UE SELF-INITIATED VERIFICATION OF SIM PRESENCE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 2. This action is in response to the amendment filed February 18, 2026. 3. Claims 1-2, 6-9, 13-16, and 20 have been amended. 4. Claims 1-20 have been examined and are pending with this action. 5. The Information Disclosure Statement filed February 6, 2026 has been considered. Response to Arguments 6. Applicant's arguments filed February 18, 2026 have been fully considered but they are not persuasive. Xi has been cited to better teach the newly amended limitations (Please see rejections below). Applicant(s) assertion of an application client is improper. An application client is merely the application that is executed on the client-side such as a browser. Wang explicitly teaches the ID information is subjective in paragraph [0055], “The application client, in this case, may obtain the identity information of the application client itself, such as an IP address or a network card address, or any other unique identifier that may be associated with the application client.”, emphasis added. For these reasons above and the rejections set forth below, claims 1-20 remain rejected and pending. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. Claims 1-4, 6-11, 13-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2014/0289508 A1) in view of Xi et al. (US 2010/0202351 A1) and Choi (US 2008/0113651 A1). INDEPENDENT: As per claim 1, Wang teaches a method comprising: transmitting, by a user equipment (UE), a message to a verification website maintained by a cellular service provider, the message including an identifier (ID) comprising an IP address assigned to the UE by the cellular service provider (see Wang, Abstract: “The method may include detecting a login or registration operation, to a server, via a login interface on a user interface of an application client.”; [0007]: “An application client may detect a login or registration operation being performed via a login interface on a user interface of the application client. The application client may perform such detection by monitoring user-input events”; [0064]: “For example, the application client may send to a telecommunication server a HTTP request to login. The telecommunication server may display a telecommunication login page on the application client in response to the HTTP request. The login page may provide a login button, such as a login icon, at a specified position on the telecommunication login page.”; and [0066]: “The mobile terminal may send the ID information, the identity information and the account information together to the authentication server.”); verifying, by the verification website, that the IP address carried by the message matched a stored IP address (see Wang, Abstract: “In response, identity information and an identifier of the application client may be determined… The application client may then receive an authentication result from the authentication server enabling the user to access the third party service.”; [0008]: “The application client may, in response, determine, or obtain identity information and an identifier of the application client. The identifier may be assigned to the application client by an authentication server and the identifier may be associated with a third party service. The identifier may be a unique character string, or any other form of identification assigned to the application client by the authentication server with respect to the third party service. The third party service may be a third party login service running on the application client.”; and [0066]: “The authentication server may authenticate, using information from a database, whether the ID information of the application client and the account information of the mobile terminal are correct.”); embedding an interaction ID into a scannable code, in response to verifying that the IP address carried by the message matches the stored IP address (Inherency: see Wang, Abstract: “The application client may then receive an authentication result from the authentication server enabling the user to access the third party service.”; and [0018]: “If the authentication is successful, the authentication server may send an authorization instruction to the application client.”), the embedded interaction ID comprising a session ID, a customer ID or the UE identification, and a time indicator (see Wang, Abstract: “The identity information and the identifier may be encoded into a code displayed on the application client. A mobile terminal may obtain and decode the code to obtain the encapsulated identity information and the identifier.”; [0014]: “The code generating module may encode, or encapsulate the identity information and the identifier into a code.”; [0048]: “the application client may detect (S1105) whether a preset period of time is passed before the authorization instruction is received. If the authorization instruction is not received in the preset period of time, the application client may resend a registration request for the third party service to the authentication server. In this way, the code, generated as described earlier, may be updated regularly and thus, enhance the security.”; [0053]: “… the server may assign a unique ID, such as a character string, to the application client. The ID information may be associated with the third party telecommunication access service.”; [0059]: “The application client may then encode the ID information and the identity information into a code.”; [0067]: “determining whether an authorization instruction sent from the authentication server in response to a successful authentication is received at the application client in a preset period of time.”; and [0093]: “The encrypting unit 131 may encrypt the identity information and the ID information using a preset encrypting algorithm to generate a cipher text. The encrypting unit 131 may further encode the cipher text into a code.”); transmitting, by the verification website, the interaction ID or the scannable code to the UE (see Wang, Abstract: “The identity information and the identifier may be encoded into a code displayed on the application client.”; [0014]: “The code may be displayed on the user interface of the application client such that a mobile terminal may obtain the code by scanning the code.”; and [0067]: “Step 204 may involve determining whether an authorization instruction sent from the authentication server in response to a successful authentication is received at the application client in a preset period of time.”); displaying, by the UE, the scannable code (see Wang, Abstract: “The identity information and the identifier may be encoded into a code displayed on the application client.”; [0005]: “The login and/or registration process of a third party service may be achieved for a mobile terminal by scanning a code displayed on a client.”; [0009]: “The method may further include displaying the code on the user interface of the application client.”; [0014]: “The code may be displayed on the user interface of the application client such that a mobile terminal may obtain the code by scanning the code.”; and [0101]: “The application client 1 may encode the ID information and the identity information into a code which may be displayed on the user interface of the application client 1”); scanning, by a terminal in a retail facility, the scannable code displayed by the UE (see Wang, [0005]: “The login and/or registration process of a third party service may be achieved for a mobile terminal by scanning a code displayed on a client.”; [0014]: “The code may be displayed on the user interface of the application client such that a mobile terminal may obtain the code by scanning the code.”; [0059]: “By scanning the code using the mobile terminal, the user may login via the third party login interface to use the third party service. The tedious process of registering and inputting the user account and the password via the application client may be omitted”; [0071]: “The application client may also encode the ID information and the identity information into a code that the mobile terminal may scan or capture”; and [0101]: “The mobile terminal 2 may capture the code using a camera or any other scanning device.”); extracting, by the terminal, from the interaction ID, the session ID, the customer ID or the UE ID, and the time indicator (see Wang, Abstract: “A mobile terminal may obtain and decode the code to obtain the encapsulated identity information and the identifier”; and [0014]: “The mobile terminal may decode the code to obtain the identity information and the identifier.”); and based on at least determining that the session ID is not expired, using the time indicator: displaying, by the terminal, a verification success message; or performing a user account change on a user account associated with the UE (see Wang, [0047]: “The authorization instruction may authorize the user to access the third party service via the application client.”; and [0101]: “If the authentication is successful, the authentication server 3 may send out an authorization instruction for authorizing the login via the third party login interface to the application client 1. A message which indicates that the login is successful is displayed on the application client 1 corresponding to the identity information.”). Although Wang teaches the IP address is assigned to the UE (see rejection above), Wang does not explicitly teach the IP address is assigned to an integrated circuit card ID (ICCID) or subscriber identity module (SIM); and a SIM address list. Xi teaches IP address is assigned to an integrated circuit card ID (ICCID) or subscriber identity module (SIM) (see Xi, [0030]: “In a 3GPP LTE/SAE system, there are generally two manners for allocating a user static IP address. One is to allocate the user static IP address to a user fixedly when the user subscribes to a Home Public Land Mobile Network (HPLMN) operator. The other is to allocate a dedicated user static IP address, i.e., a PDN address in a subscription data entry, to the user by a PDN operator from its PDN address pool. Such PDN is usually a dedicated network. The user static IP addresses allocated by the above two manners are both stored in the Home Subscriber Server (HSS) and the User Equipment (UE), e.g. a Subscriber Identity Module/Universal Subscriber Identity Module (SIM/USIM) card of the UE. These kinds of IP addresses are also referred to as user subscribed IP addresses.”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Wang in view of Xi so that IP address is assigned to an integrated circuit card ID (ICCID) or subscriber identity module. One would be motivated to do so because Wang teaches in paragraph [0055], “The application client, in this case, may obtain the identity information of the application client itself, such as an IP address or a network card address, or any other unique identifier that may be associated with the application client.”. Choi teaches a SIM address list (see Choi, Page 4, TABLE 1; and [0062]: “While displaying the user data list, the control unit 201 registers the user data items selected by the user with the execution password, i.e. the SIM ID or phone number extracted from the attached SIM card in step S311. Table 1 is an exemplary SIM-data mapping table which lists the user data items by SIM card.”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Wang in view of Choi by implementing a SIM address list. One would be motivated to do so because the type of identifier applied is subjective, well-known, routine, and conventional, and because replacing one type of identifier versus another does not functionally distinguish the invention in terms of patentability nor afford any inventive difference over the functions of what is claimed. As per claim 8, Wang, Xi, and Choi teach a system comprising: a processor (see Wang, [0039]: “The application client may be a user terminal with computing capabilities such as a personal computer, a work station computer, a server computer, a tablet, a smart phone, a mobile phone, or any other computing device. In some embodiments, the application client may be software, hardware, firmware or any combination thereof which may execute instructions to implement any of the method steps according to the disclosure.”); and a computer-readable medium storing instructions that are operative upon execution by the processor (see Wang, [0102]: “It can be understood by those skilled in the art that all or some of the processes for implementing the above methods can be implemented by hardware instructed by a computer program which can be stored in a computer readable storage medium. When executed, the program may implement the processes of the methods. The storage medium may be magnetic disk, optical disk, Read-Only Memory (ROM), Random Access Memory (RAM) and the like.”) to: transmit, by a user equipment (UE), a message to a verification website maintained by a cellular service provider, the message including an identifier (ID) comprising an IP address assigned to an integrated circuit card ID (ICCID) or subscriber identity module (SIM) of the UE by the cellular service provider (see Claim 1 rejection above); verify, by the verification website, that the IP address carried by the message matches a stored IP address in a SIM address list (see Claim 1 rejection above); embed an interaction ID into a scannable code in response to verifying that the IP address carried by the message matches the stored IP address in the SIM address list, the embedded interaction ID comprising a session ID, a customer ID or the UE ID, and a time indicator (see Claim 1 rejection above); transmit, by the verification website, the interaction ID or the scannable code to the UE (see Claim 1 rejection above); display, by the UE, the scannable code (see Claim 1 rejection above); scan, by a terminal in a retail facility, the scannable code displayed by the UE (see Claim 1 rejection above); extract, by the terminal, from the interaction ID, the session ID, the customer ID or the UE ID, and the time indicator (see Claim 1 rejection above); and based on at least determining that the session ID is not expired, using the time indicator: display, by the terminal, a verification success message; or perform a user account change on a user account associated with the UE (see Claim 1 rejection above). As per claim 15, Wang, Xi, and Choi teach one or more computer storage devices having computer-executable instructions stored thereon, which, upon execution by a computer, cause the computer to perform operations (see Wang, [0102]: “It can be understood by those skilled in the art that all or some of the processes for implementing the above methods can be implemented by hardware instructed by a computer program which can be stored in a computer readable storage medium. When executed, the program may implement the processes of the methods. The storage medium may be magnetic disk, optical disk, Read-Only Memory (ROM), Random Access Memory (RAM) and the like.”) comprising: transmitting, by a user equipment (UE), a message to a verification website maintained by a cellular service provider, the message including an identifier (ID) comprising an IP address assigned to an integrated circuit card ID (ICCID) or subscriber identity module (SIM) of the UE by the cellular service provider (see Claim 1 rejection above); verifying, by the verification website, that the IP address carried by the message matches a stored IP address in a SIM address list (see Claim 1 rejection above); embedding an interaction ID into a scannable code in response to verifying that the IP address carried by the message matches the stored IP address in the SIM address list, the embedded interaction ID comprising a session ID, a customer ID or UE ID, and a time indicator (see Claim 1 rejection above); transmitting, by the verification website, the interaction ID or the scannable code to the UE (see Claim 1 rejection above); displaying, by the UE, the scannable code (see Claim 1 rejection above); scanning, by a terminal in a retail facility, the scannable code displayed by the UE (see Claim 1 rejection above); extracting, by the terminal, from the interaction ID, the session ID, the customer ID or the UE ID, and the time indicator (see Claim 1 rejection above); and based on at least determining that the session ID is not expired, using the time indicator: displaying, by the terminal, a verification success message; or performing a user account change on a user account associated with the UE (see Claim 1 rejection above). INDEPENDENT: As per claims 2, 9, and 16, which respectively depend on claims 1, 8, and 15, Wang and Choi further teach wherein a stored ID in the SIM address list comprises the stored IP address in the SIM address list or a stored SIM ID in the SIM address list (see Claim 1 rejection above), and wherein the method further comprises: generating the SIM address list associating, for each SIM of a plurality of SIMs, the stored IP address with a stored UE ID, wherein the UE ID comprises a phone number of the UE (see Wang, [0003]: “During the registration, the user may be prompted to enter, or input, a user account and a password along with personal information, such as name, telephone number, e-mail and postal address.”; [0018]: “The application client may obtains the identity information of the application client including the IP address or the network card address.”; and [0055]: “The application client, in this case, may obtain the identity information of the application client itself, such as an IP address or a network card address, or any other unique identifier that may be associated with the application client.”). As per claims 3, 10, and 17, which respectively depend on claims 1, 8, and 15, Wang further teaches wherein the verification website embeds the interaction ID into the scannable code and the verification website transmits the scannable code to the UE; or wherein the verification website transmits the interaction ID to the UE and the UE embeds the interaction ID into the scannable code (see Wang, Abstract: “The identity information and the identifier may be encoded into a code displayed on the application client. A mobile terminal may obtain and decode the code to obtain the encapsulated identity information and the identifier.”; [0014]: “The code generating module may encode, or encapsulate the identity information and the identifier into a code.”; [0048]: “the application client may detect (S1105) whether a preset period of time is passed before the authorization instruction is received. If the authorization instruction is not received in the preset period of time, the application client may resend a registration request for the third party service to the authentication server. In this way, the code, generated as described earlier, may be updated regularly and thus, enhance the security.”; [0053]: “… the server may assign a unique ID, such as a character string, to the application client. The ID information may be associated with the third party telecommunication access service.”; [0059]: “The application client may then encode the ID information and the identity information into a code.”; and [0067]: “determining whether an authorization instruction sent from the authentication server in response to a successful authentication is received at the application client in a preset period of time.”). As per claims 4, 11, and 18, which respectively depend on claims 1, 8, and 15, Wang teaches further comprising: using the time indicator, determining whether the session ID is expired; and based on at least determining that the session ID is expired, displaying, by the terminal, a verification failure message (see Wang, [0080]: “In another embodiment as shown in FIG. 10, the application client 700 may further include a timeout detecting module 1011.”; and Claim 1 rejection above). As per claims 6, 13, and 20, which respectively depend on claims 1, 8, and 15, Wang and Choi teach further comprising: receiving user authentication by the UE (see Wang, [0066]: “The mobile terminal may send the ID information, the identity information and the account information together to the authentication server.”); and transmitting, by the UE, to the verification website, the user authentication, wherein determining whether the ID associated with the UE matches the stored identifier in the SIM address list is based on at least the verification website receiving user authentication from the UE (see Wang, Abstract: “The method may include detecting a login or registration operation, to a server, via a login interface on a user interface of an application client.”; [0005]: “The login and/or registration process of a third party service may be achieved for a mobile terminal by scanning a code displayed on a client.”; [0007]: “An application client may detect a login or registration operation being performed via a login interface on a user interface of the application client. The application client may perform such detection by monitoring user-input events”; [0009]: “The method may further include displaying the code on the user interface of the application client.”; and [0014]: “The code may be displayed on the user interface of the application client such that a mobile terminal may obtain the code by scanning the code.”). As per claims 7 and 14, which respectively depend on claims 1 and 8, Wang and Choi teach further comprising: determining the customer ID using the UE ID and a subscriber list, wherein the customer ID comprises an identification of an account holder associated with the UE (see Wang, [0008]: “The identifier may be assigned to the application client by an authentication server and the identifier may be associated with a third party service.”; [0053]: “Upon successful registration, the server may assign a unique ID, such as a character string, to the application client.”; [0066]: “The mobile terminal may be registered on the authentication server, such as the server, and thereby, may have account information assigned by the authentication server… The authentication server may authenticate, using information from a database, whether the ID information of the application client and the account information of the mobile terminal are correct.”; and Claim 1 rejection above). 8. Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2014/0289508 A1), Xi et al. (US 2010/0202351 A1), and Choi (US 2008/0113651 A1) and still further in view of Pascariello et al. (US 2014/0173282 A1). As per claims 5, 12, and 19, which respectively depend on claims 1, 8, and 15, although Wang teaches further comprising: encrypting the interaction ID, wherein embedding the interaction ID into the scannable code comprises embedding the encrypted interaction ID into the scannable code; and decrypting the interaction ID using (see Wang, [0094]: “The application client and the mobile terminal may have agreed on the encryption algorithm for facilitating the subsequent decryption operation by the mobile terminal The application client may encode the encrypted cipher text into a code as described earlier.”), Wang, Xi, and Choi does not explicitly teach transmitting a decryption key to the terminal; encrypting using an encryption key; and wherein the encryption key and the decryption key are a common symmetric encryption key or are each part of a common key pair. Pascariello teaches transmitting a decryption key to the terminal; encrypting using an encryption key; and wherein the encryption key and the decryption key are a common symmetric encryption key or are each part of a common key pair (see Pascariello, Abstract: “An access method includes providing a secure element which stores at least a user key for decrypting one of the encrypted partitions; establishing a temporary secure channel between the secure element and the electronic apparatus; and authenticating in the electronic apparatus a user which is associated to one of the encrypted partitions. The method also includes transmitting an identification of the user authenticated and transmitting the user key from the secure element to the electronic apparatus over the temporary secure channel. The electronic apparatus is programmed to decrypt the encrypted partition and the encrypted partition of the authenticated user is not accessible to the authenticated user or to any other authenticated users in the electronic apparatus, if the user key of the authenticated user is not transmitted to the electronic apparatus.”; and [0059]: “The key 170 may comprise one key used for encryption and decryption of the partition or may comprise a pair of keys, e.g. private key and public key, where different key is used for each of decryption and encryption.”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Wang, Xi, and Choi in view of Pascariello by implementing transmitting a decryption key to the terminal; encrypting using an encryption key; and wherein the encryption key and the decryption key are a common symmetric encryption key or are each part of a common key pair. One would be motivated to do so because Wang explicitly teaches encrypting and decrypting, [0094], “… agreed on the encryption algorithm for facilitating the subsequent decryption operation by the mobile terminal The application client may encode the encrypted cipher text into a code as described earlier.”. Conclusion 9. For the reasons above, claims 1-20 have been rejected and remain pending. 10. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 11. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y WON whose telephone number is (571)272-3993. The examiner can normally be reached on Wk.1: M-F: 8-5 PST & Wk.2: M-Th: 8-7 PST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Michael Won/Primary Examiner, Art Unit 2443