Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-6, 8-19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wilkins et al. (US 2005/0216955) hereafter Wilkins.
Regarding claim 1. Wilkins discloses a method for detecting and defending against password spraying attacks on a network, the method comprising: 
receiving information regarding failed attempts to login to user accounts located on a target system of the network (para 36, 38, 52-53, authentication request ); 
recording each password used to attempt a failed login to any of the user accounts located on the target system (para 3637, 52-53, authentication data logged and stored in database 206); 
(table 1, attack type A, C, H; para 54-55); and 
responsive to determining that the common password was used in the failed login attempt to the number of different user accounts on the target system greater than or equal to the predetermined threshold, sending an alert regarding a password spraying attack corresponding to the common password that resulted in the failed login attempt to the number of different user accounts located on the target system (para 55).

Regarding claim 2. The method of claim 1 further comprising: responsive to determining that the common password was used in the failed login attempt to the number of different user accounts on the target system greater than or equal to the predetermined threshold, blocking future login attempts from a source system attempting to login to any of the user accounts located on the target system (para 56).

Regarding claim 3. The method of claim 1 further comprising: responsive to determining that the common password was used in the failed login attempt to the number of different user accounts on the target system greater than or equal to the predetermined threshold, disabling those user accounts for which the common password resulted in the failed login attempt to the number of different user accounts located on the target system (para 64).

Regarding claim 4. The method of claim 1 further comprising: responsive to determining that the common password was used in the failed login attempt to the number of different user accounts on (para 56, 64).

Regarding claim 5. The method of claim 1, wherein the recording of each password used to login to any of the user accounts located on the target system further includes: maintaining a count of failed login attempts using the common password across any of the user accounts located on the target system; generating a timestamp for a most recent login attempt to a user account using the common password; recording an IP address of a source system that attempted the most recent login attempt to the user account using the common password; and maintaining a list of unique user account names associated with each failed password (table 1, attack type A, C, H, in order to detect the “distributed password sweep”, it is implicit that there is a counter indicating more than one usage amongst multiple user accounts; see also para 37, time stamp; para 36, network address, user account name string).

Regarding claim 6. The method of claim 1 further comprising: saving each password used to attempt the failed login to any of the user accounts located on the target system in a list of failed passwords along with a timestamp corresponding to each respective failed login (para 36); and incrementing a password instance counter by one for each password used to attempt the failed login to any of the user accounts located on the target system (para 54-55, Table 1, see above).

Regarding claim 8. The method of claim 6 further comprising: removing a recorded password from the list of failed passwords based on a predetermined period of time elapsing since the recorded password was last used in a corresponding failed login attempt to any of the user accounts located on the target system (para 39).

(para 54-55, table 1, see above).

Claims 10-19 are similar in scope to claims 1-6, 8, 9 and are rejected under similar rationale.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 7, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wilkins as applied to claims 6, 19 above, and further in view of Maor et al. (US 2020/0267178) hereafter Maor.
Regarding claim 7. Wilkins discloses the method of claim 6, but does not explicitly disclose wherein each password is saved as a hash in the list of failed passwords to increase password security.  However, in an analogous art, Maor discloses credential spray attack detection including wherein each password is saved as a hash in the list of failed passwords to increase password security (para 224).  It would have been obvious to a person or ordinary skill in the art before the effective filing date to modify the implementation of Wilkins using the known art recognized equivalence for the same purpose with predictable results.

Claim 20 is similar in scope to claim 7 and is rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/Primary Examiner, Art Unit 2439