DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Comments
The Examiner attempted to compact prosecution by contacting the Attorney of Record in an attempt to obtain a terminal disclaimer to issue a Notice of Allowance in the instant case.  A call was placed to the customer number of record whereby the Examiner was given a direct number to Landon Wiebusch.  The Examiner attempted calling on July 25th and July 26th wherein there was no answer, and voicemail options were not made available.

Information Disclosure Statement
The information disclosure statements (IDS) submitted are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-28 of U.S. Patent No. 10,382,206.  Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are anticipated by the patented claims in that the claims of the patent contain all of the limitations of the instant application.  Claims 1-20 of the instant application therefore are not patentably distinct from the earlier filed patented claims, and as such, is unpatentable for obvious type double patenting.

17/146,297

1. A method for secure authentication, the method comprising: receiving, by a home subscriber server (HSS) in a home network, an authentication and data request message from a mobility management entity (MME) in a serving network, the authentication and data request message including an encrypted portion, a first random number, and a first International Mobile Subscriber Identity (IMSI) associated with a user equipment (UE); obtaining, by the HSS, a first encryption key based on the first IMSI and the first random number; decrypting, by the HSS, the encrypted portion using the first encryption key to obtain a second random number; obtaining, by the HSS, a second encryption key based on the first IMSI and the second random number; and sending, by the HSS, an authentication and data response message to the MME, the authentication and data response message including the second encryption key.

2. The method of claim 1, further comprising generating, by the HSS, at least one authentication vector, wherein the authentication and data response message further includes the at least one authentication vector.  
3. The method of claim 1, further comprising verifying an integrity of the authentication and data request message.  
4. The method of claim 3, wherein decrypting the encrypted portion further obtains at least one of a second IMSI or a third random number.  
5. The method of claim 4, wherein verifying the integrity of the authentication and data request message comprises at least one of comparing the second IMSI to the first IMSI or comparing the third random number to the first random number.  
6. The method of claim 1, wherein the encrypted portion is an encrypted inner portion.  
7. The method of claim 1, wherein the second random number is generated by the UE.  
8. The method of claim 1, wherein the second random number is generated by the HSS.  
9. The method of claim 1, wherein the second encryption key is generated by the HSS.  
10. The method of claim 1, further comprising receiving at least one of the first encryption key or the second encryption key from an authentication server.
11. A home subscriber server (HSS) in a home network, the HSS comprising: a processor; and a non-transitory computer readable storage medium storing programming for execution by the processor, the programming including instructions to: receive an authentication and data request message from a mobility management entity (MME) in a serving network, the authentication and data request message including an encrypted portion, a first random number, and a first International Mobile Subscriber Identity (IMSI) associated with a user equipment (UE); obtain a first encryption key based on the first IMSI and the first random number; decrypt the encrypted portion using the first encryption key to obtain a second random number; obtain a second encryption key based on the first IMSI and the second random number; and send an authentication and data response message to the MME, the authentication and data response message including the second encryption key.12. The HSS of claim 11, the instructions further to generate at least one authentication vector, wherein the authentication and data response message further includes the at least one authentication vector.  
13. The HSS of claim 11, the instructions further to verify an integrity of the authentication and data request message.  
14. The HSS of claim 13, wherein decrypting the encrypted portion further obtains at least one of a second IMSI or a third random number.  
15. The HSS of claim 14, wherein the instructions to verify the integrity of the authentication and data request message comprises instructions to at least one of compare the second IMSI to the first IMSI or compare the third random number to the first random number.  
16. The HSS of claim 11, wherein the encrypted portion is an encrypted inner portion.  
17. The HSS of claim 11, wherein the second random number is generated by the UE.  
18. The HSS of claim 11, wherein the second random number is generated by the UE.  
19. The HSS of claim 11, wherein the second encryption key is generated by the HSS.  
20. The HSS of claim 11, the instructions further to receive at least one of the first encryption key or the second encryption key from an authentication server.

U.S. Patent 10,382,206

1. A method for secure authentication, the method comprising: generating, by a user equipment (UE), a first integrity key based at least on a pre-provisioned key (K key) of the UE and a first random number (RAND1); generating a message authentication code (MAC) signature by computing a hash function of UE specific information using the first integrity key, the UE specific information including at least an International Mobile Subscriber Identity (IMSI) of the UE and the RAND1; encrypting the UE specific information and the MAC signature using a public key to form an encrypted portion; and sending an initial authentication request (IAR) message to a base station in a serving network, the IAR message carrying the encrypted portion and an unencrypted network identifier.2. The method of claim 1, wherein the public key belongs to a public-private key pair associated with the serving network, and wherein the unencrypted network identifier is a serving network identifier (SID) of the serving network.  
3. The method of claim 2, wherein the SID identifies a specific one of a plurality of public-private keys pairs associated with the serving network.  
4. The method of claim 1, wherein the public key belongs to a public-private key pair associated with a home network of the UE, and wherein the unencrypted network identifier is a home network identifier (HID) of the home network.  
5. The method of claim 4, wherein the HID identifies a specific one of a plurality of public-private keys pairs associated with the home network.  
6. The method of claim 1, wherein the first integrity key is generated based at least the K key, the RAND1, and a COUNTER.  
7. The method of claim 1, wherein UE specific information further includes a second random number (RAND2).  
8. The method of claim 7, further comprising:  HW 85000797USo3Page 2 of 8generating, by the UE, an encryption key based on the K key of the UE and the RAND2; receiving, by the UE, an initial authentication response (IAS) message in response to the IAR message; and decrypting, by the UE, the IAS using the encryption key.
9. The method of claim 7, further comprising: generating, by the UE, a first integrity key and a first decryption key based on the K key of the UE and the RAND2; receiving, by the UE, an initial authentication response (IAS) message in response to the IAR message, the IAS message including an outer portion and a first MAC signature, the outer portion including at least an encrypted inner portion and a random number; determining whether the RAND2 matches the random number in the outer portion of the IAS message; generating a second MAC signature by computing a hash function of the outer portion of the IAS message; comparing the second MAC signature with the first MAC signature in the IAS message; decrypting the encrypted inner portion using the first decryption key when the second MAC signature matches the first MAC signature; and verifying the integrity of the IAS message when a counter in the IAS message exceeds an independent counter maintained by the UE.  
10. The method of claim 1, wherein UE specific information further includes one or more UE securities capability parameters.  
11. The method of claim 1, further comprising: sending a security and authentication complete message to the MME, the security and authentication complete message indicating that the UE has confirmed authentication and security establishment.  
12. The method of claim 1, wherein IMSI identifies a subscriber identity module (SIM) card installed in the UE.13. A method for secure authentication, the method comprising: receiving, by a home subscriber server (HSS) in a home network, an authentication and data request message from a mobility management entity (MME) in a serving network, the authentication and data request message carrying a home network identifier (HID) and an encrypted portion; decrypting the encrypted portion using a home network private key associated with the HID to obtain user equipment (UE) specific information and a first Message authentication code (MAC) signature, the UE specific information including at least an International Mobile Subscriber Identity (IMSI) of the UE and a first random number (RAND1); obtaining a first integrity key based on the IMSI of the UE and the RAND1; and verifying the integrity of the authentication and data request message, wherein verifying the integrity of the authentication and data request message comprises generating a second MAC signature by computing a hash function of UE specific information using the first integrity key, and comparing the second MAC signature with the first MAC signature to determine whether the UE specific information originated from the UE.
14. The method of claim 13, wherein verifying the integrity of the authentication and data request message further comprises verifying that the authentication and data message is not a replay attack when a counter in the authentication and data message exceeds an independent counter maintained by the HSS.  
15.The method of claim 13, wherein obtaining the first integrity key based on the IMSI of the UE and the RAND1 comprises sending an authentication request carrying the IMSI and the RAND1 to an authentication server, and receiving, in response to the authentication request, an authentication response carrying the first integrity key from the authentication server.16. The method of claim 13, wherein UE specific information further includes a second random number (RAND2).17. The method of claim 13, further comprising: obtaining a second integrity key based on the IMSI of the UE and the RAND2; and transmitting an authentication information response message to the MME in response to the authentication and data request message, the authentication and data response message including the second integrity key.18. The method of claim 17, wherein obtaining the second integrity key based on the IMSI of the UE and the RAND2 comprises sending an authentication request carrying the IMSI and the RAND2 to an authentication server, and receiving, in response to the authentication request, an authentication response carrying the second integrity key from the authentication server.  
19. The method of claim 18, wherein the authentication response further includes an encryption key.20. A method for secure authentication, the method comprising: generating, by a user equipment (UE), a first encryption key based on a pre-provisioned key of the UE and a first random number (RAND1); encrypting at least an International Mobile Subscriber Identity (IMSI) of the UE and the RAND1 using the first encryption key to form an encrypted inner portion; encrypting at least the inner portion, the RAND1, and the IMSI using a public key to form an encrypted outer portion; and sending an initial authentication request (IAR) message to a base station in a serving network, the IAR message carrying the encrypted outer portion and an unencrypted network identifier.
21. The method of claim 20, wherein the public key belongs to a public-private key pair associated with the serving network, and wherein the unencrypted network identifier is a serving network identifier (SID) of the serving network.  
22. The method of claim 21, wherein the public key belongs to a public-private key pair associated with a home network of the UE, and wherein the unencrypted network identifier is an unencrypted home network identifier (HID) of the home network.23. The method of claim 21, wherein a second random number (RAND2) is encrypted along with the IMSI and the RAND1 to form the encrypted inner portion.24. The method of claim 21, further comprising: receiving an initial authentication response (IAS) message from the MME, the IAS message including encrypted data and an unencrypted random number.25. The method of claim 24, further comprising: comparing the unencrypted random number in the IAS message with the RAND2; generating a second encryption key based on the pre-provisioned key of the UE and the RAND2 when the unencrypted random number in the IAS message matches the RAND2; and decrypting the encrypted data in the IAS message using the second encryption key to obtain a key set identifier (KSI) associated with a non-access stratum (NAS) ciphering algorithm.  
26. The method of claim 20, further comprising: sending a security and authentication complete message to the MME, the security and authentication complete message indicating that the UE has confirmed authentication and security establishment.  
27. A method for secure authentication, the method comprising: receiving, by a mobility management entity (MME) in a serving network, an initial authentication request (IAR) message from a user equipment (UE), the IAR message carrying an encrypted outer portion and an unencrypted network identifier; decrypting the encrypted outer portion using a private key associated with the serving network to obtain an International Mobile Subscriber Identity (IMSI) of the UE, a first random number (RAND1), and an encrypted inner portion; and sending an authentication and data request message to a home subscriber server (HSS) in a home network of the UE, the authentication and data request message including at least the IMSI, RAND1, and the encrypted inner portion.28. A method for secure authentication, the method comprising: receiving, by a home subscriber server (HSS) in a home network, an authentication and data request message from a mobility management entity (MME) in a serving network, the authentication and data request message carrying at least an encrypted outer portion; decrypting the encrypted outer portion using a private key associated with the home network to obtain an International Mobile Subscriber Identity (IMSI) of a user equipment (UE), a first random number (RAND1), and an encrypted inner-portion; generating a first encryption key based on a pre-provisioned key (K key) of the UE and the RAND1; decrypting the encrypted inner-portion based on the first encryption key to obtain a second random number (RAND2); generating a second encryption key based on the pre-provisioned key of the UE and the RAND2; and sending an authentication and data response message carrying the second encryption key to the MME, the second encryption key being used to encrypt and decrypt non-access stratum (NAS) protocol messages exchanged between the MME and the UE.



Allowable Subject Matter
Claims 1-20 are allowed, however the claims are currently rejected under obvious-type double patenting requiring the filing of a terminal disclaimer.
The following is a statement of reasons for the indication of allowable subject matter:

The teachings of Radjadurai et al, U.S. Patent 9,037,112 disclose of a secured remote provisioning of a universal integrated circuit card (UICC) residing in user equipment (UE), see column 4, lines 5-6.  A home subscriber server (HSS) derives a subscription key associated with the registration of the UE using a shared key and a random number.  An international mobile subscriber identity (IMSI) is generated for the UE using the subscription key.  Security keys are used to encrypt the IMSI and random number for the UE, which is then provided to the UE.  The UE derives the subscription key using the shared key and random number, then stores the subscription key and IMSI in the UICC residing in the UE, see column 6, line 65 through column 7, line 14.
The teachings of Suh et al, U.S. Patent 8,861,732 disclose providing support for security of user equipment (UE) whereby a provisioning request is sent to an authentication key management center (AKC).  The UE information is verified, which includes a random number, selecting a security key and an index of the security key, then transmits the security key and encrypted index to a mobility management entity (MME).  The MME receives an international mobile subscriber identity (IMSI) from a home subscriber server (HSS).  A provisioning response message is then provided to the UE, the provisioning response message includes the encrypted index of the security key and IMSI.  The UE selects the security key based on the encrypted index of the security key, and then stores the selected security key and IMSI, see column 2, lines 27-45.
As per claim 1, it was not found to be taught in the prior art of at least an authentication and data request message from a Mobility Management Entity (MME) including an encrypted portion, a first random number, and a first International Mobile Subscriber Identity (IMSI) associated with a user equipment (UE); obtaining, by a Home Subscriber Server (HSS), a first encryption key based on the first IMSI and the first random number; decrypting, by the HSS, the encrypted portion using the first encryption key to obtain a second random number; obtaining, by the HSS, a second encryption key based on the first IMSI and the second random number; and sending, by the HSS, an authentication and data response message to the MME that includes the second encryption key.
Claim 11 is similar in scope to independent claim 1, and is allowable for similar reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Weber et al, US 2013/0174252 is relied upon for disclosing of an encryption key consisting of a unique seed value derived from a host computing device, hashed value of a user’s unique device ID and/or a user’s password, see paragraph 0042.
Rajadurai et al, WO 2011/115407 A2 is relied upon for disclosing of an authentication and authorization server providing an IMSI, random number, and encrypted shared key to user equipment, see paragraph 60, pages 7-8.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431