Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to the communication filed on 1/30/26.
Claims 1 – 4, 6 – 12 are pending.
All objections and rejections not set forth below have been withdrawn.
Any references to applicant’s disclosure are made by way of applicant’s pre-grant printed patent publication, US 2025/0013732 A1.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a check module to”, “a generation module to”, and “an authentication module to” in claim 12.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 – 4, 6 – 9, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Venkataramani, US 2018/0004934 A1 in view of Mautone et al. (Mautone), US 2023/0224325 A1.
Regarding claim 1, Venkataramani discloses:
A method for ensuring security of an automation system (e.g. Venkataramani, Abstract), the method comprising:
checking a piece of authentication information previously provided for authentication at an end point of the automation system for a minimum security requirement including assessing meta-information (e.g. Venkataramani, fig. 1:114, 131, 133) which includes …and a generation time of a generation of the password (e.g. Venkataramani, par. 37 – password “meta-information” comprises a history of password change times informing when a password was last changed), related to the piece of authentication information stored at the end point (e.g. Venkataramani, fig. 1:132; fig. 2:203; par. 20, 23, 27, 30, 38, 39). Herein the system compares previously used passwords (i.e. authentication [information] stored at an endpoint – e.g. fig. 1:113) for accessing profiles, accounts, computers and/or services (i.e. end points) against metadata describing password characteristics and usage (e.g. fig. 1:114, 131, 133) so as to determine, at least, a compliance with the requirements of a password policy, and if they do not meet compliance, then the passwords are marked to be changed during authentication.
Venkataramani does not appear to explicitly teach that the “…access[ed] meta-information …includes a hash value of a password…”.
However, like Venkataramani, Mautone teaches a system for the automated management of passwords (e.g. Mautone, Abstract; par. 3-7) and for accessing meta-information related to stored passwords so as to aid in the management of the passwords (e.g. Mautone, par. 12, 40, 115, 117).
Furthermore, Mautone teaches that the “…access[ed] meta-information …includes a hash value of a password…” (e.g. Mautone, par. 138 – 142).
It would have been obvious to one of ordinary skill in the art to recognize the teachings of Mautone for accessing meta-information including a hash of the password within the system of Venkatarami. This would have been obvious because one of ordinary skill in the art would have been motivated by the teaching that accessing the hash of the password and performing comparisons of hashes instead of the password helps to further provide security against breaches of the password (e.g. Mautone, par. 138).
Thus, the combination enables:
if the piece of authentication information does meet the minimum security requirement, using an authentication module to authenticate at the end point (e.g.. Venkataramani, fig. 1:111; par. 33 – compliant passwords are used by the client for authentication to the profiles, accounts, computers and/or services) and storing updated meta-information related to the piece of authentication information at the end point (e.g. Venkataramani, par. 27, 28, 35, 37, claim 4). Herein, encrypted passwords at the end point are further associated with stored rules, that are downloaded and updated from a manager, i.e. “updated meta-information” (e.g. fig. 1:114; par. 27). Furthermore, additionally stored in association with the encrypted passwords are indicators characterizing the time the password was changed and how many times the password was used for authentication, i.e. “updated meta-information” (e.g. par. 27).
else, if the piece of authentication information does not meet the minimum security requirement, generating a new piece of authentication information, and providing the authentication module with the new piece of authentication information to authenticate at the end point (e.g. Venkataramani, fig. 1:111; par. 28, 35 – new passwords are generated to replace the non-compliant passwords, wherein the new password is stored and ready to be used for authentication to a profile, account, computer and/or service) and storing meta-information related to the new piece of authentication information at the end point (e.g. Venkataramani, par. 28). Herein, the password agent generates a new password, which is encrypted and stored at the endpoint, and furthermore stores updated password rules, i.e. “meta-information related to the new piece of authentication information at the endpoint”.
Regarding claim 2, the combination enables:
wherein the piece of authentication information comprises the password (e.g. Venkataramani, Abstract).
Regarding claim 3, the combination enables:
wherein the minimum requirement comprises a minimum length or a minimum complexity of the authentication information (e.g. Venkataramani, par. 3, 36).
Regarding claim 4, Venkataramani discloses an authentication module for providing a password to be used for authentication. However, Venkataramani fails to disclose that the authentication module provides the password by emulating an entry.
However, Mautone also discloses means for providing a password for authentication (e.g. Mautone, Abstract), and furthermore teaches that the provision is by means of injecting the password, or emulating keystroke entry of the password (e.g. Mautone, par. 58, 59).
It would have been obvious to one of ordinary skill in the art to employ the emulation teachings of Mautone within the system of Venkataramani. This would have been obvious because one of ordinary skill in the art would have been motivated by the teaching that the emulation of password entry provides convenience to the user (e.g. Mautone, par. 58, 59).
Thus, the combination enables:
wherein the authentication module emulates an entry of the authentication information (e.g. Venkataramani, par. 33; Abstract; Mautone, par. 58, 59).
Regarding claim 6, the combination enables:
further comprising repeating the method and checking the piece of meta-information to determine whether the minimum requirement is met (e.g. Venkataramani, par. 27).
Regarding claim 7, the combination enables:
further comprising subjecting the piece of authentication information and/or meta-information previously provided to a comparison with authentication information and/or meta-information from preceding or revealed security incidents and, depending on the comparison assessing whether the minimum requirement is met (e.g. Venkataramani, par. 27, 37, 36, 37, claim 4 – herein the passwords and/or indicators are checked against policies and/or rules and/or historical information indicating that the passwords require change or a breach has occurred).
Regarding claim 8, it is rejected for the same reasons as claim 4, wherein the combination enables:
wherein the authentication module is designed for authentication using an emulation of an entry of the new piece of authentication information (e.g. Venkataramani, par. 33; Abstract; Mautone, par. 59).
Regarding claim 9, the combination enables:
wherein the authentication module is set up and designed for cryptographically protected storage of the new authentication information (e.g. Venkataramani, par. 20, 35; fig. 8:113).
Regarding claim 12, it is a system claim comprising the means for implementing the method of the above claims, and it is rejected, at least, for the same reasons. Furthermore, because the combination enables:
A security system for an automation system (e.g. Venkataramani, fig. 1), the security system comprising: a check module (e.g. Venkataramani, fig. 1:132; fig. 2:203) … a generation module … (e.g. Venkataramani, fig. 8:111) …
PLEASE NOTE, the applicant’s claim 12 does not explicitly limit the scope of the claim to “…comprising: … an authentication module…”. Rather, the applicant has amended the claim to recite a characterization describing the function of an authentication module (i.e. “the authentication module to receive …”). However, this functional description of an authentication module does not include a statement that the authentication module itself is actually included as a structure of the claimed security system. Thus, the examiner does not interpret claim 12 as being structurally limited by an authentication module.
However, for the sake of compact prosecution, and in anticipation of appropriate amendment by the applicant, the examiner notes that the prior art also teaches “… an authentication module … (e.g. Venkataramani, fig. 1:111, 110).
Claims 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Venkataramani, US 2018/0004934 A1, in view of Mautone et al. (Mautone), US 2023/0224325 A1, in view of Braun, US 2006/0026672 A1.
Regarding claim 10, Venkataramani discloses a system for authentication and updating passwords. However, Venkatramani does not disclose that the authentication and password updates could be used within industrial automation, production, and processing systems. However, Braun teaches that industrial automation, production, and processing systems also require the use of password authentication and password updates. It would have been obvious to one of ordinary skill in the art to apply the system teachings of Braun within the context of Venkataramani. This would have been obvious because one of ordinary skill in the art would have been motivated by the teaching that industrial automation, production, and processing systems require security achieved via the use of passwords (e.g. Braun, par. 2 – 6).
Thus, the combination enables:
wherein the automation system comprises a production system and/or a process technology system (e.g. Braun, par. 2).
Regarding claim 11, it is rejected for the same reasons as claim 10, and furthermore because the combination enables:
wherein the endpoint comprises at least one production tool and/or an industrial control device and/or a process technology device (e.g. Venkataramani, par. 2-8; fig. 1:12).
Response to Arguments
Applicant's arguments filed 1/30/26 have been fully considered but they are not persuasive.
Applicant’s arguments with respect to the 35 U.S.C. 102 and 103 rejections of the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Furthermore, the examiner notes in response to the applicant’s argument essentially that “… the words "meta" … do not appear in Venkataramani”, that the claims do not recite “meta”, but rather “meta-information” – which is information that describes characteristics of other information. Venkatramani clearly teaches information (e.g. password rules, expiration times, creation times, requirements, etc.) which describes features and characteristics of and relating to the password, and thus clearly teaches “meta-information”.
The balance of Applicant’s arguments are respectfully noted to be unpersuasive for the same reasons shown above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965. The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495