TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Download PDFPatent Trials and Appeals BoardJan 20, 20222022000768 (P.T.A.B. Jan. 20, 2022) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 16/968,232 08/07/2020 Vesa LEHTOVIRTA P074283US02 5255 27045 7590 01/20/2022 ERICSSON INC. 6300 LEGACY DRIVE M/S EVR 1-C-11 PLANO, TX 75024 EXAMINER PARK, JUNG H ART UNIT PAPER NUMBER 2411 NOTIFICATION DATE DELIVERY MODE 01/20/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): amber.rodgers@ericsson.com michelle.sanderson@ericsson.com pam.ewing@ericsson.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte VESA LEHTOVIRTA, PABLO MARTINEZ DE LA CRUZ, KARL NORRMAN, PASI SAARINEN, and VESA TORVINEN ____________ Appeal 2022-000768 Application 16/968,2321 Technology Center 2400 _______________ Before HUNG H. BUI, MINN CHUNG, and SCOTT RAEVSKY, Administrative Patent Judges. BUI, Administrative Patent Judge. DECISION ON APPEAL Appellant seeks our review under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 38-63. Appeal Br. 12-20 (Claims App.). Claims 1-37 are canceled. We have jurisdiction under 35 U.S.C. § 6(b). We affirm.2 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42. According to Appellant, Telefonaktiebolaget LM Ericsson, is identified as the real party in interest. Appeal Br. 1. 2 We refer to the Appellant’s Appeal Brief filed March 21, 2021 (“Appeal Br.”); Examiner’s Answer mailed May 7, 2021 (“Ans.”); Final Office Action mailed February 25, 2021 (“Final Act.”); and Specification filed August 20, 2020 (“Spec.”). Appeal 2022-000768 Application 16/968,232 2 STATEMENT OF THE CASE Appellant’s claimed subject matter relates to “techniques and devices for negotiating security mechanism [via Secure Edge Protection Proxy (SEPP) Functions] between security gateways from different networks,” such as first and second Secure Edge Protection Proxies (SEPPs) in a visited public land mobile network (PLMN) and a home PLMN, shown in Figures 1 and 3. Spec. 1:9-11. Figure 1 of Appellant’s Specification is reproduced below with our annotations: Figure 1 depicts SEPP functions 16, 18 implemented at the edge of each PLMN network, i.e., visited PLMN 12 and home PLMN 14 within example 3GPP Service Based Architecture (SBA) 10. Spec. 1:19-26. Appellant’s Figure 3 is reproduced below: Appeal 2022-000768 Application 16/968,232 3 Figure 3 depicts first and second SEPPs 102A, 102B in different networks, i.e., first and second networks 110A, 110B, negotiating a security mechanism for communication. Spec. 7:34-36. Claims 38, 49, 61, and 63 are independent. Representative claim 38 is reproduced below with disputed limitations emphasized and numeral bracketing added for clarity: 38. A method for negotiating a security mechanism with a responding security gateway, the method comprising: in a negotiation stage: [1] establishing a first connection between an initiating security gateway and the responding security gateway, wherein the first connection is configured to provide integrity protection of messages communicated between the initiating security gateway and the responding security gateway; [2] transmitting a request message to the responding security gateway over the first connection, wherein the request message identifies one or more security mechanisms supported by the initiating security gateway; [3] receiving a response message from the responding security gateway over the first connection, wherein the response message identifies an application layer security mechanism selected by the responding security gateway from among the one or more security mechanisms supported by the initiating security gateway; Appeal 2022-000768 Application 16/968,232 4 in a communications stage: communicating signaling messages with the responding security gateway using the selected application layer security mechanism. Appeal Br. 12 (Claims App.). REJECTIONS AND REFERENCES (1) Claims 38-42, 44-46, 48-51, 53, 55-57, and 61-63 stand rejected under 35 U.S.C. § 102(a)(2) as anticipated by Bykampadi et al., US 2019/0260803 A1; published Aug. 22, 2019; “Bykampadi”). Final Act. 2-9. (2) Claims 43, 47, 52, 54, and 58-60 stand rejected under 35 U.S.C. § 103 as being obvious over Bykampadi and Rajadurai et al., US 2020/0221281 A1; published July 9, 2020; “Rajadurai”). Final Act. 10-13. ANALYSIS We review the appealed rejections for Examiner error based upon the issues identified by Appellant and in light of Appellant’s arguments and evidence. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). Arguments not made are waived. See 37 C.F.R. § 41.37(c)(1)(iv) (2020). We disagree with Appellant that the Examiner erred in rejecting claims 38-63 and adopt as our own the findings set forth by the Examiner for these claims to the extent consistent with our analysis herein. Final Act. 2-16; Ans. 3-13. Appeal 2022-000768 Application 16/968,232 5 Independent Claims 38, 49, 61, and 63 In support of the anticipation rejection, the Examiner finds Bykampadi discloses each and every element of independent claims 38, 49, 61, and 63. Final Act. 2-16. In particular, the Examiner finds Bykampadi discloses Appellant’s claimed “method for negotiating a security mechanism with a responding security gateway,” including the disputed limitations: in a negotiation stage: [1] establishing a first connection between an initiating security gateway and the responding security gateway, wherein the first connection is configured to provide integrity protection of messages communicated between the initiating security gateway and the responding security gateway; [2] transmitting a request message to the responding security gateway over the first connection, wherein the request message identifies one or more security mechanisms supported by the initiating security gateway; [3] receiving a response message from the responding security gateway over the first connection, wherein the response message identifies an application layer security mechanism selected by the responding security gateway from among the one or more security mechanisms supported by the initiating security gateway; in a communications stage: [4] communicating signaling messages with the responding security gateway using the selected application layer security mechanism. Id. at 2-5 (citing Bykampandi ¶¶ 12, 46, 50, 51, 71, 91-94, Figs. 4A-4E). Bykampandi’s Figure 3 is reproduced below: Appeal 2022-000768 Application 16/968,232 6 Similar to Appellant’s Figure 1, Bykampadi’s Figure 3 depicts SEPP functions 312, 322 implemented at the edge of each PLMN network, i.e., visited PLMN 310 and home PLMN 330 within an example 3GPP SBA. Bykampadi ¶¶ 45, 46. As shown in Figure 3, SEPP is the entity that resides at the perimeter of the network and performs Application Layer Security (ALS) on information elements (IE) in HyperText Transport Protocol (HTTP) messages before the messages are sent externally over a roaming interface (N32). Bykampadi ¶ 46. Negotiation is carried out as part of the initialization sequence when the two SEPPs initially authenticate each other. Once authentication is complete, each SEPP shares its available cipher suites with the other SEPP. Eventually both agree on a cipher suite to use for confidentiality and integrity protection in SEPP. Bykampadi ¶ 92 (emphasis added). Nevertheless, Appellant presents several principal arguments against Bykampadi. However, we are not persuaded of Examiner error for reasons discussed below. Appeal 2022-000768 Application 16/968,232 7 First, Appellant contends Bykampadi does not disclose “establishing a first connection between an initiating security gateway and the responding security gateway” as recited in claim 38, and similarly recited in claims 49, 61, and 63. Appeal Br. 7-8. According to Appellant, Bykampadi’s FIG. 3 shows a first type of connection between two SEPPs over an N32 interface, while FIG. 4 shows a second type of connection between Network Functions (NFs) and SEPPs. Id. at 8 (emphasis added). Appellant, therefore, argues (1) “Bykampadi’s connection used to convey the HTTP Request is not a connection between two SEPPs but rather the second type of connection between NFs and SEPPs” and (2) “Bykampadi’s SEPP connections [0051] and [0071] are not used during a negotiation stage to transmit a request message with integrity protection,” but rather, “convey application layer traffic after negotiation has been completed and relevant security mechanisms have been agreed.” Id. We do not agree with Appellant. As correctly recognized by the Examiner, “Bykampadi’s connection [shown in Figure 3] used to convey the HTTP message is a connection between two SEPPs,” during a negotiation stage for the purposes of integrity protection in SEPP, that is, “a first connection between an initiating security gate and the responding security gateway . . . to provide integrity protection of messages communicated” as recited in claims 38, 49, 61, and 63. Ans. 3-5 (citing Bykampadi ¶¶ 46, 91, 92, 94). Second, Appellant contends Bykampadi does not disclose, “transmitting a request message to the responding security gateway over the first connection, wherein the request message Appeal 2022-000768 Application 16/968,232 8 identifies one or more security mechanisms supported by the initiating security gateway” and “receiving a response message from the responding security gateway over the first connection, wherein the response message identifies an application layer security mechanism selected by the responding security gateway from among the one or more security mechanisms supported by the initiating security gateway;” as recited in claims 38, 49, 61, and 63. Appeal Br. 9 (emphasis added). According to Appellant, Bykampadi’s HTTP connection in paragraph [0046] is not used to transmit a request message that identifies ‘one or more security mechanisms supported by the initiating security gateway.’ Rather, the HTTP connection merely applies application layer security mechanisms that have been agreed and are known by each SEPP prior to the transmission (See e.g., Bykampadi’s paragraphs [0074] et seq. for an explanation of how those mechanisms are known). Id. (emphasis added). We disagree. In Bykampadi, once a connection is established between the SEPPs at different networks, i.e., vSEPP 312 in VPLMN 310 and hSEPP 322 and hSEPP 322 in HPLMN 320, shown in Figure 3, the SEPPs exchange HTTP messages (i.e., request message and response message) to negotiate and select a security mechanism for communication. Bykampadi ¶¶ 46, 91-99. As recognized by the Examiner, “Bykampadi discloses the method of negotiation for both SEPPs to be configured to agree on which keys to use and how these keys get established in them in several ways as described.” Ans. 8-9 (citing Bykampadi ¶¶ 96-101). Appeal 2022-000768 Application 16/968,232 9 For these reasons, Appellant does not persuade us of Examiner error. Accordingly, we sustain the Examiner’s anticipation rejection of claims 38, 49, 61, and 63 and their respective dependent claims 40-42, 44-46, 48, 50, 51, 53, 55, 56, and 62, which are not argued separately. For the same reasons, we also sustain the Examiner’s obviousness rejection of dependent claims 43, 47, 52, 54, and 58-60 based on the combined teachings of Bykampadi and Rajadurai, which are also not argued separately. Claim 39 depends from claim 38, and further recites “wherein the first connection is one of an integrity protected Transport Layer Security (TLS) connection; and an integrity protected Internet Protocol Security (IPsec) connection.” Appellant argues Bykampadi does not disclose any “transport layer security (TLS).” Appeal Br. 10. We disagree and adopt the Examiner’s position that Bykampadi discloses that “SEPP secures all outgoing traffic by either securing all or some NF control plan traffic on its own or using TLS at the transport layer to secure all traffic.” Ans. 12 (citing Bykampadi ¶¶ 53, 54, 56). CONCLUSION On this record, Appellant does not show the Examiner erred in rejecting (1) claims 38-42, 44-46, 48-51, 53, 55-57, and 61-63 under 35 U.S.C. § 102(a)(1) as anticipated by Bykampadi, and (2) claims 43, 47, 52, 54, and 58-60 under 35 U.S.C. § 103 as obvious over the combined teachings of Bykampadi and Rajadurai. Appeal 2022-000768 Application 16/968,232 10 DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 38-42, 44-46, 48-51, 53, 55-57, 61-63 102 Bykampadi 38-42, 44- 46, 48-51, 53, 55-57, 61-63 43, 47, 52, 54, 58-60 103 Bykampadi, Rajadurai 43, 47, 52, 54, 58-60 Overall Outcome 38-63 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED Copy with citationCopy as parenthetical citation