Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 06/29/2022.
In the instant Amendment, claims 1, 8, 12-13 were amended , and claims 1, 8, 13 are independent claims. Claims 1-15  have been examined and are pending. This Action is made Final
Response to Arguments
	This is a Final Office action in response to applicant's remarks/arguments filed on 06/29/2022.
   Status of the claims:
The objection to claims 1-2, 8-9, and 12-14 is withdrawn as claims 1, 8, 12 and 13 have been amended, and the Applicant’s Representative clarified for claims 2, 9 and 14.
The rejection of claims 13-15 under 35 U.S.C. 101 is withdrawn as claim 13 has been amended.
Applicant’s arguments, see Remarks pages 7-9, filed 06/29/2022, with respect to the rejection(s) of claim(s) 1-12 under 103 and 13-15 under 102(a)(1) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Nix (US 20150163056 A1) necessitated by the claim amendment.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-4, 7-10, 12-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nix (U.S. 20150163056 A1; Hereinafter “Nix”).
Regarding Claim 1, Nix teaches a method for updating a first secret data (secret key K) in a credential container (module 101) including a subscriber identity module(eUICC) (Nix: para[0016], [0093]“The methods and systems contemplated herein can reduce the need for manual intervention with a module in order to automatically and remotely change network access credentials in order for the module to utilize new or different keys in order to connect and authenticate with a wireless network. By using an eUICC, where the eUICC can support both (i) the authentication of a user by the MNO, and (ii) the secure decryption or derivation of the key K under control of the MNO, the value and usefulness of modules can be increased for a user and a mobile operator network.”), 
Wherein said credential container (module 101) comprises a set of secret parameters customized for a network operator and is configured to execute a symmetric mutual authentication algorithm with a remote using said set to authenticate to a communication network (Para[0087-0089], fig. 1c , 1i, “module 101 can store module private key 112a, MNO public key 502, and module identity 110, and a symmetric key 127 in memory/RAM 101e during operation, such as when CPU 101b is active and the module 101 is connected to a network such as a wireless network 102 during data transmissions…Symmetric key 127 can be a secure, shared private key for use with symmetric encryption or symmetric ciphering algorithms 211 (in FIG. 2c below).”); and 
wherein the credential container receives from the remote server (server 105) a second secret data (second key 204) enciphered by using a second algorithm different from said symmetric mutual authentication algorithm and a subset (symmetric key 127) of said secret parameters (Nix: para[0146-0148], “.Both the key K ciphering algorithm 213 and the key K deciphering algorithm 207 can include a symmetric ciphering algorithm 211 and the use of a symmetric key 127. A mobile network operator 104 can use a key K ciphering algorithm 213 to encrypt the second key K 204a…, the encrypted second key K 204a could be included in ciphertext 208b.”, para[0149], “After processing the ciphertext 208b, the mobile network operator 104 can either (i) include the ciphertext 208b in a profile 107d and send the profile 107d to an eUICC subscription manager 109,”) (symmetric key 127 is one of the key store in module 101 which mean is a part of the group of keys), and 
wherein the credential container deciphers the enciphered second secret data by using both the subset and a third algorithm (Nix: para[0153], “The symmetric ciphering algorithm 211 in a key K deciphering algorithm 207 can decrypt the ciphertext 208b in order to output the plaintext second key K 204, such that the ciphertext 208b is converted to plaintext.”) and
replaces the first secret data with the second secret data (Nix: para[0218], “After a module 101 with an eUICC 107 processes a key K deciphering algorithm 207 to obtain a plaintext second key K 204, the module 101 can connect with the wireless network 102 and mobile network operator 104 using the second network module identity 209 and the second network key 204. The module 101 using a network application 101x could send a second attach message 305 with the second network module identity 209. In another embodiment, the module 101 could send the second attach message 305 with the first network module identity 202, and in this case the MNO 104 could record from the previous steps 302b and 308b that a key K associated with the first network module identity 202 should change to the second key K 204.”).
Regarding claim 2, Nix teaches independent claim 1. Nix  additionally teaches wherein the symmetric mutual authentication algorithm is the Milenage algorithm as defined by ETSI TS 135.206 or the TUAK algorithm as defined by ETSI TS 135.231 (Nix: Para [0097],“ The physical UICC 116 could use algorithms specified in ETSI TS 135 205-209, as well as subsequent and related standards, in order for the physical UICC 116 to calculate a secure hash value such as a RES 119. The calculation and processing of a RES 119 using a RAND 118 and a secret key K is also depicted and described in connection with steps 306 and 311 of FIG. 3. Other possibilities exist as well for a physical UICC 116 or an eUICC 107 to calculate a RES 119 value using a RAND 118 and a secret key K without departing from the scope of the present invention. ”).
Regarding claim 3, Nix teaches independent claim 1. Nix additionally teaches wherein said second and third algorithms are identical (Nix: para[0144] “A profile deciphering algorithm 206 can include a symmetric ciphering algorithm 211. The symmetric ciphering algorithm 211 can be equivalent to or the same as the symmetric ciphering algorithm 211 in a profile ciphering algorithm 210 operated by a server and as described above”).
Regarding claim 4, Nix teaches independent claim 1. Nix additionally teaches wherein the second algorithm takes the first secret data as input  parameter for generating the enciphered second secret data (Nix: Para[0115],[0121] “The use of shared secret key K for authentication of a module 101, and also for ciphering and data integrity, with a wireless network 102 that implements ETSI and/or 3GPP standards is also defined in the specifications ETSI TS 135 205-209 and related standards. Both the first key K 203 and the second key K 204 can comprise a shared secret key K as described in 3GPP TS 33.401 V12.9.0 figure 6.2-1 and related standards.”).
Regarding claim 7, Nix teaches independent claim 1. Nix additionally teaches wherein the first secret data is a subscriber authentication key (Nix: Para [0115], “As currently specified in ETSI/3GPP standards for LTE and LTE Advanced networks, the shared secret key K, (i) recorded in a SIM or UICC, and a MNO 104 HSS, and (ii) described in 3GPP TS 33.401 V12.9.0 and related standards, comprises a pseudo-random number with a length of 128 bits. The length of key K for standards-based wireless networks 102 may be extended in the future. The use of shared secret key K for authentication of a module 101, and also for ciphering and data integrity, with a wireless network 102 that implements ETSI and/or 3GPP standards is also defined in the specifications ETSI TS 135 205-209 and related standards”).
Regarding claim 8, Nix teaches a credential container (module 101) comprising a processor (Nix: para[0082], “The CPU 101b can comprise a general purpose processor appropriate for the low power consumption requirements of a module 101,”) and a first secret data (secret key K) (Nix: para[0093], “FIG. 1d illustrates the components and interfaces for using a physical UICC in order to a module 101 conduct an authentication with a wireless network 102 according to wireless WAN standards which use a pre-shared secret key K recorded in the physical UICC 116. The wireless network could be an LTE, LTE Advanced, or a 3G network, and also based on related standards. With a 3G network, the pre-shared secret key K is also known as "Ki"”)  and able to receive a message from a remote server (Nix: para[0075], “The module program 101i, eUICC 107, and network application 101x operating within module 101 illustrated in FIG. 1b can provide computer executable instructions to hardware such as CPU 101b through a system bus 101d in order for a module 101 to (i) connect with a wireless network 102, (ii) authenticate with a mobile network operator 104 associated with the wireless network 102, and (iii) send or receive packets with a server 105 or a server associated with an eUICC subscription manager 109.”), 
Wherein said credential container includes a subscriber identity module (eUICC) and comprising a set of secret parameters customized for a network operator, said credential container being configured to execute a symmetric mutual authentication algorithm with the remote server using said set to authenticate to a communication network (Para[0087-0089], fig. 1i, “module 101 can store module private key 112a, MNO public key 502, and module identity 110, and a symmetric key 127 in memory/RAM 101e during operation, such as when CPU 101b is active and the module 101 is connected to a network such as a wireless network 102 during data transmissions…Symmetric key 127 can be a secure, shared private key for use with symmetric encryption or symmetric ciphering algorithms 211 (in FIG. 2c below).”, “Module identity 110 can function as a basic identifier for services from mobile network operator 104, eUICC subscription manager 109, wireless network 102, M2M service provider 115, or server 105 in order to properly identify module 101 among a plurality of modules”); and
 	Wherein said message comprises a second secret data (second key K 204) enciphered by using both a subset of said secret parameters and a second algorithm different from the symmetric mutual authentication algorithm(Nix: para[0146-0148], “ A second key K 204a can be (i) ciphered using a key K ciphering algorithm 213 and (ii) deciphered with a key K deciphering algorithm 207. Both the key K ciphering algorithm 213 and the key K deciphering algorithm 207 can include a symmetric ciphering algorithm 211 and the use of a symmetric key 127. A mobile network operator 104 can use a key K ciphering algorithm 213 to encrypt the second key K 204a. The processing and computational steps for performing a key K ciphering algorithm 213 could be conducted on a server associated with the mobile network operator 104 such as a server 105 illustrated in FIG. 1a…As illustrated in FIG. 2c and FIG. 2a above, the encrypted second key K 204a could be included in ciphertext 208b.”, para[0149], “After processing the ciphertext 208b, the mobile network operator 104 can either (i) include the ciphertext 208b in a profile 107d and send the profile 107d to an eUICC subscription manager 109, or (ii) send the ciphertext 208b directly an eUICC subscription manager 109 for the eUICC subscription manager 109 to include the ciphertext 208b in a profile 107d”) (symmetric key 127 is one of the key store in module 101 which mean is a part of the group of keys), and
wherein the credential container comprises an updating agent adapted to be run by the processor for deciphering the enciphered second secret data by using both the subset and a third algorithm (Nix: para[0153], “The symmetric ciphering algorithm 211 in a key K deciphering algorithm 207 can decrypt the ciphertext 208b in order to output the plaintext second key K 204, such that the ciphertext 208b is converted to plaintext.”) and 
replacing the first secret data with the second secret data(Nix: para[0218], “After a module 101 with an eUICC 107 processes a key K deciphering algorithm 207 to obtain a plaintext second key K 204, the module 101 can connect with the wireless network 102 and mobile network operator 104 using the second network module identity 209 and the second network key 204. The module 101 using a network application 101x could send a second attach message 305 with the second network module identity 209. In another embodiment, the module 101 could send the second attach message 305 with the first network module identity 202, and in this case the MNO 104 could record from the previous steps 302b and 308b that a key K associated with the first network module identity 202 should change to the second key K 204.”).
Regarding claim 9, claim 9 is rejected under the same rational as claim 2.
 Regarding claim 10, claim 10 is rejected under the same rational as claim 4.
Regarding claim 12, Nix teaches independent claim 1. Nix additionally teaches wherein the credential container is a SIM, a UICC, a eUICC or an iUICC (Nix: para[0056]. “According to an exemplary embodiment, an eUICC 107 can be recorded and operate within a "eUICC supporting" physical universal integrated circuit card (UICC) 108 within module 101. This "eUICC supporting", physical UICC 108 can include a processing unit, RAM memory, ROM memory, EEPROM memory, a bus, and a physical interface (not shown in FIG. 1a, but described in FIG. 1b).”).
Regarding claim 13, Nix teaches a server (server 105) comprising a hardware processor and a non-volatile memory and able to send a message to a credential container(module 101) including both a subscriber identity module (eUICC) and a first secret data (secret key K) (Nix: para [0047],[0075] “System 100 can also include a mobile network operator 104, an IP Network 111, and an eUICC subscription manager 109. Mobile network operator (MNO) 104 can include a server 105. For embodiments where the MNO 104 uses 4G LTE and LTE Advanced networks, server 105 could comprise a home subscriber server (HSS) and/or a mobility management entity (MME)” ),
wherein said server comprising a set of secret parameters customized for a network operator and being configured to execute a symmetric mutual authentication algorithm with the credential container using said set to allow said credential container to authenticate to a communication network (Para[0087-0089], fig. 1i, “module 101 can store module private key 112a, MNO public key 502, and module identity 110, and a symmetric key 127 in memory/RAM 101e during operation, such as when CPU 101b is active and the module 101 is connected to a network such as a wireless network 102 during data transmissions…Symmetric key 127 can be a secure, shared private key for use with symmetric encryption or symmetric ciphering algorithms 211 (in FIG. 2c below).”, “Module identity 110 can function as a basic identifier for services from mobile network operator 104, eUICC subscription manager 109, wireless network 102, M2M service provider 115, or server 105 in order to properly identify module 101 among a plurality of modules”); and 
wherein said server comprises a provisioning agent adapted to be run by the processor  for generating a second secret data enciphered by using both a subset of said secret parameters and a second algorithm different from the symmetric mutual authentication algorithm and for including the enciphered second secret data in said message (Nix: para[0146-0148], “ A second key K 204a can be (i) ciphered using a key K ciphering algorithm 213 and (ii) deciphered with a key K deciphering algorithm 207. Both the key K ciphering algorithm 213 and the key K deciphering algorithm 207 can include a symmetric ciphering algorithm 211 and the use of a symmetric key 127. A mobile network operator 104 can use a key K ciphering algorithm 213 to encrypt the second key K 204a. The processing and computational steps for performing a key K ciphering algorithm 213 could be conducted on a server associated with the mobile network operator 104 such as a server 105 illustrated in FIG. 1a…As illustrated in FIG. 2c and FIG. 2a above, the encrypted second key K 204a could be included in ciphertext 208b.”, para[0149], “After processing the ciphertext 208b, the mobile network operator 104 can either (i) include the ciphertext 208b in a profile 107d and send the profile 107d to an eUICC subscription manager 109, or (ii) send the ciphertext 208b directly an eUICC subscription manager 109 for the eUICC subscription manager 109 to include the ciphertext 208b in a profile 107d”) (symmetric key 127 is one of the key store in module 101 which mean is a part of the group of keys),
said second secret data being intended to replace the first secret data in the credential container (Nix: para[0218], “After a module 101 with an eUICC 107 processes a key K deciphering algorithm 207 to obtain a plaintext second key K 204, the module 101 can connect with the wireless network 102 and mobile network operator 104 using the second network module identity 209 and the second network key 204. The module 101 using a network application 101x could send a second attach message 305 with the second network module identity 209. In another embodiment, the module 101 could send the second attach message 305 with the first network module identity 202, and in this case the MNO 104 could record from the previous steps 302b and 308b that a key K associated with the first network module identity 202 should change to the second key K 204.”). 
Regarding Claim 14, claim 14 is rejected under the same rational as claim 2.
Regarding claim 15, claim 15 is rejected under the same rational as claim 5.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Nix (U.S. 20150163056 A1; Hereinafter “Nix”) in view of Marien et al. (C.N. Application 105052072A; Hereinafter “Marien”).
Regarding claim 5, Nix teaches independent claim 1. 
Nix does not explicitly teach wherein the second algorithm is based on a one-time-pad encryption.
However, in an analogous art, Marien teaches wherein the second algorithm is based on a one-time-pad encryption (Marien: “The symmetry algorithm generating the known or standard of OTP or electronic signature can comprise OATH or DIGIASS query-response or service digital signature algorithm”).

Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Marien into the method of Nix to include wherein the second algorithm is based on a one-time-pad encryption because it will improve the security of the system by providing a strong authentication token, full autonomy, user interface independent of transfer channel and safety (Marien).
Regarding claim 11, claim 11 is rejected under the same rational as claim 5.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Nix (U.S. 20150163056 A1; Hereinafter “Nix”) in view of Marien et al. (C.N. Application 105052072A; Hereinafter “Marien”), and further in view of Rogers, Jr. et al (U.S. Application US 10534931 B2; Hereinafter “Roger, Jr.”).
Regarding claim 6, Nix in view of Marien teaches dependent claim 5. 
Nix in view of Marien does not explicitly teach wherein the first secret data is used as a mask applied on the set to identify the subset.
However, In  an analogous art, Roger, Jr. teaches wherein the first secret data is used as a mask applied on the set to identify the subset (Column 12 line 15-24, “At 306, if it is determined that at least a portion of the set of data or a subset of the set of data matches the defined pattern, then the system or processor masks the portion of the matching set or subset of data (e.g., by the masking component 108 shown in FIG. 1). Alternatively, it may be required that a portion of a particular size or the entire set of data or entire subset of data match the defined pattern.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Roger Jr. into the modified method of Nix to include wherein the first secret data is used as a mask applied on the set to identify the subset because it will improve the security of the system by keeping the data protected (Roger Jr. Column 1 line 24-26).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272 - 4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./
Examiner, Art Unit 2437     

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437