DETAILED ACTION
Continued Examination Under 37 CFR 1.114
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 8/18/2021 has been entered.
As per instant Amendment, Claims 3, 7, 10, 14, 17, and 22 are canceled; no claims have been added; Claims 1, 8, and 15 are independent claims.  Claims 11-2, 4-6, 8-9, 11-13, and 18-21 have been examined and are pending. This Action is made Non-Final. 
Response to Arguments
Applicants’ arguments with respect to claims 1, 8, and 15 have been considered but are moot in view of the new ground(s) of rejection, which was necessitated by amendment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 4-6, 8-9, 11-12, 15-16, 18-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al. (US 2016/0197937; Hereinafter “Roth”) in view of Bos et al. (US 2020/0099525; Hereinafter “Bos”).
Regarding claim 1, Roth teaches receiving, by a device, a request to access software of the device utilizing password-based authentication (Roth: Fig. 2, Para. [0038], Similarly, the system 204 may be a mobile device, such as a tablet computing device and/or cellular telephone (smart phone) having a touchscreen, keyboard and/or other input device usable by the user 202 for providing input. [system 204 = a system] Para. [0039], In an embodiment, the interface 206 enables communication with various components with system 204 to provide the user 202 access to a resource 208. The resource 208 may be any resource by which correct presentation of a passcode is a prerequisite for access. Para. [0040], As noted above, the user 202 interacts with the interface 206 for the purpose of accessing the resource 208. As illustrated by the lock symbol on the resource 208, the resource 208 may be protected by the system from unauthorized access through one or more access control mechanisms. In order to do this, the interface 206 may be configured to require that the user 202 provide a passcode. The interface 206 may receive the passcode from the user 202 and provide the passcode to a passcode verification system 210.); 
receiving, by the device, a password for the password-based authentication (Roth: Fig. 2, Para. [0040], As noted above, the user 202 interacts with the interface 206 for the purpose of accessing the resource 208. As illustrated by the lock symbol on the resource 208, the resource 208 may be protected by the system from unauthorized access through one or more access control mechanisms. In order to do this, the interface 206 may be configured to require that the user 202 provide a passcode. The interface 206 may receive the passcode from the user 202 and provide the passcode to a passcode verification system 210.); 
computing, by the device, a hash utilizing the password and the hardware-backed secret, wherein the hardware-backed secret is utilized to bind the computation of the hash to the hardware of the device (Roth: Para. [0034], The passcode verification system 106 may provide the passcode or information based thereupon to a cryptographic module of the passcode verification system 106 that stores the hardware secret 108. The cryptographic module may be a system configured to securely store and perform operations using one or more hardware secrets. The cryptographic module may be a locally attached device of a computing device, used to implement the verification system 106, or a redundant node thereof or may be a device accessible to the verification system 106 over a network. When implemented as a hardware device, either locally attached or remotely accessible, the cryptographic module may also be referred to as a cryptographic hardware module. Example cryptographic modules are discussed in more detail below. Upon receipt of the password or information based at least in part thereon, the cryptographic module may calculate the hash based at least in part on the hardware secret and information provided from the passcode verification system. Para. [0033], Generally, a hash of a passcode is intended to cover the output of any function that takes as input at least a passcode and another value (e.g., hardware secret) and provides output that is a transformation of the passcode to another value.);
and verifying, by the device, that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software by comparing the hash computed utilizing the password and the hardware-based authenticator to a hash associated with the software that is stored in memory of the device (Roth: Para. [0041], when the user 202 presents a passcode through the interface 206, the passcode verification system 210 may generate, or cause to have generated, a hash of the passcode based at least in part on the passcode and a hardware secret and then compare the generated hash with a hash stored in the passcode database 212. If the generated hash and the stored hash match, the user 202 may be provided access to the resource 208. If, however, the generated hash and the stored hash do not match, the user may be denied access to the resource 208, at least until the user is able to provide a correct passcode or otherwise authenticate.)
granting, by the device, access to the software only when the hash computed utilizing the password and the hardware-based authenticator is verified as being correct for accessing the software (Roth: Para. [0041], when the user 202 presents a passcode through the interface 206, the passcode verification system 210 may generate, or cause to have generated, a hash of the passcode based at least in part on the passcode and a hardware secret and then compare the generated hash with a hash stored in the passcode database 212. If the generated hash and the stored hash match, the user 202 may be provided access to the resource 208. If, however, the generated hash and the stored hash do not match, the user may be denied access to the resource 208, at least until the user is able to provide a correct passcode or otherwise authenticate.).
Roth does not explicitly teach responsive to receiving the password, computing, by the device, a hardware- backed secret in a hardware-backed storage of the device.
In an analogous art, Bos teaches a system and method wherein responsive to receiving the password, computing, by the device, a hardware-backed secret in a hardware-backed storage of the device (Bos: Fig. 1, Para. [0028], The user ID 105 may be a login ID or other identifier such as user name. The salt value 110 is a randomly generated value that is appended to the user password as described above.); 
(Bos: Fig. 1, Para. [0028], The password verification method includes the one way or hash function 130 receiving the user supplied password 135, retrieving the salt value 110 for the user, concatenating the user supplied password 135 and the salt value 110, and performing a hash on the concatenated value. Para. [0027]); and 
verifying, by the device, that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software by comparing the hash computed utilizing the password and the hardware-based authenticator to a hash associated with the software that is stored in memory of the device (Bos: Fig. 1, Para. [0028], The computed hash value is then compared by comparator 140 to the stored authentication value 115. When the computed hash value is equal to the stored authentication value 115 access is granted 145. When the computed hash value is not equal to the stored authentication value 115 access is not granted 150.); 
granting, by the device, access to the software only when the hash computed utilizing the password and the hardware-based authenticator is verified as being correct for accessing the software (Bos: Fig. 1, Para. [0028], The computed hash value is then compared by comparator 140 to the stored authentication value 115. When the computed hash value is equal to the stored authentication value 115 access is granted 145. When the computed hash value is not equal to the stored authentication value 115 access is not granted 150.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Bos with the system and method of Roth to include responsive to receiving the password, computing, by the device, a hardware- backed secret in a hardware-backed storage of the device; because this functionality provides enhanced security by utilizing a salt that is tied to the device to make attacks more difficult (Bos: Para. [0027]). 
Regarding claim 2, Roth, in combination with Bos, teaches the method of claim 1, wherein the hardware-backed secret is generated utilizing one of: ARM TrustZone, (Roth: Para. [0071], The cryptographic module 724, which may be a trusted platform module, includes a memory subsystem 730, including a main random access memory (RAM) 728 for storage of instructions and data during program execution and a read only memory (ROM) 726, in which fixed cryptographic information may be stored, such as a hardware secret. Para. [0105], [0033]-[0034], [0030], [Under the BRI, cryptographic module includes a TPM] Bos: Para. [0027], The embodiments described herein also show how one can use properties of white-box cryptography to protect entries in the stored database as well as making the off-line attacks more cumbersome by using the platform binding properties of the white-box implementation. Para. [0030]-[0033]).
Regarding claim 4, Roth, in combination with Bos, teaches the method of claim 3, wherein computing the hash further includes computing a message authentication code (MAC) or a digital signature every iteration (Roth: Para. [0032], Generally, the hash of the passcode may be calculated, based at least in part, on output of one or more one-way functions. Example one-way functions include, but are not limited to secure hash functions, such as MD5, as those classified as secure hash algorithm two (SHA-2) such as SHA-224, SHA-256, SHA-384 and SHA 512. For example, the hash of the passcodes may be or otherwise may be based at least in part on a keyed-hashed message authentication code (HMAC) such as HMAC_MD5, HMAC-SHA-2 (where HMAC-SHA-2 denotes HMAC using a SHA-2 function). Other example password hashes include password based key derivation functions (PBKDFs) such as PBKDF2 and Bcrypt. [use of an HMAC includes adding the MAC to the hash computation] Para. [0033], Further, the function may be configured to have an effect on the number of computations required to calculate the function. For example, in some instances the function is configured as a composite function, where computation of the function requires the output of one function to be used as the input to another function, possibly iteratively. The number of iterations of a sub-process involved in calculating the value of a function may be a tunable parameter. Para. [0050]-[0051], [0048], Bos: Para. [0033],).
Regarding claim 5, Roth, in combination with Bos, teaches the method of claim 4, wherein computation of the hash includes using a pseudorandom function that relies on (Roth: Para. [0032], For example, the hash of the passcodes may be or otherwise may be based at least in part on a keyed-hashed message authentication code (HMAC) such as HMAC_MD5, HMAC-SHA-2 (where HMAC-SHA-2 denotes HMAC using a SHA-2 function). Other example password hashes include password based key derivation functions (PBKDFs) such as PBKDF2 and Bcrypt. It should be noted that the term "one-way" is used in the practical sense and is not necessarily limited to functions within the strict mathematical definition of one way functions. Generally, as used herein, one-way functions are functions satisfying one or more conditions on invertability. Para. [0071], The one or more cryptographic processors may be used to perform cryptographic operations in the device and may include a random number generator, SHA-2 or other hash generator and an encryption-decryption-signature engine. Generally, one or more components of the cryptographic module 724 may be configured to collectively perform various operations used in calculating hashes of passcodes, such as described above.).
Regarding claims 8-9, claims 8-9 are rejected under the same rational as claims 1-2, respectively.
Regarding claims 11-12, claims 11-12 are rejected under the same rational as claims 4-5, respectively.
Regarding claims 15-16, claims 15-16 are rejected under the same rational as claims 1-2, respectively.
Regarding claims 18-19, claims 18-19 are rejected under the same rational as claims 4-5, respectively.
Regarding claim 21, Roth, in combination with Bos, teaches the method of claim 1, wherein the computation of the hardware-backed secret is a hardware-backed operation that must be executed on the hardware of the device (Bos: Para. [0032], However, the key K is unknown: only the encoded value of this key is known as the salt. Hence, the adversary also needs to obtain the white-box implementation if they want to compute this off-line attack. The white-box implementation may include platform binding properties to prevent the adversary from simply copying and using the white-box implementation to carry out an attack. The platform binding properties mean that the white-box implementation will only compute valid output results which can be used for password authentication on the designated server and hence in such an attack. Para. [0033], The white-box implementation of the symmetric cipher may use other white-box implementation techniques to make it harder for an attacker to attack the digital signature scheme such as using platform binding. Para. [0030]-[0031]).

Claim(s) 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al. (US 2016/0197937; Hereinafter “Roth”) in view of Bos et al. (US 2020/0099525; Hereinafter “Bos”) and in view of Lily Chen, (NIST Special Publication 800-108 Recommendation for Key Derivation Using Pseudorandom Functions, Oct. 2009, NIST Computer Security Division Information Technology Laboratory, pages 1-21. (Year: 2009); Hereinafter “Chen”).
Regarding claim 6, Roth, in combination with Bos, teaches the method of claim 4, wherein a hardware-backed MAC or a hardware-backed digital signature. (Roth: Para. [0032], For example, the hash of the passcodes may be or otherwise may be based at least in part on a keyed-hashed message authentication code (HMAC) such as HMAC_MD5, HMAC-SHA-2 (where HMAC-SHA-2 denotes HMAC using a SHA-2 function). Other example password hashes include password based key derivation functions (PBKDFs) such as PBKDF2 and Bcrypt. It should be noted that the term "one-way" is used in the practical sense and is not necessarily limited to functions within the strict mathematical definition of one way functions. Generally, as used herein, one-way functions are functions satisfying one or more conditions on invertability. Para. [0071], The one or more cryptographic processors may be used to perform cryptographic operations in the device and may include a random number generator, SHA-2 or other hash generator and an encryption-decryption-signature engine. Generally, one or more components of the cryptographic module 724 may be configured to collectively perform various operations used in calculating hashes of passcodes, such as described above.)

In an analogous art, Chen teaches a system and method wherein a hardware-backed MAC or a hardware-backed digital signature are utilized as a pseudorandom function used by the password hash computation (NIST: Page 9-10, Section 4. When a cryptographic key KI is regarded as the seed, that is, s = KI, the output of the pseudorandom function can be used as keying material. In Section 5, several families of PRF-based key derivation functions are defined without describing the internal structure of the PRF. For key derivation, this Recommendation approves the use of either the keyed hash Message Authentication Code (HMAC) specified in [8] or the cipher-based Message Authentication Code (CMAC) specified in [7] as the pseudorandom function. For a given KDF using HMAC or CMAC, the key KI is assumed to be computationally indistinguishable from one that has been selected uniformly at random from the set of all the binary strings with length of |KI|. Sec. 5, The KDFs specified in this Recommendation are constructed using PRFs (see Section 4).)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Chen with the system and method of Roth and Bos to include wherein a hardware-backed MAC or a hardware-backed digital signature are utilized as a pseudorandom function used by the password hash computation because this functionality provides for utilization of pseudorandom functions in key derivation functions when calculating HMAC values to enhance security (Chen: Page 6, Sec. 1-2). 
Regarding claim 13, claim 13 is rejected under the same rational as claim 6. 
Regarding claim 20, claim 20 is rejected under the same rational as claim 6. 

Conclusion
The following prior art made of record is not relied upon, but is considered pertinent to applicant's disclosure. 
US Patent Application Publication No.: US 2012/0151223 by Conde Marques
SafeKeeper: Protecting Web Passwords using TEE by Klaudia et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571) 272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/NELSON S. GIDDINS/Primary Examiner, Art Unit 2437