Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/16/2025 has been considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gallant et al. (US 2016/0352702) hereafter Gallant in view of Moon et al. (US 2023/0060803) hereafter Moon.
6. Gallant discloses a computer-implemented method for enabling secure password reset functionality for a password protected device having a unique identifier (figs. 4, 5B, 6, 8; para 2; para 29, a public/private key pair for the device (d,D) is a unique identifier), comprising:
generating, in a first computer device, a registration code for the password protected device including at least the metadata associated with certain attributes of the password protected device and the unique identifier associated with the password protected device (fig. 4, 106, 108; para 36, one or more device IDs is are also determined at 106 … the private/public key pair d, D for the secured device 10 can be provisioned at 108; the device IDs is metadata and d, D is a unique identifier);
sending the registration code from the first computer device to a computer server (fig 4, 106, 108 -> 110 and corresponding text; para 37, At 110 a new device entry is made in the support database 16, which stores the device ID … stores a public key D);
parsing the registration code in the computer server to separately identify at least the metadata and unique identifier associated with the password protected device (para 37, the public key D of the secured device 10 is … mapped to the … device IDs…); and
storing the metadata and unique identifier associated with the password protected device in memory associated with the computer server for registering the password protected device with the computer server (para 37, the public key D of the secured device 10 is stored at 116 and mapped to the administrator and device IDs);
generating a request code for the password protected device, in the first computer device upon user initiation of a password reset request for the password protected device (para 21, the administrator device 12 can be used to communicate with the password reset service 14 over a network 15 (e.g., the Internet) in order to send or otherwise submit a password reset request 24), the request code including at least metadata associated with certain attributes of the password protected device (para 38, administrator 22 provides a device ID corresponding to the secured device 10) and whereby the request code does not include the unique identifier (para 31, the support database 16 can also include copies of secured device public keys D and associate the public keys D with the secured devices 10, thus providing a mapping between device ID(s) and the public key D for that secured device 10. In this way, an administrator 22 can initiate a password reset by phoning in to the password reset service 14 (or device support service 18) and provide a device ID such as a MAC address or serial number, which can be mapped to the corresponding public key D (unique identifier) which is never included in the request);
sending the request code from the first computer device to a computer server located remote from the first computer device (fig 5B, 154-156 and corresponding text);
parsing the request code, in the computer server, to identify a password protected device registered with the computer server (para 31, the support database 16 can also include copies of secured device public keys D and associate the public keys D with the secured devices 10, thus providing a mapping between device ID(s) and the public key D for that secured device 10. In this way, an administrator 22 can initiate a password reset by phoning in to the password reset service 14 (or device support service 18) and provide a device ID such as a MAC address or serial number, which can be mapped to the corresponding public key D) for generating a first hash value for a recovery string including at least the metadata and the retrieved unique identifier associated with the identified password protected device (fig. 6, 258 and corresponding text);
generating a second hash value for a second recovery string including at least the metadata and the unique identifier associated with the password protected device (fig. 8, 308 and corresponding text; para 51, a hash value HASH is generated at 308);
sending the first hash value from the computer server to the first computer device (fig. 6, 262 and corresponding text; para 44, hash is generated at 256, which is to be used by the password reset module 30 in the secured device 10 to match against a hash generated on the secured device 10); and
comparing the first and second hash values to enable password reset functionality for the password protected device if the first and second hash values match (fig. 8, 310 and corresponding text; para 51, HASH′ value is compared to the HASH value included in the image at 310 to determine at 312 whether or not the hashes are equal).
Gallant does not explicitly disclose generating at the first computer device. However, in an analogous art, Moon discloses secure device access recovery including performing the computations at the device requesting recovery (figure 7B, 204-212). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Gallant with the implementation of Moon in order to recover a password without exposure of the prior password and without the necessity of involving any network service provider with the backup/recovery (para 188).
7. The computer-implemented method as recited in claim 6, wherein the first computer device sends the request code and the registration code over a communications network to the password reset computer, and the computer server sends the first hash value to the first computer device over the communications network (Gallant, fig 5A, 154-156, 162-164).
Claims 1 and 4 are similar in scope to claims 6 and 7 and are rejected under similar rationale.
2. The computer-implemented method as recited in claim 1, wherein the computer device is operatively coupled to the password protected device (Gallant, fig. 1, 12).
3. The computer-implemented method as recited in claim 2, further including: generating, in the computer device, a registration code for the password protected device including at least the metadata associated with certain attributes of the password protected device and the unique identifier associated with the password protected device; sending the registration code from the computer device to the computer server; parsing the registration code in the computer server to separately identify at least the metadata and unique identifier associated with the password protected device; and storing the metadata and unique identifier associated with the password protected device in memory associated with the computer server for registering the password protected device with the computer server (Gallant, fig 4, 106, 108, 110; para 36-37).
5. The computer-implemented method as recited in claim 4, wherein the unique identifier is a cryptographically complaint random string (Gallant, para 30).
Allowable Subject Matter
Claims 8-20 are allowed.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES R TURCHEN/Primary Examiner, Art Unit 2439