Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsGiesecke+Devrient Mobile Security Germany GmbH › 18574927
Last updated: April 19, 2026
Application No. 18/574,927

UPDATE AGENT DOWNLOAD SCHEME

Final Rejection §103§112
Filed
Dec 28, 2023
Examiner
KABIR, MOHAMMAD H
Art Unit
2192
Tech Center
2100 — Computer Architecture & Software
Assignee
Giesecke+Devrient Mobile Security Germany GmbH
OA Round
2 (Final)
67%
Grant Probability
Favorable
3-4
OA Rounds
3y 8m
To Grant
80%
With Interview

Interview Optional

+12.5% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 417 resolved cases, 2023–2026

Examiner Intelligence

KABIR, MOHAMMAD H View full profile →
Grants 67% — above average
67%
Career Allow Rate
280 granted / 417 resolved
+12.1% vs TC avg
Moderate +12% lift
Without
With
+12.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 8m
Avg Prosecution
20 currently pending
Career history
437
Total Applications
across all art units

Statute-Specific Performance

§101
16.5%
-23.5% vs TC avg
§103
51.7%
+11.7% vs TC avg
§102
12.3%
-27.7% vs TC avg
§112
11.7%
-28.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 417 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following is a Final Office action in response to applicant's amendment and response received 12/30//2025, responding to the 09/30/2025 non-final/final office action provided in rejection of claims 1-20. Claims 16, 18, 19-24, and 26-30 have been amended. Claims 31-34 added as new. Claims 16-34 are pending and are addressed in this office action. Examiner notes (A). Limitations have been provided with the Bold fonts in order to distinguish from the cited part of the reference (Italic). (B). Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123. The examiner requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application. When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c). Response to Amendments and Remarks In light of the amendments to the claims, all objections to the claims presented in the Previous Action are hereby withdrawn. In light of the amendments to the claims, the Previous Action's rejections of those claims under 35 U.S.C. § 112 are hereby withdrawn. With respect to the rejections under 35 USC 101, Applicant argues have considered and persuasive and rejections of those claims under 35 U.S.C. § 101 are hereby withdrawn. With respect to the rejection of claim 16 under 35 USC 103(a), Applicant argues that there are no similar features, teachings or suggestions derivable from the combination of Zhang and Liu. In the Action, the rejection relies on Zhang for finding a teaching of an eUICC profile management method where a local profile assistant (LPA) may be configured to: obtain a to-be-processed event record from the SM-DS 120, download and manage a profile, and provide a user interface for a user (para. [0056]). The rejection interprets the LPA as equivalent to the claimed update agent, however, the LPA according to Zhang is not provided within the secure element and is never in control of the secure element, nor can it transfer control of the secure element to an operating system. (Remarks, page 12) Examiner respectfully disagrees. Applicant provided reference paragraph of 0056 which is not cited in the office action. Applicant provided the definition of secure election in the originally filed spec page one line 13-14, “embedded Secure Elements (SE), such as electronic/ embedded universal integrated circuit cards (eUICCs)”. Further, cited text referred to paragraph 0056 does not match the paragraph 0056 of Zhang (EP 3629610 A1). Furthermore, LPA was not interpreted as secure element rather eUICC. Further, applicant alleged that secure element never in control nor transfer to an operating system. As cited in this and previous office Zhang discloses at least paragraph 0051, eUICC manage (i.e. control) user equipment / system, discovery server, data preparation server. Further par. 0059 discloses eUICC manage / control authority security domain and manager of secure routing. Applicant’s arguments have been considered but not persuasive. With respect to the rejection of claim 16 under 35 USC 103(a), Applicant further argues that while the rejection suggests that combining a teaching of Liu that a host processor 202 may provide control signals, control transfers of data, enable implementation of an operating system or otherwise execute code, with the teachings of Zhang would lead one skilled in the art to transfer control of the secure element, the existence of a processor in Liu is not sufficient to lead one skilled in the art to the specific implementation of claim 16. In particular, there is no teaching or suggestion derivable from the combination of Zhang and Liu that suggests an update agent controlling a secure element and transferring that control to an operating system as claimed. (Remarks, page 12-13) Examiner respectfully disagrees. Liu is relied on to teach transferring control of the secure element to the operating system. Line teaches at least in paragraph 0034, an application processor, may include suitable logic, circuitry, and/or code that enable processing data and/or controlling operations of the electronic device 102. The host processor 202 may also control transfers of data between various portions of the electronic device 102, as cited in this and pervious office action. Applicant arguments have considered but not persuasive. With respect to the rejection of claim 16 under 35 USC 103(a), Applicant further argues that contrast to the prior art, at least paras. [013-14] of the current disclosure teach: [013] The update agent requests control of the secure element and loads the operating system received with the installation package into the secure element, after which control of the secure element is transferred to the operating system. [014] The proposed method provides an efficient and secure solution for loading trusted soft-ware, in particular an operating system, onto a secure element once the production of the secure element is finished. By equipping the update agent with the capability to control the secure element, the update agent is for some time in charge of the secure element, which does not have an own files system. This allows for an efficient and secure loading, updating, and replacing of software within the secure element. There are no similar teachings or advantages suggested in the combination of Zhang and Liu. For at least the reasons discussed above, independent claim 16 is patentable over the combination of Zhang and Liu. Examiner respectfully disagrees. As illustrated in the above Liu discloses at least in par. 0034, an update agent controlling a secure element and transferring that control to an operating system. Applicant arguments have considered but not persuasive. With respect to the rejection of claim 24 under 35 USC 103(a) applicant further argues that independent claim 24 requires a computer-implemented data structure for providing a software installation package to an update agent on a secure element, the data structure comprising: a header part comprising an initialize secure channel field carrying information on an installation operation to be implemented and for performing key derivation at the secure element; and a data-carrying part comprising a plurality of image segments, wherein a sequence of consecutive image segments comprises a manifest, a manifest signature, and an image of software to be loaded onto the secure element. There are no similar features, teachings or suggestions derivable from the combination of Zhang and Liu. Notably, the rejection fails to identify any teaching in the cited prior art of performing key derivation at the secure element. Further, there is no teaching in the combination of Zhang and Liu of wherein a sequence of consecutive image segments comprises a manifest, a manifest signature, and an image of software to be loaded onto the secure element. Rather, the rejection only asserts that the combination of Zhang and Liu teaches that "If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310..." (Remarks, page 14) Examiner respectfully disagrees. Applicant provided the description of the key derivation as “header part, data-carrying part, initialize secure channel and installation operation”. The combination of Zhang-Liu discloses the above limitation. Zhang discloses at least par. 0095, when the LPA determines that a secure channel (i.e. header part), the operating system image file (i.e. data-carrying part) obtaining request. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC (i.e. secure element), as cited in this and pervious office action. Liu is relied on to teach wherein a sequence of consecutive image segments comprises a manifest, a manifest signature (see, paragraph 0078, the secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310, as cited in this and previous office action. With respect to the rejection of claim 24 under 35 USC 103(a) applicant further argues that in contrast, claim 24 requires that a sequence of consecutive image segments comprises a manifest, a manifest signature, and an image of software to be loaded onto the secure element. This may allow that, in a first phase, the update agent receives a first part of the installation package until and including the segment containing the manifest 502 (para. [065]). That is, the update agent may receive the header part 530 and initial segments of the data-carrying part 520, up to the segment comprising the manifest 502. The update agent may then verify the signature 503 of the manifest, to ensure that the image is acceptable and the issuer is trusted, and may may in addition verify the initialize secure channel signature 532 also by using the first key (paras. [066-67]). (Remarks, page 15). Examiner respectfully disagrees. Applicant argument is ineffective. Applicant about “claim 24 requires that a sequence of consecutive image segments” which is not pert to of the claim. Applicant offers no other arguments beyond arguing allowability for the reasons cited for the independent claim(s) or dependence upon said claims. These arguments are considered met. Claim Objections Claims 21-23, 28-30, 32, and 34 are objected to because of the following informalities: Claim 21, line 3, after “receiving” and “reset”, --,-- might be needed, respectively. Further, line 9, “the corresponding image segments” appears to lack proper antecedent basis. Claim 28, line 2, “a secure element” should be --the secure element-- and line 6, “a data structure” should be --the data structure--. Claim 29, line 4, “the initialize secure channel signature” appears to lack proper antecedent basis. Claim 30, line 2, “an operating system” and “a secure element” should be --the operating system-- and --the secure element--, respectively. Further, line 3, “an update agent” should be --the update agent--. Claims 22, 23, 32, and 34 depend on objected claims and inherit the same issues. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 20, line 2, “the control” is unclear whether it refers to “control” in line 6 or 9 of claim 16. For the examination purposes, “control” in line 9 of claim 16 will be treated as --the control--. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 16-19, 24-25 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al. (IDS provided) (EP 3629610 A1) in view of Liu et al. (IDS provided)(US 2018/0082065 A1). As to claim 16, Zhang discloses a method for downloading an operating system onto a secure element, the secure element comprising an update agent therein, the method comprising the steps performed by the update agent: receiving from an external device an installation package for installing an operating system onto the secure element (abstract, … when an operating system of an eUICC [i.e. secure element] needs to be updated, an LPA sets an operating system update flag, and obtains and stores metadata of a first profile. A profile server [i.e. external device] generates a second profile based on the operating system update flag … . Further, Figs. 5A, 5B, par. 0095, … After the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel established between the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); requesting control of the secure element (Fig. 1, par. 0051, the network architecture of the eUICC profile management system [i.e. control] may include user equipment (User Equipment, UE) 110, a subscription manager-discovery server (Subscription manager-Discovery Service, SM-DS) 120, a subscription manager-data preparation (Subscription Manager-Data Preparation+, SM-DP+) server 130, … . Further, Fig. 2, par. 0059… an eUICC controlling authority security domain (eUICC Controlling Authority Security Domain, ECASD), used to store an eUICC key and an eUICC certificate; an issuer security domain root (Issuer Security Domain Root, ISD-R), associated with a subscription manager-secure routing (not shown in the figure) outside the eUICC,); loading the operating system received with the installation package into the secure element (par. 0111, After completing downloading of the operating system image file [i.e. installation package], the LPA sends the first profile and the metadata deletion request to the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); and Zhang does not explicitly disclose the following limitation but, Liu discloses transferring control of the secure element to the operating system (Figs, 1, 2, par. 0034, The host processor 202, which may also be referred to as an application processor, may include suitable logic, circuitry, and/or code that enable processing data and/or controlling operations of the electronic device 102 [i.e. secure element]. In this regard, the host processor 202 may be enabled to provide control signals to various other components of the electronic device 102. The host processor 202 may also control transfers of data between various portions of the electronic device 102. Additionally, the host processor 202 may enable implementation of an operating system or otherwise execute code to manage operations of the electronic device 102 … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include transferring control of the secure element to the operating system, as disclosed by Liu, for the purpose to control updates made to the OS (see paragraph 0017). As to claim 17, Zhang discloses the method wherein the installation package comprises a header part and a data-carrying part, wherein the header part comprises an initialize secure channel signature, and the data-carrying part comprises a plurality of image segments (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]), Liu discloses wherein a sequence of consecutive image segments comprises a manifest, a manifest signature , and an image of the operating system to be loaded onto the secure element (par. 0078, The secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310 … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include wherein a sequence of consecutive image segments comprises a manifest, a manifest signature , and an image of the operating system to be loaded onto the secure element, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). As to claim 18, Zhang discloses the method wherein receiving the installation package comprises receiving a first part of the installation package comprising the header (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC … ); wherein the method further comprises verifying the installation package by verifying the initialize secure channel signature (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); Liu discloses a first sequence of the plurality of image segments, the first sequence comprising the manifest signature and the manifest and the manifest signature using a first key(par. 0078, The secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310 … ); stored in the update agent (par. 0065, If the manifest data item 300 can be validated (612), the secure element 210 stores the manifest data item 300 [i.e. update agent], such as in the non-volatile memory 220, updates a download token, and sends a manifest data response (614) …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include a first sequence of the plurality of image segments, the first sequence comprising the manifest signature and the manifest and the manifest signature using a first key and stored in the update agent, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). As to claim 19, Zhang discloses the method wherein requesting the control of the secure element (see Figs. 1, 2, pars. 0052 and 0059) Liu discloses the method (par.0065, If the manifest data item 300 can be validated (612), the secure element 210 stores the manifest data item 300, such as in the non-volatile memory 220, updates a download token, and sends a manifest data response (614). The secure element 210 then waits for a reset command (616) … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include sending to the external device a request to perform a system reset, as disclosed by Liu, for the purpose to implementations, the download token may indicate whether the secure element is in a download mode (see paragraph 0065). As to claim 24, Zhang discloses a computer-implemented data structure for providing a software installation package to an update agent on a secure element, the data structure comprising: a header part comprising an initialize secure channel field carrying information on installation operation to be implemented and for performing key derivation at the secure element (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); and a data-carrying part comprising a plurality of image segments (abstract, … when an operating system of an eUICC [i.e. secure element] needs to be updated, an LPA sets an operating system update flag, and obtains and stores metadata of a first profile. A profile server [i.e. external device] generates a second profile based on the operating system update flag … . Further, Figs. 5A, 5B, par. 0095, … After the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel established between the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]), and an image of software to be loaded onto the secure element (par. 0111, After completing downloading [i.e. load] of the operating system image file, the LPA sends the first profile and the metadata deletion request to the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]), Liu discloses wherein a sequence of consecutive image segments comprises a manifest, a manifest signature (par. 0078, The secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310 … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include wherein a sequence of consecutive image segments comprises a manifest, a manifest signature, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). As to claim 25, Zhang discloses the computer-implemented data structure wherein the header part further comprises a protected keys field carrying image protection keys, for encrypting the software image (par. 0207, After the eUICCsigned2, the ICCID of the second profile, and the operating system update flag are verified, the SM-DP+ 130 encrypts [i.e. image protection keys] the operating system image file, the second profile, and the metadata of the second profile to generate an encryption profile package (bound profile package), and sends the encryption profile package to the LPA). As to claim 28, Zhang discloses an update agent for downloading software onto a secure element, the update agent implemented in a non- transitory computer readable storage medium in the form of computer readable instructions that, when executed by a processor, configure the update agent to: receive through a data structure according an installation package for installing an operating system (abstract, … when an operating system of an eUICC [i.e. secure element] needs to be updated, an LPA sets an operating system update flag, and obtains and stores metadata of a first profile. A profile server [i.e. external device] generates a second profile based on the operating system update flag … . Further, Figs. 5A, 5B, par. 0095, … After the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel established between the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); verify the installation package and request control of the secure element (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); load the operating system received with the installation package into the secure element (par. 0111, After completing downloading of the operating system image file [i.e. installation package], the LPA sends the first profile and the metadata deletion request to the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); and Liu discloses transfer control of the secure element to the operating system (Figs, 1, 2, par. 0034, The host processor 202, which may also be referred to as an application processor, may include suitable logic, circuitry, and/or code that enable processing data and/or controlling operations of the electronic device 102 [i.e. secure element]. In this regard, the host processor 202 may be enabled to provide control signals to various other components of the electronic device 102. The host processor 202 may also control transfers of data between various portions of the electronic device 102. Additionally, the host processor 202 may enable implementation of an operating system or otherwise execute code to manage operations of the electronic device 102 … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include transferring control of the secure element to the operating system, as disclosed by Liu, for the purpose to control updates made to the OS (see paragraph 0017). Claims 26 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al and Liu et al. as applied to claims 18 and 24 above, and further in view of Kamal et al. (US 20180137272 A1). As to claim 26, Zhang discloses comprising a signature of one or more of the initialize secure channel field and a protected keys field, for authenticating the software installation package (par. 0207, After the eUICCsigned2, the ICCID of the second profile, and the operating system update flag are verified, the SM-DP+ 130 encrypts [i.e. image protection keys] the operating system image file, the second profile, and the metadata of the second profile to generate an encryption profile package (bound profile package), and sends the encryption profile package to the LPA); Kamal discloses the computer-implemented data structure wherein the header part further comprises a package binding signature (par. 0025, … the elliptical curve digital signature algorithm (ECDSA)[i.e. package binding signature], and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …), Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the computer-implemented data structure wherein the header part further comprises a package binding signature, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). As to claim 31, Kamal discloses the method wherein the first key comprises an Elliptical Curve Digital Signature (ECDSA) key (par. 0025, … the elliptical curve digital signature algorithm (ECDSA), and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the method wherein the Elliptical Curve Digital Signature, EC-DSA, key, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al and Liu et al. as applied to claim 19 above, and further in view of Christophe et al. (DS provided)(EP 3208717 A1). As to claim 20, Zhang as modified by Liu does not explicitly disclose the following limitations but, Christophe discloses the method further comprising assuming the control of the secure element and deleting an initial operating system contained within the secure element after the system reset (par. 0006, Tm OS or the JavaCard.sup.Tm applet. A remote server can send a new version or an upgrade of the operating system of the secure element. In this case, the existing objects (e.g. existing instances of class) must be re-instantiated when the operating system has been updated. In other words, new instances of class corresponding to the old ones must be instantiated in the new operating system context in order to re-create the previously existing objects. This instantiation is carried out from the packages stored in the secure element. It is to be noted that old class instances are no more used or even deleted and their content [i.e. initial OS contained] is lost in the new operating system context … . Further, par. 0042, It is to be noted that the object re-instantiation [i.e. removed / deleted initial / previous OS after the re-re-initialization] process is applied to all objects previously installed in the secure element provided that these objects are compatible with the updated operating system). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the method further comprising assuming control of the secure element and deleting an initial operating system contained within the secure element after the system reset, as disclosed by Christophe, to secure SCP03 or SCP03t scripts (see paragraph 0012). Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al and Liu et al. as applied to claim 17 above, and further in view of Zhang et al. (US 10127029 B1, hereinafter Zhang “029”). As to claim 21, Zhang discloses the method wherein loading the operating system comprises: the image of the operating system, each image segment being protected with a pair of image protection keys (par. 0207, After the eUICCsigned2, the ICCID of the second profile, and the operating system update flag are verified, the SM-DP+ 130 encrypts [i.e. image protection keys] the operating system image file, the second profile, and the metadata of the second profile to generate an encryption profile package (bound profile package), and sends the encryption profile package to the LPA); Liu discloses receiving after a system reset the installation package from the external device, the installation package comprising the plurality of image segments, wherein the plurality of image segments carries the manifest, the manifest signature (see, par. 0078) and verifying integrity of the installation package (par. 0069, If an error occurs during the packet reception (706), the packet is invalid (708), and/or the version of the software update is lower than the current version (712), the secure element 210 invalidates the manifest data item 300, sends an error response to the host processor 202 (618), and waits for a reset (616). If the version of the software update being downloaded is greater than or equal to a current version (712), the secure element 210 determines the image type associated with the download (714).); storing the operating system into a memory of the secure element (par. 0032, … the non-volatile memory 220 may also store firmware and/or operating system executable code that is executed by the secure processor 212 to provide an execution environment, such as the JAVA execution environment. … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include receiving after the system reset the complete installation package from the external device, the complete installation package comprising the plurality of image segments, wherein the plurality of image segments carries the manifest, the manifest signature and verifying integrity of the installation package; storing the operating system into a memory of the secure element, as disclosed by Liu, for the purpose to verifying OS update implementations followed by a migration OS update and/or an OS update. (see paragraph 0070). Zhang as modified by Liu does not explicitly disclose the following limitation but, Zhang “029” discloses extracting the operating system from the corresponding image segments (abstract, systems, and processes to support hard drive installation of an operating system from a logical volume partition. An initial volatile memory disk is extracted from an operating system (OS) installation image. … ); and Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include extracting the operating system from the corresponding image segments, as disclosed by Zhang ‘029, for the purpose to executing the logical volume binary and the shared libraries modifies a process performed by an OS installation application (see abstract). Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al, Liu et al. and Zhang “029” as applied to claim 21 above, and further in view of Jerome et al. (EP 3719706 A1, hereinafter Jerome). As to claim 22, Zhang discloses the method wherein the image protection keys are established between the external device and the secure element through a key agreement process (par. 0207, After the eUICCsigned2, the ICCID of the second profile, and the operating system update flag are verified, the SM-DP+ 130 encrypts [i.e. image protection keys] the operating system image file, the second profile, and the metadata of the second profile to generate an encryption profile package (bound profile package), and sends the encryption profile package to the LPA)and Zhang as modified by Liu and Zhang “029” does not explicitly disclose the following limitation but, Jerome discloses used to implement a protection scheme based on a Secure Channel Protocol 03t (SCP03t) SCPO3t algorithm, to ensure integrity of the installation package (par. 0012, 3a- the script platform 101 contacts the SM-SR 102 that manages the targeted secure element 103 and requests to create the ISD-P (ES3.CreateISDP) 104; 3b- the script platform 101 performs ISD-P key establishment with the ISD-P 104 on the secure element 103 through the SM-SR 102 (ES8.ISDPKeysetEstablishment through ES3.SendData). This generates an SCP03 keyset known only by the script platform 101 and the ISD-P 104 that can be used to secure SCP03 or SCP03t scripts. 3c- the script platform 101 generates or formats the script, adds one or more signed tokens in it, and secures it using SCP03 or SCP03t … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include used to implement a protection scheme based on a SCPO3t algorithm, to generates or formats the script, adds one or more signed tokens in it, and secures it (see par. 0012). Claims 23 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al, Liu et al. and Zhang “029” as applied to claim 21 above, and further in view of Kamal et al. (US 20180137272 A1). As to claim 23, Zhang discloses the method wherein the header of the installation package comprises further a package binding signature (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC … ), Liu discloses stored in the update agent (par. 0065, If the manifest data item 300 can be validated (612), the secure element 210 stores the manifest data item 300 [i.e. update agent], such as in the non-volatile memory 220, updates a download token, and sends a manifest data response (614) …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include stored in the update agent, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). Kamal discloses the method further comprising authenticating the installation package by verifying the package binding signature using a second key (par. 0025, … the elliptical curve digital signature algorithm (ECDSA)[i.e. package binding signature using a second key], and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the method further comprising authenticating the installation package by verifying the package binding signature using a second key, in particular an Elliptical Curve Digital Signature, ECDSA, key, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). As to claim 32, Kamal discloses the method wherein the second key comprises an Elliptical Curve Digital Signature (ECDSA) key (par. 0025, … the elliptical curve digital signature algorithm (ECDSA)[i.e. package binding signature using a second key], and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include in particular an Elliptical Curve Digital Signature, EC-DSA, key, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). Claims 27 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al, and Liu et al. as applied to claim 24 above, and further in view of Melkild et al. (US 20210326157 A1, hereinafter Melkild). As to claim 27, Zhang does not explicitly discloses the following limitations but, Melkild discloses the computer-implemented data structure wherein the manifest contains information on the software image to be uploaded (par. … the software image may be uploaded from the source and stored in the VNF catalog 676 (See FIG. 6) for efficient, localized access), Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the computer-implemented data structure wherein the manifest contains information on the software image to be uploaded, as disclosed by Melkild, for the purpose to store in the VNF catalog for efficient, localized access (see paragraph 0061). As to claim 33, Liu discloses the computer-implemented (par. 0073, … the image type is determined to correspond to firmware image or a migration OS image (720)). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the computer-implemented comprises information for one or more of authenticating the software image and authenticating an issuer of the image, as disclosed by Liu, for the purpose to manifest data item and validate and/or authenticated (see paragraph 0064). Melkild discloses the computer-implemented data structure wherein the information on the software image to be uploaded (par. … the software image may be uploaded from the source and stored in the VNF catalog 676 (See FIG. 6) for efficient, localized access), Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the computer-implemented data structure wherein the information on the software image to be uploaded, as disclosed by Melkild, for the purpose to store in the VNF catalog for efficient, localized access (see paragraph 0061). Claims 29-30 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al. and Liu et al. as applied to claim 28 above, and further in view of Kamal and Li et al. (US 20180351945 A1 , hereinafter Li). As to claim 29, Liu the update the update agent being personalized with a plurality of cryptographic keys, selected from a set comprising at least: Liu discloses(par. 0078, The secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310 … ); Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include for verifying the manifest signature and the initialize secure channel signature within the installation package, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). Kamal discloses a first key, in particular an Elliptical Curve Digital Signature, ECDSA, key (par. 0025, … the elliptical curve digital signature algorithm (ECDSA)[i.e. package binding signature using a second key], and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …), f a second key, in particular an Elliptical Curve Digital Signature, ECDSA, key, for verifying a package binding signature (par. 0025, … the elliptical curve digital signature algorithm (ECDSA)[i.e. package binding signature using a second key], and/or RSA, which is a public key cryptosystem commonly used for secure data transmission) that are used to encrypt and store the consumer's PIN. …). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include a first key, in particular an Elliptical Curve Digital Signature, ECDSA, key and a second key, in particular an Elliptical Curve Digital Signature, ECDSA, key, for verifying a package binding signature, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). Li discloses a key pair, in particular an Elliptical Curve Key Agreement, ECKA, key pair, for processing image segments of the installation package (par. 0039, An eUICC can generate an ephemeral eUICC public key otPK.eUICC.ECKA (with ephemeral eUICC private key, otSK.eUICC.ECKA) and an eSIM server can generate an ephemeral eSIM server public key otPK.DP.ECKA … ); Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include a key pair, in particular an Elliptical Curve Key Agreement, ECKA, key pair, for processing image segments of the installation package, as disclosed by Li, for the purpose to create an input for a key derivation process to create a shared secret that can include a session key for encryption (see paragraphs 0039). As to claim 30, Zhang discloses the update agent being configured to carry out a method for downloading an operating system onto a secure element, the secure element comprising an update agent, the method comprising the steps performed by the update agent: receiving from an external device an installation package for installing an operating system onto the secure element (abstract, … when an operating system of an eUICC [i.e. secure element] needs to be updated, an LPA sets an operating system update flag, and obtains and stores metadata of a first profile. A profile server [i.e. external device] generates a second profile based on the operating system update flag … . Further, Figs. 5A, 5B, par. 0095, … After the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel established between the eUICC … Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]); requesting control of the secure element; loading the operating system received with the installation package into the secure element (Fig. 1, par. 0051, the network architecture of the eUICC profile management system [i.e. control] may include user equipment (User Equipment, UE) 110, a subscription manager-discovery server (Subscription manager-Discovery Service, SM-DS) 120, a subscription manager-data preparation (Subscription Manager-Data Preparation+, SM-DP+) server 130, … . Further, Fig. 2, par. 0059… an eUICC controlling authority security domain (eUICC Controlling Authority Security Domain, ECASD), used to store an eUICC key and an eUICC certificate; an issuer security domain root (Issuer Security Domain Root, ISD-R), associated with a subscription manager-secure routing (not shown in the figure) outside the eUICC,); and wherein the installation package comprises a header part and a data-carrying part, wherein the header part comprises an initialize secure channel signature (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]), and the data-carrying part comprises a plurality of image segments (par. 0095, the eUICC and the SM-DP+ 130 complete the mutual authentication, or when the LPA determines that a secure channel [i.e. header part] established between the eUICC and the SM-DP+ 130 through mutual authentication is not closed, the LPA sends an operating system image file obtaining request to the SM-DP+ 130. The operating system image file [i.e. data-carrying part] obtaining request may include the EID, the ICCID, a profile type (profile type), and the operating system update flag. Further, par. 0114, S318. The LPA sends an operating system image file installation request to the eUICC [i.e. secure element]), Liu discloses transferring control of the secure element to the operating system (Figs, 1, 2, par. 0034, The host processor 202, which may also be referred to as an application processor, may include suitable logic, circuitry, and/or code that enable processing data and/or controlling operations of the electronic device 102 [i.e. secure element]. In this regard, the host processor 202 may be enabled to provide control signals to various other components of the electronic device 102. The host processor 202 may also control transfers of data between various portions of the electronic device 102. Additionally, the host processor 202 may enable implementation of an operating system or otherwise execute code to manage operations of the electronic device 102 … ); wherein a sequence of consecutive image segments comprises a manifest, a manifest signature, and an image of the operating system to be loaded onto the secure element (par. 0078, The secure element 210 again determines if the image has been completely downloaded (802), and repeats (804)-(810) if the image has not been completely downloaded. If the secure element 210 determines that the image has been completely downloaded (802), the secure element 210 determines whether the authentication code received in the manifest data item 300 for the image matches an authentication code locally generated from the downloaded [i.e. loaded] image, and the secure element 210 determines if the digital signature 320 of the manifest body 310 … ). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include transferring control of the secure element to the operating system and wherein a sequence of consecutive image segments comprises a manifest, a manifest signature, and an image of the operating system to be loaded onto the secure element, as disclosed by Liu, for the purpose to control updates made to the OS and verified or authentication (see paragraphs 0017 and 0078). As to claim 34, Kamal discloses the update agent wherein the first key comprises an Elliptical Curve Digital Signature (ECDSA) key, the key pair comprises an Elliptical Curve Key Agreement (ECKA) key pair, and the second key comprises an Elliptical Curve Digital Signature (ECDSA) key (see par. 0025). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Zhang to include the update agent wherein the first key comprises an Elliptical Curve Digital Signature (ECDSA) key, the key pair comprises an Elliptical Curve Key Agreement (ECKA) key pair, and the second key comprises an Elliptical Curve Digital Signature (ECDSA) key, as disclosed by Kamal, for the purpose to provide obfuscation of encryption algorithms and/or public key algorithms (see paragraph 0025). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad Kabir whose telephone number is (571)270-13411. The examiner can normally be reached on M-F, 8:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sam Sough can be reached on (571) 272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Mohammad Kabir/ Examiner, Art Unit 2192 /S.SOUGH spe, art unit 2192
Read full office action

Prosecution Timeline

Dec 28, 2023
Application Filed
Sep 14, 2025
Non-Final Rejection — §103, §112
Dec 30, 2025
Response Filed
Feb 14, 2026
Final Rejection — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/021,963
Patent 12596592
METHOD AND APPARATUS FOR UPDATING CLOUD PLATFORM
2y 5m to grant Granted Apr 07, 2026
18/251,052
Patent 12596540
Cloud Initiated Bare Metal as a Service for On-Premises Servers
2y 5m to grant Granted Apr 07, 2026
18/482,690
Patent 12585447
FAULT TOLERANT REMOTE APPLICATION INSTALLATION
2y 5m to grant Granted Mar 24, 2026
18/118,633
Patent 12579051
SYSTEMS AND METHODS FOR A FEATURE DATA PLATFORM
2y 5m to grant Granted Mar 17, 2026
18/231,556
Patent 12578944
INTERNET OF THINGS APPLICATION STORE
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
67%
Grant Probability
80%
With Interview (+12.5%)
3y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 417 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month