DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
1, 9, and 17 recite: wherein the service operation request message includes…a second indication indicating that the user and the device support or request to be authenticated and authorized by the service producer using at least one of: a user trust index (UTI) of the user and a device trust index (DTI) of the device.
The grammatical nature of this limitation is unclear. It is unclear what is meant by “device support”. The device supports what? The term “support or” will be ignored because it does not logically fit into the claim limitation.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-6, 8, 9, 11-14, 16, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Song et al. (US 2024/0354429) in view of Kopack (US 2023/0179589), and further in view of Su et al. (Ensuring Trustworthiness in IoIT/AIoT A Phased-Based Approach).
Regarding claims 1 and 9, Song teaches a method (and corresponding service consumer) performed by a service consumer associated by a user and a device that is a wireless transmit/receive unit (WTRU), the method comprising:
sending, to a service producer, a service operation request message requesting access to at least one target service provided by the service producer (the network function service consumer sends a service request message. The service request message is used to request to obtain the service provided by the network function service provider – see [0348] – [0349]), wherein the service operation request message a second indication indicating that the user and the device request to be authenticated and authorized by the service producer (the service request message further includes…attestation information…for verifying whether the network function service consumer is trusted – see [0350]
receiving, from the service producer, an authentication notification message including an indication of a trust-based authentication result indicating that the service producer will execute the at least one target service (the network function service consumer receives a service response message…The service response message indicates whether the service request is accepted and further indicates a result of the trustworthiness verification of the network function service consumer – see [0356] – [0357]).
receiving, from the service producer, a service operation response message including at least one service execution result associated with the executed at least one target service (describing that having performed that verifications of the attestation data comprised in the service request, the network function service provider…proves the service to the network function service consumer based on a verifications status – see [0371]).
Song does not teach includes a first indication indicating that the user and the device will authenticate and authorize the service producer or sending, to the service producer, or sending to the service provider, an authentication confirmation message
Kopak teaches providing user authentication to online service providers, and/or provide online service provider authentication to users for the purpose of one-sided or mutual authentication – see [0165]. Kopak further teaches a confirmation of the authentication completion may be provided to the online service provider in order to allow the user to access the resource at the first device– see [0077].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song by including an indication indicating that the user and device will authenticate and authorize the service provider in order to provide mutual authentication, as well as to send a confirmation message, based upon the beneficial teachings provided by Kopak. These modifications would result in better security to the system.
Song and Kopak do not teach using a trust index of the service producer or authenticating/authorizing using at least one of: a user trust index (UTI) of the user and a device trust index (DTI) of the device.
Su teaches: Trust management gathers relevant parameters…the degree of trustworthiness, namely, the trust value, is calculated by a predetermined mathematical method in trust updating. Trust value is computed, and TM infers a conclusion based on this trust value to device if the node can be trusted or not – see page 84 2nd column.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song and Kopak by using trust indexes for authenticating/authorizing in order to determine how trustworthy a device/user is, based upon the beneficial teachings provided by Su. These modifications would result in better security to the system.
Regarding claim 17, Song teaches a method performed by a service producer comprising:
receiving, from a service consumer, a service operation request message requesting access to at least one target service provided by the service producer (the network function service consumer sends a service request message. The service request message is used to request to obtain the service provided by the network function service provider – see [0348] – [0349]), wherein the service operation request message a second indication indicating that the user and the device request to be authenticated and authorized by the service producer (the service request message further includes…attestation information…for verifying whether the network function service consumer is trusted – see [0350].
Determining that a trust level authentication of the user associated with the service consumer of a device associated with the service consumer is needed (the service request message further includes…attestation information…for verifying whether the network function service consumer is trusted – see [0350]. Trustworthiness authentication – see abstract.
Sending, to the service consumer, an authentication notification message including an indication of a trust-based authentication result indicating that the service producer will execute the at least one target service (the network function service consumer receives a service response message…The service response message indicates whether the service request is accepted and further indicates a result of the trustworthiness verification of the network function service consumer – see [0356] – [0357]).
Authenticating the received service operation request message using trust based authentication (see figure 4).
Executing the at least one target service (Service process – see figure 14 S1317).
Sending, to the service consumer, a service operation response message including at least one service execution result associated with the executed at least one target service (describing that having performed that verifications of the attestation data comprised in the service request, the network function service provider…proves the service to the network function service consumer based on a verifications status – see [0371]).
Song does not teach includes a first indication indicating that the user and the device will authenticate and authorize the service producer or sending, to the service producer, or sending to the service producer, an authentication confirmation message
Kopak teaches providing user authentication to online service providers, and/or provide online service provider authentication to users for the purpose of one-sided or mutual authentication – see [0165]. Kopak further teaches a confirmation of the authentication completion may be provided to the online service provider in order to allow the user to access the resource at the first device– see [0077].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song by including an indication indicating that the user and device will authenticate and authorize the service provider in order to provide mutual authentication, as well as to send a confirmation message, based upon the beneficial teachings provided by Kopak. These modifications would result in better security to the system.
Song and Kopak do not teach using a trust index of the service producer or authenticating/authorizing using at least one of: a user trust index (UTI) of the user and a device trust index (DTI) of the device. Song and Kopak also do not teach selecting and authenticating a trust management function, sending to the selected and authenticated TMF, a request message requesting at least one of the UTI and the DTI, or receiving, from the selected and authenticated TMF, a response message including an indication of at least one of the UTI and DTI.
Su teaches: Trust management (i.e., TMF) gathers relevant parameters…the degree of trustworthiness, namely, the trust value, is calculated by a predetermined mathematical method in trust updating. Trust value is computed, and TM infers a conclusion based on this trust value to device if the node can be trusted or not – see page 84 2nd column.
The Examiner notes that using an authenticated TMF would be intrinsic to maintain basic security. The request and receipt of the trust values would be intrinsic to the teachings of Su, in order to simply gather the information.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song and Kopak by using trust indexes for authenticating/authorizing in order to determine how trustworthy a device/user is, based upon the beneficial teachings provided by Su. These modifications would result in better security to the system.
Regarding claims 3, 4, 11, and 12, Su teaches that a trust index is a metric that indicates a level of trustworthiness and is based on a trust evaluation of one or more trust indicators, wherein the trust indicators comprise factors related to security (trust value based on trustworthiness which relies on trust parameters applied to networking security – see page 84 second column).
Regarding claims 5 and 13, it is intrinsic to Song to that the service operation request message further includes an identifier of the device or user and the service operation being requested, as there must be some type of identification of the requester. The consumer is requesting a service and the service producer needs to know who is requesting and what they are requesting. Song teaches an attestation value, which can be considered an identification – see [0348] – [0371].
Regarding claims 6 and 14, the combination of Song and Su suggests that the authentication notification message further comprises the UTI of the user or the DTI of the device (Song teaches: the network function service consumer receives a service response message…The service response message indicates whether the service request is accepted and further indicates a result of the trustworthiness verification of the network function service consumer – see [0356] – [0357]. In addition, Su teaches: Trust management (i.e., TMF) gathers relevant parameters…the degree of trustworthiness, namely, the trust value, is calculated by a predetermined mathematical method in trust updating. Trust value is computed, and TM infers a conclusion based on this trust value to device if the node can be trusted or not – see page 84 2nd column. Therefore, the combination suggests that the authentication notification would include the trust value itself.
Accordingly, the result-effective adjustment of this and other particular types of conventional working conditions (e.g., which parts of the authentication calculation are included in the authentication notification) is deemed merely a matter of judicious selection and routine optimization which is well within the purview of the skilled artisan.
Regarding claims 8, 16, and 20, Song teaches that the service consumer is a Function Entity Service Consumer (FESC) and the service production is a Function Entity Service Producer (FESP) (The Examiner notes that the applicant’s specification states that a FESC is generally a service consumer and a FESP is generally a service producer – see [0073] of applicant’s specification. Song teaches a service producer and a service consumer – see [0348] - [0349] which teaches a service provider and service consumer).
Claims 2, 10, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Song et al. (US 2024/0354429) in view of Kopack (US 2023/0179589), and in view Su et al. (Ensuring Trustworthiness in IoIT/AIoT A Phased-Based Approach), and further in view of Campobasso et al. (US 2024/0256991).
The teachings of Song, Kopak, and Su are relied upon for the reasons set forth above.
In addition, regarding claims 2, 10, and 19 the prior art teaches TMF and obtaining trust index, and authenticating the service provider and providing the service, as discussed above.
Song, Kopak, and Su does not teach authenticating by comparing the trust index to a preconfigured threshold.
Campobasso teaches: the authentication result may be “pass” if the trust score is higher than or equal to the threshold. The authentication result may also be “pass” if the trust score is lower than the threshold and the user successfully performed the additional authentication step. The authentication result may be “fail” if the trust score is lower than the threshold and the user failed to successfully perform the additional authentication step. The server system 104 then authenticates the user based on the authentication result – see [0034].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song, Kopak, and Su by using a threshold of trust index to determine authentication, based upon the beneficial teachings provided by Su. These modifications would result in better configuration options for the system (such as desired trust level).
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Song et al. (US 2024/0354429) in view of Kopack (US 2023/0179589), and in view Su et al. (Ensuring Trustworthiness in IoIT/AIoT A Phased-Based Approach), and further in view of Wang (US 2024/0338227).
The teachings of Song, Kopak, and Su are relied upon for the reasons set forth above.
Regarding claims 7 and 15, Song, Kopak, and Su do not teach forwarding the at least one execution result to at least one of: an application server, a next application function in a chain of application functions, and a charging function.
Wang teaches storing execution results on application servers – see [0136] and [0155].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song, Kopak, and Su by forwarding the execution results to an application, for the purpose of keeping logs of execution, based upon the beneficial teachings provided by Wang. These modifications would result in better record keeping.
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Song et al. (US 2024/0354429) in view of Kopack (US 2023/0179589), and in view Su et al. (Ensuring Trustworthiness in IoIT/AIoT A Phased-Based Approach), and further in view of Sarin (US 2022/0015073).
The teachings of Song, Kopak, and Su are relied upon for the reasons set forth above.
Regarding claim 8, Song, Kopak, and Su do not teach authenticating the received service operation request message based on a credential of the user in addition to the trust-based authentication.
Sarin teaches: In some embodiments, the user 802 may be required to perform user authorization such as providing credentials before given access to the service provider application 810 and access to interact with one or more services provided by the service provider device 812 – see [0048].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Song, Kopak, and Su by requiring user credential for authentication, for the purpose of dual authentication, based upon the beneficial teachings provided by Sarin. These modifications would result in increased security.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LISA C LEWIS/Primary Examiner, Art Unit 2495