Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 10/7/2019. Claims 1-6, 8-9 and 11-12 are pending. Claims 7 and 10 are cancelled.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on10/7/2019 and 3/9/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 6 and 8 are directed to a method performed by a mobile equipment; yet the claims recite explicitly steps performed by a second a third server: “said second server having prepared the command and associated said command with the anonymous identifier of the security module, a request for said command associated with said anonymous identifier having been received beforehand by the second server from a third server”.  It is unclear how those limitations help define the scope of the claims. The examiner recommends to claims a system comprising the mobile 
Regarding claims 5,  9 and 11, the claims are directed to a method performed by a first server, the steps including the following limitation: “the address of the first server having been provided beforehand to the mobile equipment by a third server” which makes the claim unclear because the step of providing the address of the first server does not concern the first server. The examiner recommends to claim a system comprising the first server, second, third server and the mobile equipment, and the respective steps performed by the first server, third server and the mobile equipment. Limitations corresponding to steps performed in the third server are not being rejected with prior art until the claim is clarified as suggested.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-4 are rejected under 35 U.S.C. 103 as being unpatentable over US 20170064552 to Park et al., hereinafter Park. Park is cited in IDS dated 10/7/2019.
A method for obtaining a command relating to a profile for accessing a network via a mobile equipment, the command being intended to be implemented on a security module of said equipment, said method comprising the following acts performed by the mobile equipment (Fig. 1 [0052][0053]: mobile terminal 110 with embedded UICC performs method of downloading a profile): sending, to a first server, an information obtainment request intended to obtain the command (Fig. 6A, step 624, [0235] terminal sends to SM-DS 140 an EventID-profile mapping information- request message), said request comprising an anonymous identifier of the security module calculated from a physical identifier of the module and from a random ([0223]-[0225]: hashed EID (also called UICC [0064]) and BID ( [0218]) ), receiving, from the first server, an address of a second server associated with the anonymous identifier of the security module (Fig. 6A, step 625, [0236]: server SM-DS sends to terminal SRID including address of the server for processing the EventID, the server can be SM-DS 140, SM-DP+ 120 or SM-SR130; [0233] SM-DS 140, SM-DP+ 120 or SM-SR130 previously registered the EventID , EID and SRID), [said second server having prepared the command and associated said command with the anonymous identifier of the security module, a request for said command associated with said anonymous identifier having been received beforehand by the second server from a third server], sending, to the second server, the physical identifier of the module and the random (Fig. 6A, [0235][0237]: terminal request SM-DS 140, SM-DP+ 120 or SM-SR130 for an EventID handling process i.e downloading the profile with protected ID which is a hash of EID and BID [0218], and receiving, from the second server, said command when a check, by the second server, that the anonymous identifier of the security module has been calculated from the received physical identifier and from the random is positive ([0239]: SM-DP+ 120 or SM-SR130 verifies if the identifier include in the EventID and the SM-SR identifier included in the certificate for SM-SR match; [0257]: server sends to terminal EventResponse, [0090][0211][0293]-[0295]: calculation of response by server; although Park does not explicitly teach the use of the random for the verification, the EventID includes a protected ID i.e hash of BID and EID, therefore, it would have been obvious to use the BID as random for verification in order to make sure the right terminal is making the request for profile).  

Regarding claim 2, Park discloses the method as claimed in claim 1, comprising: calculating the anonymous identifier of the security module by applying a one-way function to the physical identifier of the module and to the random, said one-way function also having a non-collision property, and sending said anonymous identifier to the third server (Park [0172][0173]: hash eUICC challenge and conformation code ).  

Regarding claim 5, Park discloses:
A method for providing, to a mobile equipment, via a first server, a command relating to a profile for accessing a network, the command being intended to be implemented on a security module of said equipment, said method comprising the following acts performed by the first server (Fig. 6A: SM-SR 120): receiving, from a second server, a request for said command associated with an anonymous identifier of the security module, said anonymous identifier having been calculated from a physical identifier of the module and from a random (Fig. 6A, [0239]: receive the request from SM-SR 130, the request including eUICC information ([0238]) with signature and encryption parameter ([0208]), hash calculated using also a random value from the terminal [0086] ), preparing said command and sending, to a third server, a notification to indicate that the command has been prepared (Although Park does not explicitly teach a notification that the command has been prepared, Park teaches a delivery server that is provided command ([0058]) it would have been obvious to a skilled artisan before the application was effectively filed to send such notification to the delivery server from the management server 130 (which can be combined with server 120 ([0060]) in order for the delivery server to be ready to  push the commands to the terminal (see Fig. 6A, step 623)), the notification comprising an address of the first server and the anonymous identifier ([0081]: the delivery server 140 (third server) implicitly receives profile information and provides the address of management server 130 (first server)), connecting the mobile equipment to the first server (Fig. 6A, step 624-625)), [the address of the first server having been provided beforehand to the mobile equipment by the third server], receiving, from the security module, the physical identifier of the module and the random (Fig. 6A, [0237]: SM-DS 140, SM-DP+ 120 or SM-SR130 for an EventID receives request to handle the process of downloading the profile, with the terminal information or eUICC information, or IMEI of the terminal, and random number ([0085])), and checking that the anonymous identifier received from the mobile equipment has been calculated from the physical identifier of the module and from the random, and delivering said command when the check is positive ([0239]: SM-DP+ 120 or .  
Regarding claims 6 and 8, the claims recite substantially the content in claim 1 and are rejected using the same rationales for rejecting claim 1.
Regarding claims 9 and 11, the claims recite substantially the content in claim 5 and are rejected using the same rationales for rejecting claim 5.

Allowable Subject Matter
Regarding claim 3, Park discloses the method as claimed in claim 1, comprising mutual authentication  between the security module and the first server ([0067], said authentication being representative of an agreement of the user to disclose the physical identifier of the security module to the first server. 
However, Park or any other prior art of the record discloses mutual authentication  between the security module and the first server, said authentication being representative of an agreement of the user to disclose the physical identifier of the security module to the first server. Therefore, claim 3 is found allowable.
Regarding claim 4, Park discloses the method as claimed in claim 1. However, Park or any other prior art of the record discloses a method  comprising anonymous authentication of the security module to the first server, implemented by way of a group signature algorithm.  Therefore, claim 4 is found allowable.
Claims 3-4 are being objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claim 12, Park or any other art on the record discloses the details of intercations between the mobile equipment, the first server , second server and third server as recited in the claim. Therefore, the claim is allowable.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Lee et al 20160127132 mobile with embedded security module that stores different profiles and authentication information, communicates with plurality of profile providing server; the mobile authenticates with a profile management server which remotely install a profile into UICC non-removable of the mobile.
Lee et al 20140329502: acquiring new subscription with new Mobile Network Operator MNO, the eUICC is authenticated by previous MNO and a new profile provided by the new MNO.
Hinton et al 20080293378 :  mobile generates enriched identifier, used to request service  with new network operator- enriched identifier includes one time use unique id derived from hardware.
Yang 20180294949 : Mobile Network Operator (MNO) receives from a mobile device for profile update, forwards the request to a server which requests the mobile device to provide a nonce. The mobile device UICC generates the  nonce send to the 
Oh et al 9888385: authenticate a UE for service, without using ID stored in SIM card 10- the UE generates a first random code sent to base a station and a second random code, also sent to base station then generates a hash of the same length than the unique ID of the device by combining or xoring the first and second random codes.
Vesselkov et al. “Value networks of embedded SIM-based remote subscription management”, IEEE, 2015 disclose the remote provisioning specification for mobile  devices including an embedded UICC,  SM-DP (subscription manager- data prep) responsible for profile preparation based on in[put provided by MNO, SM-SR (subscription manager- secure routing)  is the party responsible to create transport channel to the eUICC, store cred in the UICC that enable its locating and accessing for remote management- 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        10/22/2021