DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8, 12-21, 25-26, are rejected under 35 U.S.C. 103 as being unpatentable over Fiske(US 8817981 B2:IDS supplied) in view of Agarwal et al(“New Technologies in Password Cracking Techniques” page 179-197; by Sudhir Aggarwal, Shiva Houshmand and MattWeir: IDS supplied ) .
With regards to claim 1, 14 Fiske discloses, A method of operation in a processor-based computing system (FIG 2B and associated text; col 24 line 35-45; discloses system comprising, at least one processor; and at least one non-transitory processor-readable medium communicatively coupled to the at least one processor, wherein the at least one non-transitory processor-readable medium stores processor-executable instructions which, when executed by the at least one processor, cause the at least one processor to), the method comprising:
for a hashed passcode to be cracked where the hashed passcode to be cracked was hashed with a first hash function, generating a hash of the hashed passcode via a second hash function (FIG 1B, 1C 104, FIG 7 and associated text; col 15 line 35-50; Setup portion 104 uses registration code R and a method .PHI..sub.2, which may be a one-way function, to generate an initial passcode generator G.sub.1. Initial passcode generator G.sub.1 may be used for generating an initial passcode. A passcode generator, also known as a seed, can be a string of characters or other form of a code similar to registration code R or a passcode. Passcode generators may be stored securely by administrator 102 for use in verifying a passcode that is submitted by passcode device 101. The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1. Note: R is hashed of T and G1 is Hashed of R); and
determining whether there is a match between the hashed passcode to be cracked and any hashes of the clear text passcodes in the received set of clear text passcodes (Col 29 line 5-15; (227) Next, in step 1004, for trial passcode generator G.sub.TUi or for each trial passcode generator G.sub.Ti a trial passcode P.sub.TUi or a set of trial passcodes P.sub.Ti are generated according to .PHI..sub.3(G.sub.TUi)=P.sub.TUi or .PHI..sub.3(G.sub.Ti)=P.sub.Ti. In step 1006, P.sub.i is compared to each of the P.sub.Ti or P.sub.TUi. If passcode P.sub.TUi matches passcode P.sub.i or if there are any trial passcodes P.sub.Ti that match passcode P.sub.i, then step 920 proceeds to step 1008, where access is granted.).
Fiske does not exclusively but Agarwal teaches, sending a query specifying a defined portion of the hash of the hashed passcode to be cracked; (Page 191; Once a guess ismade, a hashing/cracking system such as John the Ripper (Peslyak 2016) or Hashcat (Steube 2016) can be used for hashing the guess. The cracking can clearly be further sped up by distributing the ordered guesses to several hashing processes (distributed computation), as well as by using GPUs (hardware capabilities) as supported by Hashcat to try many guesses in parallel.); and
receiving at least a set of clear text passcodes that correspond to the defined portion of the hash of the hashed passcode to be cracked; (Page 184; Cracking passwords using PCFG follows two phases. In the first phase, a probabilistic context-free grammar is learned from a training set of passwords. This is referred to as the training or learning phase. In the second phase, the learned grammar is used to generate a set of guesses that are hashed to compare against the set of hashes to be cracked. This is the cracking phase. Before we dive into the actual training and cracking steps, however, let us first discuss the probabilistic context-free grammar that serves as the core of this approach; see page 195-196.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Fiske’s method with teaching of Agarwal in order to prevalent cracking in the near future(Agarwal Abstract).
With regards to claim 2, 15 Fiske further discloses, generating a hash of all clear text passcodes in the received set of clear text passcodes via the first hash function (Col 29 line 5-15; (227) Next, in step 1004, for trial passcode generator G.sub.TUi or for each trial passcode generator G.sub.Ti a trial passcode P.sub.TUi or a set of trial passcodes P.sub.Ti are generated according to .PHI..sub.3(G.sub.TUi)=P.sub.TUi or .PHI..sub.3(G.sub.Ti)=P.sub.Ti. In step 1006, P.sub.i is compared to each of the P.sub.Ti or P.sub.TUi. If passcode P.sub.TUi matches passcode P.sub.i or if there are any trial passcodes P.sub.Ti that match passcode P.sub.i, then step 920 proceeds to step 1008, where access is granted.).
With regards to claim 3, 16 Fiske further discloses, wherein determining whether there is a match between the hashed passcode to be cracked and any hashes of the clear text passcodes in the received set of clear text passcodes includes determining whether there is a match between the hashed passcode to be cracked and any of the generated hashes of the clear text passcodes in the received set of clear text passcodes via the first hash function (Col 29 line 5-15; (227) Next, in step 1004, for trial passcode generator G.sub.TUi or for each trial passcode generator G.sub.Ti a trial passcode P.sub.TUi or a set of trial passcodes P.sub.Ti are generated according to .PHI..sub.3(G.sub.TUi)=P.sub.TUi or .PHI..sub.3(G.sub.Ti)=P.sub.Ti. In step 1006, P.sub.i is compared to each of the P.sub.Ti or P.sub.TUi. If passcode P.sub.TUi matches passcode P.sub.i or if there are any trial passcodes P.sub.Ti that match passcode P.sub.i, then step 920 proceeds to step 1008, where access is granted.).
With regards to claim 4, 17 Fiske in view of Agarwal further discloses, wherein receiving at least a set of clear text passcodes that correspond to the defined portion of the hash of the hashed passcode to be cracked includes receiving the set of clear text passcodes that correspond to the defined portion of the hash of the hashed passcode to be cracked along with a respective hashed passcode for each of the clear text passcodes of the set of clear text passcodes (Agarwal Page 184; Cracking passwords using PCFG follows two phases. In the first phase, a probabilistic context-free grammar is learned from a training set of passwords. This is referred to as the training or learning phase. In the second phase, the learned grammar is used to generate a set of guesses that are hashed to compare against the set of hashes to be cracked. This is the cracking phase. Before we dive into the actual training and cracking steps, however, let us first discuss the probabilistic context-free grammar that serves as the core of this approach. Pls also see page 195-196).
With regards to claim 5, 18 Fiske in view of Agarwal further discloses, wherein determining whether there is a match between the hashed passcode to be cracked and any hashes of the clear text passcodes in the received set of clear text passcodes includes determining whether there is a match between the hashed passcode to be cracked and any of the received respective hashed passcode for each of the clear text passcodes of the set of clear text passcodes (Fiske Col 29 line 5-15; (227) Next, in step 1004, for trial passcode generator G.sub.TUi or for each trial passcode generator G.sub.Ti a trial passcode P.sub.TUi or a set of trial passcodes P.sub.Ti are generated according to .PHI..sub.3(G.sub.TUi)=P.sub.TUi or .PHI..sub.3(G.sub.Ti)=P.sub.Ti. In step 1006, P.sub.i is compared to each of the P.sub.Ti or P.sub.TUi. If passcode P.sub.TUi matches passcode P.sub.i or if there are any trial passcodes P.sub.Ti that match passcode P.sub.i, then step 920 proceeds to step 1008, where access is granted.).
With regards to claim 6, 19 Fiske further discloses, wherein generating a hash of the hashed passcode via a second hash function includes generating the hash of the hashed passcode via the second hash function which is a different hash function than the first hash function (Col 15 line 45-50; The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1.).
With regards to claim 7, 20 Fiske further discloses, wherein generating a hash of the hashed passcode via a second hash function includes generating the hash of the hashed passcode via the second hash function which is a same hash function as the first hash function (Col 15 line 45-50; The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1.).
With regards to claim 8, 12, 21,25 Fiske further discloses, generating the hashed passcode to be cracked via the first hashing function; determining that the hashed passcode to be cracked has been cracked in response to finding a match between the hashed passcode to be cracked and any one of the hashes of the clear text passcodes in the received set of clear text passcodes (Fiske Col 29 line 5-15; (227) Next, in step 1004, for trial passcode generator G.sub.TUi or for each trial passcode generator G.sub.Ti a trial passcode P.sub.TUi or a set of trial passcodes P.sub.Ti are generated according to .PHI..sub.3(G.sub.TUi)=P.sub.TUi or .PHI..sub.3(G.sub.Ti)=P.sub.Ti. In step 1006, P.sub.i is compared to each of the P.sub.Ti or P.sub.TUi. If passcode P.sub.TUi matches passcode P.sub.i or if there are any trial passcodes P.sub.Ti that match passcode P.sub.i, then step 920 proceeds to step 1008, where access is granted.).
With regards to claim 13, 26 Fiske in view of Agarwal further discloses, wherein sending the query specifying the defined portion of the hashed passcode to be cracked includes sending the query specifying the defined portion of the hashed passcode to be cracked by a client application executing on a client computing system to a server system, and the receiving at least a set of clear text passcodes that correspond to the defined portion of the hash of the hashed passcode to be cracked includes receiving from the server system by the client application executing on the client computing system at least the set of clear text passcodes that correspond to the defined portion of the hash of the hashed passcode to be cracked (Agarwal page 181; the Hashcat cracking tool is able to make more than 43 billion guesses a second against an unsaltedMD4 hash (Gosney 2016a, b). The original Rainbow Tables usually covered a keyspace of 957, (approximately 70 trillion possible options), which means a single GTX 1080 GPU could brute force the same keyspace in under 30 min with no pre-computation required. Note: hashcat is server based application running on client). Motivation would be same as stated in claim 1.
Allowable Subject Matter
Claims 9-11, 22-24, are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 9230075 B1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498 pendent
Prosecution Insights