DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections

2.	Claim 15 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Because claim 16- 20 are dependent on claim 15, they are also objected to.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Pub.No.: US 2020/0329025 A1 to Kahn et al(hereafter referenced as Kahn), in view of Patent No.: US 10,554,630 B2 to Chen.
Regarding claim 1, Kahn discloses “an apparatus for transitioning passwords of a user account accessible to a plurality of client devices”(user device, and multiple network devices [Fig.2]), the apparatus comprising: one or more processors; and logic encoded in one or more non-transitory media for execution by the one or more processors and when executed operable to perform operations comprising: activating a rollover period (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  [par.0023]) in response to receiving a second password to replace a first password associated with a stored first verifier created with a first salt (v1s1)“ (identity provider device compares the accompanying password (e.g. , a one - way hash of the accompanying password  [par.0021]) ; “wherein the first salt is continued from prior use with the first verifier associated with the first password” (determine that a received second password for the user account is the same as the first password ; and in response to determining that the second password is the same as the first password , prevent incrementing of the lockout counter [par.0044]) “ and authenticating an entered password” (authentication device [Fig.108]) , “by the entered password meeting one verification criteria of: during the rollover period, the entered password satisfying one of v2sl1 or v1s1; or after the rollover period expires, the entered password satisfying v2s2” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  [par.0023]) 
Kahn does not explicitly disclose “in response to receiving the second password”, generating a second verifier created with a second salt (v2s2) and a second verifier created with the first salt (v2s1)”
However, Chen in analogous art discloses “in response to receiving the second password” (generate a second password hash based on the first password hash and the second salt Chen [Fig.4/item 408]) , “generating a second verifier created with a second salt (v2s2) and a second verifier created with the first salt (v2s1)” (generate a second salt Chen[Fig.4/item 406]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Kahn’s password authentication method with Chen’s method for securely transmitting a password and verification. One of ordinary skill in the art would have been motivated to combine because Kahn teaches a first and second password process, Chen also discloses a first and second password process inclusive of generating a first and second salt, and both are from the same field of endeavor.
Regarding claim 2 in view of claim 1, the references combined disclose “wherein the operations further comprise: storing in an authentication storage (connection store Chen[Fig.6/item 638]), “v2s2 and v2s1 as active verifiers corresponding to the second password”(transmit the second salt and the second password hash to a third party for verification of user login credentials Chen[Fig.4/item 410]).


Regarding claim 3 in view of claim 2, the references combined disclose “wherein the operations further comprise: after rollover period expires, removing v1s1 and v2s1 from the authentication storage” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).
Regarding claim 4 in view of claim 1, the references combined disclose “wherein the second password is received from an administrator device and wherein the rollover period corresponds with a non-zero value in a user profile for the user account” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).
Regarding claim 5 in view of claim 1, the references combined disclose “wherein the operations further comprise: overriding the rollover period after an administrator device propagates the second password to the plurality of client devices”(Generate a second password hash based on the first password hash and a second salt Chen[Fig.5/item 506]).
Regarding claim 6 in view of claim 1, the references combined disclose “wherein the operations further comprise: prior to verifying the entered password during the rollover period: receiving a lock status of the user account” (increment lockout counter Kahn[Fig.6/item 606]), “wherein the lock status is continued for a lock period of time” (counter threshold Kahn[Fig.6/item 608]); “and receiving an unlock status of the user account after the lock period of time, wherein the rollover period is maintained during the lock status and unlock status.”(when the lockout counter satisfies ( e.g. , is greater than or equal to , etc. ) a failure threshold , the authentication service may lockout the account until an intervention is taken Kahn[par.0020]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein the operations further comprise: during the rollover period, extending the rollover period by a particular amount of time in response to receiving an extension request, by changing a profile parameter specifying a time for the rollover period” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).
Regarding claim 8, Kahn discloses “a computer-implemented method for transitioning passwords of a user account accessible to a plurality of client devices to access a database server, the method comprising: activating a rollover period (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  [par.0023]) in response to receiving a second password to replace a first password associated with a stored first verifier created with a first salt (v1s1)” (identity provider device compares the accompanying password (e.g. , a one - way hash of the accompanying password  [par.0021]);“wherein the first salt is continued from prior use with the first verifier associated with the first password” (determine that a received second password for the user account is the same as the first password ; and in response to determining that the second password is the same as the first password , prevent incrementing of the lockout counter [par.0044]); and authenticating an entered password by the entered password(authentication device [Fig.108]) meeting one verification criteria of: during the rollover period, the entered password satisfying one of v2sl1 or v1s1; or after the rollover period expires, the entered password satisfying v2s2” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  [par.0023])
Kahn does not explicitly disclose “in response to receiving the second password, generating a second verifier created with a second salt (v2s2) and a second verifier created with the first salt (v2s1).
However, Chen in analogous art discloses “in response to receiving the second password” (generate a second password hash based on the first password hash and the second salt Chen [Fig.4/item 408]) , “generating a second verifier created with a second salt (v2s2) and a second verifier created with the first salt (v2s1)” (generate a second salt Chen[Fig.4/item 406]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Kahn’s password authentication method with Chen’s method for securely transmitting a password and verification. One of ordinary skill in the art would have been motivated to combine because Kahn teaches a first and second password process, Chen also discloses a first and second password process inclusive of generating a first and second salt, and both are from the same field of endeavor.
Regarding claim 9 in view of claim 8, the references combined disclose “further comprising: storing in an authentication storage(connection store Chen[Fig.6/item 638]), v2s2 and v2s1 as active verifiers corresponding to the second password” (transmit the second salt and the second password hash to a third party for verification of user login credentials Chen[Fig.4/item 410]).
Regarding claim 10 in view of claim 9, the references combined disclose “further comprising: after rollover period expires, removing v1s1 and v2s1 from the authentication storage” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).
Regarding claim 11 in view of claim 8, the references combined disclose “wherein the second password is received from an administrator device and wherein the rollover period corresponds with a non-zero value in a user profile for the user account” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).
Regarding claim 12 in view of claim 8, the references combined disclose “further comprising: overriding the rollover period after an administrator device propagates the second password to the plurality of client devices” (Generate a second password hash based on the first password hash and a second salt Chen[Fig.5/item 506]). 
Regarding claim 13 in view of claim 8, the references combined disclose “further comprising: prior to verifying the entered password during the rollover period: receiving a lock status of the user account(increment lockout counter Kahn[Fig.6/item 606]), wherein the lock status is continued for a lock period of time(counter threshold Kahn[Fig.6/item 608]); and receiving an unlock status of the user account after the lock period of time, wherein the rollover period is maintained during the lock status and unlock status” (when the lockout counter satisfies ( e.g. , is greater than or equal to , etc. ) a failure threshold , the authentication service may lockout the account until an intervention is taken Kahn[par.0020]).
Regarding claim 14 in view of claim 8, the references combined disclose “further comprising: during the rollover period, extending the rollover period by a particular amount of time in response to receiving an extension request, by changing a profile parameter specifying a time for the rollover period” (SP devices 104 may request multiples authorization for the same credentials over a relatively short period of time  Kahn [par.0023]).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL D ANDERSON/Examiner, Art Unit 2433               

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433