DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 2-3, 5, 9-10, 12, 16-17, 19, 23 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lodeweyckx (PGPUB 2012/0322410).

Regarding Claim 9:
Lodeweyckx teaches a user equipment (abstract, identification module (such as SIM card) for securely providing a mobile identity to a mobile data network for use in identifying mobile equipment in which that identification module is installed), comprising: 
a processor (paragraph 66, user equipment (UE) comprising processor) configured to generate a proposed privacy mobile subscriber identity (PMSI) to be a substitute for an international mobile subscriber identity (IMSI) (abstract, mobile identity memory which securely stores data defining two or more different mobile identities; a selector for selecting a mobile identity from the two or more mobile identities; a network interface for generating data derived from the selected mobile identity for transmission to a mobile network during a network authorization procedure, and for receiving acknowledgement data back from the mobile network indicating whether authorization was successful based on that selected mobile identity; and a detector for detecting whether the acknowledgement data indicates an unsuccessful authorization with the mobile network and, if so, for initiating a further network authorization procedure in which the selector selects a different one of the two or more mobile identities; paragraph 87, SIM card having multiple IMSIs; paragraph 90, selector selects IMSI-Ki pair to be authorized for use in the current session with the mobile network); and 
a transceiver configured to (paragraph 66, UE comprising wireless interface): 
initiate registration with a serving network via an over-the-air connection (paragraph 112, selection generator selects IMSI from among temporary-use IMSIs; paragraph 112, UE attempts to authorize with mobile data network using selected IMSI-Ki pair); and 
transmit, to the serving network, the proposed PMSI via the over-the-air connection (paragraph 113, UE attempts to authorize with mobile data network using selected IMSI-Ki pair; paragraph 77-78, authorization process between UE and network includes UE sending IMSI to network; paragraph 68, application software initiates message to be sent via mobile network), wherein the processor is further configured to use the proposed PMSI as an initial PMSI for an attach message in response to receiving an acknowledgment message from the serving network indicating acceptance of the proposed PMSI (paragraph 81, message is sent by HLR to UE to indicate that authorization has been granted; paragraph 113, selector detects whether authorization was successful; paragraph 90, selector maintains details of which IMSI-Ki pairs were used with successful network authorizations in the past and selects those IMSI-Ki pairs for future authorization attempts).

Regarding Claim 10:
Lodeweyckx teaches the user equipment of claim 9.  In addition, Lodeweyckx teaches wherein: 
the processor is further configured to re-generate a new proposed PMSI in response to the acknowledgment message indicating rejection of the proposed PMSI (paragraph 116, in the event of a failed authorization, control returns to the step 710 where (in accordance with the IMSI selection criteria discussed above) the NOK detector 660 initiates the selection by the selection generator 640 of a different IMSI-Ki pair (for example, on a random basis) for a further authorization attempt, from amongst the set of temporary-use IMSIs); and 
the transceiver is further configured to re-transmit the new proposed PMSI to the serving network via the over-the-air connection (paragraph 116, further authorization attempt; paragraph 113, UE attempts to authorize with mobile data network using selected IMSI-Ki pair; paragraph 77-78, authorization process between UE and network includes UE sending IMSI to network; paragraph 68, application software initiates message to be sent via mobile network).

Regarding Claim 12:
Lodeweyckx teaches the user equipment of claim 9.  In addition, Lodeweyckx teaches wherein the processor is further configured, as part of the generation, to generate the proposed PMSI based upon a pseudo-random number (paragraph 90, selector selects IMSI-Ki pairs based on random selection; paragraph 108, selection generator receives input from random number generator; paragraph 112, where a random number is required as part of the selection, that number is provided by the random number generator 650).

Regarding claims 2-3, 5:


Regarding claims 16-17, 19:
	These are the non-transitory computer-readable medium claims corresponding to the user equipment of claims 9-10, 12, respectively, and are therefore rejected for corresponding reasons.

Regarding Claim 23:
	Lodeweyckx teaches the method of claim 2.  In addition, Lodeweyckx teaches wherein the initiating occurs after the UE is provisioned with the IMSI and before the proposed PMSI is generated by the UE (EXAMINER’S NOTE: examiner cannot find clear recitation of that which constitutes “initiating” or “initialization” in Applicant’s specification; for instance, step 702, “Start initialization”, as per Fig. 7A, is not defined as to what actions constitute the step; therefore, examiner views “initiating” as any step which is involved in registration with the serving network; paragraph 112, selection generator selects IMSI, i.e. initial IMSI; UE attempts to authorize with mobile data network using selected IMSI; paragraph 116, in the event of failed authorization, selection generator selects different IMSI-Ki pair (for example, on a random basis), i.e. proposed PMSI, for a further authorization attempt; therefore, the UE is provisioned with the initial IMSI, authorization with the mobile network is attempted, and a subsequent proposed PMSI is generated).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 4, 11, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lodeweyckx, and further in view of Choudhury et al (Enhancing User Identity Privacy in LTE, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications).

Regarding Claim 11:
Lodeweyckx teaches the user equipment of claim 9.  In addition, Lodeweyckx teaches wherein: 
the processor is further configured to access, from the acknowledgment message, a server-proposed PMSI in place of the proposed PMSI (paragraph 128, AUC supplies a number of new temporary-use IMSIs from a pool to overwrite one or more of the temporary-use IMSIs currently stored in the SIM card).
Lodeweyckx does not explicitly teach the transceiver is further configured to notify the serving network of acceptance of the server-proposed PMSI for use as the initial PMSI.
However, Choudhury teaches the concept wherein a transceiver is configured to notify a serving network of acceptance of a server-proposed PMSI for use as an initial PMSI (page 951 paragraph 6, MME allocates new temporary identifier called Globally Unique Temporary Identity (GUTI) to UE by initiating GUTI reallocation procedure; UE returns GUTI Reallocation Complete message to MME).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the PMSI acceptance message of Choudhury with the temporary mobile subscriber identity teachings of Lodeweyckx, in order to provide a means for a server and client to synchronize identity parameters, thereby preventing future conflicts or errors due to one or both parties being unable to complete an identifier update process, or being unaware that the opposing party could not complete the process.

Regarding Claim 4:
	This is the method claim corresponding to the user equipment of claim 11, and is therefore rejected for corresponding reasons.

Regarding Claim 18:
	This is the non-transitory computer-readable medium claim corresponding to the user equipment of claim 11, and is therefore rejected for corresponding reasons.

Claims 6, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lodeweyckx, and further in view of Hahn et al (PGPUB 2017/0070880).

Regarding Claim 13:
Lodeweyckx teaches the user equipment of claim 9.
Lodeweyckx does not explicitly teach wherein the processor is further configured, as part of the generation, to generate the proposed PMSI based upon the IMSI.
However, Hahn teaches the concept wherein a processor is configured, as part of generation, to generate a proposed PMSI based upon an IMSI (paragraph 63-70, Pseudo IMSI generated as a function of IMSI and RandomValue used by user equipment for RRC connection request; user equipment creates Pseudo IMSI and transmits created identifier instead of IMSI to a network).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the random PMSI generation teachings of Hahn with the temporary mobile subscriber identity teachings of Lodeweyckx, with the benefit of further increasing the entropy of 

Regarding Claim 6:
	This is the method claim corresponding to the user equipment of claim 13, and is therefore rejected for corresponding reasons.

Claims 7, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lodeweyckx, and further in view of Wang et al (PGPUB 2007/0297367).

Regarding Claim 14:
Lodeweyckx teaches the user equipment of claim 9.
Lodeweyckx does not explicitly teach wherein: 
the transceiver is further configured to receive a public key from the serving network prior to the transmission; and 
the processor is further configured to encrypt the proposed PMSI with the public key prior to the transmission.
However, Wang teaches a transceiver configured to receive a public key from a service network prior to transmission (abstract, wireless transmit/receive unit (WTRU) includes layer which performs ciphering of signaling messages; paragraph 21, WTRU is user equipment (UE); paragraph 25, initial security parameters including public key information are loaded into WTRU from eNode-B of network); and
(paragraph 34, wireless transmit/receive unit (WTRU) uses public key for ciphering initial access message including IMSI, and network deciphers message with corresponding private key); and
Lodeweyckx teaches wherein the IMSI is a proposed PMSI (paragraph 112, selection generator selects IMSI from among temporary-use IMSIs; paragraph 112, UE attempts to authorize with mobile data network using selected IMSI-Ki pair).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key cryptography teachings of Wang with the temporary mobile subscriber identity teachings of Lodeweyckx, with the benefit of further protecting the temporary identity values from being intercepted using well understood public key cryptography teachings, further preventing data interception and identity spoofing using the temporary identifier.

Regarding Claim 7:
	This is the method claim corresponding to the user equipment of claim 14, and is therefore rejected for corresponding reasons.

Regarding Claim 20:
	This is the non-transitory computer-readable medium claim corresponding to the user equipment of claim 14, and is therefore rejected for corresponding reasons.

Claims 8, 15, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lodeweyckx, and further in view of Choudhury and Takasugi et al (PGPUB 2009/0024848).

Regarding Claim 15:

Lodeweyckx does not explicitly teach wherein: 
the transceiver is further configured to receive, from the serving network in response to the attach message, an authentication request including a next PMSI and a tracking index.
However, Choudhury teaches the concept wherein:
a transceiver is configured to receive, from a serving network in response to an attach message, an authentication request including a next PMSI and a tracking index (page 953 paragraph 7-954 paragraph 2, RICFresh embedded in ERANDf and transmitted from Mobility Management Entity (MME) to UE along with AUTNf; page 950 paragraph 3-8, AUTN stands for authentication token, used during authentication and key agreement to authenticate UE; RICFresh can be seen as PMSI, and AUTNf can be seen as tracking index).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the updated PMSI teachings of Choudhury with the temporary mobile subscriber identity teachings of Lodeweyckx, in order to allow a server to force updating of a temporary IMSI, thereby limiting the time available for an attacker to exploit an IMSI for the purposes of identity theft or attacking a network.
Neither Lodeweyckx nor Choudhury explicitly teaches the processor is further configured to compare the next PMSI with a UE-derived next PMSI; and 
the transceiver is further configured to acknowledge the next PMSI to the serving network for use in a subsequent attach message.
However, Takasugi teaches a processor configured to compare a next temporary ID with a UE-derived next temporary ID (paragraph 181-186, 196, parameter g0(n) generated using temporary ID n; wireless terminal generates network authentication data based on n and compares it to received authentication data; if identical, server is authenticated; paragraph 198, subsequently, wireless terminal sends information indicating that authentication of the server by the wireless terminal is complete); and 
a transceiver configured to acknowledge the next temporary ID to a serving network for use in a subsequent attach message (paragraph 28, terminal identification method for identifying terminal in communication via network between server and terminal, comprising sharing a first hash function and an initial value which is determined for each terminal between the server and the terminal and calculating a temporary ID at the server and terminal based on hashing the initial value a number of times with the hash function; paragraph 181-186, 196, parameter g0(n) generated using temporary ID n; wireless terminal generates network authentication data based on n and compares it to received authentication data; if identical, server is authenticated; paragraph 198, subsequently, wireless terminal sends information indicating that authentication of the server by the wireless terminal is complete); and
Lodeweyckx teaches wherein the temporary ID is a PMSI (paragraph 112, selection generator selects IMSI from among temporary-use IMSIs; paragraph 112, UE attempts to authorize with mobile data network using selected IMSI-Ki pair).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the hash-based temporary ID teachings of Takasugi with the temporary mobile subscriber identity teachings of Lodeweyckx in view of Choudhury, in order to allow a networking terminal and a server to confirm the synchronized identifiers, thereby preventing connection errors due to either network device missing an intermediate identifier value before or during communication and identifier updates.

Regarding Claim 8:


Regarding Claim 21:
	This is the non-transitory computer-readable medium claim corresponding to the user equipment of claim 15, and is therefore rejected for corresponding reasons.

Claim 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lodeweyckx, and further in view of Kitazoe et al (PGPUB 2009/0163211).

Regarding Claim 22:
	Lodeweyckx teaches the method of claim 2.
Lodeweyckx does not explicitly teach wherein the generating comprises using a hashing function to generate the proposed PMSI.
However, Kitazoe teaches the concept wherein generating comprises using a hashing function to generate a proposed PMSI (abstract, techniques for sending a message for random access by a user equipment; paragraph 54, a random ID may be sent instead of a partial IMSI for attachment; the random ID may be a hash value generated by hashing the IMSI or some other UE ID).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the hashed IMSI teachings of Kitazoe with the temporary mobile subscriber identity teachings of Lodeweyckx, in order to improve network efficiency and device capability by providing a means for a device to establish a connection using an available random access channel for an attachment procedure (e.g. Kitazoe paragraph 6). 

Response to Arguments
Applicant's arguments filed 12/21/2021 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 103:
Applicant’s arguments: First, as a threshold matter and as discussed during the Interview, Lodeweyckx has no teaching related to a "PMSI." As the Office itself quotes multiple times in the rejection, Lodeweyckx repeatedly and consistently requires use of IMSI - the very identifier that the PMSI is "a substitute for." Indeed, once Lodeweyckx selects an IMSI pre-stored in its SIM card by the manufacturer, "the UE attempts to authorize with the mobile data network using the selected IMSI-Ki pair." (Lodeweyckx, [0113], see also [0113].) Any temporary IMSI per Lodeweyckx is, per Lodeweyckx itself, still a pre-stored IMSI and therefore cannot disclose a "PMSI." 

Examiner’s response: Examiner notes that “privacy mobile subscriber identity” (PMSI) is not a term which is well-known in the art.  Therefore, we rely on applicant’s definition in order to determine broadest reasonable interpretation of a PMSI.  For instance, applicant’s specification [0031]: “The PMSI may be a unique number that is associated specifically with the UE 102.”  An IMSI would definitely apply under this definition.  Further, claim 2 merely establishes that the PMSI is generated by the UE to be a substitute for an IMSI.  Therefore, a second IMSI which replaces a first IMSI, as per Lodeweyckx (e.g. abstract, paragraph 90), qualifies as the PMSI.  

Applicant’s arguments: The Office's apparent interpretation of a temporary IMSI in Lodeweyckx as a "PMSI," because it is not necessarily a "final IMSI" per Lodeweyckx, fails because it ignores the plain language of the claim. See Interview Summary above; Non-Final Office Action, p. 3 (generalizing the recited "PMSI" to a "mobile identity").) There is no recitation of a generic "mobile identity" in the claims, citing W.L. Gore & Associates, Inc. v. Garlock, Inc., 721 F.2d 1540, 220 USPQ 303 (Fed. Cir. 1983)). 

Examiner’s response: Examiner disagrees.  As per applicant’s specification [0031]: “The PMSI may be a unique number that is associated specifically with the UE 102.”  As per claim 2: “generating, by the UE, a proposed privacy mobile subscriber identity (PMSI) to be a substitute for an international mobile subscriber identity (IMSI)”.  By the language of the specification and claims, the PMSI is a mobile identity.  Examiner is not distilling the invention down to the ‘gist’ or ‘thrust’ in this case.  Claim 2 does not ascribe any special definition to a PMSI beyond a mobile identifier which is substituted for an IMSI; for instance, a second IMSI as taught by Lodeweyckx (e.g. abstract, paragraph 90).

Applicant’s arguments: By generalizing the claimed features to "mobile identity," the Examiner has failed to establish a proper prima facie case of obviousness for all of the independent claims. This is because the Office's rejection ignores the specific language of the claim, including "a proposed privacy mobile subscriber identity (PMSI) to be a substitute for an international mobile subscriber identity (IMSI)." Lodeweyckx simply has no concept of a "PMSI," because even the allegedly temporary IMSIs in Lodeweyckx are, specifically, "international mobile subscriber identifier[s]" (each of them), each of which must be paid for before being provisioned in a UE's SIM card. Lodeweyckx, 11 [0075] (IMSI), [0085] (each IMSI must be paid for). For this reason alone, the current rejection should be withdrawn.

Examiner’s response: The specific language of the claim, including “a proposed privacy mobile subscriber identity (PMSI) to be a substitute for an international mobile subscriber identity (IMSI)”, is satisfied by an IMSI which is used in place of another IMSI.  The substituting IMSI can therefore be considered a PMSI.

Applicant’s arguments: Second, in addition to the reasons above, there is no concept at all in Lodeweyckx of "generating, by the UE, ... a proposed [PMSI]". The Office points to "a selector" in Lodeweyckx to reject this feature. But a "selector" per Lodeweyckx does nothing more than "select[] a IMSI- Ki pair to be authorized for use in the current session," from a pre-stored list of available IMSIs in the SIM. (Id., [0087], [0090], [0091], [0098].) In particular, the Office's citation to a "random number generator" is not relevant. In Lodeweyckx, the "random number [is used] as part of the selection" of an IMSI from the pre-stored list of available IMSIs, not to generate the IMSI itself. (Id., [0112]; see also [0090].) Selecting an IMSI from a list of possible IMSIs, even when using a random number generator to aid in selecting one of the IMSIs from the list, does not disclose an act of "generating, by the UE, ... a proposed [PMSI]" as recited. 
The Office's reliance on interpreting "generating" to be understood by the Office generally as an "act of producing something new" does not support its position based on Lodeweyckx or cure the above-noted deficiencies. As noted above, any temporary IMSI stored in a UE's SIM card was already "activated with the network" - "Each of the temporary-use IMSI-Ki pairs relates to an IMSI which has been activated with the network." Lodeweyckx, [0089]. As a result, the network already "has a data entry relating to that IMSI." Id. Thus, under the Office's own reasoning, Lodeweyckx cannot disclose the claimed "generating" because Lodeweyckx is not "producing something new" - far from it. Instead, Lodeweyckx is accessing a temporary IMSI from among multiple IMSIs that are already activated with the network and known to the network, and are already pre-stored in the UE's SIM card.

Examiner’s response: Examiner disagrees.  Algorithms to generate numerical data in mathematics take many forms.  The method of Lodeweyckx (e.g. paragraph 116) can be seen as an algorithm which takes a random number and a set of elements as input and generates an output, in this case a randomly chosen set element.  Further, “new” is a relative term, and could simply mean new in comparison to the previous registration/attachment (in that it replaces the previous IMSI); additionally, “new” is not found in claim 2.  While examiner referred to “generating” as “producing something new”, this is not the only definition of “generating”; for instance, “generating” can simply be seen as “producing”.  One would certainly refer to a random number generator as “generating”, yet any random number generator would eventually produce a number which it had already produced in the past, and was therefore not new.  Therefore, Lodeweyckx teaches using a random number and a set of IMSIs to generate a PMSI.

	Applicant’s arguments with regard to independent claims 9 and 16 are similar to those regarding claim 2 and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491