DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are canceled.
Claims 21-40 are new.
Claims 21-40 are pending.

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 09/26/2022 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) has/have been considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 21-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims have been evaluated for patent subject matter eligibility under 35 U.S.C. 101 using the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

Claims 21-27:
Step 1
Claims 21-27 are directed to a computer-implemented method (i.e. process). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 21 recites (i.e., sets forth or describes) an abstract idea of a multi-step mental process of comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s). Specifically, but for the additional elements, claim 21 under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind. For instance, the claimed comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s) is an example of concepts performed in the human mind because it involves concepts practically performed in the human mind. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
receiving, by one or more processors of a server, a request from a client computer system, wherein the request comprises a modified hashed password, further wherein the modified hashed password comprises: a first portion of a hashed password comprising first N characters of the hashed password; and one or more special characters that obscure a second portion of the hashed password, wherein the first portion of the hashed password and the second portion of the hashed password are non-overlapping portions of the hashed password
obtaining, by the one or more processors of the server, multiple passwords of multiple compromised accounts from a database
modifying, by the one or more processors of the server, the multiple passwords using a predetermined hash algorithm, thereby producing multiple hashed passwords
storing, by the one or more processors of the server, the multiple hashed passwords in the database
performing a database search based at least in part on the modified hashed password against the multiple hashed passwords
identifying, by the one or more processors of the server and from the multiple hashed passwords, at least one hashed password of the multiple hashed passwords that include the first portion of the hashed password
determining, by the one or more processors of the server, corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password
creating, by the one or more processors of the server, a response to the request comprising at least: the corresponding username(s); and the corresponding plaintext password(s)
transmitting, by the one or more processors of the server to the client computer system, the response

Step 2A Prong Two
Claim 21 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements of “one or more processors of a server”, “client computer system”, “a database” and “a predetermined hash algorithm” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Further, the additional element “receiving … a request … wherein the request comprises …”, “storing … the multiple hashed passwords” and “transmitting … the response” amounts to mere data gathering, which is a form of insignificant extra-solution activity.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 21, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “receiving or transmitting data over a network”, “electronic recordkeeping” and “storing and retrieving information in memory” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 22-27 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 22 recites additional details of the type of data included in the first portion of the hashed password and the at least one hashed password of the multiple hashed passwords, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
the first portion of the hashed password is the first N characters of the hashed password
the at least one hashed password of the multiple hashed passwords includes the first portion of the hashed password as the first N characters
Claim 23 recites the following non-underlined claim elements as additional elements according to MPEP 2106.04(a). The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the predetermined hash algorithm is MD5, SHA1, or 3DES
Claim 24 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of mentally encrypting and decrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. 
the modified hashed password is encrypted using a predetermined encryption key
the method further comprises decrypting, by the one or more processors of the server, the modified hashed password using the predetermined encryption key
Claim 25 recites the following underlined claim elements as abstract ideas. The claim recites the abstract idea of mentally encrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. 
wherein the response is encrypted using the predetermined encryption key
Claim 26 recites additional details of the type of data included in the response, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
wherein the response further comprises corresponding email address(es) of the at least one hashed password
Claim 27 recites additional details of the type of data included in the one or more special characters, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
wherein the one or more special characters are asterisks ('*')

Claims 28-34:
Step 1
Claims 28-34 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 28 recites (i.e., sets forth or describes) an abstract idea of a multi-step mental process of comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s). Specifically, but for the additional elements, claim 28 under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind. For instance, the claimed comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s) is an example of concepts performed in the human mind because it involves concepts practically performed in the human mind. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
one or more processors
memory storing executable instructions that, as a result of execution by the one or more processors, cause the system to: 
receive a request from a client computer system, wherein the request comprises a modified hashed password, further wherein the modified hashed password comprises: a first portion of a hashed password comprising first N characters of the hashed password; and one or more special characters that obscure a second portion of the hashed password, wherein the first portion of the hashed password and the second portion of the hashed password are non-overlapping portions of the hashed password
obtain multiple passwords of multiple compromised accounts from a database
modify the multiple passwords using a predetermined hash algorithm, thereby producing multiple hashed passwords
store the multiple hashed passwords in the database
perform a database search based at least in part on the modified hashed password against the multiple hashed passwords
identify, from the multiple hashed passwords, at least one hashed password of the multiple hashed passwords that include the first portion of the hashed password
determine corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password
create a response to the request comprising at least: the corresponding username(s); and the corresponding plaintext password(s)
transmit, to the client computer system, the response

Step 2A Prong Two
Claim 28 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements of “one or more processors”, “memory storing executable instructions that, as a result of execution by the one or more processors, cause the system to”, “client computer system”, “a database” and “a predetermined hash algorithm” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Further, the additional element “receive a request … wherein the request comprises …”, “store the multiple hashed passwords” and “transmit … the response” amounts to mere data gathering, which is a form of insignificant extra-solution activity.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 28, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “receiving or transmitting data over a network”, “electronic recordkeeping” and “storing and retrieving information in memory” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.



Dependent Claims
Claims 29-34 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 29 recites additional details of the type of data included in the first portion of the hashed password and the at least one hashed password of the multiple hashed passwords, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
the first portion of the hashed password is the first N characters of the hashed password
the at least one hashed password of the multiple hashed passwords includes the first portion of the hashed password as the first N characters
Claim 30 recites the following non-underlined claim elements as additional elements according to MPEP 2106.04(a). The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the predetermined hash algorithm is MD5, SHA1, or 3DES
Claim 31 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of mentally encrypting and decrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. 
the modified hashed password is encrypted using a predetermined encryption key
the executable instructions, as a result of execution by the one or more processors. further causes the system to decrypt the modified hashed password using the predetermined encryption key
Claim 32 recites the following underlined claim elements as abstract ideas. The claim recites the abstract idea of mentally encrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. 
wherein the response is encrypted using the predetermined encryption key
Claim 33 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of mentally encrypting data. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the modified hashed password is encrypted using AES
Claim 34 recites additional details of the type of data included in the response, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
wherein the response further comprises corresponding email address(es) of the at least one hashed password




Claims 35-40:
Step 1
Claims 35-40 are directed to a non-transitory computer-readable storage medium (i.e. manufacture). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 35 recites (i.e., sets forth or describes) an abstract idea of a multi-step mental process of comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s). Specifically, but for the additional elements, claim 35 under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind. For instance, the claimed comparing a modified hashed password against multiple modified passwords to identify a first portion of at least one hashed password, then determining corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password, and creating a response that comprises the corresponding username(s) and the corresponding plaintext password(s) is an example of concepts performed in the human mind because it involves concepts practically performed in the human mind. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
A non-transitory computer-readable hardware storage medium comprising instructions that are executable and, responsive to execution of the instructions by one or more processors, cause a computing device to:
receive a request from a client computer system, wherein the request comprises a modified hashed password, further wherein the modified hashed password comprises: a first portion of a hashed password comprising first N characters of the hashed password; and one or more special characters that obscure a second portion of the hashed password, wherein the first portion of the hashed password and the second portion of the hashed password are non-overlapping portions of the hashed password
obtain multiple passwords of multiple compromised accounts from a database
modify the multiple passwords using a predetermined hash algorithm, thereby producing multiple hashed passwords
store the multiple hashed passwords in the database
perform a database search based at least in part on the modified hashed password against the multiple hashed passwords
identify, from the multiple hashed passwords, at least one hashed password of the multiple hashed passwords that include the first portion of the hashed password
determine corresponding username(s) and corresponding plaintext password(s) for the at least one hashed password
create a response to the request comprising at least: the corresponding username(s); and the corresponding plaintext password(s)
transmit, to the client computer system, the response

Step 2A Prong Two
Claim 35 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements of “A non-transitory computer-readable hardware storage medium comprising instructions that are executable and, responsive to execution of the instructions by one or more processors, cause a computing device to”, “client computer system”, “a database” and “a predetermined hash algorithm” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Further, the additional element “receive a request … wherein the request comprises …”, “store the multiple hashed passwords” and “transmit … the response” amounts to mere data gathering, which is a form of insignificant extra-solution activity.



Step 2B
The additional elements, taken individually and in combination, do not result in claim 35, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “receiving or transmitting data over a network”, “electronic recordkeeping” and “storing and retrieving information in memory” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 36-40 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 36 recites additional details of the type of data included in the first portion of the hashed password and the at least one hashed password of the multiple hashed passwords, thus reciting additional abstract ideas grouped within the “mental processes” grouping of abstract ideas.
the first portion of the hashed password is the first N characters of the hashed password
the at least one hashed password of the multiple hashed passwords includes the first portion of the hashed password as the first N characters
Claim 37 recites the following non-underlined claim elements as additional elements according to MPEP 2106.04(a). The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the predetermined hash algorithm is MD5, SHA1, or 3DES
Claim 38 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of mentally encrypting and decrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. 
the modified hashed password is encrypted using a predetermined encryption key
the execution of the instructions by the one or more processors further cause the computing device to decrypt the modified hashed password using the predetermined encryption key
Claim 39 recites the following underlined claim elements as abstract ideas. The claim recites the abstract idea of mentally encrypting data using a key. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. 
wherein the response is encrypted using the predetermined encryption key
Claim 40 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of mentally encrypting data. In other words, it recites limitations grouped within the “mental processes” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the modified hashed password is encrypted using AES

Allowable Subject Matter
Claims 21-40 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 101 set forth in this Office action. The closest prior art of record is US 2017/0346797 A1 to Yedidi et al. (hereinafter “Yedidi”). Yedidi teaches performing a hash algorithm on a password associated with a user account (paras 42, 49), modifying multiple passwords using the hash algorithm (para 39), searching a database comprising the multiple hashed passwords (paras 42, 49), and determining that the user password is compromised if the one hashed password matches at least the first portion of the hashed password and the second portion of the hashed password (para 49). Therefore, the prior art does not teach, neither singly nor in combination the following: wherein the modified hashed password comprises a first portion of a hashed password comprising first N characters of the hashed password and one or more special characters that obscure a second portion of the hashed password, wherein the first portion of the hashed password and the second portion of the hashed password are non-overlapping portions of the hashed password, and identifying, by the one or more processors of the server and from the multiple hashed passwords, at least one hashed password of the multiple hashed passwords that include the first portion of the hashed password.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Ari Shahabi/Examiner, Art Unit 3685