Prosecution Insights
Last updated: July 17, 2026
Application No. 19/005,792

INTEGRATING SECURITY AND ROUTING POLICIES IN WIRELESS TELECOMMUNICATION NETWORKS

Non-Final OA §102§103§112
Filed
Dec 30, 2024
Priority
Nov 18, 2022 — continuation of 12/200,495
Examiner
DOAN, TRANG T
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
T-Mobile USA Inc.
OA Round
1 (Non-Final)
83%
Grant Probability
Favorable
1-2
OA Rounds
1y 9m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 83% — above average
83%
Career Allowance Rate
519 granted / 626 resolved
+24.9% vs TC avg
Strong +17% interview lift
Without
With
+17.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
20 currently pending
Career history
655
Total Applications
across all art units

Statute-Specific Performance

§101
5.0%
-35.0% vs TC avg
§103
63.3%
+23.3% vs TC avg
§102
16.2%
-23.8% vs TC avg
§112
10.5%
-29.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 626 resolved cases

Office Action

§102 §103 §112
DETAILED ACTION In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This Office Action is in response to the communication filed on 12/30/2024. Claims 1-20 are pending for consideration. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 12200495. Although the claims at issue are not identical, they are not patentably distinct from each other because both applications disclose the same subject matter, such that, integrating the security policies implemented for connections in a wireless cellular network with the routing policies therein. Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding claims of the patent application. Therefore, Examiner respectfully submits that the instant claims and the claims of the patent application are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below. Instant Application 19005792 Patent Application 12200495 Claim 1: A computer-implemented method comprising: receiving, from a user equipment, a request for a secure connection between the user equipment and a telecommunications network; determining a first set of parameters of a security policy and a second set of parameters of a routing policy for initiating the secure connection; determining an association between the first set of parameters and the second set of parameters that aligns the security policy with the routing policy, wherein the association comprises an indication of whether to reuse an existing Internet Protocol Security (IPsec) tunnel or initiate a new IPsec tunnel for the secure connection; and transmitting, to the user equipment, the association to enable the user equipment to use the secure connection. Claim 1: A method for utilizing secure connections in a wireless telecommunication network, the method comprising: receiving, from a mobile device utilizing the wireless telecommunication network, an indication of a secure connection between the mobile device and an endpoint of the wireless telecommunication network, wherein the secure connection is associated with a security policy and a routing policy; determining that a first set of parameters of the security policy is misaligned with a second set of parameters of the routing policy, wherein the first set of parameters being misaligned with the second set of parameters comprises at least one of: (a) the first set of parameters specifying an Internet Protocol (IP) address range and the second set of parameters specifying that an IP address of the endpoint is outside the specified IP address range, (b) the first set of parameters specifying a first type of security policy for the secure connection and the second set of parameters specifying that the endpoint uses a second type of security policy different from the first type of security policy, or (c) the first set of parameters specifying a reuse of an existing secure connection and the second set of parameters specifying an establishment of a new secure connection; modifying, based on the determining, (a) at least one of the first set of parameters to align parameters of the security policy with parameters of the routing policy or (b) at least one of the second set of parameters to align the parameters of the routing policy with the parameters of the security policy; and transmitting, to the mobile device, the modified at least one of the first set of parameters or the modified at least one of the second set of parameters. Claim 8: At least one non-transitory computer-readable storage medium storing instructions, which when executed by at least one data processor of a computer system, cause the computer system to: receive, from a user equipment, a request for a secure connection between the user equipment and a telecommunications network; determine a first set of parameters of a security policy and a second set of parameters of a routing policy for initiating the secure connection; determine an association between the first set of parameters and the second set of parameters that aligns the security policy with the routing policy, wherein the association comprises an indication of whether to reuse an existing Internet Protocol Security (IPsec) tunnel or initiate a new IPsec tunnel for the secure connection; and transmit, to the user equipment, the association to enable the user equipment to use the secure connection. wherein the association comprises an indication of whether to reuse an existing Internet Protocol Security (IPsec) tunnel or initiate a new IPsec tunnel for the secure connection Claim 10: At least one non-transitory computer-readable storage medium storing instructions to utilize secure connections in a wireless telecommunication network, the instructions, when executed by at least one data processor of a system, causing the system to: receive, from a mobile device utilizing the wireless telecommunication network, an indication of a secure connection between the mobile device and an endpoint of the wireless telecommunication network, wherein the secure connection is associated with a security policy and a routing policy, wherein the security policy comprises a first set of parameters and operates at a first level of granularity, and wherein the routing policy comprises a second set of parameters and operates at a second level of granularity that is different from the first level of granularity; determine a mapping between the first set of parameters and the second set of parameters that aligns the first level of granularity with the second level of granularity; and transmit, to the mobile device, the mapping to enable the mobile device to utilize the secure connection. Claim 14: The at least one non-transitory computer-readable storage medium of claim 10, wherein the mapping comprises an indication of whether to reuse an existing secure tunnel or initiate a new secure tunnel. The dependent claims of the instant application recite language similar to the dependent claims of the patent application and are covered by the patent application. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding claims 1, 8 and 15, claims 1, 8 and 15 recite the limitation “determining a first set of parameters of a security policy and a second set of parameters of a routing policy”. It is unclear how the determining step is implemented based on the request. According to Applicant’s specification, the first set of parameters is determined to compare with the second set of parameters (see paragraphs 0092-0094). Clarification is required. claims 1, 8 and 15 recite the limitation “determining an association between the first set of parameters and the second set of parameters that aligns the security policy with the routing policy”. It is unclear how the association is determined based on the parameters and policies. According to Applicant’s specification, the association is determined by comparing the first set of parameters with the second set of parameters (see paragraphs 0091-0094). Clarification is required. Dependent claims 2-7, 9-14, and 16-20 are rejected under 35 U.S.C. 112(b) as they being dependent upon a rejected base claims 1, 8, and 15, respectively. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-6, 8-13 and 15-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by PALADUGU et al. (US 20230039791) (hereinafter PALADUGU). Regarding claim 1, PALADUGU discloses a computer-implemented method comprising: receiving, from a user equipment, a request for a secure connection between the user equipment and a telecommunications network (PALADUGU: paragraphs 0107-0108, “an example of a Layer-3 UE-to-Network Relay with N3IWF connection setup procedure in a wireless communication system 600 including a remote UE 602, a relay UE 604, a next-generation RAN (NG-RAN) 606, an access and mobility management function (AMF) 608, a session management function (SMF) 610, a user plane function (UPF) 612, and a non-3.sup.rd Generation Partnership Project interworking function (N3IWF) 614”); determining a first set of parameters of a security policy and a second set of parameters of a routing policy for initiating the secure connection (PALADUGU: paragraphs 0109-0114, “the remote UE 602 is provisioned by the 5G core network with network policy and parameters and/or is preconfigured (e.g., upon activation) with the network policy and parameters. If the remote UE 602 is a ProSe UE, the remote UE 602 may be provisioned with UE ProSe policy and UE route selection policy (URSP) (e.g., as discussed above).”); determining an association between the first set of parameters and the second set of parameters that aligns the security policy with the routing policy (PALADUGU: paragraphs 0110-0115, “the remote UE 602 conducts a discovery procedure to discover the relay UE 604. For example, the relay UE 604 may broadcast relay discovery information (e.g., on a sidelink resource) that the remote UE 602 may use to identify and establish a relay connection with the relay UE 604. In some examples, the relay UE 604 may broadcast information (e.g., a relay service code as discussed below) that indicate that the relay UE 604 supports N3IWF connectivity.”), wherein the association comprises an indication of whether to reuse an existing Internet Protocol Security (IPsec) tunnel or initiate a new IPsec tunnel for the secure connection (PALADUGU: paragraphs 0114-0115, “the remote UE 602 establishes a signaling IP security (IPsec) tunnel using an internet key exchange (IKE) procedure with the N3IWF selected at 5, and performs NAS Registration (e.g., as described in FIG. 4.12.2.2-1 of TS 23.502 V17.1.0 (2021-06)). After the IPSec tunnel is established, the remote UE 602 can perform any of the NAS procedures (including PDU session establishment for the 5G ProSe Layer-3 UE-to-Network Relay PDU Sessions) as specified in clause 4.12 of TS 23.502 V17.1.0 (2021-06).”); and transmitting, to the user equipment, the association to enable the user equipment to use the secure connection (PALADUGU: paragraphs 0111-0115, “the remote UE 602 selects an N3IWF and determines the corresponding N3IWF IP address. For example, the remote UE 602 may follow the N3IWF selection procedure described in clause 6.5.1.2.2 of 3GPP TS 23.304 V1.0.0 (2021-06).”). Regarding claim 8, claim 8 discloses a medium claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons. Regarding claim 15, claim 15 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons. Regarding claims 2, 9 and 16, PALADUGU discloses wherein determining the association comprises: determining that an IPsec Security Association (SA) between the user equipment and a destination endpoint in a data network connected to the telecommunications network covers traffic specified by the routing policy (PALADUGU: paragraphs 0089, 0103, 0109, 0122 and 0130, “The ANDSP specification provides rules for wireless communication devices for routing data to the core network 405 using a non-3GPP access network (e.g., a WiFi network). Other policy control information is included in a UE route selection policy (URSP) specification. The URSP specification provides rules on how wireless communication devices are to route data via 3GPP and non-3GPP networks based on the particular application generating the data (e.g., voice call, social media, gaming, etc.), and the characteristics associated with the data routing session.”). Regarding claims 3, 10 and 17, PALADUGU discloses wherein determining the association comprises: configuring IPsec parameters comprising at least one of supported security algorithms for Internet Key Exchange (IKE), certificate management parameters, or permissible overlapping of SAs with bearers (PALADUGU: paragraphs 0114-0115, “the remote UE 602 establishes a signaling IP security (IPsec) tunnel using an internet key exchange (IKE) procedure with the N3IWF selected at 5, and performs NAS Registration (e.g., as described in FIG. 4.12.2.2-1 of TS 23.502 V17.1.0 (2021-06)). After the IPSec tunnel is established, the remote UE 602 can perform any of the NAS procedures (including PDU session establishment for the 5G ProSe Layer-3 UE-to-Network Relay PDU Sessions) as specified in clause 4.12 of TS 23.502 V17.1.0 (2021-06).”). Regarding claims 4, 11 and 18, PALADUGU discloses wherein the first set of parameters comprises at least one of a local IP address range, a remote IP address range, an Internet Control Message Protocol (ICMP) message type, an ICMP message code, or a mobility header type (PALADUGU: paragraphs 0150-0154, “a relay UE may detect the change in the IP address of the serving relay PDU session or detect the change in the PSA or UPF of the serving relay PDU session. An IP address change for the same PSA may happen whereby the relay UE is notified of the new IP address range or IPv6 prefix via a PDU session modification procedure. The relay UE may be notified of the change in the domain name server (DNS) server address by the SMF via a PDU session modification command (Local DNS Server Address). The relay UE PDU session may be established with the new UPF when there is a change of the PSA serving a PDU Session of an SSC mode 2 relay UE or an SSC mode 3 relay UE.”). Regarding claims 5, 12 and 19, PALADUGU discloses wherein the security policy operates at a first level of granularity corresponding to a first characteristic of a Quality-of- Service (QoS) flow, and wherein the routing policy operates at a second level of granularity corresponding to a second characteristic of the QoS flow that is different from the first characteristic (PALADUGU: paragraphs 0084 and 0085, “SCI-1 may be transmitted on a physical sidelink control channel (PSCCH). SCI-1 may include information for resource allocation of a sidelink resource and for decoding of the second stage of sidelink control information (i.e., SCI-2). SCI-1 may further identify a priority level (e.g., Quality of Service (QoS)) of a PSSCH. For example, ultra-reliable-low-latency communication (URLLC) traffic may have a higher priority than text message traffic (e.g., short message service (SMS) traffic). SCI-1 may also include a physical sidelink shared channel (PSSCH) resource assignment and a resource reservation period (if enabled). Additionally, SCI-1 may include a PSSCH demodulation reference signal (DMRS) pattern (if more than one pattern is configured). The DMRS may be used by a receiver for radio channel estimation for demodulation of the associated physical channel SCI-1 may also include information about SCI-2. For example, SCI-1 may disclose the format of SCI-2. In some examples, the format may indicate the resource size of SCI-2 (e.g., a number of REs that are allotted for SCI-2), a number of a PSSCH DMRS port(s), and a modulation and coding scheme (MCS) index. In some examples, SCI-1 may use two bits to indicate the SCI-2 format. Thus, in this example, four different SCI-2 formats may be supported. SCI-1 may include other information that is useful for establishing and decoding a PSSCH resource.”). Regarding claims 6, 13 and 20, PALADUGU discloses wherein the second set of parameters comprises at least one of a data network name (DNN) that identifies a data network connected to the telecommunications network, a connection capability, or a domain descriptor comprising a regular expression (PALADUGU: paragraphs 0138-0139, “RSCs and PDU Session parameters (e.g., PDU Session type, data network name (DNN), session and service continuity (SSC) Mode, single network slice selection assistance information (S-NSSAI), access type preference) are provisioned to the remote UE and the relay UE. For example, these parameters may be pre-configured or provisioned to the UE by a policy control function (PCF) during Uu Registration. Security information for discovery messages is provisioned during the key management process.”… “For mobility handling for a relay UE with N3IWF, connection management may be controlled via the relay UE with N3IWF support. When a corresponding PDU Session is established, the 5GS (e.g., the SMF), based on certain parameters (e.g., DNN, S-NSSAI), selects the UPF that ca provide access to the N3IWF”). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over PALADUGU in view of HU (US 20160057108) (hereinafter HU). Regarding claims 7 and 14, PALADUGU does not explicitly disclose the following limitation which is disclosed by HU, comprising: identifying a correspondence between a fully qualified domain name (FQDN) of an endpoint in the telecommunications network and a range of IP addresses that can be used by the user equipment (HU: paragraphs 0003, 0017 and 0029-0032, “DNS based load-balancing solutions provide that each IPsec processing unit has a different gateway address, IPsec clients are provisioned with single gateway Fully Qualified Domain Names (FQDNs), and the DNS server returns a list of addresses in a different order for each IPsec client resolve request.”). PALADUGU and HU are analogous art because they are from the same field of endeavor, secure connection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of PALADUGU and HU before him or her, to modify the system of PALADUGU to include identifying a correspondence between a fully qualified domain name (FQDN) of an endpoint in a telecommunications network and a range of IP addresses that can be used by a user equipment of Hu. The suggestion/motivation for doing so would have been to selectively provisioning secure services across a number of secure service processing units (HU: paragraph 0001). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TRANG T DOAN/Primary Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Dec 30, 2024
Application Filed
Jun 24, 2026
Non-Final Rejection mailed — §102, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683773
CONTROL DEVICE, QUANTUM CRYPTOGRAPHIC COMMUNICATION SYSTEM, CONTROL METHOD, AND COMPUTER PROGRAM PRODUCT
2y 10m to grant Granted Jul 14, 2026
Patent 12671996
UPGRADING CONTROL PLANE NETWORK FUNCTIONS WITH PROACTIVE ANOMALY DETECTION CAPABILITIES
2y 8m to grant Granted Jun 30, 2026
Patent 12664294
CONTROL OF ACCESS TO RESOURCES OF DATA OBJECTS
3y 9m to grant Granted Jun 23, 2026
Patent 12665738
APPARATUS AND METHOD FOR CRYPTOGRAPHY SECURE AGAINST SIDE-CHANNEL ATTACKS
2y 5m to grant Granted Jun 23, 2026
Patent 12665875
NETWORKING AND SECURITY SPLIT ARCHITECTURE
1y 11m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
83%
Grant Probability
99%
With Interview (+17.2%)
3y 4m (~1y 9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 626 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month