Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8-9, 11-14, 16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sundaram et al. (US 20110016321 A1) in view of Netanel et al. (US 20100009659 A1). 
Regarding claim 1, Sundaram teaches a method (method for performing a security provisioning protocol between a first communication device and a second communication device, see Abstract and the first communication device is considered as the electronic device and the second communication device is considered as the mobile device), comprising: 
providing, by an electronic device, an interim unique identifier to a mobile device, the interim unique identifier associated with an interim authentication key (the device sends a bootstrap key agreement request message to the bootstrap server, along with its B-NAI and identity based public key, [0116]); 
generating a hash value by performing, by the electronic device, a hash function operation on the interim unique identifier, the interim authentication key, and information representative of the mobile device and the electronic device (Suppose A, B are the two entities (or parties, where A represents a first computer system and B represents a second computer system) that are attempting to authenticate and agree on a key… A computes xP (i.e., P added to itself x times as a point on E, using the addition law on E) encrypts it using B's public key, and transmits it to B, [0121-0122]);
generating, by the electronic device, a permanent unique identifier (the permanent NAI, after successful bootstrapping, could be the `static location` of the device or a `username` chosen by the end-user for mobile applications installed in cellular handsets, while the realm corresponds to the M2M service provider, see [0158]) and a permanent authentication key for the electronic based on the generated hash value device (Next, the device extracts `bP` from the decrypted message, and computes the session key `abP` using a and bP, see [0137]); and 
providing, by the electronic device, the information representative of the electronic device to the mobile device (A computes xP (i.e., P added to itself x times as a point on E, using the addition law on E) encrypts it using B's public key, and transmits it to B, [0122]).
 However, Sundaram  does not teach the mobile device configured to provide the information representative of the mobile device and the electronic device and the interim unique identifier to a tracking server, the tracking server configured to determine the interim authentication key associated with the interim unique identifier and to generate the permanent unique identifier and the permanent authentication key for the electronic device based on the interim unique identifier, the interim authentication key, and the information representative of the mobile device and the electronic device.
In an analogous art, Netanel teaches the mobile device configured to provide the information representative of the mobile device and the electronic device and the interim unique identifier to a tracking server (registration request (B-MSID, B-ESN, RANDC, AUTHR) and AUTHREQ [B-MSID, B-ESN, RAND,AUTHR], see step 13-14 of Fig. 1A and wherein RANDC is the first random, RAND is the second random and B-MSID is the interim identifier), the tracking server configured to determine the interim authentication key associated with the interim unique identifier (The ISM extracts SiwaID from the B-ESN using SiwaID=ExtractSiwaID(B-ESN), see step 15 of Fig. 1) and to generate the permanent unique identifier (ISM then, allocates new MSID, see step 15) and the permanent authentication key for the electronic device based on the interim unique identifier, the interim authentication key, and the information representative of the mobile device and the electronic device (ISM then, derive session keys using, A Key,SSDA,SSDB]=GenerateSessionKey (MSID, ESN, RAND, RANDU, SiwaID, SiwaKey), see step 30 of Fig. 1B).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning of Sundaram with the bootstrapping of Netanel to provide a system and method for enable subscriber self-activation of wireless data terminal such that the market opportunity increases the user base by offering wireless communications for new purposes e.g. telemetry, telematics as well as new distribution channels e.g. convenience stores as suggested, see Netanel [0022].
Regarding claim 2, Sundaram as modified by Netanel teaches the method of claim 1, wherein the electronic device comprises one of a pair of headphones, a computer, a tablet, a piece of luggage, a backpack, an electronic wallet, a set of keys, a vehicle, and a smart watch (M2M device, a first communication device, comprises a computer system, see Sundaram [0187]).

Regarding claim 3, Sundaram as modified by Netanel teaches the method of claim 1, wherein the interim unique identifier and the interim authentication key are received by the electronic device from the tracking server during the manufacture or a firmware update of the electronic device (the group password and private key are provisioned between a given device and the device manufacturer security server/KGF, see Sundaram [0102]).

Regarding claim 4, Sundaram as modified by Netanel teaches the method of claim 1, wherein the permanent unique identifier and the permanent authentication key are generated in response to a request to commission the electronic device (device provisioning request of step 612, Fig. 6B).
Regarding claim 6, Sundaram as modified by Netanel teaches the method of claim 1, wherein the mobile device comprises one of a smart phone, a computer, a gateway device, or an access point (M2M device, a first communication device, comprises a computer system, see Sundaram [0187]).

Regarding claim 8, Sundaram as modified by Netanel teaches the method of claim 1, wherein the interim authentication key is not transmitted between the electronic device and the tracking server (the bootstrap server computes the session key=abP, using aP and b following which the bootstrap server can confirm that the same session key was obtained at both ends, see Sundaram [0139]).

Regarding claim 9, Sundaram as modified by Netanel teaches the method of claim 1, wherein the permanent authentication key is not transmitted between the electronic device and the tracking server (the bootstrap server computes the session key=abP, using aP and b following which the bootstrap server can confirm that the same session key was obtained at both ends, see Sundaram [0139]).

Regarding claim 11, Sundaram teaches an electronic device (M2M device 702 of Fig. 7), comprising: 
a hardware processor (processor 710A); and a non-transitory computer-readable storage medium storing executable instructions that (memory 712A), when executed by the hardware processor, cause the electronic device to perform steps comprising: 
providing, by an electronic device, an interim unique identifier to a mobile device, the interim unique identifier associated with an interim authentication key (the device sends a bootstrap key agreement request message to the bootstrap server, along with its B-NAI and identity based public key, [0116]); 
generating a hash value by performing, by the electronic device, a hash function operation on the interim unique identifier, the interim authentication key, and information representative of the mobile device and the electronic device (Suppose A, B are the two entities (or parties, where A represents a first computer system and B represents a second computer system) that are attempting to authenticate and agree on a key… A computes xP (i.e., P added to itself x times as a point on E, using the addition law on E) encrypts it using B's public key, and transmits it to B, [0121-0122]);
 generating, by the electronic device, a permanent unique identifier (the permanent NAI, after successful bootstrapping, could be the `static location` of the device or a `username` chosen by the end-user for mobile applications installed in cellular handsets, while the realm corresponds to the M2M service provider, see [0158]) and a permanent authentication key for the electronic device based on the generated hash value (Next, the device extracts `bP` from the decrypted message, and computes the session key `abP` using a and bP, see [0137]); and 
providing, by the electronic device, the information representative of the electronic device to the mobile device (A computes xP (i.e., P added to itself x times as a point on E, using the addition law on E) encrypts it using B's public key, and transmits it to B, [0122]).
However, Sundaram  does not teach the mobile device configured to provide the information representative of the mobile device and the electronic device and the interim unique identifier to a tracking server, the tracking server configured to determine the interim authentication key associated with the interim unique identifier and to generate the permanent unique identifier and the permanent authentication key for the electronic device based on the interim unique identifier, the interim authentication key, and the information representative of the mobile device and the electronic device.
In an analogous art, Netanel teaches the mobile device configured to provide the information representative of the mobile device and the electronic device and the interim unique identifier to a tracking server (registration request (B-MSID, B-ESN, RANDC, AUTHR) and AUTHREQ [B-MSID, B-ESN, RAND,AUTHR], see step 13-14 of Fig. 1A and wherein RANDC is the first random, RAND is the second random and B-MSID is the interim identifier), the tracking server configured to determine the interim authentication key associated with the interim unique identifier (The ISM extracts SiwaID from the B-ESN using SiwaID=ExtractSiwaID(B-ESN), see step 15 of Fig. 1) and to generate the permanent unique identifier (ISM then, allocates new MSID, see step 15) and the permanent authentication key for the electronic device based on the interim unique identifier, the interim authentication key, and the information representative of the mobile device and the electronic device (ISM then, derive session keys using, A Key,SSDA,SSDB]=GenerateSessionKey (MSID, ESN, RAND, RANDU, SiwaID, SiwaKey), see step 30 of Fig. 1B).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning of Sundaram with the bootstrapping of Netanel to provide a system and method for enable subscriber self-activation of wireless data terminal such that the market opportunity increases the user base by offering wireless communications for new purposes e.g. telemetry, telematics as well as new distribution channels e.g. convenience stores as suggested, see Netanel [0022].

Regarding claim 12, Sundaram as modified by Netanel teaches the electronic device of claim 11, wherein the electronic device comprises one of a pair of headphones, a computer, a tablet, a piece of luggage, a backpack, an electronic wallet, a set of keys, a vehicle, and a smart watch (M2M device, a first communication device, comprises a computer system, see Sundaram [0187]).

Regarding claim 13, Sundaram as modified by Netanel teaches the electronic device of claim 1 1, wherein the interim unique identifier and the interim authentication key are received by the electronic device from the tracking server during the manufacture or a firmware update of the electronic device (the group password and private key are provisioned between a given device and the device manufacturer security server/KGF, see Sundaram [0102]).

Regarding claim 14, Sundaram as modified by Netanel teaches the electronic device of claim 11, wherein the permanent unique identifier and the permanent authentication key are generated in response to a request to commission the electronic device (device provisioning request of step 612, Sundaram Fig. 6B).

Regarding claim 16, Sundaram as modified by Netanel teaches the electronic device of claim t1, wherein the mobile device comprises one of a smart phone, a computer, a gateway device, or an access point (M2M device, a first communication device, comprises a computer system, see Sundaram [0187]).

Regarding claim 18, Sundaram as modified by Netanel teaches the electronic device of claim 11, wherein the interim authentication key is not transmitted between the electronic device and the tracking server (the bootstrap server computes the session key=abP, using aP and b following which the bootstrap server can confirm that the same session key was obtained at both ends, see Sundaram [0139]).

Regarding claim 19, Sundaram as modified by Netanel teaches the electronic device of claim 11, wherein the permanent authentication key is not transmitted between the electronic device and the tracking server (the bootstrap server computes the session key=abP, using aP and b following which the bootstrap server can confirm that the same session key was obtained at both ends, see Sundaram [0139]).

Claims 5, 7, 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sundaram et al. (US 20110016321 A1) in view of Netanel et al. (US 20100009659 A1) and further in view Nix (US 20150163056 A1).
Regarding claim 5, Sundaram as modified by Netanel teaches the method of claim 4.
However, Sundaram and Netanel do not clearly teach wherein the request to commission the electronic device is received from the mobile device in response to receiving an input from the user via a tracking application running on the mobile device.
In an analogous field of endeavor, Nix teaches wherein the request to commission the electronic device is received from the mobile device in response to receiving an input from the user via a tracking application running on the mobile device (A module program 101i could also include software for M2M applications such as, but not limited to, remote monitoring of sensors, see Nix [0065] and module program 101i can include an eUICC 107 and a network application 101x, see [0066] and see Fig. 1d and 1e where the keys are created via the network application).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning method of Sundaram and the bootstrapping of Netanel with the provisioning of Nix to provide a method for secure and efficient communication using a module to communicate with a server and a mobile operator network.

Regarding claim 15, Sundaram as modified by Netanel teaches the electronic device of claim 14.
However, Sundaram and Netanel do not clearly teach wherein the request to commission the electronic device is received from the mobile device in response to receiving an input from the user via a tracking application running on the mobile device.
In an analogous field of endeavor, Nix teaches wherein the request to commission the electronic device is received from the mobile device in response to receiving an input from the user via a tracking application running on the mobile device (A module program 101i could also include software for M2M applications such as, but not limited to, remote monitoring of sensors, see Nix [0065] and module program 101i can include an eUICC 107 and a network application 101x, see [0066] and see Fig. 1d and 1e where the keys are created via the network application).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning method of Sundaram and the bootstrapping of Netanel with the provisioning of Nix to provide a method for secure and efficient communication using a module to communicate with a server and a mobile operator network.
Regarding claim 7, Sundaram as modified by Netanel teaches the method of claim 1.
However, Sundaram and Netanel do not clearly teach wherein the hash function comprises the SHA256 hash function or the HMAC-SHA256 hash function.
In an analogous field of endeavor, Nix teaches  wherein the hash function comprises the SHA256 hash function or the HMAC-SHA256 hash function (in a key derivation algorithm the output of a Diffie-Hellman key exchange and an ECDH key exchange could be input into a secure hash algorithm, such as SHA-256, see Nix [0248]).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning method of Sundaram and the bootstrapping of Netanel with the provisioning of Nix to provide a method for secure and efficient communication using a module to communicate with a server and a mobile operator network.

Regarding claim 17, Sundaram as modified by Netanel teaches the electronic device of claim 11.
However, Sundaram and Netanel do not clearly teach wherein the hash function comprises the SHA256 hash function or the HMAC-SHA256 hash function.
 In an analogous field of endeavor, Nix teaches  wherein the hash function comprises the SHA256 hash function or the HMAC-SHA256 hash function (in a key derivation algorithm the output of a Diffie-Hellman key exchange and an ECDH key exchange could be input into a secure hash algorithm, such as SHA-256, see Nix [0248]).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning method of Sundaram and the bootstrapping of Netanel with the provisioning of Nix to provide a method for secure and efficient communication using a module to communicate with a server and a mobile operator network.


Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable Sundaram et al. (US 20110016321 A1) in view of Netanel et al. (US 20100009659 A1) and further in view of Fernandez (US 20140163867 A1).
Regarding claim 10, Sundaram as modified by Netanel teaches the method of claim 1, wherein the electronic device is configured to not directly communicate with the tracking server (The MS sends the request to the MSC/MSC/VLR which forwards the request to the ISM, see Netanel Fig. 1A).
However, Sundaram and Netanel do not clearly teach wherein the mobile device is configured to, in response to detecting the electronic device within a proximity of the mobile device, determine a location of the mobile device and to provide the determined location of the mobile device and the permanent unique identifier of the electronic device to the tracking server.
In an analogous field of endeavor, Fernandez teaches wherein the mobile device is configured to, in response to detecting the electronic device within a proximity of the mobile device, determine a location of the mobile device and to provide the determined location of the mobile device and the permanent unique identifier of the electronic device to the tracking server (The process may then determine whether a sensor is detected. Such a determination may be based on various appropriate factors such as proximity to the sensor, see [0110] and if the process determines that a sensor has been detected, the process may send (at 1350) a request to the server. Such a request may include the sensor ID, user location, see [0111]).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning of Sundaram and the bootstrapping of Netanel with the sensor of Fernandez to provide a solution that allows various establishments to interact with potential customers using a mobile device application, where the interaction is based on the proximity of each customer to a particular location and/or any available information regarding the customer as suggested, see Fernandez [0005].
Regarding claim 20, Sundaram as modified by Netanel teaches the electronic device of claim 11, wherein the electronic device is configured to not directly communicate with the tracking server (The MS sends the request to the MSC/MSC/VLR which forwards the request to the ISM, see Netanel Fig. 1A).
However, Sundaram and Netanel do not clearly teach wherein the mobile device is configured to, in response to detecting the electronic device within a proximity of the mobile device, determine a location of the mobile device and to provide the determined location of the mobile device and the permanent unique identifier of the electronic device to the tracking server.
In an analogous field of endeavor, Fernandez teaches wherein the mobile device is configured to, in response to detecting the electronic device within a proximity of the mobile device, determine a location of the mobile device and to provide the determined location of the mobile device and the permanent unique identifier of the electronic device to the tracking server (The process may then determine whether a sensor is detected. Such a determination may be based on various appropriate factors such as proximity to the sensor, see [0110] and if the process determines that a sensor has been detected, the process may send (at 1350) a request to the server. Such a request may include the sensor ID, user location, see [0111]).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified the provisioning of Sundaram and the bootstrapping of Netanel with the sensor of Fernandez to provide a solution that allows various establishments to interact with potential customers using a mobile device application, where the interaction is based on the proximity of each customer to a particular location and/or any available information regarding the customer as suggested, see Fernandez [0005].
Further, it is noted that the scope of each claim (11-20) is explicitly limited to “An electronic device” so limitations to a “mobile device” in proximity to the electronic device are treated as intended uses not carrying patentable weight, but have been treated for compact prosecution.

Conclusion
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Sanchez (US 11321448 B1) discloses method for authentication using a hashed fried password may include receiving a password value of a user, a salt key, a pepper key, and/or a temporary and randomly generated fry key, or otherwise modifying/appending the password with the salt key, pepper key, and/or fry key. The method may include hashing the modified password, such as performing a hash operation similar to Hash (Password, Salt Key, Pepper Key, Temporary Fry Key).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICOLE M LOUIS-FILS whose telephone number is (571)270-0671.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Appiah can be reached on 571-272-7904.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NICOLE M LOUIS-FILS/Examiner, Art Unit 2641                                                                                                                                                                                                        
/LESTER G KINCAID/Supervisory Patent Examiner, Art Unit 2646