Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
2. Applicant’s arguments filed on 02/02/2026, with respect to the 35 U.S.C. 102(a)(1)/(a)(2) rejection of claims 1-5, 9-13, and 15-9 as being anticipated by U.S. Publication No. 20170171200 hereinafter Bao have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3. Claims 1, 9, 15, 24-26, and 29-31 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20170171200 hereinafter Bao, and further in view of U.S. Publication No. 20230224704 hereinafter Atarius.
As per claim 1, Bao discloses:
A method (para 0022 "Techniques described herein may be used to
enable a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services, such as authenticating user devices, assisting with the detection of
security threats, and providing subscriber information to enable the automatic
creation of user accounts." ) comprising:
receiving, by a computing device, first identity data associated with a client
device (para 0106 "As shown, process 1200 may include receiving a request to
authenticate user device 1010 (block 1210). For example, network authentication
system 1040 may receive a request, from user device 1010, to authenticate user
device 1010. The request may include identification information of identity
server 1030. Examples of such information may include an identifier of identity
server 1030 and a Callback Universal Resource Locator (URL) of identity
server 1030." Para 0107 "Process 1200 may include obtaining an MDN of user
device 1010 based on the request to authenticate user device 1010 (block 1220).
For example, network authentication system 1040 may extract an IP address of
user device 1010 from the request to authenticate user device 1010, and may
determine the MDN of user device 1010 based on the IP address.");
encrypting the first identity data associated with the client device using
second identity data to create an encrypted version of the first identity data
associated with the client device (Para 0099 "Token server 1140 may cause the
request to be authenticated by authorization server 1120, generate the identity
token requested, and/or provide the identity token to identity server 1030. The
identity token may include a data structure used to send the MDN of user
device 1010 from network authentication system 1040 to identity server 1030 in a
manner that is secure and authenticatable by identify server. As such, the identity
token may include an encrypted data structure with an MDN of user
device 1010 and an indication of the authenticity and/or origin of the data
structure (e.g., a digital signature of network authentication system 1040)." para
0110 "Process 1200 may include creating a temporary authorization code based
on the MDN of user device 1010 (block 1240). For example, network
authentication system 1040 may generate a unique sequence of information
based on the MDN of user device 1010. In some implementations, network
authentication system 1040 may do so by applying a hash function to the MDN
and/or one or other types of information that are pre-selected for providing the
basis for temporary authorization codes." Para 0117 " In some implementation,
network authentication system 1040 may create the token by applying a hash
function to the MDN (and/or one or more other types of pre-selected information)
and encrypting the result of the hash function.");
and providing the encrypted version of the first identity data associated
with the client device to an access network (para 0097 "The temporary
authorization code may be returned by identity server 1030 (e.g., as opposed to
user device 1010), and authentication server 1120 may authenticate user
device 1010 by, for example, comparing the temporary authorization code sent to
user device 1010 with the temporary authentication code received from identity
server 1030." para 0113 "Referring now to FIG. 13, process 1200 may include
providing the temporary authorization code to identity server 1030 (block 1310).
For example, network authentication system 1040 may send the temporary
authorization code to identity server 103." Para 0120 "As shown,
process 1400 may include receiving a token from network authentication
system 1040 and extracting an MDN from the token (block 1410).")
wherein encrypting the first identity data associated with the client device using the second identity data comprises hashing the first identity data associated with the client device (para 0110 “In some implementations, network authentication system 1040 may do so by applying a hash function to the MDN and/or one or other types of information that are pre-selected for providing the basis for temporary authorization codes.”)
Bao does not disclose:
hashing using an identifier of the access network and a time variable parameter
Atarius discloses:
hashing using an identifier of the access network and a time variable parameter (para 0044 “In other embodiments, the creation of the initial pseudonym is performed by an AAA entity (e.g., a 3GPP AAA server). Here, the UDM sends a request directly to the AAA entity to create the initial pseudonym, the request comprising the 5G UE's IMSI for creation of the initial pseudonym, wherein the AAA entity may create the initial pseudonym based on the 5G UE's IMSI.” Para 0045 “One option for the generation of the initial pseudonym may be similar to a one time token generation and it can be based on a random number generator/hash function which may create appropriate unique output for the initial pseudonym taking IMSI and any random number/nonce as input.” Para 0151 “In some embodiments, the first identity pseudonym and second identity pseudonym are one-time tokens for communicating a permanent subscriber identity of the user equipment apparatus 500 in a concealed manner.” Para 0166 “In some embodiments, the identity pseudonym is created using at least one of: a SUPI of the UE and an IMSI. In one embodiment, creating the identity pseudonym comprises encrypting the subscriber identifier. In one embodiment, creating the identity pseudonym comprises using a random number generator and the subscriber identity to generate a unique value. In one embodiment, creating the identity pseudonym comprises using a hash function and the subscriber identity to generate a hash value. In one embodiment, creating the identity pseudonym comprises sending the subscriber identity to an HSS in the mobile communication network and receiving the identity pseudonym from the HSS. In another embodiment, creating the identity pseudonym comprises sending the subscriber identity to a AAA server in the mobile communication network and receiving the identity pseudonym from the AAA server.” The hashing uses the subscriber identity or IMSI to create a concealed one time tokens.)
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of
enabling a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services of Bao to include hashing using an identifier of the access network and a time variable parameter, as taught by Atarius.
The motivation would have been to communicate a permanent subscriber identity of the user equipment apparatus within an access network in a concealed manner.
As per claim 9, the implementation method of claim 1 will execute the
system of claim 9. The claim is analyzed with respect to claim 1.
As per claim 15, the implementation method of claim 1 will execute the non-
transitory computer-readable medium (Bao paragraph 0154) of claim 15.
The claim is analyzed with respect to claim 1.
As per claim 24, Bao in view Atarius discloses:
The associated with the client device comprises receiving the first identity data associated with the client device in response to the client device executing an Extensible Authentication Protocol (EAP) process with the computing device for authentication (Atarius para 0041 “The indication for the capability for access authentication for non-3GPP access in EPS may indicate the network that the 5G UE may support the EAP-AKA′ authentication method (e.g., defined in IETF RFC 5448).” Para 0056 “According to a fourth solution, in order to access authenticate for non-3GPP access in EPS, the 5G UE may use NAI which may be constructed by the initial pseudonym, i.e., pseudonym-NAI, for the EAP-AKA′ procedures.” Though Bao discloses server, Atarius discloses a (EAP) process. The motivation would have been to include pertinent user information in
order to properly verify authenticity of a message).
As per claim 25, Bao in view Atarius discloses:
The non-transitory computer-readable medium of claim 15, wherein the computing device comprises an Authentication, Authorization, and Accounting (AAA) server (Atarius para 0045, Though Bao discloses server, Atarius discloses an Authentication, Authorization, and Accounting (AAA) server. The motivation would have been to include pertinent user information in
order to properly verify authenticity of a message).
As per claim 26, Bao in view Atarius discloses:
The method of claim 6, wherein the CUI comprises a single unique identifier for a given user, and wherein the single unique identifier comprises an obscured version of a real username of the user (Atarius para 0045 and 0166, also see paragraph 0170 “In one embodiment, creating the second identity pseudonym comprises using a hash function and a permanent subscriber identity of the remote unit to generate a hash value.” The SUPI, IMSI or permanent subscriber identity are all hashed to be conceal the unique single identifier and real username of the user. The motivation would have been to communicate a permanent subscriber identity of the user equipment apparatus within an access network in a concealed manner.).
As per claim 29, the claim is analyzed with respect to claim 24.
As per claim 30, the claim is analyzed with respect to claim 25.
As per claim 31, the claim is analyzed with respect to claim 26.
4. Claims 6, 7, 14, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Bao in view Atarius and further in view of U.S. Publication No. 20180184340 hereinafter Pularikkal.
As per claim 6, Bao in view Atarius discloses:
The method of claim 1, wherein the first identity data associated with the
client device (Bao para 0099, 0110, 0117 and 018)
Bao does not disclose:
first identity data associated with the client device comprises a Chargeable
User Identity (CUI)
Pularikkal discloses:
first identity data associated with the client device comprises a Chargeable
User Identity (CUI) (para 0030 "The ePDG 310 is configured to generate
accounting records for the above insights or events in real time. Remote
Authentication Dial-In User Service (RADIUS) based accounting is forwarded to
a pre-configured RADIUS server destination (not shown) in the form of RADIUS
accounting messages. Such RADIUS accounting messages for a given
subscriber's session are generated to indicate the creation and deletion of a
default bearer for signaling and dedicated bearer for media streams. The
RADIUS accounting messages may include the following information: Para 0031
"Chargeable User Identifier (CUID))
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of
enabling a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services of Bao in view Atarius to include first identity data associated with the client device comprises a Chargeable User Identity (CUI), as taught by Pularikkal.
The motivation would have been to include pertinent user information in
order to properly verify authenticity of a message.
As per claim 7, Bao in view Atarius discloses:
The method of claim 1, wherein the first identity data associated with the
client device (Bao para 0099, 0110, 0117 and 018)
Bao in view Atarius does not disclose:
first identity data associated with the client device comprises a class
attribute
Pularikkal discloses:
first identity data associated with the client device comprises a class
attribute (para 0036 "QoS Class Identifier (QCI), Allocation and Retention Priority
(ARP) values for the bearer")
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of
enabling a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services of Bao in view Atarius to include first identity data associated with the client device
comprises class attribute, as taught by Pularikkal.
The motivation would have been to include pertinent user information in
order to properly verify authenticity of a message.
As per claim 14, the claim is analyzed with respect to claim 6.
As per claim 20, the claim is analyzed with respect to claim 6.
As per claim 21, Bao in view of Atarius and Pularikkal discloses:
The non-transitory computer-readable medium of claim 20, wherein the CUI comprises a single unique identifier for a given user, and wherein the single unique identifier comprises an obscured version of a real username of the user (Atarius para 0045 and 0166, also see paragraph 0170 “In one embodiment, creating the second identity pseudonym comprises using a hash function and a permanent subscriber identity of the remote unit to generate a hash value.” The SUPI, IMSI or permanent subscriber identity are all hashed to be conceal the unique single identifier and real username of the user. The motivation would have been to communicate a permanent subscriber identity of the user equipment apparatus within an access network in a concealed manner.).
5. Claims 22, 23, 27, 28, and 32 is rejected under 35 U.S.C. 103 as being unpatentable over Bao in view Atarius, and further in view of U.S. Patent No 11546322 hereinafter Hardjono.
As per claim 22, Bao in view of Atarius discloses:
The method of claim 1, wherein the time-variable parameter (Bao para 0099, 0110, 0117 and 018)
Bao in view of Atarius does not disclose:
time-variable parameter comprises an integer division of an epoch time with a period of time for troubleshooting
Hardjono discloses:
time-variable parameter comprises an integer division of an epoch time with a period of time for troubleshooting (Col. 3 Lines 49-67 " In some examples, a periodic authenticating key (or “PAK”) is a symmetric key used as one input into a key-hashed function that is used to generate the authenticating ticket for a given avatar data file. In some examples, a periodic challenge random (or “PCR”) is a random value chosen by an authentication server node and send by a server to a client. In some examples, a periodic authenticating key set (or “PAK-set”) is a set of keys intended for use within a given epoch of time between a client and an authentication server node. In some examples, periodic authenticating key evidence (or “PAK-evidence”) can include a cryptographic hash of a periodic authenticating key that has been timestamped and recorded by a client computing device onto a blockchain, and which permits the identification of the client computing device as its author. Before a client computing device can use a given periodic authenticating key within an epoch, the client computing device first records its corresponding periodic authenticating key evidence on the blockchain.")
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of
enabling a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services of Bao in view of Atarius to include time-variable parameter comprises an integer division of an epoch time with a period of time for troubleshooting, as taught by Hardjono.
The motivation would have been to provide a time-variable parameter associated with an epoch of time to verify data.
As per claim 23, Bao in view of Atarius discloses:
The method of claim 1, wherein the time-variable parameter (Bao para 0099, 0110, 0117 and 018)
Bao in view of Atarius does not disclose:
the time-variable parameter comprises an event timestamp
Hardjono discloses:
the time-variable parameter comprises an event timestamp (Col. 3 Lines 49-67 " In some examples, a periodic authenticating key (or “PAK”) is a symmetric key used as one input into a key-hashed function that is used to generate the authenticating ticket for a given avatar data file. In some examples, a periodic challenge random (or “PCR”) is a random value chosen by an authentication server node and send by a server to a client. In some examples, a periodic authenticating key set (or “PAK-set”) is a set of keys intended for use within a given epoch of time between a client and an authentication server node. In some examples, periodic authenticating key evidence (or “PAK-evidence”) can include a cryptographic hash of a periodic authenticating key that has been timestamped and recorded by a client computing device onto a blockchain, and which permits the identification of the client computing device as its author. Before a client computing device can use a given periodic authenticating key within an epoch, the client computing device first records its corresponding periodic authenticating key evidence on the blockchain.")
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of
enabling a network service provider (e.g., a service provider of a wireless
telecommunications network) to provide an application server with one or more
services of Bao in view of Atarius to include the time-variable parameter comprises an event timestamp, as taught by Hardjono.
The motivation would have been to provide a time-variable parameter associated with an epoch of time to verify data.
As per claim 27, the claim is analyzed with respect to claim 22.
As per claim 28, the claim is analyzed with respect to claim 23.
As per claim 32, the claim is analyzed with respect to claim 22.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GARY S GRACIA/Primary Examiner, Art Unit 2499
Prosecution Insights