TERMINAL PROFILE GENERATION

DETAILED ACTION 1. Claims 1-3, 5-12, 14-17, 19-20 are pending in this examination. Notice of Pre-AIA or AIA Status 2.1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2.2. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Allowable Subject Matter 3. Claims 8-9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 4. Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections - 35 USC § 103 5.1. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. 5.2. Claims 1-3, 10-12 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over China Patent Application No. CN103491097 to Zhaoli et al., (“Zhaol”) (IDS) in view of US Patent Application No. 20200351373 to Gupta et al (“Gupta”), and in view of US Patent Application No. 20190313241 to Ahmed et al (“Ahmed”). As per claim 1, Zhaoli discloses one or more non-transitory computer-readable media having instructions that, when executed by one or more processors of a system, cause the system to: receive a data file that defines a profile to be generated for a kernel to be utilized for data transfer (para 13, Receiver module, for receiving mechanism's certificate of authority and the register-file. A data file may refer to a file including register-file and certificate of authority); perform a validation procedure on the data file to determine validation of the profile for generation (para 14, Authentication module, be decrypted for the mechanism's certificate of authority to receiving, and the information after deciphering is verified); generate one or more keys for signing the (para. 15, subscriber authorization certificates constructing module, for when verifying, be encrypted register file, generates the subscriber authorization certificate. Para., 23 further discloses: The certificates constructing module generates the subscriber authorization certificate for encrypting string signB64 together with the RSA PKI". Para., 21 also states: The digital signature module, use the RSA private key to the computer hardware feature h in user's register-file to carry out digital signature, generate s0. Here, the signed register-file is seen as the profile to be generated. In addition, it is assumed that generating one or more keys is implicit as PKI technology is based one ore more pairs of public and/or private keys.). Furthermore, Zhaoli discloses in para., 17, The register-file acquisition module, for when the user uses software for the first time, obtain the register-file of the XML form. In other words, the register-file is supposed to have a specific XML format but does not explicitly disclose however in the same field of endeavor, Gupta discloses generate a binary file corresponding to the data file, the binary file to be utilized for the profile (para., 31-32, 37, profile extraction at 202 may include converting the one or more profiles in to a model that may be understood by the relevant downstream application. For example, in some embodiments, the extracted profiles may be converted into a designated defined DSL format that the application may understand, represented by DSL file 208 in FIG. 2. The DSL files 208 may be stored in DSL storage 206, which may be one or more of a file transfer protocol (FTP) server that may be at a centralized location, a binary repository manager or more general binary repository (e.g., file storage cluster), distributed version-control system (e.g., GIT), or other suitable storage solution. Metadata 210 about the extract may also be stored along with the respective DSL files 208. In some embodiments, the metadata 210 may include information such as a profile name, version, activation date, activation time, etc. also see fig.1 and associated texts). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhaoli with the teaching of Gupta by including the feature of binary, in order for Zhaoli’s system for managing client profile updates and overrides. In some embodiments, the disclosure may include a computer-implemented method including extracting profile information and converting the profile information into a readable file format. The method may include transforming the profile information into a database file, and updating a copy of the database file with profile changes. The method may include loading the updated profile database file to generate an updated profile, and activating the profile to reflect the updates or changes (Gupta, [0024]). Zhaoli and Gupta not explicitly disclose however, In the same field of endeavor, Ahmed discloses generate a certificate chain corresponding to the data file, the certificate chain comprising: one or more first certificates corresponding to a first profile manager; or one or more second certificates corresponding to a second profile manager; and sign the binary file with the certificate chain to produce the profile ([0054]-[0054] In scenarios where one subscription management entity 300 serves multiple MNOs 400a, 400b, the subscription management entity 300 generates MNO-specific subscription management certificates, which it signs with the certificate it has received from the CI 500. This creates a certificate chain, starting with the CI 500 and ending with the MNO-specific subscription management certificate. Now, when communicating with the eUICCs 260, the subscription management entity 300 uses the profile specific certificate (i.e., the MNO specific subscription management certificate for the MNO 400a, 400b that requested the profile to be created) towards the eUICC 260 so that the ISD-R 250 on the eUICC 260 can enforce operator lock-in. The MNO-specific subscription management certificate does not have to identify the operator; it is enough that the subscription management entity300 uses the same, MNO-specific, certificate for all profile downloads for the same MNO 400a, 400b). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhaoli with the teaching of Gupta/Ahmed by including the feature of a certificate chain, in order for Zhaoli’s system to providing efficient remote provision of devices. There is provided mechanisms for remote provision of a subscriber entity. The method is performed by the subscriber entity. A method comprises providing a request for download of a profile for remote provisioning of the subscriber entity to a subscription management entity. The method comprises verifying, using a profile handling unit of the subscriber entity, that the subscription management entity possesses a valid certificate for downloading the profile. The method comprises allowing download of the profile for remote provisioning of the subscriber entity only when the subscription management entity possesses the valid certificate (Ahmed, abstract). As per claim 2, the combination of Zhaoli, Gupta and Ahmed discloses the one or more non-transitory computer-readable media of claim 1, wherein to perform the validation procedure comprises to: perform a first set of validations on the data file; generate an intermediate file based at least in part on the data file, the intermediate file being a different format from the data file; and perform a second set of validations on the intermediate file (Gupta, para., 31-32, 52, 37). Additionally, discloses in para., 17 states: The register-file acquisition module... includes computer hardware feature, user profile, software version information. A skilled person would thus consider verifying whether values provided by hardware and software features or user information are correct. The motivation regarding the obviousness of claim 1 is also applied to claim 2. As per claim 3, the combination of Zhaoli, Gupta and Ahmed disclose the one or more non-transitory computer-readable media of claim 1, wherein to perform the validation procedure comprises to: validate formats of one or more entries within the data file; validate one or more values within the data file; and validate interdependencies between the one or more values within the data file (Gupta, para., 31-32, 52, 37). Additionally, Zhaoli discloses in para., 17 states: The register-file acquisition module... includes computer hardware feature, user profile, software version information. A skilled person would thus consider verifying whether values provided by hardware and software features or user information are correct. The motivation regarding the obviousness of claim 1 is also applied to claim 3. Claims 10-12 and 17 are rejected for similar reasons as stated above. 5.3. Claims 5, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Zhaoli, Gupta and Ahmed as applied to claim above, and in view of Canada Patent Application No. CA 2785430 to Himawan et al (“Himawan”) (IDS). As per claim 5, the combination of Zhaoli and Gupta discloses the invention as described above including the digital signature module, use the RSA private key to the computer hardware feature h in user's register-file to carry out digital signature, generate s0. The digital certificate may thus be used sign the register-file (Zhaoli, para., 21). Gupta discloses a binary file (para., 31-32, 37,), furthermore, Ahmed discloses file is signed with the certificate chain by the first profile manager or the second profile manager profiles ([0054]-[0055]), It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhaoli with the teaching of Gupta/Ahmed by including the feature of a certificate chain, in order for Zhaoli’s system to providing efficient remote provision of devices. There is provided mechanisms for remote provision of a subscriber entity. The method is performed by the subscriber entity. A method comprises providing a request for download of a profile for remote provisioning of the subscriber entity to a subscription management entity. The method comprises verifying, using a profile handling unit of the subscriber entity, that the subscription management entity possesses a valid certificate for downloading the profile. The method comprises allowing download of the profile for remote provisioning of the subscriber entity only when the subscription management entity possesses the valid certificate (Ahmed, abstract). Zhaoli and Gupta and Ahmed not explicitly disclose however, in the same field of endeavor, Himawan discloses the one or more non-transitory computer-readable media of claim 1, wherein the one or more keys are generated by the first profile manager or the second profile manager of the system, and wherein to sign the binary file comprises to: generate, by the first profile manager or the second profile manager, a certificate signing request (CSR) with a public key of the one or more keys; provide, by the first profile manager or the second profile manager to a public key infrastructure (PKI) of the system, the CSR, wherein the certificate chain is generated by the PKI based at least in part on the CSR, and wherein the binary file is signed (Himawan, para., 13 discloses: The subscriber unit then generates a certificate signing request. A certificate signing request is a message from the subscriber unit to a trusted third party, such as a public key infrastructure (PKI) service provider, to apply for a digital subscriber unit certificate, also known as an identity certificate. The subscriber unit certificate can be used by a party to cryptographically verify the identity of the subscriber unit. Additionally, Zhaoli in para., 21 states: the digital signature module, use the RSA private key to the computer hardware feature h in user's register-file to carry out digital signature, generate s0. The digital certificate may thus be used sign the register-file). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhaoli with the teaching of Gupta/ Ahmed /Himawan by including the feature of certificate, in order for Zhaoli’s system to enable remote, secure, self-provisioning of a subscriber unit includes, a security provisioning server (130): receiving, from a subscriber unit, a certificate signing request having subscriber unit configuration trigger data; generating (428) provisioning data for the subscriber unit using the subscriber unit configuration trigger data; and in response to the certificate signing request, providing to the subscriber unit the provisioning data and a subscriber unit certificate having authorization attributes associated with the provisioning data, to enable the self-provisioning of the subscriber unit. The advantages of the present disclosure will be appreciated by those skilled in the art. A new subscriber unit can be securely provisioned remotely, without having to be in physical contact with or adjacent to the provisioning server and can maintain efficient and cost-effective key management. (Himawan, abstract, [0057]). Claims 13 and 19 are rejected for similar reasons as stated above. 5.4. Claims 6-7, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zhaoli, Gupta, and Ahmed as applied to claim above, and in view of US Patent Application No. 20200374686 to Zhang et al (“Zhang”). As per claim 6, the combination of Zhaoli, Gupta and Ahmed disclose the invention as described above. Zhaoli, Gupta and Ahmed not explicitly disclose however, In the same field of endeavor, Zhang discloses the one or more non-transitory computer-readable media of claim 1, wherein the binary file comprises a TEST binary file, wherein the profile comprises a TEST version profile, and wherein the instructions, when executed by the one or more processors of the system, further cause the system to: store the TEST version profile in a TEST database of the system, the TEST database of the system to provide limited access to the TEST version profile; receive an indication to promote the TEST version profile to a production (PROD) version profile; generate the PROD version profile based at least in part on the indication to promote the TEST version profile; and store the PROD version profile in a PROD database of the system, the PROD database of the system to provide expanded access to the PROD version profile, the expanded access to allow more terminals to access the PROD version profile than can access the TEST version profile (Zhang , para., 17, for example, discloses: "an operating system of the eUICC needs to be updated, receiving, by a profile server, a profile obtaining request sent by a local profile assistant LPA, where the profile obtaining request includes an eUICC identifier, a profile identifier... generating, by the profile server, a second profile based on the profile obtaining request; and sending, by the profile server, the second profile to the LPA... The profile server determines, by using the operating system update flag, that a profile is generated, so that after completing upgrade of the operating system of the eUICC, a user can normally use an operator service without configuring a profile again, thereby simplifying a configuration process of the profile". In other words, a first profile, identifiable by a profile identifier, may be promoted or upgraded to a second profile without the need to generate a new profile. The first and second profiles may be seen as a test and production version profiles, respectively. In addition, storing the profile in a database is an implicit feature in order to keep profile information available for a later use.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhaoli with the teaching of Gupta/ Zhang by including the feature of (PROD) version profile, in order for Zhaoli’s system to a second aspect, an embedded universal integrated circuit card eUICC profile management method is provided. The method includes: when an operating system of the eUICC needs to be updated, receiving, by a profile server, a profile obtaining request sent by a local profile assistant LPA, where the profile obtaining request includes an eUICC identifier, a profile identifier, and an operating system update flag, and the operating system update flag is used to identify that the eUICC is in an update status; generating, by the profile server, a second profile based on the profile obtaining request; and sending, by the profile server, the second profile to the LPA. The LPA sets the operating system update flag, and obtains and stores metadata of a first profile. The profile server determines, by using the operating system update flag, that a profile is generated, so that after completing upgrade of the operating system of the eUICC, a user can normally use an operator service without configuring a profile again, thereby simplifying a configuration process of the profile Zhang, [0017]). As per claim 7, the combination of Zhaoli, Gupta, Ahmed and Zhang discloses the one or more non-transitory computer-readable media of claim 6, wherein the one or more keys comprises a first set of one or more keys, and wherein to generate the PROD version profile comprises to: generate a PROD binary file corresponding to the data file, the PROD binary file to be utilized for the PROD version profile; generate a second set of one or more keys for signing the PROD binary file; and sign the PROD binary file with the second set of one or more keys to produce the PROD version profile (The features of claim 7 are similar to those in claim 1. The subject matter of claim 7 refers to a PROD profile rather than a profile,); the combination of Zhaoli and Gupta but does not explicitly disclose however in the same field of endeavor, Zhang discloses Zhang discloses PROD, (para., 17, for example, discloses: "an operating system of the eUICC needs to be updated, receiving, by a profile server, a profile obtaining request sent by a local profile assistant LPA, where the profile obtaining request includes an eUICC identifier, a profile identifier... generating, by the profile server, a second profile based on the profile obtaining request; and sending, by the profile server, the second profile to the LPA... The profile server determines, by using the operating system update flag, that a profile is generated, so that after completing upgrade of the operating system of the eUICC, a user can normally use an operator service without configuring a profile again, thereby simplifying a configuration process of the profile". In other words, a first profile, identifiable by a profile identifier, may be promoted or upgraded to a second profile without the need to generate a new profile. The first and second profiles may be seen as a test and production version profiles, respectively. In addition, storing the profile in a database is an implicit feature in order to keep profile information available for a later use). Claims 15-16 and 20 are rejected for similar reasons as stated above. 6.1. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892). 6.2. a). US Patent No. 11461451 issued to Chen et al., discloses are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application. b). US Patent No. 8856527 issued to Schwengler et al., discloses a graphical user interface can be provided for creating a digital certificate profile for a digital certificate. In one embodiment, a security metric is determined using a first subset certificate profile attributes selected by a user, and a usability metric is determined using a second subset of certificate profile attributes. Graphical representations of the security metric and a graphical representation of the usability metric can then be provided the graphical user interface. In one embodiment, the first subset of certificate profile attributes is the same as the second subset. Conclusion 7. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. HARUNUR . RASHID Primary Examiner Art Unit 2497 /HARUNUR RASHID/Primary Examiner, Art Unit 2497