Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
s 1-2, 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over D1 (EP 2579630 found on IDS dated 4/28/2021) in view of D2 (KR 20130023300) further in view of Smith et al (2017/0033823).
Regarding claims 1 and 7.  D1 teaches a program and a method for transferring a MSISDN allocated to a subscription (0063 – mobile device ID and SIM card ID for the mobile device are registered or stored on the User ID server, 0064 – new SIM card ID cannot be found in association with the mobile device ID on the database) from a first to a second secure element (0028 – swapping one SIM card in the UE for another SIM card), said method comprising: 
during an enrolment phase of the first secure element cooperating with a terminal, transferring from said first secure element to a remote server, a first(0075 – UE sends password (e.g., secret information) and mobile device ID (e.g., MSISDN) and SIM card ID to the user ID server, 0078 – same SIM card as before (e.g. there was no SIM card swap));
Store said first (figure 1 wherein mobile device ID and password are stored in the user ID server); 
When said second secure element is for the first time activated in a terminal, after said user having entered said MSISDN to be transferred and said secret information, (0075 – mobile device sends a username ID, : 
Compare said first (0075 – if the received username ID and password correspond to the username ID and password stored in the database 6, then the received data is correct, Other data can be compared, such as the mobile device ID, 0078 – settings associated with the username ID are maintained on the mobile device, even after a SIM swap, 
assigning at the level of the operator network a subscription identifier of said second secure element to said MSISDN.
	D1 does not teach hashing user input and comparing the hashed information.
	D2 teaches “user authentication information input interface” is used to request the user to input user authentication information for implementing a one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to a user authentication information interface through the key input unit” (translation at page 10 which corresponds to paragraph 0071 of KR20130023300).  The user authentication information may include at least one PIN or password registered to authenticate the terminal medium for the wireless terminal in the media authentication server on the communication network (translation page 10 which corresponds to paragraph 0072 of KR20130023300).  The PIN or password and MSISDN are registered in the server (translation page 11 which corresponds to paragraph 0077 of KR20130023300).  The authentication process preferably generates 
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 to use the hash function as taught by D2 thereby enabling a server/UE to compare hashed passwords values instead of comparing passwords directly thus increases security since the information transmitted between the UE and server is/are encrypted via hash function.
D1 in view of D2 do not explicitly teach assigning at the level of the operator network a subscription identifier of said second secure element to said MSISDN.
	Smith teaches server detects SIM Swap by mapping/assigning IMSIs to MSISDNs and/or security keys (0024, 0027, 0030).  The server can also be configured to detect a new activation of a device with the server by configuring the UE with username and password and exchanging security settings with the server, such as a key used for data encryption/decryption (0028).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 to map IMSIs and MSISDNs as taught by Smith in order to enable a business the ability to replace an old SIM associated with a previous employee with a new SIM associated 

Regarding claim 2.  D1 does not teach wherein said comparison is done at the level of said remote server and wherein said second hash function is sent from said second secure element to said remote server.
D2 teaches “user authentication information input interface” is used to request the user to input user authentication information for implementing a one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to a user authentication information interface through the key input unit” (translation at page 10 which corresponds to paragraph 0071 of KR20130023300).  The user authentication information may include at least one PIN or password registered to authenticate the terminal medium for the wireless terminal in the media authentication server on the communication network (translation page 10 which corresponds to paragraph 0072 of KR20130023300).  The PIN or password and MSISDN are registered in the server (translation page 11 which corresponds to paragraph 0077 of KR20130023300).  The authentication process preferably generates the terminal medium authentication information by concatenating the user authentication information (e.g., password) and the unique information (e.g., MSISDN) of the wireless terminal (translation page 11 which corresponds to 0078 of KR20130023300).  The authentication processor hashes at least one or more of the user authentication information (e.g. password) and the unique information of the wireless terminal (page 11 which corresponds to 0079 of KR20130023300).

Regarding claim 4.  D1 teaches wherein said first or second secure elements are one of: A UICC, eUICC, iUICC, A device application, A trusted execution environment (0004 – A SIM is one example of a smart card, 0028 – exchanging or swapping one SIM card in the UE for another SIM card).
	Smith teaches UICC (abstract, 0024 – UICC card inserted into a UE may be removed and replaced by a different UICC).
Regarding claim 5.  D1 teaches wherein said secret information is one of: - An hexadecimal code; - An answer to at least one question accompanied with a reference of said question; - A passphrase (0075 – UE sends password).
D2 teaches user can enter PIN or password (translation page 10 which corresponds to paragraph 0073 of KR20130023300).
Smith teaches UICC having IMSIs associated with MISISDNs and/or authentication keys (0027).
Regarding claim 6.  D1 in view of D2 do not explicitly teach wherein said subscription identifier is an IMSI.
Smith teaches server is able to detect SIM Swap by mapping/assigning IMSIs to MSISDNs and/or security keys (0024, 0027, 0030).  The server can also be configured to detect a new activation of a device with the server by configuring the UE with 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 to map IMSIs and MSISDNs as taught by Smith in order to enable a business the ability to replace an old SIM associated with a previous employee with a new SIM associated with a new employee and/or enable an employee to switch the SIM card with a different SIM card when traveling (Smith at 0024).
2.	Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over D1 (EP 2579630 found on IDS dated 4/28/2021) in view of D2 (KR 20130023300) and Smith et al (2017/0033823) further in view of Lodeweyckx (2015/0038116).
Regarding claim 3.  D1 in view of D2 and Smith do not teach wherein said comparison is done at the level of said second secure element and wherein said first hash is sent from said remote server to said second secure element.
Lodeweyckx teaches the UE may use one of a plurality of mobile identities wherein UE consults server which securely provisions the IMSI and secret key data to the UE for use with respect to a current connection (0089-0090).  In a further option, a so-called root key can be provided at the SIM and the server, which secret keys being derived from the secret root key according to certain algorithm and seed data (0093).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 and Smith to provision the UE with IMSI and secret key from a server side as taught by Lodeweyckx thereby enabling the SIM to authenticate the user during a SIM swap.
Conclusion
3.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	---(20140172712) Petersen et al teaches storing IMSI or ICCID against MSISDN at server level (0045) and such storage may be performed using the highest and latest available encryption and hashing techniques (0047).  Petersen teaches authenticating the user during SIM Swap processing script, if user is authenticated, update the stored IMSI in the IMSI/ICCID database with the new SIM unique identifier (0051).
4.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to BARRY W TAYLOR whose telephone number is (571)272-7509.  The examiner can normally be reached on Monday-Thursday: 7-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lester Kincaid can be reached on 571-272-7922.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/BARRY W TAYLOR/Primary Examiner, Art Unit 2646