DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 08/22/2022. Claims 8 – 10 and 19 – 20 are canceled. Claims 1 – 7 and 11 – 18 are pending for consideration. 


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/22/2021 has been entered.


Response to Arguments
Applicant’s arguments with respect to claims 1 – 7 and 11 – 18 have been fully considered but they are moot in view of new ground of rejection.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 7 and 11 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over Evans (US 2020/0007343) (hereafter Evans) and in view of Bendersky et al. (US 10554637) (hereafter Bendersky).

Regarding claim 1 Evans teaches: A data validation method comprising (Evans, in Para. [0003] discloses “systems and methods for data validation and assurance are provided.”): 
generating a data set associated with a first credential information stored by a first entity in a first data storage medium 
[the data set comprising a first partial hash] (Bendersky)
determined for a first username stored in the first data storage medium;
 (Examiner note: first credential information is met by the first private verification data chain; first data storage medium is met by the data repository unit) (Evans, in Para. [0010] discloses “create at least a first private verification chain of one or more commitment blocks generated at least from one or more target documents or files stored in the data repository, and generate, automatically, at least a first public verification chain of one or more commitment blocks for verifying a state of the first private chain”),
submitting the data set to a data provider over a computing network to validate the first credential information (Examiner note: credential information including username is met by the logging data and log operation information) (Evans, in Para. [0008] discloses “the user interface and/or the verification system is also configured to log operations taken with respect to any information (for example, within the privacy boundary).” Evans, in Para. [0014] discloses “the method further comprises logging data access or data update operations on the file repository”)
[the data provider analyzing the data set to determine whether a second partial hash determined for a second username stored in a second data storage medium matches the first partial hash determined for the first username;] (Bendersky) 
in response to a match being found, receiving from the data provider a full hash determined for the second username and a full hash determined for a password associated with the second username; and 
determining  that the first credential information has been potentially compromised, in response to determining that: 
the full hash determined for the second username matches a full hash determined for the first username, and 
the full hash for the password associated with the second username matches a full hash determined for a password associated with the first username
Evans fails to explicitly teach:
the data set comprising a first partial hash
the data provider analyzing the data set to determine whether a second partial hash determined for a second username stored in a second data storage medium matches the first partial hash determined for the first username;
in response to a match being found, receiving from the data provider a full hash determined for the second username and a full hash determined for a password associated with the second username; and 
determining that the first credential information has been potentially compromised, in response to determining that: 
the full hash determined for the second username matches a full hash determined for the first username, and 
the full hash for the password associated with the second username matches a full hash determined for a password associated with the first username
Bendersky from the analogous technical field teaches: the data set comprising a first partial hash (Examiner note: splitting the data into first/second parts followed by hashing resulted in partial hash is met by splitting the data into segments by Bendersky followed by hashing and further processing of different data segments) (Bendersky, in col.6, ll. 2-4 discloses “the transmitted content is split into one or more segments and distributed to an endpoint via several intermediary resources”
Bendersky, in col.3, ll. 26-31 discloses “the receiving network resource is further configured to validate the one or more data portions by computing a hash value for the combined one or more data portions and comparing the computed hash value with the hash value included in the at least one of the plurality of encrypted blocks”)
the data provider analyzing the data set to determine whether a second partial hash determined for a second username stored in a second data storage medium matches the first partial hash determined for the first username (Examiner note: determination, i.e., management of data storage is met by the transmission manager of Bendersky; username/password is included into data 207, Fig. 2; splitting and processing first/second partial hash values is met by splitting data 302 into P1/P2 parts and processing as depicted in Fig. 3) (Bendersky, in col.8, ll. 21-22 discloses “data 207 may be a user's password being supplied to access a secure service” Bendersky, in col.7, ll. 45-48 discloses “database 109 may store various data and applications involved in transmission manager 110's secure and distributed transmission of data.” Bendersky, in col.8, ll. 59-65 discloses “As illustrated in FIG. 3, transmission manager 301 (e.g., similar to transmission manager 110) may operate to access data 302 (e.g., similar to data 207), split the data 302 into two (or more) portions, P1 305 and P2 306, and transmit the data portions 305-306 along a distribution path en route to a receiving network resource 303.” Bendersky, in col.9, ll. 28-30 discloses “database 304 may include applications configured to perform encryption of data 302 and/or data portions following the splitting or sharing”); in response to a match being found, receiving from the data provider a full hash determined for the second username and a full hash determined for a password associated with the second username; and (Examiner note: determination of the full hash is met by computation a hash of the joined data portions) (Bendersky, in col.13, ll. 26-27 discloses “DeviceID_6 303 may compute a hash of the joined data portions.”)
determining that the first credential information has been potentially compromised (Bendersky, in col.6, ll. 9-12 discloses “even if an attacker is able to compromise one or more of the intermediary resources, the attacker will still have no way of accessing the content being transmitted or other useful information for planning attacks”)
in response to determining that: the full hash determined for the second username matches a full hash determined for the first username, and the full hash for the password associated with the second username matches a full hash determined for a password associated with the first username (Examiner note: username/password is included into data 207/302/402 of Bendersky, Figs. 2-4; operations with the first/second parts of data including comparative analysis is met by the operations with the first, P1, and/or second, P2 data parts of Bendersky) (Bendersky, in col.8, ll. 17-23 discloses “The data 207 may be various types of data, such as digital information, application code, serverless code, credentials or secrets, software updates, network configuration data, policy controls, audit log or activity log data, etc. As an illustration, in some embodiments data 207 may be a user's password being supplied to access a secure service (e.g., secure server, application, database, website, intranet, etc.).” Bendersky, in col.13, ll. 26-27 discloses “As an example, if data 401 has been split in the form of P1:P2, an attempted joinder of P2:P1 would produce a hash different from the original hash computed by transmission manager 401, and thus would not match. On the other hand, an attempted combination of the data portions of P1:P2 would produce a hash identical to the computed hash generated by transmission manager 401 and included in X1 and/or Y1, and thus a comparison with this hash would produce a match.” Bendersky, in col.17, ll. 57-62 discloses “If there is a match in Session ID among two or more received data portions, the node may attempt to join the data portions, as discussed above. For example, the data portions may be joined in different forms repeatedly until a resulting hash of the joined data portion equals a hash provided in the decrypted incoming communication in operation 604.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Evans, in view of the teaching of Bendersky which discloses data splitting, hashing of the data parts, i.e. partial hashing, and comparative analysis of the data portions that could be combined with the data validation method of Evans in order to achieve efficient and secure user credential verification (Bendersky, col.3, ll. 26-31, col.6, ll. 2-4, col.6, ll. 9-12, col.7, ll. 45-48,  col.8, ll. 17-23, col.9, ll. 28-30, col.13, ll. 26-27, col.17, ll. 57-62)

Regarding claim 2 Evans, as modified by Bendersky, teaches: The method of claim 1 further comprising requesting a user associated with the first credential information to update the first credential information, in response to confirming that the first credential information has been potentially compromised (Examiner note: as noted above, first credential information is met by the first private verification data chain; first data storage medium is met by the data repository unit) (Evans, in Para. [0010] discloses “create at least a first private verification chain of one or more commitment blocks generated at least from one or more target documents or files stored in the data repository, and generate, automatically, at least a first public verification chain of one or more commitment blocks for verifying a state of the first private chain” Evans, in Para. [0011] discloses “the system the event monitor component is configured to log data access or data update operations on the file repository.” Evans, in Para. [0058] discloses “any entity seeking to validate the information can be assured that the verification information itself has not been compromised.”).

Regarding claim 3 Evans, as modified by Bendersky, teaches: The method of claim 1, wherein the data set comprises a cryptographic hash of at least a part of the first credential information (Examiner note: as noted above, splitting the data into first/second parts followed by hashing resulted in partial hash is met by splitting the data into segments by Bendersky followed by hashing and further processing of different data segments; as noted above, the user credential information is included into data 207/302/402 of Bendersky, as depicted in Figs. 2-4) (Bendersky, in col.6, ll. 2-4 discloses “the transmitted content is split into one or more segments and distributed to an endpoint via several intermediary resources” Bendersky, in col.3, ll. 26-31 discloses “the receiving network resource is further configured to validate the one or more data portions by computing a hash value for the combined one or more data portions and comparing the computed hash value with the hash value included in the at least one of the plurality of encrypted blocks” Bendersky, in col.10, ll. 30-32 discloses “Once data 302 has been identified, transmission manager 301 may compute a hash of the data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Evans, in view of the teaching of Bendersky which discloses hashing and separate processing of the split, i.e. segmented, data parts comprising user credential information in order to improve security of data processing and management in the system (Bendersky, col.3, ll. 26-31. col.6, ll. 2-4, col.10, ll. 30-32).

Regarding claim 4 Evans, as modified by Bendersky, teaches: The method of claim 3, wherein the data provider searches a series of hash values to find a match for the cryptographic hash (Bendersky, in col.13, ll. 26-27 discloses “As an example, if data 401 has been split in the form of P1:P2, an attempted joinder of P2:P1 would produce a hash different from the original hash computed by transmission manager 401, and thus would not match. On the other hand, an attempted combination of the data portions of P1:P2 would produce a hash identical to the computed hash generated by transmission manager 401 and included in X1 and/or Y1, and thus a comparison with this hash would produce a match.” Bendersky, in col.17, ll. 57-62 discloses “If there is a match in Session ID among two or more received data portions, the node may attempt to join the data portions, as discussed above. For example, the data portions may be joined in different forms repeatedly until a resulting hash of the joined data portion equals a hash provided in the decrypted incoming communication in operation 604.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Evans, in view of the teaching of Bendersky which discloses comparative analytic procedure of matched/unmatched data hash values in order to improve data validation method of Evans (Bendersky, col.13, ll. 26-27, col.17, ll. 57-62)

Regarding claim 5 Evans, as modified by Bendersky, teaches: The method of claim 4, wherein the series of hash values comprise a hash of at least a part of the second credential information known to have been compromised (Examiner note: processing the second. i.e., compromised, data portion with other real data parts is met by the malfunction detection method of Bendersky based on a creation of the fictive data portions followed by processing with real data elements) (Bendersky, in col.3, ll. 4-7 discloses “the receiving network resource is configured to, upon obtaining the one or more data portions, and with reference to the unique session identifier, combine and validate the one or more data portions” Bendersky, in col.3, ll. 26-31 discloses “the receiving network resource is further configured to validate the one or more data portions by computing a hash value for the combined one or more data portions and comparing the computed hash value with the hash value included in the at least one of the plurality of encrypted blocks” Bendersky, in col.9, ll. 37-42 discloses “database 304 may also include applications configured to create fictive (e.g., null, nonce, or decoy) data portions. These data portions may be used in some situations in combination with real or actual data elements in order to detect attacks or enhance the difficulty in attacking distributed data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Evans, in view of the teaching of Bendersky which discloses the compromised data detection procedure in order to improve data validation method of Evans by inclusion of the split data parts verification procedure (Bendersky, col.3, ll. 4-7, col.3, ll. 26-31, col.9, ll. 37-42).  

Regarding claim 6 Evans, as modified by Bendersky, teaches: The method of claim 1 further comprising storing information associated with the matches between the determined hashes in a cache locally available to a customer credential system of an institution responsible for safeguarding the first credential information.
(Bendersky, in col.7, ll. 45-48 discloses “database 109 may store various data and applications involved in transmission manager 110's secure and distributed transmission of data.” Bendersky, in col.8, ll. 59-65 discloses “As illustrated in FIG. 3, transmission manager 301 (e.g., similar to transmission manager 110) may operate to access data 302 (e.g., similar to data 207), split the data 302 into two (or more) portions, P1 305 and P2 306, and transmit the data portions 305-306 along a distribution path en route to a receiving network resource 303.” Bendersky, in col.13, ll. 26-27 discloses “As an example, if data 401 has been split in the form of P1:P2, an attempted joinder of P2:P1 would produce a hash different from the original hash computed by transmission manager 401, and thus would not match. On the other hand, an attempted combination of the data portions of P1:P2 would produce a hash identical to the computed hash generated by transmission manager 401 and included in X1 and/or Y1, and thus a comparison with this hash would produce a match.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Evans, in view of the teaching of Bendersky which discloses storage of the information related to the comparative analysis of the data part hash values in order to improve data validation method of Evans (Bendersky, col.7, ll. 45-48, col.13, ll. 26-27).

Regarding claim 7 Evans, as modified by Bendersky, teaches: The method of claim 6, wherein a splitter is utilized to provide the information associated with the matches to one or more of the cache or the customer credential system of the institution responsible for safeguarding the first credential information (Evans, in Para. [0004] discloses “the system provides enhancements over conventional approaches, automatically generating provable assurance information which can, in some examples, be shared publically. For example, the system implements hybrid private/public distributed ledgers for generating verification information and provides public access to portions of the assurance/verification information (e.g., public portions of the distributed ledger).”).

Regarding claim 11, claim 11 discloses a system that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 11 and rejected for the same reasons.

Regarding claim 12, claim 12 dependent on claim 11 discloses a system that is substantially equivalent to the method of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 12 and rejected for the same reasons.

Regarding claim 13, claim 13 dependent on claim 11 discloses a system that is substantially equivalent to the method of claim 3 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 14, claim 14 dependent on claim 13 discloses a system that is substantially equivalent to the method of claim 4 dependent on claim 3. Therefore, the arguments set forth above with respect to claim 4 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 15, claim 15 dependent on claim 14 discloses a system that is substantially equivalent to the method of claim 5 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claim 16, claim 16 dependent on claim 11 discloses a system that is substantially equivalent to the method of claim 6 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 16 and rejected for the same reasons.

Regarding claim 17, claim 17 dependent on claim 16 discloses a system that is substantially equivalent to the method of claim 7 dependent on claim 6. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 17 and rejected for the same reasons.

Regarding claim 18, claim 18 discloses a product that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 18 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form Goldfarb et al. (US 2017/0364700), Vazquez et al. (US 9640001), Koletsky (US 20170161733).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431                                                                                                                                                                                                        




/TRANG T DOAN/Primary Examiner, Art Unit 2431