Detailed Action

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to Application with case number 16/432770, filed on 6/5/2019 in which claims1-18 are presented for examination.
Status of Claims
	Claims 1-18 are pending, of which claims 1, and 10 are in independent form.
Specification
The examiner notes that the Specification does not include any URL links and Trademark terms requiring capitalization.
The examiner notes that the abstract is in narrative form and is limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The examiner also notes that Abstract includes no legal phraseology.
The examiner notes no claims invokes 35 USC § 112 6th paragraph.
Claim 10 is directed to a device comprising at least one processor; a memory and a HSM and, thus claim 10 and dependent claims 11-18 meet the requirement of 35 USC § 101.
IDS
References cited in the IDS filed on 8/25/2020 have been considered by the examiner.
Priority
Applicant’s claim for benefit of priority based on Korean patent application KR10-2018-0169313 filed on 12/26/2018 is acknowledged by the examiner.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “20” has been used to designate both EMF and MEF in Fig. 2 of Drawings.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-2, 6-11, 15-18 is/are rejected under 35 U.S.C. 102a(1) as being anticipated by OneM2M (“OneM2M Technical Specification”, 20014, pp. 1-91, oneM2M-TS-0003-Security_Solutions-V-2014-08) hereinafter OneM2M

As to claim 1, OneM2M teaches a method of performing authentication using a hardware security module (HSM) (e.g., UICCs specified in ETSI TS 102 671 as described in page 23 of OneM2M, 6.2.3.1 Security Pre-Provisioning) in a one machine-to-machine (oneM2M) environment (see page 47 Centralized Key Distribution Server Handshake “In case of GBA_U, the M2M Secure Connection Key (Kc) shall be Ks_int_NAF if  HTTP Client application resides in the UICC.”; see also pages 47-57 on 8.3 Remote Security Provisioning Frameworks), the method comprising: 
extracting a symmetric key stored in the HSM (e.g., UICC) using a security application programming interface (API) (see page 24, 6.2.5.2 Secure Storage “Data securely stored by the AE or CSE shall only be accessible through the security API and by authorized entities.”; see also page 36, 8.1.2.1 General Introduction to the GBA Framework, “In case of GBA_U, two NAF-specific keys are derived: Ks_ext_NAF (available in the ME) and Ks_int_NAF (which remains inside the UICC).”); see also page 45, 8.2.3.2 GBA-Based Security Association Establishment Frameworks, “In case of GBA_U, Kc=Ks_int_NAF, if the application resides in the UICC”; see also page 47, “Entity B …use it to retrieve Kc=Ks_NAF or Kc=Ks_ext_NAF or Kc=Ks_int_NAF…the retrieval shall be done over the Zn interface…”; The examiner notes that the Kc is equivalent to the symmetric Enrolment key (Ke) as shown in the page 49, which is later used to to generate by the enrollee the Master Credential Km and Master Credential Identifier KmId.));
generating a first value and a second value using the extracted symmetric key (see page 49, “The Enrolee generates the Master Credential Identifier (KmID) from Master Credential (Km) as described in clause 9.1. and stores Km and KmId.”; see Fig. 8.3.1.2-1, It is noted that Enrolee and the MEF derives Km/Kpsa(Ks_NAF) from Ke(Ks) and Enrolment Target Identity during enrolment phase and KmID.; see page 57, “In case of GBA_U, Km/Kpsa=Ks_Init_NAF if HTTP Client application resides in the UICC….In case of GBA_U, Km/Kpsa=Ks_int_NAF if HTTP Client application resides in the UICC.”; It is noted that the Master Credential Identifier (Km-ID) or the Provisioned Secure Connection Key Identifier (Kpsa-ID) is set to the value of KeId. The examiner equates the KM/Kpsa and Kpsa_Id/Km-Id to the current application’s first value and/or second value.); and 
performing mutual authentication with an M2M enrolment function (MEF) server through transport layer security pre-shared key ciphersuites (TLS-PSK) using the first value and the second value (see page 57, “The Enrolee and the Enrolment Target shall set the Master Credential Identifier (Km-Id) or the Provisioned Secure Connection Key Identifier (Kpsa-Id) to the value of KeId. 	Enrolee and Enrolment Target shall perform (D)TLS-PSK handshake (RFC 4279 [15]) with the Master Credential (Km) or Provisioned Secure Connection Key (Kpsa) as Pre-Shared Key in compliance with clause 10.2.2 “TLS and DTLS Ciphersuites for TLS-PSK-Based Security Frameworks”. If UICC is used as Secure Environment supporting Remote Security Provisioning, GBA-U with Kc = Ks_int_NAF shall be used for authentication and key exchange.”).
Claim 10 includes similar limitations as claim 1 and thus is rejected under the same rationale as claim 1.
As to claim 2, in view of claim 1, OneM2M teaches wherein the method is performed by M2M equipment having the HSM therein (see page 23, section 6.2.3.1 Security Pre-Provisioning, where M2M device is a UE with UICC).
As to claims 6 and 15, in view of claims 1 and 10, respectively, OneM2M teaches wherein the first value is generated using 32 least significant bytes of the symmetric key (see page 49, “The Enrolee generates the Master Credential Identifier (KmID) from Master Credential (Km) as described in clause 9.1. and stores Km and KmId.”; see Fig. 8.3.1.2-1, It is noted that Enrolee and the MEF derives Km/Kpsa(Ks_NAF) from Ke(Ks) and Enrolment Target Identity during enrolment phase and KmID.; see page 57, “In case of GBA_U, Km/Kpsa=Ks_Init_NAF if HTTP Client application resides in the UICC….In case of GBA_U, Km/Kpsa=Ks_int_NAF if HTTP Client application resides in the UICC.”; It is noted that the Master Credential Identifier (Km-ID) or the Provisioned Secure Connection Key Identifier (Kpsa-ID) is set to the value of KeId.) 
As to claims 7 and 16, in view of claims 1 and 10, respectively, OneM2M teaches wherein the second value is generated using 16 most significant bytes of the symmetric key (see page 49, “The Enrolee generates the Master Credential Identifier (KmID) from Master Credential (Km) as described in clause 9.1. and stores Km and KmId.”; see Fig. 8.3.1.2-1, It is noted that Enrolee and the MEF derives Km/Kpsa(Ks_NAF) from Ke(Ks) and Enrolment Target Identity during enrolment phase and KmID.; see page 57, “In case of GBA_U, Km/Kpsa=Ks_Init_NAF if HTTP Client application resides in the UICC….In case of GBA_U, Km/Kpsa=Ks_int_NAF if HTTP Client application resides in the UICC.”; It is noted that the Master Credential Identifier (Km-ID) or the Provisioned Secure Connection Key Identifier (Kpsa-ID) is set to the value of KeId.)
As to claims 8 and 17, in view of claims 1 and 10, respectively, OneM2M teaches wherein the first value functions as a pre-provisioned credential for Master Credential provisioning in the oneM2M environment (see page 49, “The Enrolee generates the Master Credential Identifier (KmID) from Master Credential (Km) as described in clause 9.1. and stores Km and KmId.”). 
As to claims 9 and 18, in view of claims 1 and 10, respectively, OneM2M teaches wherein the second value functions as a pre-provisioned credential for Master Credential provisioning identifier in the oneM2M environment (see page 49, “The Enrolee generates the Master Credential Identifier (KmID) from Master Credential (Km) as described in clause 9.1. and stores Km and KmId.”).
As to claim 11, in view of claim 10, OneM2M teaches further comprising at least one of an application entity (AE) configured to be in an application layer and provide an application service in the oneM2M environment and a common service entity (CSE) configured to be in a common service layer and perform data management, device management, and M2M service subscription management in the oneM2M environment (see page. 37 “this recommendation is that the entity, AE or CSE, using the GBA_U-based NAF keys should be resident in the UICC.”)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim(s) 3-5, 12-14 is/are rejected under 35 U.S.C. section 103 as being unpatentable over OneM2M, in view of Cha et al. (US 2009/0209232 A1) hereinafter Cha.
As to claims 3 an 12, in view of claims 1 and 10, respectively, OneM2M does not explicitly teach but Cha teaches “wherein the generating of the first value and the second value is performed after the security API determines whether to permit access to the HSM” (see Fig. 5, steps s10, s11, s12, s13 and corresponding para. [0012] and [0013] “The UICC computes MAC'=(HMAC-SHA-256[Ks_local, NAF_ID.parallel.Terminal_ID.parallel.ICCID.parallel.Terminal_appli_ID.parallel.UICC_appli_ID.parallel.RANDX.parallel.Counter Limit]) which in turn is truncated to 16 octets=128 bits. The computed MAC' is compared with the received MAC. If MAC' and MAC don't match, a failure message is sent back to the Terminal, at S13. If there is a match between MAC and MAC', Ks_local and associated parameters such as Terminal_ID, Terminal_appli_ID, UICC_appli_ID and the counter limit are stored in the UICC. At S13, the UICC returns a "verification successful message", created using Ks_local and the MAC algorithm HMAC-SHA-256 truncated to 16 octets, to the Terminal.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of OneM2M and Cha before him or her, to modify the scheme of OneM2M by Cha. The suggestion/motivation for doing so would have been to implement the security API for a terminal seeking access to enrollment key Ke stored in secure environment or UICC.
As to claims 4 and 13, in view of claims 3 and 12, respectively, Cha teaches wherein the determining of whether to permit access to the HSM comprises: receiving a key identifier of the symmetric key; and verifying validity of the key identifier using the symmetric key (see para. [0012] and [0013]; It is noted that various identifiers including RANDX and the key itself is provided to the one-way function to generate the validation value MAC’). 
As to claims 5 and 14, in view of claims 4 and 13, respectively, Cha teaches wherein the verifying of the validity of the key identifier comprises: extracting a unique identifier of the HSM from the HSM (see para. [0012] and [0013]; e.g., ICCID); generating a verification value by combining the extracted unique identifier and the symmetric key and one-way encrypting the combined value; and determining whether the generated verification value coincides with the key identifier (see para. [0012] and [0013], e.g. evaluating whether given MAC equals generated value MAC’). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HEE K SONG/PRIMARY Examiner, Art Unit 2497