DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Instant application 18/913,618
Co-pending Application 18/383,320
1. A method of operation in a processor-based computing system, the method comprising: obtaining a first set of hashed passcodes based at least in part on a first hashing function and a set of clear text passcodes; obtaining a second set of hashed passcodes based at least in part on one or more second hashing functions and the first set of hashed passcodes; and
binning the second set of hashed passcodes into a plurality of bins according to a defined portion of each hashed passcode of the second set of hashed passcodes; and
outputting one or more clear text passcodes corresponding to a bin of the plurality of bins according to a commonality between an input query and the defined portion of each hashed passcode associated with the bin.
1. A method of operation in a processor-based computing system, the method comprising:
generating a subsequent set of hashed passcodes from a previous set of hashed passcodes;
binning a plurality of clear text passcodes into a plurality of bins, wherein each clear text passcode is binned based on a prefix portion of a respective hashed passcode of the subsequent set of hashed passcodes;
receiving a query specifying a defined prefix portion of a hashed passcode to be cracked; and providing at least a set of clear text passcodes binned in a one of the plurality of bins that corresponds to the defined prefix portion of the hashed passcode to be cracked.
Claims 1-24 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-26 of Co-pending Application 18/383320. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with minor variations. This is a provisional non-statutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, 13-21, 28-29 are rejected under 35 U.S.C. 103 as being unpatentable over Fiske(US 8817981 B2) in view of Agarwal et al(“New Technologies in Password Cracking Techniques” page 179-197; by Sudhir Aggarwal, Shiva Houshmand and MattWeir ) .
With regards to claim 1, 13 Fiske discloses, A method of operation in a processor-based computing system (FIG 2B and col 21 line 50-col 22 line 5; discloses, “A processor-based computing system, comprising: at least one processor; and at least one non-transitory processor-readable medium communicatively coupled to the at least one processor, wherein the at least one non-transitory processor-readable medium stores processor-executable instructions” ), the method comprising:
obtaining a first set of hashed passcodes based at least in part on a first hashing function and a set of clear text passcodes (FIG 1B, 1C 104, FIG 7 and associated text; col 13 line 40-50; In an embodiment, a method, .PHI..sub.1 may be used for generating registration code R from the identification information. The method .PHI..sub.1 (which may be referred to as a generating method) may be a "one-way" method such as a one-way algorithm, a one-way function, and/or another one-way method. For example, the registration code may be generated according to the equation .PHI..sub.1(T)=R.; col 14 line 40-50; In an embodiment, a one-way hash function is used as method .PHI..sub.1. A hash function is one that accepts as its input argument an arbitrarily long string of bits (or bytes) and produces a fixed-size output); obtaining a second set of hashed passcodes based at least in part on one or more second hashing functions and the first set of hashed passcodes; (FIG 1B, 1C 104, FIG 7 and associated text; col 15 line 38-49; Setup portion 104 uses registration code R and a method .PHI..sub.2, which may be a one-way function, to generate an initial passcode generator G.sub.1. Initial passcode generator G.sub.1 may be used for generating an initial passcode. A passcode generator, also known as a seed, can be a string of characters or other form of a code similar to registration code R or a passcode. Passcode generators may be stored securely by administrator 102 for use in verifying a passcode that is submitted by passcode device 101. The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1. );
Fiske does not exclusively but Agarwal teaches, binning the set of hashed passcodes into a plurality of bins according to a defined portion of each hashed passcode of the set of hashed passcodes; (page 180; There have been several major shifts in the password cracking field over the years. In 2003, the concept of Rainbow Tables was introduced (Oechslin 2003). Rainbow Tables were a new variation of the basic idea of time–memory trade-off in which the mappings of plaintexts to cryptographic hashes were precomputed and stored for use in later cracking attacks. What made Rainbow Tables so groundbreaking was that they laid out a very aggressive compression scheme that drastically reduced the storage requirements for maintaining hash tables. This allowed people to download tables less than 40 gigabytes in size that cracked over 99% of allWindows LanMAN Hashes. As you can imagine, this had a huge impact on the password security field, and mentions of this technique pop up quite frequently even to this day.);
outputting one or more clear text passcodes corresponding to a bin of the plurality of bins according to a commonality between an input query and the defined portion of each hashed passcode associated with the bin (Page 191; Once a guess ismade, a hashing/cracking system such as John the Ripper (Peslyak 2016) or Hashcat (Steube 2016) can be used for hashing the guess. The cracking can clearly be further sped up by distributing the ordered guesses to several hashing processes (distributed computation), as well as by using GPUs (hardware capabilities) as supported by Hashcat to try many guesses in parallel. Page 180; Cracking passwords using PCFG follows two phases. In the first phase, a probabilistic context-free grammar is learned from a training set of passwords. This is referred to as the training or learning phase. In the second phase, the learned grammar is used to generate a set of guesses that are hashed to compare against the set of hashes to be cracked. This is the cracking phase. Before we dive into the actual training and cracking steps, however, let us first discuss the probabilistic context-free grammar that serves as the core of this approach; see page 195-196.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Fiske’s method with teaching of Agarwal in order to prevalent cracking in the near future(Agarwal Abstract).
With regards to claim 2, 14, Fiske further discloses, wherein obtaining the first set of hashed passcodes comprises: applying the first hashing function to each clear text passcode of the set of clear text passcodes to generate the first set of hashed passcodes (col 13 line 40-50; In an embodiment, a method, .PHI..sub.1 may be used for generating registration code R from the identification information. The method .PHI..sub.1 (which may be referred to as a generating method) may be a "one-way" method such as a one-way algorithm, a one-way function, and/or another one-way method. For example, the registration code may be generated according to the equation .PHI..sub.1(T)=R.; col 14 line 40-50; In an embodiment, a one-way hash function is used as method .PHI..sub.1. A hash function is one that accepts as its input argument an arbitrarily long string of bits (or bytes) and produces a fixed-size output ).
With regards to claim 3, 15, Fiske further discloses, wherein obtaining the second set of hashed passcodes comprises: applying the one or more second hashing functions to each hashed passcode in the first set of hashed passcodes to obtain the second set of hashed passcodes. (Col 15 line 45-50; The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1.).
With regards to claim 5-6, 17-18, Fiske further discloses, wherein at least one hashing function of the one or more second hashing functions is different from the first hashing function; wherein at least one hashing function of the one or more second hashing functions is the same as the first hashing function(Col 35-50; Setup portion 104 uses registration code R and a method .PHI..sub.2, which may be a one-way function, to generate an initial passcode generator G.sub.1. Initial passcode generator G.sub.1 may be used for generating an initial passcode. A passcode generator, also known as a seed, can be a string of characters or other form of a code similar to registration code R or a passcode. Passcode generators may be stored securely by administrator 102 for use in verifying a passcode that is submitted by passcode device 101. The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1.; Col 15 line 45-50; The initial passcode generator G.sub.1 may be generated according to the equation .PHI..sub.2(R)=G.sub.1. Method .PHI..sub.2 (which also may be referred to as a generating method) may be the same as, or different from, method .PHI..sub.1.).
With regards to claim 7, 19, Fiske in view of Agarwal discloses, wherein the input query indicates a portion of a hash of a hashed passcode to be cracked, the method further comprising: selecting a bin of the plurality of bins in accordance with a match between the defined portion of each hashed passcode associated with the selected bin and the portion of the hash of the hashed passcode to be cracked (Agarwal page 181; the Hashcat cracking tool is able to make more than 43 billion guesses a second against an unsaltedMD4 hash (Gosney 2016a, b). The original Rainbow Tables usually covered a keyspace of 957, (approximately 70 trillion possible options), which means a single GTX 1080 GPU could brute force the same keyspace in under 30 min with no pre-computation required.) . Motivation would be same as stated in claim 1.
With regards to claim 8, 20, Fiske in view of Agarwal discloses, wherein outputting the one or more clear text passcodes corresponding to the bin of the plurality of bins comprises: outputting each of the clear text passcodes associated with the selected bin of the plurality of bins in accordance with the binning( Agarwal Page 187 ; In the PCFG model developed by Weir et al. (2009) and used in Weir et al. (2010), passwords are viewed as being categorized into classes by the type of symbols available on the keyboard: L for alphabetic symbols, D for digits, and S for special symbols. (An italic or script S identifies the start symbol of the grammar.).Furthermore, the length of a sequence of similar class symbols is used as a subscript associated with the class. The resulting abstract structure is termed the base structure of the password. For example, the password alice123!Bobby has the base structure L5D3S1L5. The capitalization of the first letter of “Bobby” is considered as a mask over the second L5.; Note: alice123!Bobby classify to L5D3S1L5)
Allowable Subject Matter
Claims 4, 9-12, 16, 21-24 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 9230075 B1.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498