DETAILED ACTION


Currently pending claims are 46 – 65 (Claims 1 – 45 cancelled).

Response to Arguments
Applicant's arguments with respect to the subject matter of the instant claims have been fully considered but are not persuasive.
As per claim 1, Applicant asserts prior-art(s) does not teach “receiving an authorization credential revocation request from a second electronic device, wherein the second electronic device is a device from which an authorization credential is to be revoked” and also “deleting a first mapping relationship between a device identifier of the second electronic device and an authorization credential of the trusted application after determining that first authorization authentication succeeds” because Merrien at best teaches a request to manage content, not credentials specifically, on a secure element (Remarks: Page 11). 
As per arguments that Merrien merely teaches a request to manage content, not credentials specifically, on a secure element, Examiner respectfully disagrees because Merrien teaches prividing security management during the SIM (card) application transfer from one device to another device, wherein the secure content of SIM application includes, at least, personal data, bank application and secrets (Merrien: Para [0014] Line 3 – 6), which is stored in an embedded UICC security card that ensures network authentication, integrity and security of personal data (Merrien: Para [0002]) and it’s clear the content, as taught by Merrien, must include credentials such as bank application credential, network credential and etc. as a whole for network authentication purpose.  As such Applicant's arguments are respectfully traversed.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 62 – 64 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Merrien et al. (FOR – EP 2-461-613). 

As per claim 62, Merrien teaches a method for immigrating an authorization credential of a trusted application into a first electronic device, wherein the first electronic device comprises a secure element (SE), wherein the trusted application is installed in the SE (Merrien: Para [0014] / [0038] and Para [0007] / [0002]), and wherein the method comprises: 
receiving, by a service server, an authorization credential immigration request from the first electronic device (Merrien: Para [0090], Para [0096] Line 52 – 54. Para [0080] / Line 3 – 4, Para [0038] / [0014] and Para [0007] / [0002]: on an event of changing terminals from an old terminal to a new terminal in accordance with different cellular services or banking services, a replacement request (for immigration of a secure element) is received by a service server sent from from a specific terminal device to manage correpsonding secure element, wherein the management of the replacement request includes downloading / deleting secure element associated with the target terminal device(s)); 
receiving, by the service server, an authorization credential revocation request from a second electronic device, wherein the second electronic device is a device from which an authorization credential is to be revoked (Merrien: see above & Para [0090] / [0096] and Para [0010]: the request to manage the secure element includes (e.g.) deleting the stored content of the secure element); 
generating, by the service server, a second authorization verification code;
sending, by the service server, the second authorization verification code to the second electronic device (Merrien: see above & Para [0023] and Para [0028] Line 26 – 29: receiving by the terminal device a remote loading code (i.e. an authorization verification code) generated from the server, which is entered via a user input so that the server (distant site) can check the validity of the received authorization code); 
receiving, by the service server, a first authorization verification code from the first electronic device, wherein the first authorization verification code relates to the second authorization verification code (Merrien: see immediate above); 
deleting, by the service server, a first mapping relationship between a device identifier of the second electronic device and an authorization credential of the trusted application after determining that first authorization authentication succeeds (Merrien: see above & Para [0014] Line 3 – 6, Para [0002] and Para [0044] Line 22 – 30: 
(a) prividing security management during the SIM (card) application transfer from one device to another device, wherein the secure content of SIM application includes, at least, personal data, bank application and secrets (Merrien: Para [0014] Line 3 – 6), which is stored in an embedded UICC security card that ensures network authentication, integrity and security of personal data (Merrien: Para [0002]) and it’s clear the content, as alleged by Applicant, must include credentials such as bank application credential, network credential and etc. for network authentication purpose;
(b) a singed (destroy) message is sent from the old terminal device to the server after an authorization credential (i.e. secure data) is destroyed by the old terminal device and subsequently, and the server transfers the authorization credential (i.e. secure data) to the new terminal device and as such, the mapping relationship between a device identifier of the old terminal device and the authorization credential is thus replaced / deleted and changed from the old device to new terminal device by the server (Merrien: Para [0044] Line 22 – 30)). 
setting up, by the service server, a mapping relationship between a device identifier of the first electronic device and an authorization credential of the trusted application (Merrien: see immediate above); and  536420-v3/4657-855008Atty. Docket No. 4657-85500 (85291217US04) 
sending, by the service server, the authorization credential of the trusted application to the first electronic device (Merrien: see above & Para [0044] Line 29 – 30, Para [0048] / [0067] / [0097] and Para [0038] Line 27 – 29: transfering the authorization credential such as private keys, certificates, sensitive data and etc. to the new terminal device from the server).  

As per claim 63, Merrien teaches wherein the first authorization verification code is the same as the second authorization verification code (Merrien: see above & Para [0032]: matching the remote loading code (i.e. authorization verification code)).

As per claim 64, Merrien teaches wherein wherein the authorization credential immigration request comprises a device identifier of the first electronic device, an SE identifier of the first electronic device, an application identifier of the trusted application, and personal information of a user (Merrien: see above & Para[0049] / Para [0051] – [0054] and Para [0019] Line 22 – 25).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 46 – 49, 51, 53 – 57, 59 and 61 are rejected under 35 U.S.C.103 as being unpatentable over Merrien et al. (FOR – EP 2-461-613), in view of Khalil et al. (U.S. Patent 2015/0249540).  


As per claim 46 & 54, Merrien teaches a method, implemented by an electronic device, for immigrating an authorization credential of a trusted application into a first electronic device, wherein the first electronic device comprises a secure element (SE), wherein the trusted application is installed in the SE (Merrien: Para [0014] / [0038] and Para [0007] / [0002]), and wherein the method comprises: 
Sending an authorization credential immigration request to a service server (Merrien: Para [0090], Para [0096] Line 52 – 54. Para [0080] / Line 3 – 4, and Para [0010], Para [0038] / [0014] and Para [0007] / [0002]: on an event of changing terminals from an old terminal to a new terminal in accordance with different cellular services or banking services, a replacement request (for immigration of a secure element) is transmitted from a specific terminal device to a service server to manage the correpsonding secure element, wherein the management of the replacement request includes downloading / deleting secure element associated with the target terminal device(s)); 
receiving first user input indicating a first authorization verification code (Merrien: see above & Para [0023] and Para [0028] Line 26 – 29: receiving a remote loading code (i.e. the authorization verification code) by the terminal device, which is entered via a user input, so that the server (distant site) can check the validity of the received authorization code).
However, Merrien does not disclose expressly wherein the first authorization verification code relates to a second authorization verification code displayed on a second electronic device.
Khalil (& Merrien) teaches the first authorization verification code relates to a second authorization verification code displayed on a second electronic device (Merrien: see above) || (Khalil: Figure 5B / E-520 & Figure 5C / E-535 and Para [0036] Last sentence: the first authorization verification code (e.g. “123456”), which can be securely displayed on a 2nd device via a text message, is entered into a 1st device such that the authentication server (device) can compare the user input code to the transmitted verification code for authenication purposes).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification that a first authorization verification code is related to a second authorization verification code displayed on a electronic device because Khali teaches to effectively and securely provide an authentication mechanism by entering into a 1st device a first authorization verification code (e.g. “123456”), which is securely displayed on a 2nd device via a text message, such that the authentication server (device) can compare the user input code to the transmitted verification code for authenication purpose (see above) within the Merrien’s system of authenticating a user terminal device during a transfer of the content of a secure element from an old terminal device to a new terminal device to prevent malicious attacks from the network (see above). 
wherein the second electronic device is a device from which an authorization credential is to be revoked (Merrien: Para [0090], Para [0096] Line 52 – 54. Para [0080] / Line 3 – 4, Para [0038] / [0014] and Para [0007] / [0002]: a replacement request to manage the correpsonding secure element can be transmitted from a terminal device to a server, wherein the management includes deleting the secure element associated with the target terminal device when changing terminals from an old terminal to a new terminal in accordance with different cellular services or banking services); 
sending to the service server, the first authorization verification code to prompt the service server to perform first authorization authentication (Merrien: see above & Para [0028] Line 26 – 29: receiving a remote loading code (i.e. an authorization verification code) by the terminal device, which is entered via a user input) || (Khalil: Figure 5B / E-520 & Figure 5C / E-535 and Para [0036] Last sentence: the first authorization verification code (e.g. “123456”), which is securely displayed on a 2nd device via a text message, is entered into a 1st device such that the authentication server (device) can compare the user input code to the transmitted verification code for authenication purpose); and to
delete a first mapping relationship between a device identifier of the second electronic device and an authorization credential of the trusted application after determining that first authorization authentication succeeds (Merrien: see above & Para [0014] Line 3 – 6, Para [0002] and Para [0044] Line 22 – 30: 
(a) prividing security management during the SIM (card) application transfer from one device to another device, wherein the secure content of SIM application includes, at least, personal data, bank application and secrets (Merrien: Para [0014] Line 3 – 6), which is stored in an embedded UICC security card that ensures network authentication, integrity and security of personal data (Merrien: Para [0002]) and it’s clear the content, as alleged by Applicant, must include credentials such as bank application credential, network credential and etc. for network authentication purpose;
(b) a singed (destroy) message is sent from the old terminal device to the server after an authorization credential (i.e. secure data) is destroyed by the old terminal device and subsequently, and the server transfers the authorization credential (i.e. secure data) to the new terminal device and as such, the mapping relationship between a device identifier of the old terminal device and the authorization credential is thus replaced / deleted and changed from the old device to new terminal device by the server (Merrien: Para [0044] Line 22 – 30)). 
Receiving the authorization credential of the trusted application from the service server (Merrien: see above & Para [0044] Line 29 – 30, Para [0048] / [0067] / [0097] and Para [0038] Line 27 – 29: receiving, by the new terminal device, the authorization credential such as private keys, certificates, sensitive data and etc. from the server).  

As per claim 47, 49, 55 and 57, Merrien as modified teaches wherein the first authorization verification code is the same as the second authorization verification code (Merrien: see above & Para [0032]: matching the remote loading code (i.e. authorization verification code)).

As per claim(s) 48 and 56, the claims contain(s) similar limitations to claim(s) 46 and thus is/are rejected with the same rationale.

As per claim 51 and 59, Merrien as modified teaches wherein wherein the authorization credential immigration request comprises a device identifier of the first electronic device, an SE identifier of the first electronic device, an application identifier of the trusted application, and personal information of a user (Merrien: see above & Para [0049] / Para [0051] – [0054] and Para [0019] Line 22 – 25).  

As per claim 53 and 61, Merrien as modified teaches wherein the SE comprises an independent physical chip (Merrien: see above & Para [0002]: a security chip).  


Claims 50 and 58 are rejected under 35 U.S.C.103 as being unpatentable over Merrien et al. (FOR – EP 2-461-613), in view of Khalil et al. (U.S. Patent 2015/0249540), and in view of Roberts et al. (U.S. Patent 7,496,768).  


As per claim 50 and 58, Roberts (& Merrien) teaches wherein the first electronic device is configured with a trusted execution environment (TEE), and wherein the first user input is received using a trusted user interface (TUI) in the TEE (Roberts: Col. 2 Line 50 – 65: a trusted user interface (UI) is provided by a trusted UI agent to arbitrate user inputs to a secured execution environment and securely output to a display).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of configuring a user device with trusted user interface (TUI) in a trusted execution environment (TEE) to receive and display the user input from the trusted user interface (TUI) because Roberts teaches to effectively and securely provide a device activation code, which is generated, by the server, based on a combination of a random number (SR) and the device ID (CGDID) for one-time authentication (see above) within the Merrien’s system of authenticating a user terminal device with authentication code entered by a user via a user interface during a transfer of the content of a secure element from an old terminal device to a new terminal device to prevent malicious attacks from the network (see above). 

Claims 52 and 60 are rejected under 35 U.S.C.103 as being unpatentable over Merrien et al. (FOR – EP 2-461-613), in view of Khalil et al. (U.S. Patent 2015/0249540), and in view of Chernilovsky et al. (U.S. Patent 10,735,436).  

As per claim 52 and 60, Chernilovsky (& Merrien) teaches wherein the authorization credential immigration request is set to be valid within a predetermined period (Chernilovsky: Col. 9 Line 30 – 32 / Line 58 – 61: (a) a process of user (login) authentication request is required to be completed within a threshold period of time; otherwise, (b) if the authentication process cannot be completed, the user may be prompted to authenticate via a different method or the user request is denied accordingly).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification that an authorization credential immigration request is set to be valid within a predetermined period because Chernilovsky teaches to effectively and securely require a process of user (login) authentication request to be completed within a threshold period of time; otherwise, if the authentication process cannot be completed, the user may be prompted to authenticate via a different method or the user request is denied accordingly (see above) within the Merrien’s system of authenticating a user terminal device with authentication code entered by a user via a user interface during a transfer of the content of a secure element from an old terminal device to a new terminal device to prevent malicious attacks from the network (see above). 


Claim 65 is rejected under 35 U.S.C.103 as being unpatentable over Merrien et al. (FOR – EP 2-461-613), in view of Juthani et al. (U.S. Patent 9,258,296).  

As per claim 65, Juthani (& Merrien) teaches wherein generating, by the service server, the second authorization verification code comprises generating, by the service server, the second authorization verification code based on the device identifier of the first electronic device and a random number (Juthani: Col. 6 Line 28 – 33: a device activation code is generated, by a server, based on a combination of a random number (SR) and the device ID (CGDID) for one-time authentication purpose).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of generating by a server authorization verification code based on the device identifier and a random number because Juthani teaches to alternatively, effectively and securely provide a device activation code, which is generated, by the server, based on a combination of a random number (SR) and the device ID (CGDID) for one-time authentication (see above) within the Merrien’s system of authenticating a user terminal device during a transfer of the content of a secure element from an old terminal device to a new terminal device to prevent malicious attacks from the network 
(see above). 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2295 – 2021
---------------------------------------------------