DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Priority Acknowledgement is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d) to application IN202311061958 filed on 09/14/2023. Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/10/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4, 6, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over BANERJEE et al. (US PGPub No. 2025/0038969; hereinafter “BANERJEE”), in view of YANG et al. (US PGPub No. 2021/0021993), in view of Nix (US PGPub No. 2023/0308424; hereinafter “Nix ‘424”), in view of Nix (US PGPub No. 2021/0409214; hereinafter “Nix ‘214”), in view of PHAN et al. (EP 3751877 A1; hereinafter “PHAN”).
As per claim 1: BANERJEE discloses a system for enabling generation of Subscription Concealed Identifier (SUCI) in a 5G network (a terminal generates a subscription concealed identifier (SUCI) of the terminal device based on a subscription permanent identifier (SUPI) of the terminal device and a public key of a home network of the terminal device [BANERJEE, abstract]), the system comprising:
[a Universal Integrated Circuit Card (UICC)] in communication with one or more user device and one or more network (FIG. 1A, there is a cellular communication system, which comprises first and second User Equipment UE 110, 112, one or more Base Stations, BS, 120, and core network element 130. The first UE 110 is connected to the BS 120 via an air interface 115. The BS 120 may be connected, directly or via at least one intermediate node, with the core network 130 via the interface 125. The core network 130 may be, in turn, coupled via the interface 135 with another network (not shown in FIG. 1A), via which connectivity to further networks may be obtained, for example via a worldwide interconnection network [BANERJEE ¶ 0049, Fig. 1A, Examiner’s Note: terminal device communicating with other terminal device and network device]), [the UICC] comprising one or more processors coupled with a memory (The device 800 may be provided to implement a communication device, for example, the terminal device 110, the network device 130 as shown in FIGS. 1A and 2. As shown, the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810 [BANERJEE ¶ 0130, Fig. 8]), wherein said memory stores instructions which when executed by the one or more processors causes [the UICC] to (A computer program 830 includes computer executable instructions that are executed by the associated processor 810 [BANERJEE ¶ 0134]):
perform encryption of a plain text associated with a Subscription Permanent Identifier (SUPI) based on an Authenticated Encryption with an Associated Data (AEAD)-[Advanced Encryption Standard in Galois/Counter Mode (AES-GCM)] (the terminal device 110 may use an authenticated encryption with associated data (AEAD) algorithm to generate the cipher text value and the MAC-tag value. For example, the derived encryption key and a plain text of the SUPI may be input into the AEAD algorithm to generate the cipher text value and the MAC-tag value. In some embodiments, the AEAD algorithm used by the terminal device 110 may comprise a function that achieves the properties of a Fujisaki-Okamoto (FO) transform or its variant, the HHK (Hofheinz, Hövelmanns, Kiltz) transform [BANERJEE ¶ 0080, Fig. 1B]), [an Initialization Vector (IV)], and an Additional authenticated data (AAD) (the terminal device 110 may use an authenticated encryption with associated data (AEAD) algorithm to generate the cipher text value and the MAC-tag value. For example, the derived encryption key and a plain text of the SUPI may be input into the AEAD algorithm to generate the cipher text value and the MAC-tag value. In some embodiments, the AEAD algorithm used by the terminal device 110 may comprise a function that achieves the properties of a Fujisaki-Okamoto (FO) transform or its variant, the HHK (Hofheinz, Hövelmanns, Kiltz) transform [BANERJEE ¶ 0080]);
obtain a public key (The UE obtains 402 a PQC KEM public key of HN (pk) 403 which is the public key of the PQC KEM key pair. In some examples, the PQC KEM public key of HN (pk) 403 may be of Kyber. The UE may receive the PQC KEM public key of HN (pk) 403 from the network side. Alternatively, the PQC KEM public key 403 of HN (pk) 403 may be pre-configured in the terminal device [BANERJEE ¶ 0086]), a cipher text and a Message Authentication Code (MAC) tag in a parallel process by the AEAD (At 404, the UE generates a PQC shared secret (ss) 406 and a PQC KEM ciphertext (ct) 405 based on the PQC KEM public key 403 of HN (pk) 403. The PQC KEM ciphertext (ct) 405 is taken as the A part shown in FIG. 3. At 407, based on the PQC shared secret (ss) 406, the UE derives an encryption key 408 using a key derivation function (KDF). At 409, the UE uses an AEAD algorithm to generate a cipher text value 411 and a MAC-tag value 412 based on the derived encryption key 408 and a plain text block (SUPI) 410 of the terminal device. The cipher text value 411 is taken as the B part shown in FIG. 3. The MAC-tag value 412 is taken as the C part shown in FIG. 3 [BANERJEE ¶ 0087, Fig. 1B]; In view of above, in FIG. 4, at the UE side, the PQC KEM public key of Home Network (pk) 403 is used in key encapsulation mechanism (asymmetric cryptographic scheme) to generate the PQC KEM ciphertext (ct) 405 and PQC shared secret (ss) 406. The key derivation function is used to derive the encryption key 408. The encryption key 408 is fed into the AEAD algorithm along with the plain text (SUPI) 410 to generate the cipher text value 411 and the MAC-tag value 412. The final output contains the PQC KEM ciphertext (ct) 405 concatenated with the cipher text value 411 (the cipher text of SUPI) and MAC-tag value 412 (the MAC value of SUPI) [BANERJEE ¶ 0088]) [AES-GCM] and an Elliptic Curve Integrated Encryption Scheme (ECIES) process along with one or more parameters for enabling generation of the SUCI in the 5G network (the terminal device 110 may generate the SUCI based on the public key through the following steps. First, the terminal device 110 may generate a first ciphertext and a first shared secret based on the public key. Second, the terminal device 110 may, based on the generated first shared secret, derive an encryption key using a key derivation function (KDF). Then, the terminal device 110 may generate a cipher text value and a message authentication code tag (MAC-tag) value based on the derived encryption key and the SUPI of the terminal device 110. And then, the terminal device 110 may generate the SUCI based on the generated first ciphertext, the generated cipher text value, and the generated MAC-tag value. In some embodiments, the first ciphertext is a PQC KEM ciphertext, and the first shared secret is a PQC KEM shared secret [BANERJEE ¶ 0076, Fig. 1B]; FIG. 1B illustrates encryption steps at UE side according to an ECIES scheme. The ECIES scheme shall be implemented such that for computing a fresh SUCI and the UE shall use the provisioned public key of the home network and freshly generated ECC (elliptic curve cryptography) ephemeral public/private key pair according to the ECIES parameters provisioned by home network [BANERJEE ¶ 0054]; As mentioned above, the SUPI is a globally unique 5G Subscription Permanent Identifier allocated to each subscriber in the 5G System. The SUPI is defined in clause 5.9.2 of 3GPP TS 23.501. As shown in FIG. 1D, the SUPI is defined as including “SUPI type” and “IMSI/NSI/GLI/GCI”. The “SUPI type” may indicate an IMSI, a network specific identifier (NSI), a global line identifier (GLI) or a global cable identifier (GCI) [BANERJEE ¶ 0056]), wherein the one or more parameters comprises at least one of a SUPI type, a Mobile Country Code (MCC), a Mobile Network Code (MNC), or/and a protection scheme ID (As shown in FIG. 1E, the SUCI according to the specification is composed of the following parts. A first part is SUPI Type, consisting in a value in the range 0 to 7. It identifies the type of the SUPI concealed in the SUCI. The following values are defined: 0 for IMSI, 1 for NSI, 2 for GLI, 3 for GCI, 4 to 7 for spare values for future use [BANERJEE ¶ 0058]; A second part is Home Network Identifier, identifying the home network of the subscriber. When the SUPI Type is an IMSI, the Home Network Identifier is composed of two parts: mobile country code (MCC), consisting of three decimal digits; and mobile network code (MNC), consisting of two or three decimal digits. The MCC identifies uniquely the country of domicile of the mobile subscription. The MNC identifies the home PLMN or SNPN of the mobile subscription. When the SUPI type is a Network Specific Identifier (NSI), a GLI or a GCI, the Home Network Identifier consists of a string of characters with a variable length representing a domain name as specified in clause 2.2 of IETF RFC 7542. For a GLI or a GCI, the domain name shall correspond to the realm part specified in the NAI format for SUPI in clauses 28.15.2 and 28.16.2 [BANERJEE ¶ 0059]; A fourth part is Protection Scheme Identifier, consisting in a value in the range of 0 to 15 (see Annex C.1 of 3GPP TS 33.501). It represents the null scheme, or a non-null scheme specified in Annex C of 3GPP TS 33.501, or a protection scheme specified by the HPLMN; the null scheme shall be used if the SUPI type is a GLI or GCI. [BANERJEE ¶ 0061]), wherein the SUPI type comprises at least one of an International Mobile Subscriber Identity (IMSI) or/and a Network Access Identifier (NAI) (As mentioned above, the SUPI is a globally unique 5G Subscription Permanent Identifier allocated to each subscriber in the 5G System. The SUPI is defined in clause 5.9.2 of 3GPP TS 23.501. As shown in FIG. 1D, the SUPI is defined as including “SUPI type” and “IMSI/NSI/GLI/GCI”. The “SUPI type” may indicate an IMSI, a network specific identifier (NSI), a global line identifier (GLI) or a global cable identifier (GCI). Dependent on the value of the “SUPI type”, “IMSI/NSI/GLI/GCI” may be an IMSI as defined in clause 2.1 of TS 23.003, an NSI taking the form of a network access identifier (NAI) as defined in clause 28.7.2 of TS 23.003, a GCI taking the form of a NAI as defined in clause 28.15.2 of TS 23.003, or a GLI taking the form of an NAI as defined in clause 28.16.2 of TS 23.003 [BANERJEE ¶ 0056]), wherein one or more fields are added based on the SUPI type (As shown in FIG. 1E, the SUCI according to the specification is composed of the following parts. A first part is SUPI Type, consisting in a value in the range 0 to 7. It identifies the type of the SUPI concealed in the SUCI. The following values are defined: 0 for IMSI, 1 for NSI, 2 for GLI, 3 for GCI, 4 to 7 for spare values for future use [BANERJEE ¶ 0058]; A second part is Home Network Identifier, identifying the home network of the subscriber. When the SUPI Type is an IMSI, the Home Network Identifier is composed of two parts: mobile country code (MCC), consisting of three decimal digits; and mobile network code (MNC), consisting of two or three decimal digits. The MCC identifies uniquely the country of domicile of the mobile subscription. The MNC identifies the home PLMN or SNPN of the mobile subscription. When the SUPI type is a Network Specific Identifier (NSI), a GLI or a GCI, the Home Network Identifier consists of a string of characters with a variable length representing a domain name as specified in clause 2.2 of IETF RFC 7542. For a GLI or a GCI, the domain name shall correspond to the realm part specified in the NAI format for SUPI in clauses 28.15.2 and 28.16.2 [BANERJEE ¶ 0059]; A fourth part is Protection Scheme Identifier, consisting in a value in the range of 0 to 15 (see Annex C.1 of 3GPP TS 33.501). It represents the null scheme, or a non-null scheme specified in Annex C of 3GPP TS 33.501, or a protection scheme specified by the HPLMN; the null scheme shall be used if the SUPI type is a GLI or GCI. [BANERJEE ¶ 0061]); and
transmit the generated SUCI [in response to a GET IDENTITY command received by the UICC] (The terminal device then transmits the SUCI to a network device [BANERJEE, abstract]; Then the terminal device 110 transmits 204 the SUCI 205 to a network device 130, e.g., for a registration. For instance, the network device 130 may be or comprise an NF in the core network, such as subscription identifier de-concealing function (SIDF). In some embodiments, the network device 130 may reside at a unified data management (UDM) network function or an authentication server function, AUSF, or any other future network function in the core network [BANERJEE ¶ 0071]).
BANERJEE discloses the claimed subject matter as discussed above but does not explicitly disclose a Universal Integrated Circuit Card (UICC); the UICC; the UICC. However, YANG teaches a Universal Integrated Circuit Card (UICC) (In some embodiments, network public keys are maintained by a secure element (SE) of the UE, e.g., an embedded Universal Integrated Circuit Card (eUICC) [YANG ¶ 0028]; As shown in FIG. 1, the UE 102 can include processing circuitry, which can include a processor 104 and a memory 106, an embedded Universal Integrated Circuit Card (eUICC) 108 [YANG ¶ 0033]); the UICC (In some embodiments, network public keys are maintained by a secure element (SE) of the UE, e.g., an embedded Universal Integrated Circuit Card (eUICC) [YANG ¶ 0028]; As shown in FIG. 1, the UE 102 can include processing circuitry, which can include a processor 104 and a memory 106, an embedded Universal Integrated Circuit Card (eUICC) 108 [YANG ¶ 0033]); the UICC (In some embodiments, network public keys are maintained by a secure element (SE) of the UE, e.g., an embedded Universal Integrated Circuit Card (eUICC) [YANG ¶ 0028]; As shown in FIG. 1, the UE 102 can include processing circuitry, which can include a processor 104 and a memory 106, an embedded Universal Integrated Circuit Card (eUICC) 108 [YANG ¶ 0033]). BANERJEE and YANG are analogous art because they are from the same field of endeavor of user equipment SUPI security. Therefore, based on BANERJEE in view of YANG, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of YANG to the system of BANERJEE in order to securely store network keys and for use in ensuring improved integrity and security of personal data. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
BANERJEE in view of YANG discloses the claimed subject matter as discussed above but does not explicitly disclose Advanced Encryption Standard in Galois/Counter Mode (AES-GCM); AES-GCM. However, Nix ‘424 teaches Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) (Device 101 can include a set of device parameters or device extensions 101g for conducting a secure session with a network 103 and a server 111 … The device extensions 101g can include supported cipher suites supported by device 101 in establishing secure communications with network 103 and server 111. The device extensions 101g can also be used for the “Extensions” fields within a “Client Hello” or equivalent message such as a first message 202 as depicted and described in connection with FIG. 2a below. The device extensions 101g can include supported symmetric ciphering algorithms and modes, such as the Advanced Encryption Standard (AES) with a ciphertext chaining mode such as Electronic Code Book mode (ECB), Galois/Counter Mode (GCM), XChaCha20 for encryption [Nix ‘424 ¶ 0074, Examiner’s Note: AES-GCM]; The device identity in a device certificate 101c can be an international mobile subscriber identity (IMSI), a subscription permanent identifier (SUPI) according to 5G standards, or a network access identifier (NAI) as specified in IETF RFC 754 [Nix ‘424 ¶ 0072]; As one example, the first device extensions 101g could specify the use of AES-GCM with 256 bit keys and the SHA-2 algorithm [Nix ‘424 ¶ 0076]); AES-GCM (Device 101 can include a set of device parameters or device extensions 101g for conducting a secure session with a network 103 and a server 111 … The device extensions 101g can include supported cipher suites supported by device 101 in establishing secure communications with network 103 and server 111. The device extensions 101g can also be used for the “Extensions” fields within a “Client Hello” or equivalent message such as a first message 202 as depicted and described in connection with FIG. 2a below. The device extensions 101g can include supported symmetric ciphering algorithms and modes, such as the Advanced Encryption Standard (AES) with a ciphertext chaining mode such as Electronic Code Book mode (ECB), Galois/Counter Mode (GCM), XChaCha20 for encryption [Nix ‘424 ¶ 0074, Examiner’s Note: AES-GCM]; The device identity in a device certificate 101c can be an international mobile subscriber identity (IMSI), a subscription permanent identifier (SUPI) according to 5G standards, or a network access identifier (NAI) as specified in IETF RFC 754 [Nix ‘424 ¶ 0072]; As one example, the first device extensions 101g could specify the use of AES-GCM with 256 bit keys and the SHA-2 algorithm [Nix ‘424 ¶ 0076]). BANERJEE in view of YANG and Nix ‘424 are analogous art because they are from the same field of endeavor of terminal device communication security. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Nix ‘424 to the system of BANERJEE in view of YANG in order to utilize an efficient block cipher that provides data authenticity, integrity, and confidentiality for improve security. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
BANERJEE in view of YANG in view of Nix ‘424 discloses the claimed subject matter as discussed above but does not explicitly disclose an Initialization Vector (IV). However, Nix ‘214 teaches an Initialization Vector (IV) (Symmetric ciphering algorithm 404a and 405a below can include the use or an initialization vector (IV), which could comprise a random number. The initialization vector could be sent as plaintext or metadata along with the ciphertext, and in this manner the ciphertext could change over time (and with each SUCI 101b), which is preferred since the encrypted SUPI 101a could remain the same, but the ciphertext 406 (or 408 below) should change even though the plaintext data transmitted may be static [Nix ‘214 ¶ 0204]). BANERJEE in view of YANG in view of Nix ‘424 and Nix ‘214 are analogous art because they are from the same field of endeavor of device communication security. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Nix ‘214 to the system of BANERJEE in view of YANG in view of Nix ‘424 in order to avoid a third party seeing the ciphertext from tracking the sender for improved security (¶ 0204). Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 discloses the claimed subject matter as discussed above but does not explicitly disclose in response to a GET IDENTITY command received by the UICC. However, PHAN teaches in response to a GET IDENTITY command received by the UICC (The USIM 1 supports the Get Identity command (as specified in 3GPP TS 31.102 and ETSI TS 102 221). This command is used by the mobile equipment 2 to retrieve the encrypted SUbscription Concealed Identifier (SUCI) (as specified in 3GPP TS 33.501) computed by the USIM 1 and to deliver it to the serving network 3 each time it is requested [PHAN ¶ 0063]; In fact, when the USIM 1 is requested to present/submit its identity, the Get Identity command returns the privacy subscription identifier SUCI calculated by the USIM application 1 [PHAN ¶ 0064]). BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 and PHAN are analogous art because they are from the same field of endeavor of device communication security. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of PHAN to the system of BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in order to comply with appropriate specification standards for improved security in communication protocols. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
As per claim 4: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 1. Furthermore, wherein the system is configured to generate the SUCI by concealing the SUPI based on the ECIES in the 5G network (a terminal generates a subscription concealed identifier (SUCI) of the terminal device based on a subscription permanent identifier (SUPI) of the terminal device and a public key of a home network of the terminal device [BANERJEE, abstract]; FIG. 1B illustrates encryption steps at UE side according to an ECIES scheme. The ECIES scheme shall be implemented such that for computing a fresh SUCI and the UE shall use the provisioned public key of the home network and freshly generated ECC (elliptic curve cryptography) ephemeral public/private key pair according to the ECIES parameters provisioned by home network. The processing on UE side shall be done according to encryption operations, which comprises: generating keying data K of length enckeylen+icblen+mackeylen; parsing the leftmost enckeylen octets of K as an encryption key EK, the middle icblen octets of K as an ICB, and the rightmost mackeylen octets of K as a MAC key MK. The final output of the ECIES concealment scheme shall be the concatenation of the ECC ephemeral public key, the ciphertext value, the MAC tag value, and any other parameters, if applicable [BANERJEE ¶ 0054, Fig. 1B]; the SUPI is a globally unique 5G Subscription Permanent Identifier allocated to each subscriber in the 5G System [BANERJEE ¶ 0056, Fig. 1A]).
As per claim 6: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 1. The limitations of claim 6 are substantially similar to claim 1 above, and therefore the claim is likewise rejected.
As per claim 9: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 6. The limitations of claim 9 are substantially similar to claim 4 above, and therefore the claim is likewise rejected.
Claims 2 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Yu et al. (US PGPub No. 2024/0048543; hereinafter “Yu”).
As per claim 2: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 1. Furthermore, BANERJEE and Nix ‘424 disclose wherein the AEAD-AES GCM (At 404, the UE generates a PQC shared secret (ss) 406 and a PQC KEM ciphertext (ct) 405 based on the PQC KEM public key 403 of HN (pk) 403. The PQC KEM ciphertext (ct) 405 is taken as the A part shown in FIG. 3. At 407, based on the PQC shared secret (ss) 406, the UE derives an encryption key 408 using a key derivation function (KDF). At 409, the UE uses an AEAD algorithm to generate a cipher text value 411 and a MAC-tag value 412 based on the derived encryption key 408 and a plain text block (SUPI) 410 of the terminal device. The cipher text value 411 is taken as the B part shown in FIG. 3. The MAC-tag value 412 is taken as the C part shown in FIG. 3 [BANERJEE ¶ 0087, Fig. 1B]; Device 101 can include a set of device parameters or device extensions 101g for conducting a secure session with a network 103 and a server 111 … The device extensions 101g can include supported cipher suites supported by device 101 in establishing secure communications with network 103 and server 111. The device extensions 101g can also be used for the “Extensions” fields within a “Client Hello” or equivalent message such as a first message 202 as depicted and described in connection with FIG. 2a below. The device extensions 101g can include supported symmetric ciphering algorithms and modes, such as the Advanced Encryption Standard (AES) with a ciphertext chaining mode such as Electronic Code Book mode (ECB), Galois/Counter Mode (GCM), XChaCha20 for encryption [Nix ‘424 ¶ 0074, Examiner’s Note: AES-GCM]; The device identity in a device certificate 101c can be an international mobile subscriber identity (IMSI), a subscription permanent identifier (SUPI) according to 5G standards, or a network access identifier (NAI) as specified in IETF RFC 754 [Nix ‘424 ¶ 0072]; As one example, the first device extensions 101g could specify the use of AES-GCM with 256 bit keys and the SHA-2 algorithm [Nix ‘424 ¶ 0076]) [enables a single block cipher operation] based on an encryption key to generate the SUCI in the 5G network (In view of above, in FIG. 4, at the UE side, the PQC KEM public key of Home Network (pk) 403 is used in key encapsulation mechanism (asymmetric cryptographic scheme) to generate the PQC KEM ciphertext (ct) 405 and PQC shared secret (ss) 406. The key derivation function is used to derive the encryption key 408. The encryption key 408 is fed into the AEAD algorithm along with the plain text (SUPI) 410 to generate the cipher text value 411 and the MAC-tag value 412. The final output contains the PQC KEM ciphertext (ct) 405 concatenated with the cipher text value 411 (the cipher text of SUPI) and MAC-tag value 412 (the MAC value of SUPI) [BANERJEE ¶ 0088]; In this way, the UE generates the SUCI based on the PQC KEM [BANERJEE ¶ 0090]), wherein the system enables [the parallel process for a plurality of the blocks].
BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN discloses the claimed subject matter as discussed above but does not explicitly disclose enables a single block cipher operation; the parallel process for a plurality of the blocks. However, Yu teaches enables a single block cipher operation (Using the batch mode protection 500 allows for applying additional optimization techniques that are not possible in the traditional per-packet payload protection 602. The batch mode protection 500 facilitates multi-buffer processing where certain elements of AEAD encryption (e.g., AES-GCM) processing can be done in parallel on multiple network packets 300 at the same time. This includes but is not limited to AAD (additional authentication data) processing or final block encryption in AES-GMAC calculation (part of AES-GCM AEAD algorithm construct). In other words, the AEAD module 406 computes a single instance of the AAD for all the N network packets 300 that are input. Accordingly, AAD computation cycles are reduced. Additionally, the AEAD module 406 can execute the AES-GCM calculation only once across all the N network packets 300 (instead of N times in per packet payload protection 602 mode). Accordingly, the batch mode protection 500 facilitates performance improvement in comparison with the per packet payload protection 602. The multi-buffer processing can be used in several other operations during the batch mode protection 500 [Yu ¶ 0077]); the parallel process for a plurality of the blocks (Using the batch mode protection 500 allows for applying additional optimization techniques that are not possible in the traditional per-packet payload protection 602. The batch mode protection 500 facilitates multi-buffer processing where certain elements of AEAD encryption (e.g., AES-GCM) processing can be done in parallel on multiple network packets 300 at the same time. This includes but is not limited to AAD (additional authentication data) processing or final block encryption in AES-GMAC calculation (part of AES-GCM AEAD algorithm construct). In other words, the AEAD module 406 computes a single instance of the AAD for all the N network packets 300 that are input. Accordingly, AAD computation cycles are reduced. Additionally, the AEAD module 406 can execute the AES-GCM calculation only once across all the N network packets 300 (instead of N times in per packet payload protection 602 mode). Accordingly, the batch mode protection 500 facilitates performance improvement in comparison with the per packet payload protection 602. The multi-buffer processing can be used in several other operations during the batch mode protection 500 [Yu ¶ 0077]). Yu and the instant application are analogous art because they are from the same field of endeavor of cryptographic processing. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Yu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Yu to the system of BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in order to utilize an AEAD encryption, specifically AES-GCM, to enable parallel processing over data received from the network for reduced AAD computation cycles and performance improvements. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim
As per claim 7: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 6. The limitations of claim 7 are substantially similar to claim 2 above, and therefore the claim is likewise rejected.
Claims 3 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Bradbury et al. (US Patent No. 9680653; hereinafter “Bradbury”).
As per claim 3: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 1. Furthermore, wherein the system is configured to: [generate the AAD by integrating] a Shared Secret Key and a Home Network Public Key (the terminal device 110 may generate the SUCI based on the public key through the following steps. First, the terminal device 110 may generate a first ciphertext and a first shared secret based on the public key. Second, the terminal device 110 may, based on the generated first shared secret, derive an encryption key using a key derivation function (KDF) [BANERJEE ¶ 0076]; The UE obtains 402 a PQC KEM public key of HN (pk) 403 which is the public key of the PQC KEM key pair. In some examples, the PQC KEM public key of HN (pk) 403 may be of Kyber. The UE may receive the PQC KEM public key of HN (pk) 403 from the network side. Alternatively, the PQC KEM public key 403 of HN (pk) 403 may be pre-configured in the terminal device [BANERJEE ¶ 0086]) [based on an XOR operation].
BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN discloses the claimed subject matter as discussed above but does not explicitly disclose generate the AAD by integrating … based on an XOR operation. However, Bradbury teaches generate the AAD by integrating … based on an XOR operation (FIG. 5A, the AES algorithm 500 uses the key (K) field 414 from the parameter block. The resulting 128-bit hash subkey 504 is placed into H field 406 of the parameter block and the HS flag is set to one in general register 0. When the HS flag is one, H field 406 in the parameter block is used as the hash subkey. In this case, the H field and HS flag are not altered. For GCM-encrypted-AES functions (function codes 26-28), the HS flag is ignored. A block of 128 binary zeros is encrypted using the AES algorithm as shown in FIG. 5A, using the decrypted key (K). In this case, H field 406 of the parameter block and the HS flag are not altered. 3. Additional Authenticated Data Hashing: Any additional authenticated data is processed by the GHASH algorithm to form a partial message tag. When the third operand length in general register R.sub.3+1 is nonzero, additional authenticated data hashing is performed. In this case, the even-numbered general register designated by the R.sub.3 operand of the instruction contains the address of a storage location containing data from which a message authentication tag is computed using the GHASH algorithm. In addition to the blocks of the third operand, the GHASH function uses hash subkey 406 and tag field 404 in the parameter block as input values. The result is obtained as if processing starts at the left end of the third operand and proceeds to the right, block by block. When one or more full 16-byte blocks of additional authenticated data remain, the processing is as illustrated in FIG. 5B, in which the operation at 510 is a bitwise exclusive OR, and the operation at 512 is a GCM multiplication operation over GF (2.sup.128)). Bradbury and the instant application are analogous art because they are from the same field of endeavor of ciphers. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Bradbury, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Bradbury to the system of BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in order to improve system processing performance. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
As per claim 8: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 6. The limitations of claim 8 are substantially similar to claim 3 above, and therefore the claim is likewise rejected.
Claims 5 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Kim et al. (US PGPub No. 2006/0126835; hereinafter “Kim”).
As per claim 5: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 1. Furthermore, wherein the shared secret key is 256-bits (As one example, the first device extensions 101g could specify the use of AES-GCM with 256 bit keys [Nix ‘424 ¶ 0076]) generated in a Key Agreement procedure (either a device 101 or a network 103 could use an ID.K.device 101i to select and mutually agree on a shared secret key K.device 101k for use in subsequent AKA protocol 223 steps [Nix ‘214 ¶ 0169]) [is divided to generate primarily the AES-GCM key which is 128-bits and followed by the IV which is 96-bits].
BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN discloses the claimed subject matter as discussed above but does not explicitly disclose is divided to generate primarily the AES-GCM key which is 128-bits and followed by the IV which is 96-bits. However, Kim teaches is divided to generate primarily the AES-GCM key which is 128-bits and followed by the IV which is 96-bits (the conventional GCM-AES block cipher apparatus. In FIG. 3, a conventional GCM-AES block cipher module B300 performs three main steps of processing (B301, B302 and B303) for a variable-length MAC frames [Kim ¶ 0019]; the key expansion module 101 expands a 128-bit key s300 received together with a MAC frame to produce 11 round keys for use s301 in encryption of the MAC frame (300), and the 11-round CTR-AES encryption module 102 generates a hash key value s307 from the generated round keys s301 (301) [Kim ¶ 0020]; In addition, in order to perform encryption, a 96-bit random Initial Vector (IV) value s302 is combined with a 32-bit data block counter (302) to produce a 128-bit counter value s303 [¶ 0026]). Kim and the instant application are analogous art because they are from the same field of endeavor of cryptographic processing. Therefore, based on BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in view of Kim, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Kim to the system of BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN in order to improve processing for high-speed operations. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim.
As per claim 10: BANERJEE in view of YANG in view of Nix ‘424 in view of Nix ‘214 in view of PHAN teaches all the limitations of claim 6. The limitations of claim 10 are substantially similar to claim 5 above, and therefore the claim is likewise rejected.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES P MOLES whose telephone number is (703)756-1043. The examiner can normally be reached M-F 8:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES P MOLES/Examiner, Art Unit 2494
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494