DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. 	This is the initial office action that has been issued in response to patent application, 17/481,599, filed on 09/22/2021. Claims 1-17 are currently pending and have been considered below. Claim 1 is an independent claim. 

Priority
3. 	The application is a section 371 national stage application
of a CON of 16/683,242 filed on 11/13/2019 and has a PRO 62/767,585 filed on 11/15/2018

Drawings
4. 	The drawings file on 09/15/2020 are accepted by the examiner. 

Information Disclosure Statement
5. 	The information disclosure statements (IDS’s) submitted on 09/22/2021 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement. 
Claim Rejections - 35 USC § 103
7. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8. 	Claims 1-11 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US Patent Publication No. 11349678 B2) and Yang (US Patent Publication No.  20190074983 A1) in view Brown (International Patent Publication CA 2860437 A1).

9. 	Regarding Claim 1, Kim discloses, a wireless device for operating an integrated universal integrated circuit card (iUICC), the wireless device comprising:  
 1) one or more first processors (Kim, Fig 8, Col. 12, line 28, processor 814); 
2) a first non-transitory computer-readable memory operatively connected to the one or more processors, the first non-transitory computer-readable memory having stored thereon (Kim, Col. 12, lines 15-17, The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory)): 
(i) an agent for communicating with a tamper resistant element (TRE) within the wireless device and a server system (Kim, Col. 2, lines 48-51, the invention are applicable to any suitable communication environment where it would be desirable to provide tamper-resistant and scalable mutual authentication for machine-to-machine devices); and 
(ii) first machine-readable instructions that, when executed by the one or more first processors, using the agent, cause the one or more first processors to perform the steps of: 
(a) querying the TRE for (i) a set of cryptographic parameters and (ii) a firmware version supported by the TRE (Kim, Col. 6, lines 63-65, KoB is embedded into a system-on-a-chip (i.e., a smart card IC, a field-programmable gate array, etc.), and has a set of cryptographic logic); 
(b) establishing a transport layer security (TLS) session with the server system, wherein the server system is authenticated using a first certificate for the server system (Kim, Col. 5, lines, 36-42 the application server's identity and, as a result, server impersonations or man-in-the middle attacks can be developed. Further, the HTTP Digest authentication inherits the same security weaknesses that most password-based systems exhibit. Thirdly, the use of an extra mechanism such as Transport Layer Security (TLS) is required for mutual authentications); 
(c) sending (i) the set of cryptographic parameters and (ii) the firmware version to the server system through the TLS session(Kim, Col. 5, lines 43-46, In TLS, Public-Key-Infrastructure (PKI) certificates are required for server authentications and either PKI certificates or pre-shared keys are used for client authentications.); 
(d) receiving, through the TLS session, a second certificate of a server static public key for an elliptic curve Diffie-Hellman (ECDH) key exchange algorithm and the set of cryptographic parameters (Kim, Lines 40-45, the use of an extra mechanism such as Transport Layer Security (TLS) is required for mutual authentications. This, however, introduces new issues. In TLS, Public-Key-Infrastructure (PKI) certificates are required for server authentications and either PKI certificates or pre-shared keys are used for client authentications. Col. 7, lines, 11-15, Elliptic Curve Diffie-Hellman (ECDH) allows two parties (i.e., a pair of a client and an authentication server in TSAF), each having an elliptic curve public-private key pair, to know a shared secret without directly exchanging key materials.); 
(e) sending, to the TRE, the second certificate (Kim, Col. 5, lines 44-45, certificates are required for server authentications and either PKI certificates); 
3) one or more second processors for the TRE (Kim, Col. 12, lines 27-30, computing device 810 comprises I/O devices 812, processor 814, and memory 816. Computing device 820 comprises I/O devices 822, processor 824, and memory 826.); and 
4) a second non-transitory computer-readable memory operatively connected to the one or more second processors, the second non-transitory computer-readable memory having stored thereon (i) a certificate authority public key for the set of cryptographic parameters (Kim, Col. 5, lines 42-46, Public-Key-Infrastructure (PKI) certificates are required for server authentications and either PKI certificates or pre-shared keys are used for client authentications); 
and 
-81-(ii) second machine-readable instructions that, when executed by the one or more second processors cause the one or more second processors to perform steps of (Kim, Col. 12, lines 10-17, As would be readily apparent to one of ordinary skill in the art, the servers, clients, components, network elements and other computing devices may be implemented as programmed computers operating under control of computer program code. The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory) and the code would be executed by a processor of the computer): 
(a) verifying the second certificate using the certificate authority public key(Kim, Col. 5, lines 43-46, Public-Key-Infrastructure (PKI) certificates are required for server authentications and either PKI certificates or pre-shared keys are used for client authentications.); 
 (e) storing the encrypted firmware in the first non-transitory computer-readable memory (Kim, Claim 14, An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor perform the steps of the method of claim 1.);
Kim does not explicitly disclose the following limitations that Yang teaches:
(f) receiving, from the TRE, a primary platform ephemeral public key for the set of cryptographic parameters(Yang, [0057], The eSIM server 140, in some embodiments, mandates that the ephemeral key pair {eSK, ePK} be derived based on the same elliptic curve as the elliptic curve associated with CERT.DP-PB. More details on binding, elliptic curve cryptography (ECC) parameters, ephemeral keys,); 
(g) sending, to the server system, the primary platform ephemeral public key(Yang, [0057], Encryption of the BPP by the eSIM server 140 can be based in part on an ephemeral private key (eSK) of the eSIM server 140, where an ephemeral public key (ePK) of the eSIM server, which corresponds to the ephemeral private key eSK of the eSIM server, is signed by the public key); 
(h) receiving, from the server system, a server ephemeral public key and a ciphertext of firmware for the iUICC, wherein the firmware includes a private key SK.EUICC.ECDSA(Yang, [0057], Encryption of the BPP by the eSIM server 140 can be based in part on an ephemeral private key (eSK) of the eSIM server 140, [0038], A given private key of an entity corresponds to a given public key, and that given public key is distributed in a certificate of the entity, with the certificate signed by a CI. For example, row 2 describes a private key labeled SK.DPauth.ECDSA); 
(c) decrypting the ciphertext using the shared secret key in order to read the firmware for the iUICC(Yang, [0038],  Other private keys than those listed in Table 1 can also be used for generating signatures and/or for ciphering (encryption/decryption) by a CI, an eSIM server, an eSIM discovery server, and/or an eUICC of a device.);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the ephemeral of the public key of the cryptographic key and a ciphertext of the firmware of the private key to enhance security features.
Kim and Yang does not explicitly disclose the following limitation that Brown teaches: 
and (i) sending, to the TRE, the server ephemeral public key and the ciphertext(Brown, [0036], the key derivation function, is the ephemeral public key, and k is the ephemeral private key. Any appropriate encryption function ENC or other technique may be used to produce the ciphertext, and the ciphertext may be generated based on additional or different input data.); 
(ii) a symmetric ciphering key(Brown, Claim 1, a ciphertext based on the symmetric key);
(b) generating a shared secret using the ECDH key exchange algorithm with the server ephemeral public key and a primary platform ephemeral private key corresponding to the primary platform ephemeral public key (Brown, [0051], the ephemeral private key, d represents the private key associated with the entity, e represents the input value, and n represents an integer. The ephemeral public key is a first elliptic curve point R = kG, and G is a generator point of order n. The symmetric key may be generated by evaluating a key derivation function based on the ephemeral public key.);  
(d) encrypting the firmware with the symmetric ciphering key(Brown, [0031], the symmetric encryption scheme used to generate the ciphertext); 
(f) storing a key K and a subscriber permanent identifier (SUPI) for the firmware in the second non-transitory computer-readable memory (Brown, [0043], The essential elements of a computing device are a processor for performing actions in accordance with instructions and one or more memory devices for storing instructions and data. Generally, a computing device will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more storage devices for storing data).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the elliptical curve corresponding to the public key and to store a key and subscribe to the identifier to enhance security features.

10. 	Regarding Claim 2, Kim, Yang and Brown discloses, he wireless device of claim 1, wherein the first non-transitory computer-readable memory comprises a first nonvolatile memory connected to a first memory bus, and wherein the first memory bus is external to the TRE(Kim, Col. 6, lines 44-49, random access memory (RAM) 404, a KoB 406 (which is further detailed in 420), and a processor 408. The client-side KoB 420 includes KoB access logic 422, crypto-hash function H 423, a random number generator 424, a symmetric key generator 425, a PUF 426, non-volatile memory (e.g., Flash memory)).  

11. 	Regrading Claim 3, Kim, Yang and Brown discloses, the wireless device of claim 2, wherein the second non-transitory computer-readable memory comprises a second nonvolatile memory connected to a second memory bus, and wherein the second memory bus is internal to the TRE((Kim, Col. 6, lines 44-49, random access memory (RAM) 404, a KoB 406 (which is further detailed in 420), and a processor 408. The client-side KoB 420 includes KoB access logic 422, crypto-hash function H 423, a random number generator 424, a symmetric key generator 425, a PUF 426, non-volatile memory (e.g., Flash memory). Col. 8, lines 26-30 non-volatile memory such as flash memory, as shown in FIG. 4. Note that each KoB has its own computation capability independent of its attached client device and does not use the client's memory for its internal).  

12. 	Regarding Claim 4, Kim, Yang and Brown discloses, the wireless device of claim 3, wherein the second nonvolatile memory comprises an internal nonvolatile memory (iNVM) for the TRE (Kim, Col. 8, lines 26-30, non-volatile memory such as flash memory, as shown in FIG. 4. Note that each KoB has its own computation capability independent of its attached client device and does not use the client's memory for its internal computations.).  

13. 	Regarding Claim 5, Kim, Yang and Brown discloses, the wireless device of claim 1, wherein the one or more first processors cannot read from the second non-transitory computer-readable memory (Kim, Col. 4, lines 42-46, A client device (202) does not keep its secret data, but computes a response to a given challenge using its own PUF (204). So, in a client device, the theft of secret data by physical attacks is almost impossible.).  

14. 	Regarding Claim 6, Kim, Yang and Brown discloses, the wireless device of claim 1, wherein the first non-transitory computer-readable memory includes the second non-transitory computer-readable memory (Kim, Col. 12, lines 15-18, The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory) and the code would be executed by a processor of the computer).  

15. 	Regarding Claim 7, Kim, Yang and Brown discloses, the wireless device of claim 6, wherein the one or more second processors access the second non-transitory computer-readable memory using a memory controller operating within the TRE (Kim, Col. 12, lines 16-20, The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory) and the code would be executed by a processor of the computer. Given this disclosure of various illustrative embodiments of the invention).  

16. 	Regarding Claim 8, Kim, Yang and Brown discloses, the wireless device of claim 1, wherein a nonvolatile memory within the wireless device includes both the first non-transitory computer-readable memory and the second non-transitory computer-readable memory, and wherein first blocks for the nonvolatile memory are assigned to the first non-transitory computer-readable memory, and wherein second blocks are assigned to the second non-transitory computer-readable memory (Kim, Col. 4, lines 18-21, Smart Card Integrated Circuit (IC) is known as the industry best practice since its embedded non-volatile memory is designed to protect secret data from unauthorized access. Col. 12, lines 15-23 The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory) and the code would be executed by a processor of the computer. Given this disclosure of various illustrative embodiments of the invention, one ordinarily skilled in the art could readily produce appropriate computer program code in order to implement the protocols described herein. The phrase “computer (or processor or machine) readable storage medium”)  

17. 	Regarding Claim 9, Kim, Yang and Brown discloses, the wireless device of claim 8, wherein the one or more second processors access the second blocks using a memory controller operating within the TRE (Yang, [0079], A data bus 916 can facilitate data transfer between at least a storage device 940, the processor 902, and a controller 913. The controller 913 can be used to interface with and control different equipment through an equipment control bus 914. The computing device 900).  

18. 	Regarding Claim 10, Kim, Yang and Brown discloses, the wireless device of claim 1, 
Kim does not explicitly disclose the following limitations that Yang teaches:
wherein the one or more second processors communicate with the one or more first processors using an interface controller within the TRE and a system bus within the wireless device (Yang, [0079], The controller 913 can be used to interface with and control different equipment through an equipment control bus 914. The computing device 900 can also include a network/bus interface 911 that couples to a data link 912. In the case of a wireless connection, the).  

19. 	Regarding Claim 11, Kim, Yang and Brown discloses, the wireless device of claim 1, wherein the TRE comprises a Smart Secure Platform (SSP), and wherein the TRE includes a primary platform (Kim, Col. 10, lines 28-34 session key sk for ensuring the confidentiality and integrity of subsequent communications with S (step 718). A secure communication session is created using the session key in a conventional manner.).  

20. 	Regarding Claim 13, Kim, Yang and Brown discloses, the wireless device of claim 1, wherein the TRE comprises a secure enclave for the wireless device (Kim, Col 6, lines 4-7, illustrative embodiments of the invention provide a tamper-resistant authentication framework, TSAF, for mobile M2M applications such as EV charging scenarios.).  

21. 	Regarding Claim 14, Kim, Yang and Brown discloses, the wireless device of claim 1, further comprising, in step f) for the one or more first processors, receiving, from the TRE, a primary platform identity, and, in step g) for the one or more first processors, sending, to the server system, the primary platform identity (Kim, Col. 12, lines 15-22 The computer program code would be stored in a non-transitory computer (or processor or machine) readable storage medium (e.g., a memory) and the code would be executed by a processor of the computer. Given this disclosure of various illustrative embodiments of the invention, one ordinarily skilled in the art could readily produce appropriate computer program code in order to implement the protocols described herein).  

22. 	Regarding Claim 15, Kim, Yang and Brown discloses, the wireless device of claim 1, further comprising for the one or more second processors, (g) conducting an authenticated key agreement (AKA) with a wireless network using the key K(Kim, Col. 5, lines 16-22, The combination of Session Initiation Protocol (SIP) and Authentication, Authorization, Accounting (AAA), that is a three-party model architecture (note that the combination of Extensible Authentication Protocol (EAP) and AAA is not proper for EV charging control since an application server must be combined with a Network Access Server (NAS) such as Wireless APs or Ethernet switches to ensure the end-to-end requirement).  

23. 	Regarding Claim 16, Kim, Yang and Brown discloses, the wireless device of claim 1, 
	Kim does not explicitly disclose the following limitations that Yang teaches:
wherein, after reading the firmware for the iUICC in step (c) for the one or more second processors, the TRE operates as an embedded universal integrated circuit card (eUICC)(Yang, [0002], The described embodiments relate to managing embedded universal integrated circuit card (eUICC) provisioning, including determining one or more certificate issuers (CIs) trusted by both an electronic subscriber identity module (eSIM) server and an eUICC of a wireless device. [0079], The computing device 900 can also include a secure element 950. The secure element 950 can include a universal integrated circuit card (UICC) UICC or an embedded UICC (eUICC). In some embodiments, the computing device 900 includes a baseband processor, one or more radio frequency (RF) transceivers and one or more antennas (not shown).).  
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the embedded integrated circuit to operate the card when reading the firmware to enhance security features.

24. 	Regarding Claim 17, Kim, Yang and Brown discloses, the wireless device of claim 1, 
Kim does not explicitly disclose the following limitations that Yang teaches:
further comprising the second non-transitory computer-readable memory having stored thereon (iv) third machine-readable instructions for a java ––virtual machine, wherein the firmware comprises a Java applet for the java virtual machine (Yang, [0011], The memory can also store application data and data objects that can be interpreted by applications, programs, modules, or virtual machines. The memory can store additional information, for example, files and instruction associated with an operating system, device drivers, archival data, or other types of information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the virtual machine of the memory comprising the firmware to enhance security features.

Claim Rejections - 35 USC § 103
25. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

26. 	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kim (US Patent Publication No. 11349678 B2), Yang (US Patent Publication No.  20190074983 A1) and Brown (International Patent Publication CA 2860437 A1) in view of (US Patent Publication No. 20190140836 A1).

27. 	Regarding Claim 12, Kim, Yang and Brown discloses, the wireless device of claim 11, 
	Kim, Yang and Brown does not explicitly disclose the following limitations that Novak teaches:
wherein the primary platform operates within a Trusted Execution Environment (TEE) for the one or more first processors (Novak, [0033], each of client-side TEE provision logic 110 and server-side TEE provision logic 112 may be implemented as computer program code configured to be executed in one or more processors). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the platform of the TEE to operate the processors to enhance security features. 

Conclusion
28. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433