Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 01/27/2021 have been received and entered. Applicant has amended claims 8, 15, and 19. Amended claims have overcome the objections previously set forth in the Non-Final Office Action mailed October 27th, 2020.  Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 9-11, with respect to  the rejection(s) of the independent claim(s) 1, 8, and 15 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of HUH et al. (US 20170208045), hereinafter HUH in view of Lambert (US 20190089532), hereinafter Lambert.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
 
Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over HUH et al. (US 20170208045), hereinafter HUH in view of Lambert (US 20190089532), hereinafter Lambert.
	 Regarding Claim 1, HUH teaches
Para [0045] According to an aspect of another embodiment, a method of receiving, by a second device, encrypted data, the method includes: receiving a data set including encrypted data and key identification information from a first device; obtaining an encryption key with respect to the first device by using the key identification information; decrypting the encrypted data by using the obtained encryption key);
	receiving a challenge value (Para [0047] The method may further include receiving each of at least one public key and at least one nonce from at least one device including the first device, …);
	combining the authentication key with the challenge value to generate a device ephemeral key (Para [0057] The transceiver may be further configured to share a secret key with the second device, the controller may be further configured to generate the encryption key by using the secret key and the first nonce, and the key identification information may include the first nonce and a value obtained by key-hashing a value, in which the first nonce and the encryption key are combined, by using the first nonce);
	generating, by a processing device, an authentication result for the device based on a combination of the device ephemeral key and the challenge value (Para [0134] In operation 407, the first device generates key identification information k.sub.id by using the encryption key kab, the first nonce, and the second nonce. The key identification information k.sub.id include be a value obtained by hashing a value in which the first and second nonces are combined by using the encryption key. For example, the key identification information may be expressed by kid=|nonce_a.parallel.nonce_b|kab, but is not limited thereto).
	HUH does not explicitly teach a method identifying a base key stored at a device; decrypting the encrypted sequence with the base key to obtain the authentication key; and transmitting the authentication result to a mobile network to authenticate the device.
	In the same field of endeavor, Lambert teaches
	
Para [0028] The CRM 110 includes keys 112, a unique identifier 114, and an authenticator 116 of the computing device 102. The keys 112 may include any suitable type of keys, such as a hardware-based device root key, private keys, public keys, key pairs, and the like. … );
	decrypting the encrypted sequence with the base key to obtain the authentication key (Para [0044] The shared key 216 may be generated by the initiator 202 during an authentication process or other cryptographic exchange with the responder 204. For example, the initiator 202 may generate a master or shared key based on a public key of the responder 204 and a private key, such as private ephemeral key 212. In some cases, the shared key 216 is used to encrypt information prior to transmission to the responder 204 and decrypt information received from the responder 204);
	transmitting the authentication result to a mobile network to authenticate the device (Para [0059] By way of example, consider the computing device 102 (smart-phone) and printer 128 of FIG. 2 in which the devices are configured as an initiator 202 and responder 204, respectively. Here, assume that a user of the smart-phone is attempting to access services of the printer 128. The authenticator 116 transmits, via a network interface 122 (e.g., WLAN) of the smart phone, the public ephemeral key 214 of the initiator 202 to the responder 204. FIG. 4 illustrates an example exchange of this authentication information generally at 400).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of HUH to incorporate the teachings by Lambert such that the method of HUH includes identifying a base key stored at a device; decrypting the encrypted sequence with the base key to obtain the authentication key; and transmitting the authentication result to a mobile network to authenticate the device. One would have been motivated to make such combination so that an encryption key is generated based on the first public ephemeral key and a private ephemeral key of the device. (Lambert, Paragraph [0007]).
Regarding Claims 8 and 15,
Claims 8 and 15 are rejected for similar reasons as in claim 1.
Claims 2, 6, 9, 13, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over HUH et al. (US 20170208045), hereinafter HUH in view of Lambert (US 20190089532), hereinafter Lambert in view of Kocher et al. (US 20140044265), hereinafter Kocher. 
	Regarding claim 2, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
	The combination of HUH and Lambert does not explicitly teach a method wherein the encrypted sequence further comprises one or more instructions and is received by a secure hardware environment from a non-secure environment, the one or more instructions to be performed by the secure hardware component, and wherein the base key is stored within the secure hardware environment at the device at manufacturing of the secure hardware environment and before the encrypted sequence is received.
	In the same field of endeavor, Kocher teaches
	wherein the encrypted sequence further comprises one or more instructions and is received by a secure hardware environment from a non-secure environment, the one or more instructions to be performed by the secure hardware component (Para [0054] In step 145, a SM-enabled IC is manufactured and tested based on the SM-enabled IC design. … As discussed in detail below, the Features may be altered, enabled, disabled, or some combination thereof, as authorized by one or more security keys, via one or more SM commands, or some combination thereof.  Para [0092] FIG. 3 is a block diagram of an exemplary embodiment of a system 300 including a SM core for performing methods described herein. System 300 may include a SM core 305, a secure memory 310, an extractor 320, a bus 360, a processor 355, an extractor interface 375, a key interface 376, a configuration value interface 377, a host memory 370, Features 325, 330, and 335, sub-extractors 340, 345, and 350, register interface 358, tester interface 365, or some combination thereof. The SM-enabled IC includes SM core 305 and secure memory 310, and optionally may include some (or all) of the other elements shown of SM system 300 …. Para [0115] Additionally, crypto module 410 may be configured to verify one or more digital signatures associated with a delegate signed block ("DSB"). A DSB may include, for example, one or more SM commands, a payload (encrypted or unencrypted), one or more keys, or some combination thereof), and
	wherein the base key is stored within the secure hardware environment at the device at manufacturing of the secure hardware environment and before the encrypted sequence is received (Para [0053] In step 142, a SM-enabled IC is designed. As discussed in detail below, the design process may utilize, for example, a configurator, a netlist received from the SM vendor, and a means to generate hardware configuration keys and constants. For example, this generation process may involve the root authority system, e.g. in some embodiments the root authority system can generate a key pair for a public key cryptosystem, where the public key is exported as a hardware configuration key and the private key is retained in the root authority system (e.g., for authorizing delegates). The SM-enabled IC design may include one or more security keys that may be hardwired into the manufactured SM-enabled IC. The SM-enabled IC design may be configured to allow storage for one or more security keys that can be programmed into the manufactured SM-enabled IC (e.g., in steps 150, 155, or both). Para [0115] … After receipt and verification of a valid DSB, crypto module 410 may (as appropriate for the DSB) derive one or more mixed keys, one or more transport keys, one or more validators (e.g., values used for key verification), or some combination thereof, using one or more base keys in the SM-enabled IC. Additionally, crypto module 410 may be configured to combine a plurality of keysplits to form one or more base keys).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of HUH and Lambert to incorporate the teachings by Kocher such that the method of the combination of HUH and Lambert includes wherein the encrypted sequence further comprises one or more instructions and is 
	Regarding claim 6, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
	wherein the encrypted sequence corresponds to a first subscriber, the method further comprising: in response to a request to authenticate the device with a second subscriber, receiving a second encrypted sequence comprising a second authentication key that corresponds to the second subscriber (Kocher, Para [0115] Additionally, crypto module 410 may be configured to verify one or more digital signatures associated with a delegate signed block ("DSB"). ... After receipt and verification of a valid DSB, crypto module 410 may (as appropriate for the DSB) derive one or more mixed keys, one or more transport keys, one or more validators (e.g., values used for key verification), or some combination thereof, using one or more base keys in the SM-enabled IC. Additionally, crypto module 410 may be configured to combine a plurality of keysplits to form one or more base keys. Para [0159] Key management functionality may be used to securely deliver payloads, for example secret keys or other values. Destinations may include software executing on the SM-enabled IC, hardware blocks, or even other parts of a device containing the SM-enabled IC. …); and
	decrypting the second encrypted sequence with the same base key that was used to decrypt the encrypted sequence corresponding to the first subscriber, the decrypting of the second encrypted sequence being to obtain the second authentication key (Kocher, Para [0116] Additionally, in some embodiments, the RSB and/or DSB may contain encrypted payload portion(s). In this embodiment, crypto module 410 may be configured to decrypt and validate the encrypted payload portion(s), e.g. using base keys or keys derived from base keys).
	The motivation/rationale to combine the references is similar to claim 2 above.
Regarding Claims 9 and 16,
Claims 9 and 16 are rejected for similar reasons as in claim 2.
Regarding Claims 13 and 20,
Claims 13 and 20 are rejected for similar reasons as in claim 6.
Claims 3, 5, 7, 10, 12, 14, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over HUH et al. (US 20170208045), hereinafter HUH in view of Lambert (US 20190089532), hereinafter Lambert in view of Zhang et al. (US 10420055), hereinafter Zhang.
	Regarding claim 3, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
	The combination of HUH and Lambert does not explicitly teach a method wherein receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device; and selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different subscriber.
	In the same field of endeavor, Zhang teaches
	wherein receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device (Col. 1, lines 51-60, There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS)) ; and
	selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different subscriber (Col. 1, lines 61-67,  The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Kocher and Lim to incorporate the teachings by Zhang such that the method of the combination of Kocher and Lim includes wherein is capable of receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device; and selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different subscriber. One would have been motivated to make such combination so that the device root key may be derived using the device identifier and a subscriber root key associated with the IMSI (Zhang, Col. 8, lines 43-45).
	Regarding claim 5, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
Zhang, Col. 5, lines 59-67,  Col.6, lines 1-6,To change the device 400 from state 402 to state 404, a non-operational profile (NOP) 410 comprising a shared IMSI 412 and a device root key, KD, 414 uniquely associated with the device 400 are received by the device 400 from an SM-DP server. The device receives the NOP 410, shared IMSI 412 and device root key 414 by subscription manager secure routing (SM-SR) using local connectivity such as a universal serial bus (USB) connection or a wireless local area network (WLAN) or other suitable method of local connectivity. The NOP 410 is installed at the device 400, for example in a factory or retail store, and the customer receives the device in state 404. In state 404, the NOP 410 enables the device 400 to access limited services from the cellular network such as services for downloading a fully operational profile.  Col. 6, lines 20-26, FIG. 6 shows a method 600 of SIM provisioning at a device such as the device 122 of FIG. 1. The method 600 is performed at the device and uses the signaling procedure 200 of FIG. 2. At block 208, the device transmits a key request to a provisioning server and, at block 214, receives a device root key associated with the device from the provisioning server).
	The motivation/rationale to combine the references is similar to claim 3 above.
	Regarding claim 7, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
	wherein the challenge value corresponds to a random number received from a provisioning server, the challenge value being further received by the mobile network, the method further comprising: receiving a request, from the mobile network, for an identification associated with the device; and transmitting the identification from the device to the mobile network, the identification to be used by the mobile network to retrieve a copy of the authentication key that is stored at the mobile Zhang, Col. 1, lines 51-60, There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS).  Col. 3, lines 40-51, FIG. 1 shows a communications network 100 in which various examples may be implemented. The communications network 100 comprises a first HSS 102, a second HSS 104, and a cellular network 106 of a mobile network operator. Each of the first HSS 102 and the second HSS 104 comprise an HSS as defined in the 3GPP standards. The first HSS 102 comprises a key derive module 108, a key transmit module 110, an authentication request receive module 112 and an authentication request transmit module 114, and is connected to the cellular network 106. The second HSS 104 comprises a key receive module 116, an authentication request receive module 118 and an AKA module 120).
	The motivation/rationale to combine the references is similar to claim 3 above.
Regarding Claims 10 and 17,
Claims 10 and 17 are rejected for similar reasons as in claim 3.
Regarding Claims 12 and 19,
Claims 12 and 19 are rejected for similar reasons as in claim 5.
Regarding Claim 14,
Claim 14 is rejected for similar reasons as in claim 7.
Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over HUH et al. (US 20170208045), hereinafter HUH in view of Lambert (US 20190089532), hereinafter Lambert in view of Nix et al. (US 20170373845), hereinafter Nix in view of Sundaram et al. (US 20110016321), hereinafter Sundaram.
	Regarding claim 4, the combination of HUH and Lambert teaches all the limitations of claim 1 above,
	The combination of HUH and Lambert does not explicitly teach a method wherein generating the authentication result for the device comprises: receiving an identification of the mobile network from a plurality of mobile networks associated with the device.
	 In the same field of endeavor, Nix teaches
	wherein generating the authentication result for the device comprises: receiving an identification of the mobile network from a plurality of mobile networks associated with the device (Para [0171] As contemplated herein, a set of cryptographic parameters 126 could also include values for a module 101 to authenticate or communicate with one or multiple wireless networks 102. Para [0108] Module identity 110 is preferably a unique identifier of module 101, and could comprise a number or string such as, but not limited to, a serial number, an international mobile subscriber identity number (IMSI), international mobile equipment identity (IMEI), or an Ethernet media access control (MAC) address. … Module identity 110 can function as a basic identifier for services from mobile network operator 108, wireless network 102, eUICC subscription manager 164, and/or server 105 in order to properly identify module 101 among a plurality of modules. Module private key 112 and module public key 111 could be unique to module 101 and uniquely associated with module identity 110, according to a preferred embodiment).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of HUH and Lambert to incorporate the teachings by Nix such that the method of the combination of HUH and Lambert includes wherein generating the authentication result for the device 
	The combination of HUH and Lambert and Nix does not explicitly teach a system selecting an authentication process from a plurality of authentication processes stored at the device, the authentication result being generated by combining the device ephemeral key with the challenge value by using the selected authentication process from the plurality of authentication processes stored at the device.
	In the same field of endeavor, Sundaram teaches
	selecting an authentication process from a plurality of authentication processes stored at the device, the authentication result being generated by combining the device ephemeral key with the challenge value by using the selected authentication process from the plurality of authentication processes stored at the device (Para [0148] (i) Mutual Authentication: The device registers with the network, through a mutual authentication protocol using a Network Access Identity (NAI). The registration and authentication process is managed by authentication infrastructure that is owned and operated by the M2M operator. That is, when the access network receives a registration request it will recognize the NAI as belonging to the M2M operator and use it to route authentication protocol packets to the appropriate M2M authentication server. In other words, the device will be treated similar to a `roaming mobile` in contemporary cellular networks. Alternatively, the access network may receive authentication data, including nonces, challenge responses and session keys from the M2M authentication server for the specific device and hence may be able to locally proxy the authentication process. Overall, this step ensures that the link layer authentication requirements are met).

Regarding Claims 11 and 18,
Claims 11 and 18 are rejected for similar reasons as in claim 4.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491