Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 2/7/2019.
  Claims 1-13 are examined and rejected.  

Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 2/17/2019 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS statement has been considered by the Examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-13 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2012/0084565 to Wittenberg et al (hereinafter “Wittenberg’) and in view of by U.S. Publication 2018/0167208 to LaSaint et al (hereinafter “LeSaint”).  
As per claim 1 Wittenberg teaches, a method for checking at the level of a service provider if a terminal application comprised in a terminal is entitled to request for a service provided by said service provider (Wittenberg Fig 1 element 106 teaches service provider and element 104 device for service request and as described in para 32-36), a security element cooperating with said terminal, said security element containing a first key generated by said terminal application  during an enrolment phase (Wittenberg teaches Fig 1 element 104 device element 102 application (interpreted as terminal application) and element 106 as service provider.  Further described in para 32-40 and claim 20 teaches registering device with service provider), wherein said method comprises:
A- Sending, from said service provider to said security element, a first message Pubkey4SIM (Wittenberg teaches Fig 1D para 45 where UID with public key), where:
- Nonce4MobileApp and Nonce4SIM are data generated by said service provider (Wittenberg teaches para 45-46 where two nonces are sent to user / device NSPdev and NSP user). 
Wittenberg does not teach however LeSaint teaches, 
Pubkey4app and Pubkey4SIM are respectively the public keys of said terminal application and of said security element (LeSaint Fig 5 element 503 and 504 teaches two public keys and para 98-99 – element 503 teaches UD Eph Pub Key and element 504 PS Pub key both interpreted as Pubkeyapp key and PubkeySim Key); 
B- Decrypting said first message in said security element with the private key of said security element (LeSaint element 505 as response which includes element 622 and 626 – two private keys para 110 – 113 which includes two private key with security application);
C- Sending from said security element to said terminal application said decrypted first message encrypted by said first key (LeSaint element 602 para 116 where authentication server is bineded by element 6023 server public key);
D- Decrypting in said terminal application the received message with a second key and decrypting said Nonce4MobileApp with the private key of said terminal application (LeSaint element 604 para 122 and 127 teaches authentication public key with blind user device key); 
E- Sending from said terminal application to said service provider said data Nonce4MobileApp and said Nonce4SIM (LeSaint element 606 para 125 user device with encrypted authentication response to server 660); 
F- Checking by said service provider that the received data Nonce4MobileApp and Nonce4SIM correspond to those sent at step A and (LeSaint element 606 and 608 para 125-126 teaches signature verification between authentication server, authentication public key and matching of authentication challenge and signature verificaiton);  
(LeSaint para 145-147, 220 teaches device authorization to securely bind with server for access to service – which covers the claimed limiation);
-    if said data do not correspond, consider that said service provider cannot trust said terminal application and forbid said service to be executed (LeSaint para 145-147, 220 – teaches two scenarios if key mechanism is validate for secure access and if key’s are not validated user / device are not given access to service).
Wittenberg teaches binding of security device and server with exchange of secure keys (abstract).  Wittenberg does not teach however LeSaint teaches use of nonce and multiple key protocols for device and service authentication (abstract). Wittenber – LeSaint are analogous art because they are from device / user authentication and secure access system. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Wittenberg - LeSaint before him or her, to combine Wittenberg’s teaching of user authentication and server and security keys with LeSaint’s device authentication with multiple key protocols. The suggestion/motivation for doing so would have been to prevent attacker to intercept authentication data for illicit purpose or prevent use of man in the middle attack (LeSaint para 2). 
As per claim 2 combination of Wittenberg - LeSaint teaches, the method according to claim 1, wherein said first key is function of a masterkey and a PIN code entered by the user of said terminal (Wittenberg para 30 and 32 teaches use of PIN associated with public key or fingerprint interpreted as PIN code).
As per claim 3 combination of Wittenberg - LeSaint teaches, method according to claim 1, wherein said first key is sent to said security element by said terminal application through an external server (Wittenberg Fig 1 B element 122 and 124 para 38-39 teaches device challenge with private key which is interpreted as first by terminal application of claimed limitation).
As per claim 4 combination of Wittenberg - LeSaint teaches, method according to claim 3, wherein said security element, after having received said first key, sends a challenge to said terminal application (Wittenberg Fig 1D element 144 para 45 teaches return of challenge), said terminal application encrypts said challenge’s response with said first key and sends the encrypted response to said security element (Wittenberg Fig 1D element 146, para 46 teaches service provider and device challenge), said security element decrypts the received encrypted response (Wittenberg Fig 1D element 148, para 46 teaches response to challenge using secret key) and stores said first key if the decrypted response matches what’s expected by said security element (Wittenberg Fig 1D element 150 para 46 teaches response to multi-leg challenge response using token and secure key protocols).
As per claim 5 Wittenberg teaches, Security element (Wittenberg Fig 1B element 102 para 37 teaches application (interpreted as security element)) cooperating with a (Wittenberg Fig 1B element 104 para 37-40), said security element containing a first key generated by a terminal application (Wittenberg Fig 1B element 124 para 37-40) comprised in said terminal, said security element comprising a microprocessor storing instructions dedicated to: 
A- Receive, from a service provider, a first message Pubkey4SIM (Wittenberg Fig 1D element 144 para 45-47), where:
-    Nonce4MobileApp and Nonce4SIM are data generated by said service provider (Wittenberg Fig 1D element 144 –N Dev and NUser para 45-47);
Wittenberg does not teach however LeSaint teaches, 
-    Pubkey4app and Pubkey4SIM are respectively the public keys of said terminal application and of said security element (LeSaint Fig 5 element 503 and 504 teaches two public keys and para 98-99 – element 503 teaches UD Eph Pub Key and element 504 PS Pub key both interpreted as Pubkeyapp key and PubkeySim Key);
B - Decrypt said first message with the private key of said security element (LeSaint element 505 as response which includes element 622 and 626 – two private keys para 110 – 113 which includes two private key with security application); and 
(LeSaint element 602 para 116 where authentication server is bineded by element 6023 server public key).
Wittenberg teaches binding of security device and server with exchange of secure keys (abstract).  Wittenberg does not teach however LeSaint teaches use of nonce and multiple key protocols for device and service authentication (abstract). Wittenber – LeSaint are analogous art because they are from device / user authentication and secure access system. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Wittenberg - LeSaint before him or her, to combine Wittenberg’s teaching of user authentication and server and security keys with LeSaint’s device authentication with multiple key protocols. The suggestion/motivation for doing so would have been to prevent attacker to intercept authentication data for illicit purpose or prevent use of man in the middle attack (LeSaint para 2). 
Claim 6, 
Claim 6 is rejected in accordance with claim 2.
Claim 7, 
Claim 7 is rejected in accordance with claim 3.
Claim 8, 
Claim 8 is rejected in accordance with claim 4.
As per claim 9 Wittenberg teaches, Server of a service provider able to check if a terminal application comprised in a terminal is entitled to request for a service provided by said service provider (Wittenberg Fig 1 element 106 teaches service provider and element 104 device for service request and as described in para 32-36), a security element cooperating with said terminal (Wittenberg teaches Fig 1 element 104 device element 102 application (interpreted as terminal application) and element 106 as service provider.  Further described in para 32-40 and claim 20 teaches registering device with service provider), said security element containing a first key generated by said terminal application during an enrolment phase (Wittenberg Fig 1B element 120. Further Fig 1 element 104 device element 102 application (interpreted as terminal application) and element 106 as service provider.  Further described in para 32-40 and claim 20 teaches registering device with service provider), said server comprising one or more microprocessors for:
A- Sending, from said service provider to said security element, a first message Pubkey4SIM (Wittenberg Fig 1D element 144 para 45 teaches return of challenge), where:
-    Nonce4MobileApp and Nonce4SIM are data generated by said service provider (Wittenberg para 45-46 where two nonce’s are sent to user / device NSPdev and NSP user and Fig 1D element 144 N Dev and NUser para 45-47)
Wittenberg does not teach however LeSaint teaches, 
 Pubkey4app and Pubkey4SIM are respectively the public keys of said terminal application and of said security element (LeSaint Fig 5 element 503 and 504 teaches two public keys and para 98-99 – element 503 teaches UD Eph Pub Key and element 504 PS Pub key both interpreted as Pubkeyapp key and PubkeySim Key);
B- Receiving from said terminal application said data Nonce4MobileApp and said Nonce4SIM (LeSaint element 602 para 116 where authentication server is bound by element 6023 server public key);
C- Checking that the received data Nonce4MobileApp and Nonce4SIM correspond to those sent at step A (LeSaint element 606 and 608 para 125-126 teaches signature verification between authentication server, authentication public key and matching of authentication challenge and signature verification) and,
-    if said data correspond, consider that said service provider can trust said terminal application and authorize said service to be executed (LeSaint para 145-147, 220 teaches device authorization to securely bind with server for access to service – which covers the claimed limitation);
-    if said data do not correspond, consider that said service provider cannot trust said terminal application and forbid said service to be executed (LeSaint para 145-147, 220 – teaches two scenarios if key mechanism is validate for secure access and if key’s are not validated user / device are not given access to service).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Wittenberg - LeSaint before him or her, to combine Wittenberg’s teaching of user authentication and server and security keys with LeSaint’s device authentication with multiple key protocols. The suggestion/motivation for doing so would have been to prevent attacker to intercept authentication data for illicit purpose or prevent use of man in the middle attack (LeSaint para 2). 
As per claim 10 Wittenberg teaches, Terminal application (Wittenberg Fig 1B element 102 para 37 teaches application (interpreted as security element)) comprised in a terminal (Wittenberg Fig 1B element 104 para 37-40), said terminal  cooperating with a security element, said security element containing a first key generated by said terminal application during an enrolment phase (Wittenberg Fig 1B element 124 para 37-40), said terminal application being configured to:
A- Receive from said security element, a first message PSK-SIM-App (Wittenberg Fig 1B element 124 para 37-40), where:
(Wittenberg Fig 1D element 146 and 144 para 45-47). 
Wittenberg does not teach however LeSaint teaches, 
-    Pubkey4app and Pubkey4SIM are respectively the public keys of said terminal application and of said security element (LeSaint Fig 5 element 503 and 504 teaches two public keys and para 98-99 – element 503 teaches UD Eph Pub Key and element 504 PS Pub key both interpreted as Pubkeyapp key and PubkeySim Key); 
-    PSK-SIM-App is said first key (LeSaint Fig 5 element 503 and 504 teaches two public keys and para 98-99 – element 503 teaches UD Eph Pub Key and element 504 PS Pub key both interpreted as Pubkeyapp key and PubkeySim Key);
B- Decrypt said first message which contains Nonce4SIM with a second key and decrypt said data Nonce4MobileApp with the private key of said terminal application (LeSaint element 505 as response which includes element 622 and 626 – two private keys para 110 – 113 which includes two private key with security application);
C- Send to said service provider said data Nonce4MobileApp and said Nonce4SIM or a function thereof (LeSaint para 145-147, 220 teaches device authorization to securely bind with server for access to service – which covers the claimed limitation).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Wittenberg - LeSaint before him or her, to combine Wittenberg’s teaching of user authentication and server and security keys with LeSaint’s device authentication with multiple key protocols. The suggestion/motivation for doing so would have been to prevent attacker to intercept authentication data for illicit purpose or prevent use of man in the middle attack (LeSaint para 2). 
Claim 11, 
Claim 11 is rejected in accordance with claim 2.
Claim 12, 
Claim 12 is rejected in accordance with claim 3.
As per claim 13 combination of Wittenberg - LeSaint teaches, Terminal application according to claim 12, wherein it the application is configured to:
receive a challenge from said security element; 
encrypt a response with said first key (Wittenberg Fig 1D element 146 para 46 encrypted response from application to device); and 
(Wittenberg Fig 1D element 148 para 48).
Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Choyi et al US Publication 2017/0012778 discloses end to end authentication with service enabling function with trusted entity and entity. 
Prakash et al US Publication 2017/0063975 discloses securely binding application to a device with identifiers, server and key mechanism. 
Stahl et al US Publication 2016/0373418 discloses secure authentication of device, server with credentials and device public key protocol. 
Ponsini et al US Publication 2016/0134660 discloses secure connection of user, device, application with trusted UI session. 
Rombouts et al US Patent 9,584,514 discloses secure binding of secure application to mobile device with SIM based security. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/VIRAL S LAKHIA/Examiner, Art Unit 2431