DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 07/21/2020. Claims 1-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/934,409.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2020/0250296) issued to Yao Zhao (filed in IDS 11/16/2021) and in view of US Patent No. (US2018/0332079) issued to Ashley (filed in IDS 11/16/2021).
Regarding claims 1,9, and 17 ,  Zhao discloses using a first computer, storing, in one or more digital data repositories, a plurality of user identity records relating to user identity information and user credentials collected from a plurality of sources[¶26,  Computer-implemented techniques are provided for determining whether a credential has been compromised. In an embodiment, at a server computer, one or more bloom filters may be generated, wherein each bloom filter corresponds to a particular subset of a set of compromised credentials. Each compromised credential of the set of compromised credentials may be inserted into the corresponding bloom filter], and [¶36, Client computing device 120 may send data to and receive data from server computer 110 for determining whether particular credentials have been compromised or leaked. For example, assume client computing device 120 receives a credential 124 comprising a username 126 and a password 128…]; and
the plurality of user identity records comprising unhashed user identity records and hashed user identity records, each of the hashed user identity records corresponding to one of the unhashed user identity records[¶48, in response to detecting an attack, each credential used in the attack is provided to the server computer 110. The credentials may be hashed prior to being sent to server computer 110]; and
receiving via digital transmission a request from a client computing device, the request specifying a partial hash of particular user identity information; generating and submitting a query to the one or more digital data repositories based on the partial hash [¶69-70, see FIG. 3, In step 302, the client computer determines an index value corresponding to the credential, and sends the index value to the server computer. In an embodiment, determining the index value is the same as determining the subset to which a credential belongs. For example, as discussed above, a lossy hash function may use to determine which subset a particular credential is added to. The lossy hash function may be applied to the username of the credential to determine the index value corresponding to the credential. An example lossy hash function for determining the index value may be: i = first c bits of SHA-256 {username) A SHA-256 cryptographic hash is applied to the username of the credential, which produces a 256-bit result. The index value i is the first c bits of the result. Referring to the above example, assume the lossy hash function is applied to username u, resulting in an index value of k. Client computing device 120 sends the value k to the server computer 110]; and
the set of user identity records comprising a plurality of user credential values associated with the partial hash of the particular user identity information[ see FIG2, ¶¶48-49, … The credentials may be hashed prior to being sent to server computer 110… a number of subsets is determined for a set of compromised credentials. The set of compromised credentials is divided into one or more subsets. If the set of compromised credentials is small, a single bloom filter may be sufficient to contain all of the compromised credentials. However, a set of compromised credentials might contain billions of credentials. Rather than inserting all of the credentials into a single bloom filter, the compromised credentials are divided or sharded into a 
generating and storing in computer memory a bloom filter based on the plurality of user credential values associated with the particular user identity information, the bloom filter being configured to allow the client computing device to determine whether a particular user credential value that is associated with the particular user identity information is included in the plurality of user credentials represented by the bloom filter[ ¶¶71-72, a server computer receives an index value from a client computing device. For example, server computer 110 may receive a request from client computing device 120 specifying the index value k. In response to receiving the index value, at step 306, the server computer determines a target bloom filter corresponding to the index value and sends the target bloom filter to the client computing device. In an embodiment, the index value corresponds to the index of a particular subset of compromised credentials, which then corresponds to a particular bloom filter of the plurality of bloom filters. The index value may be used to determine the particular subset of compromised credentials corresponding to the index value. Then, the corresponding bloom filter is determined based on the particular subset of compromised credentials. Additionally, or alternately, the index value may be used to retrieve the particular bloom filter. For example, the plurality of bloom filters may be stored as a set, and the index value may be used to index the set to retrieve the particular bloom filter]; and
 transmitting the bloom filter to the client computing device.  
[¶78, at step 308, the client-computing device receives a bloom filter from the server computer. Additionally, the client-computing device may receive a public key and/or salt value. Referring 
Zhao does not explicitly disclose, however, Ashley discloses the query being programmed to retrieve a set of user identity records of the plurality of user identity records that match the partial hash[¶101, Referring to FIG. 8A, a match is performed using user credential 820 (802).  Bloom filter 708 reports an "accept," (804) meaning that there is a 99% chance that user credential 820 is an enterprise user credential (e.g., assuming that the bloom filter was created with the above-described desired false positive rate set at 1%, meaning that an ACCEPT response indicates, with 99% confidence, that the credential (username and/or password being queried for a match with the bloom filter) is present in the enterprise user credentials data used to generate/compile the bloom filter, which are the enterprise user 
credentials stored in enterprise credentials data store 850 in this example). Whether user credential 820 is actually present in enterprise credentials data store 850 is determined.  The verification of the bloom filter ACCEPTance (e.g., reported match/hit) is performed by querying enterprise credentials data store 850 using user credential 820 (806).  As mentioned above, the ACCEPTance of user credential 820 by the bloom filter was a false positive in this example.  As a result, user credential 820 is not present in enterprise credentials data store 850.  Accordingly, the query of enterprise credentials data store 850 for user credential 820 will fail (808) (e.g., respond to the query by indicating that there is not a result/match for user credential 820 in 
the enterprise credentials data store)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhao with the teaching of Ashley in 
Regarding claims 2 and 10 Zhao discloses wherein the particular user identity information comprises at least one of: a username and email address [¶29, at a client-computing device, a credential comprising a username and a password may be received].
Regarding claims 3,11, and 18, Zhao discloses, wherein the partial hash comprises a subset of characters of a full hash of the particular user identity information [¶58-59, in an embodiment, a lossy hash function is used to determine which subset a particular credential is added to.  An example lossy hash function may be: L(x)=first c bits of SHA-256(x) . A SHA-256 cryptographic hash is applied to x, which produces a 256-bit result.  The lossy hash function L(x) takes only the first c bits of the result as its value].
Regarding claims 4, and 12, Zhao discloses,, wherein the partial hash is generated using a SHA-256 hash function [¶58-59, in an embodiment, a lossy hash function is used to determine which subset a particular credential is added to.  An example lossy hash function may be: L(x)=first c bits of SHA-256(x) . A SHA-256 cryptographic hash is applied to x, which produces a 256-bit result.  The lossy hash function L(x) takes only the first c bits of the result as its value].
Regarding claims 5, and 18, Zhao discloses, wherein the plurality of user credential value comprises a plurality of passwords[¶7,  one technique may include sending a user a set of secure hashes of passwords that correspond to a particular username], and [¶29,  at a client computing device, a credential comprising a username and a password may be received].
Regarding claims 6, 14, and 19, Zhao discloses, transmitting bloom filter configuration information to the client computing device, the bloom filter configuration information comprising one or more hash functions that are used to generate the bloom filter [¶26, at a server computer, one or more bloom filters may be generated, wherein each bloom filter corresponds to a particular subset of a set of compromised credentials.  Each compromised credential of the set of compromised credentials may be inserted into the corresponding bloom filter.  Additionally, one or more public-private key pairs and/or one or more salt values may be generated, wherein each public-private key pair and/or salt value corresponds to a particular subset of the set of compromised credentials], and  [¶58-60, in an embodiment, a lossy hash function is used to determine which subset a particular credential is added to.  An example lossy hash function may be: L(x)=first c bits of SHA-256(x) . A SHA-256 cryptographic hash is applied to x, which produces a 256-bit result.  The lossy hash function L(x) takes only the first c bits of the result as its value. Referring to the above example, assume c is 24.  The SHA-256 cryptographic hash may be applied to the username of the particular credential to produce a 256-bit value.  The first 24 bits of the SHA-256 result may be used as an index value to determine the corresponding subset and bloom filter for the particular credential.].
Regarding claims 7, 15, and 20, Zhao discloses,, in response to the client computing device determining that the particular user credential value is included in the bloom filter, the client computing device causing execution of programmatic instructions that cause one or more of: a restriction of an account associated with the particular user identity information, a locking of an account associated with the particular user identity information, a generation and transmission of an alert that indicates that the particular user identity information has been compromised, a generation of a prompt or recommendation for an account associated with the particular user identity information to change password, an automatic changing of a password of an account that is associated with the particular user identity information [¶92, the techniques described above may be used to determine whether a plurality of credentials have been compromised, or likely to have been compromised… compromised credentials can be rejected and access to the computer systems can be blocked selectively, thereby protecting data from disclosure and/or protecting the computer systems from the introduction of malware or malicious programs]; and [¶102,  Referring to FIG. 8B, a match against bloom filter 708 for user credential 830 is performed (832).  The bloom filter reports a REJECT (834), indicating with 100% confidence that user credential 830 is not present in enterprise credentials data store 850].
Regarding claims 8, and 16, Zhao discloses,, wherein the query is further programmed to: identify a set of hashed user identity records of the plurality of user identity records that match the partial hash; identify, based on the set of hashed user identity records, a set of unhashed user identity records that match the partial hash, a set of unhashed user identity records comprising a plurality of user credential values associated with the partial hash of the particular user identity information[¶101, Referring to FIG. 8A, a match is performed using user credential 820 (802).  Bloom filter 708 reports an "accept," (804) meaning that there is a 99% chance that user credential 820 is an enterprise user credential (e.g., assuming that the bloom filter was created with the above-described desired false positive rate set at 1%, meaning that an ACCEPT response indicates, with 99% confidence, that the credential (username and/or password being queried for a match with the bloom filter) is present in the enterprise user credentials data used to generate/compile the bloom filter, which are the enterprise user credentials stored in enterprise credentials data store 850 in this example). Whether user credential 820 is actually present in enterprise credentials data store 850 is determined.  The verification of the bloom filter ACCEPTance (e.g., reported match/hit) is .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Ashley(US9967236) [Credentials enforcement using firewall]. 
Mutka(US8966252) [ Private entity authentication for pervasive computing environments].
Madisetti(US10102265)[Method and system for tuning Block chain scalability for fast and low0cost payment transaction processing].
Florencio(US2007/0199054)[ Client side attack resistant phishing detection].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496