Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 08/19/2021 have been received and entered. Applicant has amended claims 2, 9, and 16. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 8-12, with respect to the rejection(s) of the independent claim(s) 1 (8, and 15) under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejections made in view of Nix et al. (US 20150163056).  The Examiner notes, however, that some arguments, which are still relevant to the new grounds of rejection are not persuasive, as noted infra.
	In response to the applicant argument that “a base key cannot be a key that is derived from another key”, Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.  There is no stipulation in the Specification that the base key cannot be derived from another key.  In fact Specification discloses “…, until the final application of fPQ on the intermediate key KSTART,P1, …,P Q-1 (605) to yield the final derived base key, KSTART,P1, …,P Q (606). …” (Para [0040]), i.e. the Specification describes that the base key may, in fact, be derived from other keys, contrary to applicant’s assertion.   
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Specifically, claim 1 recites the limitation “decrypting the encrypted sequence with the base key to obtain the authentication key” and the scope of the generic claim language is not supported by the Specification.
	The Specification recites “The base key may be provided or provisioned in the secure hardware component at manufacturing or fabrication of the secure hardware component. The base key may be unique to a particular device”, “The encrypted sequence may be retrieved by the secure hardware component and the base key may be used to decrypt the encrypted sequence within the secure hardware component to obtain the authentication key”, and “the authentication result may be provided to the mobile network to authenticate the device” (Para [0011]).  However, the claim is not limiting the base key to a key unique of the device, and such authentication is not achieved unless the base key is limited to a private key that is unique to the device.  The Examiner notes that “the specification must demonstrate that the applicant has made a generic invention that achieves the claimed result and do so by showing that the applicant has invented species sufficient to support a claim to the functionally-defined genus”; See MPEP §2161.01(I).  Since Applicant has only described a particular species (secure hardware component base key), the Examiner submits that a claim decrypting using generic values is not adequately supported by the Specification.  Appropriate correction is required.
	Claims 8 and 15 are rejected under a similar rationale. The dependent claims included in the statement of rejection but not specifically addressed in the body of rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Specifically, claim (s) 1 (8, and 15) recite the limitation “encrypted sequence comprising an authentication key”, i.e. the encrypted sequence comprises a non-encrypted authentication key, and applicant does not point out clearly that either the non-encrypted sequence comprises a non-encrypted authentication key or the encrypted sequence comprises an encrypted authentication key.  Therefore, this limitation with these ambiguous terms is indefinite with the present application.  The examiner will interpret this limitation with the regarding claims as best understood for applying art for rejection purposes. Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Nix (US 20150163056), hereinafter Nix in view of Lambert (US 20190089532), hereinafter Lambert.
	Regarding Claim 1, Nix teaches
	A method comprising: receiving an encrypted sequence comprising an authentication key (Para [0056] According to an exemplary embodiment, an eUICC 107 can be recorded and operate within a "eUICC supporting" physical universal integrated circuit card (UICC) 108 within module 101.  …The "eUICC supporting" physically UICC 108 can perform all of the functions of an eUICC 107, including (i) receiving and recording profiles 107d.  Para [0126] As depicted in FIG. 2a, after a step 206 to convert profile 107c into profile 107d, where the ciphertext 208a is decrypted using the eUICC profile key 107b, the ciphertext 208b with the second key K 204a can remain encrypted and thus the second key K can continue to remain secure within a profile 107d. …); Examiner notes that the second key K 204a is the authentication key.
	identifying a base key stored at a device (Para [0180] … using the eUICC profile key 107b which could be recorded in the eUICC 107 in a step 301 above);  
	decrypting the encrypted sequence with the base key to obtain the authentication key (Paras [0056] … the ciphertext 208a is decrypted using the eUICC profile key 107b, the ciphertext 208b with the second key K 204a; [0241] … The module 101 or eUICC 107 could decrypt the encrypted symmetric key 127 in order to decrypt the ciphertext 208b that contains the second key K 204a each time the module 101; Examiner notes that it would be obvious that the plaintext profile key 107b mapped to the base key is used to decrypt the symmetric key that is used to decrypt second key K 204a.
	receiving a challenge value (Para [0221] At a step 311, the eUICC 107 could calculate the second RES 119 using (i) the second RAND 118 received and (ii) the second key K 204. After receiving the exemplary second RAND 118 message, …);
	generating, by a processing device, an authentication result for the device based on ... the challenge value (Para [0221] … Module 101 can properly respond to a challenge /nonce (such as a second RAND 118) in a message digest authentication by sending a secure hash value calculated using (i) the challenge /nonce and (ii) the second key K 204. The secure hash value can comprise the second RES 119. … After processing a second RES 119 in a step 311 using the second key K 204, the eUICC 107 could send the second RES 119 to the network application 101x in module 101. Module 101 could then send the second RES 119 to the mobile network operator 104 using the wireless network 102, as depicted in FIG. 3 and thereby complete a second authentication step 310 for the module 101).
	transmitting the authentication result to a mobile network to authenticate the device (Para [0221]  … After processing a second RES 119 in a step 311 using the second key K 204, the eUICC 107 could send the second RES 119 to the network application 101x in module 101. Module 101 could then send the second RES 119 to the mobile network operator 104 using the wireless network 102, as depicted in FIG. 3 and thereby complete a second authentication step 310 for the module 101). 
	Although Nix teaches a method generating an authentication result for the device based on a challenge value, Nix does not explicitly teach a method combining the authentication key with the challenge value to generate a device ephemeral key; generating, by a processing device, an authentication result for the device based on ... the device ephemeral key.
	In the same field of endeavor, Lambert teaches
	combining the authentication key with the challenge value to generate a device ephemeral key (Para [0044] the initiator 202 may generate the shared key 216 based on a nonce, other key input information, or a combination of static and ephemeral keys); shared key 216 is interpreted as “device ephemeral key”.
	generating, by a processing device, an authentication result for the device based on a combination of the device ephemeral key and the challenge value (Para [0062] At 306, an encryption key is generated based on the public ephemeral key of the remote device and a private ephemeral key of the device. In some cases, this encryption key is a shared encryption key that is useful encrypt authentication information exchanged between an initiator and responder. … Continuing the ongoing example, the authenticator 116 uses an HKDF to provide a shared key 216 based on a private ephemeral key 212 of the initiator 202 and the public ephemeral key 230 of the responder 204).

	Regarding Claims 8 and 15,
Claims 8 and 15 are rejected for similar reasons as in claim 1.
Claims 2, 6, 9, 13, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nix (US 20150163056), hereinafter Nix in view of Lambert (US 20190089532), hereinafter Lambert in view of Kocher et al. (US 20140044265), hereinafter Kocher.
	Regarding claim 2, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
	The combination of Nix and Lambert does not explicitly teach a method wherein the encrypted sequence further comprises one or more instructions and is received by a secure hardware environment from a non-secure environment, the one or more instructions to be performed by the secure hardware component, and wherein the base key is stored within the secure hardware environment at the device at manufacturing of the secure hardware environment and before the encrypted sequence is received.
	In the same field of endeavor, Kocher teaches
	wherein the encrypted sequence further comprises one or more instructions and is received by a secure hardware environment from a non-secure environment, the one or more instructions to be performed by a secure hardware component (Para [0054] In step 145, a SM-enabled IC is manufactured and tested based on the SM-enabled IC design. … As discussed in detail below, the Features may be altered, enabled, disabled, or some combination thereof, as authorized by one or more security keys, via one or more SM commands, or some combination thereof.  Para [0092] FIG. 3 is a block diagram of an exemplary embodiment of a system 300 including a SM core for performing methods described herein. System 300 may include a SM core 305, a secure memory 310, an extractor 320, a bus 360, a processor 355, an extractor interface 375, a key interface 376, a configuration value interface 377, a host memory 370, Features 325, 330, and 335, sub-extractors 340, 345, and 350, register interface 358, tester interface 365, or some combination thereof. The SM-enabled IC includes SM core 305 and secure memory 310, and optionally may include some (or all) of the other elements shown of SM system 300 …. Para [0115] Additionally, crypto module 410 may be configured to verify one or more digital signatures associated with a delegate signed block ("DSB"). A DSB may include, for example, one or more SM commands, a payload (encrypted or unencrypted), one or more keys, or some combination thereof), and
	wherein the base key is stored within the secure hardware environment at the device at manufacturing of the secure hardware environment and before the encrypted sequence is received (Para [0053] In step 142, a SM-enabled IC is designed. As discussed in detail below, the design process may utilize, for example, a configurator, a netlist received from the SM vendor, and a means to generate hardware configuration keys and constants. For example, this generation process may involve the root authority system, e.g. in some embodiments the root authority system can generate a key pair for a public key cryptosystem, where the public key is exported as a hardware configuration key and the private key is retained in the root authority system (e.g., for authorizing delegates). The SM-enabled IC design may include one or more security keys that may be hardwired into the manufactured SM-enabled IC. The SM-enabled IC design may be configured to allow storage for one or more security keys that can be programmed into the manufactured SM-enabled IC (e.g., in steps 150, 155, or both). Para [0115] … After receipt and verification of a valid DSB, crypto module 410 may (as appropriate for the DSB) derive one or more mixed keys, one or more transport keys, one or more validators (e.g., values used for key verification), or some combination thereof, using one or more base keys in the SM-enabled IC. Additionally, crypto module 410 may be configured to combine a plurality of keysplits to form one or more base keys).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of combination of Nix and Lambert  to incorporate the teachings by Kocher such that the method of combination of Nix and Lambert  includes wherein the encrypted sequence further comprises one or more instructions and is received by a secure hardware environment from a non-secure environment, the one or more instructions to be performed by the secure hardware component, and wherein the base key is stored within the secure hardware environment at the device at manufacturing of the secure hardware environment and before the encrypted sequence is received. One would have been motivated to make such combinations so that security is provided by performing the key loading process in a secured facility. (Kocher, Paragraph [0004]).
	Regarding claim 6, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
	Wherein the encrypted sequence corresponds to a first subscriber, the method further comprising: in response to a request to authenticate the device with a second subscriber, receiving a second encrypted sequence comprising a second authentication key that corresponds to the second subscriber (Kocher, Para [0115] Additionally, crypto module 410 may be configured to verify one or more digital signatures associated with a delegate signed block ("DSB"). ... After receipt and verification of a valid DSB, crypto module 410 may (as appropriate for the DSB) derive one or more mixed keys, one or more transport keys, one or more validators (e.g., values used for key verification), or some combination thereof, using one or more base keys in the SM-enabled IC. Additionally, crypto module 410 maybe configured to combine a plurality of keysplits to form one or more base keys. Para [0159] Key management functionality may be used to securely deliver payloads, for example secret keys or other values. Destinations may include software executing on the SM-enabled IC, hardware blocks, or even other parts of a device containing the SM-enabled IC....); and
	decrypting the second encrypted sequence with the same base key that was used to decrypt the encrypted sequence corresponding to the first subscriber, the decrypting of the second encrypted sequence being to obtain the second authentication key (Kocher, Para [0116] Additionally, in some embodiments, the RSB and/or DSB may contain encrypted payload portion(s). In this embodiment, crypto module 410 may be configured to decrypt and validate the encrypted payload portion(s), e.g. using base keys or keys derived from base keys).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claims 9 and 16, 
Claims 9 and16are rejected for similar reasons as in claim 2.
	Regarding Claims 13 and 20, 
Claims 13 and 20 are rejected for similar reasons as in claim 6.	
Claims 3, 5, 7, 10, 12, 14, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nix (US 20150163056), hereinafter Nix in view of Lambert (US 20190089532), hereinafter Lambert in view of Zhang et al. (US 10420055), hereinafter Zhang.
	Regarding claim 3, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
	The combination of Nix and Lambert does not explicitly teach a method wherein receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device; and selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different subscriber.
	In the same field of endeavor, Zhang teaches
	wherein receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device (Col. 1, lines 51-60, There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS)); and
	selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different subscriber (Col. 1, lines 61-67,  The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of combination of Nix and Lambert  to incorporate the teachings by Zhang such that the method of combination of Nix and Lambert  includes wherein receiving the encrypted sequence comprising the authentication key comprises: receiving an identification of a subscriber from a plurality of subscribers associated with the device; and selecting the encrypted sequence from a plurality of encrypted sequences stored at the device based on the identification of the subscriber, wherein each of the encrypted sequences corresponds to a different 
	Regarding claim 5, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
	wherein receiving the encrypted sequence comprising the authentication key comprises: receiving the encrypted sequence from a provisioning server over a side channel that is different than a communications channel between the device and the mobile network, and wherein the challenge value is received from the provisioning server over the side channel (Zhang, Col. 5, lines 59-67,  Col.6, lines 1-6,To change the device 400 from state 402 to state 404, a non-operational profile (NOP) 410 comprising a shared IMSI 412 and a device root key, KD, 414 uniquely associated with the device 400 are received by the device 400 from an SM-DP server. The device receives the NOP 410, shared IMSI 412 and device root key 414 by subscription manager secure routing (SM-SR) using local connectivity such as a universal serial bus (USB) connection or a wireless local area network (WLAN) or other suitable method of local connectivity. The NOP 410 is installed at the device 400, for example in a factory or retail store, and the customer receives the device in state 404. In state 404, the NOP 410 enables the device 400 to access limited services from the cellular network such as services for downloading a fully operational profile.  Col. 6, lines 20-26, FIG. 6 shows a method 600 of SIM provisioning at a device such as the device 122 of FIG. 1. The method 600 is performed at the device and uses the signaling procedure 200 of FIG. 2. At block 208, the device transmits a key request to a provisioning server and, at block 214, receives a device root key associated with the device from the provisioning server).
	The motivation/rationale to combine the references is similar to claim 3 above.
	Regarding claim 7, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
Zhang,  Col. 1, lines 51-60, There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS).  Col. 3, lines 40-51, FIG. 1 shows a communications network 100 in which various examples may be implemented. The communications network 100 comprises a first HSS 102, a second HSS 104, and a cellular network 106 of a mobile network operator. Each of the first HSS 102 and the second HSS 104 comprise an HSS as defined in the 3GPP standards. The first HSS 102 comprises a key derive module 108, a key transmit module 110, an authentication request receive module 112 and an authentication request transmit module 114, and is connected to the cellular network 106. The second HSS 104 comprises a key receive module 116, an authentication request receive module 118 and an AKA module 120).
	The motivation/rationale to combine the references is similar to claim 3 above.
	Regarding Claims 10 and 17, 
Claims 10 and 17 are rejected for similar reasons as in claim 3.
	Regarding Claims 12 and 19, 
Claims 12 and 19 are rejected for similar reasons as in claim 5.
Regarding Claim 14, 
Claim 14 is rejected for similar reasons as in claim 7.
Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Nix (US 20150163056), hereinafter Nix in view of Lambert (US 20190089532), hereinafter Lambert in view of Nix et al. (US 20170373845), hereinafter Nix (2) in view of Sundaram et al. (US 20110016321), hereinafter Sundaram.
	Regarding claim 4, the combination of Nix and Lambert teaches all the limitations of claim 1 above,
	The combination of Nix and Lambert does not explicitly teach a method wherein generating the authentication result for the device comprises: receiving an identification of the mobile network from a plurality of mobile networks associated with the device.
	In the same field of endeavor, Nix (2) teaches
	wherein generating the authentication result for the device comprises: receiving an identification of the mobile network from a plurality of mobile networks associated with the device (Para [0171] As contemplated herein, a set of cryptographic parameters 126 could also include values for a module 101 to authenticate or communicate with one or multiple wireless networks 102. Para [0108] Module identity 110 is preferably a unique identifier of module 101, and could comprise a number or string such as, but not limited to, a serial number, an international mobile subscriber identity number (IMSI), international mobile equipment identity (IMEI), or an Ethernet media access control (MAC) address. … Module identity 110 can function as a basic identifier for services from mobile network operator 108, wireless network 102, eUICC subscription manager 164, and/or server 105 in order to properly identify module 101 among a plurality of modules. Module private key 112 and module public key 111 could be unique to module 101 and uniquely associated with module identity 110, according to a preferred embodiment).

	The combination of Nix, Lambert, and Nix does not explicitly teach a method selecting an authentication process from a plurality of authentication processes stored at the device, the authentication result being generated by combining the device ephemeral key with the challenge value by using the selected authentication process from the plurality of authentication processes stored at the device.
	In the same field of endeavor Sundaram teaches
	selecting an authentication process from a plurality of authentication processes stored at the device, the authentication result being generated by combining the device ephemeral key with the challenge value by using the selected authentication process from the plurality of authentication processes stored at the device (Para [0148] (i) Mutual Authentication: The device registers with the network, through a mutual authentication protocol using a Network Access Identity (NAI). The registration and authentication process is managed by authentication infrastructure that is owned and operated by the M2M operator. That is, when the access network receives a registration request it will recognize the NAI as belonging to the M2M operator and use it to route authentication protocol packets to the appropriate M2M authentication server. In other words, the device will be treated similar to a `roaming mobile` in contemporary cellular networks. Alternatively, the access network may receive authentication data, including nonces, challenge responses and session keys from the M2M authentication server for the specific device and hence may be able to locally proxy the authentication process. Overall, this step ensures that the link layer authentication requirements are met).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Nix, Lambert and Nix to incorporate the teachings by Sundaram such that the method of the combination of Nix, Lambert and Nix includes selecting an authentication process, the authentication result being generated by combining the device ephemeral key with the challenge value by using the selected authentication process from the plurality of authentication processes stored at the device. One would have been motivated to make such combination in order to provide security functions for authentication authorization and provide session keys for link layer encryption and integrity protection (Sundaram, Paragraph [0050)).
	Regarding Claims 11 and 18, 
Claims 11 and 18 are rejected for similar reasons as in claim 4.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491