DETAILED ACTION
In response to the communication filed on 07/25/2024, responded in following.
On this Office Action, claims 1-19 and 21, consisting of independent claims 1, 11, 15 and 21.
Claims 1-19 and 21 are pending.
Claims 1-19 and 21 are rejected under the 35 USC § 103.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/26/2024, 07/14/2025 and 02/18/2026. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings were received on 07/25/2024. These drawings are accepted.
Priority
The benefit of 63/304,390 filed on 01/28/2022 has been acknowledged.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-6, 9-11, 15-17 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. (US 20250008309 A1, hereinafter “Kim”) in view of Guo et al. (US 20230209329 A1, hereinafter “Guo”).
Regarding independent claim 1, Kim discloses a user equipment (UE) for wireless communication, comprising:
at least one memory; and at least one processor coupled with the at least one memory and configured to cause the UE to (Kim: [0030] The terminal may include UE (user equipment), MS (mobile station), cellular phone, smartphone, computer, or multimedia system capable of performing communication functions; [0166] Referring to FIG. 11 , a UE 1100 communicating with a base station or another network entity in a wireless communication system may include a transceiver 1101, a controller 1102, and a storage unit 1103. The controller 1102 may be defined as a circuit or application-specific integrated circuit or at least one processor):
transmit a data exposure notification comprising at least user consent data (Kim: [0089] The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may include information about API invocation capability related to network exposure or network capability exposure of the UE 401. … The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may further include user consent (“transmitting a data exposure notification comprising at least user consent data”) for the UE subscriber to share the UE-related information to the outside in the 3GPP network); and
receive a data exposure response acknowledgement that indicates the user consent data is stored for reference of a user consent (Kim: [0099] In step 440, the AMF 402 transfers, to the UE 401, information (e.g., NEF information, CCF information, or AEF information) related to whether to allow API invocation related to the network function exposure service accessible by the corresponding UE subscriber, which is provided from the SMF 403 (“receive a data exposure response acknowledgement”)).
Kim discloses, in paragraph [0088-0089], that “The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may include information about API invocation capability related to network exposure or network capability exposure of the UE 401.” However, Kim does not disclose, but Guo, in a same field of endeavor, teaches the wireless communication, wherein transmit information to trigger a user consent provisioning procedure (Guo: [0169] At 1102, a UE, such as UE 106, may initiate a PDU Session Modification procedure by transmitting a NAS message to an access network (AN) (“transmit information to trigger a user consent”), such as radio AN ((R)AN) 604, which may include sending the NAS message to a base station, such as base station 604. The NAS message may include various information as defined by clause 4.3.3.2 of 3GPP TS 23.502 (“information to trigger a user consent”). In addition, the NAS message may include a user consent update request).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to transmit information to trigger a user consent provisioning procedure. One of ordinary skill in the art would have been motivated to make this modification because triggering a handshake message is crucial for establishing reliable, secure communication, enabling devices to verify identities, agree on encryption standards, and synchronize data flow.
Regarding claim 2, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the UE of claim 1, wherein the user consent data is one of stored local to a common application programming interface framework, or stored on network storage by a network storage function (Kim: [0089] In this case, the user consent may be limited to consent to sharing information related to the use of the service received through the session to the outside (“stored on network storage”). Additionally, the user consent may include a specification of information that may be shared externally in the 3GPP network for each available service).
Regarding claim 3, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the UE of claim 1, wherein the information is a resource owner data notification trigger transmitted to a common application programming interface framework of a network after the UE is registered to the network (Kim: [0085] Referring to FIG. 3 , a common application program interface (API) framework (CAPIF) 300 includes at least one API invoker 301, a CAPIF core function (CCF) 302, an API exposing function (AEF) 303, an API publishing function 304, and an API management function 305; After steps 410-440 (“after the UE is registered to the network”), [0100] In step 445, the modem 401-3 in the UE 401 transfers information (e.g., NEF information, CCF information, or AEF information) related to whether to allow API invocation related to the network function exposure service accessible by the corresponding UE subscriber, which is provided from the AMF 402, to an higher layer application client (AC) 401-1 and/or a dedicated client (e.g., an EEC, a CAPIF client (“a resource owner data notification trigger transmitted to a common application programming interface framework”), or an NEC) 401-2; [0102] the scope of the disclosure may include an embodiment of transferring, to the UE via the SMF, information related to whether to allow API invocation related to the network function exposure service accessible by the UE subscriber described in connection with FIG. 3 from the UDM while the UE or network performs a PDU session modification procedure disclosed).
Regarding claim 4, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the UE of claim 1, wherein the information is a resource owner data notification trigger transmitted to a core network function of a network, bypassing one or more of another core network function or a common application programming interface framework of the network (Kim: [0085] Referring to FIG. 3 , a common application program interface (API) framework (CAPIF) 300 (“a common application programming interface framework of the network”) includes at least one API invoker 301, a CAPIF core function (CCF) 302, an API exposing function (AEF) 303, an API publishing function 304, and an API management function 305; [0102] the scope of the disclosure may include an embodiment of transferring, to the UE via the SMF, information related to whether to allow API invocation related to the network function exposure service accessible by the UE subscriber described in connection with FIG. 3 from the UDM while the UE or network performs a PDU session modification procedure disclosed).
Regarding claim 5, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the UE of claim 1, wherein the data exposure notification is a resource owner data exposure notification comprising at least one or more of a UE identifier, a resource owner identifier, or the user consent data (Kim: [0089] the PDU session establishment request message transmitted from the UE 401 to the AMF 402 may further include user consent (“user consent data”) for the UE subscriber to share the UE-related information to the outside in the 3GPP network).
Regarding claim 6, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the UE of claim 1, wherein the at least one processor is configured to cause the UE to form a key derivation function input for key generation, the key derivation function input comprising one or more of: a resource owner identifier, a UE identifier, a refresh parameter, an application identifier, an application programming interface exposing function identifier, or a common application programming interface framework function identifier (Kim: [0091] For example, the AMF 402 may transfer the PDU session establishment request message received from the UE 401 to the SMF 403 in the form of the Nsmf_PDU session_CreateSMContextRequest message defined in the 3GPP TS 23.502 standard, including information about the API invocation capability related to network function exposure of the UE 401 [0093] According to an embodiment, when the API invocation capability information related to network function exposure of the UE includes information (ID or type) about the client performing API invocation installed in the UE).
Regarding claim 9, the combination of Kim and Guo teaches all elements of the current invention as stated above. Guo discloses the UE of claim 1, wherein the at least one processor is configured to cause the UE to transmit a resource owner data exposure update notification comprising at least one or more of a UE identifier, a resource owner identifier, or updated user consent data (Guo: [0143] Embodiments described herein provide systems, methods, and mechanisms to support revocation and/or modification of user consent in MEC, including systems, methods, and mechanisms for modification/revocation of user consent through a Network Exposure Function (NEF), periodic updates of user consent, and UE initiated modification of user consent).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to transmit, by the UE, a resource owner data exposure update notification comprising at least one or more of a UE identifier, a resource owner identifier, or updated user consent data. One of ordinary skill in the art would have been motivated to make this modification because Revocation/Modification of User Consent may be possible, and it provides essential control over personal data, security, and digital privacy.
Regarding claim 10, the combination of Kim and Guo teaches all elements of the current invention as stated above. Guo discloses the UE of claim 1, wherein the at least one processor is configured to cause the UE to transmit a resource owner data exposure revoke notification indicating to revoke the user consent (Guo: [0143] Embodiments described herein provide systems, methods, and mechanisms to support revocation and/or modification of user consent in MEC, including systems, methods, and mechanisms for modification/revocation of user consent through a Network Exposure Function (NEF), periodic updates of user consent, and UE initiated modification of user consent).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to transmit, by the UE, a resource owner data exposure revoke notification indicating to revoke the user consent. One of ordinary skill in the art would have been motivated to make this modification because Revocation/Modification of User Consent may be possible, and it provides essential control over personal data, security, and digital privacy.
Regarding independent claim 11, Kim discloses a network device for wireless communication, comprising:
at least one memory; and at least one processor coupled with the at least one memory and configured to cause the network device to (Kim: [0030] The terminal may include UE (user equipment), MS (mobile station), cellular phone, smartphone, computer, or multimedia system capable of performing communication functions; [0166] Referring to FIG. 11 , a UE 1100 communicating with a base station or another network entity in a wireless communication system may include a transceiver 1101, a controller 1102, and a storage unit 1103. The controller 1102 may be defined as a circuit or application-specific integrated circuit or at least one processor):
receive a resource owner data exposure notification comprising at least user consent data (Kim: [0089] The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may include information about API invocation capability related to network exposure or network capability exposure of the UE 401. … The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may further include user consent (“a resource owner data exposure notification comprising at least user consent data”) for the UE subscriber to share the UE-related information to the outside in the 3GPP network);
store the user consent data at least one of local to a common application programming interface framework, or on network storage by a network storage function (Kim: [0092] In step 420, the SMF 403 receiving the PDU session establishment request message from the AMF 402 requests the UE subscriber-related information from the UDM 404. For example, the SMF 403 may include information about the API invocation capability related to network function exposure of the UE 401 in the Nudm SDM Get message defined in the 3GPP TS 23.502 standard and transmit the information to the UDM 404 to request the information related to the UE subscriber); and
transmit, to the UE, a data exposure response acknowledgement that indicates the user consent data is stored for reference of a user consent (Kim: [0099] In step 440, the AMF 402 transfers, to the UE 401, information (e.g., NEF information, CCF information, or AEF information) related to whether to allow API invocation related to the network function exposure service accessible by the corresponding UE subscriber, which is provided from the SMF 403).
Kim discloses, in paragraph [0088-0089], that “The PDU session establishment request message transmitted from the UE 401 to the AMF 402 may include information about API invocation capability related to network exposure or network capability exposure of the UE 401.” However, Kim does not disclose, but Guo, in a same field of endeavor, teaches the wireless communication, wherein receive, from a user equipment (UE), information to trigger a user consent provisioning procedure (Guo: [0169] At 1102, a UE, such as UE 106, may initiate a PDU Session Modification procedure by transmitting a NAS message to an access network (AN) (“transmit information to trigger a user consent”), such as radio AN ((R)AN) 604, which may include sending the NAS message to a base station, such as base station 604. The NAS message may include various information as defined by clause 4.3.3.2 of 3GPP TS 23.502. In addition, the NAS message may include a user consent update request).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to receive, from a user equipment (UE), information to trigger a user consent provisioning procedure. One of ordinary skill in the art would have been motivated to make this modification because triggering a handshake message is crucial for establishing reliable, secure communication, enabling devices to verify identities, agree on encryption standards, and synchronize data flow.
Regarding independent claim 15, it is a method claim that corresponds to claim 1. Therefore, the claim is rejected for at least the same reasons.
Regarding claim 16, it is a method claim that corresponds to claim 9. Therefore, the claim is rejected for at least the same reasons.
Regarding claim 17, it is a method claim that corresponds to claim 10. Therefore, the claim is rejected for at least the same reasons.
Regarding independent claim 21, it is a controller claim that corresponds to claim 1. Therefore, the claim is rejected for at least the same reasons.
Claims 7-8, 12-14 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. (US 20250008309 A1, hereinafter “Kim”) in view of Guo et al. (US 20230209329 A1, hereinafter “Guo”) as applied to claims above, and further in view of Chan et al. (US 20200374275 A1, hereinafter “Chan”).
Regarding claim 7, the combination of Kim and Guo teaches all elements of the current invention as stated above. However, the combination does not teach, Chan, in a same field of endeavor, discloses the UE of claim 1, wherein the at least one processor is configured to cause
the UE to establish a secure session with a common application programming interface framework function using a shared key derived from a common application programming interface framework key (Chan: [0082] Then a PKCS#11 API call “C_DeriveKey( )” may be used to derive the DH shared secret GK1_Prime as a session key inside the HSM).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to establish a secure session with a common application programming interface framework function using a shared key derived from a common application programming interface framework key. One of ordinary skill in the art would have been motivated to make this modification because Key Derivation Functions (KDFs) enhance computer security by transforming weak, low-entropy input (like user passwords or shared secrets) into strong, uniformly random cryptographic keys.
Regarding claim 8, the combination of Kim, Guo and Chan teaches all elements of the current invention as stated above. Chan discloses the UE of claim 7, wherein a refresh parameter includes one or more of a counter, a nonce, or random number to generate a new key from the shared key for the secure session (Chan: [0082] Then a PKCS#11 API call “C_DeriveKey( )” may be used to derive the DH shared secret GK1_Prime as a session key inside the HSM).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to include a refresh parameter having one or more of a counter, a nonce, or random number to generate a new key from the shared key for the secure session. One of ordinary skill in the art would have been motivated to make this modification because a session key ensures perfect forward secrecy, meaning if one session key is stolen, past communications remain encrypted, while providing high-performance, real-time encryption for applications.
Regarding claim 12, the combination of Kim and Guo teaches all elements of the current invention as stated above. However, the combination does not teach, Chan, in a same field of endeavor, discloses the network device of claim 11, wherein the at least one processor is configured to cause the network device to establish a secure session with the UE using a shared key derived from a common application programming interface framework key (Chan: [0082] Then a PKCS#11 API call “C_DeriveKey( )” may be used to derive the DH shared secret GK1_Prime as a session key inside the HSM).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to establish a secure session with the UE using a shared key derived from a common application programming interface framework key. One of ordinary skill in the art would have been motivated to make this modification because Key Derivation Functions (KDFs) enhance computer security by transforming weak, low-entropy input (like user passwords or shared secrets) into strong, uniformly random cryptographic keys.
Regarding claim 13, the combination of Kim and Guo teaches all elements of the current invention as stated above. Chan discloses the network device of claim 12, wherein a refresh parameter includes one or more of a counter, a nonce, or random number to generate a new key from the shared key for the secure session (Chan: [0082] Then a PKCS#11 API call “C_DeriveKey( )” may be used to derive the DH shared secret GK1_Prime as a session key inside the HSM).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to includes one or more of a counter, a nonce, or random number to generate a new key from the shared key for the secure session. One of ordinary skill in the art would have been motivated to make this modification because a session key ensures perfect forward secrecy, meaning if one session key is stolen, past communications remain encrypted, while providing high-performance, real-time encryption for applications.
Regarding claim 14, the combination of Kim and Guo teaches all elements of the current invention as stated above. Kim discloses the network device of claim 13, wherein the at least one processor is configured to cause the network device to:
obtain UE identifying data that is stored locally (Kim: [0091] For example, the AMF 402 may transfer the PDU session establishment request message received from the UE 401 to the SMF 403 in the form of the Nsmf_PDU session_CreateSMContextRequest message defined in the 3GPP TS 23.502 standard, … [0093] According to an embodiment, when the API invocation capability information related to network function exposure of the UE includes information (ID or type) (“UE identifying data”) about the client performing API invocation installed in the UE).
However, the combination does not disclose, Chan, in a same field of endeavor, discloses the network device of claim 13, wherein the at least one processor is configured to cause the network device to:
utilize the UE identifying data and the refresh parameter as input for key generation of the new key to establish the secure session between the UE and a common application programming interface framework function (Chan: [0071] The operations to obtain the decrypted personalization data depend upon whether the personalization data was simply encrypted with the second intermediate global key GK_2 (as shown in FIG. 2) or encrypted with the unique key UK (as shown FIG. 3) (“utilize the UE identifying data and the refresh parameter for key generation”). If the personalization data PD was simply encrypted with second intermediate global key GK_2, this is used to decrypt the personalization data PD in the HSM 124, for example, by making a PKCS#11 application program interface (API) call “C_Unwrap( )” with the parameter Enc(GK_2, PD) from the original globally encrypted personalization data (“secure session”)); and
form a key derivation function input for the key generation, the input comprising one or more of: a resource owner identifier, a UE identifier, the refresh parameter, an application identifier, an application programming interface exposing function identifier, or a common application programming interface framework function identifier (Chan: [0070] the second intermediate global key GK_2 must be derived or retrieved. This can be accomplished by deriving the first intermediate global key GK_1 from the parameter KL_Param1 and global root key GK_0 (which is securely stored and protected in the HSM 124 of the provisioning entity 112) using KDF1 204 (“a key derivation function input for the key generation”)).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the network function exposure service disclosed by Kim with the teachings of Guo to utilize the UE identifying data and the refresh parameter as input for key generation of the new key to establish the secure session between the UE and a common application programming interface framework function; and form a key derivation function input for the key generation, the input comprising one or more of: a resource owner identifier, a UE identifier, the refresh parameter, an application identifier, an application programming interface exposing function identifier, or a common application programming interface framework function identifier. One of ordinary skill in the art would have been motivated to make this modification because Key Derivation Functions (KDFs) enhance computer security by transforming weak, low-entropy input (like user passwords or shared secrets) into strong, uniformly random cryptographic keys.
Regarding claim 18, it is a method claim that corresponds to claim 7. Therefore, the claim is rejected for at least the same reasons.
Regarding claim 19, it is a method claim that corresponds to claim 8. Therefore, the claim is rejected for at least the same reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
GANDIKOTA et al. (US 20240155478 A1): [0064] In operation 304, a second network slice having an established Always-On-PDU session may be identified based on the one or more PDU session requirements defined in the application request. Herein, the second network slice has an Always-On-PDU session which is in compliance with the PDU session requirements of the application request.
ITO et al. (US 20210144550 A1): [0101] 1. The API invoker 20 sends the Onboarding API invoker request to the CAPIF core function 21 with the API Invoker Information along with the subscription identification information, subscription identifier, subscriber identifier or device identifier, user or device specific application identifier, requested subscription type, its locations Trust Zone Level Indication or zone identifier (Zone ID) and the maximum or minimum Onboarding Lifetime (Optional parameter).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524. The examiner can normally be reached 9:00 AM- 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANDREW SUH/Examiner, Art Unit 2493