DETAILED ACTION
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This Office Action is in response to the communication filed on 12/1/2025.
Claims 5, 8-9 and 16-18 have been canceled.
Claims 1, 7, 15 and 19-20 have been amended.
Claims 1-4, 6-7, 10-15 and 19-20 are pending for consideration.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/22/2026 has been entered.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-4, 6-7, 10-15 and 19-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 7, 14 and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 7 and 19, these claims depend on claim 1 and recite the limitation “the second cryptographic key is derived from the first cryptographic key using a key derivation function”. It appears the first and second cryptographic keys that are symmetric keys in this limitation (see paragraph 0034 of Applicant’s specification). However, according to claim 1 the first and second cryptographic keys are public/private key pair (i.e., asymmetric keys). The logic is unclear what Applicant's intended metes and bounds of the claims are. Clarification is required because the metes and bounds of the limitation are entirely unclear and subjective.
Regarding claim 14, claim 14 depends on claim 1 and recites the limitation “wherein the first cryptographic key and the second cryptographic key are symmetric keys”. However, according to claim 1 the first and second cryptographic keys are public/private key pair (i.e., asymmetric keys). The logic is unclear what Applicant's intended metes and bounds of the claim are. Clarification is required because the metes and bounds of the limitation are entirely unclear and subjective.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 6, 10, 13-15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine et al. (US 10445514) (hereinafter Brandwine) in view of SUN et al. (WO 2023246753, translation attached) (hereinafter SUN).
Regarding claim 1, Brandwine discloses a method, comprising:
determining, based on at least one cryptographic attribute, that information comprising a string on a site is a first cryptographic key (Brandwine: paragraphs (32) and (61), “the customer authorization key may serve as a credential for the customer and required to access an account provided by the computing resource service provider. Accordingly, the process 800 includes identifying 804 potential customer authorization keys from the information garnered from the public Internet repositories of data. The computing resource service provider may utilize, for example, one or more cryptographic protocols to develop an authorization key for each customer utilizing a service provided by the service provider.”), comprising determining that the string has a length equal to a predetermined length or within a predetermined range of lengths of cryptographic keys used to encrypt data, decrypt data, sign data, or verify data (Brandwine: paragraph (61), “use a computer system programmed with various algorithms to search for potential authorization keys among the information garnered from the public Internet repositories of data. The algorithms may include instructions to search for character strings that have characteristics (e.g., length) that match the characteristics of keys generated by the computing resource service provider. Additionally, the computer resource service provider may utilize more advanced searching techniques to search for potential authorization keys. For example, the computer resource service provider may search for potential authorization keys by not only searching for a string of characters that may form an authorization key but also key words that may be in close proximity to the string of characters”); and
sending an alert that one or more authorization/cryptographic key is compromised (Brandwine: paragraphs (13), (32), (61) and (64)-65, “the service provider may determine the account is compromised by referring to data contained in public Internet repositories of data and discovering customer credentials (e.g., account passwords, authorization keys (also referred to as access keys))”… “the computing resource service provider may examine a list of potential customer authorization keys to determine whether any are actual authorization keys. If there is a match, the computing resource service provider may place the account in a compromised state. Additionally, the customer may notify the computing resource service provider that one or more account credentials have been, intentionally or unintentionally, compromised. In this instance, the computing resource service provider may place the account in a compromised state upon being notified by the customer.”).
Brandwine does not explicitly disclose the following limitation which is disclosed by SUN, sending an alert that a second cryptographic key corresponding to the first cryptographic key is compromised (SUN: page 49, “the CA/RA receives revocation requests sent by other NF entities. For example, when the network administrator detects that the NFp's private key is leaked, it requests the CA/RA to revoke the NFp's certificate….For example, the CA/RA proactively revokes the NFp's certificate. For example, due to the operator's network maintenance, the configuration information of the NFp needs to be updated, so the NFp's certificate is revoked or temporarily suspended.”), wherein the first cryptographic key comprises a private key, the second cryptographic key comprises a public key corresponding to the private key, and the private key and the public key are generated as a public/private key pair (SUN: pages 37-38, 45-46 and 49, “the CA/RA receives revocation requests sent by other NF entities. For example, when the network administrator detects that the NFp's private key is leaked, it requests the CA/RA to revoke the NFp's certificate… “Optionally, the NFp certificate also includes the CA ID that issued the certificate, the certificate's signature, the certificate holder ID, or the certificate holder's public key, etc.”).
Brandwine and SUN are analogous art because they are from the same field of endeavor, communication security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Brandwine and SUN before him or her, to modify the system of Brandwine to include sending an alert that a second cryptographic key corresponding to a first cryptographic key is compromised of SUN. The suggestion/motivation for doing so would have been to improving network efficiency (SUN: pages 1 and 2).
Regarding claim 15, the claim 15 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.
Regarding claim 20, the claim 20 discloses a media claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 20 and rejected for the same reasons.
Regarding claim 2, Brandwine as modified discloses further comprises monitoring the site for cryptographic keys (Brandwine: paragraph (61), “the process 800 includes identifying 804 potential customer authorization keys from the information garnered from the public Internet repositories of data. The computing resource service provider may utilize, for example, one or more cryptographic protocols to develop an authorization key for each customer utilizing a service provided by the service provider. The cryptographic protocols may use a variety of algorithms to generate a string of characters that form the authorization keys. The computing resource service provider may, for example, use a computer system programmed with various algorithms to search for potential authorization keys among the information garnered from the public Internet repositories of data. The algorithms may include instructions to search for character strings that have characteristics (e.g., length) that match the characteristics of keys generated by the computing resource service provider”).
Regarding claim 3, Brandwine as modified discloses wherein monitoring the site for cryptographic keys comprises accessing the site via a first network using a first browser configured to access the site (Brandwine: paragraph (61), “the process 800 includes identifying 804 potential customer authorization keys from the information garnered from the public Internet repositories of data. The computing resource service provider may utilize, for example, one or more cryptographic protocols to develop an authorization key for each customer utilizing a service provided by the service provider. The cryptographic protocols may use a variety of algorithms to generate a string of characters that form the authorization keys. The computing resource service provider may, for example, use a computer system programmed with various algorithms to search for potential authorization keys among the information garnered from the public Internet repositories of data. The algorithms may include instructions to search for character strings that have characteristics (e.g., length) that match the characteristics of keys generated by the computing resource service provider”).
Regarding claim 6, Brandwine as modified discloses wherein the first cryptographic key is used to encrypt a third cryptographic key (Brandwine: (62)-(63), “If the computing resource service provider utilizes authorization key encryption, such as, but not limited to, hashing or symmetric cryptography, the computing resource service provider may use an encryption key to generate a series of character strings based on a potential key composed of plain text. In this fashion, the computing resource service provider may utilize the new series of character strings and compare them to a second database containing actual, encrypted (e.g., hashed) authorization keys to determine if an account has been compromised.”).
Regarding claim 10, Brandwine as modified discloses wherein the at least one cryptographic attribute comprises a predetermined string (Brandwine: paragraph (61), “use a computer system programmed with various algorithms to search for potential authorization keys among the information garnered from the public Internet repositories of data. The algorithms may include instructions to search for character strings that have characteristics (e.g., length) that match the characteristics of keys generated by the computing resource service provider. Additionally, the computer resource service provider may utilize more advanced searching techniques to search for potential authorization keys. For example, the computer resource service provider may search for potential authorization keys by not only searching for a string of characters that may form an authorization key but also key words that may be in close proximity to the string of characters”).
Regarding claim 13, Brandwine as modified discloses wherein identifying the entity comprises extracting identifying information of the entity from the site on which the first cryptographic key is posted (Brandwine: paragraphs (61) and (71), “The computing resource service provider may utilize, for example, one or more cryptographic protocols to develop an authorization key for each customer utilizing a service provided by the service provider. The cryptographic protocols may use a variety of algorithms to generate a string of characters that form the authorization keys. The computing resource service provider may, for example, use a computer system programmed with various algorithms to search for potential authorization keys among the information garnered from the public Internet repositories of data. The algorithms may include instructions to search for character strings that have characteristics (e.g., length) that match the characteristics of keys generated by the computing resource service provider. Additionally, the computer resource service provider may utilize more advanced searching techniques to search for potential authorization keys. For example, the computer resource service provider may search for potential authorization keys by not only searching for a string of characters that may form an authorization key but also key words that may be in close proximity to the string of characters”).
Regarding claim 14, Brandwine as modified discloses wherein the extracting the identifying information comprises determining the identifying information from a key block, wherein the first cryptographic key and the second cryptographic key are symmetric key (Brandwine: paragraphs (61)-(62), “obtained a list of potential customer authorization keys from the information garnered from the public Internet repositories of data, the process 800 may include accessing 806 each potential customer key for further examination. For instance, the computing resource service provider may maintain a database of all potential customer authorization keys it has obtained and start to analyze the first key in the database. An analysis of the potential customer authorization keys may consist of comparing the potential key with a second database containing all actual customer authorization keys. For example, the computing resource service provider may perform a string matching query in the database containing all actual authorization keys. If the computing resource service provider utilizes authorization key encryption, such as, but not limited to, hashing or symmetric cryptography, the computing resource service provider may use an encryption key to generate a series of character strings based on a potential key composed of plain text. In this fashion, the computing resource service provider may utilize the new series of character strings and compare them to a second database containing actual, encrypted (e.g., hashed) authorization keys to determine if an account has been compromised.”).
Claim(s) 4, and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine in view of SUN, and further in view of Ramanathan et al. (US 12126713) (hereinafter Ramanathan).
Regarding claim 4, Brandwine in view of SUN does not explicitly disclose the following limitation which is disclosed by Ramanathan, wherein the first network is Dark Web (Ramanathan: paragraphs (5), (40), (84) and (183)); and the second network is World Wide Web (Ramanathan: paragraphs (5), (40), (59) and (183) , “The monitoring of the set of data environments may comprise internal monitoring of internal data environments (e.g., internal information systems, internal data networks, internal data storage devices), external monitoring of external data environments (e.g., content delivery networks (CDNs), cloud service platforms, social media platforms, dark websites), and hybrid monitoring of hybrid data environments (e.g., combinations of internal and external data networks)”).
Brandwine in view of SUN and Ramanathan are analogous art because they are from the same field of endeavor, network protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Brandwine and Ramanathan before him or her, to modify the system of Brandwine to include a first network is Dark Web and second network is World Wide Web of Ramanathan. The suggestion/motivation for doing so would have been to protect data for varying durations to manage legal and regulatory risk (Ramanathan: paragraph (21)).
Regarding claim 11, Brandwine in view of SUN does not explicitly disclose the following limitation which is disclosed by Ramanathan, further comprising identifying an entity that owns at least one of the first cryptographic key or the second cryptographic key (Ramanathan: paragraphs (58) and (96), “In another example, the QC detection data may comprise a fictitious code-signing certificate, a fictitious email certificate, a fictitious legally binding electronic signature certificate that represents the digital identity of a signer (e.g., a digital identification (ID) certificate, such as an X.509 certificate), any other suitable information, or a combination thereof.”).
Brandwine in view of SUN and Ramanathan are analogous art because they are from the same field of endeavor, network protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Brandwine and Ramanathan before him or her, to modify the system of Brandwine to include identifying an entity that owns at least one of a first cryptographic key or the second cryptographic key of Ramanathan. The suggestion/motivation for doing so would have been to protect data for varying durations to manage legal and regulatory risk (Ramanathan: paragraph (21)).
Regarding claim 12, Brandwine as modified discloses wherein identifying the entity comprises: determining the second cryptographic key using the first cryptographic key (Ramanathan: paragraphs (58) and (96)); determining a certificate of the second cryptographic key (Ramanathan: paragraphs (58) and (96)); and determining the entity from the certificate (Ramanathan: paragraphs (58) and (96), “detect code-sign malware using a destroyed RSA private key. In another example, the QC detection system 102 may provide for a certificate-based QC detection technique configured to detect a fraudulent certificate signed by an issuer certificate authority using a destroyed RSA private key (e.g., using a fictitious email certificate or legal sign certificate as a honeypot).”). The same motivation to modify Brandwine in view of SUN and Ramanathan, as applied in claim 11 above, applies here.
Claim(s) 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine in view of SUN, further in view of TARTAN et al. (US 20230396450) (hereinafter TARTAN).
Regarding claims 7 and 19, Brandwine does not explicitly disclose the following limitation which is disclosed by TARTAN, wherein the second cryptographic key is derived from the first cryptographic key using a key derivation function (TARTAN: paragraphs 0138, 0140-0145 and 0154, “the keys derived by the key derivation entity”… “the parent key used to derive the child key may be a public key. In this case, the child key is derived based on the parent key and a public key corresponding to the hash result”).
Brandwine in view of SUN and TARTAN are analogous art because they are from the same field of endeavor, network processing. Before the effective filing date of
the claimed invention, it would have been obvious to one of ordinary skill in the art,
having the teachings of Brandwine in view of SUN and TARTAN before him or her, to modify the system of Brandwine in view of SUN to include a cryptographic key is derived from a cryptographic key using a key derivation function of TARTAN. The
suggestion/motivation for doing so would have been to constitute applying a known
technique to known devices and/or methods ready for improvement to yield predictable
results.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TRANG T DOAN/Primary Examiner, Art Unit 2431