DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 1 and 16 are objected to because of the following informalities:  
Regarding claim 1, the claim recites that the media is “executable by at least one processor,” which renders the media inactive in the claims. It is recommended to the applicant to recite “when executed by at least one processor” to activate the media in the claims.  Appropriate correction is required.
Regarding claim 1, the claim recites an inactive network interface in the claim. It is recommended to the applicant to recite the network interface performing some function of the control unit or remove it from the claim.  Appropriate correction is required.
Regarding claim 16, the claim utilizes acronyms (RSA, SSA, PSS, and PKCS) without defining their meaning(s) in the claim. Applicant should first spell out acronyms before utilizing them independently. Appropriate correction is required.





Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 1-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Regarding claim 1, the claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim recite(s) a system comprising components which may be interpreted simply as software, which does not fall under one of the four statutory categories. For example, the claim recites a processor, network interface and a computer readable media. Applicant’s specification does not define processor or network interface as being composed of hardware and the media may be interpreted as signal, see for example applicant’s specification [0050-0051]. 
Dependent claim(s) 2-9 is/are rejected for the same reasons as they do not cure the deficiency of the independent claim(s). 
Regarding claim 10,
Dependent claim(s) 11-16 is/are rejected for the same reasons as they do not cure the deficiency of the independent claim(s). 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1, 3, 10, 17, and 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1 and 10, the claim recites the limitation "the communication interface.”  There is insufficient antecedent basis for this limitation in the claim.
Regarding claim 3 and 20, the claim recites that the control unit does not communicate with an attestation server which is indefinite as it unclear the role or dynamics the attestation server upholds in the claims as no functionality or structure is given to the attestation server. 
Regarding claim 17, the claim recites “in response, providing to a policy engine a confirmation,” which is indefinite as it is unclear what the providing is in response to. 
Allowable Subject Matter
Claim 2, 4, 5, 12, 18, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and to overcome any other outstanding rejection(s)/objection(s).
The following is a statement of reasons for the indication of allowable subject matter:  the prior art, either alone or in combination does not expressly disclose a control unit system for securely updating a telecommunications terminal’s configuration comprising the elements of claims 2, 4, 5, 12, 18 and 19 and their encompassing independent claims (1, 10, 17). 
Dependent claims 13 and 14 are objected to for being dependent upon an already objected to claim. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3, 6-11, 15-17, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hilbert (US 2015/0007275) in view of Myers et al (US 2016/0019735).
Regarding claim 1, Hilbert et al discloses a control unit comprising at least one processor; a network interface; a computer readable media storing instructions executable by at least one processor to cause the at least one processor to perform operations comprising [0056-0057]:
identifying a first identifier and a second  identifier in an update- request message [0034]; 
Please note that in this example a public key, user identifier, and device identifier may be included in a lockout request. 
determining that the first identifier matches the second identifier [0035-0038];
Please note that in this example the system validates if the public key and identifiers are properly associated and/or “matched” with one another.  
determining a reply message comprising the device identifier and a configuration record [0049-0050]; 
Please note that in this example the permit is checked against previously stored receipts to see if the lockout is permitted and if so the lockout permit is generated. Once the lockout permit is validated, a receipt is created corresponding to the placed lockout. 
cryptographically hashing at least a portion of the reply message to provide a cryptographic signature, wherein the at least a portion of the reply message comprises the at least one of the first identifier or the second identifier [0040, 0053];
Please not that in this example the lockout permit may be signed.
transmitting, via the communications interface, the reply message in association with the cryptographic signature [0040, 0051, 0053];
Please note that in this example the permit may be transmitted to the processing unit for removal.
However, Hilbert et al does not expressly disclose but Sicher et al discloses:
The first and second identifiers are device identifiers [0023];
Please note in this example the identifiers may be IMEI and ICCID. 
sending, to a policy engine, a confirmation request and receiving, from the policy engine, a confirmation [0023-0024]; 
Please note that in this example once subscription (policy) information is verified confirmation is sent. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hilbert et al by checking policy, for the purpose of verifying the request is allowed, based upon the beneficial teachings provided by Sicher et al, see for example [0023-0024].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 3, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al
Regarding claim 6, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses wherein the second device identifier comprises an International Mobile Equipment Identity [0034];
Please note in this example the prior art disclose a “terminal identifier” which examiner is interpreting as the IMEI.  Also note that Sicher et al discloses the use of IMEI for identification purposes [0023]. 
Regarding claim 7, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses wherein the confirmation request requests a permanent unlock and the confirmation grants a temporary unlock[0042, 0039];
Please note that in this example the prior art discloses a check against previous unlock requests indicating that requests can be long term or short term (i.e, temporary or permanent). 
Regarding claim 8, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses wherein the operations further comprise verifying authenticity of the second device identifier from the update-request message [0035-0038].
Regarding claim 9, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses wherein the operations further comprise receiving, via a communications interface, an update-request message [0035-0038]. 
Regarding claim 10, Hilbert et al
extracting a first identifier and a second identifier from an update-request message [0034]; 
Please note that in this example a public key, user identifier, and device identifier may be included in a lockout request. 
determining that the first identifier matches the second  identifier [0035-0038];
Please note that in this example the system validates if the public key and identifiers are properly associated and/or “matched” with one another.  
cryptographically hashing at least a portion of a reply message to provide a cryptographic signature, wherein the at least a portion of the reply message comprises the first identifier [0040, 0053];
Please not that in this example the lockout permit may be signed.
transmitting, via the communications interface, the reply message in association with the cryptographic signature [0040, 0051, 0053];
Please note that in this example the permit may be transmitted to the processing unit for removal.
However, Hilbert et al does not expressly disclose but Sicher et al discloses:
The first and second identifiers are device identifiers [0023];
Please note in this example the identifiers may be IMEI and ICCID. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hilbert et al by matching device identifiers, for the purpose of verifying the request is allowed, based Sicher et al, see for example [0023].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 11, Hilbert et al and Sicher et al disclose all the limitations of claim 10. Hilbert et al further discloses the second identifier is a keyed-hash message authentication code [0027-0028];
Please note that in this example identifiers may be encrypted. 
Regarding claim 15, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses storing additional instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising: verifying authenticity of the second device identifier based at least in part on contents of the update-request message [0035-0038].
Regarding claim 16, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses wherein the cryptographic signature is a public-key signature that has been cryptographically hashed using at least one of RSA-SSA-PSS or PKCS signature techniques [0053].
Please note that the prior art discloses the use of a cryptographic signature and examiner takes official notice it was notoriously well known at the time the claimed invention was made to utilized various different signature techniques such as RSA-SSA-PSS or PKCS. 
Regarding claim 17, Hilbert et al discloses a method comprising, by a control unit of a network device: 
receiving, via a communications interface, an update-request message and extracting a first identifier and a second identifier from the update-request message [0034]; 
Please note that in this example a public key, user identifier, and device identifier may be included in a lockout request. 
verifying authenticity of the second  identifier from the update-request message and determining that the first identifier matches the second identifier [0035-0038];
Please note that in this example the system validates if the public key and identifiers are properly associated and/or “matched” with one another.  
in response to a confirmation, determining a reply message comprising the device identifier and a configuration record [0049-0050]; 
Please note that in this example the permit is checked against previously stored receipts to see if the lockout is permitted and if so the lockout permit is generated. Once the lockout permit is validated, a receipt is created corresponding to the placed lockout. 
cryptographically signing at least a portion of the reply message to provide a cryptographic signature, wherein the at least a portion of the reply message comprises the first identifier [0040, 0053];
Please not that in this example the lockout permit may be signed.
transmitting, via the communications interface, the reply message in association with the cryptographic signature [0040, 0051, 0053];
Please note that in this example the permit may be transmitted to the processing unit for removal.
However, Hilbert et al does not expressly disclose but Sicher et al discloses:
The first and second identifiers are device identifiers [0023];
Please note in this example the identifiers may be IMEI and ICCID. 
in response, providing, to a policy engine, a confirmation request; receiving, from the policy engine, a confirmation [0023-0024]; 
Please note that in this example once subscription (policy) information is verified confirmation is sent. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hilbert et al by checking policy, for the purpose of verifying the request is allowed, based upon the beneficial teachings provided by Sicher et al, see for example [0023-0024].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 20, Hilbert et al and Sicher et al disclose all the limitations of claim 1. Hilbert et al further discloses the control unit does not communicate with an attestation server [0024, figure 2]. 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Crawford et al
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/Primary Examiner, Art Unit 2436