DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Wurmfeld et al. (US-20210182374).
a. Referring to claims 1, 11, 12 and 19:
Regarding claims 1, 11, 12, and 19, Wurmfeld teaches a computer-implemented method comprising: receiving an input signal associated with a user using a remote connection to access a client server, the input signal identifying an input received via an interface (Para 6, 50 and 51….. command authorization request message comprising a device command and an argument); executing an integrity module to generate an integrity certificate using the input signal, a secret key, and a sequential identifier corresponding to the input, the integrity certificate being generated for use during a verification process associated with the input signal (Para 8 and 56…. generating a MAC as the integrity certificate by applying a hash to the command, command argument and counter value, wherein the Mac is generated using a secret key); and transmitting the integrity certificate and the input signal to the client server using one or more channels, the client server being configured to forward the integrity certificate and the input signal to a verification server configured to validate the integrity certificate (Para 58…. first electronic device (authentication/verification server) receiving and validating the MAC and device command).
a. Referring to claims 2, 13 and 20:
Regarding claims 2, 13 and 20, Wurmfeld teaches the computer-implemented method of claim 1, wherein generating the integrity certificate further comprises: generating, by the integrity module, a tuple encoding the integrity certificate, wherein the tuple comprises: the sequential identifier that indicates an order of the input signal; and an integrity key created based on the input signal, the secret key and the sequential identifier using a cryptographic protocol (Para 8 and 50…. generating a MAC as the integrity certificate by applying a hash to the command, command argument and counter value, wherein the MAC is generated using a secret key).
a. Referring to claims 3 and 14:
Regarding claims 3 and 14, Wurmfeld teaches the computer-implemented method of claim 1, wherein the verification process further comprises using the verification server to verify the integrity certificate received from the client server by querying a database using a user identifier associated with the user to identify another secret key stored in the database, wherein the other secret key is associated with the user identifier (Para 63-65…. MAC verification).
a. Referring to claims 4 and 15:
Regarding claims 4 and 15, Wurmfeld teaches the computer-implemented method of claim 3, wherein the verification server is configured to generate another integrity key using the other secret key stored in the database, and wherein the verification server is configured to detect unauthorized input by comparing the integrity key received from the client server with the other integrity key generated by the verification server (Para 62-64… verification server generates a second MAC using a second secret key and compares the first and second MAC).
a. Referring to claim 5:
Regarding claim 5, Wurmfeld teaches the computer implemented method of claim 3, wherein the other secret key stored in the database is a private key of an asymmetric key pair generated using asymmetric public-key cryptography, and wherein the other secret key is usable to decrypt the secret key that is a public key of the asymmetric key pair (Para 100… using asymmetric encryption).
a. Referring to claims 6 and 16:
Regarding claims 6 and 16, Wurmfeld teaches the computer-implemented method of claim 1, wherein the verification server is configured to transmit a warning notification to a different computing system in response to detecting unauthorized input during the verification process (Para 65…. command denial message).
a. Referring to claims 7, 9 and 17:
Regarding claims 7, 9 and 17, Wurmfeld teaches the computer-implemented method of claim 6, wherein, in response to receiving the warning notification from the verification server, the client server is configured to cause a security measure based on a security policy to address the warning notification by denying the input signal with respect to accessing the client server (Para 69… deny the command upon receiving a denial message).
a. Referring to claims 8 and 18:
Regarding claims 8 and 18, Wurmfeld teaches the computer-implemented method of claim 1, wherein the verification server is further configured to receive a verification request from a webserver to verify a set of integrity certificates corresponding to a set of input signals transmitted to the verification server by the webserver, and wherein the set of input signals is associated with the user accessing the webserver (See the rejection in claims 1 and 3, with regards to Para 40, where the exemplary server is a webserver).
a. Referring to claim 10:
Regarding claim 10, Wurmfeld teaches the computer-implemented method of claim 1, wherein the interface is a keyboard with one or more keyboard keys configured to generate the input signal in response to being selected by the user (Para 44… keyboard).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/IZUNNA OKEKE/Primary Examiner, Art Unit 2497