Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 5 and 6 are objected to because of the following informalities:  Claim 5 recites “A method according to any of the claims 1 and 2”.  However, claim 2 has been cancelled.  
Claim 6 recites “A method according to claim 3”.  However, claim 3 has been cancelled.  
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
1.	Claims 1 and 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over D1 (EP 2579630 found on IDS dated 4/28/2021) in view of D2 (KR 20130023300) and Smith et al (2017/0033823) further in view of Caserta (2018/0007492) OR Marcelli et al (2021/0185575).
Regarding claim 1.  D1 teaches a method for transferring a MSISDN allocated to a subscription (0063 – mobile device ID and SIM card ID for the mobile device are registered or stored on the User ID server, 0064 – new SIM card ID cannot be found in association with the mobile device ID on the database) from a first to a second secure element (0028 – swapping one SIM card in the UE for another SIM card), said method comprising: 
during an enrolment phase of the first secure element cooperating with a terminal, transferring from said first secure element to a remote server, a first(0075 – UE sends password (e.g., secret information) and mobile device ID (e.g., MSISDN) and SIM card ID to the user ID server, 0078 – same SIM card as before (e.g. there was no SIM card swap));
Store said first (figure 1 wherein mobile device ID and password are stored in the user ID server); 
When said second secure element is for the first time activated in a terminal, after said user having entered said MSISDN to be transferred and said secret information, (0075 – mobile device sends a username ID, password, mobile device ID and SIM card ID to the use ID server, 0078 – if it is a different SIM card (e.g. a new SIM card has been replaced the previous SIM card): 
Compare said first (0075 – if the received username ID and password correspond to the username ID and password stored in the database 6, then the received data is correct, Other data can be compared, such as the mobile device ID, 0078 – settings associated with the username ID are maintained on the mobile device, even after a SIM swap, 
assigning at the level of the operator network a subscription identifier of said second secure element (0032 – server associates several data items with one another, including:  SIM identification, mobile device identification, a user name ID, and a password associated with the user name ID, 0078 – server associates or registers the SIM information with the mobile device ID, username ID, and password) to said MSISDN.
	D1 does not teach hashing user input and comparing the hashed information,  (amendment dated 5/17/2022) said comparison being done at the level of said remote server (D1 at 0032 and 0078 – associating and/or registering done at server) and wherein the hash is sent from said second secure element to said remote server.
	D2 teaches “user authentication information input interface” is used to request the user to input user authentication information for implementing a one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to a user authentication information interface through the key input unit” (translation at page 10 which corresponds to paragraph 0071 of KR20130023300).  The user authentication information may include at least one PIN or password registered to authenticate the terminal medium for the wireless terminal in the media authentication server on the communication network (translation page 10 which corresponds to paragraph 0072 of KR20130023300).  The PIN or password and MSISDN are registered in the server (translation page 11 which corresponds to paragraph 0077 of KR20130023300).  The authentication process preferably generates the terminal medium authentication information by concatenating the user authentication information (e.g., password) and the unique information (e.g., MSISDN) of the wireless terminal (translation page 11 which corresponds to 0078 of KR20130023300).  The authentication processor hashes at least one or more of the user authentication information (e.g. password) and the unique information of the wireless terminal (page 11 which corresponds to 0079 of KR20130023300).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 to use the hash function as taught by D2 thereby enabling a server/UE to compare hashed passwords values instead of comparing passwords directly thus increases security since the information transmitted between the UE and server is/are encrypted via hash function.
D1 in view of D2 do not explicitly teach assigning at the level of the operator network a subscription identifier (e.g., IMSI) of said second secure element to said MSISDN.
	Smith teaches server detects SIM Swap by mapping/assigning IMSIs to MSISDNs and/or security keys (0024, 0027, 0030).  The server can also be configured to detect a new activation of a device with the server by configuring the UE with username and password and exchanging security settings with the server, such as a key used for data encryption/decryption (0028).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 to map IMSIs and MSISDNs as taught by Smith in order to enable a business the ability to replace an old SIM associated with a previous employee with a new SIM associated with a new employee and/or enable an employee to switch the SIM card with a different SIM card when traveling (Smith at 0024).
	
Regarding amendment dated 5/17/2022.  D1 in view of D2 and Smith do not teach wherein said cooperating and enrollment is by way of a SubscriptionSwapClient applet downloaded, or already installed, on said server inviting said user to enter said secret information.
	Caserta teaches using a SIM APP (e.g., applet) (0008, 0013, 0017, 0021) enabling the remote server and SIM APP to exchange authentication information.  Caserta teaches using GlobalPlatform module to provide features such as user authentication through secure channels.  For example, one of the possible encryption mechanisms managed by the GP module may be the Secure Channel Protocol 80 (SCP80) (0025, 0026).  For example, embodiments of the present disclosure may  be used to obtain a response to a SCP80 type 4 C-APDU requesting user input (0033).  The remote server may instruct an application installed on the UICC in order to request some user feedback information, such as a PIN, a password or merely a simple confirmation (0035, 0050, 0060).  The SIM APP is used to request user input regarding secret information, such as PIN code or password (0064).
	Marcelli also teaches SIM card provided with an applet.  In this case, the server may send a challenge to the applet which, upon reception of the challenge, asks the user to insert a PIN or prompt, and encrypts the challenge (0070).  After the authentication step is completed, the server can therefore conclude for certain that the mobile device is equipped with a SIM card of the mobile network operator (0071).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 and Smith to use a SIM APP as taught by Caserta OR Marcelli in order to exchange authentication information between a remote server and the SIM APP and/or conclude for certain that the mobile device is equipped with a SIM card.

Regarding claim 4.  D1 teaches wherein said first or second secure elements are one of: A UICC, eUICC, iUICC, A device application, A trusted execution environment (0004 – A SIM is one example of a smart card, 0028 – exchanging or swapping one SIM card in the UE for another SIM card).
	Smith teaches UICC (abstract, 0024 – UICC card inserted into a UE may be removed and replaced by a different UICC).
Regarding claim 5.  D1 teaches wherein said secret information is one of: - An hexadecimal code; - An answer to at least one question accompanied with a reference of said question; - A passphrase (0075 – UE sends password).
D2 teaches user can enter PIN or password (translation page 10 which corresponds to paragraph 0073 of KR20130023300).
Smith teaches UICC having IMSIs associated with MISISDNs and/or authentication keys (0027).
Caserta teaches wherein the secret information is one of PIN or password (0035, 0050, 0060).
Marcelli teaches wherein the secret information is one of PIN or prompt (0070).
Regarding claim 6.  D1 in view of D2 do not explicitly teach wherein said subscription identifier is an IMSI.
Smith teaches server is able to detect SIM Swap by mapping/assigning IMSIs to MSISDNs and/or security keys (0024, 0027, 0030).  The server can also be configured to detect a new activation of a device with the server by configuring the UE with username and password and exchanging security settings with the server, such as a key used for data encryption/decryption (0028).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 to map IMSIs and MSISDNs as taught by Smith in order to enable a business the ability to replace an old SIM associated with a previous employee with a new SIM associated with a new employee and/or enable an employee to switch the SIM card with a different SIM card when traveling (Smith at 0024).
2.	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over D1 (EP 2579630 found on IDS dated 4/28/2021) in view of D2 (KR 20130023300), Smith et al (2017/0033823) and Lodeweyckx (2015/0038116) further in view of Caserta (2018/0007492) OR Marcelli et al (2021/0185575).
Regarding claim 7.  D1 teaches a program for transferring a MSISDN allocated to a subscription (0063 – mobile device ID and SIM card ID for the mobile device are registered or stored on the User ID server, 0064 – new SIM card ID cannot be found in association with the mobile device ID on the database) from a first to a second secure element (0028 – swapping one SIM card in the UE for another SIM card), the computer program product being configured to: 
during an enrolment phase of the first secure element cooperating with a terminal, transferring from said first secure element to a remote server, a first(0075 – UE sends password (e.g., secret information) and mobile device ID (e.g., MSISDN) and SIM card ID to the user ID server, 0078 – same SIM card as before (e.g. there was no SIM card swap));
when said second secure element is for the first time activated in a terminal, after said user having entered said MSISDN to be transferred and said secret information, (0075 – mobile device sends a username ID, password, mobile device ID and SIM card ID to the use ID server, 0078 – if it is a different SIM card (e.g. a new SIM card has been replaced the previous SIM card): 
compare said first (0075 – if the received username ID and password correspond to the username ID and password stored in the database 6, then the received data is correct, Other data can be compared, such as the mobile device ID, 0078 – settings associated with the username ID are maintained on the mobile device, even after a SIM swap, 
assigning at the level of the operator network a subscription identifier of said second secure element (0032 – server associates several data items with one another, including:  SIM identification, mobile device identification, a user name ID, and a password associated with the user name ID, 0078 – server associates or registers the SIM information with the mobile device ID, username ID, and password) to said MSISDN.
	D1 does not teach hashing user input and comparing the hashed information.
	D2 teaches “user authentication information input interface” is used to request the user to input user authentication information for implementing a one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to a user authentication information interface through the key input unit” (translation at page 10 which corresponds to paragraph 0071 of KR20130023300).  The user authentication information may include at least one PIN or password registered to authenticate the terminal medium for the wireless terminal in the media authentication server on the communication network (translation page 10 which corresponds to paragraph 0072 of KR20130023300).  The PIN or password and MSISDN are registered in the server (translation page 11 which corresponds to paragraph 0077 of KR20130023300).  The authentication process preferably generates the terminal medium authentication information by concatenating the user authentication information (e.g., password) and the unique information (e.g., MSISDN) of the wireless terminal (translation page 11 which corresponds to 0078 of KR20130023300).  The authentication processor hashes at least one or more of the user authentication information (e.g. password) and the unique information of the wireless terminal (page 11 which corresponds to 0079 of KR20130023300).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 to use the hash function as taught by D2 thereby enabling a server/UE to compare hashed passwords values instead of comparing passwords directly thus increases security since the information transmitted between the UE and server is/are encrypted via hash function.
D1 in view of D2 do not explicitly teach assigning at the level of the operator network a subscription identifier (e.g., IMSI) of said second secure element to said MSISDN.
	Smith teaches server detects SIM Swap by mapping/assigning IMSIs to MSISDNs and/or security keys (0024, 0027, 0030).  The server can also be configured to detect a new activation of a device with the server by configuring the UE with username and password and exchanging security settings with the server, such as a key used for data encryption/decryption (0028).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 to map IMSIs and MSISDNs as taught by Smith in order to enable a business the ability to replace an old SIM associated with a previous employee with a new SIM associated with a new employee and/or enable an employee to switch the SIM card with a different SIM card when traveling (Smith at 0024).
	
 (amendment dated 5/17/2022) D1 in view of D2, and Smith do not teach said comparison being done at the level of said second secure element and wherein said hash is sent from said remote server to said second secure element.
Lodeweyckx teaches the UE may use one of a plurality of mobile identities wherein UE consults server which securely provisions the IMSI and secret key data to the UE for use with respect to a current connection (0089-0090).  In a further option, a so-called root key can be provided at the SIM and the server, which secret keys being derived from the secret root key according to certain algorithm and seed data (0093).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2 and Smith to provision the UE with IMSI and secret key from a server side as taught by Lodeweyckx thereby enabling the SIM to authenticate the user during a SIM swap.
Regarding amendment dated 5/17/2022.  D1 in view of D2, Smith and Lodeweyckx do not teach wherein said cooperating and enrollment is by way of a SubscriptionSwapClient applet downloaded, or already installed, on said server inviting said user to enter said secret information.
	Caserta teaches using a SIM APP (e.g., applet) (0008, 0013, 0017, 0021) enabling the remote server and SIM APP to exchange authentication information.  Caserta teaches using GlobalPlatform module to provide features such as user authentication through secure channels.  For example, one of the possible encryption mechanisms managed by the GP module may be the Secure Channel Protocol 80 (SCP80) (0025, 0026).  For example, embodiments of the present disclosure may  be used to obtain a response to a SCP80 type 4 C-APDU requesting user input (0033).  The remote server may instruct an application installed on the UICC in order to request some user feedback information, such as a PIN, a password or merely a simple confirmation (0035, 0050, 0060).  The SIM APP is used to request user input regarding secret information, such as PIN code or password (0064).
	Marcelli also teaches SIM card provided with an applet.  In this case, the server may send a challenge to the applet which, upon reception of the challenge, asks the user to insert a PIN or prompt, and encrypts the challenge (0070).  After the authentication step is completed, the server can therefore conclude for certain that the mobile device is equipped with a SIM card of the mobile network operator (0071).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of D1 in view of D2, Smith and Lodeweyckx to use a SIM APP as taught by Caserta OR Marcelli in order to exchange authentication information between a remote server and the SIM APP and/or conclude for certain that the mobile device is equipped with a SIM card.
Response to Arguments
3.	Applicant’s arguments with respect to claims 1 and 4-7 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
4.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
---(2016/0037339) Kavalathara et al teaches using a SIM APP in the UE to prompt the user for a PIN or password (0025).
---(2014/0073375) Li et al teaches using a SIM APP to authenticate swapping information between a first SIM and a second SIM (0075).
	---(20140172712) Petersen et al teaches storing IMSI or ICCID against MSISDN at server level (0045) and such storage may be performed using the highest and latest available encryption and hashing techniques (0047).  Petersen teaches authenticating the user during SIM Swap processing script, if user is authenticated, update the stored IMSI in the IMSI/ICCID database with the new SIM unique identifier (0051).
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to BARRY W TAYLOR whose telephone number is (571)272-7509.  The examiner can normally be reached on Monday-Thursday: 7-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lester Kincaid can be reached on 571-272-7922.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BARRY W TAYLOR/           Primary Examiner, Art Unit 2646