Prosecution Insights
Last updated: July 17, 2026
Application No. 18/779,046

PROTECTION OF APPLICATION METADATA IN TRANSPORT PROTOCOL

Non-Final OA §102§103
Filed
Jul 21, 2024
Priority
Jul 21, 2023 — GB 2311188.3
Examiner
LEWIS, IYONDA LATIFAH
Art Unit
Tech Center
Assignee
Nokia Corporation
OA Round
1 (Non-Final)
100%
Grant Probability
Favorable
1-2
OA Rounds
9m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 100% — above average
100%
Career Allowance Rate
1 granted / 1 resolved
+40.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
19 currently pending
Career history
18
Total Applications
across all art units

Statute-Specific Performance

§103
66.0%
+26.0% vs TC avg
§102
34.0%
-6.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 03/16/2024 was filed in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Specification The disclosure is objected to because of the following informalities: The use of the terms WiFi and Bluetooth, which is are a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term. Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks. Appropriate correction is required. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-2, 4-8, 10, 12-13, 15-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Talebi Fard (WO 2022192523 A1 and Talebi Fard hereinafter). Regarding Claim 1, Talebi Fard discloses a method of sending application metadata to on-path network elements provisioned for an application session (i.e. This disclosure may refer to, for example, a plurality of wireless devices of a given LTE or 5G release with a given capability and in a given sector of the base station. The plurality of wireless devices in this disclosure may refer to a selected plurality of wireless devices, and/or a subset of total wireless devices in a coverage area which perform according to disclosed methods, and/or the like.) Para [0039], the method comprising: establishing the application session between an application client running on user equipment, and an application service (i.e. an end user implementing the application may generate data associated with the application and initiate sending of that information to a targeted data network (e.g., the Internet, an application server, etc.).) Para [0111]; identifying the application metadata associated with the application session (i.e. an end user implementing the application may generate data associated with the application (i.e. application metadata) and initiate sending of that information to a targeted data network (e.g., the Internet, an application server, etc.).) Para [0111]; formatting a transport protocol packet with the application metadata (i.e. Starting at the application layer, each layer in the OSI model may manipulate and/or repackage (i.e. the recited formatting) the information and deliver it to a lower layer. At the lowest layer, the manipulated and/or repackaged information may be exchanged via physical infrastructure (for example, electrically, optically, and/or electromagnetically).) Para [0111]; deriving an encryption key based on keying material (i.e. upon successful authentication: the AUSF may send the anchor key (SEAF key) to AMF which may be used by AMF to derive NAS security keys and a security key for N3IWF (N3IWF key). The UE may derive the anchor key (SEAF key) and from that key it derives the NAS security keys and the security key for N3IWF (N3IWF key). The N3IWF key may used by the UE and N3IWF for establishing the IPsec Security Association.) Para [0213]; encrypting the application metadata in the transport protocol packet using the encryption key (i.e. the IPsec SA may be established between the UE and N3IWF by using the common N3IWF key that was created in the UE and received by the N3IWF. The established IPsec SA may be referred to as the signalling IPsec SA. After the establishment of the signalling IPsec SA, the N3IWF may notify the AMF that the UE context (including AN security) was created by sending a NGAP initial context setup response) Para [0216]; and sending the transport protocol packet over a user plane network path comprising one or more of the on-path network elements (i.e. all subsequent NAS messages exchanged between the UE and N3IWF (i.e. network element) may be sent via the signaling IPsec SA and may be carried over TCP/IP (i.e. transport protocol) or the like. The UE may send NAS messages within TCP/IP packets with source address the inner IP address of the UE and destination address the NAS_IP_ADDRESS. The N3IWF may send NAS messages within TCP/IP packets with source address the NAS_IP_ADDRESS and destination address the inner IP address of the UE. The TCP connection used for reliable NAS transport between the UE and N3IWF may be initiated by the UE after the signalling IPsec SA is established. The UE may send the TCP connection request to the NASJP_ADDRESS and to the TCP port number.) Para [0217]. Regarding Claim 12, Talebi Fard suggests all the limitations of claim 1 in system form rather than method form. Further Talebi Fard discloses a system (i.e. One or more of the systems 1311, 1314, 1315, 1321, 1324, 1325, and/or 1331 may perform signal coding/processing, data processing, power control, input/output processing, and/or any other functionality that may enable wireless device 1310, base station 1320, and/or deployment 1330 to operate in a mobile communications system.) Para [0191] . Therefore, the rejection of claim 1 applies equally as well to the limitations of claim 12. Regarding Claim 2 and Claim 13, Talebi Fard discloses all the limitations of claims 1 and 12, respectively, as discussed above. Further Talebi Fard discloses wherein the deriving comprises: deriving the encryption key from an authentication and key management for application key derived during primary authentication of the user equipment (i.e. the AMF may determine/decide to authenticate the UE by invoking an AUSF. The AMF may select an AUSF based on the SUPI or SUCI. In an example, the AUSF may execute the authentication of the UE. The AUSF may select a UDM and may get or receive the authentication data from the UDM. The authentication packets may be encapsulated within NAS authentication messages and the NAS authentication messages are encapsulated within EAP/5G-NAS packets. In an example, upon successful authentication: the AUSF may send the anchor key (SEAF key) (i.e. Authentication and Key Management for Applications (AKMA) key) to AMF which may be used by AMF to derive NAS security keys and a security key for N3IWF (N3IWF key). The UE may derive the anchor key (SEAF key) and from that key it derives the NAS security keys and the security key for N3IWF (N3IWF key). The N3IWF key may used by the UE and N3IWF for establishing the IPsec Security Association. The AUSF may include the SUPI that the AMF provided to AUSF a SUCI.) Para [0213]. Regarding Claim 4 and Claim 15, Talebi Fard discloses all the limitations of claims 1 and 12, respectively, as discussed above. Further Talebi Fard discloses determining, at a control plane network function of at least a 5G core network (i.e. The 5G-CN 155 (i.e. 5G core network) includes one or more network functions (NFs), including control plane functions 155A and user plane functions 155B. The one or more DNs 158 may comprise public DNs (e.g., the Internet), private DNs, and/or intra-operator DNs) Para [0053], whether the user equipment supports a metadata encryption scheme (i.e. If the N3IWF has received an indication that the UE supports MOBIKE) Para [0216]; identifying, at the control plane network function, when the user equipment supports the metadata encryption scheme, the on-path network elements provisioned on the user plane network path of the application session (i.e. then the N3IWF may include a notify payload in the IKE_AUTFI response message, indicating that MOBIKE may be supported.) Para [0216]; identifying, at the control plane network function, the keying material (i.e. After the establishment of the signalling IPsec SA, the N3IWF may notify the AMF that the UE context (including AN security) was created by sending a NGAP initial context setup response. The signalling IPsec SA may be configured to operate in tunnel mode and the N3IWF may assign to UE an inner IP address) Para [0216]; and sending the keying material to the one or more of the on-path network elements (i.e. all subsequent NAS messages exchanged between the UE and N3IWF may be sent via the signaling IPsec SA and may be carried over TCP/IP or the like. The UE may send NAS messages within TCP/IP packets with source address the inner IP address of the UE and destination address the NAS_IP_ADDRESS. The N3IWF may send NAS messages within TCP/IP packets with source address the NAS_IP_ADDRESS and destination address the inner IP address of the UE. The TCP connection used for reliable NAS transport between the UE and N3IWF may be initiated by the UE after the signalling IPsec SA is established.) Para [0217]. Regarding Claim 5 and Claim 16, Talebi Fard discloses all the limitations of claims 4 and 15, respectively, as discussed above. Further Talebi Fard discloses receiving, at the control plane network function, a support indicator from the user equipment during primary authentication indicating whether the user equipment supports the metadata encryption scheme (i.e. If the N3IWF has received an indication that the UE supports MOBIKE, then the N3IWF may include a notify payload in the IKE_AUTFI response message, indicating that MOBIKE may be supported.) Para [0216]. Regarding Claim 6 and Claim 17, Talebi Fard discloses all the limitations of claims 4 and 15, respectively, as discussed above. Further Talebi Fard discloses wherein the identifying the on-path network elements comprises: compiling a list of one or more user plane functions and/or one or more radio access network nodes on the user plane network path (i.e. an access switch configuration parameter may comprise at least one of a list of target networks (e.g., underlay networks, NG-RAN identifiers, cell identifiers, and/or the like) that support underlay network functionality to access an overlay network, an identifier (e.g., IP address, FQDN, and/or the like) of an N3IWF for the overlay network.) Para [0233]. Regarding Claim 7 and Claim 18, Talebi Fard discloses all the limitations of claims 4 and 15, respectively, as discussed above. Further Talebi Fard discloses wherein the sending the keying material comprises: pushing the keying material to a session management function (see Figure 3 below, elements 314 and 305), which in turn pushes the keying material to a user plane function on the user plane network path (i.e. The UPF 305 (or a plurality of UPFs if desired) may be selected by SMF 314 to handle a particular PDU session between UE 301 and DN 308. The SMF 314 may control the functions of UPF 305 with respect to the PDU session. The SMF 314 may connect to UPF 305 via an N4 interface. The UPF 305 may handle any number of PDU sessions associated with any number of UEs (via any number of ANs). For purposes of handling the one or more PDU sessions, UPF 305 may be controlled by any number of SMFs via any number of corresponding N4 interfaces.) Para [0068]. Regarding Claim 8 and Claim 19, Talebi Fard discloses all the limitations of claims 4 and 15, respectively, as discussed above. Further Talebi Fard discloses wherein the sending the keying material comprises: pushing the keying material to an access and mobility management function (see Figure 3 below, elements 312 and 302), which in turn pushes the keying material to a radio access network node on the user plane network path (i.e. the SMF may send PDU session information to an AMF. The PDU session information may be sent in an N1N2 message transfer for forwarding to an AN.) Para [0159]. PNG media_image1.png 683 969 media_image1.png Greyscale Regarding Claim 10, Talebi Fard discloses all the limitations of claim 9 as discussed above. Further Talebi Fard discloses wherein the performing the function comprises: applying a quality of service for the application session based on the decrypted application metadata (i.e. NAS messages may facilitate UE registration and mobility management, for example, by authenticating, identifying, configuring, and/or managing a connection of UE 301. NAS messages may support session management procedures for maintaining user plane connectivity and quality of service (QoS) of a session between UE 301 and DN 309.) Para [0070]. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 3, 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Talebi Fard as applied to claim 1 and 12 above, and further in view of Kolekar (WO 2023215720 A1 and Kolekar hereinafter). Regarding Claim 3 and Claim 14, Talebi Fard discloses all the limitations of claims 1 and 12, respectively, as discussed above. Talebi Fard doesn’t explicitly teach wherein the deriving comprises: deriving the encryption key from hybrid public-key encryption keying material received from at least a 5G core network. However in a similar field of endeavor Kolekar discloses wherein the deriving comprises: deriving the encryption key from hybrid public-key encryption keying material received from at least a 5G core network (i.e. After receiving the access token, the NFc (e.g., NWDAF-ANLF 1062a) generates a unique key pair (e.g., public and private key pair) and create a token-based certificate chain for this public key. If the NRF 1054 sends two tokens, one for the MTLF 1062b and the other for the ADRF 1066, then an ADRF-based token is used to be the certificate chain as described previously.) Page 8. Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Talebi Fard with the teachings suggested by Kolekar . The motivation would be for security of interactions between network functions in fifth generation core networks, see Kolekar at Abstract. Regarding Claim 11, Talebi Fard discloses all the limitations of claim 1 as discussed above, including several transport protocol data units (i.e. datagrams), see Figure 7C below and Para [0115-0119] for a description of each. PNG media_image2.png 677 457 media_image2.png Greyscale Talebi Fard doesn’t explicitly disclose wherein: the transport protocol packet comprises a user datagram protocol packet; and the encrypted application metadata comprises a user datagram protocol option of the user datagram protocol packet. However, in similar field of endeavor Kolekar teaches the transport protocol packet comprises a user datagram protocol packet (i.e. The term “transport layer” at least in some examples refers to a protocol layer that provides end-to-end (e2e) communication services such as, for example, connection-oriented communication, reliability, flow control, and multiplexing. Examples of transport layer protocols… Multipath UDP (MPUDP).. user datagram protocol (UDP), and/or the like.) Page 69; and the encrypted application metadata comprises a user datagram protocol option of the user datagram protocol packet (i.e. The e2e encryption prevents leakage of confidential and/or sensitive data) Page 7 and (i.e. The term “transport layer” at least in some examples refers to a protocol layer that provides end-to-end (e2e) communication services such as, for example, connection-oriented communication, reliability, flow control, and multiplexing. Examples of transport layer protocols… Multipath UDP (MPUDP).. user datagram protocol (UDP), and/or the like.) Page 69. Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Talebi Fard with the teachings suggested by Kolekar . The motivation would be for security of interactions between network functions in fifth generation core networks, see Kolekar at Abstract. Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Talebi Fard as applied to claim 1 and 12 above, and further in view of Ohashi (US 20230232222 A1 and Ohashi hereinafter). Regarding Claim 9 and Claim 20, Talebi Fard discloses all the limitations of claims 4 and 15, respectively, as discussed above. Further Claim 9 and Claim 20 teaches the imitations of claims 1 and 12 from the network element point of view: receiving, at one of the on-path network elements, the keying material sent by the control plane network function; receiving, at the one of the on-path network elements, the transport protocol packet sent on the user plane network path; deriving, at the one of the on-path network elements, a decryption key based on the keying material received from the control plane network function; decrypting, at the one of the on-path network elements, the encrypted application metadata in the transport protocol packet using the decryption key; and performing, at the one of the on-path network elements, a function associated with the application session based on the decrypted application metadata, i.e. decrypting the metadata sent via encryption from the UE. Talebi Fard discloses (i.e. As it approaches the targeted data network, the information will be unpackaged and provided to higher and higher layers, until it once again reaches the application layer in a form that is usable by the targeted data network (e.g., the same form in which it was provided by the end user). To respond to the end user, the data network may perform this procedure in reverse.) Para [0111] and (i.e. The PDCP 761 and PDCP 762 may perform ciphering (i.e. encryption) and/or deciphering (i.e. decryption). Ciphering may reduce unauthorized decoding of data transmitted over the physical layer) Para [0115]. Furthermore, decryption of encrypted information is known in the art as shown in Ohashi (US 20230232222 A1) (i.e. The decryption key is a key for decrypting metadata of encrypted personal information and the encrypted personal information registered in the storage service.) Para [0104]. Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Talebi Fard with the teachings suggested by Ohashi. The motivation would be for a program capable of realizing robust and flexible information management, see Ohashi at [0010]. Pertinent Prior Art The prior art made of record is considered pertinent to applicant's disclosure. Kim (WO 2019088801 A1) “METHOD FOR PROTECTING USER DATA IN WIRELESS COMMUNICATION SYSTEM AND APPARATUS THEREFOR” (May 9, 2019) discloses a method for protecting user data by a base station including one control plane (CP) entity and at least one user plane (UP) entity in a wireless communication system, comprises: a step in which, when the UP entity for user equipment (UE) is allocated, the CP entity generates a base station UP key for the UP entity on the basis of a base station key and a counter value for the UP entity; a step in which the CP entity transmits the base station UP key to the UP entity; a step in which the UP entity generates an integrity key for protecting date integrity of the UE and an encryption key for protecting data confidentiality of the UE, on the basis of the base station UP key; and a step in which the UP entity performs the protection of the integrity and confidentiality of data of the UE by using the integrity key and the encryption key, wherein, when a plurality of UP entities for the UE are allocated, the counter value for each UP entity ​​is generated differently from one another, such that the user data can be protected. Menon (US 20230131877 A1) “INLINE SECURITY KEY EXCHANGE” (April 27, 2023) discloses inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Iyonda L. Lewis whose telephone number is (571)272-4440. The examiner can normally be reached Monday - Friday 8:00am - 4:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alison Slater can be reached at (571) 270-0375. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /IYONDA L LEWIS/Patent Examiner, Art Unit 2647 Iyonda.Lewis@USPTO.gov /Alison Slater/Supervisory Patent Examiner, Art Unit 2647
Read full office action

Prosecution Timeline

Jul 21, 2024
Application Filed
Jun 30, 2026
Non-Final Rejection mailed — §102, §103 (current)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
100%
Grant Probability
99%
With Interview (+0.0%)
2y 9m (~9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 1 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month