protection). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include sending the data protection policy to the RAN node, wherein the RAN node and UE are to apply integrity protection to user plane traffic according to the data protection policy, wherein a portion of the user plane traffic is to be communicated without the security protection (see Kunz par. 0012). Regarding claim 24, Byun in view of Lee discloses the method of claim 22, Byun further discloses the configuration includes a G-RNTI, an identity that indicates that the logical channel is an MTCH, or an identity that indicates that the logical channel is a DTCH or a DCCH (see Byun par. 0116, dedicated control channel (DCCH) is a point-to-point bi-directional logical channel that transmits dedicated control information between a UE and the network and used by UEs having an RRC connection. Dedicated traffic channel (DTCH) is a point-to-point logical channel, dedicated to one UE, for the transfer of user information. A DTCH can exist in both uplink and downlink); but Byun in view of Lee does not explicitly discloses the first security check scheme includes a non-null security protection. However, in analogues art, Kunz discloses the first security check scheme includes a non-null security protection (see Kunz pars. 0084, At step 12, the RAN node 210 sends a RRC Connection Reconfiguration Request to the UE for UP security activation containing indications for the activation of UP integrity protection and ciphering for each DRB according to the security policy (see messaging 334). For asymmetric integrity protection mode, the UE 205 also derives the keys for user plane integrity protection but depending on the direction is using NULL scheme (without MAC-I) for the direction without protection or the UP integrity protection key for the direction with protection). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include applying security protection to a subset user plane traffic with the UE according to the data protection policy, wherein a portion of the user plane traffic is communicated without the security protection (see Kunz par. 0011). Regarding claim 25, Byun in view of Lee in further view of Kunz discloses the method of claim 24, Kunz further discloses wherein the non-null security protection is a common security protection (see Kunz par. 0010, a first method for selective security protection of user plane traffic includes sending a UE security capability to a mobile communication network and receiving an indication of data protection policy). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Kunz in to the system of Byun and Lee in order to include applying security protection to a subset user plane traffic with the UE according to the data protection policy, wherein a portion of the user plane traffic is communicated without the security protection (see Kunz par. 0011). Regarding claim 26, Byun in view of Lee discloses the method of claim 22, Byun further discloses wherein the configuration includes an identity that indicates that the logical channel is a dedicated traffic channel (DTCH) or a dedicated control channel (DCCH) (see Byun par. 0116, dedicated control channel (DCCH) is a point-to-point bi-directional logical channel that transmits dedicated control information between a UE and the network and used by UEs having an RRC connection. Dedicated traffic channel (DTCH) is a point-to-point logical channel, dedicated to one UE, for the transfer of user information. A DTCH can exist in both uplink and downlink), and the selecting of the first security check scheme based on the configuration includes selecting the first security check scheme based on the identity (see Byun par. 0120, the main services and functions of the RRC sublayer include: broadcast of system information related to AS and NAS; paging initiated by 5GC or NG-RAN; establishment, maintenance and release of an RRC connection between the UE and NG-RAN; security functions including key management; establishment, configuration, maintenance and release of signaling radio bearers (SRBs) and data radio bearers (DRBs); mobility functions (including: handover and context transfer, UE cell selection and reselection and control of cell selection and reselection, inter-RAT mobility); QoS management functions; UE measurement reporting and control of the reporting; detection of and recovery from radio link failure; NAS message transfer to/from NAS from/to UE). Regarding claim 28, Byun in view of Lee discloses the method of claim 22, Lee further discloses wherein the determining of whether the data packet is received from the RAN via multicast or unicast based on the configuration includes determining that the data packet is transmitted from the RAN using unicast (see Lee par. 0127, The RAN node 402 may integrity protect the packets using the cell-specific key (e.g., with a signed hash of the packet). The RAN node 402 may also perform both encryption and integrity protection. The RAN node 402 may forward the protected packets to the UEs 104 on multicast or unicast channels). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). 9. Claims 32-34 are rejected under 35 U.S.C. 103 as being unpatentable over Byun et al. US Patent Application Publication No. 2022/0015063 (hereinafter Byun) in further view of Lee et al. US Patent Application Publication No. 2021/0067958 (hereinafter Lee) in further view of Fujishiro et al. US Patent Application Publication No. 2018/0049060 (hereinafter Fujishiro). Regarding claim 32, Byun in view of Lee discloses the method of claim 22, Byun in view of Lee does not explicitly discloses the receiving of the data packet from the RAN includes receiving the data packet using a cell radio network temporary identifier (C-RNTI) associated with the UE; and the second security scheme includes a null security protection. However, in analogues art, Fujishiro discloses the receiving of the data packet from the RAN includes receiving the data packet using a cell radio network temporary identifier (C-RNTI) associated with the UE (see Fujishiro par. 0140, As illustrated in FIG. 11, in step S221, the eNB 200 notifies the UE 100 which belongs to the multicast group of a correspondence (mapping information) between the G-RNTI applied for first transmission and the RNTI applied for the retransmission. In the operation pattern 2, a C-RNTI (Cell-Radio Network Temporary Identifier) which differs per UE 100 is applied to retransmission. The mapping information may be transmitted via the GCCH. Also, the mapping information may be associated with the TMGI. The UE 100 receives and stores the mapping information); and the second security scheme includes a null security protection (see Fujishiro pars. 0157-0159, When retransmission is performed by using the C-RNTI, one of the following 1) to 3) is preferably performed on a NDI (New Data Indicator) in a DCI for DL Scheduling (downlink resource allocation) which uses the C-RNTI corresponding to the HARQ Process ID of the SC-PTM data. The UE which has received the DCI ignores the NDI. The NDI is interlocked with the NDI upon the first transmission (when the NDI in the DCI of the first transmission which uses the G-RNTI is 0, the NDI in the DCI of the retransmission which uses the C-RNTI is also 0, and when the NDI is 1, the NDI is 1). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fujishiro in to the system of Byun and Lee in order for the eNB transmits the resource allocation information (DCI) by the PDCCH scrambled/masked by the C-RNTI, and then transmits retransmission data on the PDSCH (DL-SCH) according to the resource allocation information. The UE which is a transmission source of Nack receives the resource allocation information, and then receives the retransmission data (see Fujishiro par. 0143). Regarding claim 33, Byun in view of Lee discloses the method of claim 22, Byun in view of Lee does not explicitly discloses the receiving of the data packet from the RAN includes receiving the data packet using a C-RNTI associated with the UE; and the second security scheme includes a non-null security protection. However, in analogues art, Fujishiro discloses the receiving of the data packet from the RAN includes receiving the data packet using a C-RNTI associated with the UE (see Fujishiro par. 0140, As illustrated in FIG. 11, in step S221, the eNB 200 notifies the UE 100 which belongs to the multicast group of a correspondence (mapping information) between the G-RNTI applied for first transmission and the RNTI applied for the retransmission. In the operation pattern 2, a C-RNTI (Cell-Radio Network Temporary Identifier) which differs per UE 100 is applied to retransmission. The mapping information may be transmitted via the GCCH. Also, the mapping information may be associated with the TMGI. The UE 100 receives and stores the mapping information); and the second security scheme includes a non-null security protection (see Fujishiro pars. 0157-0159, When retransmission is performed by using the C-RNTI, one of the following 1) to 3) is preferably performed on a NDI (New Data Indicator) in a DCI for DL Scheduling (downlink resource allocation) which uses the C-RNTI corresponding to the HARQ Process ID of the SC-PTM data. The UE which has received the DCI ignores the NDI. The NDI is interlocked with the NDI upon the first transmission (when the NDI in the DCI of the first transmission which uses the G-RNTI is 0, the NDI in the DCI of the retransmission which uses the C-RNTI is also 0, and when the NDI is 1, the NDI is 1). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fujishiro in to the system of Byun and Lee in order for the eNB transmits the resource allocation information (DCI) by the PDCCH scrambled/masked by the C-RNTI, and then transmits retransmission data on the PDSCH (DL-SCH) according to the resource allocation information. The UE which is a transmission source of Nack receives the resource allocation information, and then receives the retransmission data (see Fujishiro par. 0143). Regarding claim 34, Byun in view of Lee in further view of Fujishiro discloses the method of claim 33, Lee further discloses wherein the non-null security protection is a UE-specific security protection (see Lee par. 0044, The processor may be configured to generate, a key for a multicast or broadcast service carried by a RB, wherein the key is for any UE subscribed to the multicast or broadcast service, wherein packets for the multicast or broadcast service carried by the RB are protected by the key, or a key derived from the key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Byun in order to include determining a security policy for the UE that specifies encryption, integrity protection, or a combination thereof, wherein the determining is based on a service policy for the multicast or broadcast service; delivering the security policy to one or more a radio access network nodes; and delivering the security policy from the radio access network node to the UE via RRC signaling (see Lee par. 0040). Conclusion 10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAMUEL AMBAYE/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433