Telewor: 6:45a-9:00a-----DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-11, 21-29 are pending.  Claims 12-20 are cancelled.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao et al (PGPUB 2019/0364415), and further in view of Park et al (PGPUB 2018/0070224).

Regarding Claim 1:
Gao teaches a method comprising: 
by an embedded universal integrated circuit card (eUICC) in a device (paragraph 140, terminal including LPA and eUICC): 
receiving, from a provisioning server via the device, a message generated by the provisioning server, the message including a profile content package for updating a profile present on the eUICC (paragraph 139, SM-DP+ generates and/or encrypts subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal; LPA verifies policy rules carried in the subscription profile, i.e. metadata; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”), wherein: 
i) the message includes metadata provided by the provisioning server (paragraph 155, 266, LPA sends subscription profile to eUICC; paragraph 147, 264, subscription profile includes metadata, and the metadata includes a policy rule; “a policy rule in a subscription profile (or profile)" is a policy rule in metadata included in the subscription profile; policy rules carried in subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal), and 
ii) a source of the profile content package is a mobile network operator (MNO) server operated by an MNO and separate from the provisioning server (paragraph 189, 226, 229, generally, the SM-DP+ may receive the EID (the second EID) of the terminal, an authorization file, signature information, and the like provided by an MNO, and then respond to a request of the MNO to generate a profile for the EID; applicable-operator information is MNO ID; subscription profile from MNO, with provided EID; paragraph 137-139, Fig. 1, Operator shown as separate entity from provisioning server SM-DP+); 
performing a verification of the message based on the metadata (paragraph 135, LPA and the eUICC sequentially verify, based on applicable-operator information, applicable-condition information, and forbidden-region information of each policy rule recorded in the RAT, whether the policy rule in a downloaded subscription profile is allowed, in other words, verify whether the subscription profile can be installed; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 156, 267, eUICC determines, based on authorization file, whether use of subscription profile is allowed; paragraph 158, 267, eUICC verifies policy rule in metadata); 
(paragraph 135, verification of subscription profile; paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile): 
installing first data to update the profile present on the eUICC, wherein the profile content package includes the first data (paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”; paragraph 268, subscription profile is installed); and 
when the verification is not successful (paragraph 135, verification of subscription profile; paragraph 8, eUICC determines that use of subscription profile is not allowed): 
discarding the profile content package (paragraph 8, if eUICC determines that use of subscription profile is not allowed, eUICC discards the subscription profile).
Gao does not explicitly teach wherein:
the MNO server generates the profile content package, and
the provisioning server has a trust relationship with the MNO and with at least one other MNO.
However, Park teaches the concept wherein an MNO server generates the profile content package (abstract, receiving profile from SM-DP+ system; paragraph 93, MNO system orders SM-DP+ to prepare profile package for specific eUICC, and transfers the profile package to the SM-DP+; i.e. profile package originates from MNO system), and
a provisioning server has a trust relationship with the MNO and with at least one other MNO (paragraph 74, SM-DP+ is “Profile Provider”; paragraph 99, Fig. 2, plurality of MNO systems, e.g. MNO1 and MNO2 linked to Profile Provider, e.g. Profile Provider 1, as per Fig. 2; paragraph 88, SM-DP+ performs certificate=based authority verification operation; certificate represents business entity such as MNO).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO profile and multiple MNOs per provisioning server teachings of Park with the eUICC profile package verification teachings of Gao, with the benefit of allowing an end terminal eUICC to interact with multiple MNOs through a single point of service, thereby improving efficiency and increasing user choice, while maintaining security by allowing the MNO to control the content of the profile and ensure trust is maintained through use of certificate authentication.

Regarding Claim 21:
Gao teaches an embedded universal integrated circuit card (eUICC) configured in a device (paragraph 140, terminal including LPA and eUICC), the eUICC including a processor and instructions that, when executed by the processor, cause the eUICC to perform steps that include (paragraph 315-316, eUICC configured to perform processing steps using stored programs): 
receiving, from a provisioning server via the device, a message generated by the provisioning server, the message including a profile content package for updating a profile present on the eUICC (paragraph 139, SM-DP+ generates and/or encrypts subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal; LPA verifies policy rules carried in the subscription profile, i.e. metadata; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”), wherein: 
i) the message includes metadata (paragraph 155, 266, LPA sends subscription profile to eUICC; paragraph 147, 264, subscription profile includes metadata, and the metadata includes a policy rule; “a policy rule in a subscription profile (or profile)" is a policy rule in metadata included in the subscription profile; policy rules carried in subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal), and
ii) a source of the profile content package is a mobile network operator (MNO) server operated by an MNO and separate from the provisioning server (paragraph 189, 226, 229, generally, the SM-DP+ may receive the EID (the second EID) of the terminal, an authorization file, signature information, and the like provided by an MNO, and then respond to a request of the MNO to generate a profile for the EID; applicable-operator information is MNO ID; subscription profile from MNO, with provided EID; paragraph 137-139, Fig. 1, Operator shown as separate entity from provisioning server SM-DP+); 
performing a verification of the message based on the metadata (paragraph 135, LPA and the eUICC sequentially verify, based on applicable-operator information, applicable-condition information, and forbidden-region information of each policy rule recorded in the RAT, whether the policy rule in a downloaded subscription profile is allowed, in other words, verify whether the subscription profile can be installed; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 156, 267, eUICC determines, based on authorization file, whether use of subscription profile is allowed; paragraph 158, 267, eUICC verifies policy rule in metadata); 
when the verification is successful (paragraph 135, verification of subscription profile; paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile):
installing first data to update the profile present on the eUICC, wherein the profile content package includes the first data (paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”; paragraph 268, subscription profile is installed); and
when the verification is not successful (paragraph 135, verification of subscription profile; paragraph 8, eUICC determines that use of subscription profile is not allowed): 
discarding the profile content package (paragraph 8, if eUICC determines that use of subscription profile is not allowed, eUICC discards the subscription profile).
Gao does not explicitly teach wherein:
the MNO server generates the profile content package, and
the provisioning server has a trust relationship with the MNO and with at least one other MNO.
However, Park teaches the concept wherein an MNO server generates the profile content package (abstract, receiving profile from SM-DP+ system; paragraph 93, MNO system orders SM-DP+ to prepare profile package for specific eUICC, and transfers the profile package to the SM-DP+; i.e. profile package originates from MNO system), and
a provisioning server has a trust relationship with the MNO and with at least one other MNO (paragraph 74, SM-DP+ is “Profile Provider”; paragraph 99, Fig. 2, plurality of MNO systems, e.g. MNO1 and MNO2 linked to Profile Provider, e.g. Profile Provider 1, as per Fig. 2; paragraph 88, SM-DP+ performs certificate=based authority verification operation; certificate represents business entity such as MNO).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO profile and multiple MNOs per provisioning server teachings of Park with the eUICC profile package verification teachings of Gao, with the benefit of allowing an end terminal eUICC to interact with multiple MNOs through a single point of service, thereby improving efficiency and increasing user choice, while maintaining security by allowing the MNO to control the content of the profile and ensure trust is maintained through use of certificate authentication.

Claims 2, 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park, and further in view of Chastain et al (PGPUB 2014/0143534).

Regarding Claim 2:
Gao in view of Park teaches the method of claim 1.
Neither Gao nor Park explicitly teaches wherein the profile content package includes an over-the-air (OTA) script.
However, Chastain teaches the concept wherein a profile content package includes an over-the-air (OTA) script (abstract, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card; paragraph 16, UICC may be eUICC; paragraph 12, system generates package comprising encrypted script; paragraph 37, system generates script encrypted with application key and instructs OTA system to generate encrypted package which is sent to device UICC for processing).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA script teachings of Chastain with the eUICC profile package verification teachings of Gao in view of Park, in order to utilize standardized industry features such as Over-the-Air profile package delivery, thereby improving network access by allowing provider profile updates to be delivered remotely, and avoiding a need for direct connection to the network in order to provide updates.

Regarding Claim 22:
Gao in view of Park teaches the eUICC of claim 21.

However, Chastain teaches the concept wherein a profile content package includes an over-the-air (OTA) script (abstract, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card; paragraph 16, UICC may be eUICC; paragraph 12, system generates package comprising encrypted script; paragraph 37, system generates script encrypted with application key and instructs OTA system to generate encrypted package which is sent to device UICC for processing).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA script teachings of Chastain with the eUICC profile package verification teachings of Gao in view of Park, in order to utilize standardized industry features such as Over-the-Air profile package delivery, thereby improving network access by allowing provider profile updates to be delivered remotely, and avoiding a need for direct connection to the network in order to provide updates.

Claims 3-4, 23, 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park, and further in view of Yang et al (PGPUB 2015/0341791).

Regarding Claim 3:
Gao in view of Park teaches the method of claim 1.
Neither Gao nor Park explicitly teaches wherein the profile content package includes an electronic subscriber identity module (eSIM) component.
However, Yang teaches the concept wherein a profile content package includes an electronic subscriber identity module (eSIM) component (abstract, method for preparing eSIM for provisioning; paragraph 30, provisioning server configured to provision an eSIM to an eUICC via network, using OTA techniques).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the eSIM component teachings of Yang with the eUICC profile package verification teachings of Gao in view of Park, in order to provide a means of allowing providers to provision end user devices with subscriber identity data using remote profile updates, which would enable more efficient network access control by means of software instead of swapping hardware modules.

Regarding Claim 4:
Gao in view of Park and Yang teaches the method of claim 3.  In addition, Yang teaches wherein the eSIM component follows an eSIM format template (paragraph 30, provisioned eSIM generated and formatted in accordance with eSIM delivery embodiments; EXAMINER’S NOTE: without further details regarding the type of format, any element characterized as an eSIM must therefore have an eSIM format).
The rationale to combine Gao and Yang is the same as provided for claim 3 due to the overlapping subject matter between claims 3 and 4.

Regarding Claim 23:
Gao in view of Park teaches the eUICC of claim 21.
Neither Gao nor Park explicitly teaches wherein: the profile content package includes an electronic subscriber identity module (eSIM) component; and the eSIM component follows an eSIM format template.
(abstract, method for preparing eSIM for provisioning; paragraph 30, provisioning server configured to provision an eSIM to an eUICC via network, using OTA techniques); and
the eSIM component follows an eSIM format template (paragraph 30, provisioned eSIM generated and formatted in accordance with eSIM delivery embodiments; EXAMINER’S NOTE: without further details regarding the type of format, any element characterized as an eSIM must therefore have an eSIM format).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the eSIM component teachings of Yang with the eUICC profile package verification teachings of Gao in view of Park, in order to provide a means of allowing providers to provision end user devices with subscriber identity data using remote profile updates, which would enable more efficient network access control by means of software instead of swapping hardware modules.

Regarding Claim 29:
Gao teaches a device comprising: 
an embedded universal integrated circuit card (eUICC) (paragraph 140, terminal including LPA and eUICC), the eUICC including a processor and instructions that, when executed by the processor, cause the eUICC to perform steps that include (paragraph 315-316, eUICC configured to perform processing steps using stored programs): 
receiving, from a provisioning server via the device, a message generated by the provisioning server, the message including a profile content package for updating a profile present on the eUICC, wherein ((paragraph 139, SM-DP+ generates and/or encrypts subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal; LPA verifies policy rules carried in the subscription profile, i.e. metadata; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”): 
i) the message includes metadata (paragraph 155, 266, LPA sends subscription profile to eUICC; paragraph 147, 264, subscription profile includes metadata, and the metadata includes a policy rule; “a policy rule in a subscription profile (or profile)" is a policy rule in metadata included in the subscription profile; policy rules carried in subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal), and 
ii) a source of the profile content package is a mobile network operator (MNO) server operated by an MNO and separate from the provisioning server (paragraph 189, 226, 229, generally, the SM-DP+ may receive the EID (the second EID) of the terminal, an authorization file, signature information, and the like provided by an MNO, and then respond to a request of the MNO to generate a profile for the EID; applicable-operator information is MNO ID; subscription profile from MNO, with provided EID; paragraph 137-139, Fig. 1, Operator shown as separate entity from provisioning server SM-DP+); 
performing a verification of the message based on the metadata (paragraph 135, LPA and the eUICC sequentially verify, based on applicable-operator information, applicable-condition information, and forbidden-region information of each policy rule recorded in the RAT, whether the policy rule in a downloaded subscription profile is allowed, in other words, verify whether the subscription profile can be installed; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal; paragraph 156, 267, eUICC determines, based on authorization file, whether use of subscription profile is allowed; paragraph 158, 267, eUICC verifies policy rule in metadata); 
(paragraph 135, verification of subscription profile; paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile): 
installing first data to update the profile present on the eUICC, wherein the profile content package includes the first data (paragraph 157, 268, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile; paragraph 263-264, SM-DP+ delivers profile to LPA, including policy rules (i.e. metadata); paragraph 257, installed subscription profile is deleted and replaced, which can be seen as “updating a profile present on the eUICC”; paragraph 268, subscription profile is installed); and 
when the verification is not successful (paragraph 135, verification of subscription profile; paragraph 8, eUICC determines that use of subscription profile is not allowed): 
discarding the profile content package (paragraph 8, if eUICC determines that use of subscription profile is not allowed, eUICC discards the subscription profile).
Gao does not explicitly teach wherein:
the MNO server generates the profile content package, and
the provisioning server has a trust relationship with the MNO and with at least one other MNO.
However, Park teaches the concept wherein an MNO server generates the profile content package (abstract, receiving profile from SM-DP+ system; paragraph 93, MNO system orders SM-DP+ to prepare profile package for specific eUICC, and transfers the profile package to the SM-DP+; i.e. profile package originates from MNO system), and
a provisioning server has a trust relationship with the MNO and with at least one other MNO (paragraph 74, SM-DP+ is “Profile Provider”; paragraph 99, Fig. 2, plurality of MNO systems, e.g. MNO1 and MNO2 linked to Profile Provider, e.g. Profile Provider 1, as per Fig. 2; paragraph 88, SM-DP+ performs certificate=based authority verification operation; certificate represents business entity such as MNO).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO profile and multiple MNOs per provisioning server teachings of Park with the eUICC profile package verification teachings of Gao, with the benefit of allowing an end terminal eUICC to interact with multiple MNOs through a single point of service, thereby improving efficiency and increasing user choice, while maintaining security by allowing the MNO to control the content of the profile and ensure trust is maintained through use of certificate authentication.
Neither Gao nor Park explicitly teaches wireless circuitry comprising one or more antennas; and
the eUICC communicatively coupled to the wireless circuitry.
However, Yang teaches the concept of wireless circuitry comprising one or more antennas (abstract, method for preparing an eSIM for provisioning; paragraph 38, apparatus includes communication interface comprising one or multiple antennas and supporting hardware or software for enabling wireless communication with a wireless network); and
an eUICC communicatively coupled to the wireless circuitry (paragraph 38, communication interface configured to support communication with eUICC).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the wireless network teachings of Yang with the eUICC profile package verification teachings of Gao in view of Park, in order to provide access to a well-known, highly-popular communication medium for a provider to be able to remotely provision profile packages to end user devices, thereby eliminating the need for direct wired connection to the provisioning network.

Claims 5, 7, 9, 24, 26-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park, and further in view of Park et al (PGPUB 2018/0131699), hereinafter Park 2.

Regarding Claim 5:
Gao in view of Park teaches the method of claim 1.
Neither Gao nor Park explicitly teaches wherein the metadata includes an integrated circuit card identifier (ICCID) identifying the profile to be updated, an eSIM owner identifier identifying the MNO, and a signature generated by the provisioning server.
However, Park 2 teaches the concept wherein metadata includes an integrated circuit card identifier (ICCID) identifying the profile to be updated, an eSIM owner identifier identifying the MNO, and a signature generated by the provisioning server (paragraph 31, downloaded SIM module, i.e. “eSIM”; paragraph 83, profile information is profile metadata, including information regarding ICCID and communication carrier name (i.e. eSIM owner identifier); SM-DP+ calculates signature for data including profile information and transmits signature and profile information to terminal).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the signature and profile information verification teachings of Park 2 with the eUICC profile package verification teachings of Gao in view of Park, in order to improve the security environment by incorporating well-known identifier and public key signature generation and verification techniques, thereby allowing the receiver to determine whether a received profile package was generated by a legitimate provider for an authorized recipient, or was potentially generated by a malicious attacker.

Regarding Claim 7:
Gao in view of Park and Park 2 teaches the method of claim 5.  In addition, Park 2 teaches wherein the signature is a DPpb signature output by a profile binding function of the provisioning server (paragraph 252-257, SM-DP+ calculates DP bound package signature over data and generates bound profile package including signature; eUICC receives and verifies DP signature).
The rationale to combine Gao and Park 2 is the same as provided for claim 5 due to the overlapping subject matter between claims 5 and 7.

Regarding Claim 9:
Gao in view of Park and Park 2 teaches the method of claim 5.  In addition, Park 2 teaches wherein the performing the verification further comprises verifying the signature by performing a PKI decryption algorithm on the signature using a public key of the provisioning server (paragraph 252-257, SM-DP+ calculates DP bound package signature over data and generates bound profile package including signature; eUICC receives and verifies DP signature using public key of DP signing certificate).
The rationale to combine Gao and Park 2 is the same as provided for claim 5 due to the overlapping subject matter between claims 5 and 9.

Regarding Claim 24:
Gao in view of Park teaches the eUICC of claim 21.
Neither Gao nor Park explicitly teaches wherein the metadata includes an integrated circuit card identifier (ICCID) identifying the profile to be updated, an eSIM owner identifier identifying the MNO, and a signature generated by the provisioning server.
However, Park 2 teaches the concept wherein metadata includes an integrated circuit card identifier (ICCID) identifying the profile to be updated, an eSIM owner identifier identifying the MNO, and a signature generated by the provisioning server (paragraph 31, downloaded SIM module, i.e. “eSIM”; paragraph 83, profile information is profile metadata, including information regarding ICCID and communication carrier name (i.e. eSIM owner identifier); SM-DP+ calculates signature for data including profile information and transmits signature and profile information to terminal).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the signature and profile information verification teachings of Park 2 with the eUICC profile package verification teachings of Gao, in order to improve the security environment by incorporating well-known identifier and public key signature generation and verification techniques, thereby allowing the receiver to determine whether a received profile package was generated by a legitimate provider for an authorized recipient, or was potentially generated by a malicious attacker.

Regarding Claim 26:
Gao in view of Park and Park 2 teaches the eUICC of claim 24.  In addition, Park 2 teaches wherein the signature is a DPpb signature output by a profile binding function of the provisioning server (paragraph 252-257, SM-DP+ calculates DP bound package signature over data and generates bound profile package including signature; eUICC receives and verifies DP signature).
The rationale to combine Gao and Park 2 is the same as provided for claim 24 due to the overlapping subject matter between claims 24 and 26.

Regarding Claim 27:
Gao in view of Park and Park 2 teaches the eUICC of claim 24.  In addition, Park 2 teaches wherein the performing the verification further comprises verifying the signature by performing a PKI decryption algorithm on the signature using a public key of the provisioning server (paragraph 252-257, SM-DP+ calculates DP bound package signature over data and generates bound profile package including signature; eUICC receives and verifies DP signature using public key of DP signing certificate).
.

Claims 6, 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park and Park 2, and further in view of Gao (PGPUB 2019/0373448), hereinafter Gao 2.

Regarding Claim 6:
Gao in view of Park and Park 2 teaches the method of claim 5.
Neither Gao nor Park nor Park 2 explicitly teaches wherein the performing the verification further comprises: determining a second eSIM owner identifier corresponding to the ICCID and identifying a particular MNO associated with the profile identified by the ICCID; and 
comparing the eSIM owner identifier identifying the MNO with the second eSIM owner identifier identifying the particular MNO associated with the ICCID to determine whether the particular MNO matches the MNO.
However, Gao 2 teaches the concept wherein performing a verification comprises: determining a second eSIM owner identifier corresponding to an ICCID and identifying a particular MNO associated with a profile identified by the ICCID (paragraph 236-237, eUICC1 receives certificate of MNO APP and calculates hash of certificate based on hash algorithm; this can be seen as an eSIM owner identifier, as the certificate and hash identifies the MNO); and 
comparing an eSIM owner identifier identifying an MNO with the second eSIM owner identifier identifying the particular MNO associated with the ICCID to determine whether the particular MNO matches the MNO (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC; eUICC calculates hash value of certificate (i.e. second SIM owner identifier corresponding to ICCID); eUICC determines whether calculated hash is the same as value in profile metadata (i.e. first eSIM owner identifier)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO certificate teachings of Gao 2 with the eUICC profile package verification teachings of Gao in view of Park and Park 2, in order to further improve security by performing a PKI signature verification of the MNO itself as well as the server which provides the profile update.

Regarding Claim 25:
Gao in view of Park and Park 2 teaches the eUICC of claim 24.
Neither Gao nor Park nor Park 2 explicitly teaches wherein the performing the verification further comprises: determining a second eSIM owner identifier corresponding to the ICCID and identifying a particular MNO associated with the profile identified by the ICCID; and 
comparing the eSIM owner identifier identifying the MNO with the second eSIM owner identifier identifying the particular MNO associated with the ICCID to determine whether the particular MNO matches the MNO.
However, Gao 2 teaches the concept wherein performing a verification comprises: determining a second eSIM owner identifier corresponding to an ICCID and identifying a particular MNO associated with a profile identified by the ICCID (paragraph 236-237, eUICC1 receives certificate of MNO APP and calculates hash of certificate based on hash algorithm; this can be seen as an eSIM owner identifier, as the certificate and hash identifies the MNO); and 
comparing an eSIM owner identifier identifying an MNO with the second eSIM owner identifier identifying the particular MNO associated with the ICCID to determine whether the particular MNO  (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC; eUICC calculates hash value of certificate (i.e. second SIM owner identifier corresponding to ICCID); eUICC determines whether calculated hash is the same as value in profile metadata (i.e. first eSIM owner)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO certificate teachings of Gao 2 with the eUICC profile package verification teachings of Gao in view of Park and Park 2, in order to further improve security by performing a PKI signature verification of the MNO itself as well as the server which provides the profile update.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park and Park 2, and further in view of Lee et al (PGPUB 2017/0142121).

Regarding Claim 8:
Gao in view of Park and Park 2 teaches the method of claim 5.
Neither Gao nor Park nor Park 2 explicitly teaches wherein the installing comprises identifying the profile on the eUICC identified by the ICCID.
However, Lee teaches the concept wherein installing comprises identifying a profile on an eUICC identified by an ICCID (abstract, method for downloading profile on eUICC; paragraph 59, “profile ID” used interchangeably with “ICCID” in disclosure; paragraph 112, eUICC generates report authenticating completion of storing encrypted profile including eUICC identifier and profile ID (e.g. ICCID)).
.

Claims 10, 11, 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Park, and further in view of Gao 2.

Regarding Claim 10:
Gao in view of Park teaches the method of claim 1.
Neither Gao nor Park explicitly teaches wherein the message includes a public key infrastructure (PKI) certificate of the MNO.
However, Gao 2 teaches the concept wherein a message includes a public key infrastructure (PKI) certificate of a MNO (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO certificate teachings of Gao 2 with the eUICC profile package verification teachings of Gao in view of Park, in order to improve the security environment by incorporating well-known public key signature generation and verification techniques, thereby allowing the receiver to determine whether a received profile package was generated by a legitimate provider or a malicious attacker.

Regarding Claim 11:
Gao in view of Park and Gao 2 teaches the method of claim 10.  In addition, Gao 2 teaches wherein the performing the verification further comprises comparing the PKI certificate with an eSIM owner identifier included in the metadata and identifying the MNO (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC; eUICC calculates hash value of certificate (i.e. second SIM owner identifier corresponding to ICCID); eUICC determines whether calculated hash is the same as value in profile metadata (i.e. first SIM owner)).
The rationale to combine Gao and Gao 2 is the same as provided for claim 10 due to the overlapping subject matter between claims 10 and 11.

Regarding Claim 28:
Gao in view of Park teaches the eUICC of claim 21.
Neither Gao nor Park explicitly teaches wherein: the message includes a public key infrastructure (PKI) certificate of the MNO; and the performing the verification further comprises comparing the PKI certificate with an eSIM owner identifier included in the metadata and identifying the MNO.
However, Gao 2 teaches the concept wherein a message includes a public key infrastructure (PKI) certificate of a MNO (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC); and the performing the verification further comprises comparing the PKI (abstract, subscription profile downloading method; paragraph 68, application for downloading profile installed and provided by operator (MNO APP), i.e. “SIM owner”, as per Applicant’s specification [0032]; paragraph 236-239, LPA sends ICCID and signature certificate of MNO APP to eUICC; eUICC calculates hash value of certificate (i.e. second SIM owner identifier corresponding to ICCID); eUICC determines whether calculated hash is the same as value in profile metadata (i.e. first SIM owner)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO certificate teachings of Gao 2 with the eUICC profile package verification teachings of Gao in view of Park, in order to improve the security environment by incorporating well-known public key signature generation and verification techniques, thereby allowing the receiver to determine whether a received profile package was generated by a legitimate provider or a malicious attacker.

Response to Arguments
Applicant's arguments filed 11/2/2021 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 102:
Applicant’s arguments: Gao (US 2019/0364415) describes installation of a subscription profile on an eUICC received from an SM-DP+. (Abstract). Gao does not describe a separate MNO server providing a profile update package to a provisioning server that adds metadata and delivers to the eUICC to update a profile already present on the eUICC or the provisioning server having a trust relationship with the MNO associated with the MNO server and with at least one other MNO. Gao also does not describe all of the detailed metadata and the verification using a portion of the metadata as recited in several of the dependent claims.

Examiner’s response: Gao does at least teach a separate MNO server and a provisioning server that adds metadata to a profile update package and delivers to the eUICC to update a profile already present on the eUICC.  As can be seen in Fig. 1, the Operator (i.e. MNO) is a separate entity from the SM-DP+ provisioning server (see also paragraph 137-139, description of Fig. 1).  As per paragraph 264-266, the profile and metadata are delivered from the SM-DP+ server to the eUICC by way of the LPA.  As per paragraph 257, a previously installed subscription profile is deleted and replaced; deleting an obsolete profile and replacing it with an up-to-date profile can certainly be seen as “updating a profile”.  Therefore, the only elements missing from Gao are wherein the MNO provides the profile update package to the provisioning server, and the provisioning server having a trust relationship with the MNO associated with the MNO server and with at least one other MNO.  However, a new ground(s) for rejection is provided above which does teach this amended subject matter.

Applicant’s arguments: Gao 2 (US 2019/0373448) describes a similar system as in Gao and does not describe the features described hereinabove. Claims 6 and 25 recite verification based on comparing a (first) eSIM owner identifier included in the metadata and identifying the MNO (that operates the MNO server that provides the profile update package) and a second eSIM owner identifier for a particular MNO associated with the ICCID included in the metadata, where the comparison is to determine matching for verification to succeed. The Examiner cites Gao2 regarding a hash of a certificate, which is not equivalent to the features of the amended claims.

Examiner’s response: Gao 2 teaches providing an MNO APP certificate to the eUICC (paragraph 236-239).  An MNO certificate certainly identifies the MNO.  Further, the certificate is hashed by the eUICC (paragraph 236-239).  As a hash of a certificate is functionally unique to the certificate, the hash 

Applicant’s arguments: Park (US 2018/0131599) also describes a system in which an SM-DP+ provides a profile to a terminal without having the specific features of the amended claims that includes multiple servers with a particular trust relationship and combined actions to formulate an update for a profile already present on the eUICC. Claims 5 and 24 also recite three different pieces of metadata only one of which (a signature) is cited by the Examiner from Park.

Examiner’s response: (Examiner’s note: Park now referred to as Park 2 due to incorporation of additional Park reference) Park 2 was not recited as teaching multiple servers with a particular trust relationship or a profile “update”.  However, under further consideration, Park 2 does recite three different pieces of metadata.  Park 2 recites profile metadata comprising an ICCID, owner identifier, and signature (paragraph 83).

Applicant further argues that Chastain, Yang, and Lee teach the combination of features discussed above.  However, Chastain, Yang, and Lee were recited for different reasons than those discussed above.

Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491