Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 06/10/2022 was filed after the mailing date of the application no. 16/982,146 on 09/18/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Detailed action 
Claims 1, 2, 4-7, 11-13, 15, 18-21, 23-24, 27, 30 and 33 are pending and are being considered.
Claims 1, 2, 5, 11, 15, 18, 30 and 33 are amended.
Claim 22 have been canceled.

Response to 103
	Applicants arguments filed on 06/15/2022 have been fully considered and are not persuasive. 
A.	Argument regarding claim 1:
	In response to applicants argument that the cited reference fails to teach the amended limitation of “using the MSK to encrypt the data, thereby producing encrypted data and transmitting the encrypted data to the network node”. The applicant argues that Session key (i.e. MSK) of Park (i.e. primary reference) teaches decoding the data using the session key. Park does not teach encrypting the data using the MSK. The examiner acknowledges applicants point of view but respectfully disagrees because Park on [0123 and 0208-0212] explicitly teach generating the encrypted profile package using the session key and transmuting the encrypted profile package.
B.	Argument regarding claim 18:
	In response to applicant’s argument that the cited reference fails to teach the limitation “the authentication server providing the MSK to a network node in the network for the network node to use the MSK when establishing the secure communication with the communications device” which was originally presented in claim 22. Applicants argues that the Jonghan (i.e. secondary reference) on [page 20 last 5 para ] fails to teach authentication server providing MSK to a network node instead teaches interaction between eUICC and the terminal. The examiner acknowledges applicants point of view but respectfully disagrees because the cited portion of Jonghan explicitly teaches the SM-DP 775 (i.e. authentication server in instant case) derives a secure channel session key (i.e. MSK). Terminal 790 transmitting secure channel request to eUICC (i.e. establishing secure communication) and the eUICC obtains the secure channel session key. i.e. The secure session key is derived by the server and transmitted to eUICC (i.e. node in a network) for establishing secure communication.
 c. 	Argument regarding claims 30 and 33:
	The above response regarding claims 1 and 18 is equally applicable to independent claims 30 and 33.
Election by Original Presentation 
Newly submitted claim 39-41 directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: 
Claims 1, 2, 4-7, 11-13, 15, 18-24, 27, 30 and 33 drawn to method of communication between communication device and authentication server. The method further comprises a first message between communication device and authentication server comprising an identity module challenge, a second message between communication device and authentication server comprising authentication server ephemeral public key, challenge and signature and a third message between communication device and authentication server comprising communication device ephemeral public key and identity module signature for remote subscription profile download. 
Claims 39-41 drawn to a method of communication between communication device and network node, the communication device transmits an attachment request towards network node, the communication device obtains a challenge and transmits challenge in a response message to the network node, after transmitting the challenge receiving form network node another request generated by the authentication server comprising public of authentication server in response the communication devise establishes secret using ephemeral public key of authentication server and private key of the communication device.
Invention I and II are related as a method for its practice. The feature recited in Group II are not required of claims recited in invention of Group I. Claims 1, 2, 4-7, 11-13, 15, 18-24, 27, 30, 33 and 39-41 are directed to related processes. The related inventions are distinct if: (1) the inventions as claimed are either not capable of use together or can have a materially different design, mode of operation, function, or effect; (2) the inventions do not overlap in scope, i.e., are mutually exclusive; and (3) the inventions as claimed are not obvious variants. See MPEP § 806.05(j). In the instant case, the inventions as claimed have materially different modes of operation. For example, newly added Claims 39-41, directed to a method of communication between communication device and network node, the communication device transmits an attachment request towards network node, the communication device obtains a challenge and transmits challenge in a response message to the network node, after transmitting the challenge receiving form network node another request generated by the authentication server comprising public of authentication server in response the communication devise establishes secret using ephemeral public key of authentication server and private key of the communication device.
Restriction for examination purposes as indicated is proper because all these inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because one or more of the following reasons apply:
(a)    the inventions have acquired a separate status in the art in view of their different classification;
(b)    the inventions have acquired a separate status in the art due to their recognized divergent subject matter;
(c)    the inventions require a different field of search (for example, searching different classes/subclasses or electronic resources, or employing different search queries);
(d)    the prior art applicable to one invention would not likely be applicable to another invention;
(e) the inventions are likely to raise different non-prior art issues under 35 U.S.C. 101 and/or 35 U.S.C. 112, first paragraph
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits.  Accordingly, claims 39-41 withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03.


CLAIM INTERPRETATION

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: identity module in claims 30 and 33.

Claim limitation(s) “identity module” of claims 30 and 33 gives their broadest reasonable interpretation of the claim elements with a limited description in the specification. The examiner notes that these elements lie within the communication device have circuitry. Accordingly claims 30 and 33 invoke 35 U.S.C. 112 (f) or sixth paragraph, but the corresponding structure is described.

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4-7, 12, 13, 18-21, 23, 30 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Park et al (hereinafter Park) (US 20160301529 ) in view of Park Jonghan et al (hereinafter Jonghan) (WO2016178548)(i.e. English translation is used for examination).

Regarding claim 1 Park teaches A method for initial network authentication between a communications device and a network, the method being performed by the communications device (Park on [0043] teaches a network access authentication method performed by mobile communication terminal);
wherein the communications device comprises an identity module supporting remote subscription profile download (Park on [0043-0044] teaches a universal integrated circuit card (UICC) (i.e. identity module) is a smart card inserted into a mobile communication terminal. The UICC includes communication applications such as a subscriber identification module (SIM), teaches the eUICC may use an over the air (OTA) technology to download and install a profile. The eUICC may be called the UICC which may download and install a profile);
and wherein the identity module comprises credentials for remote subscription profile download, the method comprising (Park on [0195] teaches eUiCC may generate certification information Certificate_Info (i.e. credential) and send it to terminal for downloading profile);
 performing a first message exchange with an authentication server (Park on [0196] teaches  the terminal 620 may transfer the eUICC challenge (i.e. first message) and the Certificate_Info);
 wherein the first message exchange comprises an identity module challenge obtained from the identity module being transmitted to the authentication server from the communications device (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message comprising challenge) to profile providing server);
 receiving a second message from the authentication server, wherein the second message comprises [[an ephemeral public key of the authentication server,]] an authentication server challenge and an authentication server signature (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620);
wherein the authentication server signature is based on [[the ephemeral public key of the authentication server,]] the authentication server challenge, and the identity module challenge and follows a format used for handling remote subscription profile download to the identity module (Park on [0198] teaches the profile providing server 610 may then generate DP_Signal. The DP_Signal may be a signature value generated by the profile providing server 610, in which the signature value includes eUICC_Challenge, (i.e. identity module challenge) and DP_Challenge (i.e. authentication challenge) (i.e. The process of Fig 6A-6B is a specific format for downloading profile).See also on [0208] teaches  the profile providing server 610 may generate DP_Sign2. The DP_Sign2 is a signature value using the pre-stored personal key of the profile providing server and may be a calculation of the signature value for the value including the disposable public key of the eUICC); 
transmitting a third message towards the authentication server, wherein the third message comprises an ephemeral public key of the communications device and an identity module signature (Park on [0204] teaches the terminal 620 may transmit the profile request message (i.e. third message) to the profile providing server 630. The profile request message transmitted to the profile providing server 630 may include the eUICC authentication information received from the eUICC 630. The message may include the disposable public key of the eUICC (i.e. ephemeral public key) and the eUICC_Signal, the eUICC certificate (i.e. signature in view of [0202]));
wherein the identity module signature [[is based[on the identity module credentials used for remote subscription profile download]] and is based on the ephemeral public key of the communications device and the authentication server challenge and follows the format used for remote subscription profile download to the identity module (Park on [0202] teaches the eUICC 630 may perform a signature using the personal key pre-stored in the eUICC 630, including the received DP challenge (i.e. authentication server challenge) along with the disposable public key of the eUICC 630 (i.e. ephemeral public key of communication device) (i.e. The process of Fig 6A-6B is a specific format for downloading profile));
and generating a master session key (MSK) from a shared secret established using the ephemeral public key of the authentication server and a private key corresponding to the ephemeral public key of the communications device (Park on [0216] teaches the eUICC 630 may generate the session key (i.e. master key) for decoding the encrypted profile package using the received CRT (i.e. shared secret), the disposable public key value of (i.e. ephemeral public key) the profile providing server, the EID value, and the disposable personal key value (i.e. private key) of the eUICC stored only in the eUICC. See also on [0208] teaches the profile providing server 610 may generate the session key using the secret key and the received disposable public key of the eUICC. For the generation of the session key, certificate (CRT) information and EID information may be additionally used);
using the MSK to encrypt the data, thereby producing encrypted data (Park on [0122-0123] teaches the profile providing server 220 may use the encryption session key to encrypt the profile and encrypt the random encryption key (i.e. which is also  equivalent to data) and transmit the encrypted key and profile to terminal. See also on [0208-0212] teaches the profile providing server 610 may use the generated session key to generate the encrypted profile package. The profile providing server 610 may transfer the encrypted profile package to the terminal 620).
	

Although Park teaches a disposable public key, but fails to explicitly teach message comprises an ephemeral public key of the authentication server, wherein the authentication server signature is based on the ephemeral public key of the authentication server, wherein the identity module signature is based on the identity module credentials used for remote subscription profile download, however Jonghan from analogous art teaches message comprises an ephemeral public key of the authentication server (Jonghan on [page 13 5th last para] teaches SM-DP (i.e. server in view of [page 6 para 4]) generated a one-time public key (i.e. ephemeral public key). See on [page 14] last para teaches transmitting message containing one-time public key of the server);
wherein the authentication server signature is based on the ephemeral public key of the authentication server (Jonghan on [page 18 3rd last para] teaches SM-DP (i.e. server) generates DP signature 2 using one-time public key of the SM-DP);
wherein the identity module signature is based on the identity module credentials used for remote subscription profile download (Jonghan on [page 8 last para] teaches eUICC (i.e. terminal) generates a signature using private key (i.e. identity module credential) of the eUICC. See also on [page 14 step 561] teaches EUICC generates signature using private key and parameters. See on [page 16 para 3] teaches private key used for downloading profile);
obtaining data for transmission to a network node and transmitting the encrypted data to the network node (Jonghan on [page 9 last 2 para] teaches encrypting the profile based on a request and transmitting by the server the encrypted profile to the terminal (i.e. node in a network). See also on [page 13 last 5 para] teaches the SM-DP server generated encrypted profile package and transmit it to the production server (i.e. also node in a network))
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).
Regarding claim 2 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches further comprising: transmitting an initial network access request message to the network (Park on Fig 3A block 323 and text on [0138-0139] teaches the terminal 311 may provide the EID of the eUICC 313 or the hash function operation result of the EID and request the storage or registration thereof to the profile information transfer server 307 (i.e. initial request). In the operation 324, the profile information transfer server 307 may transmit the registered result to the terminal 311);
and receiving a network access identifier request message transmitted by the network node in response to the initial network access requires, wherein the first message exchange is performed in response to receiving the network access identifier request message transmitted by the network node (Park on [0191] teaches terminal 620 receives the address and the profile installation key (i.e. access identifier) of the profile providing server from the profile information transfer server (i.e. network node), the terminal 620 may input a secret code using the obtained profile installation key information).
Regarding claim 4 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein the first message exchange comprises a primary message being transmitted from the communications device to the authentication server, and the primary message comprises the identity module challenge obtained from the identity module (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server. Further teaches the certification information Certificate_Info may include a kind of eUICC certificates and a kind of usable encryption keys);
Regarding claim 5 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein the first message exchange comprises a primary message being transmitted from the communications device to the authentication server, and the primary message comprises at least one trusted public key identifier of the identity module of the communications device(Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server. Further teaches the certification information Certificate_Info may include a kind of eUICC certificates and a kind of usable encryption keys (i.e. public key identifier)).
	Regarding claim 6 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein the first message exchange comprises a primary message being transmitted from the communications device to the authentication server, and at least one of the primary message and the third message comprises an identifier of the communications device (Park on [0057] teaches an eUICC identifier (eUICC ID) may be a unique identifier of the eUICC embedded in the terminal and may be described as an EID. See on [0134] teaches transmitting EID. See on [0136] teaches The profile information transfer server 309 may receive the profile information and register the received profile information. The profile information may include the address of the profile providing server and the eUICC information. The address of the profile providing server may be a server address in an FQDN type, an address in a full URL type, or an address of an IP server. The eUICC information may be a specific EID, a value providing a hash function operation result to the specific EID, or an EID).
Regarding claim 7 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein 4371 of PCT/ EP2018/057047 Preliminary AmendmentAttorney Docket: 3602-2051US1 the first message exchange comprises a primary message being transmitted from the communications device to the authentication server the primary message is transmitted to a network node for being forwarded by the network node to the authentication server(Park on [0197] teaches the profile providing server 610 may check whether the received profile providing server is valid. It may be checked whether the received profile providing server is valid by verifying whether the received address information of the profile providing server is the same as its own server address or acknowledging whether the received address information of the profile providing server corresponds to any of a plurality of valid addresses);
and wherein the primary message comprises information enabling the network node(Park on [0197] teaches the profile providing server 610 may check whether the received profile providing server is valid. It may be checked whether the received profile providing server is valid by verifying whether the received address information of the profile providing server is the same as its own server address or acknowledging whether the received address information of the profile providing server corresponds to any of a plurality of valid addresses.).

Regarding claim 12 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein the first message exchange comprises a primary message being transmitted from the communications device to the authentication server (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server);
and the first message exchange comprises a secondary message being transmitted towards the authentication server(Park on [0194-0196] teaches the terminal 620 may transfer the eUICC challenge (i.e. secondary message) and the Certificate_Info (i.e. first message) to prfolie providing server);
and wherein the secondary message comprises the identity module challenge and at least one trusted public key identifier of the identity module of the communications device used for the remote subscription profile download to the identity module (Park on [0194-0196] teaches the terminal 620 may transfer the eUICC challenge (i.e. secondary message) and the Certificate_Info (i.e. first message) to prfolie providing server).
Jonghan teaches wherein the secondary message is transmitted after the primary message but before receiving the second message (Jonghan on [page 14 line 5] teaches before sending the FactoryEventRequest, the LPA of the terminal 507 may receive a challenge value from the eUICC of the terminal 507.).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).
Regarding claim 13 the combination of Park and Jonghan teaches all the limitations of claim 4 above Jonghan further teaches wherein the second message comprises the identity module challenge (Jonghan on [page 10 last 3 para] teaches a message containing eUUIC challenge);
and the method further comprises verifying that the identity module challenge in the second message matches the identity module challenge in the first message (Jonghan on [page 17 para 3-6] teaches verifying signature value including eUICC challenge value transmitted from LPA 603)
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).

Regarding claim 18 Park teaches A method for initial network authentication between a communications device and a network (Park on [0043] teaches a network access authentication performed  by mobile communication terminal (i.e. communication device));
 the method being performed by an authentication server (Park on [0014] teaches A profile providing server (i.e. authentication server) in a wireless communication system for performing method);
 wherein the communications device comprises an identity module supporting remote subscription profile download (Park on [0043-0044] teaches a universal integrated circuit card (UICC) (i.e. identity module) is a smart card inserted into a mobile communication terminal. The UICC includes communication applications such as a subscriber identification module (SIM), teaches the eUICC may use an over the air (OTA) technology to download and install a profile. The eUICC may be called the UICC which may download and install a profile);
and wherein the identity module comprises credentials for remote subscription profile download, the method comprising (Park on [0195] teaches eUiCC may generated certification information Certificate_Info (i.e. credential) and send it to terminal for downloading profile);
performing a first message exchange with the communications device (Park on [0196] teaches  the terminal 620 may transfer the eUICC challenge (i.e. first message) and the Certificate_Info);
 wherein the first message exchange comprises receiving from the communications device an identity module challenge obtained from the identity module (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server);
 transmitting a second message towards the communications device (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620 (i.e. message transmitted by the server is a second message));
 wherein the second message comprises [[an ephemeral public key of the authentication server,]] an authentication server challenge and an authentication server signature (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620 (i.e. message transmitted by the server is a second message));
 wherein the authentication server signature is based on [[the ephemeral public key of the authentication server,]] the authentication server challenge, and the identity module challenge and follows 6371 of PCT/ EP2018/057047Preliminary Amendment Attorney Docket: 3602-2051US1a format used for handling remote subscription profile download to the identity module (Park on [0198] teaches the profile providing server 610 may then generate DP_Signal. The DP_Signal may be a signature value generated by the profile providing server 610, in which the signature value includes eUICC_Challenge, (i.e. identity module challenge) and DP_Challenge (i.e. authentication challenge) (i.e. The process of Fig 6A-6B is a specific format for downloading profile).See also on [0208] teaches  the profile providing server 610 may generate DP_Sign2. The DP_Sign2 is a signature value using the pre-stored personal key of the profile providing server and may be a calculation of the signature value for the value including the disposable public key of the eUICC);
receiving(Park on [0204] teaches the terminal 620 may transmit the profile request message (i.e. third message) to the profile providing server 630. The profile request message transmitted to the profile providing server 630 may include the eUICC authentication information received from the eUICC 630. The message may include the disposable public key of the eUICC (i.e. ephemeral public key) and the eUICC_Signal, the eUICC certificate (i.e. signature in view of [0202]));
 wherein the identity module signature is based [[on the identity module credentials used for remote subscription profile download]] and is based on the ephemeral public key of the communications device and the authentication server challenge and follows the format used for remote subscription profile download to the identity module (Park on [0202] teaches the eUICC 630 may perform a signature using the personal key pre-stored in the eUICC 630, including the received DP challenge (i.e. authentication server challenge) along with the disposable public key of the eUICC 630 (i.e. ephemeral public key of communication device) (i.e. The process of Fig 6A-6B is a specific format for downloading profile));
 and generating a master session key (MSK) from a shared secret established using the ephemeral public key of the communications device (Park on [0216] teaches the eUICC 630 may generate the session key (i.e. master key) for decoding the encrypted profile package using the received CRT (i.e. shared secret), the disposable public key value of (i.e. ephemeral public key) the profile providing server, the EID value, and the disposable personal key value (i.e. private key) of the eUICC stored only in the eUICC. See also on [0208] teaches the profile providing server 610 may generate the session key using the secret key and the received disposable public key of the eUICC. For the generation of the session key, certificate (CRT) information and EID information may be additionally used);
Although Park teaches a disposable public key, but fails to explicitly teach message comprises an ephemeral public key of the authentication server, wherein the authentication server signature is based on the ephemeral public key of the authentication server, wherein the identity module signature is based on the identity module credentials used for remote subscription profile download, however Jonghan from analogous art teaches message comprises an ephemeral public key of the authentication server (Jonghan on [page 13 5th last para] teaches SM-DP (i.e. server in view of [page 6 para 4]) generated a one-time public key. See on [page 14] last para teaches transmitting message containing one-time public key of the server);
wherein the authentication server signature is based on the ephemeral public key of the authentication server (Jonghan on [page 18 3rd last para] teaches SM-DP (i.e. server) generates DP signature 2 using one-time public key of the SM-DP);
wherein the identity module signature is based on the identity module credentials used for remote subscription profile download (Jonghan on [page 8 last para] teaches eUICC (i.e. terminal) generates a signature using private key (i.e. identity module credential) of the eUICC. See also on [page 14 step 561] teaches EUICC generates signature using private key and parameters. See on [page 16 para 3] teaches private key used for downloading profile);
the authentication server providing the MSK to a network node in the network for the network node to use the MSK when establishing the secure communication with the communications device (Jonghan on [page 20 last 5 para] teaches using secure channel session key to establish secure communication).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).
	

Regarding claim 19 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches wherein the first message exchange is performed with the communications device via a network node in the network the method further comprising: (Park on [0074] teaches the terminal 240 may use an Internet network to perform communication. The communication may be communication for downloading the profile. The communication may also be Wi-Fi, Bluetooth, or the like. The communication may also be a separate second mobile communication network access using the profile which is installed in the eUICC in advance. The communication may also be the second mobile communication network access using a profile installed in a UICC 2 or an eUICC 2 which is separately installed or mounted in the terminal 240 other than the eUICC);
establishing a secure connection to the network node before performing the first message exchange with the communications device (Park on [0125] teaches the terminal 240 may use the profile installed in the EUICC to authenticate the mobile communication system and then use the mobile communication network. See on [0143] teaches the terminal 311 may activate the installed profile and use the activated profile to use a communication service through the mobile communication network).
Regarding claim 20 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches wherein the first message exchange comprises receiving from the communications device at least one trusted public key identifier of the identity module used for remote subscription profile download to the identity module (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server. Further teaches the certification information Certificate_Info may include a kind of eUICC certificates and a kind of usable encryption keys (i.e. public key identifier));
the method further comprising: verifying that at least one of the at least one public key identifier is trusted by the authentication server (Park on [0189] teaches the profile providing server 610 may also check the Certificate_Info. It may be checked whether the certificate type is valid. Further, it may be checked whether the encryption key information may be supported by the profile providing server 610. The check may be a process of comparing whether the encryption key information for the signature of the eUICC 630 coincides with the encryption key information which may be verified by the profile providing server 610 with whether the encryption key information for the verification by the eUICC 630 coincides with the encryption key information used to generate the signature by the profile providing server );
 and wherein the second message comprises at least one of the at least one public key identifier trusted by the authentication server (Park on [0296 and 0313] teaches receive encryption key generation data from the electronic apparatus if a verification for the signature information and the certificate succeeds).
Regarding claim 21 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches wherein the first message exchange comprises receiving the identity module challenge from the 7371 of PCT/ EP2018/057047Preliminary Amendment Attorney Docket: 3602-2051US1communications device(Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server. Further teaches the certification information Certificate_Info may include a kind of eUICC certificates and a kind of usable encryption keys).
Regarding claim 23 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches wherein an identifier of the communications device is received from the communications device during the first message exchange and/or in the third message (Park on [0057] teaches an eUICC identifier (eUICC ID) may be a unique identifier of the eUICC embedded in the terminal and may be described as an EID. See on [0134] teaches transmitting EID. See on [0136] teaches The profile information transfer server 309 may receive the profile information and register the received profile information. The profile information may include the address of the profile providing server and the eUICC information. The address of the profile providing server may be a server address in an FQDN type, an address in a full URL type, or an address of an IP server. The eUICC information may be a specific EID, a value providing a hash function operation result to the specific EID, or an EID). 
Jonghan teaches the method further comprising: verifying, by using the identifier and before generating the MSK, that initial network access is to be granted to the communications device (Jonghan on [page 7 last 3 para] teaches using subscriber identifier IMSI for granting initial access to the network).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).

Regarding claim 30 Park teaches A communications device for initial network authentication between the communications device and a network (Park on [0043] teaches a network access authentication performed by mobile communication terminal (i.e. communication device)); 
wherein the communications device comprises an identity module supporting remote subscription profile download (Park on [0043-0044] teaches a universal integrated circuit card (UICC) (i.e. identity module) is a smart card inserted into a mobile communication terminal. The UICC includes communication applications such as a subscriber identification module (SIM), teaches the eUICC may use an over the air (OTA) technology to download and install a profile. The eUICC may be called the UICC which may download and install a profile);
and wherein the identity module comprises credentials for remote subscription profile download, the communications device further comprising processing circuitry, the processing circuitry being configured to cause the communications device to (Park on [0043-0044] teaches a universal integrated circuit card (UICC) (i.e. identity module) is a smart card inserted into a mobile communication terminal. The UICC includes communication applications such as a subscriber identification module (SIM), teaches the eUICC may use an over the air (OTA) technology to download and install a profile. The eUICC may be called the UICC which may download and install a profile);
perform a first message exchange with an authentication server (Park on [0196] teaches  the terminal 620 may transfer the eUICC challenge (i.e. first message) and the Certificate_Info);
 wherein the first message exchange comprises an identity module challenge obtained from the identity module being transmitted to the authentication server from the communications device (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to profile providing server);
 receive a second message from the authentication server, wherein the second message comprises [[an ephemeral public key of the authentication server,]] an authentication server challenge and an authentication server signature (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620);
wherein the authentication server signature is based on [[the ephemeral public key of the authentication server,]] the authentication server challenge, and the identity module challenge and follows a format used for handling remote subscription profile download to the identity module (Park on [0198] teaches the profile providing server 610 may then generate DP_Signal. The DP_Signal may be a signature value generated by the profile providing server 610, in which the signature value includes eUICC_Challenge, (i.e. identity module challenge) and DP_Challenge (i.e. authentication challenge) (i.e. The process of Fig 6A-6B is a specific format for downloading profile).See also on [0208] teaches  the profile providing server 610 may generate DP_Sign2. The DP_Sign2 is a signature value using the pre-stored personal key of the profile providing server and may be a calculation of the signature value for the value including the disposable public key of the eUICC); 
transmit a third message towards the authentication server, wherein the third message comprises an ephemeral public key of the communications device and an identity module signature (Park on [0204] teaches the terminal 620 may transmit the profile request message (i.e. third message) to the profile providing server 630. The profile request message transmitted to the profile providing server 630 may include the eUICC authentication information received from the eUICC 630. The message may include the disposable public key of the eUICC (i.e. ephemeral public key) and the eUICC_Signal, the eUICC certificate (i.e. signature in view of [0202]));
wherein the identity module signature is based [[on the identity module credentials used for remote subscription profile download]] and is based on the ephemeral public key of the communications device and the authentication server challenge and follows the format used for remote subscription profile download to the identity module (Park on [0202] teaches the eUICC 630 may perform a signature using the personal key pre-stored in the eUICC 630, including the received DP challenge (i.e. authentication server challenge) along with the disposable public key of the eUICC 630 (i.e. ephemeral public key of communication device) (i.e. The process of Fig 6A-6B is a specific format for downloading profile));
and generate a master session key (MSK) from a shared secret established using the ephemeral public key of the authentication server and a private key corresponding to the ephemeral public key of the communications device (Park on [0216] teaches the eUICC 630 may generate the session key (i.e. master key) for decoding the encrypted profile package using the received CRT (i.e. shared secret), the disposable public key value of (i.e. ephemeral public key) the profile providing server, the EID value, and the disposable personal key value (i.e. private key) of the eUICC stored only in the eUICC. See also on [0208] teaches the profile providing server 610 may generate the session key using the secret key and the received disposable public key of the eUICC. For the generation of the session key, certificate (CRT) information and EID information may be additionally used);
using the MSK to encrypt the data, thereby producing encrypted data (Park on [0122-0123] teaches the profile providing server 220 may use the encryption session key to encrypt the profile and encrypt the random encryption key (i.e. which is also  equivalent to data) and transmit the encrypted key and profile to terminal. See also on [0208-0212] teaches the profile providing server 610 may use the generated session key to generate the encrypted profile package. The profile providing server 610 may transfer the encrypted profile package to the terminal 620).
	

Although Park teaches a disposable public key, but fails to explicitly teach message comprises an ephemeral public key of the authentication server, wherein the authentication server signature is based on the ephemeral public key of the authentication server, wherein the identity module signature is based on the identity module credentials used for remote subscription profile download, however Jonghan from analogous art teaches message comprises an ephemeral public key of the authentication server (Jonghan on [page 13 5th last para] teaches SM-DP (i.e. server in view of [page 6 para 4]) generated a one-time public key (i.e. ephemeral public key). See on [page 14] last para teaches transmitting message containing one-time public key of the server);
wherein the authentication server signature is based on the ephemeral public key of the authentication server (Jonghan on [page 18 3rd last para] teaches SM-DP (i.e. server) generates DP signature 2 using one-time public key of the SM-DP);
wherein the identity module signature is based on the identity module credentials used for remote subscription profile download (Jonghan on [page 8 last para] teaches eUICC (i.e. terminal) generates a signature using private key (i.e. identity module credential) of the eUICC. See also on [page 14 step 561] teaches EUICC generates signature using private key and parameters. See on [page 16 para 3] teaches private key used for downloading profile);
obtaining data for transmission to a network node and transmitting the encrypted data to the network node (Jonghan on [page 9 last 2 para] teaches encrypting the profile based on a request and transmitting by the server the encrypted profile to the terminal (i.e. node in a network). See also on [page 13 last 5 para] teaches the SM-DP server generated encrypted profile package and transmit it to the production server (i.e. also node in a network))
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).

Regarding claim 33 Park teaches An authentication server for initial network authentication between a communications device and a network (Park on [0014] teaches A profile providing server (i.e. authentication server) in a wireless communication system for performing method);
wherein the communications device comprises an identity module supporting remote subscription profile download, and wherein the identity module comprises credentials for remote subscription profile download, the authentication server comprising processing circuitry, the processing circuitry being configured to cause the authentication server to: (Park on [0043-0044] teaches a universal integrated circuit card (UICC) (i.e. identity module) is a smart card inserted into a mobile communication terminal. The UICC includes communication applications such as a subscriber identification module (SIM), teaches the eUICC may use an over the air (OTA) technology to download and install a profile. The eUICC may be called the UICC which may download and install a profile);
perform a first message exchange with an authentication server (Park on [0196] teaches  the terminal 620 may transfer the eUICC challenge (i.e. first message) and the Certificate_Info);
 wherein the first message exchange comprises an identity module challenge obtained from the identity module being transmitted to the authentication server from the communications device (Park on [0194-0196] teaches the terminal 620 requests the generation of the eUICC challenge, the eUICC 630 generates the eUICC challenge, the terminal 620 may transfer the eUICC challenge and the Certificate_Info (i.e. first message) to prfolie providing server);
 receive a second message from the authentication server, wherein the second message comprises [[an ephemeral public key of the authentication server,]] an authentication server challenge and an authentication server signature (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620);
wherein the authentication server signature is based on [[the ephemeral public key of the authentication server,]] the authentication server challenge, and the identity module challenge and follows a format used for handling remote subscription profile download to the identity module (Park on [0198] teaches the profile providing server 610 may then generate DP_Signal. The DP_Signal may be a signature value generated by the profile providing server 610, in which the signature value includes eUICC_Challenge, (i.e. identity module challenge) and DP_Challenge (i.e. authentication challenge) (i.e. The process of Fig 6A-6B is a specific format for downloading profile).See also on [0208] teaches  the profile providing server 610 may generate DP_Sign2. The DP_Sign2 is a signature value using the pre-stored personal key of the profile providing server and may be a calculation of the signature value for the value including the disposable public key of the eUICC); 
transmit a third message towards the authentication server, wherein the third message comprises an ephemeral public key of the communications device and an identity module signature (Park on [0204] teaches the terminal 620 may transmit the profile request message (i.e. third message) to the profile providing server 630. The profile request message transmitted to the profile providing server 630 may include the eUICC authentication information received from the eUICC 630. The message may include the disposable public key of the eUICC (i.e. ephemeral public key) and the eUICC_Signal, the eUICC certificate (i.e. signature in view of [0202]));
wherein the identity module signature is based [[on the identity module credentials used for remote subscription profile download]] and is based on the ephemeral public key of the communications device and the authentication server challenge and follows the format used for remote subscription profile download to the identity module (Park on [0202] teaches the eUICC 630 may perform a signature using the personal key pre-stored in the eUICC 630, including the received DP challenge (i.e. authentication server challenge) along with the disposable public key of the eUICC 630 (i.e. ephemeral public key of communication device) (i.e. The process of Fig 6A-6B is a specific format for downloading profile));
and generate a master session key (MSK) from a shared secret established using the ephemeral public key of the authentication server and a private key corresponding to the ephemeral public key of the communications device (Park on [0216] teaches the eUICC 630 may generate the session key (i.e. master key) for decoding the encrypted profile package using the received CRT (i.e. shared secret), the disposable public key value of (i.e. ephemeral public key) the profile providing server, the EID value, and the disposable personal key value (i.e. private key) of the eUICC stored only in the eUICC. See also on [0208] teaches the profile providing server 610 may generate the session key using the secret key and the received disposable public key of the eUICC. For the generation of the session key, certificate (CRT) information and EID information may be additionally used);
 wherein the MSK is for use when establishing secure communication between the communications device and the network (Park on [0216 and 0220] teaches session key for decoding the encrypted profile package between terminal and the server).

Although Park teaches a disposable public key, but fails to explicitly teach message comprises an ephemeral public key of the authentication server, wherein the authentication server signature is based on the ephemeral public key of the authentication server, wherein the identity module signature is based on the identity module credentials used for remote subscription profile download, however Jonghan from analogous art teaches message comprises an ephemeral public key of the authentication server (Jonghan on [page 13 5th last para] teaches SM-DP (i.e. server in view of [page 6 para 4]) generated a one-time public key. See on [page 14] last para teaches transmitting message containing one-time public key od the server);
wherein the authentication server signature is based on the ephemeral public key of the authentication server (Jonghan on [page 18 3rd last para] teaches SM-DP (i.e. server) generates DP signature 2 using one-time public key of the SM-DP);
wherein the identity module signature is based on the identity module credentials used for remote subscription profile download (Jonghan on [page 8 last para] teaches eUICC (i.e. terminal) generates a signature using private key (i.e. identity module credential) of the eUICC. See also on [page 14 step 561] teaches EUICC generates signature using private key and parameters. See on [page 16 para 3] teaches private key used for downloading profile);
the authentication server providing the MSK to a network node in the network for the network node to use the MSK when establishing the secure communication with the communications device (Jonghan on [page 20 last 5 para] teaches using secure channel session key to establish secure communication).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Jonghan into the teaching of Park by generating signature based on ephemeral public key of server and identity module credentials. One would be motivated to do so in order to download profile in a real-time using secure communication channel (Jonghan on [page 3 last3 para]).
Claims 11, 15, 24 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Park et al (hereinafter Park) (US 20160301529 ) in view of Park Jonghan et al (hereinafter Jonghan) (WO2016178548)(i.e. English translation is used for examination) and further in view of Townsley et al (hereinafter Townsley) (US 20070204330).

Regarding claim 11 the combination of Park and Jonghan teaches all the limitations of claim 1, the combination fails to explicitly teach the primary message is an EAP-Response/Identity message, however Townsley from analgous art teaches wherein the first message exchange comprises a primary message being transmitted from the communications device to the authentication server, and the primary message is an Extensible Authentication Protocol (EAP) EAP-Response/Identity message (Townsley on [0032] teaches response message formatted according to the Extensible Authentication Protocol (EAP)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Townsley into the combined teaching of Park and Jonghan by having message in an EAP-Response/Identity. One would be motivated to do so in order perform secure communication between client and server (Townsley on [0032]).
Regarding claim 15 the combination of Park and Jonghan teaches all the limitations of claim 1 above Park further teaches wherein the second message comprises at least one of the at least one public key identifier as trusted by the authentication server (Park on [0199] teaches the profile providing server 610 may transfer the transaction ID, the DP challenge (i.e. authentication server challenge), the DP_Signal (i.e. signature in view of [0198]), a certificate of a profile providing server, and Cert_ToBe_Used information to the terminal 620, wherein Cert_ToBe_Used encryption key in view of [0208] (i.e. public key identifier)).
The combination fails to explicitly teach the second message is an EAP-Request/Authenticate message and the third message is an EAP-Response/Authenticate message, however Townsley from analogous art teaches the second message is an Extensible Authentication Protocol (EAP) EAP-Request/Authenticate message (Townsley on [0032] teaches response message formatted according to Extensible Authentication Protocol (EAP)).
and the third message is an EAP-Response/Authenticate message (Townsley on [0032] teaches response message formatted according to the Extensible Authentication Protocol (EAP)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Townsley into the combined teaching of Park and Jonghan by having message in an EAP-Response/Identity. One would be motivated to do so in order perform secure communication between client and server (Townsley on [0032]).

Regarding claim 24 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches the ephemeral public keys are ephemeral Elliptic Curve public keys (Park on [0060] teaches The PPC may include at least one of a symmetric key, a rivest shamir adleman (RSA) certificate and personal key, an elliptic curved cryptography (ECC) certificate and personal key, and a root certification authority (root CA) and certificate chain);
Jonghan teaches the credentials comprises a private key, a certificate certifying the public key corresponding to the private key, and trusted public key identifiers (Jonghan on [page 7 para 3-4] teaches PPC (Profile Provisioning Credentials) may be a means used for mutual authentication, profile encryption, signature between PP and eUICC. PPC may include one or more of a symmetric key, a risk shamir adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a root certification authority (CA), and a certificate chain).
The combination fails to explicitly teach wherein all messages transmitted between the communications device and the authentication server are Extensible Authentication Protocol messages, however Townsley from analogous art teaches wherein all messages transmitted between the communications device and the authentication server are Extensible Authentication Protocol messages (Townsley on [0032] teaches response message formatted according to the Extensible Authentication Protocol (EAP)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Townsley into the combined teaching of Park and Jonghan by having message in an EAP-Response/Identity. One would be motivated to do so in order perform secure communication between client and server (Townsley on [0032]).

Regarding claim 27 the combination of Park and Jonghan teaches all the limitations of claim 18 above Park further teaches the identity module is an universal integrated-circuit card, UICC, an embedded universal integrated-circuit card, eUICC, or an integrated universal integrated-circuit card, iUICC  (Park on [0043] teaches  a universal integrated circuit card (UICC) is a smart card inserted into a mobile communication terminal and describes a chip storing personal information such as network access authentication information on a mobile communication subscriber, a telephone directory, and short message service (SMS) to perform subscriber authentication and a generation of a traffic security key upon an access to mobile communication networks such as global system for mobile communications (GSM), wideband code division multiple access (WCDMA), and long term evolution (LTE), thereby implementing the use of the safe mobile communication. The UICC includes communication applications such as a subscriber identification module (SIM), a universal SIM (USIM), and an internet protocol (IP) multimedia SIM (ISIM);
 and the remote subscription profile download follows the GSMA Remote SIM Provisioning, RSP, protocol (Park on [0043] teaches  a universal integrated circuit card (UICC) is a smart card inserted into a mobile communication terminal and describes a chip storing personal information such as network access authentication information on a mobile communication subscriber, a telephone directory, and short message service (SMS) to perform subscriber authentication and a generation of a traffic security key upon an access to mobile communication networks such as global system for mobile communications (GSM), wideband code division multiple access (WCDMA), and long term evolution (LTE), thereby implementing the use of the safe mobile communication. The UICC includes communication applications such as a subscriber identification module (SIM), a universal SIM (USIM), and an internet protocol (IP) multimedia SIM (ISIM).
	The combination fails to explicitly teach wherein the authentication server is an Authentication, Authorization and Accounting server, an Authentication Server Function server, or a Mobility Management Entity, however Townsley from analogous art teaches wherein the authentication server is an Authentication, Authorization and Accounting server, an Authentication Server Function server, or a Mobility Management Entity (Townsley on [0035] teaches end nodes 120 include Authentication, Authorization, Accounting (AAA) server host 120e, and a DHCP server host 120f.).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Townsley into the combined teaching of Park and Jonghan by having the authentication server is an Authentication, Authorization and Accounting server. One would be motivated to do so in order perform secure communication between client and server (Townsley on [0032]).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        

/MOEEN KHAN/               Examiner, Art Unit 2436