Prosecution Insights
Last updated: July 17, 2026
Application No. 18/874,972

METHOD, COMMUNICATION DEVICE AND STORAGE MEDIUM FOR AUTHENTICATING AND AUTHORIZING

Non-Final OA §101§102§103
Filed
Dec 13, 2024
Priority
Jun 17, 2022 — nonprovisional of PCTCN2022099636
Examiner
BROWN, CHRISTOPHER J
Art Unit
Tech Center
Assignee
Beijing Xiaomi Mobile Software Co., Ltd.
OA Round
1 (Non-Final)
75%
Grant Probability
Favorable
1-2
OA Rounds
1y 10m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
536 granted / 711 resolved
+15.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
34 currently pending
Career history
753
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
92.8%
+52.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§101 §102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 10, 31, 42, 43 are rejected under 35 USC 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more. Regarding claim 1, the claim recites the limitations “sending authentication information to an edge enabler server”…”configured to request the EES to authorize an EES service;” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind. Therefore, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application. It’s noted that the claim recites the operations “performed by a client;” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering/processing/storing information, which are a form of insignificant extra-solution activity. The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Examiner asserts that the claims merely recite sending data from a client to a server. No useful process is performed. Claim 43 is rejected as it says “non-temporary” computer storage medium. Examiner believes that Applicant intended “non-transitory”. Claim 43 is rejected as it could be interpreted as a signal media. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1, 3, 6, 8, 10, 14, 42, 43 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rajadurai US 2022/0150696. As per claim 1. (Original) Rajaduai teaches A method for authenticating and authorizing, wherein the method is performed by an edge enabler client (EEC), the method comprising: sending authentication and authorization information to an edge enabler server (EES); wherein the authentication and authorization information is configured to request the EES to authorize an EES service. [0078]-[0081][0101][0150]-[0152] (teaches mutual authentication between EEC, and EES) As per claim 2. (Original) The method according to claim 1, Rajaduai teaches wherein the method further comprises: receiving authentication and authorization response information sent by the EES; wherein the authentication and authorization response information indicates that the EES authorizes the EES service requested by the EEC or rejects the EES service requested by the EEC. [0150]-[0152] (teaches authentication of access token in order to grant access to EAS) As per claim 3. (Original) The method according to claim 1, Rajaduai teaches wherein the authentication and authorization information comprises at least one of: a bootstrapping transaction identifier (B-TID); an encrypted EEC identifier (ID); a key type indicator; a generic public subscription identifier (GPSI); a message authentication code; or a service token. [0150]-[0152] (service token) EEC identifier/GPSI [0125] 4. (Cancelled) As per claim 6. (Original) The method according to claim 3, Rajaduai teaches wherein the encrypted EEC ID is encrypted based on a key KEES. [0174][0175] Figure 9. As per claim 8. (Original) The method according to claim 1, Rajaduai teaches wherein the method further comprises: determining a key KEEC-EES based on a key KEES and an EEC identifier (ID); wherein the key KEEC-EES is configured to execute mutual identity authentication and/or establishment of a transport layer security (TLS) connection between the EEC and the EES. [0174]-[0175] Figure 6. (teaches TLS connection using Key based on Kees and EEC ID as shown in Fig 6) 9. (Cancelled) As per claim 10. (Original) Rajaduai teaches A method for authenticating and authorizing, wherein the method is performed by an edge enabler server (EES), the method comprising: receiving authentication and authorization information sent by an edge enabler client (EEC); wherein the authentication and authorization information is configured to request the EES to authorize an EES service. [0078]-[0081][0101][0150]-[0152] (teaches mutual authentication between EEC, and EES) 11-13. (Cancelled) As per claim 14. (Currently Amended) The method according to claim 10, Rajaduai teaches wherein the method further comprises: determining a network to which the EES is connected in response to receiving the authentication and authorization information; establishing a connection to a network to which the EES is connected, in response to determining that an identifier of the network to which the EES is connected is identical to an identifier of a public land mobile network of the EEC that is configured to establish a connection to the EES, and the identifier of the public land mobile network of the EEC that is configured to establish a connection to the EES is different from a home network identifier of the EEC. [0101] (teaches determining network and establishing communications including home public land mobile network, or Visited Public Land mobile network and roaming) 15. (Cancelled) As per claim 42. (Currently Amended) Rajadurai teaches A communication device, comprising: a memory; and a processor connected to the memory, and configured to be capable of implementing the method according to any one of a processor connected to the memory, and configured to be capable of implementing the method according to claim 1 by executing a computer readable-executable instruction stored in the memory. [0078]-[0081][0101][0150]-[0152] (teaches mutual authentication between EEC, and EES) As per claim 43. (Currently Amended) Rajadurai teaches A non-temporary computer storage medium, storing a computer-executable instruction, wherein the computer-executable instruction is capable of implementing the method according to any one of claim 1, after being executed by a processor. [0078]-[0081][0101][0150]-[0152] (teaches mutual authentication between EEC, and EES) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajadurai US 2022/0150696 in view of Kunz WO 2022/130065 As per claim 5. (Original) The method according to claim 3, wherein Kunz teaches the message authentication code is a message authentication code MAC-I determined based on KEES, and is configured to protect integrity of the B-TID, the encrypted EEC ID, the GPSI and/or the key type indicator. [0102][0103] (teaches using MAC on EEC ID) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Kunz with the prior art because it improves security. Claim(s) 16, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajadurai US 2022/0150696 in view of Starsinic US 2014/0349614. As per claim 16. (Currently Amended) The method according to claim 1, Radjadurai teaches EEC connecting to EES[0078]-[0081]. Starsinic teaches wherein the method further comprises: obtaining the identifier and/or an access type of the public land mobile network of the EEC that is configured to establish a connection to the EES from a policy control function (PCF). [0008] [0055] [0060][0061] (teaches policy control and authentication, identification of public land mobile network) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Starsinic with the prior art because the authentication procedures increase security. As per claim 17. (Currently Amended) The method according to claim 1,wherein Radjadurai teaches the UE is an EEC. [0078]-[0081] Starsinic teaches the method further comprises: determining the home network identifier of the EEC based on a B-TID. [0050][0060] (teaches using B-Tid to identify home network) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Starsinic with the prior art because the authentication procedures increase security. Claim(s) 7, 18, 19, 24, 25, 31, 35, is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajadurai US 2022/0150696 in view of Oyman US 2015/0326572. As per claim 7. (Original) The method according to claim 1, Oyman teaches wherein the method further comprises: obtaining a B-TID from a bootstrapping server function (BSF) of a home network during running of a generic bootstrapping architecture (GBA). [0037][0039][0041] (teaches sending B-TID to a UE from a BSF) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Oyman with Rajadurai because it increases security compatibility and ensures security network communications. As per claim 18. (Currently Amended) The method according to claim 14, Oyman teaches wherein the method further comprises: sending application request information to a Zn-Proxy in the network connected to the EES; wherein the application request information comprises at least one of: a B-TID of the EEC; a network application function (NAF) identifier (ID) (NAF-ID); or a key type indicator. [0037][0043] (teaches sending request to NAF, and that Zn Proxy may act as NAF, the request including B-TID and NAF-ID) As per claim 19. (Currently Amended) The method according to claim 18, wherein Oyman teaches the method further comprises: receiving application authentication and authorization response information sent by the Zn-Proxy, wherein the application authentication and authorization response information comprises a key KEES and/or effective time information of the key KEES; and/or, verifying integrity of the authentication and authorization information based on the key KEES and/or an MAC-I. 0037][0043] (teaches sending request to NAF, and that Zn Proxy may act as NAF, the request including B-TID and NAF-ID) [0043] (teaches sending in response to the request a Key and the effective time of the key) Oyman does not teach that the key is “KEES” Rajaduai teaches the key derived from the application request is KEES. [0174] As per claim 24. (Currently Amended) The method according to claim 19, Rajaduai teaches wherein the method further comprises: authorizing the EES service requested by the EEC, in response to determining that the authentication and authorization information matches the pre-configured policy and/or, checking whether the service token expires verifying a digital signature of an ECS in the token by using a public key or a certificate of the ECS, in response to determining that the service token does not expire; and alternatively, rejecting the authentication and authorization information, in response to determining that the server token expires. [0101][0151]-[0153] (token with validity time) As per claim 25. (Original) The method according to claim 24, Rajaduai teaches wherein the service token comprises at least one of: a fully qualified domain name (FQDN) of an edge configuration server (ECS); the EEC identifier (ID); a GPSI; an expected EES service name; an FQDN of the EES; effective time; or a digital signature. [0099] (provides FQDN) 20. (Cancelled) 22-23. (Cancelled) 26-30. (Cancelled) As per claim 31. (Currently Amended) A method for authenticating and authorizing, Oyman teaches wherein the method is performed by a Zn interface proxy Zn=Proxy, the method comprising: receiving application request information sent by an EES by a Zn interface proxy Zn-Proxy; wherein the application request information comprises at least one of: a B-TID of the EES; a network application function (NAF) identifier (ID); or a key type indicator. [0037][0043] (teaches sending request to NAF, and that Zn Proxy may act as NAF, the request including B-TID and NAF-ID) Oyman fails to explicitly state the server is an EES. Rajaduai teaches the server is an EES [0148]-[0153] (EES) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Rajadurai with Oyman because it increases security compatibility and ensures security network communications. 32-34. (Cancelled) As per claim 35. (Currently Amended) The method according to claim 31 Oyman teaches A method for authenticating and authorizing, wherein the method is performed by a bootstrapping server function (BSF), the method wherein the method further comprises comprising: receiving the application request information sent transmitted by the a Zn-Proxy by a bootstrapping server function (BSF); wherein the application request information comprises at least one of: a B-TID of an EES; a network application function (NAF) identifier (ID); or a key type indicator [0037][0039][0041] (teaches sending B-TID to a UE from a BSF) [0037][0043] (teaches sending request to NAF, and that Zn Proxy may act as NAF, the request including B-TID and NAF-ID) Oyman teaches determining a key KEES based on the application request information and sending application response information to the Zn-Proxy by the BSF, wherein the application response information comprises the key KEES and/or effective time information of the key KEES. [0043] (teaches sending in response to the request a Key and the effective time of the key) Oyman does not teach that the key is “KEES” Rajaduai teaches the key derived from the application request is KEES. [0174] 36-41. (Cancelled) Claim(s) 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajadurai US 2022/0150696 in view of Oyman US 2015/0326572 in view of Zhao US 2010/0011220. As per claim 21. (Currently Amended) The method according to claim 19, Rajadurai teaches encryption and authentication of EEC ID with EES as shown above. Rajadurai doesn’t explicitly teach terminating authentication. Zhao teaches wherein the method further comprises: terminating an authentication and authorization process, in response to determining that the authentication and authorization information is modified; and alternatively, decrypting an encrypted EEC ID received by the EES, in response to determining that the authentication and authorization information is not modified. [0041]-[0049] (teaches network authentication and message authentication code, if the MAC value indicates modification of the data, the authentication is terminated) It would have been obvious to one of ordinary skill in the art before the effective filing date of the current application to use the teaching of Zhao with the prior art because it enhances the security of the system. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Dec 13, 2024
Application Filed
Jun 26, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12652290
CYBER SECURITY FOR SOFTWARE-AS-A-SERVICE FACTORING RISK
5y 3m to grant Granted Jun 09, 2026
Patent 12652315
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
3y 8m to grant Granted Jun 09, 2026
Patent 12641111
Automated Security Analysis of Software Libraries
2y 5m to grant Granted May 26, 2026
Patent 12621339
SYSTEM AND METHOD FOR PROVIDING SECURITY POSTURE MANAGEMENT FOR AI APPLICATIONS
2y 5m to grant Granted May 05, 2026
Patent 12615280
DETECTING POLYMORPHIC BOTNETS USING AN IMAGE RECOGNITION PLATFORM
2y 9m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+13.0%)
3y 5m (~1y 10m remaining)
Median Time to Grant
Low
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month