DETAILED ACTION
Claims 1-20 are presented for examination. Claims 17-20 are new.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/13/2026 has been entered.
Priority
Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original non-provisional application or provisional application); the disclosure of the invention in the parent application and in the later- filed application must be sufficient to comply with the requirements of the first paragraph of 35' U.S.C. 112. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551,32 USPQ2d 1077 (Fed. Cir. 1994). In the present application, support for the following limitations is lacking in the provisional applications:
The limitations e.g. host agent, virtual machine, storage data object, tier level, reservation repository etc are not supported by current spec, therefore, examiner will consider the priority date back to provisional application (62/596,105) dated: 12/07/2017.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-8 of U.S. Patent No. US 12095785 B2.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by US Patent No. US 12095785 B2. Please see the table below:
Instant Application
US Patent No. US 12095785 B2
A computing system for detecting authentication object-focused attacks, comprising: one or more hardware processors configured for:
receiving a first authentication object for a user of a service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the service;
generating a unique identifier for the first authentication object by performing a plurality of calculations and transformations on the first authentication object;
providing the unique identifier to the identity provider from which the first authentication object was generated for inclusion in additional authentication objects issued to the user; receiving a request for access to the service by the user accompanied by a second authentication object comprising a second identification string;
validating the second authentication object by comparing a value of the second identification string against a value of the first identification string; and generating an authentication failure if the validation step failed.
2. The system of claim 1, wherein the computing system is operated by the identity provider.
3. The system of claim 1, wherein the computing system is operated by a client device communicating with the identity provider over a network.
4. The system of claim 1, wherein the computing system is operated by a third-party service communicating with the identity provider, endpoint, service, or networking devices over a network.
A system for detecting Security Assertion Markup Language (SAML) forgery or manipulation attacks, comprising: a computing system comprising a memory and a processor; a policy manager subsystem comprising a first plurality of programming instructions stored in the memory which, when operating on the processor, causes the computing system to:
receive a plurality of network packets comprising a first authentication object for a user of a service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the service;
generate a unique identifier for the first authentication object; provide the unique identifier to the identity provider from which the first authentication object was generated for inclusion in additional authentication objects issued to the user;
receive a request for access to the service by the user accompanied by a second authentication object comprising a second identification string;
compare a value of the second identification string of the second authentication object against a value of the second identification string of the stored record of the first authentication object; check the second authentication object for the unique identifier; and generate an authentication failure if the unique identifier is missing or invalid; and a hashing subsystem comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing system, wherein the second plurality of programmable instructions, when operating on the processor, cause the computing system to: receive authentication objects from the policy manager; calculate unique identifiers for authentication objects received by performing a plurality of calculations and transformations on each received authentication object; and return the unique identifiers for authentication objects received to the policy manager.
2. The system of claim 1, wherein the policy manager is operated by the identity provider.
3. The system of claim 1, wherein the policy manager is operated by a client device communicating with the identity provider over a network.
4. The system of claim 1, wherein the policy manager is operated by a third-party service communicating with the identity provider, endpoint, service, or networking devices over a network.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-8 of U.S. Patent No. US 11005824 B2.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by US Patent No. US 11005824 B2.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 of U.S. Patent Publication No. US 20230156022 A1.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by U.S. Patent Publication No. US 20230156022 A1.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12 of U.S. Patent Publication No. US 20230118726 A1.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by U.S. Patent Publication No. US 20230118726 A1.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 of U.S. Patent No. US 11552968 B2.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by US Patent No. US 11552968 B2.
Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12 of U.S. Patent Publication No. US 20230308459 A1.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by U.S. Patent Publication No. US 20230308459 A1.
This is a nonstatutory double patenting rejection.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schoen et al. (US Patent Application No. 20150281225) (Hereinafter Schoen) in view of Gallant et al. (US Patent No. 7743138) (Hereinafter Gallant) in further view of Musante et. al. (US Patent No. 20030074446) (Hereinafter Musante).
As per claim 1, Schoen discloses a computing system for detecting authentication object-focused attacks, comprising:
one or more hardware processors configured for (fig 1):
receiving a first authentication object for a user of a federated service of the one or more federated services, wherein the first authentication object comprises an embedded unique identifier associated with one or more known valid authentication sessions, wherein the first authentication object is known to be generated by an identity provider associated with the federated service (fig 1, para 51, security token (e.g., the SAML token) from client device , which was provided by the federated identity application…. also provide a trusted session cookie; teaches receiving first authentication object associated with session identifier );
storing one or more portions of the first authentication object and the embedded unique identifier in one or more of the monitored stored/event log (para 51, session cookie, determining whether the security token comprises an SID for a security group that includes client indicating that the client has been authenticated by an identity token), wherein the stored portions are associated with the one or
more known valid authentication sessions (para 94, may be further configured to store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
receiving a request for access to the service by the user accompanied by a second authentication object (176, fig 1, para 94. may be further configured to store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
validating the second authentication object by determining whether the second authentication object corresponds to any stored portion associated with the one or more known valid authentication session stored (para 94, whether a previously generated authentication token has already been used and/or generated. If no match is found) ; and
generating an authentication failure if and denying the request for access to the service in response to a determination that the second authentication object does not correspond to any stored portion associated with the one or more known valid authentication session stored (para 94, whether a previously generated authentication token has already been used and/or generated. If no match is found). Schoen further discloses in order to determine whether a previously generated (stored can be interpreted as log) authentication token has already been used (para 94), represented as a series of interrelated states or events (fig 3A-3D, para 143, it is well known reeving a request, validating/determining authentication object, and generating failure, also are events). However Schoen further disclose explicitly does not disclose
However, Gallant discloses session manager, an event log , and logic to determine a valid session identifier (fig 2, 4, 7A) valid authentication session in the event log (fig 2, 4, 7A) , a determination that the second authentication object does not correspond to any stored portion associated with the one or more known valid authentication session log (fig 2, 4, 7A, col 8, lines 52-59, col 9, lines 44-65, he global session table 232, the event log 240 and or the global event index ) .
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Gallant. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).
Schoen in view of Gallant does not explicitly disclose monitoring one or more event logs for new events being written to any of the one or more event logs in real-time as said new events are logged, wherein the one or more event logs are associated with one or more federated services.
However, Musante discloses explicitly disclose monitoring one or more event logs for new events being written to any of the one or more event logs in real-time as said new events are logged, wherein the one or more event logs are associated with one or more federated services (para 3, the framework provides for base and dynamic services. The base services include, a controller service, an event service, a logging service; Dynamic services are provided by the federated Java beans).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Gallant with Musante. The motivation would have been to build the system using federated beans that provide monitoring and logging events for security by centralizing oversight across distributed systems, enabling faster threat detection and response).
As per claim 2, claim is rejected for the same reasons and motivation as claim 1, above. In addition, Schoen discloses, wherein the computing system is operated by the identity provider (para 46, a federated identity application).
As per claim 3, claim is rejected for the same reasons and motivation as claim 1, above. In addition, Schoen discloses, wherein the computing system is operated by a client device communicating with the identity provider over a network (para 46, a federated identity application).
As per claim 4, claim is rejected for the same reasons and motivation as claim 1, above. In addition, Schoen discloses, wherein the computing system is operated by a third-party service communicating with the identity provider, endpoint, service, or networking devices over a network (fig 1, para 50, the claims enabled application's trusted STS provider, i.e., federated identity application (e.g., MICROSOFT AD FS) where the federated identity application may communicate with directory service application and negotiate with the client device).
Claims 5-16, claims are rejected for the same reasons and motivation as claims 1-4, above.
As per claims 17-20, claim is rejected for the same reasons and motivation as claim 1, above. In addition, Schoen discloses SAML assertion, a Kerberos ticket, an OAuth token, or a JSON web token (para 47, security token service (STS) and issue one or more security tokens (e.g., a Security Assertion Markup Language (SAML) token)) .
Response to Arguments
Applicant's arguments filed 02/13/2026 have been fully considered but they are not persuasive, therefore rejections to claims 1-20 is maintained.
In response to Applicant’s arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. Schoen discloses a receiving a first authentication object for a user of a service, wherein the first authentication object comprises an embedded unique identifier associated with one or more known valid authentication sessions, wherein the first authentication object is known to be generated by an identity provider associated with the service (fig 1, para 51, security token (e.g., the SAML token) from client device , which was provided by the federated identity application…. also provide a trusted session cookie; teaches receiving first authentication object associated with session identifier );
storing one or more portions of the first authentication object and the embedded unique identifier in an stored/event log (para 51, session cookie, determining whether the security token comprises an SID for a security group that includes client indicating that the client has been authenticated by an identity token), wherein the stored portions are associated with the
one or
more known valid authentication sessions (para 94, may be further configured to store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
receiving a request for access to the service by the user accompanied by a second authentication object (176, fig 1, para 94. may be further configured to store a digest or hash of one or more previously generated and used authentication tokens in an authentication token collision datastore);
validating the second authentication object by determining whether the second authentication object corresponds to any stored portion associated with the one or more known valid authentication session stored (para 94, whether a previously generated authentication token has already been used and/or generated. If no match is found) ; and
generating an authentication failure if and denying the request for access to the service in response to a determination that the second authentication object does not correspond to any stored portion associated with the one or more known valid authentication session stored (para 94, whether a previously generated authentication token has already been used and/or generated. If no match is found). Schoen further discloses in order to determine whether a previously generated (stored can be interpreted as log) authentication token has already been used (para 94), represented as a series of interrelated states or events (fig 3A-3D, para 143, it is well known reeving a request, validating/determining authentication object, and generating failure, also are events).
Gallant discloses session manager, an event log , and logic to determine a valid session identifier (fig 2, 4, 7A) valid authentication session in the event log (fig 2, 4, 7A) , a determination that the second authentication object does not correspond to any stored portion associated with the one or more known valid authentication session log (fig 2, 4, 7A, col 8, lines 52-59, col 9, lines 44-65, he global session table 232, the event log 240 and or the global event index ) .
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Gallant. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).
Musante discloses explicitly disclose monitoring one or more event logs for new events being written to any of the one or more event logs in real-time as said new events are logged, wherein the one or more event logs are associated with one or more federated services (para 3, the framework provides for base and dynamic services. The base services include, a controller service, an event service, a logging service; Dynamic services are provided by the federated Java beans).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schoen and Gallant with Musante. The motivation would have been to build the system using federated beans that provide monitoring and logging events for security by centralizing oversight across distributed systems, enabling faster threat detection and response).
Conclusion
Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493