DETAILED ACTION
This Office Action is in response to the application filed on 04/29/2020 having claims 1-20 pending.
Claims 1-20 are examined and being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
Applicant’s oath/declaration, filed on 08/28/2020, has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/28/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The Specification filed on 08/28/2020 are accepted for examination purpose.

Drawings
The Drawings filed on 08/28/2020 are accepted for examination purpose.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Specifically, claim 8 recites the limitation, “the hash value of the updated password”.  However, the scope of the claim is unclear and indefinite as there has been no prior mentioning of any updated password, generation/creation of the updated password, and the hash value of the updated password.  For examination purpose, the steps, “computing, using the initial cryptographic salt value, a hash value of the initial password; and transmitting the hash value of the initial password to the network-accessible service with at least one of the hash value of the updated password or the updated crypto graphic salt value”, will be interpreted as “computing, using the updated cryptographic salt value, a hash value of an updated password; and transmitting the hash value of the updated password to the network-accessible service with 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 15, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS).
As per Claim 1, Wang teaches a method comprising: 
[generating, by a password manager, a password for an account registered with a network-accessible service]; 
generating, [by the password manager], a cryptographic salt value (Wang, Parag. [0077]; “The security is further strengthened against any “brute force” attack aimed at guessing the output of these algorithms by the application of salt technique. For example, some random data may be added to the hashed word, and the output of password hash algorithm and the random salt data may be hashed in a one-dimensional one-way hash process to a secure and theft resistant password. Hence a hash algorithm or salted hashed passwords are generated. This is the process make the user ID 122 and the password 124 secured.”);
computing, using the cryptographic salt value, a hash value of the password (Wang, Parag. [0064]; “If the user ID is present in the account data 118, salt or the random text would be used to compute the password hash to evaluate the password.”); and 
transmitting, [by the password manager], the hash value of the password and the cryptographic salt value to the network-accessible service (Wang, Parag. [0063]; “If the user credential is compromised, the service 104 may send the record 130 to the service 110.” … Parag. [0064]; “In these instances, the record 130 may include a user ID, salt and password hashes.”).
Wang does not expressly teach:
generating, by a password manager, a password for an account registered with a network-accessible service;
… by the password manager;
However, Caldwell teaches:
generating, by a password manager, a password for an account registered with a network-accessible service (Caldwell, Parag.[0073]; “In one embodiment, as described above, electronic credentials may comprise one or more of a username and password, fingerprint scan, retinal scan, digital certificate, personal identification number (PIN), challenge response, security token, hardware token, software token, DNA sequence, signature, facial recognition, voice pattern recognition, bio-electric signals, two-factor authentication credentials, or other information whereby the authentication module 202 may authenticate and/or validate an identity of and/or an authorization of a user.” … Parag. [0095]; “The password manager module 306, in certain embodiments, may generate and/or otherwise manage different, secure, credentials for each of a plurality of third party service providers 108.” … Parag. [0096]; “The password manager module 306, in certain embodiments, may periodically update (e. g., regenerate different credentials, such as a different password, and update the user's account with the third party service provider 108 with the regenerated different credentials) electronic credentials for a user.”);
… by the password manager (Caldwell, Parag. [0095]; “The password manager module 306, in certain embodiments, may generate and/or otherwise manage different, secure, credentials for each of a plurality of third party service providers 108.” … Parag. [0096]; “The password manager module 306, in certain embodiments, may periodically update (e. g., regenerate different credentials, such as a different password, and update the user's account with the third party service provider 108 with the regenerated different credentials) electronic credentials for a user.”);
Wang and Caldwell are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Caldwell’s system into Wang’s system, with a motivation to provide a password manager to generate or update user credentials to be used with different service providers (Caldwell, Parag. [0096]).

As per claim 3, the combination of Wang and Caldwell teaches the method of claim 1. Caldwell further teaches wherein generating the password is performed responsive to detecting that a triggering condition associated with the account is satisfied (Caldwell, Parag. [0066]; “A detection module 112, in certain embodiments, may trigger a server 108 of the third party service provider 108 to use out of band communications, multi-factor authentication, trigger a password or other electronic credential reset, or the like, for one or more affected users, in order to keep the user's account with the third party service provider 108 safe.”).

As per claim 4, the combination of Wang and Caldwell teaches the method of claim 3. Caldwell teaches wherein detecting that the triggering condition associated with the account is satisfied (Caldwell, Parag. [0066]; “A detection module 112, in certain embodiments, may trigger a server 108 of the third party service provider 108 to use out of band communications, multi-factor authentication, trigger a password or other electronic credential reset, or the like, for one or more affected users, in order to keep the user's account with the third party service provider 108 safe.”) comprises: 
receiving a notification that data associated with the account has been accessed by a malicious party (Caldwell, Parag. [0067]; “Based on the data downloaded from the data network 106, the internet, the dark web, or the like, in certain embodiments, a detection module 112 may determine a type for the breach (e. g., for a more detailed alert message to a user and/or third party service provider 108, in order to correctly repair the breach, or the like). For example, based on the downloaded data, associated metadata, or the like, a detection module 112 may determine that a keylogging device and/or software created the breach (e. g., based on the data including a plurality of different electronic credentials for the same user, times of the user's login, locations of the user's login, or the like), other metadata may indicate a rootkit, a botnet, and/or another type of malicious software; whether a user or a third party service provider 108 was breached; how much data or how many users were breached; or the like.”).

As per claim 15, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.

As per claim 17, the rejection of claim 15 it is incorporated. In addition, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 18, the rejection of claim 15 it is incorporated. In addition, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.


Claims 2 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) as applied to claim 1, and further in view of Goodwin et al. (US 8,234,302) hereinafter Goodwin.
As per claim 2, the combination of Wang and Caldwell teaches the method of claim 1. Wang teaches the method further comprising: 
receiving a request from a client device associated with the account to access the network-accessible service (Wang, Parag. [0025]; “In some implementations, the computing device may receive a login request 120 from the user device 112. The login request may include user credential, for example, including a user identifier (ID) 122 and a password 124 associated with the user ID 122. In some instances, the user ID 122 may include an email address, a phone number, or other information used to identify the user 114. For example, the user 114 may attempt to login to the service 110 using the user ID 122 (e. g., abc@a.com).”); and
The combination of Wang and Caldwell does not expressly teach:
 responsive to authenticating the client device associated with the account, transmitting a request to the network accessible service to authorize access by the client device to the network-accessible service, wherein the request comprises an identifier associated with the client device and the password for the account.
However, Goodwin teaches:
responsive to authenticating the client device associated with the account, transmitting a request to the network accessible service to authorize access by the client device to the network-accessible service, wherein the request comprises an identifier associated with the client device and the password for the account (Goodwing, Col. 5 lines 5-10; “At an initial point, a user, via a client device 200, may submit a request to access a particular item of electronic content ("content A” in FIG. 2) to a content provider 210. Such request may include information corresponding to the user account, such as the user account ID, password, and a unique device identifier, such as a browser ID.”).
Wang, Caldwell and Goodwing are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Goodwing system into Wang-Caldwell system, with a motivation to provide control and restrict unauthorized access to electronic content through an identified user account (account ID, password, device ID) by limiting a number of devices from which requests to access the content through the account have been received (Goodwing, Abstract).

As per claim 16, the rejection of claim 15 it is incorporated. In addition, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 2, and therefore it is rejected for the same rationale applied to claim 2.


Claims 5 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) ,as applied to claims 1 and 15, respectively, and further in view of Margetts (US 9,727,310).
As per claim 5, the combination of Wang and Caldwell teaches the method of claim 1.  The combination of Wang and Caldwell does not expressly teach:
wherein the cryptographic salt value is generated using an entropy source having at least a known entropy strength.
However, Margetts teaches:
wherein the cryptographic salt value is generated using an entropy source having at least a known entropy strength (Margetts, Col. 1, lines 13-17; “The basis of modern cryptography is the use of openly available cryptographic algorithms that utilize secret information (such as cryptographic keys) and random elements (such as salt, nonces and padding data).” … Col. 2, lines 19-24; “NIST SP 800-90B “describes the properties that an entropy source must have to make it suitable for use by cryptographic random bit generators.” An entropy source provides a source of random bit strings. A noise source is the “component of an entropy source that contains the non-deterministic, entropy-producing activity.”).
Wang, Caldwell and Margetts are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Margetts system into Wang-Caldwell system, with a motivation to implement an entropy source to generate random numbers (Margetts, Abstract).

As per claim 19, the rejection of claim 15 it is incorporated. In addition, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

Claims 6 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS), as applied to claims 1 and 15, respectively, and further in view of Qui et al. (US 2009/0006852) hereinafter Qui.
As per claim 6, the combination of Wang and Caldwell teaches the method of claim 1.  The combination of Wang and Caldwell does not expressly teach: 
wherein transmitting the hash value of the password and the cryptographic salt value further comprises: 
digitally signing at least one of the hash value of the password or the cryptographic salt value. 
However, Qui teaches:
wherein transmitting the hash value of the password and the cryptographic salt value further comprises:
digitally signing at least one of the hash value of the password or the cryptographic salt value (Qiu, Parag. [0034]; “Based on the password request received from a device provisioning station 104, which contains the device ID and Carrier ID, the SA 106 digitally signs the hash value of the password received from the TA 402 utilizing the private key of SA-to-Device authentication key, and then sends the signature of the password to the provisioning station 104 so that the communication device 102 may be provisioned with the unlock password signature.”).
Wang, Caldwell and Qui are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qui system into Wang-Caldwell system, with a motivation to provide a method to protect a generated password using digital signatures (Qui, Parag. [0008]).

As per claim 20, the rejection of claim 15 it is incorporated. In addition, it is a non-transitory computer readable storage medium claim that recites similar limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) as applied to claim 1, and further in view of Barkie et al. (US 2017/0054704) hereinafter Barkie.
As per claim 7, the combination of Wang and Caldwell teaches the method of claim 1. The combination of Wang and Caldwell does not expressly teach the method further comprising: transmitting, to the network-accessible service, a secret value that is known to the password manager and the network-accessible service.
However, Barkie teaches the method further comprising: transmitting, to the network-accessible service, a secret value that is known to the password manager and the network-accessible service (Barkie, Parag. [0016]; “In some embodiments, a variable attribute associated with a recurring public event may be designated as a shared secret between an access manager and a user. Then, at a later time when the user wants to access a resource managed by the access manager, the user may transmit to the access manager a shared key that is generated based on that shared secret. More specifically, the shared key may, if it is correct, be based on a value of the shared secret.” … Parag. [0018]; “Referring now to FIG. 1, shown is an example method 100 for providing a user identifier (user ID) and shared secret to a user, in accordance with embodiments of the present disclosure. In some embodiments, the method 100 may be performed by an access manager using (or operating on) a computer” … Parag. [0021]; “In some embodiments, the user may also be provided with instructions on how to use the shared secret to generate an appropriate password. For example, the user may be informed that the shared key at any given time will be the sum of the characters comprising the value of the shared secret at that time.”).
Wang, Caldwell and Barkie are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barkie system into Wang-Caldwell system, with a motivation to provide a variable attribute associated with a recurring public event as a shared secret (Barkie, Parag. [0001]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) as applied to claim 1, and further in view of Sabeldfel et al. (A Model for Delimited Information Release, 2003) hereinafter Sabeldfel.
As per claim 8, the combination of Wang and Caldwell teaches the method of claim 1. Wang further teaches [wherein the cryptographic salt value is an updated cryptographic salt value], and wherein the method further comprising: 
maintaining an initial password for the account registered with the network-accessible service, wherein the initial password is associated with an initial cryptographic salt value (Wang, Parag. [0064]; “If the user ID is not present in the account data 118 and a record match is not found, the service 110 may allow the user 114 to login on to the service 110. If the user ID is present in the account data 118, salt or the random text would be used to compute the password hash to evaluate the password. The password hash may be checked for availability in records. If the password hash is not found in the account data, the user 114 may be allowed to log in to the service 110. If the password hash is also found in the account data 118, the service may consider this account as a compromised account and report as a compromised account. Once an account is confirmed to be compromised, the service 110 may send a request to the user to, for example, initialize a password resetting process.” Examiner submits that the database store (keep/maintain) the user password in order to verify if the password is compromised and then proceed to update it in case that there is a match.);
computing, using the [initial] cryptographic salt value, a hash value of [the initial] password (Wang, Parag. [0064]; “If the user ID is present in the account data 118, salt or the random text would be used to compute the password hash to evaluate the password.”); and 
transmitting the hash value of the [initial] password to the network-accessible service (Wang, Parag. [0063]; “If the user credential is compromised, the service 104 may send the record 130 to the service 110.” … Parag. [0064]; “In these instances, the record 130 may include a user ID, salt and password hashes.”) [with at least one of the hash value of the updated password or the updated cryptographic salt value].
The combination of Wang and Caldwell does not expressly teach:
wherein the cryptographic salt value is an updated cryptographic salt value;
an updated password; and
… with at least one of the hash value of the updated password or the updated cryptographic salt value.
However, Sabeldfeld teaches:
wherein the cryptographic salt value is an updated cryptographic salt value (Sabeldfel, Section 5, page 183; “We consider UNIX-style password checking where the system database stores the images (or the hashes) of password-salt pairs. Salt is a publicly readable string stored in the database for each user id, as a protection against dictionary attacks …The expression hash(pwd, salt) concatenates the password pwd with the salt and applies the one-way hash function buildHash to the concatenation (the latter is denoted by ||). … The program update(pwdImg, salt, oldPwd, newPwd) updates the old password hash pwdImg by querying the old password oldPwd, matching its hash to pwdImg and (if matched) updating the hashed password with the hash of newPwd.”);
an updated password (Sabeldfel, Section 5, page 183; “The program update(pwdImg, salt, oldPwd, newPwd); and
… with at least one of the hash value of the updated password or the updated cryptographic salt value (Sabeldfel, Section 5, page 183; “The program update(pwdImg, salt, oldPwd, newPwd) updates the old password hash pwdImg by querying the old password oldPwd, matching its hash to pwdImg and (if matched) updating the hashed password with the hash of newPwd.”).
Wang, Caldwell and Sabeldfel are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sabeldfel system into Wang-Caldwell system, with a motivation to provide a delimited release model to password checking, illustrating how the type system gives security types to password-checking routines and also prevents laundering attacks. The method includes updating a password and its salt value (Sabeldfel, Section 5, page 183).

Claims 9-10 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) and further in view of Schechter et al. (US 2013/0212385) hereinafter Schechter.
As per claim 9, Wang teaches a system comprising: 
a memory (Wang, Parag. [0038]; “The memory 204 may store various modules , applications , programs , or other data.”); and 
a processing device coupled to the memory (Wang, Parag. [0038]; “The computing architecture 200 may include processor(s) 202 and memory 204. The memory 204 may store various modules, applications, programs, or other data. The memory 204 may include instructions that, when executed by the processor(s) 202, cause the processor(s) 202 to perform the operations described herein for the computing system 102.”), wherein the processing device to: 
[receive, from a password manager, a first hash value of an updated password for a particular account registered with a network-accessible service and a cryptographic salt value]; 
receive a request for access the particular account registered with the network-accessible service by a client device, the request comprising a password (Wang, Parag. [0025]; “In some implementations, the computing device may receive a login request 120 from the user device 112. The login request may include user credential, for example, including a user identifier (ID) 122 and a password 124 associated with the user ID 122. In some instances, the user ID 122 may include an email address, a phone number, or other information used to identify the user 114. For example, the user 114 may attempt to login to the service 110 using the user ID 122 (e. g., abc@a.com).”); 
[compute, using the cryptographic salt value, a second hash value of the password]; and 
[responsive to determining the first hash value matches the second hash value, authorize access by the client device to the network-accessible service].
However, Wang does not expressly teach:
receive, from a password manager, a first hash value of an updated password for a particular account registered with a network-accessible service and a cryptographic salt value;
compute, using the cryptographic salt value, a second hash value of the password; and
responsive to determining the first hash value matches the second hash value, authorize access by the client device to the network-accessible service.
However, Caldwell teaches:
receive, from a password manager, [a first hash value] of an updated password for a particular account registered with a network-accessible service (Caldwell, Parag. [0096]; “For example, in addition to allowing a direct access module 204 to access a third party service provider 108 using generated electronic credentials, the password manager module 306 may automatically populate one or more interface elements of a form on a webpage with electronic credentials (e. g., a username, a password) of the user, in response to the user visiting the web page in a web browser, or the like, without the user manually entering the electronic credentials. The password manager module 306, in certain embodiments, may periodically update (e. g., regenerate different credentials, such as a different password, and update the user's account with the third party service provider 108 with the regenerated different credentials) electronic credentials for a user, such as every week, every month, every two months, every three months, every four months, every five months, every six months, every year, every two years, in response to a user request, in response to a request from a third party service provider 108, and/or over another time period or in response to another periodic trigger.”) [and a cryptographic salt value];
Wang and Caldwell are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Caldwell’s system into Wang’s system, with a motivation to provide a password manager to generate or update user credentials to be used with different service providers (Caldwell, Parag. [0096]).
The combination of Wang and Caldwell does not expressly teach:
receive,… a first hash value … and a cryptographic salt value;
compute, using the cryptographic salt value, a second hash value of the password; and
responsive to determining the first hash value matches the second hash value, authorize access by the client device to the network-accessible service.
However, Schechter teaches:
receive,… a first hash value … and a cryptographic salt value (Schechter, Parag. [0029]; “The hash component 118 concatenates the password, the salt, and the key 110 and executes a hash function over such concatenation, thereby creating a first hash value for that username. The protected module 108 then transmits this first hash value to the authentication server 102, which stores the first hash value in correlation with the user name (or other user identifier) and the salt.”);
compute, using the cryptographic salt value, a second hash value of the password (Schechter, Parag. [0010]; “The protected module then executes the hash function of the concatenation of the purported password and the salt, thereby generating a second hash value.”); and
responsive to determining the first hash value matches the second hash value, authorize access by the client device to the network-accessible service (Schechter, Parag. [0010]; “If the first hash matches the second hash, then the protected module returns the value of “true”, indicating that the client computing device has set forth the proper password and the authentication server can provide access to the service.”).
Wang, Caldwell and Schechter are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Schechter system into Wang-Caldwell system, with a motivation to provide a device and a method for strengthen password protection, employing hashing functions and adding a salt. The service must retain a hash that corresponds to a respective password, but not retain the password itself in order to get better result against different password’s attacks (Schechter, Parag. [0003]).

As per claim 10, the combination of Wang, Caldwell and Schechter teach the system of claim 9. Schechter further teaches wherein the processing device is further to: 
responsive to determining the first hash value does not match the second hash value, deny access by the client device to the network-accessible service (Schechter, Parag. [0010]; “If, however, the two hashes do not match, then the protected module returns “false”, indicating that access to the user account has not been authenticated and that access to the user's account should be denied.”).

As per claim 13, the combination of Wang, Caldwell and Schechter teach the system of claim 9. Wang further teaches wherein the processing device is further to: 
receive, from the password manager, a hash value of an initial password for the particular account registered with the network-accessible service (Wang, Parag. [0060]; “The communication module 412 may transmit the modified user ID 126 to the computing system 102, and receive the record 130 corresponding the modified user ID 126. The record 130 may include a user ID including unobscured letters of the user ID 126, a hashed password corresponding to the ID, and one or more hash algorithms associated with the hashed password.”), 
wherein the processing device is to authorize access by the client device to the network-accessible service responsive to determining the hash value of the initial password satisfies a verification criterion (Wang, Parag. [0061-0062]; “The account handler 408 may further determine whether the ID of the record matches the user ID 122. In response to a determination that the ID of the record 130 matches the user ID 122, the account handler 408 may perform a hash operation on the password 124 using the one or more hash algorithms of the received record 130 to generate a hashed password corresponding to the user ID 122. The account handler 408 may further determine whether the generated hashed password corresponding to the user ID 122 matches the password corresponding to the ID. In response to a determination that the generated hashed password matches the password associated with the ID, the communication module 412 may generate the notification 128 based on the user credential.”).

As per claim 14, the combination of Wang, Caldwell and Schechter teach the system of claim 9. Schechter further teaches wherein determining the first hash value matches the second hash value comprises: 
computing, using the cryptographic salt value, a plurality of hash values of the password, wherein the plurality of hash values of the password comprises the second hash value (Schechter, Parag. [0031]; “In such an embodiment, the client computing device 106 initiates a session with the authentication server 102 in any suitable manner. The client computing device 106 transmits a username and purported password to the authentication server 102. Responsive to receiving such password, the authentication server 102 accesses the salt and first hash value that corresponds to the username set forth by the client computing device 106, and transmits the salt and the first hash value to the protected module 108. The receiver component 116 receives the purported password, the salt, and the first hash value, and the hash component 118 generates a concatenation of the purported password, the salt, and the key 110. The hash component 118 then executes the hash function over Such concatenation to generate a second hash value.”); and 
comparing the first hash value to each of the plurality of hash values of the password (Schechter, Parag. [0032]; “The protected module 108 further comprises a comparer component 122 that compares the first hash value (the hash value in the password database 114) with the second hash value and outputs a signal to the authentication server 108 that is indicative of the results of the comparison. For example, the comparer component 122 can output a first value if the two hashes are equivalent and can output a second value if the two hash values are not equivalent. The authentication server 102 can then authenticate the purported password based upon the value received from the protected module 108.”).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) and further in view of Schechter et al. (US 2013/0212385) hereinafter Schechter, as applied to claim 9; and further in view of Roth et al. (US 9,660,972) hereinafter Roth.
As per claim 11, the combination of Wang, Caldwell and Schechter teach the system of claim 9.  The combination of Wang, Caldwell and Schechter does not expressly teach:
wherein the processing device is further to: 
receive, from the password manager, a signature with at least one of the first hash value or the cryptographic salt value, wherein the processing device is to authorize access by the client device to the network-accessible service responsive to determining the signature corresponds to a pre-defined signature associated with the password manager.
However, Roth teaches wherein the processing device is further to: 
receive, from the password manager, a signature with at least one of the first hash value or the cryptographic salt value (Roth, Col. 4 lines 8-25; “In an embodiment, password claims submitted for the purpose of authentication contain at least two components, both of which are required for successful authentication and each of which provide a different security advantage. Both of the components may be based at least in part on the same password, although each component may be based at least in part on a different password in some embodiments. In an embodiment, one of the components is computed by first generating a key based at least in part on the password and then generating an electronic signature based at least in part on the generated key and a use parameter. The use parameter may be, for example, a current time or date. The other of the at least two components, in this example, may be a key generated based at least in part on the password. Both components of the at least two components may be generated also based at least in part on a salt and, in some embodiments, each of the at least two components are generated using a different salt.”),
wherein the processing device is to authorize access by the client device to the network-accessible service responsive to determining the signature corresponds to a pre-defined signature associated with the password manager (Roth, Col. 4, lines 37-61; “When a password claim is submitted, the password verification system may use its stored information to determine if the components of the submitted claim are valid. For example, continuing the present example, the password verification system may use its stored key to generate a signature and determine whether the signature matches the signature provided in the password claim. In some embodiments, such as when a date and/or time are used to generate the signature, the generated signature will only match the provided signature if the generated signature was produced using the same date/time. Thus, if the password verification system is configured to use a current time, the generated signature will match only if the password claim is current. Generally, the password verification system may be configured such that the provided signature will match only if the provided password was generated using the same parameters. Thus, when the provided signature is generated using one or more parameters not used by the password verification system, the signatures will not match. The password verification system may also compute a hash value of the received key to determine if the hash value matches the hash value stored in the database. If both components (and possibly other components, in Systems that require more than two components) match, then authentication will be successful.”).
Wang, Caldwell, Schechter and Roth are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Roth system into Wang-Caldwell-Schechter system, with a motivation to provide user access to computing resources, authenticating itself with a password verification system that uses parameters like signatures and hash verification (Roth, Col. 2, lines 49-56).

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2018/0173891) in view of Caldwell (US 2019/0108363) (included in IDS) and further in view of Schechter et al. (US 2013/0212385) hereinafter Schechter, as applied to claim 10; and further in view of Barkie et al. (US 2017/0054704) hereinafter Barkie.
As per claim 12, the combination of Wang, Caldwell and Schechter teaches the system of claim 10.  The combination of Wang, Caldwell and Schechter does not expressly teach:
wherein the processing device is further to: 
receive, from the password manager, a secret value that is known to the password manager and the network accessible service, wherein the processing device is to authorize access by the client device to the network accessible service responsive to authenticating the secret value.
However, Barkie teaches: 
receive, from the password manager, a secret value that is known to the password manager and the network accessible service (Barkie, Parag. [0016]; “In some embodiments, a variable attribute associated with a recurring public event may be designated as a shared secret between an access manager and a user. Then, at a later time when the user wants to access a resource managed by the access manager, the user may transmit to the access manager a shared key that is generated based on that shared secret. More specifically, the shared key may, if it is correct, be based on a value of the shared secret.” … Parag. [0018]; “Referring now to FIG. 1, shown is an example method 100 for providing a user identifier (user ID) and shared secret to a user, in accordance with embodiments of the present disclosure. In some embodiments, the method 100 may be performed by an access manager using (or operating on) a computer” … Parag. [0021]; “In some embodiments, the user may also be provided with instructions on how to use the shared secret to generate an appropriate password. For example, the user may be informed that the shared key at any given time will be the sum of the characters comprising the value of the shared secret at that time.”), wherein the processing device is to authorize access by the client device to the network accessible service responsive to authenticating the secret value (Barkie, Parag. [0030]; “Per operation 207, the duplicate shared key is compared to the received shared key to determine if they match. If there is a match, the access manager may grant the requester access to the resource, per operation 208. If, however, there is not a match, then, per operation 209, the requester may be denied access to the resource.”).
Wang, Caldwell, Schechter and Barkie are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provided a method of computing or generating a salt vale and a hash to generate or update a password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barkie system into Wang-Caldwell-Schechter system, with a motivation to provide digital user authentication and, more specifically, to user authentication relying on a variable attribute associated with a recurring public event as a shared secret (Barkie, Parag. [0001]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Chumbley (US 2020/0028679) relates to a method includes sending a request message to a password management server. The request message includes a public key of the user device, where the public key and a private key forming a public-private key pair. The public-private key pair may have been generated by the user device. The method further includes receiving a response message from the password management server. The response message includes an encrypted password. The method further includes decrypting the encrypted password using the private key to obtain a decrypted password. The method further includes obtaining access to account information using the decrypted password.
Kohlenberg et al. (US 2015/0254452) relates to a methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes an alarm action engine to invoke a provisional transmission block in response to detecting entry of a candidate password, a password linkage monitor to retrieve a list of password hash values associated with previously used passwords, and to compare the list of password hash values to a hash of the candidate password, the alarm action engine to invoke a permanent block of the candidate password when a match condition occurs between the hash of the candidate, password and a hash of one of the list of password hash values.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.D.C./Examiner, Art Unit 2498       

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498