T-Mobile USA, Inc.Download PDFPatent Trials and Appeals BoardAug 2, 20212020004226 (P.T.A.B. Aug. 2, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/982,448 05/17/2018 Yousif Targali TM2-0601US 4872 132935 7590 08/02/2021 Lee & Hayes, P.C. 601 W. Riverside Avenue Suite 1400 Spokane, WA 99201 EXAMINER HANNAN, B M M ART UNIT PAPER NUMBER 3664 NOTIFICATION DATE DELIVERY MODE 08/02/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): lhpto@leehayes.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte YOUSIF TARGALI ____________ Appeal 2020-004226 Application 15/982,448 Technology Center 3600 ____________ Before JOHN C. KERINS, EDWARD A. BROWN, and BENJAMIN D. M. WOOD, Administrative Patent Judges. BROWN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant1 seeks review under 35 U.S.C. § 134(a) of the Examiner’s decision rejecting claims 5–9, 13, and 23.2 We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies T-Mobile, USA, Inc., as the real party in interest. Appeal Br. 3. 2 Claims 1–4 and 14–22 are withdrawn from consideration. Claims 10 and 12 are objected to as being dependent on a rejected base claim, but indicated to contain allowable subject matter. Final Act. 1, 19. Appeal 2020-004226 Application 15/982,448 2 CLAIMS Claims 5 and 23 are independent. Claim 5, reproduced below, illustrates the claimed subject matter. 5. A first network node associated with an access network, the first network node comprising: a communications interface; and a control unit configured to perform operations comprising: receiving, from a network terminal, an attach request comprising identification data and verification data; transmitting, to a second network node, the identification data; receiving, from the second network node, identity data associated with the network terminal, wherein the identity data comprises at least one of a subscriber identifier (SID) and a terminal identifier (TID); determining that the identity data corresponds with the verification data; and in response, transmitting an authentication request to the network terminal. Appeal Br. 21 (Claims App.). REJECTION Claims 5–9, 13, and 23 stand rejected under 35 U.S.C. § 103 as being unpatentable over Cook (US 2009/0282251 A1, published Nov. 12, 2009) and 3GPP TR 33.899 V1.3.0, 2017-08 (2017-08) (“3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on the security aspects of the next generation system” (Release 14)) (hereinafter, “TR 33.899”). Final Act. 10. Appeal 2020-004226 Application 15/982,448 3 ANALYSIS Claims 5–9 and 13 Claim 5 is directed to a first network node comprising a control unit configured to perform multiple “operations.” Appeal Br. 21 (Claims App.). The Examiner finds that Cook discloses a first network node (visited network 104, 204) comprising a control unit3, and a second network node (home network 206) and a network terminal (mobile station 202) which communicate with the control unit. Final Act. 10–11 (citing Cook Figs. 1, 2); Ans. 3–4. The Examiner finds that the control unit in Cook is configured to perform most of the operations recited in claim 5. Final Act. 10–11; Ans. 4– 5. As for the operation of “receiving, from a network terminal, an attach request comprising identification data and verification data” (“first receiving operation”), the Examiner finds that, in Cook: “the mobile station may send a service request to a visited network node to establish a data service requiring authentication from a home network 702. The request may include a unique identifier or credentials for the wireless mobile station, such as an IMSI or MIN, which allows the home network to verify that the wireless mobile station is in fact a subscriber of the operator of the home network.” Final Act. 10–11 (citing Cook ¶ 70) (italics omitted). As for the operation of “transmitting, to a second network node, the identification data” (“transmitting operation”), the Examiner finds that Cook discloses that “the Visited network [sends identification data to Home Network to verify Authentication request, wherein the identification data includes the mobile 3 The Examiner interprets the term “control unit” under 35 U.S.C. § 112(f). Final Act. 8. The Examiner determines that the corresponding structure of the control unit is provided in paragraph 63 of the Specification. Id. at 9. Appeal 2020-004226 Application 15/982,448 4 station identifier/identification/IMSI/ESN/MIN [construed as identification data as claimed]].” Ans. 4 (citing Cook ¶ 70, Fig. 2) (boldface omitted). As for the operation of “receiving, from the second network node, identity data associated with the network terminal, wherein the identity data comprises at least one of a subscriber identifier (SID) and a terminal identifier (TID)” (“second receiving operation”), the Examiner concedes that Cook does not explicitly state that visited network 204 (first network node) receives, from home network 206 (second network node), identity data associated with the network terminal. Id. at 5. Additionally, the Examiner finds that Cook discloses the operation of “determining that the identity data corresponds with the verification data” (“determining operation”). Final Act. 11 (citing Cook ¶ 70); Ans. 5 (“the Visited Network communicating with the Home Network to verify whether the wireless mobile station is in fact a subscriber of the operator of the home network”). The Examiner appears to find that TR 33.899 teaches the recited second receiving operation. Final Act. 12; Ans. 5 (“‘the VPLMN [i.e., first network node] receives SUPI [subscriber permanent identifier] and R from HPLMN [i.e., second network node]’”) (citing TR 33.899, p. 415, section 5.7.4.7.2.3) (emphasis omitted); Ans. 5. However, the Examiner explains, “TR 33.899 is only relied upon in the rejection for the teaching of ‘identity data associated with the network terminal, wherein the identity data comprises at least one of a subscriber identifier (SID) and a terminal identifier (TIO).” Final Act. 5 (emphasis added). That is, TR 33.899 is not relied on as teaching the entire second receiving operation. The Examiner concludes that it would have been obvious to one of ordinary skill in the art to modify Cook in view of TR 33.899’s teaching of identity data “to receive at [the] VPLMN [first network], UE ID/SUPI from HPLMN [i.e., second Appeal 2020-004226 Application 15/982,448 5 network], so the VPLMN may calculate hash hxres and confirm the result that HPLMN has not cheated, once VPLMN has received the needed input from the HPLMN, which mitigate man-in-the-middle attack.” Id. at 12. Appellant contends that the Examiner has not established a prima facie case that the combination teaches or suggests a control unit that is configured to perform all operations recited in claim 5. Appeal Br. 10–11. Appellant contends that the Examiner has improperly cited functions performed together by the home network and the visited network in Cook as being the same functions as those performed by the claimed control unit. Id. at 11. In that regard, Appellant points out that the rejection cites forwarding of the authentication request, by the visited network to the home network, as teaching the transmitting operation, yet cites the verification of the wireless network station, by the home network, as teaching the determining operation. Id. at 11–12. Appellant notes that the Examiner “states that . . . ‘the home network verifies the wireless mobile station is in fact a subscriber of the home network.’” Id. at 12 (citing Final Act. 11); Reply Br. 2–3. Thus, neither the visited network nor the home network in Cook performs all recited functions of the claimed control unit. Appeal Br. 12 Appellant further contends that the operations of the separate networks in Cook cannot be taken together to teach or suggest the claimed control unit because claim 5 recites that “the control unit transmits identification data to a second network node, not to itself,” and “the home network cannot be cited as the claimed second network node and be cited as performing the functions of the claimed control unit.” Appeal Br. 12. That is: Under Becton, the home network cannot teach or suggest both the “second network node” to which the control unit of the Appeal 2020-004226 Application 15/982,448 6 first network node transmits “identification data” and teach or suggest the “control unit” of the first network node that “determin[es] that the identity data corresponds with the verification data.” Id. at 13 (citing Becton, Dickinson & Co. v. Tyco Healthcare Grp., LP, 616 F.3d 1249, 1254 (Fed. Cir. 2010)). The Examiner responds that Figure 2 of Cook teaches that visited network 204 receives an authentication request from mobile station 202 (step 212) including a unique identifier or credentials for the wireless mobile station, such as an IMSI or MIN. Ans. 8 (citing Cook ¶ 15, 70). The Examiner submits that Figure 2 and paragraph 70 of Cook disclose that visited network 204 forwards the authentication request message to home network 206 in order to verify with home network 206 whether the wireless mobile station is a subscriber of the home network operator, and, additionally, other information about the mobile station. Id. Thus, the Examiner finds, Cooks teaches that “the Visited Network 204 transmits identification data to the Home Network/second network node and ‘determining that the identity data corresponds with the verification data’ as claimed.” Id. (boldface omitted). Appellant’s contentions are persuasive. Cook discloses that the unique identifier or credentials allow the home network to verify that the mobile station is a subscriber of the operator of the home network, that is, “the mobile station is ‘authenticated’ by the home network based on its credentials and its roaming status.” Cook ¶ 70. We agree with the Examiner that Cook discloses: (a) visited network 204 receives identification data from mobile station 202, (b) visited network 204 transmits identification data to home network 206, and (c) determining (verifying) the identity of the mobile station as a subscriber of the home network operator. However, claim 5 Appeal 2020-004226 Application 15/982,448 7 requires function (c) to be performed by the control unit, whereas Cook’s home network (i.e., “second network node”) performs this operation. Even if Cook were modified to result in the visited network receiving the recited identify data from the home network, this would not cure the deficiency in the rejection because the Examiner does not establish by a preponderance of the evidence that Cook discloses or suggests the claimed determining operation performed by the control unit. Appellant also points out that Figure 2 of Cook shows that the return message from the home network 206 (step 218) is not “identity data associated with the network terminal,” as recited in claim 5. Reply Br. 3. Rather, home network 206, not visited network 204, performs the authentication and the return message is merely a denial of authentication request forwarded to mobile station 202. Id. Thus, Cook’s visited network does not “determin[e] that the identity data corresponds with the verification data,” as recited by claim 5. Id. These contentions are also persuasive. In the Examiner’s Answer, the Examiner states: Regarding the control unit, Cook teaches control unit in both Visited network and Home Network to perform the claim function. The home Network may be a visited Network for some user and the Visited Network may be a home network for other user and both networks having control unit that are capable to do the same function as claimed. Hence, the teaching of Cook’s Control unit performs the determination step as claimed. Ans. 7. Appellant replies that because the operations of the claimed control unit are performed in regard to the same “network terminal” and “attach request comprising identification data and verification data,” the claimed functions cannot be bifurcated into operations performed for different users Appeal 2020-004226 Application 15/982,448 8 (or network terminals) or different attach requests. Reply Br. 4. Appellant submits that because neither Cook’s visited network nor home network performs all the recited functions of the control unit, Cook fails to teach or suggest either the visited network or the home network includes a control unit configured to perform operations comprising both the transmitting and determining operations, as recited in claim 5. Id. These contentions are also persuasive. Appellant further contends that TR 33.899 does not cure the deficiencies of Cook. Appeal Br. 13. Appellant points out that the Examiner states in the Final Action that TR 33.899 is only relied on as teaching or suggesting “the specific nature of the claimed ‘identity data,’” as recited in the second receiving operation. Id. at 11, 13–14; Reply Br. 6. As discussed, this reliance on TR 33.899 does not establish that the combination meets all recited limitations. In the rejection described in the Final Action, the Examiner does not explicitly propose modifying Cook to result in the visited network, not the home network, performing the determining operation. Accordingly, we agree with Appellant that the Examiner’s reliance on TR 33.899 in the Final Action does not cure the deficiency in Cook. In the Examiner’s Answer, the Examiner maintains that TR 33.899 teaches the second receiving operation. Ans. 5. However, the Examiner, apparently for the first time, finds that TR 33.899 teaches the claimed determining operation “upon receiving the identify data of the network terminal from the second network node.” Id. (citing TR 33.899, p. 415, section 5.7.4.7.2.3). As discussed, the Examiner also finds that Cook discloses the determining operation. Final Act. 11; Ans. 5 (“the Visited Network communicating with the Home Network to verify whether the Appeal 2020-004226 Application 15/982,448 9 wireless mobile station is in fact a subscriber of the operator of the home network”). To the extent the Examiner is proposing an alternative rejection that is based on this new finding as for TR 33.899, the Examiner does not appear to explain how Cook would be modified such that the visited network, rather than the home network, performs the claimed second receiving operation, as well as the claimed determining operation. See Ans. 5–6. Nor does the Examiner appear to explain why one of ordinary skill in the art would have further modified Cook based on this new finding. See id. Rather, the Examiner appears to only discuss what TR 33.899 teaches. Appellant disagrees that the Examiner’s new reliance on section 5.7.4.7.2.3 of TR 33.899 in the Examiner’s Answer teaches or suggests modifying Cook to shift the performance of the authentication from the home network to the visited network (i.e., the visited network instead of the home network performs the claimed determining operation). Reply Br. 6. Appellant contends that the Examiner cites the sending of a decrypted SUPI from the HPLMN to the VPLMN, and the VPLMN using that received decrypted SUPI in a comparison to verify the decrypted SUPI (“cited process”). Appeal Br. 6. Based on the Examiner’s findings that the VPLMN and the HPLMN in TR 33.899 are a first network node and a second network node, respectively, and that the SUPI is a “subscriber permanent identifier” (Final Act. 12), we understand the Examiner’s position is that TR 33.899 discloses sending a decrypted SUPI from a second network node to a first network node, and that the first network node uses the decrypted SUPI in a comparison to verify the decrypted SUPI. Appellant submits that the Examiner has taken the cited section of TR 33.899 out of context. Reply Br. 6. We understand Appellant’s position to be that, in TR 33.899, the user equipment (UE) has already been Appeal 2020-004226 Application 15/982,448 10 authenticated before the cited process is performed, and so the operations of the VPLMN (first network node) in the process are not part of the authentication. Appellant also contends that the process requires the UE to not be malicious, which cannot be assumed in Cook. Id. at 6–7. Appellant submits that revealing a subscriber identifier (transmission of a decrypted SUPI) to a VPLMN and the verification of the decrypted SUPI by the VPLMN does not teach or suggest modifying Cook to shift the authentication from the home network (second network node) to the visited network (first network node). We agree with Appellant that the Examiner has not articulated an adequate rationale for the alternative rejection of claim 5 for these additional reasons. Thus, we do not sustain the rejection of claim 5, and claims 6–9 and 13 depending therefrom, as unpatentable over Cook and TR 33.899. Claim 23 Claim 23 is directed to a system comprising an access node comprising substantially the same limitations recited in claim 5. The Examiner relies on substantially the same findings and reasoning as for claim 5. Final Act. 17–19; Ans. 12–17. Accordingly, we do not sustain the rejection of claim 23 as unpatentable over Cook and TR 33.899 for substantially the same reasons as those discussed for claim 5. Appeal 2020-004226 Application 15/982,448 11 CONCLUSION The Examiner’s rejection is reversed. DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 5–9, 13, 23 103 Cook, TR 33.899 5–9, 13, 23 REVERSED Copy with citationCopy as parenthetical citation