CTNF 18/107,086 CTNF 86289 DETAILED ACTION 07-03-aia AIA 15-10-aia 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. 2. Claims 1-20 are pending. Claims 1, 9 and 17 are independent. 3 The IDS submitted on 2/8/2023 has been entered. Claim Rejections - 35 USC § 102 07-06 AIA 15-10-15 4. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-07-aia AIA 07-07 5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – 07-08-aia AIA (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. 07-15-aia AIA 6. Claim s 1-20 are rejected under 35 U.S.C. 102 as being anticipated by David (US Patent 11,853,109) . As regarding claims 1 , 9 and 17 , David discloses A method, in a data processing system, for salted password protection of computing resources, the method comprising: receiving an entity identifier and password for authenticating an entity to access a protected computing resource [col. 13 lines 34-46; capturing user credentials] ; generating a salt value as a random value that is combined with the password to generate a salted password [col. 13 lines 54-67; adding a salt to the password] ; generating a hash value based on a hash function and the salted password as an input to the hash function [col. 13 lines 54-67; hashing the password] ; generating, based on the password, an encryption key for encrypting the salt value [col. 19 line 60 thru col. 20 line 9] ; encrypting the salt value based on the encryption key and an encryption algorithm to generate an encrypted salt value [col. 19 line 60 thru col. 20 line 9] ; and storing the entity identifier, hash value, and encrypted salt value in a secured database for later retrieval to validate subsequent access requests specifying the entity identifier. As regarding claims 2 , 10 and 18 , David further discloses The method of claim 1, wherein the encryption key is the password [col. 19 line 60 thru col. 20 line 9] . As regarding claims 3 and 11 , David further discloses The method of claim 1, wherein the encryption key is an encryption key value derived from the password, and wherein the encryption key value is derived from at least one of a sub-portion of the password, a combination of the password and the entity identifier, a portion of the combination of the password and the entity identifier, a combination of the password and a password creation time, a combination of the password and a last access time, or the password and an access statistic [col. 19 line 60 thru col. 20 line 9] . As regarding claims 4 , 12 and 19 , David further discloses The method of claim 1, further comprising: receiving a request to access the protected computing resources from a requesting computing device, wherein the request specifies the entity identifier and a supplied password; retrieving, from the secured database, an entry corresponding to the entity identifier, wherein the entry specifies a stored hash value and a stored encrypted salt value; generating, based on the supplied password in the received request, a decryption key value; decrypting the encrypted salt value from the retrieved entry to generate a decrypted salt value; and validating the supplied password based on the decrypted salt value [col. 35 lines 6-37] . As regarding claims 5 , 13 and 20 , David further discloses The method of claim 4, wherein validating the supplied password based on the decrypted salt value comprises: combining the decrypted salt value with the supplied password to generate a supplied salted password; inputting the supplied salted password to the hash function to generate a supplied hash value; and comparing the supplied hash value to the stored hash value in the retrieved entry to determine if the entity is an authorized entity to access the protected computing resources [col. 35 lines 6-37] . As regarding claims 6 and 14 , David further discloses The method of claim 5, wherein comparing the supplied hash value to the stored hash value comprises, in response to determining that the supplied hash value matches the stored hash value, granting access to the protected computing resources and returning a notification to the requesting computing device indicating that the requesting computing device is granted access to the protected computing resources [col. 23 lines 30-57] . As regarding claims 7 and 15 , David further discloses The method of claim 5, wherein comparing the supplied hash value to the stored hash value comprises, in response to determining that the supplied hash value does not match the stored hash value, denying access to the protected computing resources and returning a notification to the requesting computing device indicating that the requesting computing device cannot access the protected computing resources [col. 23 lines 30-57] . As regarding claims 8 and 16 , David further discloses The method of claim 1, wherein: the salt value is regenerated after each successful access of the protected computing resource by the entity and a new salted password is generated based on the regenerated salt value, in response to regeneration of the salt value, the hash value is regenerated based on the hash function, the password, and the new salt value, and the encrypting and storing operations are performed with regard to the new salt value [col. 17 lines 10-25] . Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905. The examiner can normally be reached on M-F 8:30AM - 5:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /THONG TRUONG/ Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433 Application/Control Number: 18/107,086 Page 2 Art Unit: 2433 Application/Control Number: 18/107,086 Page 3 Art Unit: 2433 Application/Control Number: 18/107,086 Page 4 Art Unit: 2433 Application/Control Number: 18/107,086 Page 5 Art Unit: 2433 Application/Control Number: 18/107,086 Page 6 Art Unit: 2433 Application/Control Number: 18/107,086 Page 7 Art Unit: 2433