DETAILED ACTION
This action is in response to the initial claims filed 10/22/2020.  Claims 1-20 are pending.  Independent claim 1, and corresponding dependent claims are directed towards a method for secure configuration of a secondary platform bundle within a primary platform.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Information Disclosure Statement
The information disclosure statement filed 8/24/2021 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed.  It has been placed in the application file, but some of the information referred to therein has not been considered.	Specifically:		WO2020226466 Yoon et al (copy located and cited in PTO-892).
The listing of references in the specification is not a proper information disclosure statement.  37 CFR 1.98(b) requires a list of all patents, publications, or other information submitted for consideration by the Office, and MPEP § 609.04(a) states, "the list may not be incorporated into the specification but must be submitted in a separate paper."  Therefore, unless the references have been cited by the examiner on form PTO-892, they have not been considered.	Specifically:  		[0006] ERSI TS 103 465 V15.0.0 (2019-05) “Smart Cards; Smart Secure Platform (SSP); Requirements Specification” (copy located and cited in PTO-892);		[0037] RFC 786 (User Datagram Protocol) and RFC 793 (Transmission Control Protocol);		[0039] GSMA standards GSP.02 and SGP.22;		[0051] “ETSI documents” and “draft specifications for 5G networks”;		[0139] Wikipedia article for “Post-Quantum Cryptography” dated February 22, 2019;		[0155] IETF RFC 8446;		[0167] FIPS PUB 186-4;		[0168] “Round Two” of the Post- Quantum Cryptography Standardization project from the National Institute of Standards (NIST), which is summarized in the Wikipedia article from October 23, 2019 titled “Post-Quantum Cryptography Standardization”;		[0170] IETF RFC 6961; and		[0190] IETF RFC 7452.
Drawings
The drawings are objected to because:	Fig. 1a item 108j is not described in the specification;	Fig. 1b items 103b and 126 are not described in the specification; and	Fig. 2a item 219 “random1 202c” is shown as part of the “Signature 215a”, but appears to be missing from the data delivered, per section (ii) in [0172].	Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The attempt, in [0139], to incorporate subject matter into this application by reference to the “Wikipedia article for “Post-Quantum Cryptography” dated February 22, 2019” is ineffective because the reference subject matter is not clearly identified as required by 37 CFR 1.57(c)(2) for the specified date of Feb. 22, 2019.  Per 37 CFR 1.57(f), Examiner requires the applicant to supply a copy of the incorporated reference “Post-Quantum Cryptography” showing the incorporated subject matter.
The attempt, in [0167] to incorporate subject matter into this application by reference to ““Round Two” of the Post-Quantum Cryptography Standardization project from the National Institute of Standards (NIST), which is summarized in the Wikipedia article from October 23, 2019 titled “Post-Quantum Cryptography Standardization” is ineffective because referenced subject matter is not clearly identified as required by 37 CFR 1.57(c)(2) for the specified date of Feb. 22, 2019.  Per 37 CFR 1.57(f), Examiner requires the applicant to supply a copy of the incorporated reference “Round Two” showing the incorporated subject matter.
The incorporation by reference will not be effective until correction is made to comply with 37 CFR 1.57(c), (d), or (e). If the incorporated material is relied upon to meet any outstanding objection, rejection, or other requirement imposed by the Office, the correction must be made within any time period set by the Office for responding to the objection, rejection, or other requirement for the incorporation to be effective. Compliance will not be held in abeyance with respect to responding to the objection, rejection, or other requirement for the incorporation to be effective. In no case may the correction be made later than the close of prosecution as defined in 37 CFR 1.114(b), or abandonment of the application, whichever occurs earlier.
Any correction inserting material by amendment that was previously incorporated by reference must be accompanied by a statement that the material being inserted is the material incorporated by reference and the amendment contains no new matter. 37 CFR 1.57(g).
The disclosure is objected to because of the following informalities:	[0006] the acronym “SSP” is used for “Secure Primary Platform”, however, it is also used for the ETSI “Smart Secure Platform” in the same paragraph; recommend changing [0006] and [0007] having the only references to “Secure Primary Platform” to “Smart Secure Platform” to resolve this issue as the ESTI SSP and applicant’s SSP appear to be the same and it is the configuration method of the SSP that is illustrated by the invention;	[0006] the first iteration of the acronym PKI is not expanded;	[0011] the first iteration of the acronym OCSP is not expanded;	[0013] l. 2 “for use of a primary platform” for grammar;	[0025] the first iteration of the acronyms IMSI and NAI are not expanded;	[0026] the first iteration of the acronym AKA is not expanded;	[0037] l. 2 “IP network 107” is labeled 105 in Fig. 1a;	[0037] the first iteration of the acronym IEEE is not expanded;	[0039] the first iteration of the acronym M2M is not expanded;	[0042] the first iteration of the acronyms GSM (as a standard), UMTS, CDMA and WLAN are not expanded;	[0044] the first iteration of the acronyms CPU and OS are not expanded;	[0046] the first iteration of the acronyms LED, LCD and OLED are not expanded;	[0047] l. 3 “actuator 102y” should be 102z per Fig. 1a;	[0048] the first iteration of the acronym SD is not expanded;	[0050] the first iteration of the acronym ROM is not expanded;	[0051] l. 9 ““Architecture” section 9.2.1” should be “Architecture” section 9.2.10”;	[0052] l. 13 “ready” should probably be “read”;	[0059] the first iteration of the acronym PC is not expanded;	[0061] l. 6 “actuator 102y” should be 102z” per Fig. 1a;	[0072] ll. 12-13 “for use by image delivery server” for grammar;	[0079] the first iteration of the acronyms ECDH, ECDHE and ECC are not expanded;	[0083] the first iteration of the acronym SHA is not expanded;	[0085 l. 3 “IDS 102” should be “IDS 103” per Fig. 1a;	[0088] l. 6 “user interface 101j” should be 102j per Fig. 1a;	[0090] the first iteration of the acronyms SPI and I2C are not expanded;	[0091] l. 1 “can comprise [[a]] general purpose processing cores” for grammar;	[0091] l. 3 “processing cores 101c” should be 109c per Fig. 1b;	[0091] the first iteration of the acronym MIPS is not expanded;	[0095], [0098] and [0108] it is unclear what the “(X)” and “(Y)” symbols are for;	[0109]the first iteration of the acronyms NVDIMM-P and DIMM are not expanded;	[0109] l. 12 “step 249 in Figure 2a” step 249 is found in Figure 2b;	[0111] the first iteration of the acronym NFC is not expanded;	[0122] the first iteration of the acronyms ECDSA, DSA, AES, DES and RSA are not expanded;	[0122] ll. 7-8 “cryptographic algorithms 109q” should be 141 per Figure 1b;	[0125] l. 5 “protected memory 113i” is not shown in the drawings;	[0129] l. 8 “iNVM 113i” should be 113s per Figure 1b;	[0131] l. 5 “second private key 115b” should be 115a, as the public key is 115b;	[0135] l. 5 “and pre-empt” should probably read “can pre-empt”;	[0136] the first iteration of the acronyms DER and BER are not expanded;	[0141] the first iteration of the acronym GeMSS is not expanded;	[0142] the first iteration of the acronyms ASN and CSN are not expanded;	[0158] “205” should be “206” as “205”, as 205 is a receiving step and 206 is the processing at the SPB step;	[0160] ll. 8-9 “The .	Appropriate correction is required.
Claim Objections
Claims 1-2 and 16 are objected to because of the following informalities, shown with suggested amendments:	Claim 1 the acronym PKI is not expanded;	Claim 2 ll. 2-3 “the primary platform verifies” for proper antecedent basis; and	Claim 16 l. 1 “wherein the PP operates” for grammar.	Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claim 2 is rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claim 2 ll. 1-2 recite the limitation “wherein the primary platform receives the first digital signature over the SPB public key, a timestamp, and the first random number, and wherein the primary platform verifies the first digital signature using at least the subset of the first set of cryptographic parameters, the timestamp, and the first certificate authority certificate” which is vague and indefinite, as per the specification (e.g. [0022], [0174]), the first digital signature (Fig. 2a item 215a near the bottom) delivered to the primary platform does not contain a signed timestamp.  The message delivered to the primary platform (Fig. 2a item 219), however, contains the first digital signature (Fig. 2a item 215a) and a separate timestamp signature (Fig. 2a item 218a).  For purposes of applying prior art the limitation has been construed as “wherein the primary platform receives the first digital signature over the SPB public key, along with a timestamp and timestamp signature, and wherein the primary platform verifies the first digital signature using at least the subset of the first set of cryptographic parameters, the timestamp, and the first certificate authority certificate”.
Allowable Subject Matter
Claims 1, 3-20 would be allowable if rewritten or amended to overcome the claim objections set forth in this Office action.
Claim 2 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) and claim objections set forth in this Office action.
The following is a statement of reasons for the indication of allowable subject matter:
Regarding claim 1 and its dependent claims, the prior art of record fails to disclose or fairly suggest, in combination, a method in which a primary platform (PP) configures a secondary platform bundle (SPB) with a certificate for use in network authentication, by the PP communicating with a configuration server (CS) to negotiate capabilities of the PP and SBP, at the same time, by sending to the CS a “first set of cryptographic parameters”, then receiving from the CS a “subset” of the first set of cryptographic parameters” along with a “second set of cryptographic parameters” (the two received sets of parameters representing the CS selected cryptographic capabilities for PP and SBP respectively), the PP then creates a key pair for the SBP using the second set, sends the SBP public key to the CS, then after the PP and CS verify each other’s certificates by exchanging signed specific random numbers and other certificate validation information, the CS creates and delivers a certificate for the SBP and the PP configures the SBP with the certificate enabling network authentication for the SBP, in the specific manner and combination as recited in claim 1.
The closest prior art of record Cheng et al. (US 2019/0140837 A1) is related to remote profile management of certificates of an embedded UICC.  Cheng presents similar signature verification of certificates between an eUICC (which can be considered a primary platform) and a subscription manager-data preparation server, using random numbers and public keys, however, this manner of certificate validation does not teach the capabilities negotiation at same time as the invention, the creation and delivery of a certificate to a sub/secondary platform as part of the process, including the capability selection (second set of cryptographic parameters), as shown in claim 1..
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
“ERSI TS 103 465 V15.0.0 Smart Cards; Smart Secure Platform (SSP); Requirements Specification” is a reference “incorporated by reference” by applicant and not provided, related to the “Smart Secure Platform”.
Yoon et al. (WO 2020/226466 A1) is related to managing and verifying certificates of secondary platform bundles.
Yang et al. (US 2021/0058774 A1) is related to a device level lock policy for SSP applications of a mobile device.
Koo et al. (US 2022/0053029 A1) is related to concurrent activation of bundles installed in smart security platform.
Kang et al. (US 2021/0120424 A1) is related to displaying a secondary platform bundle communication service provider information.
Yang et al. (US 2020/0092095 A1) is related to switching between different security certificates to support different functions in an SSP.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC W SHEPPERD whose telephone number is (571)270-5654.  The examiner can normally be reached on Monday - Thursday, Alt. Friday, 7:30AM - 5:00PM, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Eric W Shepperd/Primary Examiner, Art Unit 2492