Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al (CN 117220996) in views of Eisenhauer et al (2025/0119272).
For claim 1, Liu teaches that a non-transitory computer-readable recording medium storing instructions to execute a password creation method on a computer device in conjunction with the computer device (Liu teaches that a computer program product, the computer program product comprises a computer program, which is stored in a computer readable storage media, at least one processor can read the computer program from the computer readable storage medium, When at least one processor executes the computer program, the technical solution of the password detecting as Liu teaches in par.137 and abstract On machine translation), wherein the password creation method comprises: transmitting a password creation request from a user of the computer device to a server (Liu teaches that operation instruction for the electronic device, the electronic device responds to the operation instruction of the user, obtains the password set by the user as the password to be processed, and sends an information obtaining request to the back end server as Liu teaches in par.58 On machine translation); receiving, from the server, a regular expression that is created at the server based on a password creation rule and user information in response to the password creation request (Liu teaches that the electronic device receives the regular expression rule information and preset hash information returned by the backend server, and according to the preset processing logic, detecting the password to be processed according to the regular expression rule information and/or the preset hash information, determining the complexity of the password to be processed, resisting the breaking strength and so on, and determining the detecting result of the password to be processed as Liu teaches in par.59-60 On machine translation); and hashing the password (Liu teaches performing hash processing to the password to be processed, determining the hash value to be processed corresponding to the password to be processed as Liu teaches in par.81-82 On machine translation).
Liu fails to teach that verifying validity of a password entered by the user based on the regular expression and which the validity is verified and transmitting the hashed password to the server.
Eisenhauer teaches, similar system, verifying validity of a password entered by the user based on the regular expression (Eisenhauer teaches verification with the repository 118. The hashcheck server 116 may search for string passwords, optionally using a regular expression in a sharepoint 112 or other fileshare as Eisenhauer teaches in par.10, 17 and 20) and which the validity is verified and transmitting the hashed password to the server (Eisenhauer teaches The hashcheck server 116 may check individual hashed or otherwise encrypted strings that are received for example from a data loss prevention (DLP) component 110 of the system 100. The DLP 110 may send string matches to the hashcheck server as Eisenhauer teaches in par.18). It would have been obvious to one ordinary skill in the art before effective filling date to modify Liu to include verifying validity of a password as taught and suggested by Eisenhauer for the purpose of determining, using a machine learning trained model, that text data includes potentially hashed information, and in response, comparing the string to a data set of hashed strings and determining, from the comparison, that the string corresponds to a stored hashed string of the data set, and in response outputting an indication that the stored hashed string is in the text data (Eisenhauer, abstract).
For claims 2, 10 and 15. Liu, as modified by Eisenhauer, further teaches that wherein the regular expression includes the password creation rule that is determined based on the user information or user activity in an application associated with the computer device (Liu teaches operation instruction of the user, obtaining the password to be processed indicated by the user, and sending an information obtaining request to the backend server, so that the backend server transfers and returns the regular expression rule information and the preset hash information in the database; receiving the detection information returned by the back-end server, and detecting the password to be processed according to the regular expression rule information and/or the preset hash information, and determining the detection result of the password to be processed; according to the detection result, outputting the corresponding prompt information; so as to prompt the user whether the password to be processed is available as Liu teaches in abstract).
For claims 3, Liu, as modified by Eisenhauer, further teaches that wherein the password creation method further comprises providing the user with information on the regular expression to induce the user to enter a new password in accordance with the password creation rule (Liu teaches that determined that the password to be processed has not passed the element detection, the password to be processed is returned to indicate the user to reset the password after outputting the corresponding element prompt information to prompt the user that the password to be processed has not passed the element detection as Liu teaches in par.98 on machine translations).
For claims 4, 11 and 16, Liu, as modified by Eisenhauer, further teaches that wherein the regular expression is determined based on the user information, and wherein the regular expression is different from a regular expression created for another user (Liu teaches that outputting the corresponding prompt information; so as to prompt the user whether the password to be processed is available and used for detecting the regular expression rule information of the password to be processed and the preset hash information so that it is easy to maintain and update, the password detection is more comprehensive, and it can effectively protect the safety of the user network information as Liu teaches in par.63 on machine translation).
For claims 5, 12 and 17, Liu, as modified by Eisenhauer, further teaches that wherein the regular expression is differently created according to a change in the user information (Liu teaches that receiving the detection information returned by the back-end server, and performing element detection to the password to be processed according to the regular expression rule information, determining the element detection result of the password to be processed; The factor detection result is used for representing whether the password to be processed passes the factor detection and if it is determined that the factor detection result represents that the password to be processed passes the factor detection, performing security detection on the password to be processed according to the preset hash information, determining the security detection result of the password to be processed, and determining the security detection result as the detection result of the password to be processed; The security detection result is used to characterize whether the password to be processed is a weak-strength password as Liu teaches on par.70-72 on machine translation).
For claims 6, 13 and 18, Liu, as modified by Eisenhauer, further teaches that wherein at least a portion of the user information includes at least one of information that is not stored in the computer device, information that is not managed by a computer program, or information that is stored only in the server (Liu teaches that The software function module is stored in a storage medium, and includes a number of instructions to cause a computer device (which may be a personal computer, a server, or a network device, or the like) or a processor to perform part of the steps of the methods of the embodiments of the present application as Liu teaches in par.141 on machine translations).
For claims 7 and 19, Liu, as modified by Eisenhauer, fails to teach that wherein the receiving of the regular expression from the server comprises further receiving, from the server, at least one error message information that is created based on the password creation rule or the regular expression, and the verifying of the validity of the password comprises outputting an error message based on the at least one error message information in response to the password entered by the user violating the regular expression.
Eisenhauer further teaches that wherein the receiving of the regular expression from the server comprises further receiving, from the server, at least one error message information that is created based on the password creation rule or the regular expression, and the verifying of the validity of the password comprises outputting an error message based on the at least one error message information in response to the password entered by the user violating the regular expression (Eisenhauer teaches that detection system may check for a string of characters that match at least one hash characteristic. After detection of the string of characters that matches at least one hash characteristic, the string of characters may be compared to a repository of hashed strings to determine if there is a match or partial match. When a match or partial match is detected, a notification, alert, communication, etc. may be sent or issued. In some examples, a notification may be sent to a user that stored or shared the string of characters. In an example, a notification may be sent to the user's supervisor. In other examples, a notification may be sent to a user associated with the matched or partially matched hash stored in the repository. The detection system may include a machine learning trained model as Eisenhauer teaches in par.9). It would have been obvious to one ordinary skill in the art before effective filling date to modify Liu to include verifying validity of a password as taught and suggested by Eisenhauer for the purpose of determining, using a machine learning trained model, that text data includes potentially hashed information, and in response, comparing the string to a data set of hashed strings and determining, from the comparison, that the string corresponds to a stored hashed string of the data set, and in response outputting an indication that the stored hashed string is in the text data (Eisenhauer, abstract).
For claims 8, Liu, as modified by Eisenhauer, fails to teach that wherein the outputting of the error message comprises outputting different error messages in accordance with a validity rule that is violated by the password entered by the user among a plurality of validity rules related to the regular expression, based on the at least one error message information.
Eisenhauer further teaches that wherein the outputting of the error message comprises outputting different error messages in accordance with a validity rule that is violated by the password entered by the user among a plurality of validity rules related to the regular expression, based on the at least one error message information (Eisenhauer teaches that text string that potentially includes the hash may be filtered at block 212. The filtering may include limiting string length, removing data that cannot be a result of hashes used to store passwords at an enterprise, or the like. The remaining string may be matched to a set of data (e.g., an NTLM hash or an HMAC hash at blocks 214 or 216, respectively). In an example, block 214 or 216 may include using a regular expression (regex) to determine whether the remaining string includes a match. The regex match may include identifying a partial match. Matching may occur by comparing the remaining string to hashes in the repository of hashes 208, for example via an API as Eisenhauer teaches in par.22). It would have been obvious to one ordinary skill in the art before effective filling date to modify Liu to include verifying validity of a password as taught and suggested by Eisenhauer for the purpose of determining, using a machine learning trained model, that text data includes potentially hashed information, and in response, comparing the string to a data set of hashed strings and determining, from the comparison, that the string corresponds to a stored hashed string of the data set, and in response outputting an indication that the stored hashed string is in the text data (Eisenhauer, abstract).
For claim 9, Liu teaches that a password creation method of a computer device comprising at least one processor (Liu teaches that a computer program product, the computer program product comprises a computer program, which is stored in a computer readable storage media, at least one processor can read the computer program from the computer readable storage medium, When at least one processor executes the computer program, the technical solution of the password detecting as Liu teaches in par.137 and abstract On machine translation), the password creation method comprising: transmitting, by the at least one processor, a password creation request from a user of the computer device to a server (Liu teaches that operation instruction for the electronic device, the electronic device responds to the operation instruction of the user, obtains the password set by the user as the password to be processed, and sends an information obtaining request to the back end server as Liu teaches in par.58 On machine translation); receiving, by the at least one processor from the server, a regular expression that is created at the server based on a password creation rule and user information in response to the password creation request (Liu teaches that the electronic device receives the regular expression rule information and preset hash information returned by the backend server, and according to the preset processing logic, detecting the password to be processed according to the regular expression rule information and/or the preset hash information, determining the complexity of the password to be processed, resisting the breaking strength and so on, and determining the detecting result of the password to be processed as Liu teaches in par.59-60 On machine translation); and hashing, by the at least one processor, the password (Liu teaches performing hash processing to the password to be processed, determining the hash value to be processed corresponding to the password to be processed as Liu teaches in par.81-82 On machine translation).
Liu fails to teach that verifying, by the at least one processor, validity of the password entered by the user based on the regular expression; which the validity is verified and transmitting the hashed password to the server.
Eisenhauer teaches, similar system, verifying, by the at least one processor, validity of the password entered by the user based on the regular expression (Eisenhauer teaches verification with the repository 118. The hashcheck server 116 may search for string passwords, optionally using a regular expression in a sharepoint 112 or other fileshare as Eisenhauer teaches in par.10, 17 and 20) and which the validity is verified and transmitting the hashed password to the server (Eisenhauer teaches The hashcheck server 116 may check individual hashed or otherwise encrypted strings that are received for example from a data loss prevention (DLP) component 110 of the system 100. The DLP 110 may send string matches to the hashcheck server as Eisenhauer teaches in par.18). It would have been obvious to one ordinary skill in the art before effective filling date to modify Liu to include verifying validity of a password as taught and suggested by Eisenhauer for the purpose of determining, using a machine learning trained model, that text data includes potentially hashed information, and in response, comparing the string to a data set of hashed strings and determining, from the comparison, that the string corresponds to a stored hashed string of the data set, and in response outputting an indication that the stored hashed string is in the text data (Eisenhauer, abstract).
For claim 14, Liu teaches that a computer device comprising: at least one processor configured to execute computer-readable instructions on the computer device (Liu teaches that a computer program product, the computer program product comprises a computer program, which is stored in a computer readable storage media, at least one processor can read the computer program from the computer readable storage medium, When at least one processor executes the computer program, the technical solution of the password detecting as Liu teaches in par.137 and abstract On machine translation), wherein the at least one processor is configured to, receive a password creation request transmitted from a terminal of a user under control of a client installed on the terminal of the user (Liu teaches that operation instruction for the electronic device, the electronic device responds to the operation instruction of the user, obtains the password set by the user as the password to be processed, and sends an information obtaining request to the back end server as Liu teaches in par.58 On machine translation); create a regular expression based on a password creation rule and user information in response to the password creation request, transmit the regular expression to the terminal of the user (Liu teaches that the electronic device receives the regular expression rule information and preset hash information returned by the backend server, and according to the preset processing logic, detecting the password to be processed according to the regular expression rule information and/or the preset hash information, determining the complexity of the password to be processed, resisting the breaking strength and so on, and determining the detecting result of the password to be processed as Liu teaches in par.59-60 On machine translation), and that is hashed at the terminal of the user, and register the hashed password in association with the user (Liu teaches performing hash processing to the password to be processed, determining the hash value to be processed corresponding to the password to be processed as Liu teaches in par.81-82 On machine translation).
Liu fails to teach that receive, from the terminal of the user, a password that is verified based on the regular expression.
Eisenhauer teaches, similar system, receive, from the terminal of the user, a password that is verified based on the regular expression (Eisenhauer teaches verification with the repository 118. The hashcheck server 116 may search for string passwords, optionally using a regular expression in a sharepoint 112 or other fileshare as Eisenhauer teaches in par.10, 17 and 20). It would have been obvious to one ordinary skill in the art before effective filling date to modify Liu to include verifying validity of a password as taught and suggested by Eisenhauer for the purpose of determining, using a machine learning trained model, that text data includes potentially hashed information, and in response, comparing the string to a data set of hashed strings and determining, from the comparison, that the string corresponds to a stored hashed string of the data set, and in response outputting an indication that the stored hashed string is in the text data (Eisenhauer, abstract).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYUB A MAYE whose telephone number is (571)270-5037. The examiner can normally be reached Monday-Friday 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYUB A MAYE/Examiner, Art Unit 2436 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436