CTNF 18/990,787 CTNF 93835 DETAILED ACTION Notice of AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. The present office action is responsive to communications received on 8/13/2025. Preliminary Amendment filed on 8/13/2025 has been entered. Claims 1-20 are pending. Priority 02-26 AIA Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file. Information Disclosure Statement The information disclosure statement (IDS) submitted on 2/10/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Objections 07-29-01 AIA Claim s 2-13 are objected to because of the following informalities: Independent claim 1 recites “A security decision negotiation method…”, while dependent claim 2-13 recite “The method according to claim…” it is suggested to change to “The security decision negotiation method according to claim…” to avoid possible antecedent issue . Appropriate correction is required. Claim Rejections - 35 USC § 102 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-07-aia AIA 07-07 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – 07-08-aia AIA (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. 07-15 AIA Claim s 1-5, 9-18 and 20 are rejected under 35 U.S.C. 102( a)(1 ) as being anticipated by Yi (CN-109863772-B, listed in IDS) . Regarding claim 1 , Yi teaches a security decision negotiation method, wherein the method comprises: determining, by a first network element, a security decision based on a security requirement of a requester and a security capability of a capability provider; and sending a message comprising the security decision. ([0143]-[0184] a security policy processing method (equivalent to a security decision negotiation method). AUE sends a session establishment request message including a security capability requirement of the UE (equivalent to a requester sending a message comprising a security requirement); a session policy request message is sent to a security policy management function entity via an AMF and an SMF; the security policy management function entity determines a security policy of the session according to a security requirement of the UE, a security requirement of a service, and an operation security policy, a security requirement policy comprising a security algorithm meeting the security requirements; the SMF sends, by means of the AMF, an initial context establishment request message including a target security policy to an RAN entity; the RAN entity determines according to a security capability configuration of the RAN entity that an algorithm having the highest priority level among candidate algorithms meeting a condition of the target security policy is a target encryption and/ or integrity protection algorithm; and the RAN entity (equivalent to a first network element/capability party) sends to the UE (equivalent to the requester) a security mode instruction message comprising a target algorithm (equivalent to the first network element determining a security decision on the basis of a security requirement of the requester and a security capability of the capability part, the first network element sending a message comprising the security decision, and the requester receiving a message comprising the security decision corresponding to the security requirement, wherein the security decision is a result of negotiation based on the security requirement and the security capability of the capability party).) Regarding claim 2 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the first network element comprises the requester, and the method further comprises: receiving, by the requester, a message comprising the security capability. (Fig. 2: step 207- step 213). Regarding claim 3 , Yi teaches all the features with respect to claim 2, as outlined above. Yi further teaches wherein before the receiving, by the requester, [[a]]the message comprising the security capability, the method further comprises: sending, by the requester, a request message, wherein the request message is used to requesting the security capability of the capability provider. (Fig. 2: step 201-step 205). Regarding claim 4 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the first network element comprises the capability provider, and the method further comprises: receiving, by the capability provider, a message comprising the security requirement. (Fig. 2: step 203-step 205). Regarding claim 5 , Yi teaches all the features with respect to claim 4, as outlined above. Yi further teaches wherein before the receiving, by the capability provider, [[a]]the message comprising the security requirement, the method further comprises: sending, by the capability provider, a request message, requesting the security requirement of the requester. (Fig. 2: step 203-step 206). Regarding claim 9 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the security decision is a result of negotiation based on the security requirement and [[a]]the security capability of [[a]]the capability provider. (Fig. 2: step 206-step 210). Regarding claim 10 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the security requirement comprises at least one of the following information: a security granularity, an authentication method, a key capability, privacy protection, a trustworthiness attestation, cross-operator, or [[the]]a distributed ledger. (Fig. 2: step 205-step 206; “The specific form of the security policy may be whether encryption or integrity protection policy information is needed, and/or a security requirement policy, where the security requirement policy may be any form such as security level information, a minimum key length needed for maintaining data security, or a security algorithm meeting security requirements, and the application does not limit the specific form; optionally, the security policy includes security endpoint information of the session.”) Regarding claim 11 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the security requirement comprises priority information of at least one of the following information: an encryption algorithm, an integrity protection algorithm, the authentication method, the key capability, the privacy protection, the trustworthiness attestation, the cross-operator, or [[the]]a distributed ledger. (Fig. 2: step 205-step 206; “The specific form of the security policy may be whether encryption or integrity protection policy information is needed, and/or a security requirement policy, where the security requirement policy may be any form such as security level information, a minimum key length needed for maintaining data security, or a security algorithm meeting security requirements, and the application does not limit the specific form; optionally, the security policy includes security endpoint information of the session.”) Regarding claim 12 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the method further comprises determining[[e]] a trustworthiness vector (TV) based on the security decision, and the TV comprises at least one of the following information: [[the]] privacy protection , [[the]]a trustworthiness attestation, [[the]] cross-operator, or [[the]]a distributed ledger. (Fig. 2: step 207; “The SMF receives a session policy response message sent by a security policy management function entity, wherein the session policy response message comprises a security policy of the UE determined by the security policy management function entity, and the policy is a target security policy.”). Regarding claim 13 , Yi teaches all the features with respect to claim 1, as outlined above. Yi further teaches wherein the first network element comprises any one of the following: a terminal device, an application function (AF), a trusted network element, an access and mobility management function (AMF) , a network exposure function (NEF), an authentication server function (AUSF), or an access network device. (Fig. 2: “AMF”). Regarding claim 14-18 and 20 , the scope of the claim is similar to that of claim 1-5, respectively. Accordingly, the claims are rejected using a similar rationale . Claim Rejections - 35 USC § 103 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim 6-7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yi (CN-109863772-B, listed in IDS) in view of Shaw (US 20210329032 A1) . Regarding claim 6 , Yi teaches all the features with respect to claim 1, as outlined above. But Yi does not teach wherein before the determining, by [[a]]the first network element, [[a]]the security decision based on [[a]]the security requirement of [[a]]the requester and [[a]]the security capability of [[a]]the capability provider, the method further comprises: obtaining, by the first network element, the security requirement and the security capability from a distributed ledger. This aspect of the claim is identified as a difference. However, Shaw in an analogous art explicitly teaches obtaining, by the first network element, the security requirement and the security capability from a distributed ledger . ([0048] information about the security resources are maintained in a decentralized manner (e.g., in a blockchain ).) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “security policy processing” concept of Yi, and the “blockchain/distributed ledger” approach of Shaw. One of ordinary skill in the art would have been motivated to perform such a modification so that central administration is not required and single (central) point-of-failure is avoided. Regarding claim 7 , Yi teaches all the features with respect to claim 1, as outlined above. Yi in view of Shaw further teaches wherein the sending [[a]]the message comprising the security decision comprises: uploading, by the first network element, the security decision to [[the]]a distributed ledger . ([Yi Fig. 2: step 211 “The RAN entity maintains the security policy.”] [Shaw 0048] information about the security resources are maintained in a decentralized manner (e.g., in a blockchain ).) Regarding claim 19 , the scope of the claim is similar to that of claim 6, respectively. Accordingly, the claims are rejected using a similar rationale . 07-21-aia AIA Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Yi (CN-109863772-B, listed in IDS) in view of Li (WO2018076298A1) . Regarding claim 8 , Yi teaches all the features with respect to claim 1, as outlined above. But Yi does not teach wherein the determining, by [[a]]the first network element, [[a]]the security decision based on [[a]]the security requirement of [[a]]the requester and [[a]]the security capability of [[a]]the capability provider comprises: determining, by the first network element, a value of a first bit in the security decision based on an operation or mapping result for a value of a first bit in the security requirement and a value of a first bit in the security capability; or determining, by the first network element, the security decision based on priority information in the security requirement and the security capability. This aspect of the claim is identified as a difference. However, Li in an analogous art explicitly teaches determining, by the first network element, a value of a first bit in the security decision based on an operation or mapping result for a value of a first bit in the security requirement and a value of a first bit in the security capability; or determining, by the first network element, the security decision based on priority information in the security requirement and the security capability. ([3 rd para under Summary of invention] provides a security capability negotiation method, including: a security function entity acquiring a security capability priority list of a core network element; the security function entity preferentially obtaining a security capability according to the core network element a security list of the security capabilities of the UE selected by the core network element, and a security capability of the UE selected by the security function entity for the core network element The core network element is given.) It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “security policy processing” concept of Li, and the “security capability negotiation” approach of Li. One of ordinary skill in the art would have been motivated to perform such a modification because the handshake processes dynamically declare and agree upon mutually supported security mechanisms, encryption standards, and authentication protocols before communicating. It prevents compatibility failures and stops downgrading attacks by enforcing minimum security bars . Conclusion 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US7120930B2, "Method and apparatus for control of security protocol negotiation" by Thomas Albert Maufer. US20230077391A1, "Communication protection method and apparatus" by Longhua GUO. US11632676B2, “Service-based access stratum (AS) security configuration" by Soo Bum Lee. US10673617B1, “Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity" by George Antoniou. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638. The examiner can normally be reached on Monday to Friday, 9:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571)272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HAN YANG/Primary Examiner, Art Unit 2493 Application/Control Number: 18/990,787 Page 2 Art Unit: 2493 Application/Control Number: 18/990,787 Page 3 Art Unit: 2493 Application/Control Number: 18/990,787 Page 4 Art Unit: 2493 Application/Control Number: 18/990,787 Page 5 Art Unit: 2493 Application/Control Number: 18/990,787 Page 6 Art Unit: 2493 Application/Control Number: 18/990,787 Page 7 Art Unit: 2493 Application/Control Number: 18/990,787 Page 8 Art Unit: 2493 Application/Control Number: 18/990,787 Page 9 Art Unit: 2493 Application/Control Number: 18/990,787 Page 10 Art Unit: 2493 Application/Control Number: 18/990,787 Page 11 Art Unit: 2493 Application/Control Number: 18/990,787 Page 12 Art Unit: 2493