DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for domestic priority under 35 U.S.C. 119 (e).

Information Disclosure Statement
The information disclosure statement (IDS) submitted on July 29, 2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 2, 4, and 5 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps.  See MPEP § 2172.01.  The omitted steps are: the relationship of the first value received from .
Claims 13, 14, 16, and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential elements, such omission amounting to a gap between the elements.  See MPEP § 2172.01.  The omitted elements are: the relationship of the first value received from the client computing device with respect to the bloom filter, compromised credentials, and index value.  It is unclear how the “first value” is related to those components in the current claim language since they are recited as unrelated elements. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 2, 4, 5, 13, 14, 16, and 17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ashley et al, U.S. Patent 10,051,001.

As per claim 1, it is taught of a method comprising:
generating a plurality of bloom filters, wherein each bloom filter corresponds to a particular subset of a set of compromised (leaked) credentials (col. 20, lines 18-25 & 41-47 and col. 24, lines 47-59);

in response to receiving the index value, determining a target bloom filter corresponding to the index value, and sending the target bloom filter to the client computing device (col. 20, lines 29-53);
receiving a first value (hash value on an extracted username and password) from the client computing device (col. 26, lines 59-64 and col. 27, lines 13-20);
in response to receiving the first value, generating a second value (stored hash value on the expected username and password) based on the first value, and sending the second value to the client computing device (col. 26, lines 59 through col. 27, lines 20).
As per claim 2, it is disclosed wherein generating the plurality of bloom filters comprises, for each credential of the set of compromised credentials:
determining a particular bloom filter corresponding to the credential from the plurality of bloom filters (col. 27, lines 1-20); and
wherein inserting the credential into the particular bloom filter corresponding to the credential comprises applying one or more hash functions to the credential (col. 27, lines 1-20).
As per claim 4, it is disclosed of further comprising:
generating a plurality of salt values, wherein each salt value of the plurality of salt values corresponds to a respective bloom filter of the plurality of bloom filters, and wherein each salt value of the plurality of salt values differs from other salt values of the plurality of salt values (col. 20, lines 32-47);
wherein for each credential, applying the one or more hash functions to the credential comprises applying the one or more hash functions to a combination of the credential and the salt value corresponding to the target bloom filter (col. 20, lines 32-47);

As per claim 5, it is taught wherein determining the particular bloom filter corresponding to the credential comprises applying a lossy hash function to a username of the credential (col. 20, lines 41-47).
As per claim 13, it is taught of a system comprising:
one or more processors (col. 2, lines 12-18);
non-transitory computer-readable media storing instructions which, when executed by the one or more processors (col. 2, lines 12-18), cause:
generating a plurality of bloom filters, wherein each bloom filter corresponds to a particular subset of a set of compromised (leaked) credentials (col. 20, lines 18-25 & 41-47 and col. 24, lines 47-59);
receiving an index value (collected/extracted/received credential data) from a client computing device (col. 20, lines 29-32);
in response to receiving the index value, determining a target bloom filter corresponding to the index value, and sending the target bloom filter to the client computing device (col. 20, lines 29-53);
receiving a first value (hash value on an extracted username and password) from the client computing device (col. 26, lines 59-64 and col. 27, lines 13-20);
in response to receiving the first value, generating a second value (stored hash value on the expected username and password) based on the first value, and sending the second value to the client computing device (col. 26, lines 59 through col. 27, lines 20).
As per claim 14, it is disclosed wherein generating the plurality of bloom filters comprises, for each credential of the set of compromised credentials:
determining a particular bloom filter corresponding to the credential from the plurality of bloom filters (col. 27, lines 1-20); and

As per claim 16, it is disclosed when executed by the one or more processors, further cause:
generating a plurality of salt values, wherein each salt value of the plurality of salt values corresponds to a respective bloom filter of the plurality of bloom filters, and wherein each salt value of the plurality of salt values differs from other salt values of the plurality of salt values (col. 20, lines 32-47);
wherein for each credential, applying the one or more hash functions to the credential comprises applying the one or more hash functions to a combination of the credential and the salt value corresponding to the target bloom filter (col. 20, lines 32-47);
sending a salt value corresponding to the target bloom filter to the client computing device (col. 20, lines 32-47).
As per claim 17, it is taught wherein determining the particular bloom filter corresponding to the credential comprises applying a lossy hash function to a username of the credential (col. 20, lines 41-47).

Allowable Subject Matter
Claims 6-12 and 18-24 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
As per claims 6 and 18, it is was not found to be taught in the prior art of determining an index value that is associated with a credential comprising a username and password, and sending the index value to a server computer that receives a set of digital data comprising a bloom filter corresponding to the index value; generating a first value based on the credential, and sending the first value to the server computer; determining whether the credential corresponds to an entry in a bloom filter based upon the .
Claims 3 and 10 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Britt, US 2021/0006573 is relied upon for disclosing of hashing compromised credential (see paragraph 0034), whereby identifiers such as a bloom filter is used (see paragraph 0067).
Endler, US 2020/0279041 is relied for disclosing performing a cryptographic hash that serves as an index (see paragraph 0046), and mentions use of a probabilistic data structure like a bloom filter (see paragraph 0078).
Mikulski et al, US 2017/0180412 is relied upon for using bloom filters for uniqueness constrained values, which using public keys and hashing, see paragraph 0039.
Lorenz et al, US 2016/0261565 is relied upon for disclosing of bloom filters used for anonymizing credentials, see paragraph 0028.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794.  The examiner can normally be reached on 5:30am - 3:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.












/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431