DETAILED ACTION
This action is responsive to application filed on 09/30/2019. Claims 1-20 are pending and being considered. Claims 1, 8 and 14 are independent. Thus, claims 1-20 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/11/2020 and 08/06/2021 were filed on or after the mailing date of the application no.16/609,879 on 10/31/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner and an initialed and dated copy of Applicant’s IDS forms 1449 filed on 08/11/2020 and 08/06/2021 is attached to the instant office action.

Abstract
The abstract, filed on 09/30/2019, has been reviewed and objected because the abstract is directed towards a database to contain unique identifiers that are specifically associated with particular resources. Wherein, a particular resource can be accessed based on detecting an instance of a unique identifier. However, the claimed subject matter of the immediate application is directed to access a particular resource based on the newly generated authorization code, and further overwrites and/or updates the previously stored authorization code with the newly generated authorization code within 

Drawings
The drawings (Figs. 1-3), filed on 09/30/2019, has been reviewed and accepted.

Specification
The disclosure, filed on 09/30/2019, has been reviewed and accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 3-6, 10-13 and 16-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claim 3, the claim recites limitation(s) "the data” in line 4 of the claim, which has not been previously defined. Therefore, there is insufficient antecedent basis for this limitation. 
4, the claim recites limitation(s) "the data” in line 7 of the claim, which has not been previously defined. Therefore, there is insufficient antecedent basis for this limitation. 
Regarding claim 5, the claim recites limitation(s) "the data” in line 4 of the claim, which has not been previously defined. Therefore, there is insufficient antecedent basis for this limitation. 
Regarding claims 10-12 of “a computer program product”, the claims are rejected for the same reasons as mentioned above for the claim 3-5, respectively.
Regarding claims 16-18 of “a computer-implemented method”, the claims are rejected for the same reasons as mentioned above for the claim 3-5 respectively.
Dependent claims 6, 13 and 19 are likewise rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph as being indefinite since they depend on and/or carries the deficiencies of the parent claims 5, 12 and 18, respectively.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1- 2, 4, 8-9, 11, 14-15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hecht; Asaf (US 2020/0057848 A1), hereinafter (Hecht), in view of Sheets; John F. et al. (US 20100180327 A1), hereinafter (Sheets).

Regarding claim 1, Hecht teaches a system for providing electronically authorized access to resources, the system comprising (Hecht, Para. [0006], discloses systems, methods and non-transitory computer readable media […] to obtain access to one or more access-controlled network resources): 
a memory device with computer-readable program code stored thereon (Hecht, Fig. 1 and Para. [0051], discloses one or more memory devices of vault 108 that store information and are accessed and/or managed through security server 104 (hereinafter a processing device), or see also Para. [0033], discloses a tangible computer-readable media that store software instructions); 
a communication device (Hecht, Fig. 1 and Para. [0050], discloses that the security server 104 may interact with access-restricted network resources through, or by reference to, directory service 106 (hereinafter a communication device) that enforces security policies of network environment 102); and 
a processing device operatively coupled to the memory device and the communication device (Hecht, Fig. 1 and Para. [0050-0051], depicts and discloses security server 104 which is communicatively/operatively coupled to the one or more memory devices of vault 108 and the directory service 106), wherein the processing device is configured to execute the computer-readable program code to (Hecht, Para. [0051], discloses that the security server 104 may access and/or mange the information stored on one or more memory devices of vault 108, or see also Para. [0050], discloses that the security server may include one or more processors configured to, and as disclosed on Para. [0033], execute software instructions stored on the tangible computer-readable media to perform operations): 
detect an authorization request to access a resource (Hecht, Para. [0056], discloses that the step 302 (i.e., hash generation) may be performed upon demand (e.g., upon detection of a request for access to an access-restricted resource 110-118));
Hecht, Fig. 3 and Para. [0060], discloses to form a new password 316 (hereinafter new authorization code)); and 
overwrite the authorization code with the new authorization code (Hecht, Para. [0062], discloses that the security server 104 may receive an indication to rotate a password according to the network environment 102's security policy. The security policy may require a periodic update of passwords, an event-based update (e.g., based on a potential security threat, a request for access to an access-restricted resource, etc.), or another type of update).  
 receive an authorization code from an authorization device associated with the authorization request (Sheets, Para. [0008], discloses that an access device receives from a consumer device an authentication code […]. The access device then sends the authentication request message to a service provider containing at least the authentication code, or see also Para. [0057], discloses that a password (hereinafter authorization code) is entered into the consumer device by the user of the consumer device each time the consumer’s device is used to conduct a transaction, and as disclosed in Para. [0059], wherein, the (entered) password is selected as an input to the transformation (hashing) function, because the (entered) password provides the data that will show that the consumer 30 associated with the consumer device 32 is authenticated); 
input the authorization code and a nonce value into a hash algorithm to generate a hash output (Sheets, Para. [0059], discloses to use the consumer’s (entered/supplied) password and a dynamic data element (such as a nonce, see Para. [0048]) as an input to the transformation function (i.e., a hash function such as SHA-256) to generate an output, and as disclosed in Para. [0066], of a hash of selected input data (i.e., password and a dynamic data element (a nonce))); 
perform one or more operations on the hash output to generate a new authorization code (Sheets, Para. [0060], discloses that in addition to applying a function such as a hashing function to scramble the data, other operations can also be taken on the output of the (hash) function to create the (i.e., new) authentication code, and/or see also Para. [0066], discloses that the (new) authentication code was created ); and 
Hecht and Sheets are analogous arts and are in the same field of endeavor as they both pertain and directed to use hashing algorithm to compute/generate hash of stored and/or entered/inputted credentials such as passwords, etc.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Sheets’ into the teachings of ‘Hecht’, with a motivation to input the authorization code and a nonce value into a hash algorithm to generate a hash output, and perform one or more operations on the hash output to generate a new authorization code, as taught by Sheets, in order to reduce the ability of any participant (or an attacker) in the transaction to fake an authentication code; Sheets, Para. [0059].

Regarding claim 2, Hecht as modified by Sheets teaches the system according to claim 1, wherein Hecht further teaches the computer-readable program code further causes the processing device to update authorization data within an authorization database using the new authorization code (Hecht, Para. [0050], discloses that the security server 104 may be a system including one or more processors configured to interact with network environment 102 to update and manage credentials (such as passwords, keys, tokens, certificates, and other privilege data) for access-restricted resources (e.g., servers 110, databases 112, workstation 114, user device 116, and user accounts 118), and/or as disclosed in Para. [0062], for example, the security server 104 may receive an indication to rotate a password according to the network environment 102's security policy. The security policy may require a periodic ).  

Regarding claim 4, Hecht as modified by Sheets teaches the system according to claim 1, wherein Hecht further teaches the computer-readable program code further causes the processing device to (Hecht, Para. [0050], discloses that the security server may include one or more processors configured to, and as disclosed on Para. [0033], execute software instructions stored on the tangible computer-readable media to): detect a second authorization request to access the resource (Hecht, Para. [0029] and/or claim 24, discloses to identifying an attempted privileged access session, and as further disclosed in Para. [0030] and/or claim 25, wherein the attempted privileged access session may include an attempt by an identity to access an access-restricted network resource); 
receive the new authorization code from the authorization device associated with the second authorization request (Hecht, Para. [0029] and/or claim 24, discloses that the attempted privileged access session including an attempted use of a second authentication credential, and as disclosed in Para. [0031] and/or claim 26, wherein the attempted use of the second authentication credential may include the identity providing the second authentication credential to be authenticated); 
attempt to validate the new authorization code using an authorization database; determine that the new authorization code matches the data within the authorization database (Hecht, Para. [0065], discloses that, at step 408, the security server 104 may validate the new password containing the secret data element. For example, if an account requests a password change on a domain controller (DC) (e.g., ); and 
grant the authorization request to access the resource (Hecht, Para. [0049], discloses that a network resource may be, for example, any secure device, application, database, virtualized computing instance, or network that requires an identity to be authenticated before accessing the resource, such as disclosed in Para. [0031], wherein the second authentication credential, provided by the identity, to be authenticated/validated at step 408 of Fig. 4 and/or at step 510 of Fig. 5).  

Regarding claims 8-9 and 11, the claims recite substantially similar subject matter as claims 1- 2 and 4, respectively. Therefore, the response set forth above with respect to the claims 1- 2 and 4 is equally applicable to the claims 8-9 and 11 of “a computer program product for providing electronically authorized access to resources”, respectively.

Regarding claims 14-15 and 17, the claims recite substantially similar subject matter as claims 1- 2 and 4, respectively. Therefore, the response set forth above with respect to the claims 1- 2 and 4 is equally applicable to the claims 14-15 and 17 of “a ”, respectively.

Claims 3, 5-6, 10, 12-13, 16 and 18-19  are rejected under 35 U.S.C. 103 as being unpatentable over Hecht in view of Sheets, as applied above, and further in view of DOLAN; Gerald et al. (US 2011/0185403 A1).

Regarding claim 3, Hecht as modified by Sheets teaches the system according to claim 1, wherein Hecht further teaches the computer-readable program code further causes the processing device to (Hecht, Para. [0050], discloses that the security server may include one or more processors configured to, and as disclosed on Para. [0033], execute software instructions stored on the tangible computer-readable media to): 
However Hecht as modified by Sheets fails to disclose but Dolan teaches to attempt to validate the authorization code using an authorization database (Dolan, Para. [0035], discloses that the authentication module 106 determines, through the local user database 108 associated with the identified resource, whether the identified user is authenticated and is allowed to access the identified resource based on the received password); 
determine that the authorization code matches the data within the authorization database; and grant the authorization request to access the resource (Dolan, Para. [0036], discloses that if the received and stored passwords match (208), then the authentication module 106 informs (210) the network resource ).  
Hecht, Sheets and Dolan are analogous arts and are in the same field of endeavor as they all pertain and directed to provide access to a network resource based on authentication.
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Dolan’ into the teachings of ‘Hecht’ as modified by ‘Sheets’, with a motivation to determine that the authorization code matches the data within the authorization database, and grant the authorization request to access the resource, as taught by Dolan, in order to ensure that only authorized users are able to access network resources such as services, applications, files, data, and the like; Dolan, Para. [0001].

Regarding claim 5, Hecht as modified by Sheets teaches the system according to claim 1, wherein Hecht further teaches the computer-readable program code further causes the processing device to (Hecht, Para. [0050], discloses that the security server may include one or more processors configured to, and as disclosed on Para. [0033], execute software instructions stored on the tangible computer-readable media to): 
However Hecht as modified by Sheets fails to disclose but Dolan teaches to attempt to validate the authorization code using an authorization database (Dolan, Para. [0035], discloses that the authentication module 106 determines, through the local user database 108 associated with the identified resource, whether the identified user is ); 
determine that the authorization code does not match the data within the authorization database; and reject the authorization request to access the resource (Dolan, Para. [0036], discloses that if the received and stored passwords match (208), then the authentication module 106 informs (210) the network resource 110 that the identified user is authenticated and authorized to use the network resource 110. Otherwise, access to the network resource 110 is refused (212)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Dolan’ into the teachings of ‘Hecht’ as modified by ‘Sheets’, with a motivation to determine that the authorization code matches the data within the authorization database, and reject the authorization request to access the resource, as taught by Dolan, in order to ensure that only authorized users are able to access network resources such as services, applications, files, data, and the like; Dolan, Para. [0001].

Regarding claim 6, Hecht as modified by Sheets in view of Dolan teaches the system according to claim 5, wherein Hecht further teaches the computer-readable program code further causes the processing device to transmit an alert to one or more users, wherein the alert indicates that the authorization device has been compromised (Hecht, Para. [0069], discloses that the system 100/200 (e.g., through security server 104) may generate an alert to send to one or more system administrators or a security team indicating that an unauthorized attempt to modify a , and as disclosed in Para. [0052], by compromising an identity 118 (i.e., machine, device, etc.) in network environment 102).  

Regarding claims 10 and 12-13, the claims recite substantially similar subject matter as claims 3 and 5-6, respectively. Therefore, the response set forth above with respect to the claims 3 and 5-6 is equally applicable to the claims 10 and 12-13 of “a computer program product for providing electronically authorized access to resources”, respectively.

Regarding claims 16 and 18-19, the claims recite substantially similar subject matter as claims 3 and 5-6, respectively. Therefore, the response set forth above with respect to the claims 3 and 5-6 is equally applicable to the claims 16 and 18-19 of “a computer-implemented method for providing electronically authorized access to resources”, respectively.

Claims 7 and 20  are rejected under 35 U.S.C. 103 as being unpatentable over Hecht in view of Sheets, as applied above, and further in view of Norton; Derk (US 2017/0272245 A1).

Regarding claim 7, Hecht as modified by Sheets teaches the system according to claim 1, wherein Hecht as modified by Sheets fails to teach but Norton teaches the one or more operations comprises a XOR operation (Norton, Para. [0006], discloses to perform an “exclusive-or” or XOR operation on the outputted hash, such as follows S=XOR(HASH(A), HASH(P))).  

Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Norton’ into the teachings of ‘Hecht’ as modified by ‘Sheets’, with a motivation to perform XOR operation on the computed hash, in order to generate an secret/authentication key; Norton, Para. [0006].

Regarding claim 20, the claim recites substantially similar subject matter as claim 7. Therefore, the response set forth above with respect to the claim 7 is equally applicable to the claim 20 of “a computer-implemented method for providing electronically authorized access to resources”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
1.	XUEFENG ZHANG et al. (CN 102045169 A), the present disclosure relates to a new password authentication method and device.
2.	Qi; Zheng et al. (US 20090028326 A1), the present invention relates to methods and apparatus performing hash operations in a cryptography accelerator.
3.	Imai; Hideki et al. (US 20070061572 A1), the present invention relates to authentication system and remotely-distributed storage system.

5.	SPILMAN; Jeremy (US 20140032922 A1), this invention relates to computer-implemented mechanisms for encrypting data and storing data securely.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI H CHEEMA/
Examiner, Art Unit 2433

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498