DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a non-final office action in response to applicant’s preliminary amendment filed on 8/1/2024.
Claims 1, 8-10, 15 are amended claims. Claims 2-7, 11-14 are original claims. Claims 16-20 are new claims. Claims 1-20 are pending and being considered.
Priority
Applicant’s claim for the benefit of a prior-filed application (No. 63/306,011, filed on 2/2/2022) under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. The instant application is a 371 of PCT/IB2023/050894 filed on 2/1/2023.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/1/2024, has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copy of Applicant’s IDS form 1449 filed as stated above is attached to the instant Office Action.
Claim Objections
Claims 1, 5-6, 12-15, 18-20 are objected to because of the following informalities:
Claim 1 line 9, recites “perform inference data collection”, and further recites “the inference data collected” and “the inference data” in claim 7. For antecedent basis concern, applicant is suggested to recite, perform collection of inference data, or collect inference data.
Similarly, claim 15.
Claim 5 lines 4-5, “evaluation target information” may read “the evaluation target information”.
Similarly claim 19 line 4.
A claim with language of “comprises A, B, …, or a combination thereof” is interpreted as comprises any one of A, or B, or …
For instance, claim 11 recites “wherein the first response message further comprises trust information, a root cause code, a recommended action to ensure seamless network service, or a combination thereof”, and claim 13 depends on claim 11, and further recites, “wherein the root cause code comprises a code corresponding to: man-in-the middle attack, …, or a combination thereof”, in which “the root cause code” is assumed to have antecedent basis support from claim 11.
This claim dependency applies to claims 6, 12-14, 18, 20.
Appropriate correction is suggested.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 7-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 line 1 recites “the inference data”. There is insufficient antecedent basis for this limitation in the claim. See Objection to claim 1 above.
Similarly, for claim 8 line 1.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-12, 15-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lehtovirta et al (US20220394473A1, hereinafter, “Lehtovirta”).
Regarding claim 1, similarly claim 15, Lehtovirta teaches:
An apparatus for performing a first network function (NF), A method of performing a first network function (NF) (Lehtovirta, discloses method performed by a network equipment of a communication network to dynamically provide trust information to a communication device registered or being registered to the communication network, see [Abstract]), the apparatus/method comprising: at least one memory; and at least one processor (Fig. 9, Processor and Memory) coupled with the at least one memory and configured to cause the apparatus to:
receive a first request message from a second NF, wherein the first request message comprises a trust service subscription request message corresponding to a trust service subscription (Refer to Fig. 4, and [0066] 1) The UE (i.e., second NF) initiates (block 401) registration by sending Registration Request message to the VPLMN AMF. Further see [0067-0070], in particular, [0070] 7) The UDM decides (407) to send the Trust Information with Steering Information, and obtains the Steering Information list as described in TS 23.122 v.16.3.0. The UDM associates a Trust Information to each PLMN/access technology combination. This Trust Information indicates whether a PLMN/access technology combination is considered trusted. Examiner notes, Lehtovirta’s registration request message (i.e., first request message) can be interpreted as trust service subscription request message);
perform inference data collection (Refer to Fig. 11, [0167] FIG. 11 is a block diagram illustrating further operations of network equipment (900) for determining (1001) the trust information for each of the one or more access networks. In block 1101, the processing circuitry 903 obtains (1101) a list of the one or more access networks. In block 1103, the processing circuitry 903 associates (1103) the trust information to each of the one or more of the access networks in the list of the one or more access networks resulting in a trust information list (i.e., inference data collection). In block 1103, the processing circuitry 903 protects (1105) the trust information list with a key shared with the communication device to obtain a protected trust information list);
perform a trust evaluation service corresponding to the trust service subscription to produce trust evaluation data, wherein the trust evaluation service is performed based at least in part on the inference data collected ([0163] FIG. 10 is a flow chart illustrating a method performed by a network equipment (900) of a communication network to dynamically provide trust information to a communication device (800). In block 1001, the processing circuitry 903 may determine (1001) a trust information for each of one or more access networks. The trust information indicates whether each of the one or more access networks is trusted);
and transmit a first response message to the second NF, wherein the first response message comprises information corresponding to the trust evaluation data (Refer to Fig. 7, at 705, and [0129] 5. The UDM obtains (block 705) the Trust Information related to the PLMN/access technology combination where authentication was performed and associates the trust info to the PLMN/ access technology combination. This Trust Information indicates whether a PLMN/access technology combination is considered trusted. And [0130] 6. The UDM protects the Trust info and sends (i.e., transmit) it to the UE… And [0163] In block 1003, the processing circuitry 903 may indicate (1003) to the communication device (800) whether the one or more access networks is trusted for a current session or a later session).
Regarding claim 2, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the apparatus comprises a trust evaluation and enabler service function and/or framework (TESF), security monitoring and evaluation function ([0165] the network equipment (900) is: (1) a unified data management, UDM, equipment, (2) an authentication server function, AUSF, equipment, … [0166] the network equipment (900) is: (1) a security anchor function, SEAF, equipment, (2) an access management function, AMF, equipment), network data analytics function, or a combination thereof, and wherein the second NF comprises a trust service consumer function ([0106] 1) The UDM decides (block 601) to perform the UE Parameters Update (UPU) using the control plane procedure while the UE is registered to the 5G system. If the final consumer of any of the UE parameters to be updated (e.g., the updated Routing ID Data) is the USIM, the UDM shall protect these parameters using a secured packet mechanism (see 3GPP TS 31.115 v.15.0.0) to update the parameters stored on the USIM. Examiner notes, since UE receives the trust information from UDM, therefore UE comprises a trust service consumer function. In addition, the claim does not define what the trust service consumer function is).
Regarding claim 3, similarly claim 17, Lehtovirta teaches the apparatus of claim 1, the method of claim 15,
Lehtovirta further teaches: wherein the first request message further comprises trust service consumer information, evaluation target information, or a combination thereof (Fig. 4 at 401-402, UE initiates (block 401) registration and authentication of UE suggests the trust service consumer information).
Regarding claim 4, similarly claim 18, Lehtovirta teaches the apparatus of claim 3, the method of claim 17,
Lehtovirta further teaches: wherein the trust service consumer information comprises a NF identifier (ID), an NF type, an NF fingerprint, a container fingerprint, an NF software configuration, release information, or a combination thereof (Fig. 4 at 401-402, UE initiates (block 401) registration and authentication of UE suggests the trust service consumer information and in this case UE’s identifier is the trust service consumer information. It is well known in the arts that authentication of the UE requires UE’s identifier).
Regarding claim 5, similarly claim 19, Lehtovirta teaches the apparatus of claim 3, the method of claim 17,
Lehtovirta further teaches: wherein the first request message further comprises a list of trust service related service codes, configuration issue information, an attack alert, a threat alert, a malfunction alert, an overload alert, a flooding alert, a critical location alert, software issue information, a target of trust service reporting, evaluation target information, a notification of a target address, a subscription correlation identifier, a trust service target period, a reporting mode, a trust level specific cause code required indication, or a combination thereof ([0066] 1) The UE initiates (block 401) registration by sending Registration Request message to the VPLMN AMF. And [0067] As part of the registration procedure, the VPLMN AMF executes (block 402) primary authentication of the UE and then initiates (block 403) the non-access stratum (NAS) security mode command (SMC) procedure (i.e., trust service related service codes)).
Regarding claim 6, similarly claim 20, Lehtovirta teaches the apparatus of claim 5, the method of claim 19,
Lehtovirta further teaches: wherein the evaluation target information comprises a user equipment (UE) ID, a NF ID having NF type information, an application function (AF) ID having AF information, or a combination thereof (Fig. 4 at 401-402, UE initiates (block 401) registration and authentication of UE suggests the evaluation target information and in this case UE’s identifier is the UE ID. It is well known in the arts that authentication of the UE requires UE’s identifier).
Regarding claim 7, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the inference data comprises: data from evaluation targets, a malformed message, a signed NF information, a container image, a package, NF deployed location and platform information, a software configuration information change alert, a malicious activity alert, malicious behavior information, a trigger and/or alert related to an unintended configuration and/or an operational change, a message exceeding a configured limit per time instance, repeated authentication failure information, a network generated location mismatch, a UE generated location mismatch, radio resource control (RRC) overflow information related to any UE ID, non-access stratum (NAS) overflow information related to any UE ID, malicious subscription data request overflow for any UE ID at a unified data management (UDM), malicious traffic information for local user plane functions (UPFs) from the UE, malicious signaling to the local UPFs from a radio access network (RAN), or a combination thereof (e.g., [0137] properties of the access node are: [0138] type of access node (e.g., WLAN, Bluetooth, Zigbee, trusted non-3GPP access point (TNAP), Laser, optical fiber, copper cable, etc.); [0139] type of radio access technology (e.g., narrowband internet of things (NB-IOT), long term evolution for machines (LTE-M), new radio (NR), etc.); [0140] location of the access node (e.g., cinema hall, latitude, longitude, altitude, behind concrete wall, etc.) (i.e., data from evaluation targets)).
Regarding claim 8, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the inference data is collected from evaluation targets using another NF or a management function (e.g., [0145] properties of the access node are determined based on information obtained from VPLMN/serving public land mobile network (SPLMN) or from HPLMN or from external source (e.g., 3rd party file)).
Regarding claim 9, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the at least one processor is configured to cause the apparatus to receive a second request message from the second NF, and the second request message comprises a trust evaluation request message corresponding to the trust service subscription (Lehtovirta teaches the first request message from the second NF as shown in claim 1, therefore, similarly teaches the second request message from the second NF).
Regarding claim 10, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the at least one processor is configured to cause the apparatus to receive a third request message from the second NF, and the third request message comprises a trust service unsubscription request message corresponding to the trust service subscription (Lehtovirta teaches receive the first request message from the second NF as shown in claim 1, similarly can teaches receive the third request message from the second NF. Examiner notes it is well known in the arts that unsubscription is opposite to subscription and the claim does not further positively recite the unsubscription).
Regarding claim 11, Lehtovirta teaches the apparatus of claim 1,
Lehtovirta further teaches: wherein the first response message further comprises trust information, a root cause code, a recommended action to ensure seamless network service, or a combination thereof (e.g., Fig. 10, and [0163] The trust information (i.e., response message comprises trust information) indicates whether each of the one or more access networks is trusted. In block 1003, the processing circuitry 903 may indicate (1003) to the communication device (800) whether the one or more access networks is trusted for a current session or a later session).
Regarding claim 12, Lehtovirta teaches the apparatus of claim 11,
Lehtovirta further teaches: wherein the trust information comprises values to represent a security state of an evaluation target NF, values to represent a reliability of the evaluation target NF, values to represent a trust worthiness of the evaluation target NF, or a combination thereof ([0171] ... transmitting the trust information list to an authentication server function, AUSF, and receiving a protected trust information list from the AUSF or a message authentication code, MAC, value for the protected trust information list).
Regarding claim 16, Lehtovirta teaches the method of claim 15,
Lehtovirta further teaches: wherein the second NF comprises a trust service consumer function ([0106] 1) The UDM decides (block 601) to perform the UE Parameters Update (UPU) using the control plane procedure while the UE is registered to the 5G system. If the final consumer of any of the UE parameters to be updated (e.g., the updated Routing ID Data) is the USIM, the UDM shall protect these parameters using a secured packet mechanism (see 3GPP TS 31.115 v.15.0.0) to update the parameters stored on the USIM. Examiner notes, since UE receives the trust information from UDM, therefore UE comprises a trust service consumer function. In addition, the claim does not define what the trust service consumer function is).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Lehtovirta as applied above to claim 11, in view of Hariri et al (US20210367958A1, hereinafter, “Hariri”).
Regarding claim 13, Lehtovirta teaches the apparatus of claim 11,
Lehtovirta does not specifically teach, in the same field of endeavor Hariri teaches:
wherein the root cause code comprises a code corresponding to: man-in-the middle attack, denial of service (DoS) attack, distributed DoS (DDoS) attack, an injection attack, a flooding attack on a service based interface (SBI), a flooding attack on a security edge protection proxy (SEPP), a NF hijack, a NF compromise, internet protocol (IP) spoofing, a protocol or implementation flaw, an NF deployment location, a security threat, or a combination thereof (Hariri, discloses system and method of autonomic incident response system for securing a cyber system against known and unknown attacks, see [Abstract]. And [0007] The principal object of the present invention is therefore directed to providing an autonomic incident response to detected attacks and shows the current state, the root cause of the detected attacks, and explain the effectiveness of the suggested responses (i.e., root cause code)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hariri in the dynamically providing trust information to a communication device of Lehtovirta by providing incident responses system for providing an autonomic incident response with the root cause of the detected attacks. This would have been obvious because the person having ordinary skill in the art would have been motivated to provide an autonomic incident response to detected attacks (Hariri, [Abstract], [0007]).
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Lehtovirta as applied above to claim 11, in view of Carroll et al (US20150150090A1, hereinafter, “Carroll”).
Regarding claim 14, Lehtovirta teaches the apparatus of claim 11,
Lehtovirta does not specifically teach, in the same field of endeavor Carroll teaches:
wherein the recommended action comprises information indicating: network slice selection enforcement based on a trust value, a network slice selection assistance information (NSSAI) configuration with a required trust value, security context sharing and/or usage policy enforcement information, a trigger for network slice reselection, an update to maintain a trust value per network slice within a time window, UE context sharing restrictions among NFs, service based interface (SBI) connection information, a trigger UE de-registration with a re-registration indication to a slice, a trigger radio resource control (RRC) connection release and assign back-off timer, to terminate a malicious relay node and/or reselect a relay node, a network triggered access and mobility management function (AMF) reallocation, a network triggered RAN reallocation, or a combination thereof (Carroll, discloses system and method for identity and reputation scores, see [Abstract]. And [0051] In some embodiments, the card 250 may include information or hints for how the user can improve their trust score 252… gamification techniques can be used to prompt users to improve their trust score. And [Claim 6] providing information to the user on how to improve their trust score, the information recommending that the user perform actions including providing a valid email address, linking an electronic signature service account associated with the user with a social network account associated with the user …; and in response to the user performing one of the recommended actions, increasing the user's trust score).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Carroll in the dynamically providing trust information to a communication device of Lehtovirta by providing information to the user on how to improve their trust score. This would have been obvious because the person having ordinary skill in the art would have been motivated to use the trust score to recommend authentication mechanisms for user to electronic signature transactions (Carroll, [Abstract]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Han et al (US20230269141A1) discloses method and device for providing network analytics information by means of a network data collection and analytics function (NWDAF) entity in a wireless communication network: receiving, from a consumer network function (NF), a request message including information indicating a request time interval related to analytics information; in response, transmitting to the consumer NF, a response message including information notifying that real-time analytics information can be provided; and transmitting, to the consumer NF, the analytics information corresponding to the request message within the request time interval.
Lee et al (KR101775658B1-IDS) discloses a trust-based smart work system and a method by collecting trust data using various sensing devices and user trust data agents, generating trust information which defines a trust relationship between trust objects, and providing trust information to a smart work service portal, thereby setting the information access right of each object according to a trust level between objects performing the smart work, and performing the service and device use control.
Oh et al (US20220167174A1) discloses an intelligent trust enabler system for a 5G IoT environment which includes, an IoT trust enabler mounted on an edge and gateway on a 5G IoT infrastructure, for providing trust information based on data collected from IoT devices and performing operation and management of connected IoT resources, and an IoT trust agent for providing a legacy environment for the IoT trust enabler.
Bachmutsky et al (US20190141536A1) discloses a service coordinating entity device with communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity.
Chan et al (US20200220862A1) discloses systems and methods for establishing, or re-establishing, trust for a network device. A user device may send, via a network device, a service request to establish trust for the network device in a network. The service request may comprise, or may allow look up of, identifying information for the network device, such as a network address. Trust of the network device may be established, at least in part, by confirming the network address (or other identifying information) associated with the network device, and/or by confirming certain devices that are in communication with the network device.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436