Office Action Predictor
Application No. 18/313,813

SECURE STORAGE AND PROCESSING OF SIM DATA

Final Rejection §103
Filed
May 08, 2023
Examiner
WRIGHT, BRYAN F
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Apple INC.
OA Round
2 (Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
3y 4m
To Grant
98%
With Interview

Examiner Intelligence

78%
Career Allow Rate
629 granted / 805 resolved
Without
With
+20.4%
Interview Lift
avg trend
3y 4m
Avg Prosecution
26 pending
831
Total Applications
career history

Statute-Specific Performance

§101
12.1%
-27.9% vs TC avg
§103
53.8%
+13.8% vs TC avg
§102
8.6%
-31.4% vs TC avg
§112
10.2%
-29.8% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. FINAL ACTION This action is in response to applicant’s claim amendment(s) submitted made on 07/07/2025. Claims 1, 2, 5, 7, 10, 11, 14 and 16 are amended. Claims 19 and 20 are cancelled. Claims 21 and 22 are new. Claims 1-18, 21 and 22 are pending. Response to Arguments Examiner’s Remarks - Specification (Title) The examiner withdraws the objection in view of applicant’s title amendment. Examiner’s Remarks -35 USC § 103 – Claims 1 and 10 The examiner notes that the applicant has amended independent claims 1 and 10 to include the feature(s) of, “providing to the secure element the first part of the encrypted sensitive user data to store in the secure element of the wireless device”. In view of the claim amendment(s), the examiner introduces the teachings of prior art reference Bajikar et al. (US Patent Publication No. 2005/0108171) to the record. The examiner contends that Bajikar teaches storing SIM data in different device components. See rejection below. Examiner’s Remarks -35 USC § 103 – Claims 2-9 and 11-18 Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections. Examiner’s Remarks -35 USC § 103 – Claims 21 and 22 The examiner notes that applicant’s newly added independent claim 21 recites similar feature(s) to applicant’s independent claim 1 and is therefore rejected under the same prior art. See 103 rejection below. The examiner notes that applicant’s newly added dependent claim 22 recites similar feature(s) to applicant’s independent claim 2 and is therefore rejected under the same prior art. See 103 rejection below. Claim Objections Claim 5 are objected to because of the following informalities: “padding, one or more…”. The examiner believes that the claim should recite, “padding, by one or more…”). Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3, 8, 10-12, 17, 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Dutta et al. (US Patent Publication No. 2023/0328505 and Dutta hereinafter) in view of Yang et al. (US Patent Publication No. 2021/0314148) and further in view of Bajikar et al. (US Patent Publication No. 2005/0108171 and Bajikar hereinafter). As to claims 1, 10, and 21, Dutta teaches a method for securing subscriber identity module (SIM) data on a wireless device, the method comprising: by the wireless device (i.e., …illustrates a mobile device in figure 1): by one or more components of the wireless device external to a secure element of the wireless device (i.e., … illustrates a wireless device with a secure element and components external to the secure element of the wireless device), obtaining unencrypted sensitive user data for storage in a secure element of the wireless device (i.e., …teaches in par. 0045 the following: “storing data and other private/sensitive information”). The system of DUTTA does not expressly teach: encrypting the unencrypted sensitive user data with a symmetric key security algorithm to form encrypted sensitive user data; dividing the encrypted sensitive user data into a first part and a second part; and storing the second part of the encrypted sensitive user data in a non-volatile memory (NVM) of the wireless device external to the secure element. In this instance the examiner notes the teachings of prior art reference Yang. With regards to applicant’s claim limitation element of, “encrypting the unencrypted sensitive user data with a symmetric key security algorithm to form encrypted sensitive user data”, teaches in par. 0027 the following: “each encrypted with the same symmetric key K.sub.s or with distinct symmetric keys.”. With regards to applicant’s claim limitation element of, “dividing the encrypted sensitive user data into a first part and a second part”, teaches in par. 0028 the following: “eSIM data divided into two (as shown) or more (not shown) portions”. With regards to applicant’s claim limitation element of, “and storing the second part of the encrypted sensitive user data in a non-volatile memory (NVM) of the wireless device external to the secure element”, Yang teaches in par. 0024 the following: “all or portions of the BPP, e.g., sensitive eSIM data, are installed in one or more dedicated security domains within the eUICC 108, e.g., within a profile issuer security domain (ISD-P) for the MNO associated with the eSIM 208, and are inaccessible to the eUICC OS 206 of the eUICC 108 to protect the sensitive eSIM data from tampering. In some embodiments, less sensitive eSIM data and/or encrypted sensitive eSIM data are stored in a security domain associated with the eUICC OS 206, e.g., within a root issuer security domain (ISD-R), and are accessible to the eUICC OS 206 of the eUICC 108. In some embodiments, KEK1 is stored securely on the eUICC 108, e.g., within an ISD-P. In some embodiments, the BPP or portions thereof are stored securely on the eUICC 108, e.g., within an ISD-P.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA with the teachings of Yang by having their system comprise an enhanced data storage process. One would have been motivated to do so to provide a simple and effective means to control access to specific data, wherein the enhanced data storage process helps facilitate data integrity within the device and makes it easier to store data. The system of DUTTA and Yang does not expressly teach: providing to the secure element the first part of the encrypted sensitive user data to store in the secure element of the wireless device. In this instance the examiner notes the teachings of prior art reference Bajikar. Bajikar teaches in par. 0060 the following: “protected storage may be provided for SIM secret data objects and/or other information when they are not in use. For one embodiment, SIM data objects 198 are stored in an encrypted format on the hard drive 184 or any other storage media or other non-volatile memory.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA and Yang with the teachings of Bajikar by having their system comprise an enhanced user data protection process. One would have been motivated to do so to provide a simple and effective means to secure user data, wherein the enhanced user data protection process helps facilitate data security within the device and makes it easier to maintain user data. As to claims 2, 11 and 22, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically DUTTA teaches a method of claim 1, further comprising: by the one or more components of the wireless device external to the secure element of the wireless device (i.e., … illustrates a wireless device with a secure element and components external to the secure element of the wireless device): determining a requirement to communicate the unencrypted sensitive user data to a cellular wireless network (i.e., teaches in par. 0060 the following: “an API list defined to assign APIs may contain auto SMS sending, secure communication”. Teaches in par. 0102 the following: “The network device and the access device may then communicate with the cloud server using the network ID and the unique key generated for each device.”. …teaches in par. 0005 the following: “devices can communicate and interact over the communication networks,”. …teaches in par. 0007 the following: “distinct kinds of communication can be primarily classified as command-response type. Some of the command-response are defined and specific (as per ETSI GSM and 3GPP specifications) whereas others as admissible are custom or telecom service operator specific”.). and communicating, to the cellular wireless network, the decrypted sensitive user data (i.e., teaches in par. 0060 the following: “an API list defined to assign APIs may contain auto SMS sending, secure communication”. Teaches in par. 0102 the following: “The network device and the access device may then communicate with the cloud server using the network ID and the unique key generated for each device.”. …teaches in par. 0005 the following: “devices can communicate and interact over the communication networks,”. …teaches in par. 0007 the following: “distinct kinds of communication can be primarily classified as command-response type. Some of the command-response are defined and specific (as per ETSI GSM and 3GPP specifications) whereas others as admissible are custom or telecom service operator specific”.). Dutta does not expressly teach: retrieving, from the secure element, the first part of the encrypted sensitive user data; decrypting the first and second parts of the encrypted sensitive user data using the symmetric key security algorithm to obtain decrypted sensitive user data. In this instance the examiner notes the teachings of prior art reference Yang. With regards to applicant’s claim limitation element of, “retrieving, from the secure element, the first part of the encrypted sensitive user data”, teaches in par. 0027 the following: “For transfer (export) of the eSIM 208 to another mobile wireless device 102, e.g., to a target device eUICC 108-2, the source device eUICC 108-1 can establish an eSIM transfer session with the target device eUICC 108-2, exchange ephemeral keys, derive a second key encryption key KEK2, re-encrypt the symmetric key K.sub.s with KEK2, and generate the new BPP header 610 as described previously for FIGS. 5 and 6. With partial eSIM rewrapping, however, an up-to-date eSIM profile 710 in an SMA ASN.1 format can be generated by the source device eUICC 108-1 based on the installed eSIM profile 708, which can include over-the-air (OTA) updates from an MNO 114 associated with the eSIM 208 and/or user customizations that occurred after initial installation of the eSIM profile 708.”. With regards to applicant’s claim limitation element of, “decrypting the first and second parts of the encrypted sensitive user data using the symmetric key security algorithm to obtain decrypted sensitive user data”, …teaches in par. 0024 the following: “the eUICC 108 derives KEK1=KDF(EDCH(PK.sub.server, SK.sub.eUICC)). At 418, the eUICC 108 of the mobile wireless device 102 uses KEK1 to decrypt K.sub.s, and subsequently at 420, the eUICC 108 uses the decrypted K.sub.s to decrypt the eSIM 208.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA with the teachings of Yang by having their system comprise an enhanced data storage process. One would have been motivated to do so to provide a simple and effective means to control access to specific data, wherein the enhanced data storage process helps facilitate data integrity within the device and makes it easier to store data. The system of DUTTA and Yang does not expressly teach: retrieving, from the NVM external to the secure element, the second part of the encrypted sensitive user data. In this instance the examiner notes the teachings of prior art reference Bajikar. Bajikar teaches in par. 0060 the following: “protected storage may be provided for SIM secret data objects and/or other information when they are not in use. For one embodiment, SIM data objects 198 are stored in an encrypted format on the hard drive 184 or any other storage media or other non-volatile memory.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA and Yang with the teachings of Bajikar by having their system comprise an enhanced user data protection process. One would have been motivated to do so to provide a simple and effective means to secure user data, wherein the enhanced user data protection process helps facilitate data security within the device and makes it easier to maintain user data. As to claims 3 and 12, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically DUTTA teaches a method of claim 1, wherein the unencrypted sensitive user data comprises a value for an elementary file (EF) associated with a SIM stored on a universal integrated circuit card (UICC) or an electronic SIM (eSIM) stored on an embedded UICC (eUICC) (i.e., …teaches in par. 0006 the following: “and USIM application may contain elementary files a”). As to claims 8 and 17, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically DUTTA teaches a method of claim 1, wherein the unencrypted sensitive user data comprises a location information (LOCI) value obtained from a cellular wireless network (I.e., …teaches in par. 0006 the following: “location parameters such as EFLOCI (Location Information), EFPSLOCI (PS Location Information), EFEPSLOCI (PS Location Information)”). Claim(s) 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Dutta and Yang in view of Bajikar as applied to claims 1 and 10 above and further in view of Frost et al. (US Patent Publication No. 2012/0166715 and Frost hereinafter). As to claims 4 and 13, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically neither DUTTA nor Yang teaches a method of claim 1, wherein a length of the first part of the encrypted sensitive user data equals a length of the unencrypted sensitive user data. In this instance the examiner notes the teachings of prior art reference Frost. Frost teaches as part of his claim 7 limitations the following: “… the encrypted data pages are equal in length to unencrypted data pages”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA, Yang and Bajikar with the teachings of Frost by having their system comprise an enhanced data memory storage process. One would have been motivated to do so to provide a simple and effective means to store data, wherein the enhanced data memory storage process helps facilitate efficient storage of data in memory and makes it easier to protect data. Claim(s) 5, 6, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Dutta and Yang in view of Bajikar as applied to claims 1 and 10 above and further in view of Gray et al. (US Patent Publication No. 2021/0367771 and Gray hereinafter). As to claims 5 and 14, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically neither reference expressly teaches a method of claim 1, further comprising: padding, one or more components of the wireless device, external to the secure element of the wireless device, the unencrypted sensitive user data to an encryption length associated with the symmetric key security algorithm. In this instance the examiner notes the teachings of prior art reference Gray. Gray teaches in par. 0061 the following: “The process 400 begins with the padding function 110 applying a padding scheme to a plaintext message. This is illustrated at step 410. The plaintext message can be a message a client/sending party wishes to transmit to a server/receiving party. The padding function 110 can apply a variety of different padding schemes onto the plaintext message. For example, the padding function 110 can apply OAEP to the plaintext message or the padding function can append random data to the plaintext message such that size of the plaintext message is adjusted to a predetermined size. To prepare the plaintext message for symmetric-key encryption, the length of the plaintext message must be a multiple of a predetermined block-size (e.g., 128 bytes, 256 bytes). The plaintext message may require padding to bring the length of the message in line with the block size.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA, Yang and Bajikar with the teachings of Gray by having their system comprise an enhanced data transformation process. One would have been motivated to do so to provide a simple and effective means to ensure data integrity, wherein the enhanced data transformation process helps facilitate data security and makes it easier to store data. As to claims 6 and 15, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically neither reference expressly teaches a method of claim 1, wherein the symmetric key security algorithm comprises an advanced encryption standard (AES) algorithm using a 128-bit initialization vector and a 256-bit symmetric key. In this instance the examiner notes the teachings of prior art reference Gray. Gray teaches in par. 0061 the following: “The process 400 begins with the padding function 110 applying a padding scheme to a plaintext message. This is illustrated at step 410. The plaintext message can be a message a client/sending party wishes to transmit to a server/receiving party. The padding function 110 can apply a variety of different padding schemes onto the plaintext message. For example, the padding function 110 can apply OAEP to the plaintext message or the padding function can append random data to the plaintext message such that size of the plaintext message is adjusted to a predetermined size. To prepare the plaintext message for symmetric-key encryption, the length of the plaintext message must be a multiple of a predetermined block-size (e.g., 128 bytes, 256 bytes). The plaintext message may require padding to bring the length of the message in line with the block size.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA, Yang and Bajikar with the teachings of Gray by having their system comprise an enhanced data transformation process. One would have been motivated to do so to provide a simple and effective means to ensure data integrity, wherein the enhanced data transformation process helps facilitate data security and makes it easier to store data. Claim(s) 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Dutta and Yang in view of Bajikar as applied to claims 1 and 10 above and further in view of CHRISTOPHER K (WO-2021257664-A1). As to claims 7 and 16, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically neither reference expressly teaches a method of claim 1, wherein a symmetric key of the symmetric key security algorithm is stored in a secure NVM of the wireless device at a time of manufacture. In this instance the examiner notes the teachings of prior art reference Christopher. Christopher teaches in par. 0031 the following: “device cryptographic keys including private keys 136 or shared-secret cryptographic keys that are unique to each instance of the medical device 124 and are stored in the memory 132 at time of manufacture”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA, Yang and Bajikar with the teachings of Christopher by having their system comprise an enhanced cryptographic key storage process. One would have been motivated to do so to provide a simple and effective means to ensure cryptographic key integrity, wherein the enhanced cryptographic key storage process helps facilitate key security and makes it easier to provide cryptographic capability. Claim(s) 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Dutta and Yang in view of Bajikar as applied to claims 1 and 10 above and further in view of Fong et al. (US Patent Publication No. 2019/0349760 and Fong hereinafter). As to claims 9 and 18, the system of DUTTA, Yang and Bajikar as applied to claim 1 above teaches SIM technology, specifically neither reference expressly teaches a method of claim 1, wherein the unencrypted sensitive user data comprises a non-access stratum (NAS) count value maintained by the wireless device. In this instance the examiner notes the teachings of prior art reference Fong. Fong teaches as part of their claim 19 limitation(s) the following: “non-access stratum (NAS) count”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of DUTTA, Yang and Bajikar with the teachings of Fong by having their system comprise an enhanced cryptographic key storage process. One would have been motivated to do so to provide a simple and effective means to ensure cryptographic key integrity, wherein the enhanced cryptographic key storage process helps facilitate key security and makes it easier to provide cryptographic capability. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRYAN F WRIGHT/Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

May 08, 2023
Application Filed
Feb 22, 2025
Non-Final Rejection — §103
Jul 07, 2025
Response Filed
Oct 01, 2025
Final Rejection — §103
Apr 03, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12598234
DRONE ELECTRONIC MESH FOR ONLINE NETWORK SERVICES (DEMONS) IMPLEMENTING CRYPTOGRAPHIC OPERATIONS
2y 5m to grant Granted Apr 07, 2026
Patent 12591675
METHODS AND SYSTEMS FOR SECURING COMPUTER SYSTEMS OR NETWORKS AGAINST SUSPECT BINARY FILES
2y 5m to grant Granted Mar 31, 2026
Patent 12587506
INTELLIGENT ROUTING AND REDIRECTION TECHNIQUES FOR OPTIMAL SECURE ACCESS TO RESOURCES
2y 5m to grant Granted Mar 24, 2026
Patent 12579271
CROSS-ARCHITECTURE AUTOMATIC DETECTION METHOD AND SYSTEM FOR THIRD-PARTY COMPONENTS AND SECURITY RISKS RELATED TO FIRMWARE IN INTERNET OF THINGS DEVICES THEREOF
2y 5m to grant Granted Mar 17, 2026
Patent 12580747
COMMUNICATION SYSTEM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT
2y 5m to grant Granted Mar 17, 2026

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
98%
With Interview (+20.4%)
3y 4m
Median Time to Grant
Moderate
PTA Risk
Based on 805 resolved cases by this examiner