DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Edward Green on 01/04/2022.
The application has been amended as follows: 
Claims 22 and 23 are rejoined.
1-16.	(Canceled)
17.	(Currently Amended) A method, in an operator authentication server, for authentication of a communication device associated with a communication device manager, the communication device manager being associated with a plurality of communication devices, wherein the operator authentication server has transmitted group subscriber identity module (SIM) information to the communication device manager, wherein the group SIM information is associated with an international mobile subscriber identity (IMSI) number and a shared secret K, and wherein the communication device manager has transmitted a unique sub identifier and a unique derived secret Ki, but not the shared secret K, to each communication device, the method comprising:
receiving, from the communication device, a request for authentication comprising the sub identifier associated with the communication device;
determining whether the sub identifier is ;

deriving a secret Ki associated with the communication device based on the secret K shared with the communication device manager, and the sub identifier; 
transmitting a challenge to the communication device, wherein the challenge is formed cryptographically based on the derived secret Ki;
receiving, from the communication device, a response to the challenge, wherein the response is cryptographically formed based on the derived secret Ki;
determining whether the received response is correct by confirming that it was cryptographically formed by using the derived secret Ki; and 
in response to determining that the received response is correct, authenticating the communication device and deriving a first session key based on the derived secret Ki.
18.	(Cancelled)
19.	(Currently Amended) The method of claim 17, wherein the method further comprises:
in response to determining that the sub identifier is stored in the sub identifier list, retrieving a sequence number associated with the stored sub identifier; 
in response to determining that the sub identifier is not stored in the sub identifier list:

setting the sequence number to an initial value.
20.	(Currently Amended) The method of claim 17, wherein, following successful authentication of the communication device by the operator authentication server, a secondary authentication is performed between the communication device and a communication device manager authentication server, wherein the method further comprises:
connecting to the communication device manager authentication server in order to enable the communication device manager authentication server to initiate the secondary authentication;
transferring messages between the communication device and the communication device manager authentication server, wherein the messages are tunneled within an protection envelope provided by the successful authentication between the communication device and the operator authentication server; and
receiving a notification from the communication device manager authentication server indicating successful secondary authentication or non-successful secondary authentication.
21.	(Previously presented) The method of claim 20, wherein the method further comprises, in response to receiving a notification indicating successful authentication:

determining the secondary authentication process to be successful.
22.	(Previously presented) A method, in a communication device, for authenticating the communication device by an operator authentication server, the communication device being associated with a communication device manager, the communication device manager being associated with a plurality of communication devices, wherein the communication device manager has received from the operator authentication server group subscriber identity module (SIM) information, wherein the group SIM information is associated with an international mobile subscriber identity (IMSI) number and a shared secret K, the method comprising:
receiving a copy of the IMSI number associated with an instance of the group SIM information from the communication device manager;
receiving a sub identifier from the communication device manager;
receiving, from the communication device manager, a derived secret Ki, but not the shared secret K, the derived secret Ki being derived from the shared secret K and the sub identifier, wherein the sub identifier serves to identify the communication device, wherein the derived secret Ki serves to authenticate the communication device;
transmitting a request for authentication to the operator authentication server, the request for authentication comprising the sub identifier associated with the communication device;

transmitting a response to operator authentication server, wherein the response is formed cryptographically based on the derived secret Ki;
deriving a first session key based on the derived secret Ki.
23.	(Previously presented) A method, in a communication device manager, for enabling authentication of a plurality of communication devices to an operator authentication server, the communication device manager being associated with the plurality of communication devices, wherein the communication device manager has received from the operator authentication server a group subscriber identity module (SIM) information, wherein the group SIM information is associated with an international mobile subscriber identity (IMSI) number and a shared secret K, the method comprising:
creating an instance of the group SIM information for each of the plurality of communication devices; 
associating a respective copy of the IMSI number with each of the plurality of communication devices;
assigning a respective sub identifier to each of the plurality of communication devices; and
assigning a derived secret Ki, the derived secret Ki being derived from the shared secret K and the respective sub identifier, but not the shared secret K, to each of the plurality of communication devices, wherein the respective sub identifier serves to identify each of the plurality of 
24.	(Currently Amended) An arrangement of an operator authentication server for authentication of a communication device associated with a communication device manager, the communication device manager being associated with a plurality of communication devices, wherein the operator authentication server has transmitted group subscriber identity module (SIM) information to the communication device manager, wherein the group SIM information is associated with an international mobile subscriber identity (IMSI) number and a shared secret K, and wherein the communication device manager has transmitted a unique sub identifier and a unique derived secret Ki, but not the shared secret K, to each communication device, wherein the arrangement comprises:
processing circuitry;
memory containing instructions executable by the processing circuitry whereby the arrangement is operative to cause:
reception, from the communication device, a request for authentication comprising the sub identifier associated with the communication device;
determination of whether the sub identifier is known; 
in response to determination that the sub identifier is ;

transmission of a challenge to the communication device, wherein the challenge is formed cryptographically based on the derived secret Ki;
reception, from the communication device, of a response to the challenge, wherein the response is cryptographically formed based on the derived secret Ki;
determination of whether the received response is correct by confirming that it was cryptographically formed by using the derived secret Ki; and 
in response to determination that the received response is correct, authentication of the communication device and derivation of a first session key based on the derived secret Ki.
25.	(Cancelled)
26.	(Currently Amended) The arrangement of claim 24, wherein the instructions are such that the arrangement is operative to cause:
in response to determination that the sub identifier is stored in the sub identifier list, retrieval of a sequence number associated with the stored sub identifier; and 
in response to determination that the sub identifier is not stored in the sub identifier list:

setting the sequence number to an initial value.
27.	(Previously presented) The arrangement of claim 24, wherein the instructions are such that the arrangement is operative to cause:
following successful authentication of the communication device by the operator authentication server, a secondary authentication to be performed between the communication device and a communication device manager authentication server;
connection to the communication device manager authentication server in order to enable the communication device manager authentication server to initiate the secondary authentication;
transferal of messages between the communication device and the communication device manager authentication server, wherein the messages are tunneled within an protection envelope provided by the successful authentication between the communication device and the operator authentication server; and
reception of a notification from the communication device manager authentication server indicating successful secondary authentication or non-successful secondary authentication.

derivation of a final session key by binding together of the first session key and a second session key comprised in the notification; and
determination of the secondary authentication process to be successful.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Claims 17, 19-24 and 26-28 are allowance according to Applicant Remarks filed on 12/07/2021 and further an examiner amendment attached hereto.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIET M DOAN whose telephone number is (571)272-7863. The examiner can normally be reached M-F 9:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Appiah can be reached on 571-272-7904. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KIET M DOAN/           Primary Examiner, Art Unit 2641