DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 are pending.

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 2/1/19 and 2/8/21 was filed after the mailing date of the Claims on 2/1/19.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
3.	Claims 1, 12, and 17 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 13, and 18  of copending Application No. 16/264,925 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because:
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claims 1, 12, and 17 of the instant application ‘897 recites similar subject matter as to that of claims 1, 13, and 18 of co-pending application ‘925. Although the limitations are not exactly the same, both ‘897 and ‘925 obviously broad variation of one another reciting similar claim invention. Therefore, it would have been obvious for a person of ordinary skill in the art the claimed invention of ‘897 suggests a broad variation to the claimed invention of co-pending application ‘925.
4.	Claims 1, 12, and 17 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 12, and 17 of copending Application No. 16/264,877 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because:
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1, 12, and 17 of the instant application ‘897 recites similar subject matter as to that of claims 1, 12, and 17 of co-pending application ‘877. Although the limitations are not exactly the same, both ‘897 and ‘877 obviously broad variation of one another reciting similar claim invention. Therefore, it would have been obvious for a person of ordinary skill in the art the claimed invention of ‘897 suggests a broad variation to the claimed invention of co-pending application ‘877.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

5.	Claim(s) 1-20 is/are rejected under 35 U.S.C. 102a as being anticipated by Wu, et al. [US 10,263,779].
Claim 1:	Wu teach a method, comprising: 
in response to a first authentication of a client using a given shared secret [Wu: col.3, lines 62-65; e.g. a symmetric key encryption and/or authentication system, or key, referred to as a private session key (or "PSK"), is generated in a manner where neither the secure network nor an eavesdropper can feasibly intercept or derive this key (col.4, lines 20-26). The “shared secret” can be given the broadest reasonable interpretation (BRI) as sharing undisclosed or confidential data which may be include key, encryption, password, or protected data per se], updating, using at least one processing device of a server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and  [Wu: col.6, lines 18-53 and col.33, lines 33-40; this second node examines headers used for communications and verifies that Bob's connection node was indeed the source of communications decrypted using this (second) shared secret key; in one embodiment, each node of the secure network is provided with an updated full map of the secure network, such that verification can be performed from end-device origin and destination information. See also col.14, lines 5-13]
evaluating a second authentication using the updated shared secret. [Wu: col.33, lines 25-55; encryption module software then causes node y to re -encrypt the recovered avatar using the shared secret key pertinent to a hop between node y and an ensuing node, node z. The communications module interacts with the management module as necessary to adjust any forwarding headers, obtain an updated network map, or otherwise perform routing as appropriate, and it then sends the re-encrypted information on to node z. Once node y receives this return of information, the communications module passes the information to the encryption module which decrypts the information according to the proper shared secret key and then re-encodes that information for transmission to node x. The BRI for “updated shared secret” can be in the form of re-encrypt or re-encode such that this requires a second authentication which may involve to decrypt or decode]
Claim 2:  Wu: col.40, lines 15-40; discussing the teach a method of claim 1, wherein an anomaly is detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication.
Claim 3:  Wu: col.18, line 36-col.19, line 24; discussing the method of claim 2, wherein, in response to the anomaly being detected, the server initiates a predefined recovery workflow.

Claim 5:  Wu: col.6, lines 18-53; discussing the method of claim 2, wherein the server detects a breach of shared secrets of multiple users by monitoring a number of said detected anomalies across a user population and initiates a predefined recovery flow depending upon a number of impacted users. [col.10, line-65-col.11, line 3 and col.18, line 36-col.19, line 10; anomalies detected]
Claim 6:  Wu: col.11, lines 28-35 and col.19, lines 34-45; discussing the method of claim 1, wherein the update comprises one or more of an exclusive OR operation and a hash operation applied to the given shared secret and the information from the first authentication.
Claim 7:  Wu: col.7, lines 10-15; discussing the method of claim 1, wherein the information from the first authentication comprises one or more of a timestamp of the first authentication, a random value used in the first authentication, and a substantially unique value used in the first authentication.
Claim 8:  Wu: col.6, lines 18-53; discussing the method of claim 1, wherein the given shared secret comprises one or more of a password, a cryptographic key, a cryptographic symmetric key, a personal identification number, and a shared secret seed used to derive one-time passcodes.
Claim 9:  Wu: col.35, lines 5-30; discussing the method of claim 1, wherein the server sends the client a notification of one or more of that the first authentication succeeded and that the given shared secret needs to be updated.

Claim 11:  Wu: col.7, lines 10-20 and col.38, lines 20-35; discussing the method of claim 1, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as part of the second authentication and the server uses the received timestamp of the first authentication to retrieve the given shared secret.
Claim 12:	Wu teach a system, comprising: 
a memory; and [Wu: col.11, lines 60-65]
at least one processing device, coupled to the memory [Wu: col.11, lines 42-65], operative to implement the following steps: 
in response to a first authentication of a client using a given shared secret, updating [Wu: col.3, lines 62-65; e.g. a symmetric key encryption and/or authentication system, or key, referred to as a private session key (or "PSK"), is generated in a manner where neither the secure network nor an eavesdropper can feasibly intercept or derive this key (col.4, lines 20-26). The “shared secret” can be given the broadest reasonable interpretation (BRI) as sharing undisclosed or confidential data which may be include key, encryption, password, or protected data per se], by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and [Wu: col.6, lines 18-53 and col.33, lines 33-40; this second node examines headers used for communications and verifies that Bob's connection node was indeed the source of communications decrypted using this (second) shared secret key; in one embodiment, each node of the secure network is provided with an updated full map of the secure network, such that verification can be performed from end-device origin and destination information. See also col.14, lines 5-13] 
evaluating a second authentication using the updated shared secret. [Wu: col.33, lines 25-55; encryption module software then causes node y to re -encrypt the recovered avatar using the shared secret key pertinent to a hop between node y and an ensuing node, node z. The communications module interacts with the management module as necessary to adjust any forwarding headers, obtain an updated network map, or otherwise perform routing as appropriate, and it then sends the re-encrypted information on to node z. Once node y receives this return of information, the communications module passes the information to the encryption module which decrypts the information according to the proper shared secret key and then re-encodes that information for transmission to node x. The BRI for “updated shared secret” can be in the form of re-encrypt or re-encode such that this requires a second authentication which may involve to decrypt or decode]
Claim 13:  Wu: col.40, lines 15-40; discussing the system of claim 12, wherein an anomaly is detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication.
Claim 14:  Wu: col.6, lines 18-53; discussing the system of claim 13, wherein the server detects a breach of shared secrets of multiple users by monitoring a number of said detected anomalies across a user population and initiates a predefined recovery flow  [col.10, line-65-col.11, line 3 and col.18, line 36-col.19, line 10; anomalies detected] 
Claim 15:  Wu: col.6, lines 18-20; discussing the system of claim 12, wherein the given shared secret and the updated shared secret are part of a chain of shared secret values.
Claim 16:  Wu: col.7, lines 10-20 and col.38, lines 20-35; discussing the system of claim 12, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as part of the second authentication and the server uses the received timestamp of the first authentication to retrieve the given shared secret.
Claim 17:	Wu teach a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs, wherein the one or more software programs when executed by at least one processing device perform the following steps: 
in response to a first authentication of a client using a given shared secret, updating, by the server [Wu: col.3, lines 62-65; e.g. a symmetric key encryption and/or authentication system, or key, referred to as a private session key (or "PSK"), is generated in a manner where neither the secure network nor an eavesdropper can feasibly intercept or derive this key (col.4, lines 20-26). The “shared secret” can be given the broadest reasonable interpretation (BRI) as sharing undisclosed or confidential data which may be include key, encryption, password, or protected data per se], the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and [Wu: col.6, lines 18-53 and col.33, lines 33-40; this second node examines headers used for communications and verifies that Bob's connection node was indeed the source of communications decrypted using this (second) shared secret key; in one embodiment, each node of the secure network is provided with an updated full map of the secure network, such that verification can be performed from end-device origin and destination information. See also col.14, lines 5-13]
evaluating a second authentication using the updated shared secret. [Wu: col.33, lines 25-55; encryption module software then causes node y to re -encrypt the recovered avatar using the shared secret key pertinent to a hop between node y and an ensuing node, node z. The communications module interacts with the management module as necessary to adjust any forwarding headers, obtain an updated network map, or otherwise perform routing as appropriate, and it then sends the re-encrypted information on to node z. Once node y receives this return of information, the communications module passes the information to the encryption module which decrypts the information according to the proper shared secret key and then re-encodes that information for transmission to node x. The BRI for “updated shared secret” can be in the form of re-encrypt or re-encode such that this requires a second authentication which may involve to decrypt or decode]
Claim 18:  Wu: col.40, lines 15-40; discussing the computer program product of claim 17, wherein an anomaly is detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication.

Claim 20:  Wu: col.7, lines 10-20 and col.38, lines 20-35; discussing the computer program product of claim 17, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as part of the second authentication and the server uses the received timestamp of the first authentication to retrieve the given shared secret.

Conclusion
`Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571) 272-3851.  The examiner can normally be reached on Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 


LEYNNA T TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435