DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 19180684 filed on 04/16/25025. Claims 1 and 24 are independent claims. Claims 1-24 have been examined and are pending in this application. This Office Action is made Non-Final.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/16/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly
pointing out and distinctly claiming the subject matter which the inventor or a joint inventor
regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and
distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ),
second paragraph, as being indefinite for failing to particularly point out and distinctly
claim the subject matter which the inventor or a joint inventor, or for pre-AIA the
applicant regards as the invention.
Regarding claim 1; Claim 1 is found indefinite because the claim recites both method and device/system. Claim 1 is directed to a method (i.e., reciting active steps) system including embodiments. However, the claim also recites a system/device claim limitation (i.e., “host computer to: perform …; return …”). A claim is considered indefinite under 35 U.S.C. 112(b) or 35 U.S.C. § 112 (pre-AIA ), second paragraph, if it does not reasonably apprise those skilled in the art of its scope. See MPEP 2173.05(p) and IPXL Holdings, 430 F.3d at 1384; See also In re Katz Interactive Call Processing Patent Litig., 639 F.3d 1303 (Fed. Cir. 2011) and Ex Parte Lyell, 17 USPQ2d 1548 (BPAI 1990) at 1550-51.") for details. It’s suggested that the claim be further amended to properly recite active steps of a claim method. Following is such an example.
“A method of investigating a remote host computer for auditing user account password, the method comprising:
performing, by the remote host computer, at least one password auditing investigative function including:
determining …;
determining …;
comparing …; and
returning match data; and
returning, by the remote host computer, investigation data …” (emphasis added).
Regarding claims 2-23, claims 2-23 are dependent on claim 1 and
therefore inherit 35 U.S.C. § 112(b) or pre-AIA 35 U.S.C. § 112, second paragraph
issues of the independent claims
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-10, 12-14, and 16-24 are rejected under 35 U.S.C. 103 as being unpatentable over Sanchez et al. (“Sanchez,” US 11,321,448, published on 05/03/2022) in view of Rowland et al. (“Rowland,” US 20210058412, published on 02/25/2021).
Regarding Claim 1;
Sanchez discloses a method of investigating a remote host computer for auditing user account passwords, the method using an investigation system comprising a computer system with a computer processor coupled to a system memory and programmed with computer readable instructions, the method using at least one investigative module, wherein the at least one investigative module includes a computer program comprising computer readable instructions for the host computer to (abstract; fig. 1; a remote server attempting to authenticate the user's password check for each possible fry key, such as checking against a set of preapproved fry keys, that the hashed fried password have been modified with in parallel; Col 9, lines 43-45; remote computing device comprise CPU, which may comprise one or more processors or cores, RAM, and data storage; Col 13, lines 11-13; hash comparison unit checks whether the set K contains the value X. If so, then the user is authenticated. If not, then the user is not authenticated):
perform at least one password auditing investigative function including (Col 2, lines 33-35; the user provide a user identifier (e.g., such as the username) and a password that are compared to the stored identifier and password; Col 21, lines 18-46; receiving, at a remote server and/or an associated transceiver, a hashed fried password associated with a virtual user account [] checking for each possible and pre-authorized fry key within a pre-approved group of several fry keys that have been used with the user password to create the hashed fried password at the user mobile device; and/or if a match exists [] allowing the user online access to their virtual account via their mobile device to facilitate secure communication or online account access):
determining at least one user account on the remote host computer with at least one user credential (Col 21, lines 18-46; receiving, at a remote server and/or an associated transceiver, a hashed fried password associated with a virtual user account [] the user's mobile device may have created the hashed fried password using a temporary, random fry key [] checking for each possible and pre-authorized fry key within a pre-approved group of several fry keys that have been used with the user password to create the hashed fried password at the user mobile device; and/or if a match exists [] allowing the user online access to their virtual account via their mobile device to facilitate secure communication or online account access),
determining a password hash corresponding to a user account password of the user account (Col 21, lines 18-46; receiving, at a remote server and/or an associated transceiver, a hashed fried password associated with a virtual user account [] the user's mobile device may have created the hashed fried password using a temporary, random fry key [] checking for each possible and pre-authorized fry key within a pre-approved group of several fry keys that have been used with the user password to create the hashed fried password at the user mobile device; and/or if a match exists [] allowing the user online access to their virtual account via their mobile device to facilitate secure communication or online account access),
comparing the user account password hash to a test password hash corresponding to a test password (Col 18, lines 49-53; the first countermeasure is storing hashed versions of each password instead of storing plaintext passwords. When future users attempt to authenticate themselves, their password
is hashed and is compared against the stored hashed version. A match is required to authenticate the user; Col 21, lines 18-46; receiving, at a remote server and/or an associated transceiver, a hashed fried password associated with a virtual user account [] the remote server and/or associated transceiver, retrieving a user password associated with the virtual user account, user, or user mobile device, such as from a memory unit; in parallel and using several processors, checking for each possible and pre-authorized fry key within a pre-approved group of several fry keys that have been used with the user password to create the hashed fried password at the user mobile device; and/or if a match exists [] allowing the user online access to their virtual account via their mobile device to facilitate secure communication or online account access),
returning match data, the match data indicating if the user account password hash matches the test password hash, thereby indicating if the user account password matches the test password (Col 13, lines 18-21; Hash comparison unit return a value (such as "TRUE" or "FALSE") indicating whether the hashed user-provided password value matches the stored hashed password value),
return investigation data relating to the at least one investigative function, the investigation data including the match data (Col 13, lines 18-21; Hash comparison unit return a value (such as "TRUE" or "FALSE") indicating whether the hashed user-provided password value matches the stored hashed password value),
the host computer running the at least one investigative module to perform the at least one investigative function and return the investigation data (Col 13, line 1-20; hash comparison unit checks whether the set K contains the value X. If so, then the user is authenticated [] the result from hash comparison returned to the user device. Hash comparison unit return a value indicating whether the hashed user-provided password value matches the stored hashed password value).
Sanchez discloses performing a computer investigation of the remote host computer as recited above, but do not explicitly disclose wherein the method includes performing a computer investigation of the remote host computer, the computer investigation including: the investigation system establishing a connection between the investigation system and the remote host computer, and the investigation system sending the at least one investigative module to the host computer.
However, in an analogous art, Rowland discloses computer investigation system/method that includes:
wherein the method includes performing a computer investigation of the remote host computer, the computer investigation including: the investigation system establishing a connection between the investigation system and the remote host computer, and the investigation system sending the at least one investigative module to the host computer (Rowland: pars 0042-0043; establishing a connection with the host computer, and sending at least one investigative module to the host computer, the at least one investigative module configured to run on the host computer to perform at least one investigative function on the host computer; par 0205; investigative module is configured to generate investigation data including results of the investigative function performed by the at least one investigative module).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Rowland with the method/system of Sanchez to include wherein the method includes performing a computer investigation of the remote host computer, the computer investigation including: the investigation system establishing a connection between the investigation system and the remote host computer, and the investigation system sending the at least one investigative module to the host computer. One would have been motivated to establish a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer (Rowland: abstract).
Regarding Claim 2;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein the investigation data excludes the test password and excludes the test password hash (Sanchez: Col 13, line 1-20; hash comparison unit checks whether the set K contains the value X. If so, then the user is authenticated [] Hash comparison unit return a value (such as "TRUE" or "FALSE") indicating whether the hashed user-provided password value matches the stored hashed password value).
Regarding Claim 3;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein the investigation data excludes the user account password hash (Sanchez: Col 13, line 1-20; hash comparison unit checks whether the set K contains the value X. If so, then the user is authenticated [] Hash comparison unit return a value (such as "TRUE" or "FALSE") indicating whether the hashed user-provided password value matches the stored hashed password value).
Regarding Claim 4;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigation data includes at least one identifier of the user account (Rowland: par 0343; the Investigation Module will return investigation data indicating the corresponding authorized keys file).
The motivation is the same that of claim 1 above.
Regarding Claim 5;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein the at least one investigative module is configured to determine a salt string of the user account password hash and creating the test password hash of the test password using the retrieved salt string (Sanchez: Col 2, lines 57-63; fig. 3; generating a fried password by a computer processor combining the password value, the salt value, the pepper value, and/or the temporary, random fry value (such as modifying or appending the password value with the salt, pepper, and/or temporary, random fry values; Col 21, lines 18-46; receiving, at a remote server and/or an associated transceiver, a hashed fried password associated with a virtual user account [] checking for each possible and pre-authorized fry key within a pre-approved group of several fry keys that have been used with the user password to create the hashed fried password at the user mobile device; and/or if a match exists).
Regarding Claim 6;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the test password is encrypted before creating the test password hash (Rowland: par 0383; Host SSH credentials are received by server from a user. The server encrypts the SSH credentials with a scanning node public key and can no longer access the credentials. Credentials are stored in the server database always encrypted with the node public key).
The motivation is the same that of claim 1 above.
Regarding Claim 7;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein multiple said test passwords are provided, the at least one investigative module configured to select the test password from said multiple test passwords (Sanchez: Col 14, lines 52-56; select a new fry value Q at random from the set of fry values, and perform and update of the hashed password value associated with the user in the user data, i.e., store the value).
Regarding Claim 8;
The combination of Sanchez and Rowland disclose the method of claim 7,
Sanchez discloses wherein the user account password hash is compared with a hash of each of all the multiple test passwords (Sanchez: Col 17, lines 43-47; fig. 3; for each of the fry values V0...Vn, a candidate hash is computed, using the same password, salt, and pepper values (blocks 312a-312n). The function used for computing the candidate hashes may correspond to the hashing function H).
Regarding Claim 9;
The combination of Sanchez and Rowland disclose the method of claim 7,
Sanchez discloses wherein the user account password hash is compared with a hash of each of a subset of all the multiple test passwords (Sanchez: Col 17, lines 43-47; fig. 3; for each of the fry values V0...Vn, a candidate hash is computed, using the same password, salt, and pepper values (blocks 312a-312n). The function used for computing the candidate hashes may correspond to the hashing function H).
Regarding Claim 10;
The combination of Sanchez and Rowland disclose the method of claim 7,
Sanchez discloses wherein the selection is random (Sanchez: Col 17, lines 43-47; fig. 3; for each of the fry values V0...Vn, a candidate hash is computed, using the same password, salt, and pepper values; Col 10, lines 7-9; fry value may be a number selected randomly from a finite set of known values).
Regarding Claim 12;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein the at least one investigative module includes multiple investigative modules, wherein a first said investigative module is configured to perform the at least one password auditing investigative function and receive data from a second said investigative module (Sanchez: Col 13, lines 2-14; fig. 1; wherein a single hash is created using a randomly-selected fry value V,, in the log in case, hashing controller computes {H(Gp,S,R,v)lvEV}=K. That is, a set K comprising the hash of the user-provided password, salt, pepper value, and fry value for every fry value in fry data [] hash comparison unit checks whether the set K contains the value X).
Regarding Claim 13;
The combination of Sanchez and Rowland disclose the method of claim 10,
Sanchez disclose wherein the data includes the test password (Sanchez: Col 2, lines 32-35; When the user desires to authenticate, the user may provide a user identifier ( e.g., such as the user name) and a password that are compared (e.g., by an application) to the stored identifier and password).
Regarding Claim 14;
The combination of Sanchez and Rowland disclose the method of claim 1,
Sanchez discloses wherein the investigative module is configured to determine multiple user accounts on the remote host computer, wherein the method includes performing the investigative function on one or more of the multiple user accounts (Sanchez: Col 15, lines 42-53; The user subsequently seek a second authentication by providing to a computing device, a second password [] the hash of the provided second password and valid fry value may be computed and checked against the stored hash associated with the user's account using).
Regarding Claim 16;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigative module includes a computer program that is agentless and configured to run on the host computer using software that is non-specific to the investigative module (Rowland: par 0048; the investigation system is agentless, the at least one investigative module not requiring a software agent on the host computer to run; par 0051; investigative module includes a computer program configured to run on the host computer using software that is non-specific to the investigative module).
The motivation is the same that of claim 1 above.
Regarding Claim 17;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigative module includes a binary program (Rowland: par 0304; investigation Module configured to retrieve system binary directories such as /bin, /sbin, /usr/bin, /usr/sbin and generate a list of all binaries present and generate cryptographic hashes of each).
The motivation is the same that of claim 1 above.
Regarding Claim 18;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigative module includes a plurality of said password auditing investigative functions (Rowland: par 0324; Investigation Module will count the number of audit logs that exist and compare it against the file sizes. If the Investigation Module determined a preponderance (e.g. >50%) of zero-byte sized logs then the Investigation Module returns investigation data indicating the logs are suspicious).
The motivation is the same that of claim 1 above.
Regarding Claim 19;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigative module is configured to run the corresponding investigative function on the host computer independently from the investigation system, the investigative function performable by the remote host computer without any connection between the investigation system and the remote host computer (Rowland: par 0268; the investigation system can function on a large variety of host computer types without any kind of modification or software agent install on the host computer Thus, the agentless nature of the investigation system enables it to be deployed for work immediately (without requiring software agent install) even on host computers that have never had any kind of security monitoring).
The motivation is the same that of claim 1 above.
Regarding Claim 20;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the multiple investigative modules are sent with corresponding investigative functions configured to run on the host computer simultaneously, sequentially or according to a predetermined scheme, wherein the scheme is randomised to be unpredictable, including running the at least one investigative function according to an unpredictable time schedule (Rowland: par 0061; multiple investigative modules may be sent, and the investigative modules configured to run on the host computer simultaneously, sequentially or according to a predetermined scheme. The scheme may be randomised to be unpredictable).
The motivation is the same that of claim 1 above.
Regarding Claim 21;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein the investigation system is configured to send the at least one investigative module and an unpredictable selection of further investigative modules (Rowland: par 0089; the investigation system is configured to provide an unpredictable selection of investigative modules to send to the host computer and/or to be run on the host computer).
The motivation is the same that of claim 1 above.
Regarding Claim 22;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland discloses wherein a said investigative function of the at least one investigative module includes obtaining information for ascertaining if there are any user accounts on the host computer that have data form attributes meeting criteria specified by the said further module (Rowland: par 0137; investigative modules may perform the investigative function of investigating the host computer to ascertain if there are any users or user accounts on the host computer that have data form attributes differing from a predefined integrity status)
The motivation is the same that of claim 1 above.
.
Regarding Claim 23;
The combination of Sanchez and Rowland disclose the method of claim 22,
Rowland discloses wherein the criteria include at least one of: a user account attribute matching a corresponding predefined user data form attribute stored in data in a said investigative module; a user account attribute differing to a corresponding predefined user data form attribute stored in data in a said investigative module; a user account attribute indicating the user has deleted a corresponding command history or linked their command history to a location; user account login data form attributes matching predefined login data form attributes stored in data in a said investigative module; user account authentication tokens with data form attributes matching predefined authentication token data form attributes stored in data in a said investigative module; a change in registered SSH key or other authentication mechanism; user accounts belonging to the root user ID group but not named root; deletion or linking of user command histories to predetermined locations; deletion of a user account from system/etc/passwd files but where the user remains in a local password database; user account home directories that are located at /dev/null; user accounts with credentials matching system default accounts; and authentication tokens that can allow users to login (Rowland: par 0138; Authentication tokens that can allow users to login).
The motivation is the same that of claim 1 above.
Regarding Claim 24;
This Claim recites a system that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Sanchez et al. (US 11,321,448) in view of Rowland et al. (US 20210058412), and further in view of Singarayar et al. (“Singarayar,” US 20250208942, filed on 12/21/2023).
Regarding Claim 11;
The combination of Sanchez and Rowland disclose the method of claim 1,
Rowland disclose wherein a said investigative module is configured to determine a resource usage of the remote host computer (Rowland: par 0450; system performance impacts can be limited by not only using random investigation times, but also running only a selection of all the available investigative modules at a time thereby lowering system resource usage); at least one password auditing investigative function to run depending on said resource usage (Rowland: par 0450; system performance impacts can be limited by not only using random investigation times, but also running only a selection of all the available investigative modules at a time thereby lowering system resource usage).
The motivation is the same that of claim 1 above.
The combination of Sanchez and Rowland disclose investigative module is configured to determine a resource usage of the remote host computer as recited above, but do not explicitly disclose at least one investigative module determining a maximum number of iterations.
However, in an analogous art, Singarayar discloses data quality checks system/method that includes:
at least one investigative module determining a maximum number of iterations (Singarayar: par 0070; determined whether the current number of iterations is less than the maximum number of iterations).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Singarayar with the method/system of Sanchez and Rowland to include at least one investigative module determining a maximum number of iterations. One would have been motivated to utilize different computing services for event processing and storing for downstream applications and services in a production computing environment (Singarayar: abstract).
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Sanchez et al. (US 11,321,448) in view of Rowland et al. (US 20210058412), and further in view of SLIWKA et al. (“SLIWKA,” US 20240261692, filed on 01/30/2024).
Regarding Claim 15;
The combination of Sanchez and Rowland disclose the method of claim 14,
Rowland discloses wherein the at least one investigative module is configured to perform the investigative function on a selected user accounts (Rowland: par 0400; the control server selects the host computer to be investigated)
The motivation is the same that of claim 1 above.
The combination of Sanchez and Rowland disclose investigative module is configured to perform the investigative function on a selected subset of the multiple user accounts as recited above, but do not explicitly disclose selected subset of the multiple user accounts, wherein the subset selection is random.
However, in an analogous art, SLIWKA discloses data quality checks system/method that includes:
selected subset of the multiple user accounts, wherein the subset selection is random (SLIWKA: par 1166; randomly select eligible user accounts, select the most active user accounts, apply a rules-based workflows to select user accounts).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of SLIWKA with the method/system of Sanchez and Rowland to include selected subset of the multiple user accounts, wherein the subset selection is random. One would have been motivated to call a wallet connection function of a blockchain SDK that connects the user' in-game account to a digital wallet that manages the user's blockchain account (SLIWKA: abstract).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.W./Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439