PERSONALIZATION OF A SECURITY APPLET ON A MOBILE TERMINAL

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/16/2026 has been entered. Specification The abstract of the disclosure is objected to because it has more than 150 words. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1,6-9,14,17,20,23-24,26,29, and 32-35are rejected under 35 U.S.C. 103 as being unpatentable over Kasabwala et al US 10,630,663 in view of Labrou et al US 2006/0206709 and Kim US 2022/0386118 and Spector et al US 11,836,710. As per claim 1, Kasabwala discloses a method for personalizing a security applet installed on a first security element of a mobile terminal, using a first ID token and a personalization server, wherein an ID application program is installed on the mobile terminal, to which the security applet is assigned, wherein first attributes of a user are stored in the first ID token, wherein the personalization comprises: establishing an encrypted communication channel between the mobile terminal and the personalization server via a network (col 5, lines 66-67 client device 200 that may access the security platform 120 via a secure collaboration app 224..i.e. a security applet, col 6, lines 15-18 app 224 may be a secure collaboration app that provides users with the ability to participate in secure telecommunications, i.e. an encrypted communication channel, share encrypted content, and exchange encrypted communications), wherein the ID application program is used to establish the encrypted communication channel (col 6, lines 30-35 communications transmitted and received by the secure collaboration app,, i.e. secure applet, including a message identifier, a hash of the sender's username, a hash of the sender's appID i.e. the ID application program,, , a hash of the receiver's username, a hash of the receiver's appID, the message encryption key), establishing a first encrypted subchannel between the first ID token and the personalization server within the encrypted communication channel via the mobile terminal (col 7, lines 32-38 To configure, i.e. establishing, the secure telecommunication, the initiating client's secure collaboration app, i.e. the secure applet, generates a meeting identifier , i.e. first ID token, by hashing at least one property associated with the secure telecommunication. The at least one property may include the number of participants in the call, the date and time the call started, or information identifying the initiating client (e.g., username, deviceID, appID, etc., i.e. first ID token) ), wherein the ID application program is used to establish the first encrypted subchannel ( col 3, lines 67-67 Security platform 120 may facilitate the exchange of communications and control messages via control channel 170. col 4, lines 17-21 control channel 170. Control channel 170 may be an encrypted communication channel ,), reading out one or more of the first attributes from the first ID token by the personalization server via the first encrypted subchannel within the encrypted communication channel ( col 5, lines 24-27 client devices 210, 220, may make use of the security platform 120 and the techniques described herein via a secure collaboration app and wherein the security platform 120 hold the app ID and Device ID etc., i.e. first ID token wherein the client devices reads the App ID by the pool of ECDH public component from the security platform 120 using the control channel 170 and col 8, lines 34-26 initiating client's secure collaboration app obtaining, i.e. reading, the one or more receivers' public information, i.e. first attributes, from the security platform. each receiver's public information may include at least one of the receiver's app ID, user-level signing public key, signed app-level signing public key, a signed ephemeral ECDH public component, an identifier of the ephemeral ECDH public component, and the receiver's device key. In preferred embodiments, the security platform randomly selects one of the signed ephemeral ECDH public components from a pool of public components and the communicated with the initiating client's secure collaboration app with the encrypted control channel 170, i.e. the first encrypted channel ), establishing a second encrypted subchannel between the security applet of the first security element and the personalization server within the encrypted communication channel ( col 4, lines 17-21 Communication channel 180, i.e. a second encrypted subchannel, differs from control channel 170 in that it is primarily used to exchange encrypted files, documents, and telecommunication data ), wherein the ID application program is used to establish the second encrypted subchannel (col 8, lines 5-12 the initiating client's secure collaboration , i.e. ID application program, device encrypts communication data via a symmetric encryption algorithm and the first meeting key. In block 360, the encrypted communication data is transmitted to one or more receivers via a communication channel 180. In block 360, the encrypted communication data is transmitted to one or more receivers via a communication channel, i.e. second encrypted subchannel ), receiving, by the security applet of the first security element, the read-out first attributes from the personalization server (col 9, lines 19-21 the initiating client's secure collaboration app generates the first encryption key by applying multiple rounds of a hash function to a second set of pseudorandom bytes, i.e. first attributes, col 9, lines 41-49 the initiating client's secure collaboration app encrypts the first encryption key, again using the receiver's device key, i.e. i.e. attribute of key, obtained from the security platform with the receiver's public information. Encrypting the first encryption key with an ephemeral component generated by the receiver's app and the device key provides a twice-encrypted first encryption key that effectively binds the message to the receiver's secure collaboration app and device wherein the secure collaboration app,i.e. applet, obtain the key, i.e. device key, from the secure platform 120 to establishing secure telecommunications, i.e. an encrypted communication channel, via the communication channel 180, i.e. the second encrypted subchannel with the communication server 150 within the control channel 170, i.e. the first communication), storing the received first attributes by the security applet ( col 9, lines 55-57 each instance of the secure collaboration apps storing as obtained obtain the key, i.e. device key from the secure platform 120, will receive a twice-encrypted first encryption key of the random that is unique to that instantiation of the secure collaboration app. ), wherein the ID application program is configured to use the first attributes to prove an identity of the user to another computer system ( col 9,lines 57-61 each instance of the secure collaboration apps i.e. the initiating client's secure collaboration , i.e. ID application program, will only be able to decrypt the twice-encrypted first encryption key that has been encrypted with the unique device key and ephemeral public component associated with that device. The associated with that device that provides the identify of the user of the another computer system ). Kasabwala does not explicitly disclose the ID application program; the second encrypted subchannel within the encrypted communication channel, wherein a second ID token is further used for the personalisation, wherein the personalisation further comprises,establishing a third encrypted subchannel between the second ID token and the personalisation server within the encrypted communication channel via the mobile terminal, wherein the ID application program is used to establish the third encrypted subchannel, reading out one or more of second attributes from the second ID token by the personalisation server via the third encrypted subchannel within the encrypted communication channel,establishing a fourth encrypted subchannel between the security applet of the first security element and the personalisation server within the encrypted communication channel, wherein the ID application program is used to establish the fourth encrypted subchannel,receiving the read-out second attributes by the security applet of the first security element from the personalisation server via the fourth encrypted subchannel within the encrypted communication channel, andstoring the received second attributes by the security applet, wherein the ID application program is configured to use the second attributes to prove an identity of the user to another computer system. However, Labrou discloses the ID application program(0036] In FIG. 2, a UPTF based mobile authentication service system architecture comprises a user 102 operating a UPTF device (also referred to as Universal Pervasive Transaction Device--UPTD), such as a mobile phone 104 loaded with a mobile identification (ID) application or mobile authentication service software 108 (hereinafter referred to as mobile ID application that can be implemented in software and/or computing hardware), a provider 106 operating another UPTF based device 205, a Secure Transaction Server (STS) 120, and 0037 the mobile device authenticator 104 mobile ID application 108 is based on a general framework, called the Universal Pervasive Transaction Framework (UPTF), a generic architecture and a new security protocol for conducting secure multi-party agreements, using mobile devices over a wireless transport network. The framework is designed to address several key aspects specific to the envisioned pervasive communication, including wireless, environments). Kasabwala and Labrou are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. The combination fails to disclose the second encrypted subchannel within the encrypted communication channel, wherein a second ID token is further used for the personalisation, wherein the personalisation further comprises,establishing a third encrypted subchannel between the second ID token and the personalisation server within the encrypted communication channel via the mobile terminal, wherein the ID application program is used to establish the third encrypted subchannel, reading out one or more of second attributes from the second ID token by the personalisation server via the third encrypted subchannel within the encrypted communication channel,establishing a fourth encrypted subchannel between the security applet of the first security element and the personalisation server within the encrypted communication channel, wherein the ID application program is used to establish the fourth encrypted subchannel,receiving the read-out second attributes by the security applet of the first security element from the personalisation server via the fourth encrypted subchannel within the encrypted communication channel, andstoring the received second attributes by the security applet, wherein the ID application program is configured to use the second attributes to prove an identity of the user to another computer system. However, Kim discloses the second encrypted subchannel within the encrypted communication channel (fig.2, 0017 a second communication channel that uses a second protocol from the first terminal, acquiring, by the second terminal, a first secret key by inputting a public key of the first terminal and a private key of the second terminal into a key exchange function, wherein the public key of the first terminal is stored in the second terminal in advance, initiating, by the second terminal, ranging to establish the second communication channel, establishing, by the second terminal, a connection with the first terminal through the second communication channel; and receiving data protected using the first secret key through the second communication channel. And 0050 0050] The UWB applet 102 running in the first terminal 10 may be a component for providing a UWB communication function to the application 101 of the first terminal 10. The UWB applet 102 may be executed in the security area (secure element) of the first terminal 10, but the present disclosure is not limited thereto. The UWB applet 102 may include a FiRa applet and a SUS applet. The UWB applet 102 may generate and manage the IDs of a session and a sub-session for UWB communication with a counterpart terminal, a key pair for the session and the sub-session, , i.e. sub-channel ), Kasabwala and Labrou and Kim are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. The combination fails to disclose wherein a second ID token is further used for the personalisation, wherein the personalisation further comprises,establishing a third encrypted subchannel between the second ID token and the personalisation server within the encrypted communication channel via the mobile terminal, wherein the ID application program is used to establish the third encrypted subchannel, reading out one or more of second attributes from the second ID token by the personalisation server via the third encrypted subchannel within the encrypted communication channel,establishing a fourth encrypted subchannel between the security applet of the first security element and the personalisation server within the encrypted communication channel, wherein the ID application program is used to establish the fourth encrypted subchannel,receiving the read-out second attributes by the security applet of the first security element from the personalisation server via the fourth encrypted subchannel within the encrypted communication channel, andstoring the received second attributes by the security applet, wherein the ID application program is configured to use the second attributes to prove an identity of the user to another computer system. However, Spector discloses wherein a second ID token is further used for the personalisation, wherein the personalisation further comprises,establishing a third encrypted subchannel between the second ID token and the personalisation server within the encrypted communication channel via the mobile terminal, wherein the ID application program is used to establish the third encrypted subchannel,U.S. Application No. 18/556,448 reading out one or more of second attributes from the second ID token by the personalisation server via the third encrypted subchannel within the encrypted communication channel,establishing a fourth encrypted subchannel between the security applet of the first security element and the personalisation server within the encrypted communication channel, wherein the ID application program is used to establish the fourth encrypted subchannel,receiving the read-out second attributes by the security applet of the first security element from the personalisation server via the fourth encrypted subchannel within the encrypted communication channel, andstoring the received second attributes by the security applet, wherein the ID application program is configured to use the second attributes to prove an identity of the user to another computer system( col 3, lines 5-45 (1) receiving, at a payment service, authentication information for a customer and an identification of an account to provision; (2) a payment service computer processor communicating a provisioning request to a token provisioning service provider for the account; (3) the payment service provider receiving, from the token provisioning service provider, a first token for open-loop transactions, and a second token for closed-loop transactions; and (4) the payment service causing a single financial instrument to be displayed for the first token and the second token in a payment application executed by a mobile electronic device.). Kasabwala and Labrou and Kim and Spector are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim, including the teaching of Spector and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. As per claim 6. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein the personalisation further comprises: generating an asymmetric cryptographic key pair associated with the ID application program by the security applet of the first security element comprising a private cryptographic key and a public cryptographic key of the ID application program, wherein the asymmetric key pair is used to authenticate the ID application program in the course of using the first attributes(par 0016 establishing, by a second terminal, a connection with a first terminal through a first communication channel that uses a first protocol, receiving, by the second terminal, a first message including a public key of the first terminal from the first terminal through the first communication channel, storing, by the second terminal, the public key of the first terminal, transmitting, by the second terminal, a second message including a public key of the second terminal to the first terminal through the first communication channel, and generating a first secret key, wherein the first secret key is configured to be generated by the second terminal when the public key of the first terminal and a private key of the second terminal are input into a key exchange function, the first secret key is configured to be generated by the first terminal when a private key of the first terminal and the public key of the second terminal are input into the key exchange function, and the first secret key is configured to be used for communication using a second protocol between the first terminal and the second terminal ). As per claim 7. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein the personalisation further comprises: receiving one or more root signature verification keys by the security applet of the first security element from the personalisation server via the second encrypted subchannel within the encrypted communication channel, wherein the received root signature verification keys are for verifying certificate signatures of one or more root instances having certificates each used in the course of a readout of the first attributes for authenticating a reading computer system to the ID application program, storing the received root signature verification keys by the security applet in the first security element ( 0018 establishing, by a first terminal, a connection with a second terminal through a first communication channel that uses a first protocol, transmitting, by the first terminal, a first message including a public key of the first terminal to the second terminal through the first communication channel, receiving, by the first terminal, a second message including a public key of the second terminal from the second terminal through the first communication channel, storing, by the first terminal, the public key of the second terminal, and generating a first secret key, wherein the first secret key is configured to be generated by the first terminal when the public key of the second terminal and a private key of the first terminal are input into a key exchange function, the first secret key is configured to be generated by the second terminal when a private key of the second terminal and the public key of the first terminal are input into the key exchange function, and the first secret key is configured to be used for communication using a second protocol between the first terminal and the second terminal 0050] The UWB applet 102 running in the first terminal 10 may be a component for providing a UWB communication function to the application 101 of the first terminal 10. The UWB applet 102 may be executed in the security area (secure element) of the first terminal 10, but the present disclosure is not limited thereto. The UWB applet 102 may include a FiRa applet and a SUS applet. The UWB applet 102 may generate and manage the IDs of a session and a sub-session for UWB communication with a counterpart terminal, a key pair for the session and the sub-session, ). As per claim 8. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein the personalisation further comprises: receiving a signature of the first attributes from the personalisation server by the security applet of the first security element via the second encrypted subchannel within the encrypted communication channel, wherein the signature serves as proof of authenticity of the first attributes, storing the received signature of the first attributes by the security applet in the first security element (0050] The UWB applet 102 running in the first terminal 10 may be a component for providing a UWB communication function to the application 101 of the first terminal 10. The UWB applet 102 may be executed in the security area (secure element) of the first terminal 10, but the present disclosure is not limited thereto. The UWB applet 102 may include a FiRa applet and a SUS applet. The UWB applet 102 may generate and manage the IDs of a session and a sub-session for UWB communication with a counterpart terminal, a key pair for the session and the sub-session, [0061] Referring to FIG. 3, the first terminal 10 may generate and retain a private-key-and-public-key key pair (41 and 42) of the first terminal, and the second terminal 20 may generate and retain a private-key-and-public-key key pair (51 and 52) of the second terminal ). As per claim 9. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 2, Kim discloses wherein establishing the encrypted communication channel comprises negotiating the first channel-specific ephemeral symmetric cryptographic session key ([0152] In operation S1005, the UWB applet 202 may verify the authenticity of the token and the signed value provided from the application 201 through operation S1003 by the security authentication application 211 verifying the value signed with its own private key using the public key of the security authentication application 211. ). As per claim 14. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein establishing the first encrypted subchannel comprises authenticating the user to the ID token via the mobile terminal ([0147] In operation S1001, the application 201 may check the user security authentication result that is acquired and stored in advance as a result of performing the first security authentication routine S401. As described above, the user security authentication result may include a token value including whether the authentication has succeeded or failed, identification information on the authenticated user, information on the valid time or expiration date of the user authentication, the number of times the user authentication is valid, and the like. ). As per claim 17. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein establishing the first encrypted subchannel comprises authenticating the personalisation server by the ID token via the mobile terminal ([0151] The UWB applet 202 may verify the token and the signed value with the public key of the security authentication application 211 in operation S1005. In the operation S609 of the security authentication routine S205 in the registration procedure of the first terminal 10 and the second terminal 20, the public key of the security authentication application 211 may be received from the application 201 of the UWB applet 202 and then stored. ). As per claim 20. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein establishing the first encrypted subchannel comprises authenticating the ID token to the personalisation server via the mobile terminal (0142] When the user security authentication is successfully completed in operation S803, the security authentication application 211 provides, to the application 201, the authentication result and information on the authentication means (fingerprint, face, iris, password, etc.) used for the authentication in operation S805. The authentication result may include a token value including whether the authentication has succeeded or failed, identification information on the authenticated user, information on the valid time or expiration date of the user authentication, the number of times the user authentication is valid, and the like. Also, the authentication result may include a value signed by the security authentication application 211 using its own private key. ). As per claim 23. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein establishing the second encrypted subchannel comprises authenticating the user by the second security element, wherein establishing the second encrypted subchannel further comprises executing a challenge-response procedure between the second security element and the first security element, wherein a successful execution of the challenge-response procedure confirms a successful authentication of the user by the second security element ([0048] Referring to FIG. 2, the first terminal 10 may include one or more applications 101 and a UWB applet 102. The second terminal 20 may include one or more applications 201, a UWB applet 202, a security authentication application 211, and a security authentication applet 212. However, only components related to the embodiment of the present disclosure are shown in FIG. 2. Accordingly, those skilled in the art can know that other general-purpose components, for example, a processor, a memory, an input/output interface, and the like, may be further included in addition to the components shown in FIG. 2. Also, the components of the first terminal 10 and the second terminal 20 illustrated in FIG. 2 represent functional elements that are functionally distinct from each other, and it should be noted that the plurality of components may be integrated with each other in an actual physical environment. Each component will be described in detail below. [0049] First, an application 101 running in the first terminal 10 may be an application for implementing functions corresponding to various purposes for which the first terminal 10 is utilized, such as access authentication, unlocking, vehicle driving, and payment. The application 101 may be executed in a security area (secure element) of the first terminal 10 and may also be executed in a normal area other than the security area. The application 101 may establish a first communication channel with another terminal, for example, the second terminal 20, through an arbitrary communication module included in the first terminal 10 and exchange data through the first communication channel). As per claim 24. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1,Kim discloses wherein establishing the second encrypted subchannel further comprises authenticating the personalisation server by the security applet of the first security element (0054 a security authentication unit (211 and 212). The security authentication unit (211 and 212) may be implemented or installed in the second terminal 20 and may also be implemented in a hardware device distinct from the second terminal 20 and may be communicatively connected to the second terminal 20. In this specification, the security authentication unit (211 and 212) may be referred to as a security authentication apparatus). As per claim 26. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein establishing the second encrypted subchannel further comprises authenticating the security applet of the first security element to the personalisation server (0050 The UWB applet 102 may generate and manage the IDs of a session and a sub-session for UWB communication with a counterpart terminal, a key pair for the session and the sub-session). As per claim 29. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, Kim discloses wherein the third channel-specific ephemeral symmetric cryptographic session key for encrypting the second encrypted subchannel between the security applet of the first security element and the personalisation server is stored in the first security element and in the personalisation server as an initial key for use by the security applet ([0056] The security authentication application 211 may communicate with the application 201 and the security authentication applet 212. In some embodiments, the security authentication application 211 may communicate with a security authentication server 30 outside the second terminal 20. [0057] The security authentication applet 212 may communicate with the UWB applet 202 in the security area. Specifically, in an embodiment, the security authentication applet may exchange data with the UWB applet 202 through a sharable interface object provided in the security area). As per claim 34. Kasabwala and Labrou and Kim and Spector discloses The system according to claim 19, Kim discloses wherein the system further comprises the ID token in which the attributes to be read out are stored (0182 The authentication result may include a token value including whether the authentication has succeeded or failed, identification information on the authenticated user, information on the valid time or expiration date of the user authentication, the number of times the user authentication is valid, and the like. This embodiment is distinguishable from the embodiment that has been described with reference to FIGS. 8 to 10 in that the value signed with the private key of the security authentication application 211 or the security authentication applet 212 need not be provided to the application 201). As per claim 32, this claim is rejected based on the same rational set forth in the claim 1. As per claim 33. this claim is rejected based on the same rational set forth in the claim 1. As per claim 35. this claim is rejected based on the same rational set forth in the claim 1. Claim(s) 2-5 are rejected under 35 U.S.C. 103 as being unpatentable over Kasabwala et al US 10,630,663 in view of Labrou et al US 2006/0206709 and Kim US 2022/0386118 and Spector et al US 11,836,710 in view of Allison et al US 2013/0152156. As per claim 2, Kasabwala and Labrou and Kim and Spector discloses the method according to claim 1, Kim discloses wherein the encrypted communication channel is encrypted with a first channel-specific ephemeral symmetric cryptographic session key, wherein the first encrypted subchannel is encrypted with a second channel-specific ephemeral symmetric cryptographic session key, wherein the second encrypted subchannel is encrypted with a third channel-specific ephemeral symmetric cryptographic session key. the combination fails to disclose a third channel-specific ephemeral symmetric cryptographic session key. However, Allison discloses a third channel-specific ephemeral symmetric cryptographic session key (0031 nodes from a node-to-node receive/acknowledge state distribution method, especially in environments where IPSec or other VPN session keys are updated several times per hour and many VPN sessions , i.e. third channel, are running on the same firewall. Wherein the session keys can be seen as an ephemeral symmetric cryptographic session key ). Kasabwala and Labrou and Kim and Spector and Allison are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim in view of Spector, including the teaching of Allison and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. As per claim 3. Kasabwala and Labrou and Kim and Spector discloses the method according to claim 1, the combination fails to disclose wherein the encryption of the encrypted communication channel is an end-to-end encryption between the mobile terminal and the personalisation server. However, Allison discloses wherein the encryption of the encrypted communication channel is an end-to-end encryption between the mobile terminal and the personalisation server ( 0010 encryption keys for a VPN session or security policy information identifying what data should encrypted. VPN state information comprises encryption keys and 0031 between nodes from a node-to-node receive/acknowledge state distribution method, especially in environments where IPSec or other VPN session keys are updated several times per hour and many VPN sessions are running on the same firewall). Kasabwala and Labrou and Kim and Spector and Allison are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim in view of Spector, including the teaching of Allison and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. As per claim 4. Kasabwala and Labrou and Kim and Spector discloses the method according to claim 1, the combination fails to disclose wherein the encryption of the first encrypted subchannel is an end-to-end encryption between the first ID token and the personalisation server. However, Allison discloses wherein the encryption of the first encrypted subchannel is an end-to-end encryption between the first ID token and the personalisation server( 0010 encryption keys for a VPN session or security policy information identifying what data should encrypted. VPN state information comprises encryption keys and 0031 between nodes from a node-to-node receive/acknowledge state distribution method, especially in environments where IPSec or other VPN session keys are updated several times per hour and many VPN sessions are running on the same firewall). Kasabwala and Labrou and Kim and Spector and Allison are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim in view of Spector, including the teaching of Allison and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. As per claim 5. Kasabwala and Labrou and Kim and Spector discloses The method according to claim 1, the combination fails to disclose wherein the encryption of the second encrypted subchannel is an end-to-end encryption between the security applet and the personalisation server. However, Allison discloses wherein the encryption of the second encrypted subchannel is an end-to-end encryption between the security applet and the personalisation server( 0010 encryption keys for a VPN session or security policy information identifying what data should encrypted. VPN state information comprises encryption keys and 0031 between nodes from a node-to-node receive/acknowledge state distribution method, especially in environments where IPSec or other VPN session keys are updated several times per hour and many VPN sessions are running on the same firewall). Kasabwala and Labrou and Kim and Spector and Allison are both considered to be analogous to the claimed invention because they are in the same field of secure communication. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kasabwala to incorporate the teachings of Labrou, including the teaching of Kim in view of Spector, including the teaching of Allison and provide a mobile device authentication service(par 0039). Doing so would provide secure agreement submission protocol, thereby increasing the protection for the protocol. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ABU S SHOLEMAN/Primary Examiner, Art Unit 2496