DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application and the preliminary amendments filed on 08/20/2024.
Claims 1-16 are currently pending in this application. Claims 1-15 have been amended. Claim 16 is new.
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 08/20/2024 and 10/14/2025 were filed. The submissions are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner except for the document, for which a copy of the document is not provided by the applicants.
Examiner’s Note
Applicants are suggested to include information from figure 8 with related text into the claims to provide a better condition for an allowance.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-16 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Applicants are suggested to review all claims for clarification, capability, compatibility issues of limitations, and some of them (not all because there are too many) are indicated below.
Claim 1 (claim 12 includes similar limitations) recites:
“… obtaining client credentials associated with a subscriber identity module of a user equipment, characterized by …”, however, it is not clear what it means (assuming as incomplete limitations);
“… sending … an access token request for an access token to authorize, for an application function (AF) outside a mobile network (30), access to a network exposure function (NEF) of the mobile network …”, however, it is not clear (1) whether the access token request is for the access token or for the application function; (2) whether the application function and the NEF have any relationship with the apparatus or not - or omitting necessary steps/components which causes the claimed limitations unclear; (3) how the access to the NEF of the mobile network is for the AF outside the mobile network – or it is not clear to define a boundary of the limitations;
“… sending … an access token request for an access token … access to a NEF … sending an access request to the NEF to access a service of the mobile network via the NEF … request comprises the received access token”, however, it is not clear whether “the access token” is for access to the NEF or to the service of the mobile network – or it is not clear to define a boundary of the limitations.
Claims 2-6, 10, 11, 13 and 15 depend from the claim 1 or 12, and are analyzed and rejected accordingly.
Claims 2 and 13 recite “The apparatus of claim 1 (or the method for the apparatus of claim 12), wherein… the subscriber identity module (SIM) is configured to store …”, however, it is not clear whether the SIM is a part of the apparatus or not (e.g., the limitations of the apparatus limiting the SIM, etc.) – it is not clear to define a boundary of the limitation/terms.
Claim 3 recites “… wherein the user equipment is comprised by … the apparatus and configured to: generate … provide …”, it is not clear the UE is a part of the apparatus or not – see the rejections to the claim 2 above (note: the limiting term, the intermediate key, of the claim 3 is a part of the claim 2 which is not selected for the examination).
Claim 4 recites “… wherein the apparatus is configured to perform the application function which is configured to send the access request and: send a request … receive the client credentials …”, however, it is not clear (1) whether “the application function” is the same as “the apparatus” or not (note: suggested to use the same term if they are the same); (2) if they are not the same, whether the processes, such as “sending the access request”, “obtaining/receiving the client credentials” etc., are performed twice by the apparatus and by the application function or not.
Claim 5 recites “… wherein the apparatus is configured to perform the application function which is configured to send the access request and: send a request for an access token … receive the access token …”, however, it is not clear (1) whether “the application function” is the same as “the apparatus” or not (note: suggested to use the same term if they are the same); (2) whether the term, “a request for an access token” is the same as “an access token request” of the claim 1 or not; (3) whether the process, receiving the access token, is performed twice by the apparatus and by the application function or not – it is not clear to define a boundary of the limitations.
Claim 6 recites “The apparatus of claim 5, wherein the user equipment comprises a cellular module configured to: in response to a request … send the access token request … receive the access token from … provide the access token …”, however, it is not clear whether the UE is a part of the apparatus or not (or how the limitations of the apparatus is limiting the UE) – capability issue.
Claim 7 (claim 14 includes similar limitations) recites:
“… the apparatus to perform: receiving, by an authorization function, an access token request, characterized in that the access token request is for an access token to authorize, for an application function (AF) outside a mobile network, access to a network exposure function (NEF) of the mobile network …”, however, it is not clear (1) how receiving by the authorization function is performed by the apparatus – a capability issue; (2) what the term, “characterized in that” means – it is not clear to define a boundary of the limitation/term; (3) whether the access token request is ”for the access token” or “for the application function”; (4) whether the application function and the NEF have any relationship with the apparatus or not - or omitting necessary steps/components which causes the claimed limitations unclear; (5) how the access to the NEF of the mobile network is for the AF outside the mobile network – or it is not clear to define a boundary of the limitations;
“… authorizing the access for the application function and generating the access token in response to verification of the client credentials, and sending the access token to authorize the access to the NEF for the application function”, however, it is not clear (1) whether the apparatus is authorizing the access to the application function or not; (2) whether “the verification of the client credentials” is performed by the apparatus or not (note: the client credentials are received by the authorization function – see above); (3) whether the apparatus is sending the access token to the application function for authorizing the access to the NEF or not - or it is not clear to define a boundary of the limitations.
Claims 8, 9 and 16 depend from the claim 7 or 14, and are analyzed and rejected accordingly.
Claim 8 recites “… receive the access token request from the application function, or from a user equipment (UE) or cellular module … behalf of the application function … send the access token … to the UE … in response to the verification of the client credentials”, however, it is not clear (1) whether the application function is a part of the UE or not; (2) whether the access token request from the application function is responded to the UE or not.
Claim 9 recites:
“… wherein the client credentials comprise an application key … based on an intermediate key based on an authentication and key agreement procedure of the user equipment with the mobile network …”, however, it is not clear (1) how the client credentials of the access token request received by the authorization function is limiting the claimed apparatus – see the limitations of the claim 7; (2) how the authentication and key agreement procedure of the UE and the mobile network is limiting the claimed apparatus (e.g., the intended use or else);
“… the apparatus is configured to send an application key request, comprising the application key identifier … to an AKMA, anchor function, receive … verify the client credentials on the basis of … include the user equipment identifier in claims of the access token”, however, it is not clear (1) how the client credentials received by the authorization function can be used by the apparatus (e.g., the authorization function sends the client credentials to the apparatus or the authorization function is a part of the apparatus, etc.); (2) what “in claims of the access token” means (e.g., in claims 7 and 8 or else).
Claim 10 recites “… wherein the client credentials comprise … a client assertion, such as a javascript object notation web token, computed based on a client secret”, however, it is not clear (1) whether the client credentials include “the javascript object notation web token” or not; (2) whether computing based on a client secret is performed by the apparatus or not.
Claim 11 recites “The apparatus … wherein the application function is an industrial network controller and the user equipment comprises or is a programmable logic controller and the access request is sent to control a mobile connectivity configuration of an industrial network”, however, it is not clear (1) how the application function being the industrial network controller and the components of the UE is limiting the claimed apparatus – or it is not clear to define a boundary of the limitations; (2) whether the access request is to access the NEF – see the claim 1 or to control the industrial network (note: the industrial network does not have any relationship with the apparatus).
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS. — Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 15 and 16 are rejected under 35 U.S.C. 112(d) as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.
The claims recite “A non-transitory computer readable medium, comprising instructions … to perform the method of claim 12 or 14”, however, the claimed medium merely instructions to perform the steps, but the medium does not perform all components of the method (e.g., the method was not executed, but simply stored on the medium). Please note that a claim directed to instructions or program is not patentable (e.g., software per se).
Applicant may cancel the claim, amend the claim to place the claim in proper dependent form, rewrite the claim in independent form, or present a sufficient showing that the dependent claim complies with the statutory requirements.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Schnieders et al. (EP 3713274 A1).
As per claim 1, Schnieders teaches an apparatus, comprising one or more processors and memory comprising instructions, when executed by the one or more processors [see par. 0113 for the computer], cause the apparatus to perform at least the following:
obtaining client credentials associated with a subscriber identity module of a user equipment, characterized by and sending, to an authorization function, an access token request for an access token to authorize, for an application function outside a mobile network (30), access to a network exposure function of the mobile network, wherein the access token request comprises the client credentials [figs. 1-3; par. 0016, lines 1-10; par. 0026, lines 1-6; par. 0028, lines 1-2; par. 0029, lines 1-4; par. 0092, lines 1-3; par. 0093, lines 1-3 of Schnieders teaches obtaining client credentials (e.g., the UE ID, the identity on the SIM assigned to the user, the SUPI or the authentication credentials) associated with a subscriber identity module of a user equipment (e.g., the SIM 111 of the UE110), characterized by, and sending, to an authorization function (e.g., the authentication server function), an access token request (e.g., the request 301) for an access token (e.g., the UE authentication or the authentication information/result/status) to authorize, for an application function (e.g., the application specific functions) outside a mobile network, access to a network exposure function (e.g., access to the company network via the NEF) of the mobile network (e.g., the company network), wherein the access token request comprises the client credentials (e.g., the UE ID, the identity on the SIM assigned to the user, the SUPI or the authentication credentials),
receiving the access token issued by the authorization function, and sending an access request to the network exposure function to access a service of the mobile network via the network exposure function, wherein the access request comprises the received access token [figs. 1-3; par. 0082, lines 1-3; par. 0086, the table; par. 0087, lines 1-5; par. 0094, lines 1-8 of Schnieders teaches receiving the access token (e.g., the UE authentication or the authentication information/result/status) issued by the authorization function (e.g., the authentication server function), and sending an access request (e.g., the request send to access the network 102) to the network exposure function (e.g., the NEF) to access a service of the mobile network (e.g., the company network/service) via the network exposure function, wherein the access request comprises the received access token (e.g., the UE authentication or the authentication information/result/status)].
As per claim 2, Schnieders teaches the apparatus of claim 1.
Schnieders further teaches wherein the subscriber identity module is configured to store at least a portion of the client credentials and the apparatus is configured to receive the at least a portion of client credentials from the subscriber identity module, or a client secret of the client credentials is based on an intermediate key generated based on a secret key of the subscriber identity module as part of an authentication and key agreement procedure of the user equipment with the mobile network [figs. 1-3; par. 0058, lines 1-10; par. 0059, lines 1-4 of Schnieders teaches wherein the subscriber identity module (e.g., the SIM) is configured to store at least a portion of the client credentials (e.g., the UE ID, the identity on the SIM assigned to the user, the SUPI or the authentication credentials) and the apparatus is configured to receive the at least a portion of client credentials from the subscriber identity module (e.g., the SIM) – see also the rejections to the claim 1, or a client secret of the client credentials is based on an intermediate key generated based on a secret key of the subscriber identity module as part of an authentication and key agreement procedure of the user equipment with the mobile network].
As per claim 3, Schnieders teaches the apparatus of claim 2.
Schnieders further teaches wherein the user equipment is comprised by or connected to the apparatus and configured to: generate an application key and an application key identifier on the basis of the intermediate key, and provide the application key and an application key identifier for the application function, wherein the client credentials comprise or are generated based on the application key and the application key identifier [par. 0059, lines 1-17 of Schnieders teaches wherein the user equipment is comprised by or connected to the apparatus and configured to: generate an application key (e.g., the key, Kc) and an application key identifier (e.g., the RAND signed with Ki) on the basis of the intermediate key (e.g., the key, Ki), and provide the application key (e.g., the key, Kc) and an application key identifier (e.g., the RAND signed with Ki) for the application function (e.g., the function of the operator’s network), wherein the client credentials (e.g., the information stored in the SIM) comprise or are generated based on the application key and the application key identifier].
As per claim 4, Schnieders teaches the apparatus of claim 1.
Schnieders further teaches wherein the apparatus is configured to perform the application function which is configured to send the access request and: send a request for client credentials to the subscriber identity module or to the user equipment comprising the subscriber identity module, and receive the client credentials from the subscriber identity module or the user equipment and include the received client credentials in the access token request [fig. 5; par. 0059, lines 1-4; paras. 0098 - 0101 of Schnieders teaches wherein the apparatus is configured to perform the application function which is configured to send the access request and: send a request for client credentials to the subscriber identity module or to the user equipment comprising the subscriber identity module, and receive the client credentials from the subscriber identity module or the user equipment and include the received client credentials in the access token request (e.g., the handshake communications between the UE 110 and the application functions of the core network) – see also rejections to the claim 1].
As per claim 5, Schnieders teaches the apparatus of claim 1.
Schnieders further teaches wherein the apparatus is configured to perform the application function which is configured to send the access request and: send a request for an access token to the user equipment comprising the subscriber identity module, and receive the access token from the user equipment after the user equipment has sent the access token request and received the access token on behalf of the application function [figs. 1-3; par. 0082, lines 1-3; par. 0083, lines 1-4; par. 0087, lines 1-5; par. 0088, lines 1-9; par. 0094, lines 1-8 of Schnieders teaches wherein the apparatus is configured to perform the application function (e.g., the function of the core network) which is configured to send the access request (e.g., the secure access to the data network 102) and: send a request for an access token to the user equipment (e.g., the UE110) comprising the subscriber identity module (e.g., the SIM of the UE), and receive the access token (e.g., the UE authentication or authentication result/information) from the user equipment after the user equipment has sent the access token request and received the access token on behalf of the application function (e.g., the application function of the core network) – see also rejections to the claim 1].
As per claim 6, Schnieders teaches the apparatus of claim 5.
Schnieders further teaches:
wherein the user equipment comprises a cellular module configured to: in response to a request for an access token from the application function, retrieve at least a portion of the client credentials from the subscriber identity module or generate at least a portion of the client credentials [figs. 1-3; par. 0057, lines 1-9; par. 0059, lines 1-4 of Schnieders teaches wherein the user equipment comprises a cellular module configured to: in response to a request for an access token from the application function (e.g., the application server, NAF) consulting the network access entity network access feature), retrieve at least a portion of the client credentials (e.g., the subscriber-specific data or authentication information/result) from the subscriber identity module or generate at least a portion of the client credentials],
send the access token request comprising the client credentials to the authorization function, receive the access token from the authorization function in response to verification of the client credentials by the authorization function, and provide the access token to the application function, wherein the application function is configured to include the access token received from the cellular module in the access request to the network exposure function [fig. 3; par. 0059, lines 1-17; par. 0064, lines 1-4; par. 0069, lines 1-2; paras. 0092-0094 of Schnieders teaches to send the access token request (e.g., the request 301) comprising the client credentials to the authorization function (e.g., the AMF or the AUSF), receive the access token from the authorization function in response to verification of the client credentials by the authorization function, and provide the access token (e.g., the authentication result/information) to the application function, wherein the application function is configured to include the access token received from the cellular module in the access request to the network exposure function (e.g., the NEF) – see also rejections to the claim 1].
Claims 7-9 are apparatus claims that correspond to (a part/combination of) the apparatus claims 1, 2, 3 and 6, and are analyzed and rejected accordingly
As per claim 10, Schnieders teaches the apparatus of claim 1.
Schnieders further teaches wherein the client credentials comprise: a client secret associated with a client identifier, a signed certificate, or a client assertion, such as a javascript object notation web token, computed based on a client secret [fig. 3; par. 0059, lines 1-17; par. 0092, lines 1-3 of Schnieders teaches wherein the client credentials (e.g., the UE ID, the identity on the SIM assigned to the user, the SUPI or the authentication credentials) comprise: a client secret associated with a client identifier, a signed certificate, or a client assertion, such as a javascript object notation web token, computed based on a client secret – see also the rejections to the claim 1].
As per claim 11, Schnieders teaches the apparatus of claim 1.
Schnieders further teaches wherein the application function is an industrial network controller and the user equipment comprises or is a programmable logic controller and the access request is sent to control a mobile connectivity configuration of an industrial network [figs. 2, 3; par. 0005, lines 1-5; par. 0066, lines 1-2; par. 0086, the table; par. 0094, lines 1-8 of Schnieders teaches wherein the application function is an industrial network controller (e.g., controlling the company network) and the user equipment comprises or is a programmable logic controller and the access request is sent to control a mobile connectivity configuration of an industrial network (e.g., the authenticated connection between UE and the company network – see also rejections to the claim 1].
Claims 12, 13 and 15 are method or medium claims that correspond to the apparatus claims 1 and 2, and are analyzed and rejected accordingly.
Claims 14 and 16 are method and medium claim, respectively, that correspond to the apparatus claim 7, and are analyzed and rejected accordingly.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571) 270-7845. The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAUNG T LWIN/Primary Examiner, Art Unit 2495