Obviousness — US Patent 12166869

Obviousness Analysis under 35 U.S.C. § 103

To assess the obviousness of US patent 12166869, we must consider the scope and content of the prior art, the differences between the claimed subject matter and the prior art, the level of ordinary skill in the art, and secondary considerations of non-obviousness. A claimed invention is obvious if the differences between it and the prior art would have been obvious to a person having ordinary skill in the art (PHOSITA) at the time of filing. The analysis must not use hindsight and requires articulated reasoning supported by evidence for any combination of prior art.

A prima facie case of obviousness requires an examiner to identify each claim limitation in the prior art, across one or more references, and provide a rationale for combining those references.

The priority date for US12166869B2 is November 19, 2013. Therefore, prior art references published or made publicly available before this date are relevant for an obviousness analysis.

Prior Art References provided in the patent (from Google Patents "Prior art keywords" and "Priority date" section):

US14/084,141 (Priority claimed from) - This appears to be a previous application, not necessarily a prior art publication. For obviousness, the publication date of this application, if it exists, would be relevant.
"Prior art keywords" listed on Google Patents: module, key, server, network, euicc. These are general terms and not specific patent or publication references.
ETSI TR 102 216: "Smart Cards; Vocabulary for Secure Element Technologies specifications". The patent explicitly references "ETSI standards for a physical UICC as of 2013 include ETSI TR 102 216." This document, specifically versions available before November 19, 2013, would be relevant. ETSI TR 102 216 V3.0.0 was published in September 2003 and V5.0.0 in November 2019, V5.1.0 in May 2024. Therefore, the 2003 version is prior art.
ETSI TS 103 383 v12.1: "Smart Cards; Embedded UICC; Requirements Specification." The patent states that an eUICC subscription manager is described in ETSI TS 103 383 v12.1. This document, specifically versions available before November 19, 2013, would be relevant. ETSI TS 103 383 V12.1.0 (2013-06) is available from June 2013, and V12.5.0 (2014-08), and V12.8.0 (2015-10). The V12.1.0 and V12.5.0 versions are prior art.

Level of Ordinary Skill in the Art:
A person having ordinary skill in the art (PHOSITA) in this field would likely possess a bachelor's degree in electrical engineering, computer science, or a related field, along with several years of experience in telecommunications, mobile networks, embedded systems, and cryptography. This individual would be familiar with UICC/eUICC technologies, M2M communications, network security protocols (including PKI), and key management techniques. They would also understand common cryptographic algorithms and key derivation functions.

General Considerations for Obviousness:
The patent's abstract highlights "securely and efficiently derive keys for communication with a server and a wireless network, particularly when using an embedded universal integrated circuit card (eUICC)." Key elements include:

Module using an eUICC.
Deriving keys (shared secret keys and PKI key pairs).
Secure and efficient communication with a server and wireless network.
Cryptographic algorithms (asymmetric, symmetric, secure hash, digital signature, key pair generation, key derivation function, random number generator).
Storing private keys in nonvolatile memory.
Replacing physical UICCs with eUICC profiles for M2M applications.

Combinations of Prior Art References and Rationale for Obviousness

Given the information, here are potential combinations of prior art references that could render certain aspects of US12166869B2 obvious, along with the motivation for a PHOSITA to combine them:

Combination 1: ETSI TR 102 216 (V3.0.0) + ETSI TS 103 383 (V12.1.0)

ETSI TR 102 216 (V3.0.0) (2003-09): This document defines vocabulary for Smart Card Platform specifications, including UICCs. It establishes the foundational understanding of UICCs as physical media containing subscriber identity information and keys for network access. The patent explicitly states that "a core element of traditional wireless WAN technologies such as 3GPP and ETSI standards over the past 20 years has included the use of a subscriber identity module (SIM) card within 2G networks and a related universal integrated circuit card (UICC) for 3G and 4G networks, including LTE networks." and "ETSI standards for a physical UICC as of 2013 include ETSI TR 102 216."
ETSI TS 103 383 (V12.1.0) (2013-06): This specification defines the use cases and requirements for an embedded UICC (eUICC). It addresses challenges with traditional physical UICCs in M2M applications, particularly the need for securely and remotely provisioning access credentials and managing subscription changes for devices where the UICC is not easily accessible or replaceable. It also notes that Network Access Credentials (NAC) may include data such as Ki/K and IMSI stored within a Network Access Application (NAA) on an eUICC.
Rationale for Combination: A PHOSITA, aware of the existing UICC technology (from ETSI TR 102 216) and the emerging needs for eUICCs in M2M applications (from ETSI TS 103 383), would be motivated to combine these teachings. The motivation would stem from the recognized problems of managing physical UICCs in M2M deployments (e.g., remote locations, hermetically sealed modules, international roaming costs). ETSI TS 103 383 clearly outlines the need for "new methods for securely and remotely provisioning access credentials on these Embedded UICCs (eUICC) and managing subscription changes from one MNO to another". A PHOSITA would inherently understand that these "new methods" would necessarily involve cryptographic techniques, including key derivation and management, to ensure security, as this is fundamental to establishing and maintaining secure communication in mobile networks. The concept of using an eUICC to store network access credentials like key K and IMSI, and the requirement for secure provisioning, directly suggests the need for secure key derivation processes.

Specifically, the patent's first exemplary embodiment describes a module using a network module identity to securely change a key K without a new physical UICC or eUICC profile, by deriving a secret shared network key K using a key derivation function with a derived module private key and a key K network token. The server then also derives the same key K. The second embodiment describes a module changing key K using the same eUICC profile. The inherent problem addressed by ETSI TS 103 383 (securely changing subscriptions/credentials on an eUICC) would directly lead a PHOSITA to consider mechanisms for deriving and updating keys, especially a key K, without physical intervention. The general knowledge of cryptography in telecommunications, which would be known to a PHOSITA, would include key derivation functions and public-key infrastructure for secure key exchange and authentication.

Limitations potentially rendered obvious:

A module utilizing an eUICC for network access.
The concept of remotely updating network access credentials, including key K, for an eUICC.
The use of cryptographic mechanisms to secure the transfer and management of these credentials.

Missing elements and potential arguments for non-obviousness (to be further investigated with actual claims):
The prior art, while identifying the problem and the need for secure eUICC management, may not explicitly detail the specific mechanisms for key derivation as claimed in US12166869B2, such as:

The specific process of a module deriving its own module private and public keys.
The specific use of a "key K module token" and a "key K network token" in a key derivation function.
The mutual derivation of a new secret shared network key K by both the module and the network server, followed by subsequent authentication using this new key.

The motivation to combine existing cryptographic techniques with eUICC management, as driven by the needs outlined in ETSI TS 103 383, would need to be strong enough to lead a PHOSITA to these specific key derivation and management processes. An argument for non-obviousness could center on the specific combination of these cryptographic elements and their interaction to achieve a novel and non-obvious method for key derivation and secure communication that goes beyond a mere "known option with a finite number of identified predictable solutions".

Further analysis would require examining the specific language of the independent claims of US12166869B2 against the detailed disclosures of the cited prior art references.