DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/10/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claim 8 is objected to because of the following informalities:  
Claim 8 has no antecedent basis for “the OTA key”.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 5-6, 9, 12-13, 15, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao et al (PGPUB 2019/0364415), and further in view of Yang et al (PGPUB 2015/0347786).

Regarding Claims 1, 12, and 18:
Gao teaches a method, a non-transitory computer-readable medium storing instructions, and an embedded universal integrated circuit card (eUICC) configured in a device, the eUICC including a processor and instructions that, when executed by the processor, configure the eUICC to (paragraph 140, terminal including LPA and eUICC): 
receive, from a provisioning server via the device, a message including a profile content package (paragraph 148, SM-DP+ delivers metadata with profile to LPA of terminal; paragraph 155, LPA sends subscription profile to eUICC in terminal),
perform a verification of the message (paragraph 135, LPA and the eUICC sequentially verify, based on applicable-operator information, applicable-condition information, and forbidden-region information of each policy rule recorded in the RAT, whether the policy rule in a downloaded subscription profile is allowed, in other words, verify whether the subscription profile can be installed; paragraph 155, LPA sends subscription profile to eUICC in terminal; paragraph 156, eUICC determines, based on authorization file, whether use of subscription profile is allowed; paragraph 158, eUICC verifies policy rule in metadata); 
when the verification is successful (paragraph 135, verification of subscription profile; paragraph 157, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile), install first data in a profile present on the eUICC, wherein the profile content package includes the first data (paragraph 157, if eUICC determines that use of subscription profile is allowed, eUICC installs the subscription profile); and 
when the verification is not successful (paragraph 135, verification of subscription profile; paragraph 8, eUICC determines that use of subscription profile is not allowed), discard the profile content package (paragraph 8, if eUICC determines that use of subscription profile is not allowed, eUICC discards the subscription profile).
Gao does not explicitly teach receiving, from a mobile network operator (MNO) server via the device and the provisioning server, a request to generate a nonce to use for verification of the message that includes the profile content package;
sending the nonce to the MNO server via the device and the provisioning server, wherein the MNO server is operated by an MNO; 
wherein the message includes an encrypted version of the nonce; and
perform the verification of the message based on the encrypted version of the nonce.
However, Yang teaches the concept of receiving, from a mobile network operator (MNO) server via a device and a provisioning server (paragraph 23, provisioning server 102 can be embodied as one or more computing devices that can be configured to generate and/or provision eSIMs to eUICCs (e.g., eUICC 120) implemented on wireless communication devices 106; provisioning server 102 can be hosted/operated by any entity that can maintain, provision, and/or manage a pool of eSIMs, such as by way of non-limiting example, a mobile network operator(s)), a request to generate a nonce to use for verification of a message that includes a profile content package (paragraph 20, the eUICC of some example embodiments can be configured to maintain a single-use session parameter, such as a level 2 (L2) challenge and/or other security nonce; paragraph 74-75, server L2 512 can perform L2 verification of the session request, and can generate a signed session response (sessionResponse), at operation 538, which can be sent to the wireless communication device 508 via the server L3 510; wireless communication device 508 can pass an instruction (prepareeSIMOperationRequest), which can include the session response from the server L2 512, to the eUICC, at operation 540; paragraph 76-77, provided session response is appropriately verified, eUICC passes parameters such as L2 challenge (i.e. “nonce”) to server L3 via wireless communication device); 
sending the nonce to the MNO server via the device and a provisioning server, wherein the MNO server is operated by an MNO (paragraph 23, provisioning server 102 can be hosted/operated by any entity that can maintain, provision, and/or manage a pool of eSIMs, such as by way of non-limiting example, a mobile network operator(s)); paragraph 76-77, provided that the session response is appropriately verified, Stage 3a 544, which can include operations 546-566 of the provisioning session can begin; operation 546 can include the eUICC L2 504 passing parameters, such as the L2 challenge for the session, the eUICC public key, and the eUICC certificate, for eSIM provisioning to the wireless communication device 508; the wireless communication device 508 can, in turn, send those parameters to the server L3 510 (e.g., in a “performeSIMOperation” message) in operation 548); 
receiving a message, wherein the message includes an encrypted version of the nonce (paragraph 79, server L2 512 can additionally send a personalizeeSIM command including the eUICC parameters (e.g., the L2 challenge, eUICC public key, and eUICC certificate) to the server L1 514, at operation 558; the server L1 514 can prepare an eSIM package including an encrypted eSIM (e.g., with the eUICC public key) and can send the eSIM package to the server L2 512; paragraph 80, wireless communication device requests server L3 to send eSIM package via “geteSIM” message; server sends eSIM package to wireless communication device for storage; paragraph 62, eSIM package includes copy of L2 session parameter (i.e. L2 challenge) encrypted along with eSIM); and
performing a verification of the message based on the encrypted version of the nonce (paragraph 62, eSIM package includes copy of L2 session parameter (i.e. L2 challenge) encrypted along with eSIM; paragraph 84-85, local copy of L2 challenge used to verify validity of eSIM package).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the profile content package nonce teachings of Yang with the eUICC profile package verification teachings of Gao, in order to provide a means of protecting an eUICC from particular types of attacks during profile updates, such as replay attacks and cloning, using concepts in the art which are well-known and well-understood, such as sharing a one-time-use nonce, thereby improving the security environment.

Regarding Claims 2 and 13:
Gao in view of Yang teaches the method of claim 1 and the eUICC of claim 12.  In addition, Yang teaches wherein the profile content package comprises a partial electronic subscriber identity module (eSIM) for updating content of the profile present on the eUICC (paragraph 20, eSIM loaded onto eUICC).
The rationale to combine Gao and Yang is the same as provided for claims 1 and 12 due to the overlapping subject matter between claims 1 and 2, 12 and 13.

Regarding Claim 5:
Gao in view of Yang teaches the method of claim 1.  In addition, Gao teaches wherein the provisioning server is a subscriber management data preparation (SMDP) server (paragraph 139, SM-DP+ generates and/or encrypts subscription profile; paragraph 148, 264, SM-DP+ delivers metadata with profile to LPA of terminal; LPA verifies policy rules carried in the subscription profile, i.e. metadata; paragraph 155, 266, LPA sends subscription profile to eUICC in terminal).
 
Regarding Claims 6 and 15:
Gao in view of Yang teaches the method of claim 1 and the eUICC of claim 12.  In addition, Yang teaches wherein the eUICC verifies the message by at least decrypting the encrypted version of the nonce using a pre-shared symmetric key (paragraph 61, eSIM encrypted with symmetric key, which is maintained in secret by the eUICC for later use in decrypting the eSIM; symmetric key used to decrypt eSIM; paragraph 62, L2 session parameter included in eSIM package encrypted along with eSIM; therefore, symmetric key decrypts L2 session parameter).
The rationale to combine Gao and Yang is the same as provided for claims 1 and 12 due to the overlapping subject matter between claims 1 and 6, 12 and 15.

Regarding Claim 9:
Gao in view of Yang teaches the method of claim 1.  In addition, Yang teaches the method, further comprising: 
by the eUICC in the device: 
receiving, from the MNO server via the provisioning and the device, a request to generate the nonce to use for verification of the message that includes the profile content package (paragraph 20, the eUICC of some example embodiments can be configured to maintain a single-use session parameter, such as a level 2 (L2) challenge and/or other security nonce; paragraph 74-75, server L2 512 can perform L2 verification of the session request, and can generate a signed session response (sessionResponse), at operation 538, which can be sent to the wireless communication device 508 via the server L3 510; wireless communication device 508 can pass an instruction (prepareeSIMOperationRequest), which can include the session response from the server L2 512, to the eUICC, at operation 540; paragraph 76-77, provided session response is appropriately verified, eUICC passes parameters such as L2 challenge (i.e. “nonce”) to server L3 via wireless communication device).
The rationale to combine Gao and Yang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 9.

Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Yang, and further in view of Nix (PGPUB 2015/0143125).

Regarding Claim 3:
Gao in view of Yang teaches the method of claim 1.
Neither Gao nor Yang explicitly teaches wherein performing the verification comprises decrypting the encrypted version of the nonce using a public key of the MNO. 
However, Nix teaches the concept wherein performing a verification comprises decrypting an encrypted version of a nonce using a public key of an MNO (paragraph 100, eUICC verifies received signature using network public key; eUICC subscription manager associated with MNO originally signs profile using network private key; network public key can therefore be seen as “public key of an MNO”).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine PKI signature verification teachings of Nix with the eUICC profile package verification teachings of Gao in view of Yang, in order to incorporate the benefits of PKI-based signature verification methods, as is well-known in the art, to cryptographically prove that data which has been received was provided by a source which had the private key corresponding to the public key, and was therefore not provided by an unauthorized party or malicious agent.

Claim(s) 4, 14, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Yang, and further in view of Masushio et al (PGPUB 2010/0049984).

Regarding Claims 4, 14 and 19:
Gao in view of Yang teaches the method of claim 1, the eUICC of claim 12, and the non-transitory computer-readable medium of claim 18.
Neither Gao nor Yang explicitly teaches wherein the eUICC verifies the message by at least: 
parsing a first integrity check value (ICV) from the message; 
computing a second ICV based on the message; 
performing a comparison of the first ICV and the second ICV; and 
when the comparison indicates that the message has been modified, sending a second message to the provisioning server, wherein the second message includes a retransmission request.
However, Masushio teaches the concept wherein a processor verifies a message by at least: 
parsing a first integrity check value (ICV) from the message (paragraph 122, signature data transmitted from the browser); 
computing a second ICV based on the message (paragraph 121, the signature authentication processing unit 212 performs encryption processing on the user ID and current time received from the browser 106 using the signature key to generate signature data); 
performing a comparison of the first ICV and the second ICV (paragraph 122, the signature authentication processing unit 212 compares the generated signature data and the signature data transmitted from the browser 106); and 
when the comparison indicates that the message has been modified, sending a second message to a provisioning server, wherein the second message includes a retransmission request (paragraph 124, if the generated signature data is not the same as the signature data transmitted from the browser 106, the signature authentication processing unit 212 determines that the user ID or current time transmitted from the browser 106 may be falsified; in this case, the signature authentication processing unit 212 rejects access from the browser 106; at this point, the information providing server 200 may transmit a message of access rejection or a message of requesting retransmission of authentication information to the browser 106); and
Gao teaches wherein the processor is an eUICC (paragraph 140).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine integrity check teachings of Masushio with the eUICC profile package verification teachings of Gao in view of Yang, in order to incorporate the benefits of signature verification methods, as is well-known in the art, to cryptographically prove that data which has been received is the same data which was sent, and that the received data had not been degraded or tampered with during transit.

Claim(s) 7-8, 16, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Yang, and further in view of Park et al (PGPUB 2017/0156051).

Regarding Claim 7:
Gao in view of Yang teaches the method of claim 6.
Neither Gao nor Yang explicitly teaches wherein the pre-shared symmetric key is an over-the-air (OTA) key associated with the MNO.
However, Park teaches the concept wherein a pre-shared symmetric key is an over-the-air (OTA) key associated with an MNO (paragraph 64-65, OTA message includes the profile and is encrypted using an OTA encryption key, and the encrypted OTA message is inserted into data of an SMS message and then transmitted; the eUICC having received the SMS message acquires the OTA message from the SMS message, decrypts the OTA message by using the OTA encryption key, and then acquires a profile through an additional process using decrypted information; further, the eUICC installs the profile).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA key teachings of Park with the eUICC profile package verification teachings of Gao in view of Yang, with the benefit of ensuring that a profile received from a particular MNO was securely decrypted and verified using a key provided by said MNO, thereby allowing controlled distribution of profile information according to a single entity, and protecting against unauthorized distribution of MNO data to other users, accounts, third-parties, etc. which do not possess the necessary security keys/credentials allocated by the MNO to known subscribers.

Regarding Claim 8:
Gao in view of Yang teaches the method of claim 6.
Neither Gao nor Yang explicitly teaches the method, further comprising: 
by the eUICC in the device: 
obtaining, from the profile to be updated, the OTA key associated with the MNO.
However, Park teaches the concept of, by an eUICC in a device:
obtaining, from a profile to be updated, an OTA key associated with an MNO (paragraph 75, it is assumed that an EID (that is, an eUICC identifier) of the second UICC 355-2 is EID2 and an OTA encryption key stored in the second UICC 355-2 is OTA key 2; then, when a profile of a new MNO is installed in the second UICC 355-2 corresponding to the eUICC, the operator server 310 makes a request for opening the terminal 350 to the SM server 330; at this time, the operator server 310 makes a request for installing the profile in the second UICC 355-2 corresponding to EID2 to the SM server 330; then, the SM server 330 generates an OTA message for installing the profile and, at this time, encrypts the OTA message for downloading the profile based on, for example, OTA key2 which is the OTA encryption key of EID2).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA key teachings of Park with the eUICC profile package verification teachings of Gao in view of Yang, with the benefit of ensuring that a profile received from a particular MNO was securely decrypted and verified using a key provided by said MNO, thereby allowing controlled distribution of profile information according to a single entity, and protecting against unauthorized distribution of MNO data to other users, accounts, third-parties, etc. which do not possess the necessary security keys/credentials allocated by the MNO to known subscribers.

Regarding Claim 16:
Gao in view of Yang teaches the eUICC of claim 15.
Neither Gao nor Yang explicitly teaches wherein the pre-shared symmetric key is an over-the-air (OTA) key associated with the MNO and obtained by the eUICC from the profile to be updated.
However, Park teaches the concept wherein a pre-shared symmetric key is an over-the-air (OTA) key associated with an MNO (paragraph 64-65, OTA message includes the profile and is encrypted using an OTA encryption key, and the encrypted OTA message is inserted into data of an SMS message and then transmitted; the eUICC having received the SMS message acquires the OTA message from the SMS message, decrypts the OTA message by using the OTA encryption key, and then acquires a profile through an additional process using decrypted information; further, the eUICC installs the profile) and obtained by an eUICC from a profile to be updated (paragraph 75, it is assumed that an EID (that is, an eUICC identifier) of the second UICC 355-2 is EID2 and an OTA encryption key stored in the second UICC 355-2 is OTA key 2; then, when a profile of a new MNO is installed in the second UICC 355-2 corresponding to the eUICC, the operator server 310 makes a request for opening the terminal 350 to the SM server 330; at this time, the operator server 310 makes a request for installing the profile in the second UICC 355-2 corresponding to EID2 to the SM server 330; then, the SM server 330 generates an OTA message for installing the profile and, at this time, encrypts the OTA message for downloading the profile based on, for example, OTA key2 which is the OTA encryption key of EID2).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA key teachings of Park with the eUICC profile package verification teachings of Gao in view of Yang, with the benefit of ensuring that a profile received from a particular MNO was securely decrypted and verified using a key provided by said MNO, thereby allowing controlled distribution of profile information according to a single entity, and protecting against unauthorized distribution of MNO data to other users, accounts, third-parties, etc. which do not possess the necessary security keys/credentials allocated by the MNO to known subscribers.

Regarding Claim 20:
Gao in view of Yang teaches the non-transitory computer-readable medium of claim 18.  In addition, Yang teaches wherein: 
the eUICC verifies the message by at least decrypting the encrypted version of the nonce using a pre-shared symmetric key (paragraph 61, eSIM encrypted with symmetric key, which is maintained in secret by the eUICC for later use in decrypting the eSIM; symmetric key used to decrypt eSIM; paragraph 62, L2 session parameter included in eSIM package encrypted along with eSIM; therefore, symmetric key decrypts L2 session parameter).
The rationale to combine Gao and Yang is the same as provided for claims 1 and 12 due to the overlapping subject matter between claims 1 and 6, 12 and 15.
Neither Gao nor Yang explicitly teaches the pre-shared symmetric key is an over-the-air (OTA) key associated with the MNO and obtained by the eUICC from the profile to be updated.
However, Park teaches the concept wherein a pre-shared symmetric key is an over-the-air (OTA) key associated with an MNO (paragraph 64-65, OTA message includes the profile and is encrypted using an OTA encryption key, and the encrypted OTA message is inserted into data of an SMS message and then transmitted; the eUICC having received the SMS message acquires the OTA message from the SMS message, decrypts the OTA message by using the OTA encryption key, and then acquires a profile through an additional process using decrypted information; further, the eUICC installs the profile) and obtained by an eUICC from a profile to be updated (paragraph 75, it is assumed that an EID (that is, an eUICC identifier) of the second UICC 355-2 is EID2 and an OTA encryption key stored in the second UICC 355-2 is OTA key 2; then, when a profile of a new MNO is installed in the second UICC 355-2 corresponding to the eUICC, the operator server 310 makes a request for opening the terminal 350 to the SM server 330; at this time, the operator server 310 makes a request for installing the profile in the second UICC 355-2 corresponding to EID2 to the SM server 330; then, the SM server 330 generates an OTA message for installing the profile and, at this time, encrypts the OTA message for downloading the profile based on, for example, OTA key2 which is the OTA encryption key of EID2).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the OTA key teachings of Park with the eUICC profile package verification teachings of Gao in view of Yang, with the benefit of ensuring that a profile received from a particular MNO was securely decrypted and verified using a key provided by said MNO, thereby allowing controlled distribution of profile information according to a single entity, and protecting against unauthorized distribution of MNO data to other users, accounts, third-parties, etc. which do not possess the necessary security keys/credentials allocated by the MNO to known subscribers.

Claim(s) 10, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Yang, and further in view of Park et al (PGPUB 2016/0021529), hereinafter Park 2.

Regarding Claims 10 and 17:
Gao in view of Yang teaches the method of claim 1 and the eUICC of claim 12.
Neither Gao nor Yang explicitly teaches wherein the eUICC performs the verification of the message within a security domain reserved for the MNO within the eUICC.
However, Park 2 teaches the concept wherein an eUICC performs a verification of a message within a security domain reserved for an MNO within the eUICC (paragraph 59-60, eUICC decodes the downloaded profile (first decoding) at step 508, performs the first decoding at step 509, and installs the profile in the MNO-SD area at step 510; meanwhile, the MNO-SD is owned as a security domain portion of the profile by the MNO and provides a secured channel with an OTA platform of the MNO; the MNO-SD is used to manage content of the profile when the profile is enabled; MNO modifies elementary files (EFs) in the MNO-SD area of the eUICC using the OTA key thereof; paragraph 55, Data fields in the SMS are authenticated and encrypted using a secure channel protocol which is used in OTA technology).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO security domain teachings of Park 2 with the eUICC profile package verification teachings of Gao in view of Yang, with the benefit of ensuring that a profile received from a particular MNO was securely processed in an environment provided and maintained by said MNO, thereby allowing controlled distribution of profile information according to a single entity, and protecting against unauthorized distribution of MNO data to other users, accounts, third-parties, etc.

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Yang, and further in view of Tomici et al (PGPUB 2017/0231020).

Regarding Claim 11:
Gao in view of Yang teaches the method of claim 1.
Neither Gao nor Yang explicitly teaches wherein the MNO does not have a trust relationship with the provisioning server.
However, Tomici teaches the concept wherein an MNO does not have a trust relationship with a provisioning server (paragraph 29, MNO enforces appropriate measures for operating in an untrusted network, such as IPsec security associations).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the MNO security in an untrusted network teachings of Tomici with the eUICC profile package verification teachings of Gao in view of Yang, in order to improve device accessibility and security by allowing operation in a wide variety of available networks while taking cryptographic security measures to protect data in transit and to account for any unknown threats in networks with no trust relationship to the server, such as using IPsec to protect the connection between a server and the user equipment, thereby improving the security environment.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491