DETAILED ACTION
Claims 1-4 are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original non-provisional application or provisional application); the disclosure of the invention in the parent application and in the later- filed application must be sufficient to comply with the requirements of the first paragraph of 35' U.S.C. 112. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551,32 USPQ2d 1077 (Fed. Cir. 1994). In the present application, support for the following limitations is lacking in the provisional applications:
The limitations e.g. host agent, virtual machine, storage data object, tier level, reservation repository etc are not supported by current spec, therefore, examiner will consider the priority date back to provisional application (62/596,105) dated: 12/07/2017.
Terminal Disclaimer
The terminal disclaimer filed on 06/12/2025 has been reviewed and is accepted. The terminal disclaimer has been recorded.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims1-4 are rejected under 35 U.S.C. 103 as being unpatentable over Schoen et al. (US Patent Application No. 20150281225) (Hereinafter Schoen) in view of Effenberger et al. (US Patent Application No. 20110029773) (Hereinafter Effenberger) In further view of Challener et al. (US Patent Application No. 20030041254) (Hereinafter Challener).
As per claim 1, Schoen discloses a system for detecting and mitigating forged authentication attacks, comprising:
a memory storing instructions to be executed by one or more hardware processors; and one or more hardware processors configured to execute the instructions stored in a memory, wherein the instructions, when executed by the one or more processors, cause the system to: receive a plurality of first authentication attributes associated with a network request (fig 1, para 94, token management application; 46, federated identity application, para 127);;
calculate a cryptographic hash of each first authentication attribute (para 94, hash of newly generated authentication token);
store the cryptographic hashes of the first authentication attributes in a database of hashes (para 94, store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
receive a request for access to a service accompanied by a plurality of second authentication attributes (176, fig 1, para 94. Calculate the hash of the newly generated authentication token);
calculate a cryptographic hash of each of the selected second authentication attributes (para 94, calculate the hash or digest of the generated authentication token).
Schoen does not explicitly discloses select a subset of the plurality of the second authentication attribute; wherein the subset is selected at random each time the request for access is received.
However, Effenberger discloses select a subset of the plurality of the second authentication attribute (para 57, authentication selection attribute), further discloses table attribute may specify a response, e.g. the hash combination, that may be used in the ONU authentication function. The ONU authentication response table attribute may comprise a hash combination that is calculated by the ONU. The hash combination may be calculated by processing the nonce, e.g. the contents of the ONU authentication nonce table attribute, using an authentication algorithm that is specified by the ONU authentication selection attribute (para 60), wherein the subset is selected at random each time the request for access is received (para 36-37, The OLT random challenge table attribute may specify a random challenge issued by the OLT during an authentication sequence and that the OLT random challenge table can have a fixed length and be processed to trigger or send a challenge status attribute).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Effenberger. The motivation would have been to build the network that to exchange security information using a plurality of attributes, wherein the attributes provide security features that provide endpoint security solutions (both hardware and software based).
Schoen in view of Effenberger does not disclose determine whether the request for access is forged by comparing the cryptographic hashes of the selected second authentication attributes with the cryptographic hashes of the first authentication attributes stored in the database of hashes to determine whether each cryptographic hash of the selected second authentication attributes already exists in the database; and
where a cryptographic hash of at least one of the selected second authentication
attributes does not exist in the database, generate a notification that the
request for access may be forged.
However, Challener discloses determine whether the request for access is forged by comparing the cryptographic hashes of the selected second authentication attributes with the cryptographic hashes of the first authentication attributes stored in the database of hashes to determine whether each cryptographic hash of the selected second authentication attributes already exists in the data (step 503-505, para 23.” a Hash value for the current configuration is computed.
In step 504, the stored, encrypted Hash value is decrypted and the two Hash values are compared”): and
where a cryptographic hash of at least one of the selected second authentication
attributes does not exist in the database, generate a notification that the
request for access may be forged (step 503-506, fig 5, para 23, “a tampering notification is issued indicating that the configuration data has been compromised.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Effenberger with Challener. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).
As per claim 2, claim is rejected for the same reasons and motivation as claim 1, above. In addition, Schoen discloses wherein the instructions when executed by the one or more hardware processors, cause the system to: retrieve a plurality of predefined rules from a data store upon detection of a forged request for access (150,fig 1, para 94, search or match the newly generated authentication token with those stored in authentication token collision datastore by comparing the hashes or digests in order to determine whether a previously generated authentication token has already been used and/or generated); and
execute commands as dictated in each retrieved predefined rule (fig 3A-3D, para 143, methodology could alternatively be represented as a series of interrelated states or events).
As per claims 3-4, claims are rejected for the same reasons and motivations as claim 1-2, above.
Response to Arguments
Applicant's arguments filed 03/30/2026 have been fully considered but they are not persuasive, therefore rejections to claims 1-4 is maintained.
In response to Applicant’s arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). In this case Schoen discloses receive a plurality of first authentication attributes associated with a network request (fig 1, para 94, token management application; 46, federated identity application, para 127);;
calculate a cryptographic hash of each first authentication attribute (para 94, hash of newly generated authentication token);
store the cryptographic hashes of the first authentication attributes in a database of hashes (para 94, store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
receive a request for access to a service accompanied by a plurality of second authentication attributes (176, fig 1, para 94. Calculate the hash of the newly generated authentication token);
calculate a cryptographic hash of each of the selected second authentication attributes (para 94, calculate the hash or digest of the generated authentication token).
Effenberger discloses select a subset of the plurality of the second authentication attribute (para 57, authentication selection attribute), further discloses table attribute may specify a response, e.g. the hash combination, that may be used in the ONU authentication function. The ONU authentication response table attribute may comprise a hash combination that is calculated by the ONU. The hash combination may be calculated by processing the nonce, e.g. the contents of the ONU authentication nonce table attribute, using an authentication algorithm that is specified by the ONU authentication selection attribute (para 60), wherein the subset is selected at random each time the request for access is received (para 36-37, The OLT random challenge table attribute may specify a random challenge issued by the OLT during an authentication sequence and that the OLT random challenge table can have a fixed length and be processed to trigger or send a challenge status attribute).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Effenberger. The motivation would have been to build the network that to exchange security information using a plurality of attributes, wherein the attributes provide security features that provide endpoint security solutions (both hardware and software based).
However, Challener discloses determine whether the request for access is forged by comparing the cryptographic hashes of the selected second authentication attributes with the cryptographic hashes of the first authentication attributes stored in the database of hashes to determine whether each cryptographic hash of the selected second authentication attributes already exists in the data (step 503-505, para 23.” a Hash value for the current configuration is computed.
In step 504, the stored, encrypted Hash value is decrypted and the two Hash values are compared”): and
where a cryptographic hash of at least one of the selected second authentication
attributes does not exist in the database, generate a notification that the
request for access may be forged (step 503-506, fig 5, para 23, “a tampering notification is issued indicating that the configuration data has been compromised.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Effenberger with Challener. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493
Prosecution Insights