DETAILED ACTION
This communication is in response to the application files on July 8th, 2024 in which claims 1-19 are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The disclosure is objected to because of the following informality: Paragraph 0028 states “also referred to as remove device 110”. Correct the word “remove” to “remote”. Appropriate correction is required.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign mentioned in the description: “315”. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 9, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20250030679 A1 to Reddy et al (hereinafter Reddy) in view of US 20040003190 A1 to Childs et al (hereinafter Childs).
As per claim 1, Reddy discloses a method for accessing a remote device through the use of a break glass account (Reddy, par 0022, “Examples described herein may provide an approach to create a one-time temporary break glass account with the required privileged access to the data center resource with a short period of time, which may significantly reduce the operational cost.”) comprising:
prior to being disconnected from a network, the remote device: accessing a break glass synchronization (sync) account stored by a directory server (Reddy, par 0021, “Further, the data center manager may notify credentials associated with the temporary break glass account to the user and enable an operation on the data center resource via the temporary break glass account using the credentials”). Examiner Note: It is implied that the access to the break glass account stored on the directory server is communicating while maintaining connection to a network.
reading break glass user credentials stored in association with the break glass sync account, the break glass user credentials including a secure password mechanism (Reddy, par 0004, “In many situations, access to these services and other network resources requires that a user provide some type of credential, often a password, to authenticate the user's identity and obtain authorization for that access through a user account or other such information.”). Examiner note: It is implied that reading break glass credentials is a step of authentication.
storing the break glass user credentials defined for the remote device on the remote device (Reddy, claim 3, “The method of claim 1, further comprising: storing the credentials associated with the temporary break glass in a storage device associated with a management component.”, Reddy, claim 4, “The method of claim 1, wherein the data center resource comprises an on-premises resource of an on-premises computing system or a cloud resource of a cloud computing system.”). Examiner note: Reddy teaches that the data center resource comprises of a cloud resource, therefore it is understood that the credentials may be stored remotely.
the remote device: receiving login credentials by a user attempting to log in to the remote device, including a user-entered secure password mechanism (Reddy, par 0020, “Further, security of such data center resources and associated data is of high importance. In this regard, a user or client may have to provide credentials, often a password, to authenticate the user's identity and obtain authorization for performing operations on the data center resources through a user account.”, Reddy, par 0021, “Examples described herein may provide a management node including a data center manager to create a temporary break glass account for data center operations. The data center manager may receive a request to create a temporary break glass account from a user associated with a user account.”).
comparing the login credentials to the break glass user credentials; and allowing access to the protected information stored by or functionality provided by the remote device based on a result of the comparison (Reddy, par 0033, “In response to receiving the approval from the administrator account, data center manager 134 may create the temporary break glass account to access the data center resource for a specific duration.”, Reddy, claim 10, “…and enable an operation on the data center resource via the temporary break glass account using the credentials…”). Examiner note: It is implied that granting access to the protected information or resource includes the action of comparing the login credentials.
Reddy teaches the above limitations of claim 1 including the remote device: receiving login credentials by a user attempting to log in to the remote device, including a user-entered secure password mechanism (Reddy, paras 0020 and 0021). However, Reddy does not teach authentication after being disconnected from network. In an analogous art in network system security, Childs teaches authentication after being disconnected from network (Childs, Figure 3, Elements 100, 120, 150, 200, 160, 170, 180, Childs, par 0024, “If, when a user authentication request fails in a system including a gateway machine, no connectivity is available to an operative LDAP server or an operative gateway, the local client is searched 160 and a matching locally-stored authenticated credential used 180, if applicable, as discussed above.”). It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the invention of Reddy to incorporate the steps in the event of a disconnection from a network as taught by Childs, in order to allow access to secure resources when a server is unavailable, and prevent productivity losses (Childs, paras 005 and 006).
Claim 9 recites substantially the same limitation as claim 1, in which the method allows a remote device accesses a break glass account in a directory and allows access to protected information upon a successful authentication, in the form of a remote device, therefore, it is rejected under the same rationale.
Claim 17 recites substantially the same limitation as claim 1, in which the method allows a remote device accesses a break glass account in a directory and allows access to protected information upon a successful authentication, in the form of a non-transitory computer readable medium, therefore, it is rejected under the same rationale.
Claims 2-6, 10-14, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20250030679 A1 to Reddy et al (hereinafter Reddy) in view of US 20040003190 A1 to Childs et al (hereinafter Childs) and further in view of US 20210279325 A1 to Harris (hereinafter Harris).
As per claim 2, Reddy-Childs teaches wherein the break glass user credentials were changed responsive to a determination that the remote device had been logged into using the break glass user credentials beyond a limit established by the break glass user credentials (Reddy, claim 10, “A management node comprising… a scheduler to delete the temporary break glass account in response to an expiration of a timer, wherein the timer is configured based on the time period.”).
Reddy-Childs does not disclose subsequent to the remote device reconnecting to the network, repeatedly updating the break glass user credentials stored on the remote device. In an analogous art in the field of password management, Harris teaches subsequent to the remote device reconnecting to the network, repeatedly updating the break glass user credentials stored on the remote device (Harris, claim 9, “The method according to claim 8, further comprising, after restoration of the failed communication link, the one of the first and second password management servers transmitting the notification, and the other of the first and second password management servers receiving the notification, and updating the active password to be consistent with the update based on the received notification.”). It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the invention of Reddy-Childs to incorporate credential updates upon reconnection as disclosed by Harris, in order to keep the system functional and the devices secure (Harris, par 006).
As per claim 3, Reddy-Childs-Harris teaches the method of claim 2, Reddy-Childs does not teach wherein updating the break glass user credentials stored on the remote device includes the remote device: logging into the directory services as a break glass synchronization user; accessing the break glass user credentials stored in association with the break glass sync account; and replacing previously stored break glass user credentials with the accessed break glass user credentials. However, in an analogous art in the field of password management, Harris teaches wherein updating the break glass user credentials stored on the remote device includes the remote device: logging into the directory services as a break glass synchronization user; accessing the break glass user credentials stored in association with the break glass sync account; and replacing previously stored break glass user credentials with the accessed break glass user credentials (Harris, par 0067, “If a reserve password successfully gains access to the password protected device, the PMS 200 may update its active password to be this reserve password, and update the password database to remove this password from among the reserve passwords.”. Examiner note: It is implied that replacing previously stored credentials would include the act of logging into the directory and accessing the credentials.) It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the invention of Reddy by further incorporating the replacement of used credentials as taught by Harris, in order to keep the devices secure on a network (Harris, par 0066).
As per claim 4, Reddy-Childs-Harris teaches the method of claim 3, wherein the determination that the remote device had been logged onto using the break glass user credentials beyond a limit established by the break glass user credentials is determined locally at the remote device or by a remote monitor or supervisory system (Reddy, claim 12, “The management node of claim 10, wherein the data center resource comprises an on-premises resource of an on-premises computing system or a cloud resource of a cloud computing system.” Reddy, claim 16, “The management node of claim 10, wherein the scheduler is to: upon creating the temporary break glass account, initiate the timer based on the time period, wherein the time period is to indicate an amount of permitted time or permitted period to perform the operation on the data center resource.”). Examiner note: Reddy teaches that the management node tracks the time for performing operations, and that the data resource can exist either on-premise, or in a cloud resource. Therefore, the management node disclosed by Reddy serves as the basis for rejection of this claim.
As per claim 5, Reddy-Childs teaches the method of claim 1, wherein: the remote device is included in a plurality of remote devices, and the method further comprises: individual remote devices of the plurality of remote devices (Reddy, par 0030, “Furthermore, computing environment 100 may include multiple user devices (e.g., a user device 122) for accessing different data center resources and an administrator device 126 for managing the data center resources.”, Reddy, par 0038, “For example, a typical computing environment would include many more remote servers (e.g., physical host computing systems), which may be distributed over multiple data centers, which might include many other types of devices, such as switches, power supplies, cooling systems, environmental controls, and the like, which are not illustrated herein.”).
However, Reddy-Childs fails to teach when connected to the network, repeatedly: logging into the directory services as the break glass synchronization user; accessing the break glass user credentials stored in association with the break glass sync account; and replacing previously stored break glass user credentials with the accessed break glass user credentials. In an analogous art, Harris teaches when connected to the network, repeatedly: logging into the directory services as the break glass synchronization user; accessing the break glass user credentials stored in association with the break glass sync account; and replacing previously stored break glass user credentials with the accessed break glass user credentials (Harris, par 0067, “If a reserve password successfully gains access to the password protected device, the PMS 200 may update its active password to be this reserve password, and update the password database to remove this password from among the reserve passwords.”). The reasons of obviousness have been stated in the rejection of claim 3 above, and are applicable herein.
As per claim 6, Reddy-Childs-Harris teaches the method of claim 5. Reddy-Childs fails to disclose a change in user credentials due to the repeated logins to the directory services. In an analogous art, Harris further teaches the method of claim 5, wherein the repeated logging into the directory services is periodic, and the break glass user credentials stored in association with the break glass sync account are changed responsive to a determination that the individual remote device has been logged into using the break glass user credentials beyond a limit established by the break glass user credentials (Harris, par 0066, “In order to help keep a password protected device secure on a network, the password to access the device can be updated from time to time. The update of a device password may be carried out for example in response to a particular time occurring, a time interval passing, or an event taking place (for example, the number of times the active password has been used to gain access, an incorrect login attempt wherein a wrong password is used, etc.).”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the method of Reddy-Childs to incorporate credential changes upon repeated logins to the directory service as taught by Harris, in order to keep the device secure on the network (Harris, par 0006).
Claim 10 recites substantially the same limitation as claim 2, in which the credentials are updated subsequent to a reconnection to the network, in the form of a remote processing device, therefore, it is rejected under the same rationale.
Claim 11 recites substantially the same limitation as claim 3, in which the directory services are logged into and the credentials are updated, in the form of a remote device, therefore, it is rejected under the same rationale.
Claim 12 recites substantially the same limitation as claim 4, in which the determination of the login origin beyond a time limit is determined locally or remotely, in the form of a remote device, therefore, it is rejected under the same rationale.
Claim 13 recites substantially the same limitation as claim 5, in which the remote device is included in a plurality of remote devices that remotely update the login credentials, in the form of a remote device, therefore, it is rejected under the same rationale.
Claim 14 recites substantially the same limitation as claim 6, in which the credentials are updated due to the repeated login into the directory services, in the form of a remote device, therefore, it is rejected under the same rationale.
Claim 18 recites substantially the same limitation as claim 2, in which the credentials are updated subsequent to a reconnection to the network, in the form of a non-transitory computer readable medium, therefore, it is rejected under the same rationale.
Claim 19 recites substantially the same limitation as claim 3, in which the directory services are logged into and the credentials are updated, in the form of a non-transitory computer readable medium, therefore, it is rejected under the same rationale.
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy in view of Childs as applied to claim 1 above, and further in view of US 20200329025 A1 to Kahn et al (hereinafter Kahn).
As per claim 7, Reddy-Childs the method of claim 1; Reddy-Childs does not disclose the salted hash password feature. In an analogous art in the endeavor, Kahn teaches wherein the secure password mechanism is or includes a salted hash password (Kahn, par 0034, “IDP device 106 compares the new salted hashed password to the stored salted hashed password in attempt table 110 to determine whether the newly received password is the same as the previously received password.”, Kahn, par 0036, “Thus, IDP device 106 applies the hash function and corresponding salt value for each stored password to each newly received password for a given user account to determine whether the newly received password is the same as any of the stored passwords for the user account”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the invention of Reddy-Childs by incorporating salted hashes in the secure password mechanism that is used for authentication, as taught by Kahn, in order to determine whether the user credentials are authentic (Kahn, par 0026).
Claim 15 recites substantially the same limitation as claim 7, in which the password mechanism is or includes a salted hash password, in the form of a remote device, therefore, it is rejected under the same rationale.
Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy in view of Childs as applied to claim 1 above, and further in view of US 20170171215 A1 to Brucker et al (hereinafter Brucker) and US 20210279325 A1 to Harris.
As per claim 8, Reddy-Childs teaches the break glass access method of claim 1. However, Reddy-Childs does not teach wherein the break glass user credentials include pre-defined items including at least one of level of access and permissible BGU login count, wherein the level of access defines which protected information stored by the remote device or selected functionality of the remote device will be accessible to the BGU. In an analogous art in the field of access control, Brucker teaches wherein the break glass user credentials include pre-defined items including at least one of level of access and permissible BGU login count, wherein the level of access defines which protected information stored by the remote device or selected functionality of the remote device will be accessible to the BGU (Brucker, par 0023, “The example PM 100 can include compliance and/or security requirements. Example compliance and security requirements can include access control, separation of duty (SoD), binding of duty (BoD), and need to know. With regard to access control, access to resources and/or authorization to perform tasks are to be restricted to certain user roles (e.g., clerks, managers) of users”, Brucker, par 0052, “The policy management system 206 includes a policy/security store 218 (database) that stores configurations that describe the current security policy (e.g., the access control policy, user-role-configuration, etc.) of respective processes. In some examples, an administrator 228 can interact with the policy management system 206 using a computing device 230 (e.g., to create, edit, or delete policies)”). It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to modify the invention of Reddy-Childs by incorporating access-based privileges as taught by Brucker, in order to prevent unintended policy violations (Brucker, par 0002).
In addition, Reddy-Childs does not teach once the BGU is logged into the remote device and the permissible BGU login count defines when logins into the remote device are permitted on the basis of count and/or time frame. In an analogous art in the endeavor, Harris teaches once the BGU is logged into the remote device and the permissible BGU login count defines when logins into the remote device are permitted on the basis of count and/or time frame (Harris, par 0066, “The update of a device password may be carried out for example in response to a particular time occurring, a time interval passing, or an event taking place (for example, the number of times the active password has been used to gain access, an incorrect login attempt wherein a wrong password is used, etc.)”). It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the method of Reddy-Childs to incorporate credential changes upon repeated logins to the directory service as taught by Harris, in order to keep the device secure on the network (Harris, par 0006).
Claim 16 recites substantially the same limitation as claim 8, in which the break glass credentials include levels of access and a permissible login count or time limit, in the form of a remote device, therefore, it is rejected under the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Garlick (US 20140173708 A1) discloses a method and server computing system to log user credentials and manage credentials for interactions with websites.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAFHIMUL HOQUE whose telephone number is (571)272-2571. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/T.H./ Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408