Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/465,382 filed on 5/30/2019.
Claims 1-16, 18, 21, and 23-24 have been examined and are pending in this application. As per the Preliminary Amendment filed on 5/30/2019, claims 1-16, 18, 21,  and 23-24 were amended, and claims 17, 19-20, 22, and 25 were canceled.
Priority
Acknowledgment is made of Applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d) to parent Application No. PCT/EP2017/051668 filed on 01/26/2017. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/30/2019, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 1-16, 18, 21,  and 23-24 are objected to because of the following informality:
Regarding claims 1, 13, 18, and 21,   claim 1 line 5 claim 13 line 3, claim 18 line 7, claim 21 line 1 recite “AMR, node” should write “AMF node “ without the commas. 
Regarding claims 1-16, 18, 21,  and 23-24, claims 1-16, 18, 21,  and 23-24 list different reference numbers. All the reference numbers listed should be removed.  
Appropriate corrections are required.

Claim Rejections - 35 USC § 112

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 14 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 14, claim 14 line 5 recites the limitation “the MNO 400a”. The claim does not have a previous recitation of “the MNO 400a”. The claim previously introduces the elements of “a MNO” and as a result, lacks proper antecedent basis. Appropriate correction to “the MNO 400a” is required to ensure proper claim interpretation.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-4, 6-7, 13, 18, 21,  and 23-24 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Palanigounder (U.S. 2013/0305330; Hereinafter "Palanigounder").
Regarding claim 1, Palanigounder teaches a method for attachment of a wireless device (remote credential management capable device 202) to a mobile network operator, MNO (access network 104), the method being performed by the wireless device, the method comprising (Para [0048], [0083], Figure 2 and 6): providing an authorization token (message 652) to an access and mobility management function, AMF, node of the MNO in conjunction with authenticating with the AMF node (Para [0084- 0087] “the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); and
([0086], [0088],[0093] “The access network 104 may allow the RCM
capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”, “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).
Regarding claim 2, Palanigounder teaches wherein the authorization token comprises information identifying a service provider having a service license agreement with the MNO and information identifying the wireless device (Para [0067], [0084-0085], “The message 652 may include device vendor information such as a unique device identifier, device class identifier, or the like. One example of a unique device identifier is the international mobile equipment identifier (IMEI) Another example of a unique device identifier is a mobile equipment identifier (MEID).”, “The bootstrap information may generally refer to information provided by a module/device vendor. The information may be installed in the module/device for accessing a wireless network. The bootstrap information may be based on network operator requirements. For example, one network operator may bootstrap based on the international mobile equipment identifier (IMEI) and a certificate or a private/public key pair associated with the IMEI while another network operator may bootstrap based on the IMEI, a certificate or private/public key pair(s) associated with the IMEI, and a service provider identifier.”).
	Regarding claim 3, Palanigounder teaches wherein the authorization token (message 652) comprises information identifying which service the wireless device is authorized for (Para [0085] “The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service).
Regarding claim 4, Palanigounder teaches wherein the service involves the wireless device to access to the MNO only for download of operational subscription credentials ([0076] [0086] “the device may detach from the network. Because the device was previously attached in a provisioning only mode, the network resources available to the device may have been limited to only provisioning credentials services. The network may include IP filters to limit data traffic, for example. At block 418, the device may attach to the network using the provided credentials.”).
Regarding claim 6, Palanigounder teaches wherein the authorization token (message 652) is provided in an attach request message or a registration request message or during authentication signaling (Para[0085] “. The message 652 may be an attach request for provisioning service.”).
Regarding claim 7, Palanigounder teaches wherein completing attachment to the MNO comprises: obtaining information about a provisioning server from the AMF node, from which provisioning server operational subscription credentials are downloadable to the wireless device (Para[0090-0093] “The RCM capable device 202 may now communicate with the RCM server 210. Message 660 may be transmitted between the RCM capable device 202 and the RCM server 210 to provision the subscription credentials for the RCM capable device 202. In some implementations, the RCM capable device 202 may be associated with a valid credential…. The message 652 may be an attach request for provisioning service.”).
Regarding claim 13, Palanigounder teaches a method for attachment of a wireless device (remote credential management capable device 202) to a mobile network operator, MNO, the method being performed by an access and mobility management function, AMF, node of the MNO (access network 104), the method comprising (Para [0011], [0048], [0083], mobile network operator, Figure 2 and 6): obtaining an authorization token (message 652) from the wireless device in conjunction with the wireless device authenticating with the AMF node(Para [0084- 0087] “the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); and
[0086], [0088] figure 6“The access network 104 may allow the RCM capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”);
allowing the wireless device to complete attachment to the MNO upon successful validation of the authorization token ([0093]figure 6 “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).
Regarding claim 18, , Palanigounder teaches a wireless device (RCM capable device 202) for attachment to a mobile network operator, MNO, the wireless device comprising: processing circuitry ( para [0049], [0064] figure 2 and 3, “The credential management device 302 may also include a remote credential manager 324. When the credential management device 302 is implemented as a remote credential management capable device 202 (e.g., a STA), the remote credential manager 324 may include one or more circuits configured to generate a provisioning attachment request)”; and
(access network 104) in conjunction with authenticating with the AMF node (Para [0014, [0084- 0087] figure 2 and 6“the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); and 
complete attachment to the MNO upon successful validation of the authorization token by the AMF node ([0086], [0088],[0093] “The access network 104 may allow the RCM capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”, “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).
Regarding claim 21, Palanigounder teaches an access and mobility management function, AMF, node for attachment of a wireless device (the RCM capable device 202) to a mobile network operator, MNO, the AMF node comprising: processing circuitry( para [0049], [0064] figure 2 and 3, “The credential management device 302 may also include a remote credential manager 324. When the credential management device 302 is implemented as a remote credential management capable device 202 (e.g., a STA), the remote credential manager 324 may include one or more circuits configured to generate a provisioning attachment request)”; and 
a storage medium storing instructions that, when executed by the processing circuitry, cause the AMF node to: obtain an authorization token from the wireless device in conjunction with the wireless device authenticating with the AMF node (Para [0014], [0084- 0087]figure 2 and 6 “the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); 
validate the authorization token in order to verify access authorization of the wireless device ([0086], [0088] figure 6“The access network 104 may allow the RCM capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”); and
allow the wireless device to complete attachment to the MNO upon successful validation of the authorization token ([0093]figure 6 “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).
Regarding claim 23,  Palanigounder teaches a computer program product for attachment of a wireless device to a mobile network operator, MNO, the computer program product comprising a non-transitory computer readable medium storing computer code which, when run (Para [0048], [0083], mobile network operator (access network 104), Figure 6):provide an authorization token (message 652) to an access and mobility management function, AMF, node of the MNO in conjunction with authenticating with the AMF node (Para [0084- 0087] figure 2 and 6“the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); and 
complete attachment to the MNO upon successful validation of the authorization token by the AMF node([0086], [0088],[0093] “The access network 104 may allow the RCM
capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”, “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).
Regarding claim 24, Palanigounder teaches a computer program product for attachment of a wireless device to a mobile network operator, MNO, the computer program product comprising a non-transitory computer readable medium storing computer code which, when run on processing circuitry of an access and mobility management function, AMF, node, causes the AMF node to: obtain an authorization token from the wireless device in conjunction with the wireless device authenticating with the AMF node(Para[0058], [0064,[0084- 0087] figure 2 and 6“the RCM capable device 202 may transmit a message 652 to the access network 104. The message 652 may be an attach request for provisioning service. The attach request may be associated with a type. The message 652 may include an attach request of type associated with provisioning service. As one example, the attach request may include an information element including a value indicating the attach request is of a type associated with provisioning service.”, “device authentication may be performed via authentication message 654. It should be noted that the authentication message 654 is to authenticate the device, not a subscription, as the device has not yet been provisioned with service information. The authentication message 654 may include transmitting the IMEI as well as the IMEI certificate information associated with the RCM capable device 202 to an authenticator 604. In some implementations the authenticator 604 may be a serving general packet radio service support node (SGSN) or a mobility management entity (MME).”); 
validate the authorization token in order to verify access authorization of the wireless device ([0086], [0088] figure 6“The access network 104 may allow the RCM capable device 202 onto the network. For example, the access network 104, may determine that the message 652 is a provisioning type attach request”, “As shown in FIG. 6 however, the authentication is successful. Message 658 between the authenticator 604 and the IP access gateway 606 may be transmitted. Examples of the IP access gateway 606 include a gateway general support node, gateway general packet radio service node, or packet data network gateway.”); and 
allow the wireless device to complete attachment to the MNO upon successful validation of the authorization token (,[0093] “the RCM capable device 202 may now have a valid subscription credential and any additional management or activation information needed to access the network. Message 666 may be transmitted between the RCM capable device 202 and the access network 104 to detach the RCM capable device 202. Although not shown, the detach may also cause the IP session created by message 658 to close. Message 668 may be transmitted to attach the RCM capable device 202 the network using the provisioned subscription credentials.” ).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Palanigounder (U.S. 2013/0305330 A1; Hereinafter "Palanigounder") in view of Leicher et al. (U.S. 9774581B2; Hereinafter "Leicher") 
Regarding claim 5,  Palanigounder teaches the independent claim 1. 
	Palanigounder does not explicitly teach wherein the authorization token is signed by the service provider of the MNO.
However, in an analogous art, Leicher teaches wherein the authorization token is signed by the service provider of the MNO (Column 5 line [52-56] “the local OP may create an ID token and may sign the token, such as by using the private key for example. The URL of the certificate may be put in the x5u field of the JWS header of the token. The local OP may create an access token and may apply a signature to it.”). 
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Leicher into the method of Palanigounder to include wherein the authorization token is signed by the service provider of the MNO because it will provide entity authentication assurance level of the authentication performed (Leicher: Column 9 line 18-20);
Regarding claim 14, Palanigounder teaches the independent claim 13. 
	Palanigounder does not explicitly teach wherein the authorization token comprises information identifying a service provider of the MNO and the wireless device , or the MNO and a security domain contained in the wireless device, wherein the authorization token is signed by the service provider, and wherein the MNO 400a of the AMF node has a service agreement with the service provider.
(Column14 line [41-47] “the local OP may know secrets to create the token signature. In an example embodiment, HMAC signatures may be used. For example, the local OP may have access to a list comprising client secrets for services. The list, for example, may be maintained, updated, and/or managed by the MNO (e.g., using OTA channels)”). 
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Leicher into the method of Palanigounder to include wherein the authorization token comprises information identifying a service provider of the MNO and the wireless device, or the MNO and a security domain contained in the wireless device, wherein the authorization token is signed by the service provider, and wherein the MNO 400a of the AMF node has a service agreement with the service provider because it will add more layer of protection from potential fraud and misuse , and provide entity authentication assurance level of the authentication performed (Leicher: Column 9 line 18-20);
Regarding claim 15, Palanigounder in view of Leicher teaches the dependent claim 14. Leicher teaches wherein the AMF node has access to a public key of the service provider, and wherein validating the authorization token comprises: validating, using the public key, that the authorization token is signed by the service provider ( Leicher: Column “the service provider may request the public key and/or certificate from the URL such as the URL provided in the x5u parameter in the header of the token for example. In an example embodiment, the service provider may contact the check ID endpoint of the OP with the ID Token (e.g., for a token verification request). This communication may be protected by the use of the client secret, for example, which may be shared between the service provider and the OP. The check ID endpoint may verify that the token was issued by an authorized local OP instance, for example, by checking the signature from the token header such as by using the public key as provided in the x5u parameter of the header.”)
Regarding claim 16, Palanigounder in view of Leicher teaches the dependent claim 14. Leicher teaches wherein validating the authorization token comprises: verifying that the wireless device from which the authorization token was obtained is identical to the wireless device identified by the information in the authorization token, or is known by the AMF node to contain a security domain identified by information in the authorization token. (Leicher :Column 15 line 37-50“The service provider 802 may verify the token, such as the ID token for example, at 820. In an example embodiment, the service provider 802 may check the signature on the ID token to verify that the token is valid. The key material for verification may have been received by the service provider 802 in the discovery process, such as in the JSON Web Key URL parameter for example. After the service provider 802 validates the ID token signature, the service provider 802 may check fields that are encoded in the ID token to further validate the ID token. For example, the ‘iss’ (issuer) field may include the unique identifier of the token issuer, such as the unique identifier of the IdP that the SP discovered from the user provided identifier. The ‘aud’ (audience) field may identify the audience to which the token is intended.”).
Claims 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over Palanigounder (U.S. 2013/0305330 A1; Hereinafter "Palanigounder") in view of Griot et al (U.S. 2015/0281966 Al; Hereinafter "Griot") 
Regarding claim 8, Palanigounder teaches the independent claim 1.
Palanigounder fails to teach obtaining a further authorization token in conjunction with authenticating with the AMF node; providing the further authorization token to a provisioning server, from which operational subscription credentials are downloadable to the wireless device; and downloading the operational subscription credentials upon successful validation of the further authorization token by the provisioning server.
In an analogous art, Griot et al. teaches further comprising: obtaining a further authorization token (in conjunction with authenticating with the AMF node (Para [0053], [0104]-[0105], [0119], “communicating credentials from the provisioning server to the UE over one or more data bearers established for the UE. Thus, network communicating component 816 can communicate the credentials from the provisioning server ( e.g., credential provisioning server 802) to the UE ( e.g., UE 106) over the one or more data bearers established for the UE that may be related to the packet data context.”);
providing the further authorization token to a provisioning server, from which operational subscription credentials are downloadable to the wireless device (Para [0106], [0120] “communicating the credentials for the UE to one or more network components as well. In this example, network communicating component 816 can communicate the credentials for the UE (e.g., UE 106) to the one or more network components. For example, the one or more network components may include an AAA server, a HSS, etc. (not shown) for updating such that the AAA server, HSS, etc. can subsequently authenticate a connection request from the UE 106; and
downloading the operational subscription credentials upon successful validation of the further authorization token by the provisioning server ([0108-011] “At 1210, once the UE 106 is attached to the SGW/PG W 110 and thus has one or more data bearers with eNB 108
forcommunicatingwithMME112, SGW/PGWll0, etc., UE 106 initiates the Subscription selection and credentials provisioning with the OSU Server 130, which may occur over secure mechanism, such as HTTPS, OMA DM SOAP XML, etc. Upon successful provisioning of the UE 106, the OSU server 130 may update other network nodes about this new subscription information ( e.g., AAA 122 in a hotspot deployment, an HSS in an offload deployment, etc.) at 1212.”).
	Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Griot into the method of Palanigounder to include obtaining a further authorization token in conjunction with authenticating with the AMF node; providing the further authorization token to a provisioning server, from which operational subscription credentials are downloadable to the wireless device; and downloading the operational subscription credentials upon successful validation of the further authorization token by the provisioning server because it will limit external access for the device to the provisioning server. (Griot: para [0015]).
Regarding claim 9, Palanigounder in view of Griot teaches the dependent claim 8. Griot teaches wherein the further authorization token comprises information identifying the MNO and the wireless device (Griot: Para [0043] “For example, credentials can relate parameters managed by a network to control access to the network for one or more UEs. For example, credentials can include an identifier of the UE ( e.g., international mobile subscriber identity (IMSI), security root key (Ki) or other USIM credentials), username/password pairs, and/or similar credentials that present a UE with a challenge to access the network.”). 
Regarding claim 10, Palanigounder in view of Griot teaches the dependent claim 8. Griot teaches wherein the further authorization token comprises information identifying which service the wireless device is authorized for (Griot: Para [ 0110]“ The message may also include the service provider from which provisioning is allowed, and/or specific information about the allowed provisioning server(s), e.g., DNS name, internet protocol (IP) address, etc..”).
Regarding claim 11, Palanigounder in view of Griot teaches the dependent claim 8. Griot teaches wherein the service defines which type of network operational profile the wireless device is authorized to download from the provisioning server (Para [ 0110]“ The message may also include the service provider from which provisioning is allowed, and/or specific information about the allowed provisioning server(s), e.g., DNS name, internet protocol (IP) address, etc..”).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Palanigounder (U.S. 2013/0305330 A1; Hereinafter "Palanigounder") in view of Griot et al (U.S. 2015/0281966 Al; Hereinafter "Griot"), and further in view of Leicher et al. (U.S. 9774581B2; Hereinafter "Leicher")
Regarding claim 12, Palanigounder in view of Griot teaches the independent claim 8. 
	Palanigounder in view of Griot does not explicitly teach wherein the further authorization token is signed by the MNO.
However, in an analogous art, Leicher teaches wherein the further authorization token is signed by the MNO (Column 5 line [52-56] “the local OP may create an ID token and may sign the token, such as by using the private key for example. The URL of the certificate may be put in the x5u field of the JWS header of the token. The local OP may create an access token and may apply a signature to it.”). 
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Leicher into the modified method of Palanigounder to include wherein the further authorization token is signed 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 US-9137656 B2, System and Method for Remote Provisioning of Embedded Universal Integrated Circuit Card.
US-10439823 B2, Technique for Managing Profile In Communication System. 
US- 8407769 B2, Methods and Apparatus for Wireless Device Registration
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 



/L.L.N./Examiner, Art Unit 2437   

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437