DETAILED ACTION
This communication responsive to the Application No. 17/251,032 filed on December 10,
2021. A preliminary amendment was filed on 12/10/2022 in which claims 3-5, 8-11, 13-16, 18-19, 21-22, and 29-31 have been amended. Claims 1-32 are pending and are directed towards A TECHNIQUE FOR AUTHENTICATING DATA TRANSMITTED OVER A CELLULAR NETWORK.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/10/2022 and 09/15/2022 were Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: a security module providing… in claims 1, and 25-27.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 2-24 and 28-32 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 2-15 and 28-31 recite “A device …”, claims 16-21 recite “An authentication device…”, and claims 22-24 recite “A destination device…” respectively, this language is vague, it is not clear whether these devices, authentication devices, and the destination devices are the same or different than the ones claimed in the independent claims. Applicant is respectfully advised to amend the dependent claims to recite --- The device ---; --- The authentication device--- and --- The destination device --- respectively. Appropriate correction is advised.

Claim 32 recites language that make it unclear to determine where the preamble of claim ends and the body of the claim starts. The claim should include a preamble separated from the body of the claim by using the phrase “comprising”. Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-32 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. In particular, claims are directed to a judicial exception (abstract idea) without significantly more.  
  When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.    Examples of abstract ideas include mental processes; certain methods of organizing human activities; and mathematical relationships/formulas.  Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. ____ (2014).
Analysis has been updated based on the new 2019 Patent Eligibility Guidance (2019 PEG).
Claims 1-32 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claim 32 (exemplary) recites a series of steps for authenticating device to enable authentication of transmitted data. 
The claim is directed to apparatus, which is a statutory category of invention.
The claim is then analyzed to determine whether it is directed to a judicial exception. The claim recites the limitations of stores secret data and provides a token generation application that is executed within the dedicated security domain to generate a token using at least the secret data, responsive to receipt of a token transmitted with the data to perform a token generation process to generate a compare token using at least the secret data associated with the dedicated security domain, and to compare the compare token with the transmitted token to determine whether the transmitted data is to be treated as valid data. 
The claimed apparatus simply describes series of steps for authenticating device to enable authentication of transmitted data. These limitations, as drafted, under its broadest reasonable interpretation, covers performance of the limitations via human identification and authentication, but for the recitation of generic computer components. That is, other than reciting authentication device nothing in the claim precludes the limitations from practically being performed by organizing human activity. For example, without the structure elements language, the claim encompasses the activities that can be performed manually between the users and a third party.  These limitations are directed to an abstract idea because they are managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) that falls within the enumerated group of “certain methods of organizing human activity” in the 2019 PEG.
Next, the claim is analyzed to determine if it is integrated into a practical application. The claim recites additional elements of using authentication device to perform the steps. The authentication device in the steps are recited at a high level of generality, i.e., as a generic processor performing a generic computer function of processing data. This generic device limitation is no more than mere instructions to apply the exception using generic computer component. Also, these limitations are an attempt to limit the abstract idea to a particular technological environment. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to the abstract idea.
Next, the claim is analyzed to determine if there are additional claim limitations that individually, or as an ordered combination, ensure that the claim amounts to significantly more than the abstract ideas (whether claim provides inventive concept). As discussed above, the recitation of the claimed limitations amounts to mere instructions to implement the abstract idea on a device (using the device as a tool to implement the abstract idea). Taking the additional elements individually and in combination, the device at each step of the process performs purely generic computer functions. As such, there is no inventive concept sufficient to transform the claimed subject matter into a patent-eligible application. The same analysis applies here, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at or provide an inventive concept. 
Viewing the limitations as an ordered combination does not add anything further than looking at the limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea itself. Therefore, the claim does not amount to significantly more than the recited abstract idea. Therefore, the claim is not patent eligible.
The analysis above applies to all statutory categories of invention including claims 1 and 25-27. Furthermore, the dependent claims 2-4 and 28-31 do not resolve the issues raised in the independent claims. The dependent claims do not add limitations that meaningfully limit the abstract idea. The dependent claims do not impart patent eligibility to the abstract idea of the independent claims. Therefore, none of the dependent claims alone or as an ordered combination add limitations that qualify as integrating the abstract idea into a practical application.
Lastly, dependent claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements are simply steps performed by a generic computer. The claim merely amounts to the application or instructions to apply the abstract idea on a processor, and is considered to amount to nothing more than requiring a generic server to merely carry out the abstract idea itself.
Accordingly, claims 1-32 are rejected as ineligible for patenting under 35 U.S.C. 101 based upon the same analysis.  
The instant claims are rejected under 35 USC 101 in view of The Decision in Alice Corporation Ply. Ltd. v. CLS Bank International, et al. in a unanimous decision, the Supreme Court held that the patent claims in Alice Corporation Pty. Ltd. v. CLS Bank International, el al. ("Alice Corp. ") are not patent-eligible under 35 U.S.C. § 101. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-30 and 32 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wheeler US 2012/0047563 A1.

As per claim 1, Wheeler teaches a device comprising: 
a communication interface to transmit data over a cellular network to a destination device (The UICC may be operable to be registered with a cellular telecommunications network for which the user has a mobile telecommunications device. Wheeler, para [0017]); 
processing circuitry to generate the data to be transmitted via the communication interface (the UICC including information which is usable to authenticate the user's mobile telecommunications device with the cellular telecommunications network to obtain telecommunications services therefrom, such as voice calls, data communication sessions, SMS transmission etc. The UICC may be operable to authenticate the user by a challenge and response mechanism in accordance with the GSM and UMTS Standards (for example), such that registration with the cellular telecommunications network is only possible after satisfactory authentication has been performed. Wheeler, para [0017]); 
a security module providing one or more security domains, each security domain used to host a profile, and the profile of an enabled security domain facilitating access by the device to the cellular network (Each subscriber to the network is provided with a smart card or UICC 20 which, when associated with the user's mobile terminal 1 identifies the subscriber to the network. The UICC card is pre-programmed with a unique identification number, the "International Mobile Subscriber Identity" (IMSI) that is not visible on the card and is not known to the subscriber. The subscriber is issued with a publicly known number, that is, the subscriber's telephone number, by means of which callers initiate calls to the subscriber. This number is the MSISDN. Wheeler, para [0033]); 
at least one security domain provided by the security module hosting a profile that stores secret data and provides a token generation application that is executed within the security domain to generate a token using at least the secret data (a cellular telecommunications network Universal Integrated Circuit Card (UICC) module (commonly known as a subscriber identity module (SIM)) adapted to generate a time-dependent authentication code which is dependent on a time value and which is usable to authenticate the transaction only during a predetermined time period…a conventional UICC is modified so that it can generate a "one-time" or "dynamic" authentication code that is similar to the type used in RSA securID authentication. Wheeler, para [0008]-[0009])( The UICC 20 of the embodiments is modified to include a store 40 which stores a random key or "seed" that is allocated to the particular user of that UICC 20. The seed may be provided to the store 40 before the UICC is distributed to the user. Alternatively, the seed may be pushed securely to the UICC 20 from the core 22, whereafter it is stored in the store 40. Wheeler, para [0054]); 
the at least one security domain being responsive to a request from the processing circuitry to employ the token generation application to generate the token and to output the generated token to the processing circuitry (The authentication manager 52 operates in a similar manner to the securID server mentioned above. The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. As the authentication manager 52 runs the same algorithm as the authentication code calculator 44 of the UICC 20, if that algorithm is provided with the same seed as stored in the seed store 40 of the UICC 20, and the time indication obtained from the UTC clock 34 corresponds to the time used in the time verification processor 42 of the UICC 20, the authentication code generated by the authentication manager 52 will correspond to the authentication code generated by the authentication code calculator 44 of the UICC 20. Wheeler, para [0059]); and 
the processing circuitry being arranged to output the token in association with the transmitted data, enabling the destination device to perform authentication of the transmitted data by invoking an authentication service that also stores the secret data (The HLR 10 transmits authentication data to the MSC 2 in "challenge" and "response" forms. Using this data, MSC 6 passes a "challenge" to the mobile terminal 1 through base station 7. Upon receipt of this data, the mobile terminal 1 passes this data to its UICC and produces a "response". This response is generated using an encryption algorithm on the UICC and a unique key Ki on the UICC. The response is transmitted back to the MSC 6 which checks it against its own information for the subscriber which checks it against information that it has obtained for that subscriber from the HLR 10 in order to complete the authentication process. If the response from the mobile terminal 1 is as expected, the mobile terminal 1 is deemed authenticated. Wheeler, para [0037]) (A convenient mechanism (if available) for transmission of the user ID, PIN, authentication code and/or transaction reply message is the cellular telecommunications network, via the network core 22 and the Internet 32. Wheeler, para [0089]).

As per claim 2, Wheeler teaches a device as claimed in Claim 1, wherein the processing circuitry is further arranged to transmit a unique identifier in association with the transmitted data, to enable the destination device to provide the unique identifier to the authentication service along with the generated token (The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. Wheeler, para [0059]).

As per claim 3, Wheeler teaches a device as claimed in Claim 1, wherein the unique identifier is an identifier for the profile that generated the token (The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. Wheeler, para [0059]).

As per claim 4, Wheeler teaches a device as claimed in Claim 1, wherein each profile is associated with a mobile network operator that controls the content of that profile (Each of the MSCs of the network (MSC 2 and MSC 6) has a respective VLR (14 and 11) associated with it and operates in the same way as already described when a subscriber activates a mobile terminal in one of the cells corresponding to one of the base stations controlled by that MSC. Wheeler, para [0039]).

As per claim 5, Wheeler teaches a device as claimed in Claim 1, wherein the security module is one of an embedded universal integrated-circuit card (eUICC) and an integrated UICC (iUICC) capable of storing a plurality of profiles (Each subscriber to the network is provided with a smart card or UICC 20 which, when associated with the user's mobile terminal 1 identifies the subscriber to the network. The UICC card is pre-programmed with a unique identification number, the "International Mobile Subscriber Identity" (IMSI) that is not visible on the card and is not known to the subscriber. The subscriber is issued with a publicly known number, that is, the subscriber's telephone number, by means of which callers initiate calls to the subscriber. This number is the MSISDN. Wheeler, para [0033]).

As per claim 6, Wheeler teaches a device as claimed in Claim 5, wherein each profile is downloadable to an associated security domain within the security module under control of a Subscription Management Platform managed by a mobile network operator (Each subscriber to the network is provided with a smart card or UICC 20 which, when associated with the user's mobile terminal 1 identifies the subscriber to the network. The UICC card is pre-programmed with a unique identification number, the "International Mobile Subscriber Identity" (IMSI) that is not visible on the card and is not known to the subscriber. The subscriber is issued with a publicly known number, that is, the subscriber's telephone number, by means of which callers initiate calls to the subscriber. This number is the MSISDN. The network includes a home location register (HLR) 10 which, for each subscriber to the network, stores the IMSI and the corresponding MSISDN together with other subscriber data, such as the current or last known MSC or SGSN of the subscriber's mobile terminal. Wheeler, para [0033]-[0034]).

As per claim 7, Wheeler teaches a device as claimed in Claim 6, wherein the token generation application is downloaded as part of the download process for a profile that provides the token generation application (The authentication manager 52 operates in a similar manner to the securID server mentioned above. The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. As the authentication manager 52 runs the same algorithm as the authentication code calculator 44 of the UICC 20, if that algorithm is provided with the same seed as stored in the seed store 40 of the UICC 20, and the time indication obtained from the UTC clock 34 corresponds to the time used in the time verification processor 42 of the UICC 20, the authentication code generated by the authentication manager 52 will correspond to the authentication code generated by the authentication code calculator 44 of the UICC 20. Wheeler, para [0059]).

As per claim 8, Wheeler teaches a device as claimed in Claim 6, wherein when the profile being downloaded is a profile that provides the token generation application, a key generated during a download procedure employed to download that profile is used as the secret data, and the key is provided by the Subscription Management Platform to the authentication service (The time-dependent authentication code may be dependent upon a key value and the time value. The key value may be unique to the user of the UICC. The key value may be transmitted securely over the air to the UICC for storage on the UICC. Wheeler, para [0016]) (The UICC 20 then generates a response using an encryption algorithm in the SIM or USIM and a unique key Ki in the SIM or USIM. Wheeler, para [0093]).

As per claim 9, Wheeler teaches a device as claimed in Claim 1, wherein the secret data is dedicated secret data generated specifically for use by the token generation application, and the secret data is provided to the authentication service at least prior to the profile being enabled for use on the device (The time-dependent authentication code may be dependent upon a key value and the time value. The key value may be unique to the user of the UICC. The key value may be transmitted securely over the air to the UICC for storage on the UICC. Wheeler, para [0016]).

As per claim 10, Wheeler teaches a device as claimed in Claim 1, wherein the secret data is a symmetric key (The time-dependent authentication code may be dependent upon a key value and the time value. The key value may be unique to the user of the UICC. The key value may be transmitted securely over the air to the UICC for storage on the UICC. Wheeler, para [0016]) (The UICC 20 then generates a response using an encryption algorithm in the SIM or USIM and a unique key Ki in the SIM or USIM. Wheeler, para [0093]).

As per claim 11, Wheeler teaches a device as claimed in Claim 1, wherein the token generation application that is executed within the security domain is arranged to generate the token using the secret data and a timestamp (the time-dependent authentication code is generated by an authentication code calculator. The authentication code calculator receives a message from a transaction manager application (which may be provided on the UICC module or may be provided on another part of the apparatus). The message includes a time value and other information which allows the time verification device to verify that the time value is accurate. The information may include an indication that the time value has very recently been obtained from a network connection by a reliable clock source. Alternatively, the information may include an indication that the time value has been evaluated and is considered to be likely to be an accurate estimation of the true current time. Wheeler, para [0013]-[0014]).

As per claim 12, Wheeler teaches a device as claimed in Claim 11, wherein the token generation application is arranged to employ one of a Time-based One-Time Password (TOTP) algorithm and an event- based One-Time Password algorithm (a conventional UICC 20 is modified so that it can generate "one-time" or "dynamic" passwords, for example similar to the type used in RSA securID authentication. Wheeler, para [0053]) (the time-dependent authentication code is generated by an authentication code calculator. The authentication code calculator receives a message from a transaction manager application (which may be provided on the UICC module or may be provided on another part of the apparatus). The message includes a time value and other information which allows the time verification device to verify that the time value is accurate. The information may include an indication that the time value has very recently been obtained from a network connection by a reliable clock source. Alternatively, the information may include an indication that the time value has been evaluated and is considered to be likely to be an accurate estimation of the true current time. Wheeler, para [0013]-[0014])( The time-dependent authentication code may be dependent upon a key value and the time value. Wheeler, para [0016]).

As per claim 13, Wheeler teaches a device as claimed in Claim 11, wherein the processing circuitry does not transmit the timestamp with the transmitted data, and the authentication service is arranged to make an assumption about the timestamp (obtaining the current time from a time source, which time obtaining device may cause generation of a message for requesting the current time value from the time source. This message may be in the form of a USSD message, an SMS message or a method sent in a packet switched or circuit switched communication system between a mobile telecommunications device and the cellular telecommunications network. The time value from the time source may be communicated back using one of the same mechanisms (e.g. USSD, SMS, or packet or circuit switched communication session)…When the time verification device provides an indication that the time is considered to be likely to be an accurate estimate of the current time, the time verifying device may compare the current time with a time indicator from a local clock that is accessible by the apparatus, the time verifying device calculating an offset value indicative of the difference between the current time and the time indicator, such that the time verifying device may use this offset to estimate the current time when only a time indicator from a local clock is available. Wheeler, para [0014]-[0015]).

As per claim 14, Wheeler teaches a device as claimed in Claim 1, wherein a dedicated security domain is arranged to host the profile that stores the secret data and provides the token generation application, and a plurality of other security domains are provided to host subscription profiles associated with different mobile network operators, wherein the profile that provides the token generation algorithm is referenced when a request for a token is received from the processing circuitry, irrespective of the currently enabled subscription profile (Each subscriber to the network is provided with a smart card or UICC 20 which, when associated with the user's mobile terminal 1 identifies the subscriber to the network. The UICC card is pre-programmed with a unique identification number, the "International Mobile Subscriber Identity" (IMSI) that is not visible on the card and is not known to the subscriber. The subscriber is issued with a publicly known number, that is, the subscriber's telephone number, by means of which callers initiate calls to the subscriber. This number is the MSISDN. Wheeler, para [0033])( The UICC 20 of the embodiments is modified to include a store 40 which stores a random key or "seed" that is allocated to the particular user of that UICC 20. The seed may be provided to the store 40 before the UICC is distributed to the user. Alternatively, the seed may be pushed securely to the UICC 20 from the core 22, whereafter it is stored in the store 40. This secure push may take place wirelessly over the cellular telecommunications network via the mobile device 1. Wheeler, para [0054]-[0059]).

As per claim 15, Wheeler teaches a device as claimed in Claim 1, wherein the token is provided in an authentication header associated with the transmitted data (The security of the push of the seed is maintained by a cryptographic device defined in GSMA and 3GPP documentation of SIM and USIM over the air provisioning, including document 3GPP TS 23.048, which is incorporated herein by reference. The seed may be transmitted on a packed switched communication session following authentication of the SIM with the network core 22. Wheeler, para [0054]).

As per claim 16,  Wheeler teaches an authentication device arranged to implement an authentication service for data transmitted to a destination device by a device as claimed in Claim 1, the authentication device being responsive to receipt of a token transmitted with the data to the destination device to perform a token generation process to generate a compare token using at least the secret data, and to compare the compare token with the transmitted token to determine whether the transmitted data is to be treated as valid data by the destination device (The authentication manager 52 operates in a similar manner to the securID server mentioned above. The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. As the authentication manager 52 runs the same algorithm as the authentication code calculator 44 of the UICC 20, if that algorithm is provided with the same seed as stored in the seed store 40 of the UICC 20, and the time indication obtained from the UTC clock 34 corresponds to the time used in the time verification processor 42 of the UICC 20, the authentication code generated by the authentication manager 52 will correspond to the authentication code generated by the authentication code calculator 44 of the UICC 20. The time received by the authentication manager 52 from the UTC 34 clock will typically be accurate to within a second and is not affected by time zones. As indicated above, the NITZ time is not an appropriate basis for the UICC to calculate an authentication code because that authentication code is accurate only to within one minute and is affected by time zones. If the UICC is in a different time zone to UTC, then the authentication code generated by the UICC 20 will not match the authentication code generated by the authentication manager 52. Even if the UICC 20 is in the same time zone as UTC, the NITZ time could be up to fifty nine seconds slow or fast, so that the authentication code generated by the UICC 20 will not usually match the authentication code generated by the authentication manager 52. Wheeler, para [0059]).

As per claim 17, Wheeler teaches an authentication device as claimed in Claim 16, wherein an indication of a unique identifier is provided to the authentication device with the transmitted token, and the authentication device maintains a record of the secret data associated with a number of unique identifiers, wherein when performing the token generation process the record is referenced in order to obtain the secret data for the unique identifier associated with the transmitted token (The authentication manager 52 performs an algorithm which corresponds to the algorithm used in the UICC 20 to calculate the authentication code. The authentication manager 52 has for each user of the corporate network 30 details of their user ID, PIN and the seed stored on the seed store 40 of the user's UICC 20. The user ID, PIN and seed for each user may be stored on database 54 which is accessible by the authentication manager 52. The authentication manager 52 is able to obtain the UTC time from the UTC clock 34 via the interne 32. Wheeler, para [0059]).

As per claim 18, Wheeler teaches an authentication device as claimed in Claim 16, wherein the authentication device is arranged to apply an identical token generation algorithm to that used by the token generation application executed within a security domain of the security module of the device (The modified UICC 20 further includes an authentication code calculator 44 which is operable to calculate an authentication code, that is dependent from the time obtained from the time verification processor 42 and on the seed obtained from the seed store 40. The authentication code will therefore change each time the time provided by the time verification processor 42 changes (in a similar manner to which the authentication code changes on an RSA securID token). Wheeler, para [0056]).

As per claim 19, Wheeler teaches an authentication device as claimed in Claim 16, wherein when performing the token generation process an assumption is made about a timestamp value employed by the device when the transmitted token was generated (As the authentication manager 52 runs the same algorithm as the authentication code calculator 44 of the UICC 20, if that algorithm is provided with the same seed as stored in the seed store 40 of the UICC 20, and the time indication obtained from the UTC clock 34 corresponds to the time used in the time verification processor 42 of the UICC 20, the authentication code generated by the authentication manager 52 will correspond to the authentication code generated by the authentication code calculator 44 of the UICC 20. The time received by the authentication manager 52 from the UTC 34 clock will typically be accurate to within a second and is not affected by time zones. As indicated above, the NITZ time is not an appropriate basis for the UICC to calculate an authentication code because that authentication code is accurate only to within one minute and is affected by time zones. If the UICC is in a different time zone to UTC, then the authentication code generated by the UICC 20 will not match the authentication code generated by the authentication manager 52. Even if the UICC 20 is in the same time zone as UTC, the NITZ time could be up to fifty nine seconds slow or fast, so that the authentication code generated by the UICC 20 will not usually match the authentication code generated by the authentication manager 52. Wheeler, para [0059]).

As per claim 20, Wheeler teaches an authentication device as claimed in Claim 19, wherein the token generation process is repeated for a number of possible timestamp values, and when no match is detected between the transmitted token and one of the generated compare tokens the authentication device is arranged to indicate that the transmitted data is to be treated as invalid data by the destination device (a UICC 20 to be performed by the authentication manager 52, it is important that the time value that is used as the basis to calculate the authentication code at the authentication code calculator 44 of the UICC and at the authentication code calculator of the authentication manager 52 are the same. If they are not the same, then the authentication codes will not match and authentication of the transaction will not be possible.. Wheeler, para [0059]-[0060]).

As per claim 21, Wheeler teaches an authentication device as claimed in Claim 16, wherein the authentication device is incorporated within the destination device (the authentication manager 52 identifies the user ID from the received message, and retrieves the PIN associated with that user ID that has previously been stored in the database 54. The authentication manager 52 retrieves the seed corresponding to the user ID from the database 54 and obtains the current time, via the internet 32, from the UTC clock 34. An authentication algorithm on the authentication manager 52, which corresponds to the authentication algorithm on the authentication code calculator 44 of the UICC 20, calculates an authentication code based on the retrieved time (from the UTC clock 34) and the retrieved seed (from the database 54). If the both the PIN and the authentication code calculated by the authentication manager 52 match the PIN and the authentication code received in the transaction request message from the mobile device 1, this proves that the transaction originated from a person that knew the user ID and the PIN of the user, and who also had possession of the UICC 20 at the time the transaction message was created (in order to be able to create the correct authentication code in the transaction request message). Wheeler, para [0086])

As per claim 22, Wheeler teaches a destination device comprising: 
a first interface to receive transmitted data from a device as claimed in Claim 1; 
a second interface to communicate with an authentication service to request authentication of the transmitted data, the destination device being arranged to employ the second interface to forward to the authentication service the token provided in association with the transmitted data, and receive an authentication response from the authentication service; and
data handling circuitry to process the transmitted data in dependence on the authentication response (The HLR 10 transmits authentication data to the MSC 2 in "challenge" and "response" forms. Using this data, MSC 6 passes a "challenge" to the mobile terminal 1 through base station 7. Upon receipt of this data, the mobile terminal 1 passes this data to its UICC and produces a "response". This response is generated using an encryption algorithm on the UICC and a unique key Ki on the UICC. The response is transmitted back to the MSC 6 which checks it against its own information for the subscriber which checks it against information that it has obtained for that subscriber from the HLR 10 in order to complete the authentication process. If the response from the mobile terminal 1 is as expected, the mobile terminal 1 is deemed authenticated. Wheeler, para [0037] [0093]).

As per claim 23, Wheeler teaches a destination device as claimed in Claim 22, further comprising log storage to maintain a log providing information about instances where transmitted data was treated as invalid based on the authentication response (The terminal stores its last known location area on its UICC. This information stored on the UICC is compared with the location area information broadcast by the local cell. The identities of the two location areas are compared. If they are different, the mobile terminal determines that it has entered a new location area. The mobile terminal then gains access to a radio channel and requests a location area update (LAU). The request includes the now out-of-date LAI. If the MSC/VLR is the same for the new and old location areas, the network can immediately authenticate the mobile terminal and note the change of location area. However, if the mobile terminal is moved to a different MSC/VLR, the MSC/VLR addresses a message to the HSS/HLR. The HSS/HLR notes the new location and downloads security parameters to allow the network to authenticate the mobile. It also passes on subscription details of the user to the new VLR and informs the old VLR to delete its records. The new MSC/VLR allocates a new TMSI to the mobile. Wheeler, para [0049]).

As per claim 24, Wheeler teaches a destination device as claimed in Claim 23, further comprising alert generation circuitry to issue an alert signal in dependence on the information held in the log storage (When the transaction manager is initiated, it registers with the mobile device 1 to be notified when certain events occur. These events should include: (A) the mobile device registering with the mobile telecommunications network; (B) the mobile device undergoing a location update in the mobile telecommunications network; (C) the clock on the mobile device being changed for any reason, including a notification from the mobile telecommunications network, and also including a manual change by the user. The flow chart of FIG. 4 shows the steps performed by the time manager application 60 to determine when the "get time" procedure should be performed. Wheeler, para [0067]-[0069]).

As per claim 25, rejected in a similar way and rational used to reject claim 1. 

As per claim 26, rejected in a similar way and rational used to reject claims 1, 14 and 16.  

As per claim 27, rejected in a similar way and rational used to reject claims 1, 14 and 16.  

As per claim 28, Wheeler teaches a device as claimed in Claim 27, wherein the token generation application is downloadable to the dedicated security domain (if the mobile terminal is moved to a different MSC/VLR, the MSC/VLR addresses a message to the HSS/HLR. The HSS/HLR notes the new location and downloads security parameters to allow the network to authenticate the mobile. It also passes on subscription details of the user to the new VLR and informs the old VLR to delete its records. The new MSC/VLR allocates a new TMSI to the mobile. Wheeler, para [0049]).

As per claim 29, Wheeler teaches a device as claimed in Claim 27, wherein the secret data is downloadable to the dedicated security domain (if the mobile terminal is moved to a different MSC/VLR, the MSC/VLR addresses a message to the HSS/HLR. The HSS/HLR notes the new location and downloads security parameters to allow the network to authenticate the mobile. It also passes on subscription details of the user to the new VLR and informs the old VLR to delete its records. The new MSC/VLR allocates a new TMSI to the mobile. Wheeler, para [0049]).

As per claim 30, Wheeler teaches a device as claimed in Claim 27, wherein the security module further comprises a profile control element to control which of the plurality of other security domains is the enabled other security domain, and the dedicated security domain is arranged to continue to service each request from the processing circuitry for a token, irrespective of any change to the enabled other security domain made by the profile control element (Each subscriber to the network is provided with a smart card or UICC 20 which, when associated with the user's mobile terminal 1 identifies the subscriber to the network. The UICC card is pre-programmed with a unique identification number, the "International Mobile Subscriber Identity" (IMSI) that is not visible on the card and is not known to the subscriber. The subscriber is issued with a publicly known number, that is, the subscriber's telephone number, by means of which callers initiate calls to the subscriber. This number is the MSISDN. Wheeler, para [0033])( The UICC 20 of the embodiments is modified to include a store 40 which stores a random key or "seed" that is allocated to the particular user of that UICC 20. The seed may be provided to the store 40 before the UICC is distributed to the user. Alternatively, the seed may be pushed securely to the UICC 20 from the core 22, whereafter it is stored in the store 40. This secure push may take place wirelessly over the cellular telecommunications network via the mobile device 1. Wheeler, para [0054]-[0059]).

As per claim 32, rejected in a similar way and rational used to reject claims 1, 14 and 16.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 31 is rejected under 35 U.S.C. 103 as being unpatentable over Wheeler US 2012/0047563 A1 in view of Desai et al. US 2015/0302398 A1 (hereinafter “Desai”) .

As per claim 31, Wheeler teaches a device as claimed in Claim 27. Wheeler does not explicitly teach wherein the dedicated security domain comprises an Issuer Security Domain Applet (ISD-A).
However, Desai teaches wherein the dedicated security domain comprises an Issuer Security Domain Applet (ISD-A) (access to an issuer security domain applet may be exclusive to the issuer widget. The system may prevent any issuer widget to access another issuer's security domain. The system may prevent the widget from accessing System Actions which may not be granted explicitly to the given widget. The system may prevent any issuer widget from accessing URLs/domains other than what are explicitly granted to the given widget. Desai, para [0218])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Wheeler in view of Desai. One would be motivated to do so, to enhance the security of the system. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/            Examiner, Art Unit 2492