DETAILED ACTION
This is a non-final Office action in response to communications received on 3/12/2020 and 1/25/2022.  Claims 1-8 were selected in the response filed on 1/25/2022 in response to a restriction requirement, claims 9-12 were cancelled and new claims 13-21 were added.  Claims 1-8 and 13-21 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed 3/12/2020 are acknowledged.
Preliminary Amendment
The preliminary amendment, filed 1/25/2022, is acknowledged.
Provisional/Foreign Priority
Foreign priority to 3/13/2019 is acknowledged.  

Restriction
Applicant’s selection of the group comprising claims 1-8 without traversal is acknowledged.  Accordingly, the restriction is made FINAL.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole 


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   
Claims 1, 3-8, 13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Unnerstall (US 2018/0152845).
Regarding claim 1, Unnerstall discloses the limitations substantially as follows:
A method comprising: 
receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request (paras. [0038], [0057], [0071]-[0072], [0083], Fig. 6: receiving a request to authorize/approve a mobile payment/transaction request (i.e.) by a user device, wherein determining whether to authorize/approve involves performing fraud prevention process to verify current device information transmitted with (i.e. specified by) the request including IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s); 
verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request (paras. [0038], [0060], [0062], [0083], [0091]: verifying whether the current device information transmitted with the request, including IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s), matches when compared against enrolled user token (i.e. attested group of IDs associated with electronic device) to determine whether to authenticate user device and approve transaction); and, 
having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device (paras. [0087], [0097]: based on determining user device is approved, approving the payment requests/transactions (i.e. approving requests), where the group comprising the current user device information includes IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s)).
Although Unnerstall does not explicitly disclose that the request specifies the group identifiers, one of ordinary skill in the art at the time of the invention would have found it obvious that by transmitting the group identifier simultaneously with the request, that the group identifiers would be linked with the request and specified by their close transmission in time with the request (Unnerstall, para. [0083]).
	Regarding claims 3 and 16, Unnerstall discloses the limitations of the method of claim 1 and the network device of claim 8.
Unnerstall discloses the limitations of claims 3 and 16 as follows:
	wherein the device identifier associated with the electronic device comprises at least one of: 
	an identifier associated with a trusted execution environment (TEE) provided by the electronic device; an International Mobile Equipment Identity (IMEI); and, a media access control (MAC) address (paras. [0027], [0057], [0087]: group of device current information includes IMEI).

	Regarding claims 4 and 17, Unnerstall discloses the limitations of the method of claim 1 and the network device of claim 8.
Unnerstall discloses the limitations of claims 4 and 17 as follows:
	wherein the group of IDs comprises at least one of an International Mobile Subscriber Identity (IMSI) and a Temporary Mobile Subscriber Identity (TMSI) (paras. [0024]-[0025], [0057]: device information includes IMSI).

	Regarding claims 5 and 18, Unnerstall discloses the limitations of the method of claim 1 and the network device of claim 8.
Unnerstall discloses the limitations of claims 5 and 18 as follows:
	 wherein verifying whether the at least one request for an action is an authentic request comprises: 
		looking up, in a database of associations, the group of IDs specified by the at least one request (paras. [0024], [0077]-[0078], [0083], [0097]: looking up in memory/database group of device identifiers in enrolled token transmitted simultaneously with the request (i.e. specified by request)).

	Regarding claims 6 and 19, Unnerstall discloses the limitations of the method of claim 1 and the network device of claim 8.
Unnerstall discloses the limitations of claims 6 and 19 as follows:
wherein the action in the at least one request for an action comprises setting a user selected authentication step for use in an action with user selected data (paras. [0071]-[0072], [0094]: determining whether to authorize/approve a payment transaction request (i.e. action request) comprises setting user location for use in determining whether to authorize/approve transaction requests with the location selected/confirmed by the user (i.e. user selected data)).

	Regarding claims 13 and 20, Unnerstall discloses the limitations of the method of claim 1 and the network device of claim 8.
Unnerstall discloses the limitations of claims 13 and 20 as follows:
	wherein the cryptographically attested group of IDs is signed with a device key of the electronic device or a key derived from the device key of the electronic device (paras. [0040], [0087]: the current device information including the IMSI, ICC ID, IMEI and MSISID are hashed/signed by the user device using a hash algorithm/key of the user device to generate the current user token).

	Regarding claim 8, Unnerstall discloses the limitations substantially as follows:
A network device comprising processing circuitry configured to: 
	receive at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request (paras. [0038], [0057], [0071]-[0072], [0083], Fig. 6: receiving a request to authorize/approve a mobile payment/transaction request (i.e.) by a user device, wherein determining whether to authorize/approve involves performing fraud prevention process to verify current device information transmitted with (i.e. specified by) the request including IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s); 
	verify, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request (paras. [0038], [0060], [0062], [0083], [0091]: verifying whether the current device information transmitted with the request, including IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s), matches when compared against enrolled user token (i.e. attested group of IDs associated with electronic device) to determine whether to authenticate user device and approve transaction); and, 
	approve the at least one request, having determined the at least one request for an action is an authentic request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device (paras. [0087], [0097]: based on determining user device is approved, approving the payment requests/transactions (i.e. approving requests), where the group comprising the current user device information includes IMSI 512, ICC ID 514, IMEI 516 and MSISDN 518 included in current user token (i.e. group ID’s)).
Although Unnerstall does not explicitly disclose that the request specifies the group identifiers, one of ordinary skill in the art at the time of the invention would have found it obvious that by transmitting the group identifier simultaneously with the request, that the group identifiers would be linked with the request and specified by their close transmission in time with the request (Unnerstall, para. [0083]).
Claims 2, 14-15 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Unnerstall (US 2018/0152845), as applied to claims 1 and 13, further in view of Mu (US 2016/0165435).
	Regarding claims 2 and 15, Unnerstall discloses the limitations of the method of claims 1 and the network device of claim 8.
Unnerstall does not disclose the limitations of claims 2 and 15 as follows:
	wherein verifying whether the at least one request for an action is an authentic request comprises verifying by a public key associated with a private key of the electronic device.
However, in the same field of endeavor, Mu discloses the limitations of claims 2 and 15 as follows:
	wherein verifying whether the at least one request for an action is an authentic request comprises verifying by a public key associated with a private key of the electronic device (paras. [0082]: verifying requests for generating session key and transmitting session communications involves verifying by public key associated with private key of client device).
Mu is combinable with Unnerstall because both are from the same field of endeavor of using user device information comprising the IMSI, MSISDN and ICCID to verify communications received by a server from the user device.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Mu’s method of verifying communications between the server and client device with the system of Unnerstall in order to make it more difficult for hackers to spoof client devices by requiring hackers to compromise not only the user device information but also the user device public and private key in order to intercept and decrypt requests from the user device.  

	Regarding claims 14 and 21, Unnerstall discloses the limitations of the method of claims 1 and 8 and the network device of claims 8 and 20.
Unnerstall does not disclose the limitations of claims 14 and 21 as follows:
		wherein said cryptographic verification uses a public key and wherein the device key is a private key.
However, in the same field of endeavor, Mu discloses the limitations of claims 14 and 21 as follows:
	wherein said cryptographic verification uses a public key and wherein the device key is a private key (paras. [0082]: verifying requests for generating session key and transmitting session communications involves verifying by public key associated with private key of client device).


Conclusion
For the above-stated reasons, claims 1-8 and 13-21 are rejected.
Prior art considered but not relied upon includes:
1) Raj (US 2014/0344153) disclose registering device information including IMSI; MSISDN, IMEI, which is encrypted when transmitted using a public key of the device (paras.[0077], [0146]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/SHARON S LYNCH/Primary Examiner, Art Unit 2438