Obviousness — US Patent 12207094

Obviousness Analysis under 35 U.S.C. § 103 for US12207094

This analysis considers the obviousness of US patent 12207094 under 35 U.S.C. § 103, based on the prior art explicitly mentioned or incorporated by reference within the patent text itself and publicly available by the patent's priority date of December 6, 2013.

1. Legal Standard

Under 35 U.S.C. § 103, a patent claim is considered obvious "if the differences between the claimed invention and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains." The Supreme Court in KSR International Co. v. Teleflex Inc. emphasized that obviousness can arise from various rationales, including: (1) combining prior art elements according to known methods to yield predictable results; (2) applying a known technique to a new device or application, where the technique is known to improve similar devices in similar ways; (3) substituting an obvious equivalent for one element of the prior art; and (4) if there was a known problem, and the prior art contained a known solution that was obvious to apply to that problem.

2. Person Having Ordinary Skill in the Art (POSA)

A person having ordinary skill in the art relevant to US12207094 would possess expertise in telecommunications, mobile network architectures (especially 3GPP and ETSI standards), embedded systems, cryptography, and network security, particularly concerning SIM/UICC and eUICC technologies and machine-to-machine (M2M) communications.

3. Summary of Independent Claims

The independent claims of US12207094 (Claims 1, 10, 14, and 15) describe a two-factor authentication process for a module with an eUICC. This involves:

An initial reception and partial decryption of an encrypted eUICC profile by the module, yielding a "first network module identity" and a "first key K" for initial authentication with a wireless network.
A subsequent "second factor authentication" performed by the Mobile Network Operator (MNO) with a user or M2M service provider associated with the module.
Upon successful second-factor authentication, the MNO sends a "symmetric key" to the module, which the eUICC uses to decrypt a second part of the profile, revealing a "second network module identity" and a "second key K".
The module then re-authenticates with the wireless network using these more securely provisioned second credentials.
An alternative embodiment (Claim 1, part d, and implied in Claim 14, part e) involves deriving the "second key K" using a key derivation algorithm rather than direct transmission.

4. Identified Prior Art References

The patent itself identifies or incorporates by reference several pieces of prior art and describes the existing challenges:

ETSI TS 103 383 v12.1, "Smart Cards; Embedded UICC; Requirements Specification": This document, published in August 2013, specifies requirements for eUICCs and their subscription management. The patent explicitly references it for exemplary eUICC subscription managers and eUICC requirements. It would teach the concept of an eUICC, eUICC profiles, eUICC subscription managers, and the electronic transfer and recording of profiles on a module.
U.S. patent application Ser. No. 14/084,141, filed November 19, 2013, in the name of John Nix: This earlier patent application by the same inventor is incorporated by reference in its entirety. It describes foundational aspects of the module/MNO system, including the server 105 functionality and likely the general eUICC architecture, profile loading, and initial authentication procedures.
3GPP TS 33.401 V12.9.0, "LTE; Security Architecture": This standard, published in December 2013, details standard authentication procedures (e.g., RAND/RES calculation with key K) for LTE networks, which the eUICC is intended to support for backward compatibility.
ETSI TR 102 216 and ETSI TS 102 221 V11.0.0: These documents describe physical UICCs, which the eUICC is designed to emulate, including the use of a pre-shared secret key K. ETSI TS 102 221 V11.0.0 was published in October 2013.
General knowledge of two-factor authentication (2FA): By 2013, 2FA was a widely known and applied security principle for verifying user identity for access to sensitive systems or operations.
General knowledge of cryptographic techniques: This includes layered encryption, symmetric key distribution, public key infrastructure (PKI), and key derivation functions (KDFs) for establishing shared secrets without direct transmission.

5. Problem Solved and Motivation to Combine

The patent explicitly identifies several problems with the existing eUICC and key management paradigm:

"Many open and remaining challenges for a eUICC pertain to securely and electronically transferring a new set of MNO network access credentials (such as an IMSI and network key K) to a module in a secure and efficient manner."
The security of an electronically transferred "key K" is dependent on the channel used for its transfer, which "may be outside the control of the MNO." This leads to a "need exists in the art for the MNO to securely and efficiently control the use of an electronically transferred key K within a profile for an eUICC, even though copying and distributing the profile may be outside the control of the MNO."
There is a desire for "key K to periodically rotate or change for an individual module or mobile phone in order to increase security," which is difficult with physical UICCs and poses risks with long-lived electronically transferred keys.

These problems clearly motivate a POSA to find solutions that enhance the MNO's control and the overall security of key provisioning and management for eUICCs.

6. Obviousness Argument

A person having ordinary skill in the art, in light of the identified prior art and the recognized problems, would find the claimed invention obvious for the following reasons:

Combination of ETSI TS 103 383 v12.1 / Nix's '141 Application with General Knowledge of 2FA and Cryptography:

Core eUICC Architecture and Initial Authentication (from ETSI TS 103 383 v12.1 and/or Nix '141 Application): These references would teach the fundamental aspects of a module containing an eUICC, an eUICC subscription manager, the process of an MNO providing an eUICC profile (possibly encrypted) to the subscription manager, and the module receiving and partially decrypting this profile (e.g., using an eUICC profile key) to obtain initial network access credentials (like a "first network module identity" and a "first key K"). It would also teach the module performing a first authentication with the MNO using these credentials, in a manner compatible with existing wireless network standards (e.g., 3GPP TS 33.401).
Motivation to Enhance Security and MNO Control (from the patent's own problem statement): The patent itself articulates the critical need for MNOs to maintain secure control over the "key K" despite initial profile distribution potentially being outside their direct control, and the desire for enhanced security through key rotation. The vulnerability of the key transfer channel is a prominent concern.
Application of Two-Factor Authentication (2FA) for Identity Verification (General Knowledge): 2FA was a well-known security principle by 2013, commonly employed to verify user identity for sensitive operations or access to critical resources. Given the MNO's desire for secure control and verification of the entity associated with a module (user or M2M service provider), it would be an obvious design choice for a POSA to incorporate a 2FA step. The purpose of this 2FA would be to confirm the authorized identity after the initial eUICC profile provisioning but before releasing the most sensitive network credentials.
Layered Key Provisioning (Routine Engineering): To implement the 2FA for controlling access to a more secure key, a POSA would routinely consider methods of layered cryptography. Storing a "second key K" in an encrypted part of the eUICC profile, only accessible after a successful MNO-controlled 2FA, is a straightforward engineering solution.
- Conditional Symmetric Key Release: The idea of the MNO sending a "symmetric key" to the module after successful 2FA to unlock the second part of the profile is a logical application of conditional access principles. This directly addresses the MNO's need for control over the release of the most secure credentials, making access dependent on verifiable user/service provider identity.
- Key Derivation as an Alternative: For further security, especially concerning the transmission channel, a POSA would also consider known cryptographic key derivation functions (KDFs) or key exchange protocols (e.g., Diffie-Hellman, well-known by 2013). This would allow the MNO and the module to mutually derive the "second key K" without direct transmission, thus mitigating risks associated with key transfer channels and addressing the identified problem of relying on potentially insecure channels. The patent mentions PKI algorithms and key exchange algorithms in FIGS. 2d, 2e, 5a, 5b, indicating these were known techniques.

Therefore, the combination of existing eUICC technologies (as taught by ETSI TS 103 383 v12.1 and Nix's '141 application), the recognized security challenges in eUICC key management (as outlined in the patent itself), and the well-established practices of two-factor authentication and standard cryptographic key management (including conditional key release and key derivation), would have rendered the methods and systems of US12207094 obvious to a person having ordinary skill in the art by the priority date. The specific mechanisms employed for the two-stage key provisioning (symmetric key unlock or key derivation) represent routine application of known cryptographic principles to solve an identified problem within the eUICC context.

The subsequent steps of disconnecting and re-authenticating with the "second key K" are also a predictable result of updating network access credentials, necessary to activate the newly provisioned and secured key.