DETAILED ACTION
This communication is in response to Applicant’s amendment filed on 05/13/2022. Claims 1 and 3-20 are directed towards SECURE PROVISIONING, BY A CLIENT DEVICE, CRYPTOGRAPHIC KEYS FOR EXPLOITING SERVICES PROVIDED BY AN OPERATOR. Claim 2 has been canceled, and claims 1, 10-11, 16, and 18-19 have been amended. Claims 1, and 3-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s amendments/arguments submitted on 05/13/2022 have been considered and are deemed to be persuasive, and therefore the examiner withdraws the previous office action claim objections, and claims rejection under 35 USC 112(b) and 35 USC 103.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Aldo Martinez (Reg. No. 61,357) on June 30, 2022.

The application has been amended as follows:

Claim 1. (Currently Amended) A method of descrambling a scrambled service, comprising:
transmitting a first challenge, by a client device to an operator server, wherein the first challenge including at least a unique identifier of the client device and an identifier of the operator server;
receiving, by the client device, in response to determining that the client device is entitled to descramble the scrambled service, a certificate corresponding to the client device;
 transmitting, by the [[a]] client device, a [[first]] second challenge to [[an]] the operator server, wherein the [[first]] second challenge requesting a license, and including at least [[a]] the certificate corresponding to the client device; 
receiving, by the client device in response to the [[first]] second challenge, [[a]] the license from the operator server, the license including at least a service key encrypted with a unique device-derived key; 
downloading, from the operator server, a global operator vault that stores a global operator seed;
determining, by the client device, the unique device-derived key by applying a [[predetermined]] cryptographic algorithm on [[a]] the global operator seed and a unique device key corresponding to the client device; 
decrypting, by the client device, the service key with the determined unique device-derived key; and 
receiving and descrambling, by the client device, the scrambled service using the service key[[,]].

 
Claim 2. (Canceled)  

Claim 3. (Currently Amendment) The method according to claim 1, further comprising extracting, by the client device, the global operator seed from the global operator vault.  

Claim 4. (Previously Presented) The method according to claim 3, wherein to extract the global operator seed from the global operator vault, the method further comprises decrypting the global operator vault with a global operator vault key received from the operator server by the client device with the certificate corresponding to the client device. 
 
Claim 5. (Previously Presented) The method according to claim 1, wherein the global operator vault is stored in non-volatile memory in the client device.  

Claim 6. (Previously Presented) The method according to claim 1, wherein the global operator value stores a plurality of global operator seeds corresponding to a plurality of cryptographic generations.  

Claim 7. (Previously Presented) The method according to claim 6, further comprising changing a cryptographic generation if a current global operator seed is compromised, or periodically changing the cryptographic generation.  

Claim 8. (Previously Presented) The method according to claim 1, wherein the service key incudes a content package key encrypted with the unique device-derived key, and a content key encrypted with the content package key.  

Claim 9. (Previously Presented) The method according to claim 8, further comprising:
decrypting, by the client device, the content package key with the unique device- derived key; and 
decrypting, by the client device, the content key with the content package key after the content package key is decrypted.  

Claim 10. (Currently Amended) A client device that descrambles a scrambled service, comprising: circuitry configured to
transmit a first challenge, by the client device to an operator server, wherein the first challenge including at least a unique identifier of the client device and an identifier of the operator server;
receive in response to determining that the client device is entitled to descramble the scrambled service, a certificate corresponding to the client device;
 transmit a [[first]] second challenge to [[an]] the operator server, wherein the [[first]] second challenge requesting a license, and including at least [[a]] the certificate corresponding to the client device; 
receive, in response to the [[first]] second challenge, [[a]] the license from the operator server, the license including at least a service key encrypted with a unique device- derived key; 
download, from the operator server, a global operator vault that stores a global operator seed;
determine the unique device-derived key by applying a [[predetermined]] cryptographic algorithm on [[a]] the global operator seed and a unique device key corresponding to the client device; 
decrypt the service key with the determined unique device-derived key; and 
receiving and descrambling the scrambled service using the service key[[,]].


Claim 11. (Currently Amended) A method of descrambling a scrambled service, comprising: 
receiving, by an operator server, a first challenge from a client device, the first challenge including at least [[an]] a unique identifier of the client device and an identifier of the operator server; 
determining, by the operator server, entitlement of the client device to descramble the scrambled service, based at least on the unique identifier of the client device;
determining, by the operator server, a unique device key corresponding to the client device, based at least on the unique identifier of the client device;
determining, by the operator server, in response to determining that [[when]] the client device is entitled to descramble the scrambled service, cryptographic algorithm to [[a]] the unique device key 
creating [[forming]], by the operator server, a unique cryptogram by encrypting the device-derived key with the global operator seed; 
transmitting, from the operator server to the client device, a first certificate corresponding to the client device, the first certificate including the unique cryptogram; 
receiving, by the operator server, a second challenge from the client device, the second challenge including a license request and at least a second certificate corresponding to the client device; and
 providing, from the operator server to the client device in response to the second challenge, [[a]] the license from the operator server, the license including at least a service key encrypted with the device-derived key, 
wherein the client device obtains the unique device-derived key from the unique cryptogram to decrypt the service key, and uses the service key 
   
Claim 12. (Previously Presented) The method according to claim 11, further comprising: providing, from the operator server to the client device, a global operator vault including the global operator seed.
  
Claim 13. (Previously Presented) The method according to claim 12, further comprising:
providing, from the operator server to the client device, a plurality of unique cryptograms corresponding to a plurality of encryption generations, wherein the global operator vault includes a plurality of global operator seeds corresponding to the plurality of encryption generations.  

Claim 14. (Previously Presented) The method according to claim 13, further comprising: 
changing a current encryption generation if a current global operator seed is compromised, or periodically changing the current encryption generation.  

Claim 15. (Previously Presented) The method according to claim 12, wherein the global operator vault is encrypted with a global operator vault key.  

Claim 16. (Currently Amended) The method according to claim 15, further comprising transmitting, by the operator server, the global operator vault key to the client device at a time when the first certificate corresponding to the client device is transmitted. 
 
Claim 17. (Previously Presented) The method according to claim 11, wherein the service key incudes a content package key encrypted with the device-derived key, and a content key encrypted with the content package key.

Claim 18. (Currently Amended) An operator server, comprising: circuity configured to 
receive a first challenge from a client device, the first challenge including at least [[an]] a unique identifier of the client device and an identifier of the operator server; 
determine entitlement of the client device to descramble [[the]] a scrambled service, based at least on the unique identifier of the client device;
determine a unique device key corresponding to the client device, based at least on the unique identifier of the client device;
determine in response to determining that [[when]] the client device is entitled to descramble the scrambled service, cryptographic algorithm to [[a]] the unique device key 
create [[form]] a unique cryptogram by encrypting the device-derived key with the global operator seed; 
transmit, to the client device, a first certificate corresponding to the client device, the first certificate including the unique cryptogram; 
receive a second challenge from the client device, the second challenge including a license request and at least a second certificate corresponding to the client device; and
 provide, to the client device in response to the second challenge, [[a]] the license from the operator server, the license including at least a service key encrypted with the device-derived key,
 wherein the client device obtains the unique device-derived key from the unique cryptogram to decrypt the service key, and uses the service key 
  
Claim 19. (Currently Amended) [[An]] The operator server according to claim 18, wherein the circuitry is further configured to: 
provide, to the client device, a plurality of unique cryptograms corresponding to a plurality of encryption generations, wherein [[the]] a global operator vault includes a plurality of global operator seeds corresponding to the plurality of encryption generations.  

Claim 20. (Previously Presented) The operator server according to claim 19, wherein the circuitry is further configured to change a current encryption generation if a current global operator seed is compromised, or to periodically change the current encryption generation.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
The closest prior arts of record are Wingert et al. US 2007/0206799 A1, Lam et al. US 2016/0182465 A1, and Schnell et al. US 2008/0255994 A1.
Wingert discloses a method for performing digital rights management for a plurality of content on a client device. The method includes generating an asymmetric key pair that comprises a public portion and a private portion and transmitting the public portion of the asymmetric key pair, receiving a first symmetric key and a second symmetric key. The first symmetric key can be encrypted using the public portion of the asymmetric key pair and the second symmetric key is associated with a plurality of content. The method include generating a key pair that comprises a public key and a private key and transmitting the public key to fetch a license file from a subscription server, then receiving license file information that includes header information and at least one symmetric key and decrypting a multimedia content based in part on header information contained in the license file.
Lam discloses a technique for extending security to a data object once it has been shared and during collaboration with others who have access rights to that data object. The approach combines group key-based client-side encryption to secure the data object as it travels, together with a digital rights management (DRM) layer that provides permission management that associates a set of permission rights that travel with the data object. computing entities have access to a DRM solution that includes, a rights management service and a DRM license server. Using the DRM solution, a user can associate a DRM license to a particular data object. The DRM license server can issue licenses and content keys to access the data object, and determine whether an entity can have an access to the data object.
Schnell discloses establishing a package that contains digital content and a preview license associated with the digital content, wherein the license includes content key, which is encrypted by domain public key. Therefore, when a personal computer receives the license, the personal computer uses domain private key to decrypt content key. In addition, when the personal computer receives content package, the personal computer decrypts the digital content with use of content key, and consume the digital content.
Even though, the prior art of record teaches systems and methods performing the above-mentioned steps, the prior art of record fails to disclose, individually or in combination, all the limitations in the manner recited in independent claims 1 and 10. Specifically, none of the above prior art discloses a method of descrambling a scrambled service, comprising: transmitting a first challenge, by a client device to an operator server, wherein the first challenge including at least a unique identifier of the client device and an identifier of the operator server; receiving, by the client device, in response to determining that the client device is entitled to descramble the scrambled service, a certificate corresponding to the client device; downloading, from the operator server, a global operator vault that stores a global operator seed; determining, by the client device, the unique device-derived key by applying a cryptographic algorithm on the global operator seed and a unique device key corresponding to the client device; decrypting, by the client device, the service key with the determined unique device-derived key. Therefore, the above limitations in conjunction with the remaining limitations of the independent claims render claims 1 and 10 allowable.
Even though, the prior art of record teaches systems and methods performing the above-mentioned steps, the prior art of record fails to disclose, individually or in combination, all the limitations in the manner recited in independent claims 11 and 18. Specifically, none of the above prior art discloses a method of descrambling a scrambled service, comprising: receiving, by an operator server, a first challenge from a client device, the first challenge including at least a unique identifier of the client device and an identifier of the operator server; determining, by the operator server, entitlement of the client device to descramble the scrambled service, based at least on the unique identifier of the client device; determining, by the operator server, a unique device key corresponding to the client device, based at least on the unique identifier of the client device; determining, by the operator server, in response to determining that the client device is entitled to descramble the scrambled service, a device-derived key by applying a cryptographic algorithm to the unique device key and a global operator seed corresponding to the operator server; creating, by the operator server, a unique cryptogram by encrypting the device-derived key with the global operator seed; transmitting, from the operator server to the client device, a first certificate corresponding to the client device, the first certificate including the unique cryptogram; and providing, from the operator server to the client device in response to the second challenge, the license from the operator server, the license including at least a service key encrypted with the device-derived key, wherein the client device obtains the unique device-derived key from the unique cryptogram to decrypt the service key, and uses the service key  to descramble the scrambled service. Therefore, the above limitations in conjunction with the remaining limitations of the independent claim render claims 11 and 18 allowable.
Furthermore, the above additional elements in the claim provide meaningful limitations that transforms an abstract idea into patent eligible. The claim as a whole amounts to significantly more than the abstract idea itself. This is because the claim as a whole effects an improvement to another technology or technical field. The pending claims when taken as an ordered combination, result in the claims amounting to significantly more than the abstract idea and provide meaningful limitations beyond generally linking the use of the abstract idea to a particular technological environment.
None of the references of record alone, or in combination, anticipate or reasonably render the independent claims (1, 10, 11, and 18) obvious. For these reasons claims 1, 10, 11, and 18 are deemed to be allowable over the prior art of record, and claims 3-9, 12-17 and 19-20 are allowed by dependency.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492