DETAILED ACTION
This action is responsive to RCE filed on 01/29/2021. Claims 1, 14 and 24 are independent. Claims 1, 14, 20 and 24 are amended. Thus, claims 1-27 are pending and being considered. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/29/2021 for application number 15/998,532 has been entered.

Response to Arguments/Remarks
	Applicant’s arguments/remarks filed on 12/30/2020 have been fully considered and are rendered moot in view of new grounds of rejection(s) outlined below. The argument(s) do not apply to the current art(s) being used.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 5, 8-20 and 22-27 are rejected under 35 U.S.C. 103 as being unpatentable over Truskovsky et al. (US 9,088,556 B2; Date of Patent July. 21, 2015), hereinafter (Trusk), in view of Correl F. et al. (US 8,056,123 B2; Date of Patent Nov. 08, 2011), hereinafter (Correl), and further in view of Chen; Abraham T. (US 2018/0337957 A1; Filed on May 18, 2017), hereinafter (Chen).

Regarding claim 1, Trusk teaches a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for controlling changes to authentication credentials, the operations comprising (Trusk, Col. 4; Lines 10-15 and/or Col. 20; Lines 32-36, discloses a non-transitory computer-readable storage medium comprising executable instructions for programming a computing device to detect unauthorized access to credentials of a credential store, the instructions configuring a processor of the computing device to monitor a plurality of credentials of the credential store)): 
securely maintaining data associated with a plurality of authentication credentials, the plurality of authentication credentials being useable by a plurality of identities to obtain access to one or more access-controlled network resources (Trusk, Col. 1; Lines 59-64, discloses that a keyring (such as credential store and/or password store) may allow for the secure storage of data Such as usernames, passwords, cryptographic (e.g. encryption) keys, access codes, digital certificates, and other secure data items, for multiple applications and services, typically by storing the data in encrypted form, and see also Col. 2; Lines 61-62, discloses that where the each of the credentials accessed within the period is associated with a different user account, and see also Col. 10; Lines 35-48, discloses to access variety of services such as a user may access computing resources available on the mobile devices); 
determining, Trusk, Col. 15; Lines 63-67 and Col. 16; Lines 1-3, discloses that the actions are taken on the computing device that serve not only to warn the user of the unauthorized access to the credential store, but also to prevent potential theft of further credentials in the credential store, and to assist ).  
However Trusk fails to explicitly disclose but Correl teaches generating, Correl, Col. 6; Lines 32-59, discloses to compute and/or derive a service secret (i.e., hereinafter a secret data element), which is only good for a limited time, in conjunction with the user authentication and authorization credentials); 
making available, the secret data element, to be embedded in a first authentication credential of the plurality of authentication credentials (Correl, Fig. 3 and Col. 5; Lines 42-67, illustrates a data structure for combining/concatenating a computed service secret 310 with a user password 320); 
identifying an attempt to change the first authentication credential, the attempt including new authentication credential data to replace data in the first authentication credential (Correl, Fig. 5 and Col. 7; lines 27-31, discloses that a service person obtains a service secret and combines it with a user-supplied password 512. A user or service person provides a userID and password to the system 514. The system tests the password supplied by the user or service person for the presence of a service secret 522, and/or as also disclosed in Col. 10; Lines 19-25, discloses to presenting the new password for system access; in response to presentation of the new password, determining validity of the service secret within the new password, wherein said service Secret is an authentication element separate from the presented password );
validating, conditional on whether the new authentication credential data includes the secret data element, the attempt to change the first authentication credential (Correl, Col. 7; Lines 6-7, discloses to determine whether a valid service secret may be extracted from the presented password 430 (see Fig. 4), and as disclosed in Col. 6; Lines 65-67, wherein the presented new password 430 was generated by combining the service secret with the userID/password, and/or see also Col. 7; lines 27-31, discloses that a service person obtains a service secret and combines it with a user-supplied password 512. A user or service person provides a userID and password to the system 514. The system tests the password supplied by the user or service person for the presence of a service secret 522); and 
determining, based on the validating, whether to perform a control action based on the new authentication credential data (Correl, Col. 7; Lines 6-51, discloses to perform actions, based on the test performed by the system (as shown in Figs. 4 and 5), for the presence of a service secret in the password supplied by the user or service person). 
Trusk and Correl are analogous arts and are in the same field of endeavor as they both pertain and directed towards detecting unauthorized access to credentials of a credential store and further provides service access control for a user interface by combining a service secret with a user access code, such as a user ID/password.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into 
However Trusk as modified by Correl fails to explicitly disclose but Chen teaches generating, based on application of a secret logic algorithm to the data associated with a selected group of the plurality of authentication credentials, a secret data element (Chen, Para. [0085], discloses that the certificate monitoring component 830 can maintain information related to and identifying each credential of the plurality of credentials. The information related to and identifying each credential can be maintained by the certificate monitoring component in a secure store or other repository 835 separate from the credentials. For example, the maintained information 835 related to and identifying each credential of the plurality of credentials can comprises information identifying individual certificates such as values for at least one of the one or more attributes of each certificate. Additionally or alternatively, the information 835 can comprise information identifying the plurality of certificates in the aggregate. For example, the information 835 can comprise an indication of the total number of certificates in the plurality of certificates. In other cases, the information 835 can additionally or alternatively comprise information representing the aggregated data set comprising the certificates, e.g., a hash value generated by applying a hash function to the plurality of certificates, and as further disclosed in Para. [0086], by using the maintained information 835 identifying the certificates, the certificate monitoring );
Trusk, Correl and Chen are analogous arts and are in the same field of endeavor as they all pertain and directed towards detecting unauthorized access to credentials of a credential store or detecting the presence of unauthorized security credentials and further providing service access control for a user interface by combining a service secret with a user access code such as a user ID/password.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Chen’ into the teachings of ‘Trusk’ as modified by ‘Correl’, with a motivation to generate a secret data element based on application of a secret logic algorithm to the data associated with a selected group of the plurality of authentication credentials, as taught by Chen, in order to perform one or more checks on the plurality of credentials together and/or one or more checks on each credential individually to make a determination as to whether one or more of the credentials have been changed or not; Chen, Para. [0087].

Regarding claim 3, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the data associated with the plurality of authentication credentials includes data derived from passwords associated with the plurality of identities (Trusk, Col. 2; Lines 10-18, 29-30 and/or Lines 43-45, discloses data associated with the stored ).  

Regarding claim 5, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the data associated with the plurality of authentication credentials is maintained in a common ledger, the common ledger storing updates to the plurality of authentication credentials (Trusk, Col. 10; Lines 61-67 and Col. 11; Lines 1-2, discloses that the Keyring (such as a password store or  a credential store) generally allows for the secure storage of data, particularly credentials that a user may wish to store securely (e.g. usernames, passwords, cryptographic (e.g. encryption) keys, access codes, digital certificates, and other secure data items), for multiple applications and services, typically by storing the data in encrypted form, and see also Col. 17; Lines 9-13, discloses a change of one or more other passwords stored in the credential store that corresponds to an affected password may also be automatically changed, or a direction to change the other corresponding passwords may be issued to the user).  

Regarding claim 8, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk as modified by Correl fails to explicitly disclose but Chen further teaches generating the secret data element includes performing a summation function to the data associated with the plurality of authentication credentials (Chen, Para. [0085], discloses a hash value generated by applying a hash function to the plurality of certificates related to and identifying each credential of the plurality of credentials (Note: wherein the hash function ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘F-B’ into Trusk’ as modified by ‘Correl’ in view of ‘Moen’, with a motivation to define operation which may then proceed by generating a new salt and concatenating the new salt with the new master password to generate a new concatenation. The operations may then proceed by hashing the new concatenation to generate a new password; F-B, Fig. 6 and Para. [0133-0134].

Regarding claim 9, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk fails to explicitly disclose but Correl further teaches the control action includes rejecting the new authentication credential data (Correl, Fig. 4, illustrates to reject the service access request at step 440, in response to the validity check performed at step 430).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into the teachings of ‘Trusk’, with a motivation to provide the control action includes rejecting the new authentication credential data, as taught by Correl, in response to the validity check performed on the presented new password, wherein said service Secret is an authentication element separate from the password that in combination with the password provides access to a service; Correl, Col. 10; Lines 20-24.

 10, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the control action includes generating an alert identifying the new authentication credential data (Trusk, Col. 15; Lines 16-24 and Col. 18; Lines 25-31, discloses that a user may be alerted if an unauthorized access to the credential store is attempted).  

Regarding claim 11, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk fails to explicitly disclose but Correl further teaches the control action includes disabling network access for an identity associated with the new authentication credential data (Correl, Col. 8; Lines 18-28, discloses that an employee of the customer may be designated and have the responsibility of system maintenance and therefore function as a service person (a service person can obtaining a service Secret and combining the service secret with the valid userID/password). Yet, all non-service users (i.e., attackers, un-authorized entities), which would include other customer users will not have the ability to obtain a service secret and therefore will not be provided access to the service functions, and/or see also Col. 8; Lines 4-7, thus, the present invention prevents the Security of a user's system from becoming weakened if non-service people learn the service authorization secret).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into the teachings of ‘Trusk’, with a motivation which determines the validity of the service secret within the new password in response to presentation of the new password, 

Regarding claim 12, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the control action includes monitoring activity of an identity associated with the new authentication credential data (Trusk, Col. 13; Lines 2-6, discloses that an identity of each credential that is accessed within the period is recorded in memory so that these credentials may be later identified if it is determined that the access within this period of time was unauthorized, and see also Col. 13; Lines 22-32, discloses to monitor the access to passwords stored in the credential store by the one or more applications are, and/or the access to both usernames and passwords stored in the credential store are monitored).  

Regarding claim 13, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the control action includes registering the new authentication credential data in a credential repository that securely maintains the data associated with the plurality of authentication credentials (Trusk, Col. 3; Lines 56-67, discloses to take an action to protect the at least one credential of the plurality of credentials comprises a password e.g., by changing the at least on credential comprising a ).  

Regarding claim 14, claim recite substantially similar subject matter as independent claim 1. Therefore, the response set forth above with respect to independent claim 1 is equally applicable to independent claim 14 of ‘a computer-implemented method’.

Regarding claim 15, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk further teaches the method is performed by an agent on a domain controller in communication with a secure credentials repository that securely maintains the data associated with the plurality of authentication credentials (Trusk, Col. 2; Lines 24-34, discloses that one or more credentials associated with a specific application or service will be accessed in direct response to a particular login attempt by a user. For example, when the user wishes to access an e-mail account using a web browser, the user will navigate to a login page provided by the e-mail service, and if the username and password for the account has been saved on the computing device, these credentials will be retrieved from storage by the web browser. The web browser will then automatically populate the ).  

Regarding claim 16, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk further teaches the method is performed by an agent on the one or more access-controlled network resources (Trusk, Col. 2; Lines 37-39, discloses that although a user may wish to login to accounts of an e-mail service, a social media service, or a banking service in a single session, and/or see also Col. 10; Lines 35-48, discloses that the mobile device may run software applications (some-times referred to simply as 'apps') that access computing resources on the mobile device. As described earlier, applications may provide access to a variety of services to the user of mobile device).  

Regarding claim 17, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk further teaches the method is performed by a system that securely maintains the data associated with the plurality of authentication credentials (Trusk, Col 10; Lines 49-67, discloses a keyring application (more generally referred to as a “keyring herein) may also be provided on mobile device. Keyring allows data to be stored in an associated secure data store (e.g., key store 420), and in this regard, the term "keyring may also be used to refer generally to a structure in which the data is securely stored. Keyring generally allows for the secure storage of data, particularly credentials that a user may wish to store securely (e.g. usernames, passwords, cryptographic (e.g. encryption) keys, access codes, digital certificates, and other secure data).  

Regarding claim 18, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk further teaches the method is performed by a system remote from a secure credentials repository that securely maintains the data associated with the plurality of authentication credentials (Trusk, Col. 10; Lines 49-67, discloses that the data stored in the keyring (such as credentials/passwords data store) may reside, for example, on mobile device 100 in flash memory 108, on mobile device 100 in some other memory, on a device physically coupled to the mobile device 100, on a device remote from the mobile device 100, or distributed amongst some combination of these memories and devices).  

Regarding claim 19, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk fails to explicitly disclose but Correl further teaches the validating includes determining whether the new authentication credential data includes the secret data element in a predefined location (Correl, Col. 7; lines 27-31, discloses that a service person obtains a service secret and combines it with a user-supplied password 512. A user or service person provides a userID and password to the system 514. The system tests the password supplied by the user or service person for the presence of a service secret 522, and see also Col. 5; Lines 64-67 and Col. 6; Lines 1-25, discloses to concatenate the service secret with the password in different formations such as password “foo” and the service secret “2701” are combined in a predefined manner as “foo.2701”, where the service secret “2701” is combined at the end of the provided password “foo” in a predetermined location).  


Regarding claim 20, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk fails to explicitly disclose but Correl further teaches generating the secret data element, comprises generating a plurality of secret data elements (Correl, Col. 6; Lines 43-45, discloses to compute service secrets).  

Regarding claim 22, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk fails to explicitly disclose but Correl further teaches the secret data element includes a randomized data portion (Correl, Col. 6; Lines 33-40, discloses that a simple pseudo-random function taking as its seed the current date can produce a service secret that appears random to casual inspection and requires no other input besides the date).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into the teachings of Trusk’, with a motivation to provide the secret data element includes a randomized data portion, as taught by Correl, in order to take advantage of the combination of a service secret with a standard user password that enables a regular 

Regarding claim 23, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 14, wherein Trusk fails to explicitly disclose but Correl further teaches the secret data element is made available together with a randomized data portion (Correl, Col. 6; Lines 33-40, discloses that a simple pseudo-random function taking as its seed the current date can produce a service secret that appears random to casual inspection and requires no other input besides the date. For an example, a time based ecret which may be derived by computing (((Y*1000+J)*17) modulo 65533), where Y is the year, J is the Julian date).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into the teachings of Trusk’, with a motivation to provide the secret data element is made available together with a randomized data portion, as taught by Correl, in order to take advantage of the combination of a service secret with a standard user password that enables a regular user interface to support service functions without any negative impact, Such as compromised security or an extra authentication challenge; Correl, Col. 5; Lines 58-61.

Regarding claim 24, Trusk teaches a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for controlling use of authentication credentials, the operations comprising (Trusk, Col. 4; Lines 10-15 ): 
securely maintaining data associated with a plurality of authentication credentials, the plurality of authentication credentials being useable by a plurality of identities to obtain access to one or more access-controlled network resources (Trusk, Col. 1; Lines 59-64, discloses that a keyring (such as credential store and/or password store) may allow for the secure storage of data Such as usernames, passwords, cryptographic (e.g. encryption) keys, access codes, digital certificates, and other secure data items, for multiple applications and services, typically by storing the data in encrypted form, and see also Col. 2; Lines 61-62, discloses that where the each of the credentials accessed within the period is associated with a different user account, and see also Col. 10; Lines 35-48, discloses to access variety of services such as a user may access computing resources available on the mobile devices); 
identifying an attempted privileged access session, the attempted privileged access session including an attempted use of a second authentication credential (Trusk, Col. 12; Lines 2-15, discloses to permit detection of the attempted unauthorized access to the credentials of a credential store on a computing device, based on a period of time in which multiple credentials are retrieved from the  credential store, and/or a number of different accounts or services for which credentials are retrieved from the credential store, and/or see also Trusk, Col. 2; Lines 48-62, discloses ); 
determining, Trusk, Col. 15; Lines 63-67 and Col. 16; Lines 1-3, discloses that the actions are taken on the computing device that serve not only to warn the user of the unauthorized access to the credential store, but also to prevent potential theft of further credentials in the credential store, and to assist users in repairing damage caused by the unauthorized access (e.g. by directing the user to reset affected passwords)).  
However Trusk fails to explicitly disclose but Correl teaches generating, Correl, Col. 6; Lines 32-59, discloses to compute and/or derive a service secret (i.e., hereinafter a secret data element), which is only good for a limited time, in conjunction with the user authentication and authorization credentials); 
making available, the secret data element, to be embedded in a first authentication credential of the plurality of authentication credentials (Correl, Fig. 3 and Col. 5; Lines 42-67, illustrates a data structure for combining/concatenating a computed service secret 310 with a user password 320);  36Attorney Docket No. 13122.0041-00000 
determining whether the second authentication credential includes the secret data element (Correl, Col. 7; Lines 6-7, discloses to determine whether a valid service secret may be extracted from the presented password 430 (see Fig. 4), and as disclosed in Col. 6; Lines 65-67, wherein the presented new password 430 was generated by combining the service secret with the userID/password, and/or see also Col. 7; lines 27-31, discloses that a service person obtains a service secret and combines it with a user-supplied password 512. A user or service person provides a userID and password to the system 514. The system tests the password supplied by the user or service person for the presence of a service secret 522); and 
determining, based on whether the second authentication credential includes the secret data element, whether to perform a control action based on the attempted privileged access session (Correl, Col. 7; Lines 6-51, discloses to perform actions, based on the test performed by the system, for the presence of a service secret in the password (which is a combination of service secret and userID and/or Password) supplied by the user or service person).
Trusk and Correl are analogous arts and are in the same field of endeavor as they both pertain and directed towards detecting unauthorized access to credentials of a credential store, and providing service access control for a user interface by combining a service secret with a user access code, such as a user ID/password, respectively.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Correl’ into the teachings of ‘Trusk’, with a motivation which determines the validity of the service secret within the new password in response to presentation of the new password, 
However Trusk as modified by Correl fails to explicitly disclose but Chen teaches generating, based on application of a secret logic algorithm to the data associated with a selected group of the plurality of authentication credentials, a secret data element (Chen, Para. [0085], discloses that the certificate monitoring component 830 can maintain information related to and identifying each credential of the plurality of credentials. The information related to and identifying each credential can be maintained by the certificate monitoring component in a secure store or other repository 835 separate from the credentials. For example, the maintained information 835 related to and identifying each credential of the plurality of credentials can comprises information identifying individual certificates such as values for at least one of the one or more attributes of each certificate. Additionally or alternatively, the information 835 can comprise information identifying the plurality of certificates in the aggregate. For example, the information 835 can comprise an indication of the total number of certificates in the plurality of certificates. In other cases, the information 835 can additionally or alternatively comprise information representing the aggregated data set comprising the certificates, e.g., a hash value generated by applying a hash function to the plurality of certificates, and as further disclosed in Para. [0086], by using the maintained information 835 identifying the certificates, the certificate monitoring component 830 can perform one or more checks on the credentials. The one or more checks can be performed by the certificate monitoring component 830 upon a system );
Trusk, Correl and Chen are analogous arts and are in the same field of endeavor as they all pertain and directed towards detecting unauthorized access to credentials of a credential store, providing service access control for a user interface by combining a service secret with a user access code such as a user ID/password, and detecting the presence of unauthorized security credentials in a computing device, respectively.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Chen’ into the teachings of ‘Trusk’ as modified by ‘Correl’, with a motivation to generate a secret data element based on application of a secret logic algorithm to the data associated with a selected group of the plurality of authentication credentials, as taught by Chen, in order to perform one or more checks on the plurality of credentials together and/or one or more checks on each credential individually to make a determination as to whether one or more of the credentials have been changed or not; Chen, Para. [0087].

Regarding claim 25, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 24, wherein Trusk further teaches the attempted privileged access session includes an attempt by an identity to access an access-restricted network resource (Trusk, Col. 2; Lines 49-51, discloses that a compromised application may be attempting to surreptitiously acquire all of a user's personal data that might be stored in the credential store, and/or see also Col. 12; Lines 6-8, discloses that a compromised application or a remote ).  

Regarding claim 26, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 25, wherein Trusk further teaches the attempted use of the second authentication credential includes the identity providing the second authentication credential to be authenticated (Trusk, Col. 2; Lines 24-26 and/or Lines 49-51, discloses that one or more credentials associated with a specific application or service will be accessed in direct response to a particular login attempt by a user, and/or see also Col. 11; Lines 26-47, discloses a situation in which multiple credentials, each associated with a different account (and therefore typically associated with a different service) are accessed from keyring (such as credentials and/or password database). This may be the result of a user of mobile device legitimately attempting to login to multiple accounts. The logging into the different accounts may result in different sets of usernames and passwords being retrieved from keyring).  

Regarding claim 27, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 25, wherein Trusk further teaches the attempted use of the second authentication credential includes the identity attempting to access the second authentication credential from a secure storage resource to be authenticated (Trusk, Col. 2; Lines 24-26 and/or Lines 49-51, discloses that one or more credentials associated with a specific application or service will be accessed in direct response to a particular login attempt by a user, and/or see ).

Claims 2, 4 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Trusk in view of Correl and Chen, as applied above, and further in view of Moen G et al. (US 2019/0007428 A1; Filed on June 29, 2018), hereinafter (Moen).

Regarding claim 2, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the data associated with the plurality of authentication credentials Trusk, Col. 1; Lines 7-9, discloses to control access to stored credentials (e.g. passwords), and see also Col. 3; Lines 39-40, discloses an identity of each of the plurality of credentials of the credential store, as illustrated in Fig. 4).  
However Trusk as modified by Correl in view of Chen does not explicitly disclose but Moen discloses wherein the data associated with the plurality of authentication credentials includes a plurality of hashes indicative of passwords associated with the plurality of identities (Moen, Para. [0021], instead of storing the password and associating the password to the username, the website may generate a hash of the password (referred herein to as a "hashed password"), store the hashed password, and associate the hashed password with the username).

Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Moen’ into the teachings of ‘Trusk’ as modified by ‘Correl’ in view of ‘Chen’, with a motivation to provide the data associated with the plurality of authentication credentials includes a plurality of hashes indicative of passwords associated with the plurality of identities, as taught by Moen, in order to introduce different techniques which can be utilized for detecting the compromised credentials in a credential stuffing attack; Moen (Abstract).

Regarding claim 4, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk further teaches the data associated with the plurality of authentication credentials includes Trusk, Col. 1; Lines 59-64, discloses that a keyring (such as a credential store and/or a password store) may allow for the secure storage of data Such as usernames, passwords, cryptographic (e.g. encryption) keys, access codes, digital certificates, and other secure data items, for multiple applications and services, typically by storing the data in encrypted form).  
However Trusk as modified by Correl in view of Chen fails to explicitly disclose but Moen discloses wherein the data associated with the plurality of authentication  a plurality of hashes of authentication keys (Moen, Para. [0021], instead of storing the password and associating the password to the username, the website may generate a hash of the password (referred herein to as a "hashed password"), store the hashed password, and associate the hashed password with the username).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Moen’ into the teachings of ‘Trusk’ as modified by ‘Correl’ in view of ‘Chen’, with a motivation to provide the data associated with the plurality of authentication credentials includes a plurality of hashes of authentication keys, as taught by Moen, in order to introduce different techniques which can be utilized for detecting the compromised credentials in a credential stuffing attack; Moen (Abstract).

Regarding claim 21, Trusk as modified by Correl in view of Chen teaches the computer-implemented method of claim 20, wherein Trusk as modified by Correl in view of Chen fails to explicitly disclose but Moen further teaches each of the plurality of secret data elements are distinct and are uniquely associated with each of the plurality of authentication credentials (Moen, Para. [0085], discloses that database can store a set of salts, and as further disclosed in Para. [0086], the database can associate one or more salts with each username in the database, and as also disclosed in Para. [0094], wherein the username in the set of credentials may be associated with multiple credentials having different passwords (i.e., a first credential and a second credential, both of which include the same username, but different passwords)).
.

Claims 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Trusk in view of Correl and Chen, as applied above, and further in view of Finlow-Bates; Keir (US 2020/0052899 A1; Filed on Aug. 8, 2018), hereinafter (F-B).

Regarding claim 6, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk as modified by Correl in view of Chen fails to explicitly disclose but F-B further teaches generating the secret data element includes performing a tree hashing function to the data associated with the plurality of authentication credentials (F-B, Para. [0035], discloses that the salt may be derived from data published in the block-chain, for example but not limited to a most recent block published on the block-chain (i.e., which forms a tree hashing function), and/or see also Fig. 2 and Para. [0065], discloses to generate salt 204 which may comprise the data 252 or may comprise a hash output resulting from applying a hash function to the data 252).  
Trusk, Correl, Chen and F-B are analogous arts and are in the same field of endeavor as they all pertain and directed towards detecting unauthorized access to credentials of a credential store/ detecting the presence of unauthorized security credentials and providing service access control for a user interface by combining a 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘F-B’ into Trusk’ as modified by ‘Correl’ in view of ‘Chen’, with a motivation to derive a salt from data in the block-chain; F-B, Fig. 6 and Para. [0043].

Regarding claim 7, Trusk as modified by Correl in view of Chen teaches the non-transitory computer readable medium of claim 1, wherein Trusk as modified by Chen fails to explicitly disclose but F-B teaches generating the secret data element includes concatenating two or more elements of the data 32Attorney Docket No. 13122.0041-00000associated with the plurality of authentication credentials and performing a hashing function on the concatenated data elements (F-B, Fig. 1 and Para. [0057], discloses that the concatenation may be passed to a hash function 112 to produce a hash output 122).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘F-B’ into Trusk’ as modified by ‘Correl’ in view of ‘Chen’, with a motivation to define operation which may then proceed by generating a new salt and concatenating the new salt with the new master password to generate a new concatenation. The operations may then proceed by hashing the new concatenation to generate a new password; F-B, Fig. 6 and Para. [0133-0134].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

2.	Schneider; James Paul (US 20090327740 A1), this disclosure relates to a securing a password database.
3.	Sanchez; Kenneth J. (US 10956560 B1), the present invention generally relate to a system and method for improving the security of stored passwords for an organization.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8AM – 4PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO 

/ALI CHEEMA/
Examiner, Art Unit 2433


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498