Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received 7/17/2020.
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/2/2020 and 9/17/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Notes
Claims 15-20 are directed to one or more computer readable media storing instructions ... Paragraph [0165] of the original specification disclose “As defined herein, the computer readable media does not include transitory media, such as modulated data signals and carrier waves”.

Informalities
Claim 14 recites: “recording address information of the requesting party is and querying whether the requesting party is a secure element or a secure device if the authentication is passed”; the correct limitation is “recording address information of the requesting party [[is]] and querying whether the requesting party is a secure element or a secure device if the authentication is passed”. Correction is kindly requested

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 5-8, 11-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 5-7, 11 and 19 recite an APDU, without defining the acronym, rendering the limitation unclear.
Claim 12 recites undefined acronyms: MAC, IP CPLC, claim 13 recites MAC, IP, making the limitation unclear.
Correction in kindly requested.
Claim 8 is indefinite because the claim recites “transparently transmitting the received trusted service request ...”, and it cannot be ascertained the scope of “transparently”, which is a relative term. 
Claim 8 is also rejected because the claim recites “initiating the trusted service request message to the server  ... comprises transparently transmitting the received trusted service request message that is initiated by the computing unit”. The limitation is unclear and contradictory as the entity initiating the trusted service request message to the server is not actually initiating the trusted service request message, but rather the computing unit is initiating it. Correction or clarification is requested.
Claim 14 is rejected because it lacks clarity: the claim recites: obtaining an identification identifier and address information of a computing unit; ... initiating a trusted service request message to a server ... using the identification identifier of the computing unit,  ... transmitting the ... response message to the computing unit ...; wherein obtaining the identification identifier and the address information comprises: receiving a request from a requesting party ... (and other limitations recited in claim 14). It is unclear what relationships there are between a computing unit and a requesting party, the authentication of the requesting party leads to obtaining the identification identifier of the computing unit, are the requesting party and the computing unit the same entity?  Claim claim also recites : receiving and obtaining the identification, which seems redundant. Clarification is kindly requested.
Claims 15 and its dependent claims 16-19 are being rejected because the claims recite: obtaining a matching data packet according to the identification identifier ... and parsing out trusted service data from the data packet. 
“a matching data packet” is unclear, what is it the data packet matched to? Additionally, “the data packet” lacks antecedent basis and renders the claim indefinite. Correction is kindly requested.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 13, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20120172026 to Kwon et al., hereinafter Kwon, and further in view of US 20130151400 to Makhotin et al., hereinafter Makhotin. Makhotin is cited in IDS dated 9/17/2021.

Regarding claim 1, Kwon discloses a method implemented by a computing device, the method comprising: obtaining an identification identifier of a computing unit  ([0041][0042]: TSM obtains device information including identification from mobile device); initiating a trusted service request message to a server that provides trusted service management using the identification identifier of the computing unit ([0042][0043]: upon receipt of the device information, TSM initiates a message to WMS); and receiving a corresponding trusted service response message, and transmitting the trusted service response message to the computing unit ([0043]: TSM receives from WMS order  to provision applet (WMA) to mobile with device information such as CPLC, CSN, mobile ID ...).  
Kwon discloses a device profile management including hardware and software specific to mobile devices ([0031])  but does not explicitly teach obtaining address information of a computing unit ; obtaining a mapping table for the identification identifier and the address information of the computing unit ...
In an analogous art, Makhotin discloses a hub comprising a central trusted service manager and a routing table module comprising routing information and identifiers for each entity coupled to the hub  (Fig. 1, [0047][0067]). Makhotin discloses obtaining address information of a computing unit ([0067] routing table includes interfaced entities address); obtaining a mapping table for the identification identifier and the address information of the computing unit ([0047[0067]: routing table include identifiers and addresses of communicating entities), transmitting the trusted service  message to the computing unit according to the mapping table ([0064]: message delivered to recipient by determining a routing address from the routing table). It would have been obvious to a skilled artisan before effective filing date of the present application to include a routing table in TSM/WMS of Kwon and teach the claim because using a routing table to identify address used to route a message is a standard practice and would not have necessitated any testing.

Regarding claim 2, Kwon in view of Makhotin discloses the method of claim 1, wherein the computing unit comprises a secure element or a secure device embedded with the secure element (Kwon Fig. 1, mobile device 100 with SE).  

Regarding claim 3, Kwon in view of Makhotin discloses the method of claim 2, further comprising: receiving an execution result returned by the computing unit, and sending the execution result to the server that provides the trusted service management (Kwon [0050][0051] mobile device executes APDU commands, then sends the result back to the TSM/WMS system).

Regarding claim 13, Kwon in view of Makhotin discloses the method of claim 1, wherein the identification identifier comprises a production life cycle (CPLC) of a secure element of the computing unit, and the address information comprises one or more of: a MAC or an IP of the secure element or the secure device (Makhotin [0047][0067] routing table module comprising routing information and identifiers for each entity coupled to the hub, wherein the identifiers are CPLC (Kwon [0041], see motivation in claim 1).  

Regarding claim 15, Kwon in view of Makhotin discloses one or more computer readable media storing executable instructions that, when executed by one or more processors of a computing unit, cause the one or more processors to perform acts comprising: reporting identification identifier of a computing unit ([0041][0042]: mobile device provides device information including identification to TSM); identifying and obtaining a matching data packet according to the identification identifier from a received data message ([0043], Fig. 2: receive WMA 21 with device identifiers, including container (matching data packet) and applet), and parsing out trusted service data from the data packet; and executing an instruction included in the trusted service data, and returning an execution result [0050][0051][0062] mobile device processes received packet comprising APDU commands,   executes the APDU commands, then sends the result back to the TSM/WMS system).  
Kwon does not explicitly disclose reporting address information of a computing unit; 
In an analogous art, Makhotin discloses a hub comprising a central trusted service manager and a routing table module comprising routing information and identifiers for each entity coupled to the hub  (Fig. 1, [0047][0067]). Makhotin discloses obtaining address information of a computing unit ([0067] routing table includes interfaced entities address). It would have been obvious to a skilled artisan before effective filing date of the present application to report  address information as well as identification data because it would allow mapping devices’ identifiers to addresses and facilitate routing of messages.

Regarding claim 16, Kwon in view of Makhotin discloses the one or more computer readable media of claim 15, wherein the computing unit further comprises a secure element or a secure device embedded with a secure element (Kwon Fig. 1, mobile device 100 with SE).

Regarding claim 20, the claim recites substantially the same content as claim 1 and is rejected using the same rationales as claim 1.


Claim 4 is rejected under 35 USC 103 as being unpatentable over Kwon and Makhotin, in view of US 20160275504 to Koh et al., hereinafter Koh.

Regarding claim 4, Kwon in view of Makhotin discloses the method of claim 3, but does not teach the rest of the claim. In an analogous art, Koh discloses  provisioning an application in a mobile device ([0003]), where downloading an application at the TSM must be preceded by creating a SSD on the security element ([0092]-[0096]), a secure channel is established with a provider after receiving the device information (e.g. CPLC) ([0099], the TSM server contacts the service provider to prepare to STORE DATA APDUs and download the application to the SE (Fig. 2B. steps 240-246, [012]). Therefore Koh discloses wherein: when the execution result returned by the computing unit is a successful creation of a security domain, the method further comprises: initiating an application download request to a SP-TSM using the identification identifier of the computing unit after ([0102]) receiving the successful creation of the security domain returned by the computing unit, wherein the SP-TSM is a server of a service provider of the trusted service management ([0092]-[0096]). It would have been obvious to a skilled artisan before the effective filing date of the instant application to successfully create a security domain and download the application as taught by Koh because it would ensure keys specific to the domain are installed in the secure element to secure applications delivery to the SE (Koh [0055],[0066]).

Claims 8-9 are rejected under 35 USC 103 as being unpatentable over Kwon and Makhotin, in view of US 20070162394 to Zager et al., hereinafter Zager.

Regarding claim 8, Kwon in view of Makhotin discloses the method of claim 1, but does not discloses the rest of the claim. In an analogous art Zager discloses a message authentication service intercepting and inspected messages from a sender to a recipient ([0015]), wherein initiating the trusted service request message to the server that provides the trusted service management comprises transparently transmitting the received trusted service request message that is initiated by the computing unit ([0045]:  a message authentication service acts as a transparent bridge or a transparent proxy identifying rapidly the sender and  interacting with an authentication server ). It would have been obvious to a skilled artisan before the effective filing date of the instant application to have the hub in Kwon/Makhotin operates as a transparent proxy because it would operate unbeknownst to the sender ([0015]) and constitutes an efficient traffic management tools to identify abuses. 

Regarding claim 9, Kwon in view of Makhotin discloses the method of claim 1,  but does not teach the rest of the claim. In an analogous art, Zager disclose wherein initiating the trusted service request message to the server that provides the trusted service management using the identification identifier of the computing unit comprises initiating the trusted service request message in real-time or in a batch manner ([0037]: real-time determination of the identification of the server to request service from). .  It would have been obvious to a skilled artisan before the effective filing date of the instant application to have the hub in Kwon/Makhotin initiating the request to the server in real-time for a better efficiency of processing messages.

Claim 10-12, 14 and 17-18 are rejected under 35 USC 103 as being unpatentable over Kwon and Makhotin, in view of US 10833881 to Jindal et al., hereinafter Jindal.

Regarding claim 10, Kwon in view of Makhotin discloses the method of claim 1, but does not teach broadcasting the message. However, broadcasting is a very well known technique of delivering information, as evidenced by Jindal. Jindal, in an analogous art, discloses a gateway (Fig. 1A) broadcasting a received message to other devices in the network (col.2:25-40); therefore, Jindal teaches wherein transmitting the trusted service response message to the computing unit comprises: transmitting the trusted service response message to the computing unit in a broadcast mode.  
 It would have been obvious to a skilled artisan before the effective filing data of the application to have the hub of Kwon/Makhotin  broadcast the response message as taught by Jindal because it would efficiently deliver the message to a set of devices without delay, as opposed to performing unicast messages individually to receiving devices (Jindal col.2:62-67).

Regarding claim 11, Kwon in view of Makhotin and Jindal discloses the method of claim 10, wherein transmitting the response message to the computing unit in the broadcast mode comprises: assembling the trusted service response message into a broadcast data message according to a packaging protocol (Jindal col.5:23-27: add publication information to message) ; and broadcasting the broadcast data message according to a mapping table (Jindal col.5:53-60: broadcast as indicated in subscription table), wherein the packaging protocol includes at least relevant information of the following fields: packet header information and APDU data (Kwon [0049]: APDU commands, the message including a header (Jindal col.9:20-24, see claim 10 for motivation).
Regarding claim 12, Kwon in view of Makhotin and Jindal discloses the method of claim 11, wherein: if the address information is a MAC and/or an IP of the secure element or the secure device, the mapping table comprises any one of the following correspondence relationships: a correspondence relationship between CPLC and MAC, a correspondence relationship between CPLC and IP, a correspondence relationship among CPLC, MAC and IP (Makhotin [0047][0067] routing table module comprising routing information and identifiers for each entity coupled to the hub, wherein the identifiers are CPLC (Kwon [0041], see motivation in claim 1).

Regarding claim 14, Kwon in view of Makhotin discloses the method of claim 1, but does not teach the rest of the claim. In an analogous art, Jindal discloses wherein obtaining the identification identifier and the address information of the computing unit comprises the following processing: receiving a request from a requesting party, and performing an operation of connection and gateway authentication on the requesting party; recording address information of the requesting party [[is]] (Jindal col.3:41-50, col.3:52-63: gateway receive a connection request from a device, authenticate the device and register the device identifier in table) and querying whether the requesting party is a secure element or a secure device if the authentication is passed (col.11:45-67: authenticate requestor and verify whether the has permission); sending a request for obtaining the identification identifier of the computing unit if affirmative (col.12:update the device identifier in table); and receiving and obtaining the identification identifier of the computing unit (col.13:52-67:obtain information from the table and provide broadcast topic to target).  It would have been obvious to a skilled artisan before the effective filing data of the application to record the address if authentication succeeds ... as taught by Jindal because it would ensure verified devices are recorded and are provided messages, enhancing security.

Regarding claim 17, Kwon in view of Makhotin discloses the one or more computer readable media of claim 16 but does not explicitly teach the rest of the claim.
Jindal, in an analogous art, discloses a gateway (Fig. 1A) broadcasting received  message to other devices in the network (col.2:25-40); therefore, Jindal teaches wherein the received data message is a received broadcast data message, and wherein the broadcast data message is a data message broadcasted by a gateway accessed by the computing unit. It would have been obvious to a skilled artisan before the effective filing data of the application to have the computing unit receive from the hub of Kwon/Makhotin  a broadcast message as taught by Jindal because broadcasting would efficiently deliver the message to a set of devices without delay, as opposed to performing unicast messages individually to receiving devices (Jindal col.2:62-67).

Regarding claim 18, Kwon in view of Makhotin discloses the one or more computer readable media of claim 16, wherein identifying and obtaining the matching data packet according to the identification identifier from the received data packet comprises: recognizing and obtaining the matching data packet from the received data message according to the identification identifier thereof (Kwon [0064]: use information included in the WMA container to check for expiration dates). Kwon in view of Makhotin does not but Jindal teaches the received broadcast data message (col.2:25-40); It would have been obvious to a skilled artisan before the effective filing data of the application to have the computing unit receive from the hub of Kwon/Makhotin  a broadcast message as taught by Jindal because broadcasting would efficiently deliver the message to a set of devices without delay, as opposed to performing unicast messages individually to receiving devices (Jindal col.2:62-67).



Allowable Subject Matter
Claims 5-7 and 19 recite allowable matter.
Kwon in view of Makhotin or any other prior art of the record fail to teach:
 “the method of claim 3, wherein when the trusted service request message is an application download request, the corresponding trusted service response message comprises: an APDU formed by assembling and encrypting an application program requested to be downloaded by a SP-TSM, wherein, the APDU is packaged into a broadcast data packet by a gateway according to the packaging protocol, and is sent out in a broadcast form”, as recited in claim 5. 

“method of claim 3, wherein: when the execution result returned by the computing unit is an application installation state report APDU, the method further comprises: returning a state report APDU to a SP-TSM after receiving the execution result returned by the computing unit”, as recited in claim 6.

“method of claim 6, wherein: when the execution result returned by the computing unit is an application installation state report APDU, after the gateway returns the state report APDU to the SP-TSM, the method further comprises: sending a personalized request to the SP-TSM using the identification identifier of the computing unit, wherein the SP-TSM obtains personalized data according to the personalized request and sends the personalized data to the computing device in an APDU data format, and the computing device collects data and assembles into a broadcast packet, which is broadcasted to the computing unit according to a mapping table “, as recited in claim 7.

“one or more computer readable media of claim 16, wherein executing the instruction included in the trusted service data, and returning the execution result comprise: communicating with the secure element embedded in the secure device according to APDU data; decrypting the APDU data through the secure element, executing an APDU instruction obtained after decryption, and encrypting the execution result to form state report APDU data; and reporting the state report APDU data to the gateway through the secure device, and further returning the state report APDU data to a server that provides the trusted service through the gateway”, as recited in claim 19.


Therefore, claims 5-7 and 19 are allowable. Claims 5-7 and 19 are being objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ravindranath et al 20140297524 disclose transmitting a wallet activation request to a wallet server, wherein the wallet server transmits the activation request to a central trusted service manager (TSM), and wherein the wallet server receives one or more push messages including activation data from the TSM.
Emelyanov et al 9716688 disclose an ARP Proxy aware of the location of the traffic's destination. The ARP Proxy offers its own MAC address in reply, effectively saying “send it to me, and I will get it to where it needs to go.” Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy. The “captured” traffic is, then, routed by the Proxy to the intended destination via another interface or via a tunnel. Note that the ARP used as an example of broadcast protocol and any other broadcast protocol and the proxy can be used.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        6/18/2022