SUBSCRIPTION PROCESSING METHOD AND APPARATUS

§102 §103 §112

DETAILED ACTION Claims 1-3, 5, 7-8, 11-12, 14-16, 19, 22-23, 25-26, 28, 30, 34 and 37 are pending. Claim 37 is newly added. Claims 3, 5, 8, 11-12, 16, 19, 22-23, 25-26, 28, 30 and 34 are currently amended. Claims 4, 6, 9-10, ,13, 17-18, 20-21, 24, 27, 31-33 and 35-36 are canceled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 08/22/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Objections Claim 8 is objected to because of the following informalities: The claims recite the acronym “NEF” without spelling out the acronym at its first occurrence. The Examiner suggest the acronym to be spelled out to recite “Network Exposure Function”. Appropriate correction is required. Claim 16 is objected to because of the following informalities: The claims recite the acronym “an Nnef_EventExposureSubscribe service, or an Nnef_EventExposureUnsubscribe service” without spelling out the acronym at its first occurrence. The Examiner suggest the acronym to be spelled out to recite “Network Exposure Function event exposure subscription service” and “Network Exposure Function event exposure unsubscription service”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 16 discloses a second preset access authorization policy but does not discloses a first preset access authorization policy, so it is unclear how there is a second preset policy. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 14 and 37 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by NPL (3GPP TSG-SA3 Meeting/ S3-213363), hereinafter Huawei (as cited in the IDS on 11/06/2024). Regarding independent claim 14, Huawei teaches a subscription processing method, performed by a second entity, comprising: receiving a first service request message sent by a first entity, wherein the first service request message comprises an access token, and the access token is used for representing security verification information used by the first entity in requesting to process a subscription service (Huawei, Figure 6; page 2, sections 0-2; AF sends AF token included in request for subscriptions to NEF); performing a security verification on the first entity according to the access token (Huawei, Figure 6; page 2, sections 0.-4.; NEF checks whether AF is authorized); and sending a first service response message to the first entity according to a result of the security verification, wherein the first service response message comprises a processing result of the subscription service (Huawei, Figure 6; page 2, sections 0.-4.; response message from NEF after determining authorization). Regarding claim 37, Huawei teaches a second entity, comprising: a processor, and a memory for storing instructions executable by the processor; wherein, the processor is configured to execute the method of claim 14 (see above claim 14 rejection). Claim(s) 25-26 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Aggarwal et al. (US Patent No. 11,425,636). Regarding independent claim 25, Aggarwal teaches a subscription processing event subscription method, performed by a third entity, comprising: receiving a token request message, wherein the token request message is a message sent by a first entity according to a subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 16 and column 13, lines 21-27; NRF receive access token request from Nfc1 to subscribe to NFp); determining, according to the token request message, whether the first entity satisfies a first preset access authorization policy (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; determine authorization based on preconfigured policy); in a case that it is determined that the first entity satisfies the first preset access authorization policy, obtaining an access token, wherein the access token is used for representing security verification information used by the first entity in requesting to process the subscription service (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; determine authorization based on preconfigured policy and generate access token, access token sent in the subscribe request); and sending a token response message to the first entity according to the access token, wherein the token response message is used for instructing the first entity to obtain the access token (Aggarwal, column 10, line 65- column 11, line 3 and column 13, lines 21-38 and column 12, lines 13-55; AT response). Regarding claim 26, Aggarwal teaches the method wherein the token request message comprises a service operation type corresponding to the subscription service to be authorized, and the first preset access authorization policy comprises an access permission of the first entity to the service operation type; the determining, according to the token request message, whether the first entity satisfies the first preset access authorization policy comprises: in a case that the first entity has the access permission to the service operation type, determining that the first entity satisfies the first preset access authorization policy, wherein the obtaining the access token comprises: generating the access token according to the service operation type corresponding to the subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; AT request includes NFc identifiers and receiving data authorization service; preconfigured policy to determine access token authorization). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 28 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Aggarwal et al. (US Patent No. 11,425,636) in view of ITO et al. (US Pub No. 2021/0144550). Regarding claim 28, Aggarwal teaches the method wherein the token request message comprises a service operation type corresponding to the subscription service to be authorized, and the first preset access authorization policy comprises an access permission of the first entity to the service operation type; the determining, according to the token request message, whether the first entity satisfies the first preset access authorization policy comprises: in a case that the first entity has the access permission to the service operation type, determining that the first entity satisfies the first preset access authorization policy, wherein the obtaining the access token comprises: generating the access token according to the service operation type corresponding to the subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; AT request includes NFc identifiers and receiving data authorization service; preconfigured policy to determine access token authorization). Aggarwal does not explicitly teach wherein the token request message comprises a service operation type and a subscription parameter corresponding to the subscription service to be authorized; wherein the obtaining the access token comprises: generating the access token according to the service operation type and the subscription parameter corresponding to the subscription service to be authorized. ITO teaches wherein the token request message comprises a service operation type and a subscription parameter corresponding to the subscription service to be authorized; the wherein the obtaining the access token comprises: generating the access token according to the service operation type and the subscription parameter corresponding to the subscription service to be authorized (ITO, page 4, paragraphs 0101, pages 4-5,paragraphs 0105-0107 and page 10, paragraphs 0212-0223; send request to CAPIF/CFF including subscription identification, subscription identifier, subscription type, etc; generate subscription token/authorization token). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Aggarwal with the teaching ITO to use subscription information in the token request to provide the advantage of improving security problems in generation partnership project (ITO, pages 2-3, paragraphs 0053-0063). Regarding claim 30, Aggarwal teaches each and every claim limitation of claim 25. Aggarwal does not explicitly teach the method wherein the first entity comprises: an application function AF entity or a services capability server/application server SCS/AS; the third entity comprises: a common application programming interface framework CAPIF core function entity. ITO teaches wherein the first entity comprises: an application function AF entity or a services capability server/application server SCS/AS; the third entity comprises: a common application programming interface framework CAPIF core function entity (ITO, page 4, paragraphs 0092-009,, and page 10, paragraphs 0212-0223; subscribing entity includes entity such as API invoker, API exposing function, management function or publishing function; CAPIF/CFF). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Aggarwal with the teaching ITO for the subscriber entity to use subscription information in the token request to the CAPIF to provide the advantage of improving security problems in generation partnership project (ITO, pages 2-3, paragraphs 0053-0063). Claim(s) 1-3, 8, 11-12, 15, 19, 22-23 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over NPL (3GPP TSG-SA3 Meeting/ S3-213363), hereinafter Huawei, in view of Aggarwal et al. (US Patent No. 11,425,636). Regarding independent claim 1, Huawei teaches a subscription processing method, performed by a first entity, comprising: wherein the access token is used for representing security verification information used by the first entity in requesting to process a subscription service (Huawei, Figure 6; page 2, sections 0. & 2. AF token for requested subscriptions); sending a first service request message to a second entity according to the subscription service to be requested and the access token, wherein the first service request message comprises the access token (Huawei, Figure 6; page 2, sections 0-2; AF sends AF token included in request for subscriptions to NEF); and receiving a first service response message sent by the second entity to obtain a processing result of the subscription service, wherein the first service response message is a message sent by the second entity after performing a security verification on the first entity according to the access token (Huawei, Figure 6; page 2, sections 0.-4.; response message from NEF after determining authorization). Huawei teaches a token generated for the AF (Huawei, page 2, section 0) but does not explicitly obtaining an access token. Aggarwal teaches obtaining an access token (Aggarwal, column 10, line 65- column 11, line 3 and column 13, lines 21-38 and column 12, lines 13-55; AT response). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei with the teaching Aggarwal to send the token to the AF to provide the advantage of improving security in network function service subscriptions (Aggarwal, column 1, lines 6-45). Regarding claim 2, Huawei in view of Aggarwal teaches each and every claim limitation of claim 1, however, Aggarwal teaches the method wherein the obtaining the access token comprises: sending a token request message to a third entity according to the subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 3 and column 13, lines 21-38 and column 12, lines 13-55; AT request to NRF); and in response to receiving a token response message sent by the third entity, obtaining the access token from the token response message, wherein the access token is a token determined by the third entity in a case that the third entity determines that the first entity satisfies a first preset access authorization policy based on the token request message (Aggarwal, column 10, line 65- column 11, line 3 and column 13, lines 21-38 and column 12, lines 13-55; AT response based on preconfigured policy). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei with the teaching Aggarwal to send the token to the AF to provide the advantage of improving security in network function service subscriptions (Aggarwal, column 1, lines 6-45). Regarding claim 3, Huawei in view of Aggarwal teaches each and every claim limitation of claim 2, however, Aggarwal teaches the method wherein, the token request message comprises a service operation type corresponding to the subscription service to be authorized; the first preset access authorization policy comprises an access permission of the first entity to the service operation type; and the access token is a token determined by the third entity in a case that the third entity determines according to the service operation type that the first entity satisfies the first preset access authorization policy, wherein the access token comprises the service operation type corresponding to the subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; AT request includes NFc identifiers and receiving data authorization service; preconfigured policy to determine access token authorization). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei with the teaching Aggarwal to send the token to the AF to provide the advantage of improving security in network function service subscriptions (Aggarwal, column 1, lines 6-45). Regarding claim 8, Huawei in view of Aggarwal teaches the method wherein the first service request message comprises a service operation type corresponding to the subscription service to be requested, and the service operation type comprises at least one of: an NEF event exposure subscription service Nnef_EventExposure_Subscribe service, or an NEF event exposure unsubscription service Nnef_EventExposureUnsubscribe service, wherein the first service request message further comprises a subscription parameter corresponding to the subscription service to be requested, and the subscription parameter comprises one or more of: an event identifier Event ID corresponding to the subscription service; an Event Filter parameter corresponding to the subscription service; or Event Reporting information corresponding to the subscription service, wherein the event identifier comprises at least one of: a first event identifier for representing a subscription to an amount of user equipment UE, or a second event identifier for representing a subscription to an amount of protocol data unit PDU sessions; the Event Filter parameter comprises external network slice information ENSI or an application function AF service identifier (Huawei, pages 2-3, sections 1-2; Nnef_EventExposure_Subscribe request including event ID, event filter, event reposting information; event id parameters & event filter parameters). Regarding claim 11, Huawei in view of Aggarwal teaches the method wherein the first entity comprises: an application function AF entity or a services capability server/application server SCS/AS; the second entity comprises: a network exposure function NEF entity or a service capability exposure function SCEF entity (Huawei, Figure 6, page 2, sections 1-3). Regarding claim 12, Huawei in view of Aggarwal teaches the method further comprising: receiving a first event notification message sent by the second entity, wherein the first event notification message is a message sent by the second entity to the first entity in response to a second event notification message sent by a fourth entity; and obtaining, based on the first event notification message, event notification information corresponding to the subscription service to be requested, wherein the fourth entity comprises a network slice admission control function NSACF entity (Huawei, Figure 6, page 2, sections 5-7; NSACF triggers notification towheads AF; event exposure notification). Regarding claim 15, Huawei teaches a token generated for the AF (Huawei, page 2, section 0) but does not explicitly wherein the access token is a token obtained by the first entity from a third entity according to the subscription service. Aggarwal teaches wherein the access token is a token obtained by the first entity from a third entity according to the subscription service (Aggarwal, column 10, line 65- column 11, line 3 and column 13, lines 21-38 and column 12, lines 13-55; AT response). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei with the teaching Aggarwal to send the token to the AF to provide the advantage of improving security in network function service subscriptions (Aggarwal, column 1, lines 6-45). Regarding claim 19, Huawei in view of Aggarwal teaches the method wherein the first service request message comprises a service operation type corresponding to the subscription service to be requested, and the service operation type comprises at least one of: an NEF event exposure subscription service Nnef_EventExposure_Subscribe service, or an NEF event exposure unsubscription service Nnef_EventExposureUnsubscribe service, wherein the first service request message further comprises a subscription parameter corresponding to the subscription service to be requested, and the subscription parameter comprises one or more of: an event identifier Event ID corresponding to the subscription service; an Event Filter parameter corresponding to the subscription service; or Event Reporting information corresponding to the subscription service, wherein the event identifier comprises at least one of: a first event identifier for representing a subscription to an amount of user equipment UE, or a second event identifier for representing a subscription to an amount of protocol data unit PDU sessions; the Event Filter parameter comprises external network slice information ENSI or an application function AF service identifier (Huawei, pages 2-3, sections 1-2; Nnef_EventExposure_Subscribe request including event ID, event filter, event reposting information; event id parameters & event filter parameters). Regarding claim 22, Huawei in view of Aggarwal teaches the method wherein the first entity comprises: an application function AF entity or a services capability server/application server SCS/AS; the second entity comprises: a network exposure function NEF entity or a service capability exposure function SCEF entity (Huawei, Figure 6, page 2, sections 1-3). Regarding claim 23, Huawei in view of Aggarwal teaches the method further comprising: receiving a first event notification message sent by the second entity, wherein the first event notification message is a message sent by the second entity to the first entity in response to a second event notification message sent by a fourth entity; and obtaining, based on the first event notification message, event notification information corresponding to the subscription service to be requested, wherein the fourth entity comprises a network slice admission control function NSACF entity (Huawei, Figure 6, page 2, sections 5-7; NSACF triggers notification towheads AF; event exposure notification). Regarding claim 34, Huawei teaches a first entity, comprising: a processor, and a memory for storing processor-executable instructions executable by the processor; wherein, the processor is configured to execute the method of claim 1 (see above claim 1 rejection). Claim(s) 5, 7, 16 are rejected under 35 U.S.C. 103 as being unpatentable over NPL (3GPP TSG-SA3 Meeting/ S3-213363), hereinafter Huawei, in view of Aggarwal et al. (US Patent No. 11,425,636) and further in view of ITO et al. (US Pub No. 2021/0144550). Regarding claim 5, Huawei in view of Aggarwal teaches the method wherein, the token request message comprises a service operation type corresponding to the subscription service to be authorized; the first preset access authorization policy comprises an access permission of the first entity to the service operation type; and the access token is a token determined by the third entity in a case that the third entity determines according to the service operation type that the first entity satisfies the first preset access authorization policy, wherein the access token comprises the service operation type corresponding to the subscription service to be authorized (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; AT request includes NFc identifiers and receiving data authorization service; preconfigured policy to determine access token authorization). Huawei in view of Aggarwal does not explicitly teach wherein the token request message comprises a subscription parameter corresponding to the subscription service to be authorized; and the access token is a token determined by the third entity in a case that the third entity determines according to the subscription parameter and the service operation type that the first entity satisfies the first preset access authorization policy, wherein the access token comprises the service operation type and the subscription parameter corresponding to the subscription service to be authorized. ITO teaches wherein the token request message comprises a subscription parameter corresponding to the subscription service to be authorized; and the access token is a token determined by the third entity in a case that the third entity determines according to the subscription parameter and the service operation type that the first entity satisfies the first preset access authorization policy, wherein the access token comprises the service operation type and the subscription parameter corresponding to the subscription service to be authorized (ITO, page 4, paragraphs 0101, pages 4-5,paragraphs 0105-0107 and page 10, paragraphs 0212-0223; send request to CAPIF/CFF including subscription identification, subscription identifier, subscription type, etc.; generate subscription token/authorization token). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei in view of Aggarwal with the teaching ITO to use subscription information in the token request to provide the advantage of improving security problems in generation partnership project (ITO, pages 2-3, paragraphs 0053-0063). Regarding claim 7, Aggarwal teaches each and every claim limitation of claim 2. Aggarwal does not explicitly teach the method wherein the third entity comprises: a common application programming interface framework CAPIF core function entity. ITO teaches wherein the third entity comprises: a common application programming interface framework CAPIF core function entity (ITO, page 4, paragraphs 0092-0099 and page 10, paragraphs 0212-0223; CAPIF/CFF). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei in view of Aggarwal with the teaching ITO for the subscriber entity to use subscription information in the token request to the CAPIF to provide the advantage of improving security problems in generation partnership project (ITO, pages 2-3, paragraphs 0053-0063). Regarding claim 16, Huawei in view of Aggarwal teaches the method wherein the access token comprises a service operation type; and the performing the security verification on the first entity according to the access token comprises: in a case that a service operation type of the access token is the same as a service operation type corresponding to the subscription service to be requested (Aggarwal, column 10, line 65- column 11, line 31 and column 13, lines 21-38 and column 12, lines 13-43; AT request includes NFc identifiers and receiving data authorization service; preconfigured policy to determine access token authorization). Huawei in view of Aggarwal does not explicitly teach determining that a subscription parameter corresponding to the subscription service satisfies a second preset access authorization policy, wherein the second preset access authorization policy comprises an access permission of the first entity to the subscription parameter; and in a case that the subscription parameter satisfies the second preset access authorization policy, determining that the security verification is successful, or wherein the access token comprises a service operation type and a subscription parameter; and the performing the security verification on the first entity according to the access token comprises: in a case that the service operation type of the access token is the same as a service operation type corresponding to the subscription service to be requested, and the subscription parameter of the access token is the same as the subscription parameter corresponding to the subscription service to be requested, determining that the security verification is successful, or wherein the third entity comprises: a common application programming interface framework CAPIF core function entity. ITO teaches determining that a subscription parameter corresponding to the subscription service satisfies a second preset access authorization policy, wherein the second preset access authorization policy comprises an access permission of the first entity to the subscription parameter; and in a case that the subscription parameter satisfies the second preset access authorization policy, determining that the security verification is successful, or wherein the access token comprises a service operation type and a subscription parameter; and the performing the security verification on the first entity according to the access token comprises: in a case that the service operation type of the access token is the same as a service operation type corresponding to the subscription service to be requested, and the subscription parameter of the access token is the same as the subscription parameter corresponding to the subscription service to be requested, determining that the security verification is successful, or wherein the third entity comprises: a common application programming interface framework CAPIF core function entity (ITO, page 4, paragraphs 0101, pages 4-5,paragraphs 0105-0107 and page 10, paragraphs 0212-0223; send request to CAPIF/CFF including subscription identification, subscription identifier, subscription type, etc; generate subscription token/authorization token). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Huawei in view of Aggarwal with the teaching ITO to use subscription information in the token request to provide the advantage of improving security problems in generation partnership project (ITO, pages 2-3, paragraphs 0053-0063). Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Karakoc et al. (US Pub No. 2025/0254157) and Fu et al. (US Pub No. 2022/0095111). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHAQUEAL D WADE-WRIGHT/ Primary Examiner, Art Unit 2407