DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on December 14, 2021 for application 15/549,250.  Claims 1-2, 5-7, and 9-10 were amended, and claims 1-10 remain pending in the application.
Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed on December 14, 2021, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 7 of the Remarks that concerns the objection to claim 10, the amendment to claim 10 addresses the issue and the objection is withdrawn.
	Regarding the Applicant’s response at pages 7-10 of the Remarks that concerns the § 103 rejection of the pending claims 1-10, the Applicant’s argument concerns the narrowing of the limitation “subscription manager” to “Subscriber Manager Data Processing (SM-DP).”  The Applicant’s arguments in conjunction with the claim amendments are persuasive with respect to the § 103 rejection, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.  The Examiner notes, however, that the amendment involving “SM-DP” 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-2, 5-7, and 9-10, and thus each of the associated dependent claims 3-4 and 8, are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  In response to the prior art rejection under § 103 in the Office Action of September 14, 2021, the Applicant narrowed the limitation of “subscription manager” by substituting “Subscriber Manager Data Preparation (SM-DP)” for “subscription manager.”  Although SM-DP is a term that one skilled in the art would recognize and understand, SM-DP within the context of the claimed invention is indefinite because SM-DP is being employed outside the usual context in which an SM-DP is present and operates in conjunction with the subscription manager – secure routing (SM-SR).
Referring to Fig. 2 of Park (see attached NPL document), a secure channel is initially established between the eUICC and the SM-SR and then another secure channel is established between the eUICC and the SM-DP.  Referring to Fig. 2 of Applicant’s published application (PG-PUB US 2018/0027410), a similar sequence of 
Applicant indicates that their claimed invention does not require SM-SR and states, “there is no more need to use a SM-SR to install a subscription in a eUICC,” see PG-PUB US 2018/0027410 ¶ [0018].  Given this statement and the establishment of the initial communication channel in step 32, which is typically established by SM-SR as taught by Park, the Examiner concludes Applicant’s “subscription management server 20,” which is now claimed as a “SM-DP server,” has assumed functionalities beyond that typically associated with SM-DP in which SM-SR is present.  Due to the apparent increased functionalities of SM-DP in the absence of SM-SR, employing SM-DP as a claim limitation makes the associated claims indefinite.  One skilled in the art would assume certain roles for SM-DP, but the absence of SM-SR imparts additional roles that therefore makes the use of SM-DP within the claims inaccurate.
This rejection may be overcome by amending the claims to eliminate “SM-DP” and to specifically define the roles and/or nature of the subscription manager that is currently claimed as “SM-DP” (e.g., claim a “subscription manager” that perform roles “comprising” and that are associated with SM-DP).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2014/0287725, “Lee”) in view of Nix (US 2015/0163056, “Nix”) and Cormier et al. (US 2014/0011541, “Cormier”), and further in view of Park et al. (Secure Profile Provisioning Architecture for Embedded UICC, see attached NPL document).
Regarding Claim 1
Lee discloses
A method (Fig. 3, abstract) for remote subscription management (Figs. 1 & 5, ¶ [0045]) of an universal integrated circuit card (eUICC) cooperating with a terminal (Fig. 5, ¶ [0150], i.e., the “forming trust relationship between the eUICC and the device embedding the eUICC”), 
said eUICC comprising a private key (¶ [0086], “When the obtaining is performed statically, a public key and a private key can be generated in the eUICC in the manufacturing step of the eUICC.”) and a public certificate signed by its manufacturer (¶ , 
said public certificate comprising information (¶¶ [0086], [0126]-[0127], [0157]) allowing …1 (¶ [0063], “The function of a SM may be provided directly by a MNO. Or, a MNO may make a contract with a third-party organization in order to obtain a SM service”), to decide if it can agree to manage said eUICC (Fig. 3, ¶¶ [0011]-[0012], ¶ [0096], “the status request and the technical capability control may provide verification on the eUICC identity (that is, verification on whether the eUICC is trustable or not), and should be able to verify a feasibility of a characteristic of the eUICC for a MNO service,”), 
said method comprising: 
a- 2…, establishing a secure channel between said terminal and said SM-DP (Park Fig. 2, p. 299) server by using said public certificate and dedicated cryptographic services of said eUICC (Fig. 5, ¶¶ [0154]-[0160], “step 520,” and “Each of the eUICC and the SM-SR authenticates each other by generating its verification information based on trust information transferred from or shared with a counterpart entity, transmitting the generated verification information, and verifying the verification information transmitted from the counterpart entity based on the trust information. Thereby, the trust relationship between the eUICC and the SM-SR is formed,” and see Park Fig. 2, p. 299 for a secure channel between the terminal/”eUICC device” and SM-DP, and where Park p.299 teaches or suggests a communication channel without an SM-SR); 
b- Sending from said terminal to said SM-DP server a subscription management request (Fig. 5, i.e., “S520” that relates the terminal to the eUICC, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request), being considered as an enrolment request by said SM-DP server (¶ [0082], “a provisioning procedure corresponding to a first subscription” that necessarily involves enrolment); 
c- Verifying, based on said information in the received public certificate from said eUICC (at least ¶ [0159], “the eUICC and the SM-SR transmits the verification information to each other, if the trust information is a certificate”), in said SM-DP server if said eUICC is entitled to be managed by said SM-DP server (¶ [0085], “the MNO may verify an identity of the eUICC and collect information about the eUICC by cooperating with the SM-SR [or the SM-DP as suggested by Park p. 299 after the establishment of the secure communication channel between the eUICC and SM-DP]. In the step S330, the MNO may obtain an encryption key for the eUICC, specifically, a public key corresponding to the eUICC from the SM-SR,”),
3…, and, if yes:
d- Performing a key establishment procedure between said SM-DP server and said eUICC by using said eUICC public certificate (Fig. 6, ¶¶ [0146]-[0148], “each entity authenticates each other by verifying verification information of a counterpart entity based on the corresponding trust information, and forms trust relationship between entities,” “the trust information may be a symmetric key (secret key) or an authentication key (public key),” and “a pair of entities may be… a pair of an eUICC and …, etc ,” i.e., an eUICC and SM-DP as suggested by Park Fig. 2, p. 199), this step being the enrolment of the eUICC by the subscription (¶¶ [0097]-[0098], “the SM-SR database may be updated at a final stage of the subscription installation”); 
4 …; and
	f- Executing by said SM-DP server said subscription management request on said eUICC (Fig. 3, ¶¶ [0091], [0096]-[0098], “the MNO may transmit the double ciphered eUICC profile to the corresponding eUICC (at S360). At this time, the public key of the SM-DP or a certification may be transmitted to the eUICC with the eUICC profile in order to provide authenticity”).
Lee doesn’t disclose
	1 … a SM-DP server with a list of public keys of eUICC manufacturers that are trustable, with no prior knowledge of said eUICC individually,
2 At the occurrence of an event initiated at said terminal,…
	3 wherein said information comprises an eUICC version identifier,
	4 e- Establishing between said SM-DP server and said eUICC a secure channel;
Nix, however, discloses
1 …with a list of public keys of eUICC manufacturers that are trustable (Fig. 1, ¶ [0271], “In an exemplary embodiment, a mobile network operator 104 could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives the eUICC identity 107 a in a step 205.  The MNO 104 could use the data received from a M2M service provider 115 (including a list of … eUICC public keys 214)…” further noting the SM-DP (subscription manager-data preparation) is associated with the subscription manager server can be provided “autonomously” by the MNO (see Lee ¶ [0077]), and the “UICC manufacturer” is trustable because it is providing keys for the UICC; and ¶¶ [0155]-[0157], “eUICC public key 214 can comprise a key recorded in an X.509 certificate that also includes a module identity 110 and/or eUICC identity 107 a [as a version identifier]…,” and “A manufacturer of module 101 or an eUICC subscription manager 109 could also derive the eUICC private key 215 and eUICC public key 214 in a server, and load the eUICC private key 215 into a nonvolatile memory of module 101,” i.e., the “list of eUICC public keys received” are produced by a manufacturer (and can be stored in a certificate, as similarly disclosed by Lee ¶ [0124])),
with no prior knowledge of said eUICC individually (¶ [0271], “In an exemplary embodiment, a mobile network operator 104 [possessing a subscription manager server] could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives [and thus possesses no prior knowledge of said eUICC individually] the eUICC identity 107 a in a step 205”),
	3 wherein said information comprises an eUICC version identifier (¶ [0055], “An eUICC 107 can include an eUICC identity 107 a [as a version identifier], such that an eUICC subscription manager 109 can select and identify [and thereby verif[y]] the eUICC 107 among a plurality of eUICCs 107.”)
Cormier, however, discloses
	2 At the occurrence of an event initiated at said terminal,…(Fig. 7, ¶¶ [0091]-[0094], i.e., broadly speaking, the event may be construed as “subscription manager transfer activation” or more narrowly as “step 1” where “terminal 702 send a request for transferring an assignment of SMs [subscription managers];” and ¶ [0109], i.e., after step 1, ultimately a secure communication with “secure chip 501” is achieved)
Park, however, discloses
	4 e- Establishing between said SM-DP server and said eUICC a secure channel (Fig. 2, p. 299, col. 2, i.e., the “Mutual Authentication,” “Confidentiality,” “Data Integrity,” “Data Origin Authentication,” “Non-Exposure of Key,” “Verification of eUICC’s Information” sections teach or suggest the establishment of a secure channel between the SM-DP and eUICC);
	Regarding the combination of Lee and Nix, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee to have included the public key list feature of Nix. One of ordinary skill in the art would have been motivated to incorporate the public key list feature of Nix because Nix discusses several problems within the art, such as “A need exists in the art for a module, including a mobile phone, and a MNO to securely and efficiently support a change in network access credentials, including a key 
Regarding the combination of Lee-Nix and Cormier, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee-Nix to have included the eUICC management feature of Cormier.  One of ordinary skill in the art would have been motivated to incorporate the eUICC management feature of Cormier because both Cormier and Lee disclose a remote subscription management system, and Cormier beneficially expands the capabilities of this remote subscription management by allowing for the transfer of subscription managers. (See abstract of Cormier). 
Regarding the combination of Lee-Nix-Cormier and Park, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the eUICC management system of Lee-Nix-Cormier to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):

2) the prior art contained a “comparable” device, namely the eUICC system of Park, that has been improved in the same way as the claimed invention by the use of an established secure communication channel between an eUICC and a SM-DP server that affords at least mutual authentication and confidentiality (see Park p. 299); and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the use of an established communication channel to the base device, or the eUICC system of Lee-Nix-Cormier, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 2
Lee in view of Nix and Cormier, and further in view of Park (“Lee-Nix-Cormier-Park”) discloses the method according to claim 1, and Lee further discloses 
wherein said terminal comprises an application (¶ [0042], “‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.,” with the eUICC associated with “eUICC device” or terminal), said application performing steps -a- and -b- by:
- at the occurrence of said event (Fig. 3, ¶ [0083], “an eUICC may transmit an activation request…”), establishing a local secure channel between said eUICC and said application (Fig. 5, ¶ [0151], “A step S510 of forming trust relationship between the eUICC and the device embedding the eUICC”) by using said private key and said public certificate (¶ [0129], “…which can be made public with its private key (corresponding to ; 
	1 …;
- sending from said application to said SM-DP server a subscription management request of said eUICC (Fig. 5, i.e., “S520” that relates the application on the “eUICC device” to the eUICC, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request that is sent from the terminal/”eUICC device” running the application).
Park further discloses
	1 - establishing a secure channel with said SM-DP server by using said public certificate and dedicated cryptographic services of said eUICC (Fig. 2, p. 299, col. 2, i.e., the “Mutual Authentication,” “Confidentiality,” “Data Integrity,” “Data Origin Authentication,” “Non-Exposure of Key,” “Verification of eUICC’s Information” sections teach or suggest the establishment of a secure channel between the SM-DP and eUICC, where the “Mutual Authentication” entails the “eUICC and SM-DP prov[ing] their authenticities [to] each other through cryptographic exchanges,” which would include the use of a public certificate of Lee Fig. 6, ¶¶ [0146]-[0148]);
Regarding Claim 3
Lee-Nix-Cormier-Park discloses the method according to claim 1, and Lee further discloses
wherein said eUICC performs the steps 
-a- (Fig. 3, ¶ [0083], “an eUICC may transmit an activation request including device identity information (such as IMEI, etc.) and eUICC identity information (such as eICCid, etc.) to a MNO (at S310);” and Fig. 5, ¶¶ [0154]-[0160], “step 520,” and “Each of the eUICC… authenticates each other by generating its verification information based on trust information transferred from or shared with a counterpart entity, transmitting the generated verification information, and verifying the verification information transmitted from the counterpart entity based on the trust information. Thereby, the trust relationship between the eUICC and the SM-SR is formed,” with the relevant secure channel between the terminal/”eUICC device” and subscription manager server/”SM-SR[‘s]” or “MNO[‘s]” being illustrated in Fig. 5 with the line labeled “S520;”) and 
-b- (Fig. 5, i.e., “S520” that relates the terminal to the eUICC, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request).
Regarding Claim 4
Lee-Nix-Cormier-Park discloses the method according to claim 1, and Lee further discloses 
wherein said event is generated by a user of said terminal (¶¶ [0004]-[0005], “users have inconveniency in changing a mobile network,” such changes occurring through an event, and “a user using the eUICC…”).
Regarding Claim 9
Lee-Nix-Cormier-Park discloses the method according to claim 1, and Lee further discloses 
wherein the SM-DP server is separate from a Subscriber Manager Secure Routing (SM-SR) server (Fig. 2, ¶ [0080], “As shown in FIG. 2, a SM may be divided into a SM-DP which safely prepares various profiles related to an eUICC (such as an operational profile of an MNO, a provisioning profile, etc.) and a SM-SR for routing them.”).
Regarding Claim 10
Lee-Nix-Cormier-Park discloses the method according to claim 9, and Lee further discloses 
wherein the SM-DP server …1 (¶ [0063]) with the said subscription management request in said eUICC (Fig. 5, i.e., “S520” that relates the terminal to the eUICC, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request).
Nix further discloses
1 … does not use the SM-SR server (Figs. 1-6, ¶¶ [0001]-[0286], i.e., the disclosure does not reference an SM-SR server, and thus the method or system does not use the SM-SR server; see also Park p. 299 that teaches various communication interactions between the eUICC and SM-DP that occur without the SM-SR) to install a subscription associated... (¶ [0236], “Commercial business arrangements among the user 113 of module 101, the eUICC subscription manager 109, and the mobile network operator 104 can determine the timing for activating a profile 107 d  [to install a subscription] for a module 101 with an eUICC 107 in a step 402, such as a user 113 entering a new contract for service with a MNO 104 for the profile 107 d;” and ¶ [0281], “(ii) ownership of module 101 may change, and business or legal contracts could install[ation of] a subscription)
Regarding the combination of Lee and Nix, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee to have included subscription management feature of Nix. One of ordinary skill in the art would have been motivated to incorporate the subscription management feature of Nix because Nix discusses the problem that “fraudulent users or imposters of valid users, could (i) take steps to obtain a plaintext first key K 203 and associated plaintext first network module identity 202 and (ii) use the credentials to fraudulently access the wireless network 102,” see Nix ¶ [0128], and Nix discloses a secure system that addresses this problem via a “second key K 204 a [that] can preferably be only made available to users who authenticate with mobile network operator.”  See Nix ¶ [0128]. 
Regarding Claim 5
Lee discloses
A terminal comprising an universal integrated circuit card (eUICC) (Fig. 5, ¶ [0150], i.e., “…the eUICC and the device embedding the eUICC”) and an application (¶ [0042], “‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.,” with the eUICC associated with “eUICC device” or terminal), said eUICC comprising a private key (¶ [0086], “When the obtaining is performed statically, a public key and a private key can be generated in the eUICC in the manufacturing step of the eUICC.”) and a public certificate (¶ [0153], “the eUICC , wherein said application comprises instructions that cause a computer to execute (¶ [0042], “Also, an ‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.)”) the following operations:
- 1 …, establishing a local secure channel between said eUICC and said application (Fig. 5, ¶ [0151], “A step S510 of forming trust relationship between the eUICC and the device embedding the eUICC”) by using said private key and said public certificate (¶ [0129], “…which can be made public with its private key (corresponding to security information). Then, the entity may transmit the generated verification information to a counterpart entity, and the counterpart entity may verify the verification information based on the electronic signature by utilizing a certificate transferred together or opened so as to check whether the verification information is generated in the entity to form a trust relationship with itself or not”), said public certificate comprising information (¶¶ [0086], [0126]-[0127], [0157]) allowing a Subscriber Manager Data Preparation (SM-DP) server…2 (¶ [0063], “The function of a SM may be provided directly by a MNO. Or, a MNO may make a contract with a third-party organization in order to obtain a SM service,” which would include the SM-DP as disclosed by Park p. , to decide if it can agree to manage said eUICC (Fig. 3, ¶¶ [0011]-[0012], ¶ [0096], “the status request and the technical capability control may provide verification on the eUICC identity (that is, verification on whether the eUICC is trustable or not), and should be able to verify a feasibility of a characteristic of the eUICC for a MNO service,”),
3 …;
4 …;
- sending from said application to said SM-DP server a subscription management request of said eUICC (Fig. 5, i.e., “S520” that relates the running application on the terminal to the eUICC, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request).
Lee doesn’t disclose
	1 at the occurrence of an event initiated at said terminal,…
	2 … with a list of public keys of eUICC manufacturers that are trustable, with no prior knowledge of said eUICC individually,
	3 wherein said information comprises an eUICC version identifier;
	4 - establishing a secure channel with said SM-DP server by using said public certificate and dedicated cryptographic services of said eUICC;
Nix, however, discloses
2 … with a list of public keys of eUICC manufacturers that are trustable (Fig. 1, ¶ [0271], “In an exemplary embodiment, a mobile network operator 104 could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives the eUICC identity 107 a in a step 205.  The MNO 104 could use the data received from a M2M list of … eUICC public keys 214)…” further noting the SM-DP (subscription manager-data preparation) is associated with the subscription manager server can be provided “autonomously” by the MNO (see Lee ¶ [0077]), and the “UICC manufacturer” is trustable because it is providing keys for the UICC; and ¶¶ [0155]-[0157], “eUICC public key 214 can comprise a key recorded in an X.509 certificate that also includes a module identity 110 and/or eUICC identity 107 a [as a version identifier]…,” and “A manufacturer of module 101 or an eUICC subscription manager 109 could also derive the eUICC private key 215 and eUICC public key 214 in a server, and load the eUICC private key 215 into a nonvolatile memory of module 101,” i.e., the “list of eUICC public keys received” are produced by a manufacturer (and can be stored in a certificate, as similarly disclosed by Lee ¶ [0124])), with no prior knowledge of said eUICC individually (¶ [0271], “In an exemplary embodiment, a mobile network operator 104 [possessing a subscription manager server] could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives [and thus possesses prior knowledge of said eUICC individually] the eUICC identity 107 a in a step 205”),
	3 wherein said information comprises an eUICC version identifier (¶ [0055], “An eUICC 107 can include an eUICC identity 107 a [as a version identifier], such that an eUICC subscription manager 109 can select and identify [and thereby verif[y]] the eUICC 107 among a plurality of eUICCs 107.”);
Cormier, however, discloses
	1 At the occurrence of an event initiated at said terminal,…(Fig. 7, ¶¶ [0091]-[0094], i.e., broadly speaking, the event may be construed as “subscription manager 
Park, however, discloses
	4 - establishing a secure channel with said SM-DP server by using said public certificate and dedicated cryptographic services of said eUICC (Fig. 2, p. 299, col. 2, i.e., the “Mutual Authentication,” “Confidentiality,” “Data Integrity,” “Data Origin Authentication,” “Non-Exposure of Key,” “Verification of eUICC’s Information” sections teach or suggest the establishment of a secure channel between the SM-DP and eUICC, where the “Mutual Authentication” entails the “eUICC and SM-DP prov[ing] their authenticities [to] each other through cryptographic exchanges,” which would include the use of a public certificate of Lee Fig. 6, ¶¶ [0146]-[0148]);
Regarding the combination of Lee and Nix, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee to have included the public key list feature of Nix. One of ordinary skill in the art would have been motivated to incorporate the public key list feature of Nix because Nix discusses several problems within the art, such as “A need exists in the art for a module, including a mobile phone, and a MNO to securely and efficiently support a change in network access credentials, including a key K for the module connecting to the MNO, without requiring a physical replacement of a UICC or equivalent physical media recording a key K,” see Nix ¶ [0013], and Nix provides a method to address this issue by the use of a list of eUICC public keys that 
Regarding the combination of Lee-Nix and Cormier, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee-Nix to have included the eUICC management feature of Cormier.  One of ordinary skill in the art would have been motivated to incorporate the eUICC management feature of Cormier because both Cormier and Lee disclose a remote subscription management system, and Cormier beneficially expands the capabilities of this remote subscription management by allowing for the transfer of subscription managers. (See abstract of Cormier). 
Regarding the combination of Lee-Nix-Cormier and Park, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the eUICC management system of Lee-Nix-Cormier to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base device, namely the eUICC system of Lee-Nix-Cormier, upon which the claimed invention is seen as an “improvement” by the use of an established secure communication channel between an eUICC and a SM-DP server;
2) the prior art contained a “comparable” device, namely the eUICC system of Park, that has been improved in the same way as the claimed invention by the use of an 
3) one of ordinary skill in the art could have applied the known improvement technique of applying the use of an established communication channel to the base device, or the eUICC system of Lee-Nix-Cormier, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 6
Lee discloses
A terminal comprising an universal integrated circuit card (eUICC) (Fig. 5, ¶ [0150], i.e., “…the eUICC and the device embedding the eUICC”), said eUICC comprising a private key (¶ [0086], “When the obtaining is performed statically, a public key and a private key can be generated in the eUICC in the manufacturing step of the eUICC.”) and a public certificate (¶ [0153], “the eUICC and the device perform reciprocal authentication, verification on the trust information of the device embedding the eUICC may be performed based on public trust information of the device (for example, a public key of Public Key Cryptography (PK), etc.) which is pre-loaded in the eUICC during the manufacturing or provisioning step of the eUICC);” ¶ [0124], “The eUICC and device equipped with the eUICC may store trust information (for example, certificates, etc.);” and ¶¶ [0126]-[0127], “The ‘trust information’ in the present invention may adopt a format such as a certificate”), said public certificate comprising information (¶¶ [0086], [0126]-[0127], [0157]) allowing a Subscription Manager Data Protection (SM-DP) server…1 (¶ [0063], “The function of a SM may be provided directly by a MNO. Or, a MNO may make a contract with a third-party organization in order to , to decide if it can agree to manage said eUICC (Fig. 3, ¶¶ [0011]-[0012], ¶ [0096], “the status request and the technical capability control may provide verification on the eUICC identity (that is, verification on whether the eUICC is trustable or not), and should be able to verify a feasibility of a characteristic of the eUICC for a MNO service,”), wherein said eUICC comprises instructions that cause a computer to execute (¶ [0042], “‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.,” with the eUICC associated with “eUICC device” or terminal) the following operations:
- 2 …,
3 …;
- sending from said eUICC to said SM-DP server a subscription management request of said eUICC (Fig. 5, i.e., “S520” that relates the eUICC to the subscription manager server, and ¶ [0083], “an eUICC may transmit an activation request…,” which relates to a subscription management request that is received by the subscription manager server via the communication channel S520).
Lee doesn’t disclose
	1 …with a list of public keys of eUICC manufacturers that are trustable, with no prior knowledge of said eUICC,
2 At the occurrence of an event initiated at said terminal, establishing a secure channel between said eUICC and the SM-DP by using said public certificate and dedicated cryptographic services of said eUICC,
	3 wherein said information comprises an eUICC version identifier;
Nix, however, discloses
	1 …with a list of public keys of eUICC manufacturers that are trustable (Fig. 1, ¶ [0271], “In an exemplary embodiment, a mobile network operator 104 could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives the eUICC identity 107 a in a step 205.  The MNO 104 could use the data received from a M2M service provider 115 (including a list of … eUICC public keys 214)…” further noting the SM-DP (subscription manager-data preparation) is associated with the subscription manager server can be provided “autonomously” by the MNO (see Lee ¶ [0077]), and the “UICC manufacturer” is trustable because it is providing keys for the UICC; and ¶¶ [0155]-[0157], “eUICC public key 214 can comprise a key recorded in an X.509 certificate that also includes a module identity 110 and/or eUICC identity 107 a [as a version identifier]…,” and “A manufacturer of module 101 or an eUICC subscription manager 109 could also derive the eUICC private key 215 and eUICC public key 214 in a server, and load the eUICC private key 215 into a nonvolatile memory of module 101,” i.e., the “list of eUICC public keys received” are produced by a manufacturer (and can be stored in a certificate, as similarly disclosed by Lee ¶ [0124])), 
with no prior knowledge of said eUICC (¶ [0271], “In an exemplary embodiment, a mobile network operator 104 [possessing a subscription manager server] could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives [and thus possesses prior knowledge of said eUICC individually] the eUICC identity 107 a in a step 205”),
	3 wherein said information comprises an eUICC version identifier (¶ [0055], “An eUICC 107 can include an eUICC identity 107 a [as a version identifier], such that an eUICC subscription manager 109 can select and identify [and thereby verif[y]] the eUICC 107 among a plurality of eUICCs 107.”);
Cormier, however, discloses
	2 At the occurrence of an event initiated at said terminal,…a (Fig. 7, ¶¶ [0091]-[0094], i.e., broadly speaking, the event may be construed as “subscription manager transfer activation” or more narrowly as “step 1” where “terminal 702 send a request for transferring an assignment of SMs [subscription managers];” and ¶ [0109], i.e., after step 1, ultimately a secure communication with “secure chip 501” is achieved)
Park, however, discloses
	a …, establishing a secure channel between said eUICC and the SM-DP by using said public certificate and dedicated cryptographic services of said eUICC (Fig. 2, p. 299, col. 2, i.e., the “Mutual Authentication,” “Confidentiality,” “Data Integrity,” “Data Origin Authentication,” “Non-Exposure of Key,” “Verification of eUICC’s Information” sections teach or suggest the establishment of a secure channel between the SM-DP and eUICC, where the “Mutual Authentication” entails the “eUICC and SM-DP prov[ing] their authenticities [to] each other through cryptographic exchanges,” which would include the use of a public certificate of Lee Fig. 6, ¶¶ [0146]-[0148]),
Regarding the combination of Lee and Nix, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee to have included the public key list feature of Nix. One of ordinary skill in the art would have been motivated to incorporate 
Regarding the combination of Lee-Nix and Cormier, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee-Nix to have included the eUICC management feature of Cormier.  One of ordinary skill in the art would have been motivated to incorporate the eUICC management feature of Cormier because both Cormier and Lee disclose a remote subscription management system, and Cormier beneficially expands the capabilities of this remote subscription management by allowing for the transfer of subscription managers. (See abstract of Cormier). 
Regarding the combination of Lee-Nix-Cormier and Park, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the eUICC management system of Lee-Nix-Cormier to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).

1) the prior art contained a base device, namely the eUICC system of Lee-Nix-Cormier, upon which the claimed invention is seen as an “improvement” by the use of an established secure communication channel between an eUICC and a SM-DP server;
2) the prior art contained a “comparable” device, namely the eUICC system of Park, that has been improved in the same way as the claimed invention by the use of an established secure communication channel between an eUICC and a SM-DP server that affords at least mutual authentication and confidentiality (see Park p. 299); and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the use of an established communication channel to the base device, or the eUICC system of Lee-Nix-Cormier, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 7
Lee discloses
 	A non-transitory computer readable storage medium comprised in a terminal (¶ [0042], “Also, an ‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.),” i.e., such “software” being stored on computer readable storage media, including non-transitory storage media), said terminal also comprising an universal integrated circuit card (eUICC) (Fig. 5, ¶ [0150], i.e., “…the eUICC and the device embedding the eUICC”) comprising a private key (¶ [0086], “When the obtaining is performed statically, a public key and a private key can be generated in the eUICC in the manufacturing step of the eUICC.”) and a public certificate (¶ [0153], “the eUICC and the device perform reciprocal authentication, verification on the trust information of the device embedding the eUICC may be performed based on public trust information of the device (for example, a public key of Public Key Cryptography (PK), etc.) which is pre-loaded in the eUICC during the manufacturing or provisioning step of the eUICC);” ¶ [0124], “The eUICC and device equipped with the eUICC may store trust information (for example, certificates, etc.);” and ¶¶ [0126]-[0127], “The ‘trust information’ in the present invention may adopt a format such as a certificate”), said public certificate comprising information (¶¶ [0086], [0126]-[0127], [0157]) allowing a Subscriber Manager Data Preparation (SM-DP) server …1 (¶ [0063], “The function of a SM may be provided directly by a MNO. Or, a MNO may make a contract with a third-party organization in order to obtain a SM service,” which would include SM-DP as disclosed by Park p. 299), to decide if it can agree to manage said eUICC (Fig. 3, ¶¶ [0011]-[0012], ¶ [0096], “the status request and the technical capability control may provide verification on the eUICC identity (that is, verification on whether the eUICC is trustable or not), and should be able to verify a feasibility of a characteristic of the eUICC for a MNO service,”),
 said non-transitory computer-readable medium comprising instructions that cause a computer to execute (¶ [0042]) the following operations:
- 2 …,
3 …;
- sending from said terminal to said SM-DP server a subscription management request of said eUICC (Fig. 5, i.e., “S520” that relates the terminal to the eUICC, and ¶ subscription management request of said eUICC).
Lee doesn’t disclose
	1 …with a list of public keys of eUICC manufacturers that are trustable, with no prior knowledge of said eUICC,
2 at the occurrence of an event initiated at said terminal, establishing a secure channel between said terminal and said SM-DP server by using said private key and said public certificate,
	3 wherein said information comprises an eUICC version identifier; 
Nix, however, discloses
	1 …with a list of public keys of eUICC manufacturers that are trustable (Fig. 1, ¶ [0271], “In an exemplary embodiment, a mobile network operator 104 could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives the eUICC identity 107 a in a step 205.  The MNO 104 could use the data received from a M2M service provider 115 (including a list of … eUICC public keys 214)…” further noting the SM-DP (subscription manager-data preparation) is associated with the subscription manager server can be provided “autonomously” by the MNO (see Lee ¶ [0077]), and the “UICC manufacturer” is trustable because it is providing keys for the UICC; and ¶¶ [0155]-[0157], “eUICC public key 214 can comprise a key recorded in an X.509 certificate that also includes a module identity 110 and/or eUICC identity 107 a [as a version identifier]…,” and “A manufacturer of module 101 or an eUICC subscription manager 109 could also derive the eUICC private key 215 and eUICC public key 214 in , 
with no prior knowledge of said eUICC (¶ [0271], “In an exemplary embodiment, a mobile network operator 104 [possessing a subscription manager server] could receive a list of eUICC public keys 214 and eUICC identities 107 a from an M2M service provider 115 before eUICC subscription manager 109 receives [and thus possesses prior knowledge of said eUICC individually] the eUICC identity 107 a in a step 205”),
3 wherein said information comprises an eUICC version identifier (¶ [0055], “An eUICC 107 can include an eUICC identity 107 a [as a version identifier], such that an eUICC subscription manager 109 can select and identify [and thereby verif[y]] the eUICC 107 among a plurality of eUICCs 107.”);
Cormier, however, discloses
	2 At the occurrence of an event initiated at said terminal,…a (Fig. 7, ¶¶ [0091]-[0094], i.e., broadly speaking, the event may be construed as “subscription manager transfer activation” or more narrowly as “step 1” where “terminal 702 send a request for transferring an assignment of SMs [subscription managers];” and ¶ [0109], i.e., after step 1, ultimately a secure communication with “secure chip 501” is achieved)
Park, however, discloses
	a …, establishing a secure channel between said terminal and said SM-DP server by using said private key and said public certificate (Fig. 2, p. 299, col. 2, i.e., the “Mutual Authentication,” “Confidentiality,” “Data Integrity,” “Data Origin Authentication,” “Non-Exposure of Key,” “Verification of eUICC’s Information” sections teach or suggest secure channel between the SM-DP and eUICC, where the “Mutual Authentication” entails the “eUICC and SM-DP prov[ing] their authenticities [to] each other through cryptographic exchanges,” which would include the use of a public certificate of Lee Fig. 6, ¶¶ [0146]-[0148]),
Regarding the combination of Lee and Nix, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee to have included the public key list feature of Nix. One of ordinary skill in the art would have been motivated to incorporate the public key list feature of Nix because Nix discusses several problems within the art, such as “A need exists in the art for a module, including a mobile phone, and a MNO to securely and efficiently support a change in network access credentials, including a key K for the module connecting to the MNO, without requiring a physical replacement of a UICC or equivalent physical media recording a key K,” see Nix ¶ [0013], and Nix provides a method to address this issue by the use of a list of eUICC public keys that enable the derivation of a second key to maintain/alter a subscription.  See Nix ¶¶ [0271], [0281].    
Regarding the combination of Lee-Nix and Cormier, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the eUICC management system of Lee-Nix to have included the eUICC management feature of Cormier.  One of ordinary skill in the art would have been motivated to incorporate the eUICC management feature of Cormier because both Cormier and Lee disclose a remote subscription management system, and Cormier 
Regarding the combination of Lee-Nix-Cormier and Park, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the eUICC management system of Lee-Nix-Cormier to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base device, namely the eUICC system of Lee-Nix-Cormier, upon which the claimed invention is seen as an “improvement” by the use of an established secure communication channel between an eUICC and a SM-DP server;
2) the prior art contained a “comparable” device, namely the eUICC system of Park, that has been improved in the same way as the claimed invention by the use of an established secure communication channel between an eUICC and a SM-DP server that affords at least mutual authentication and confidentiality (see Park p. 299); and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the use of an established communication channel to the base device, or the eUICC system of Lee-Nix-Cormier, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 8
Lee-Nix-Cormier-Park discloses a non-transitory computer readable storage medium according to claim 7, and Lee further discloses
wherein the storage medium is comprised in said eUICC (¶ [0042], “Also, an ‘eUICC supplier’ means a provider of an eUICC module and resident software (such as a firmware, an operating system, etc.),” with “resident software” residing in the eUICC).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491