DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on December 7, 2020, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on December 7, 2020, are accepted.

Specification
The specification, filed on December 7, 2020, is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3, 10 – 12, and 19 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080205651 A1 to Goto et al., (hereinafter, “Goto”) in view of US 20170006003 A1 to Zakaria et al., (hereinafter, “Zakaria”).
Regarding claim 1, Goto teaches a computer-implemented method, comprising: outputting the public key to a second system; saving the secret key on the first system; [Goto, para. 38 discloses the manufacturer determines a setting information secret key and a public key for RSA encryption and supplies the public key to the user. The command encryption key (encryption setting information) 32 that the user has determined arbitrarily is encrypted with the public key for RSA encryption and stored in the memory for encryption 30.] receiving, by the first system, a command encrypted using the public key; [Goto, para. 45 discloses he manufacturer informs the user of the setting information public key and the user informs the manufacturer of the signature public key, and the manufacturer supplies to the user the data, which is encrypted by the hardwired encryption key and contains the key transformation program including the setting information secret key and the signature public key. The user creates ROM data by combining the encrypted data with the encryption key for instruction encrypted with the setting information public key, the electronic signature, and the control program encrypted with the command encryption key. Because the data supplied to the user from the manufacturer is encrypted, the user cannot know the setting information secret key.] decrypting, on the first system, the encrypted command using the secret key; [Goto, para. 38 discloses The RSA-encrypted encryption key for instruction 32 is decrypted with the setting information secret key and the decrypted encryption key for instruction is set in the write only register 27. Para. 41 discloses the setting information secret key can be stored in the secure processor; however, it may also be possible to add it to the key transformation program and supply the data from the manufacturer to the user, which is the key transformation program including the setting information secret key encrypted with the hardware encryption key. Because the setting information decryption key is encrypted, the user cannot know the setting information decryption key also in this case. The user stores the key transformation program including the setting information decryption key in the memory. When the secure processor is activated, the key transformation program is decrypted with the hardware encryption key as described above, and therefore, the setting information decryption key is extracted therefrom and the RSA-encrypted command encryption key is decrypted.] and executing the decrypted command. [Goto, para. 46 discloses In the configuration in which an electronic signature is verified, it may also be possible to provide a function of connecting the connection detection signal of the debugger to the encryption processing part and terminating the command decryption processing when the debugger is detected. Due to this, it is possible to protect the program from the attack using the fact that the command decrypted for execution exists in the CPU core 21 and in this state, the information in the CPU core 21 is taken out using the debugger.], but Goto does not teach receiving, at a first system, a command to start encryption; in response to receiving the command to start encryption, creating, on the first system, a pair of keys, wherein the pair of keys includes a public key and a secret key.
However, Zakaria does teach receiving, at a first system, a command to start encryption; in response to receiving the command to start encryption, creating, on the first system, a pair of keys, wherein the pair of keys includes a public key and a secret key; [Zakaria, para. 132 discloses the encryption engine 1660 of the IoT service 120 sends a command to the HSM 1630 (e.g., which may be such as a CloudHSM offered by Amazon®) to generate a session public/private key pair. The HSM 1630 may subsequently prevent access to the private session key of the pair. Similarly, the encryption engine on the IoT device 101 may transmit a command to the HSM 1631 (e.g., such as an Atecc508 HSM from Atmel Corporation®) which generates a session public/private key pair and prevents access to the session private key of the pair]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Zakaria’s system with Goto’s system, with a motivation for a key exchange and key stream generation which may initially be performed between the IoT service 120 and the IoT device 101, and establish a new communication session. Alternatively, the key exchange may be performed and the exchanged session keys may be used for a specified period of time (e.g., a day, a week, etc). [Zakaria, para. 131] 

As per claim 2, modified Goto teaches the computer-implemented method of claim 1, wherein the encrypted command is for performing a restricted process.  [Goto, para. 46 discloses In the configuration in which an electronic signature is verified, it may also be possible to provide a function of connecting the connection detection signal of the debugger to the encryption processing part and terminating the command decryption processing when the debugger is detected. Due to this, it is possible to protect the program from the attack using the fact that the command decrypted for execution exists in the CPU core 21 and in this state, the information in the CPU core 21 is taken out using the debugger.]

As per claim 3, modified Goto teaches the computer-implemented method of claim 1, wherein the encrypted command is received from the second system. [Goto, para. 62 discloses the user creates RSA-encrypted encryption setting information 75 by RSA-encrypting the encryption setting information 51 including the encryption key for instruction 60 for AES encryption with the first RSA public key 64 in an RSA encryption part 72. Further, an electronic signature 76 is created by RSA-encrypting data, which is hash-processed RSA-encrypted encryption setting information 75 with the second RSA secret key 66 in a signature generation part 73. Then, in an AES encryption part 74, a control program 77 AES-encrypted with the encryption key for instruction 60 is created using the encryption key for instruction 60 by encrypting, as D14, D15, and D16, using the counter data and the command encryption key included in the information and subjecting them to the XOR (D18) operation with the data D17 of the control program. The above processing is carried out using an encrypted data creating tool 71. Then, the RSA-encrypted encryption setting information 75, the electronic signature 76, and the AES-encrypted control program 77 created as above are combined with the program data including the ROM head 41 and the key transformation program 43 supplied from the manufacturer and written to the external ROM 34.]

Regarding claim 10 – 12, they recite features as similar to feature within claim 1 – 3, therefore, they are rejected in a similar manner.

Regarding claim 19 – 20, they recite features as similar to feature within claim 1 – 2, therefore, they are rejected in a similar manner.

Claims 4 – 7 and 13 – 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080205651 A1 to Goto et al., (hereinafter, “Goto”) in view of US 20170006003 A1 to Zakaria et al., (hereinafter, “Zakaria”) in further view of US 20180351945 A1 to Li at al., (hereinafter, “Li”).
Regarding claim 4, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach wherein the encrypted command is received from the second system, wherein the encrypted command was P202000071US01/TUC1P628 Page 28 of 33 previously encrypted by a third system that sent the encrypted command to the second system.  
	However, Li does teach wherein the encrypted command is received from the second system, wherein the encrypted command was P202000071US01/TUC1P628 Page 28 of 33 previously encrypted by a third system that sent the encrypted command to the second system. [Li, para. 67 discloses he eSIM server 118 can transmit the payload 126 that can include the encrypted eSIM package based on the eSIM 108 to the eUICC 102. At step 324, the test equipment 124, which has been monitoring the communication between the eUICC 102 and the eSIM server 118, can capture the payload 126 and save the payload 126 for subsequent use. Once the payload 126 reaches the eUICC 102, the eUICC 102 can generate the session key at step 326 based on the public key (otPK.DP) of the eSIM server 118 and the private key (otSK.eUICC) of the eUICC 102. The session key generated is the same session key that is generated by eSIM server at step 318. The session key can be protected and kept as a shared secret between the eUICC 102 and the eSIM server 118.]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Li’s system with modified Goto’s system, with a motivation to perform other related post-installation actions such as generating and sending notifications that record the installation results, removing the notifications, deleting the installed eSIM, and restarting another session of replay testing. By using the same payload while bypassing some of the authentication and/or verification steps, the eUICC can be stress tested using an actual eSIM numerous times without having to remove an additional eSIM from inventory for each profile installation attempt. [Li, para. 131] 

Regarding claim 5, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach comprising: in response to receiving, on the first system, a command for ending encryption, disposing of the secret key.  
	However, Li does teach comprising: in response to receiving, on the first system, a command for ending encryption, disposing of the secret key. [Li, para. 60 discloses in a post-installation commands phase 230, the test equipment 124 and/or the device interface 116 can provide various different post-installation commands to the eUICC 102. Those commands can include listing notifications on the eUICC 102, retrieving notifications from the eUICC 102, removing notifications, deleting the eSIM 108 from the eUICC 102, changing configuration of the device 114, changing configuration of the eUICC 102, starting another session of testing, and/or terminating the debug mode. If the debug mode is not terminated, another session of replay testing 204 can be repeated, as denoted by arrow 232. Test sessions 200 can include numerous sessions of replay testing to stress test the operating system of the eUICC 102, the device interface 116 and the installation procedures. If a command to terminate the debug mode is received, the eUICC 102 can abort the debug mode and erase all of the keys and/or secrets saved. (Examiner notes that although it does not explicitly say "receiving a command to end encryption". It is being interpreted that the command to terminate debugging is a command to end encryption because it causes the encryption keys to be erased and therefore since the encryption keys are erased, it implies that it is a command to end encryption)]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Li’s system with modified Goto’s system, with a motivation to perform other related post-installation actions such as generating and sending notifications that record the installation results, removing the notifications, deleting the installed eSIM, and restarting another session of replay testing. By using the same payload while bypassing some of the authentication and/or verification steps, the eUICC can be stress tested using an actual eSIM numerous times without having to remove an additional eSIM from inventory for each profile installation attempt. [Li, para. 131] 

Regarding claim 6, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach wherein the encrypted command includes a sub-command for ending encryption and comprising: in response to receiving the encrypted command, disposing of the secret key, wherein the disposing includes decrypting and executing the sub-command.  
However, Li does teach wherein the encrypted command includes a sub-command for ending encryption and comprising: in response to receiving the encrypted command, disposing of the secret key, wherein the disposing includes decrypting and executing the sub-command. [Li, para. 60 discloses in a post-installation commands phase 230, the test equipment 124 and/or the device interface 116 can provide various different post-installation commands to the eUICC 102. Those commands can include listing notifications on the eUICC 102, retrieving notifications from the eUICC 102, removing notifications, deleting the eSIM 108 from the eUICC 102, changing configuration of the device 114, changing configuration of the eUICC 102, starting another session of testing, and/or terminating the debug mode. If the debug mode is not terminated, another session of replay testing 204 can be repeated, as denoted by arrow 232. Test sessions 200 can include numerous sessions of replay testing to stress test the operating system of the eUICC 102, the device interface 116 and the installation procedures. If a command to terminate the debug mode is received, the eUICC 102 can abort the debug mode and erase all of the keys and/or secrets saved.]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Li’s system with modified Goto’s system, with a motivation to perform other related post-installation actions such as generating and sending notifications that record the installation results, removing the notifications, deleting the installed eSIM, and restarting another session of replay testing. By using the same payload while bypassing some of the authentication and/or verification steps, the eUICC can be stress tested using an actual eSIM numerous times without having to remove an additional eSIM from inventory for each profile installation attempt. [Li, para. 131] 

Regarding claim 7, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach comprising: receiving a command for ending encryption; and in response to receiving the command for ending encryption, disposing of the secret key.  
However, Li does teach comprising: receiving a command for ending encryption; and in response to receiving the command for ending encryption, disposing of the secret key. [Li, para. 60 discloses in a post-installation commands phase 230, the test equipment 124 and/or the device interface 116 can provide various different post-installation commands to the eUICC 102. Those commands can include listing notifications on the eUICC 102, retrieving notifications from the eUICC 102, removing notifications, deleting the eSIM 108 from the eUICC 102, changing configuration of the device 114, changing configuration of the eUICC 102, starting another session of testing, and/or terminating the debug mode. If the debug mode is not terminated, another session of replay testing 204 can be repeated, as denoted by arrow 232. Test sessions 200 can include numerous sessions of replay testing to stress test the operating system of the eUICC 102, the device interface 116 and the installation procedures. If a command to terminate the debug mode is received, the eUICC 102 can abort the debug mode and erase all of the keys and/or secrets saved. (Examiner notes that although it does not explicitly teach "receiving a command to end encryption". It is being interpret the command to terminate debugging as a command to end encryption because it causes the encryption keys to be erased and therefore since the encryption keys are erased, it implies that the the command to terminate debugging is a command to end encryption)]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Li’s system with modified Goto’s system, with a motivation to perform other related post-installation actions such as generating and sending notifications that record the installation results, removing the notifications, deleting the installed eSIM, and restarting another session of replay testing. By using the same payload while bypassing some of the authentication and/or verification steps, the eUICC can be stress tested using an actual eSIM numerous times without having to remove an additional eSIM from inventory for each profile installation attempt. [Li, para. 131] 

Regarding claim 13 – 16, they recite features as similar to feature within claim 4 - 7, therefore, they are rejected in a similar manner.

Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080205651 A1 to Goto et al., (hereinafter, “Goto”) in view of US 20170006003 A1 to Zakaria et al., (hereinafter, “Zakaria”) in further view of US 20200348361 A1 to Kurts at al., (hereinafter, “Kurts”).
Regarding claim 8, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach wherein the decrypted command is a debugging command. 
However, Kurts wherein the decrypted command is a debugging command. [Kurts, para. 20 discloses the remote debug process may be initiated by the non-designer party when a debug request is sent over one or more public networks to the debugging site. Once the SUT and the non-designer party is identified by the debugging site, encrypted JTAG debug commands may be transmitted from the debugging site over the public network to the client site host device and subsequently to the SUT. The JTAG debug commands may be decrypted within the CPU of the SUT using the encryption/decryption machine. The JTAG debug commands may be executed and results may be transmitted back to the debugging site for analysis.]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Kurts’s system with modified Goto’s system, with a motivation for The JTAG commands may be transferred from the client site host device 312 to the SUT 308 via the JTAG interface 320. Specifically, the central TAP 314 may receive the encrypted/protected JTAG commands for AFD and/or other interactions and subsequently transfer the JTAG commands to the encryption/decryption machine 316 to decrypt to the JTAG commands using a secure session key, as will be discussed in further detail below. The internal encryption and decryption capabilities provided by the encryption/decryption machine 316 may further protect data transmitted between the debugging site 304 and the client site 302 since unencrypted data may not be exposed to tracking by an unauthorized third party (e.g., hacker) during transfer between the sites 302, 304. [Kurts, para. 28] 

Regarding claim 17, it recites features as similar to feature within claim 8, therefore, it is rejected in a similar manner.

10.	Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080205651 A1 to Goto et al., (hereinafter, “Goto”) in view of US 20170006003 A1 to Zakaria et al., (hereinafter, “Zakaria”) in further view of US 20210377044 A1 to Leibmann at al., (hereinafter, “Leibmann”).
Regarding claim 9, modified Goto teaches the computer-implemented method of claim 1, but modified Goto does not teach comprising: disposing of the secret key in response to a predetermined amount of time passing after the pair of keys being created. P202000071US01/TUC1P628 Page 29 of 33 
However, Leibmann does teach comprising: disposing of the secret key in response to a predetermined amount of time passing after the pair of keys being created. [Leibmann, para. 8 discloses an ephemeral cryptographic key can include a private or public key generated on a server in memory and with a finite lifespan of, for instance, thirty minutes, one hour, or two hours. Upon expiration of the finite lifespan, the server can be configured to discard the existing private/public key pair and regenerate a new private/public key pair in place of the discarded one]
Therefore, it would been obvious to one of ordinary skill within the art before the effective filling to combine Leibmann’s system with modified Goto’s system, with a motivation to reduce security risks while maintaining authentication authority in the computing facility. Instead of deploying the authentication service with a static key pair, the server hosting the authentication service can generate ephemeral cryptography keys during operation to sign security tokens for proving authenticity. Upon receiving the security token, the platform service can first authenticate the included ephemeral public key as being genuine using the master signature. Upon successful authentication of the included ephemeral public key, the platform service can then authenticate the security token as being genuine using the authenticated ephemeral public key of the authentication service. Personnel having access to production servers may not have access to any ephemeral cryptography keys of the authentication service because such keys are generated during operation, not during production. Thus, security risks related to leaked cryptography keys of the authentication service can be reduced while authentication authority is maintained in the computing facility. [Leibmann, para. 14] 

Regarding claim 18, it recites features as similar to feature within claim 9, therefore, it is rejected in a similar manner.

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 20220038275 A1 to Hwang et al.
“in a method of creating a device unique encryption key, a processor transmits, to an execution-only memory device, a request for creating a unique encryption key for a specific device and an identifier of the specific device; the execution-only memory device executes an execution-only routine stored therein to create a unique encryption key; and the execution-only memory device outputs the created unique encryption key to the processor as the unique encryption key of the specific device, wherein a controller of the execution-only memory device obtains a unique key stored in an internal memory without external access, and processes a key calculation algorithm based on the identifier of the specific device received from the processor and the unique key to create the unique encryption key.”
US 20170279784 A1 to Kent
“A method includes receiving, from a certificate requestor: a request for a public key certificate and a list of a plurality of distribution addresses. The request may include a public key for the certificate requestor. The plurality of distribution addresses may belong to a plurality of third parties. The method further includes verifying an identity of the certificate requestor, and, in response to verifying the identity of the certificate requestor, retrieving a public key from the request for the public key certificate. The method may also include, in response to verifying the identity of the certificate requestor, generating the public key certificate and signing the public key certificate. The public key certificate may include the public key. The method may also include transmitting the signed public key certificate to the certificate requestor and the plurality of distribution addresses.”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434