DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 12/09/2025. Claims 1, 9, and 16 are amended. Claims 3, 5, 11, 13, 18 and 20 are cancelled. Claims 1-2, 4, 6-10, 12, 14-17, and 19 are pending in this examination.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This examination is in response to US Patent Application No. 18/085,695.
Examiner Note
Applicant’s cancelling claims 11, and 18 obviates previously raised claims 11, and 18, 35 U.S.C .112(a), first paragraph rejection.
Response to Argument
Applicant’s arguments with respect to claims 1, 9, and 16 for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 4, 6-10, 12, 14-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Brumback (US2013/0275747), and in view of Stoehr (US20140231518)., and further in view of Endler (US 2020/0137105 A1).
Regarding claim 1, Brumback discloses a computer-implemented method for providing improved account management services, comprising
[claim 4, storing the encrypted disk password on a client management database that is in communication with the enterprise encryption service], and [¶18, the disk password is also stored in enterprise encryption database 120 and associated in a data record with both the client computer and it's end user assigned by the enterprise]; and
transmitting, from a first remote computing device, an encryption key and an account list to a base management node of a customer [ FIG.1, FIG. 1 depicts an enterprise computer system 100 in accordance with an embodiment of the invention. System 100 includes server 110(equated to second remote computing system) that is in communication with enterprise encryption database 120 and client management system 125(equated to base management node), client computer 140 (equated to first remote computing device)], and [¶33, The client computer generates a public/private key, step 310. The public key, along with identifying information is transmitted to the enterprise encryption service, as was described above with regard to FIG. 2, step 225. At step 315, enterprise encryption service 115 encrypts a disk password using the public key generated at the client computer. The disk password can be a random, alphanumeric password], and [¶35, FIG. 4 depicts process 400 in accordance with an embodiment of the invention. Process 400 is a further portion of process 200 described above. Enterprise encryption service 115 receives, step 405, a file from the client computer containing identifying information about the client computer. By comparing data record(s) within a data store portion of client management system 125, enterprise encryption service 115 can verify, step 410, that the client computer is an asset that is part of the enterprise computer system]; and
receiving, from the base management node at the first remote computing device, an encrypted updated account list that is encrypted by a second remote computing device using the encryption key and the account list, the second remote computing device being different from the first remote computing device and the base management node [ FIG.1, FIG. 1 depicts an enterprise computer system 100 in accordance with an embodiment of the invention. System 100 includes server 110( equated to second remote computing system) that is in communication with enterprise encryption database 120 and client management system 125( equated to base management node), client computer 140 ( equated to first remote computing device)], and [Abstract, A method for deploying a disk encryption password to a client computer includes installing a disk encryption agent on a client computer, where the agent communicates with an enterprise encryption service that encrypts a disk password using a public key generated at the client computer. The encrypted disk password is transmitted to the client computer where it is set as the current disk password. A system to deploy a disk encryption password includes one or more client computers and at least one server having a control processor configured to support operation of an enterprise encryption service. The encryption service is configured to install a disk encryption agent on a client computer and generate an encrypted disk password using a public key generated by the client computer. An enterprise encryption database in communication with the enterprise encryption service stores the disk password], and [¶28, This disk password is encrypted and stored, step 235, in the enterprise encryption database record(s) associated with the asset. Also, the disk password is then separately encrypted with a public key generated (step 220) by the client computer (and sent to the enterprise encryption service at step 225), and returned to the client computer, step 240]; and
decrypting, by a secure off- loader stored on the first remote computing device, the encrypted updated account list [¶29, The client computer (equated to first remote computing device with resident encryption module) and disk encryption agent) receives the encrypted disk password and uses the local private key to decrypt it at step 250]; and
analyzing, by the secure off-loader, the account list in a storage location of the first remote computing device to determine stored entries associated with the account list that have an analogous entry in the decrypted updated account list [¶34, The encrypted disk password is transmitted, step 320, to the client computer (equated to first remote computing device) and to enterprise encryption database 120. The client computer decrypts, step 325, the encrypted disk password using the private key. Using the decrypted disk password, resident encryption module 146 sets, step 330, the decrypted disk password as the current disk password on the client computer. At the enterprise encryption database, the encrypted disk password is stored, step 335, in a record associated with the client computer]; and
replacing, by the secure off-loader, each stored entry in the account list with the analogous entry in the decrypted updated account list [¶34, The encrypted disk password is transmitted, step 320, to the client computer (equated to first remote computing device) and to enterprise encryption database 120. The client computer decrypts, step 325, the encrypted disk password using the private key. Using the decrypted disk password, resident encryption module 146 sets, step 330, the decrypted disk password as the current disk password on the client computer. At the enterprise encryption database, the encrypted disk password is stored, step 335, in a record associated with the client computer].
parsing, by the secure off-loader, each entry of the decrypted updated account list; comparing, by the secure off-loader, each parsed entry of the decrypted updated account list with the stored entries associated with the account list; and based on the comparing, determining, by one or more processors of the first remote computing device, the stored entries associated with the account list that have the analogous entry in the decrypted updated account list;
While Brumback discloses [¶29, The client computer (equated to first remote computing device with resident encryption module) and disk encryption agent) receives the encrypted disk password and uses the local private key to decrypt it at step 250], and
[¶69, In several embodiments, upon enrollment, a user has the option of choosing to participate in an automatic account reload program. In those embodiments wherein the user opts-in, the user may choose from pre-determined balance thresholds at which the account will be reloaded (for example, a minimum active balance) and also may define the amount added to the parking account (for example, a specific dollar amount or an amount sufficient to have the balance reach a certain predetermined value) from another source of user money (for example, the user's checking account)].
Brumback does not explicitly disclose, however, Endler discloses :
parsing, by the secure off-loader, each entry of the decrypted updated account list”. [¶58, see FIG. 3, , show that data (i.e., account information) is parsed and separated into different fields] ; and
“Comparing, by the secure off-loader, each parsed entry of the decrypted updated account list with the stored entries associated with the account list” [Claim 10 describes how credentials (i.e., account information) are compared between compromised credentials (i.e., stored entries) and the active credentials (i.e., updated account credentials]; and
“And based on the comparing, determining the stored entries associated with the account list that have the analogous entry in the decrypted updated account list” [ The Abstract describes a determination is made whether one or more passwords (i.e., corresponding to account information) matches a password associated with user identification (i.e., stored entries)].
Therefore, based on Hibbert in view of Endler, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Endler to the system of Brumback in order to protect user credentials and bolster security of accounts, thus making account management easier and more effective (Endler, para. 0004).
Brumback ., and Endler do not explicitly disclose, however, Stoehr discloses:
determining, by the first remote computing device, a number of encrypted updated account lists received at the first remote computing device during a first period [¶93… In various embodiments, the routine in block 418 sends an updated list of active accounts immediately following each change in account status, periodically for all account status changes within a given time period]; and
comparing, by the first remote computing device, the number of encrypted updated account lists received during the first period to an updated account list receipt threshold [¶69, In several embodiments, upon enrollment, a user has the option of choosing to participate in an automatic account reload program. In those embodiments wherein the user opts-in, the user may choose from pre-determined balance thresholds at which the account will be reloaded (for example, a minimum active balance) and also may define the amount added to the parking account (for example, a specific dollar amount or an amount sufficient to have the balance reach a certain predetermined value) from another source of user money (for example, the user's checking account).
responsive to determining that the number of encrypted updated account lists received during the first period exceeds the updated account list receipt threshold, generating, by the first remote computing device, an alert for transmission to the customer
[¶91, In block 412, the routine updates the user's account balance to reflect funds received or transactions processed. Block 414 tests whether, as a result, the user's account balance has fallen below a low balance threshold. Examples of a low balance threshold include a threshold set by the account server operator, a threshold set by the parking service provider, a threshold determined by an automated process, a threshold set by the user, and zero. In some embodiments, the system optionally warns the user when the account balance falls below a warning threshold, which, depending on the embodiment, may be related to the low balance threshold and/or may be user-specified]; and
and blocking, by the first remote computing device, any subsequent data transmission between the first remote computing device and the base management node of the customer [¶¶91-93, In some embodiments, the system optionally warns the user when the account balance falls below a warning threshold, which, depending on the embodiment, may be related to the low balance threshold and/or may be user-specified.], and [¶93, If the account balance has fallen below the low balance threshold… in embodiments with an automatic top-up option, the routine branches to block 420 and determines whether the user has enabled automatic top-up. In embodiments without an automatic top-up option, the routine branches to block 422… If the top-up is not successful, the routine branches to block 422. In some embodiments, the user specifies whether to receive notice of a successful top-up attempt and/or whether to receive notice of a failed top-up attempt. In block 422, after a failed top-up attempt or if the top-up feature is not available or not enabled, the routine sets the account status to "low balance" and optionally notifies the user, then in block 418 sends an updated list of active accounts to the parking facility and returns to the idle state in block 402].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Brumback, and Endler by incorporating “automatic account reload program”, as taught by Stoehr. One could have been motivated to do so in order to, wherein the user opts-in, the user may choose from pre-determined balance thresholds at which the account will be reloaded, and if the top-up feature is not available or not enabled, the routine sets the account status to "low balance" and optionally notifies the user [ Stoehr, ¶¶69, 93].
Regarding claims 2, 10, and 17, Brumback discloses , wherein the account list includes an account credential corresponding to a user, and the account credential includes at least one of: (i) an account password, (ii) an account group membership, or (iii) an account activity status [claim 4, storing the encrypted disk password on a client management database that is in communication with the enterprise encryption service], and [¶18, the disk password is also stored in enterprise encryption database 120 and associated in a data record with both the client computer and it's end user assigned by the enterprise], and [¶33, The client computer generates a public/private key, step 310. The public key, along with identifying information is transmitted to the enterprise encryption service, as was described above with regard to FIG. 2, step 225. At step 315, enterprise encryption service 115 encrypts a disk password using the public key generated at the client computer. The disk password can be a random, alphanumeric password].
Regarding claims 4, 12, and 19, Brumback discloses further comprising: responsive to replacing each stored entry in the account list with the analogous entry, updating, by the secure off-loader, a local configuration stored in the storage location of the first remote computing device to indicate a recent update to the account list [¶34, The encrypted disk password is transmitted, step 320, to the client computer (equated to first remote computing device) and to enterprise encryption database 120. The client computer decrypts, step 325, the encrypted disk password using the private key. Using the decrypted disk password, resident encryption module 146 sets, step 330, the decrypted disk password as the current disk password on the client computer. At the enterprise encryption database, the encrypted disk password is stored, step 335, in a record associated with the client computer].
Regarding claims 6, and 14, Brumback, and Endler do not explicitly disclose, however, Stoehr discloses The computer-implemented method of claim 1, further comprising: determining, by the first remote computing device, a number of periods since the encrypted updated account list was received; comparing, by the first remote computing device, the number of periods to a period threshold; and responsive to determining that the number of periods exceeds the period threshold, generating, by the first remote computing device, an alert for transmission to the customer indicating that the account list should be updated. [¶¶69, 91-93].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Brumback, and Endler by incorporating “automatic account reload program”, as taught by Stoehr. One could have been motivated to do so in order to, wherein the user opts-in, the user may choose from pre-determined balance thresholds at which the account will be reloaded, and if the top-up feature is not available or not enabled, the routine sets the account status to "low balance" and optionally notifies the user [ Stoehr, ¶¶69, 93].
Regarding claims 7, and 15, Brumback discloses The computer-implemented method of claim 1, wherein the account list includes accounts for a plurality of users, each account includes one or more account group attributes, and the computer-implemented method further comprises: receiving, at the first remote computing device, an update to an account group attribute for an account in the account list; and updating, by the secure off-loader, the account group attribute for the account in the account list [¶¶46-49, FIG. 6 depicts a user interface for a web service admin console 600 in accordance with an embodiment of the invention. The web service facilitates the communication between enterprise encryption service 115, admin console 600, and enterprise encryption database 120. Each time either the enterprise encryption service or the admin console needs to read or write data, it can do so through a web service. A secure html/java based web application grants administrators access to stored disk passwords based on their credentials. The robust set of controls available through Groups and Permissions allow assignment of varying levels of access to specific groups of any number of support groups or individual support personnel. [0048] For example, the admin console includes application menu 605, where an administrator can select particular actions to be performed (e.g., manage users, manage groups, assign users, assign permissions, etc.). Admin console 600 can be used to access disk passwords stored in enterprise encryption database 120 for support purposes--data recovery, forensics, forgotten passwords, user lock out, etc. Display area 610 of the admin console 600 can be an interactive user interface. Changes made within console 600 can be loaded into the enterprise encryption database to make corresponding changes to one or more data records].
Regarding claim 8, Brumback discloses The computer-implemented method of claim 1, wherein the remote computing device is a first remote computing device, the base management node is communicatively coupled to [[a]] the second remote computing device, and the computer- implemented method further comprises: transmitting, by the base management node, the encryption key and the account list to the second remote computing device; and modifying, by the second remote computing device, an account credential included as part of the account list to generate an updated account list [ FIG.1 , FIG. 1 depicts an enterprise computer system 100 in accordance with an embodiment of the invention. System 100 includes server 110(equated to second remote computing system) that is in communication with enterprise encryption database 120 and client management system 125(equated to base management node), client computer 140 (equated to first remote computing device)], and [¶33, The client computer generates a public/private key, step 310. The public key, along with identifying information is transmitted to the enterprise encryption service, as was described above with regard to FIG. 2, step 225. At step 315, enterprise encryption service 115 encrypts a disk password using the public key generated at the client computer. The disk password can be a random, alphanumeric password], and [¶35, FIG. 4 depicts process 400 in accordance with an embodiment of the invention. Process 400 is a further portion of process 200 described above. Enterprise encryption service 115 receives, step 405, a file from the client computer containing identifying information about the client computer. By comparing data record(s) within a data store portion of client management system 125, enterprise encryption service 115 can verify, step 410, that the client computer is an asset that is part of the enterprise computer system], and [Abstract, A method for deploying a disk encryption password to a client computer includes installing a disk encryption agent on a client computer, where the agent communicates with an enterprise encryption service that encrypts a disk password using a public key generated at the client computer. The encrypted disk password is transmitted to the client computer where it is set as the current disk password. A system to deploy a disk encryption password includes one or more client computers and at least one server having a control processor configured to support operation of an enterprise encryption service. The encryption service is configured to install a disk encryption agent on a client computer and generate an encrypted disk password using a public key generated by the client computer. An enterprise encryption database in communication with the enterprise encryption service stores the disk password].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
See submitted 892 for more relevant references.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHAHRIAR ZARRINEH/Primary Examiner, Art Unit 2496