DETAILED ACTION
1. Claims 1-13, 18, 20-23, 25-26 are pending in this examination.
Notice of Pre-AIA or AIA Status
2.1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.2. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Continued Examination Under 37 CFR 1.114
3. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered.
Response to Amendment
4. The 35 U.S.C. 112, first paragraph rejection have been withdrawn with respect to the amendment.
Response to Arguments
5. Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
6.1. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
6.2. Claims 1, 6-13 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20180096135 to Goldberg et al (“Goldberg”) in view of US Patent Application No. 20230315835 to Mo et al (“Mo”), and in view of US Patent No. 8520848 issued to Liu et al (“Liu”), and further in view of US Patent Application No. 20090313696 to Himberger et al (“Himberger”).
As per claim 1, Goldberg discloses a method, comprising: receiving a password for evaluation (abstract, determining a password strength);
for each of at least a portion of characters included in the password, determining a corresponding location ([0035], the password pattern checker program 110A, 110B determines a coordinate sequence of the user-entered password. Once the physical location of each pressed key within the password is mapped, the password pattern checker program 110A, 110B may determine a coordinate location for each pressed key. The password pattern checker program 110A, 110B may determine the coordinates for each pressed key based on an x-y coordinate graph where the origin of the graph is located in the lower left corner of the keyboard layout, also see [0041]);
using the determined location ([0035]-[0036], …the password pattern checker program 110A, 110B determines a coordinate sequence of the user-entered password. Once the physical location of each pressed key within the password is mapped, the password pattern checker program 110A, 110B may determine a coordinate location for each pressed key. The password pattern checker program 110A, 110B may determine the coordinates for each pressed key based on an x-y coordinate graph where the origin of the graph is located in the lower left corner of the keyboard layout,… password pattern checker program 110A, 110B may string together the individual coordinates to create a series of coordinates associated with the sequence of characters in the password. For example, in the password “cde3vfr4,” the coordinates for the “c” key are first, then the coordinates for the “d” key, and so on through the coordinates for the “4” key, also see [0037]-[0038], fig.2 and associated texts); and
using one or more processors to determine a strength of the password including by utilizing the generated ordered series of data to perform an analysis based on location pattern detection ([0041] The password pattern checker program 110A, 110B may map the pressed keys from the user-entered password to create pattern 1 image 302. Once the pressed keys are mapped to specific locations on the keyboard, the keyboard image may be removed to review the raw pattern of pressed keys image 304. The password pattern checker program 110A, 110B may then determine coordinate locations. The coordinate locations may be determined by overlaying the raw pattern of pressed keys image 304 over a grid map to create a pattern-to-grid mapping image 306. From the pattern-to-grid mapping image 306, the password pattern checker program 110A, 110B may determine a coordinate sequence, or pattern sequence, of the pressed keys from the password. As previously described, if a key appears more than once on the keyboard, the password pattern checker program 110A, 110B may determine multiple coordinate sequences to accommodate alternate keyboard press patterns. The password pattern checker program 110A, 110B may then utilize known pattern recognition algorithms to determine the strength of the user-entered password, also see figs 2-3 and associated texts).
Goldberg does not explicitly disclose however in the same field of endeavor, Mo discloses processing the ordered series of data by a machine learning model that has been trained to assess password strength and using one or more processors to determine a strength of the password based on processing the ordered series of data (0052]-[0056], acquiring a training sample set. The training sample set may include either or both of a weak password sample set and a strong password
sample set, the weak password sample set may include a plurality of password character strings marked with a weak password classification label, and the strong password sample set may include a plurality of password strings
marked with a strong password classification label. [0056] Step 3 may include taking the password character strings in the training sample set as input information of the initial weak password detection model, updating the parameters of the initial weak password detection model with the strong
password classification label and the weak password classification label corresponding to the password strings in the training sample set as supervision, and obtaining the fully trained weak password detection model. [0065] [0065]
At the above step 101 to step 103, the weak password may be detected based on the deep learning model, and the password character string to be detected may be pre-processed and normalized into the matrix of X rows and N columns, which may facilitate inputting to the fully trained weak password detection model. The strong/weak password classification label of the password character string
to be detected may be output from the fully trained weak password detection model, and it may be marked that whether the password character string to be detected is the weak password according to the strong/weak password
classification label. In a case that the password character string to
be detected is the weak password, the password character string to be detected may be displayed and the reminder message may be generated. Detection
accuracy of the weak password is high, and a detection result is highly robust. also see [0034], [0071] also see fig. 1 and associated texts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg with the teaching of Mo by including the feature of matching learning, in order for Goldberg’s system to improving accuracy rate of the weak password detection. FIG. 2 is a block diagram of a weak password detection device based on deep learning in an embodiment of the present disclosure. Referring to FIG. 2, the device includes an acquiring module 20, a detecting module 21, and a marking module 22. The acquiring module 20 is configured for acquiring a password character string to be detected. The detecting module 21 is configured for processing, by applying a fully trained
weak password detection model, the password character string to be detected to obtain a strong/weak password classification label of the password character string to be detected. The fully trained weak password detection model is obtained by training a deep learning model with a password character string as an input and a strong/weak password classification label corresponding to the password character string as a supervision. The marking module 22 is configured for marking the password character string to be detected as a weak password under a condition that the strong/weak password classification label of the password character string to be detected is a weak password label (Mo, [0067]).
Goldberg and Mo do not explicitly disclose however in the same field of endeavor, Liu discloses key board location coordinate (col. 4, lines 30-50, col. 3, 5-20).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg with the teaching of Liu/Mo by including the feature of location coordinate, in order for Goldberg’s system to enforcing use of particular characters. The user enters a sequence of a physical key combination and the service assigns a particular keyboard layout for this Web site. The service generates a password by combining the key combination with the assigned keyboard layout and returns this password to the user or to the Web site. The service stores the name of the Web site in association with the designated keyboard layout. Upon a subsequent login attempt, the service again intercepts the user's typing of the same physical key combination, generates the same password by combining the key combination with the previously assigned and stored keyboard layout, and returns the generated password to the Web site for authentication. A keyboard layout for a site may be chosen by the user, may be selected by the service, or a random layout may be generated. The service enforces a password constraint of a site by adding in the required characters, by requiring the user to choose a new key combination, or by using a different keyboard layout. A single key combination is sufficient to generate many passwords because a different keyboard layout may be used for each Web site. The generated password has strong security because it may be different for each Web site and because the system may enforce use of particular characters. Another advantage is that the user's password is not stored in his or her computer system (Liu, col. 2, lines 18-30, abstract).
Goldberg, Mo and Liu do not explicitly disclose however in the same field of endeavor, Himberger discloses wherein generating the ordered series of data
representing the password comprises determining, for each respective pair of neighboring characters of a plurality of pairs of neighboring characters in the password, a
corresponding distance between the corresponding location coordinates of the respective pair of neighboring characters ([0039] FIG. 4 is a flow chart of a method 400 for calculating a password strength score using heuristics measuring character
proximity and relative position in accordance with an embodiment of the inventive arrangements disclosed herein. Method 400 can be performed in the context of a system 100. Method 400 can begin in step 402, where a user can interact with an application and provide a password for an account. In step 404, the application server can check the password's security as it is typed. In step 406, the center point of the characters used in the password and the average
distance between the center point and the characters can be calculated. In step 408, the number of sequential characters in a straight line (i.e. all are adjacent) in the password can be calculated. In step 410, the average distance between each pair of characters in the password can be computed in order. In step 412, the calculated values can be used to calculate a password strength score. The
average distances between each key and the center can be compared to a threshold (a range of acceptable values), the number of groups of adjacent
characters can be compared to a preconfigured limit, and the average distance between each pair of characters can be compared to a threshold. These comparisons, along with others, can allow the computation of a password
strength score.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg, Mo, Liu with the teaching of Himberger by including the feature of a distance, in order for Goldberg’s system for improving security of a system. A solution for computing password strength
based upon layout positions of input mechanisms of an input device that entered a password. A password including an ordered sequence of at least two characters can be identified. A position of each of the characters of the sequence can be determined relative to a layout of an input device used for password entry. Each position can correspond to an input region (key) of the input device (keyboard). A proximity algorithm can generate a proximately score for the determined positions based upon a pattern produced by the positions given the layout of the input device. A password strength
score can be computed based at least in part upon the proximity score (Himberger, abstract).
As per claim 6, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 1, further comprising: determining a corresponding key size for each of one or more keys associated with the input device key layout; and assigning a location coordinate to each of the one or more keys based at least in part on the determined corresponding key size of each corresponding key (Goldberg, [0033]-[0034], also see [0036]).
As per claim 7, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 6, wherein the corresponding key size is one of two or more different key sizes (Goldberg, [0041], [0033]-[0034], also see [0036]).
As per claim 8, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 1, wherein the input device key layout corresponds to a key input device, and wherein the key input device includes two or more physically separated key input device components (Liu, col. 4, lines 5-25, 8:50-65 fig.3 and associated text). The motivation regarding the obviousness of claim 1 is also applied to claim 8.
As per claim 9, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 1, wherein the input device key layout corresponds to a layout of a virtual keyboard (Goldberg, [0048], [0032]).
As per claim 10, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 1, further comprising: determining a key input device type associated with the password for evaluation; and assigning a coordinate system to the input device key layout based on the determined key input device type (Liu, col. 4, lines 5-25, 8:50-65 fig.3 and associated text). The motivation regarding the obviousness of claim 1 is also applied to claim 10.
As per claim 11, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 1, further comprising: identifying an invalid password character; determining a location associated with the invalid password character on a key input device; and in response to a determination that the location is on a periphery of the key input device, removing a corresponding input key of the invalid password character from the physical input device key layout (Liu, col. 5, lines 57-67 to col 6, lines 1-30, fig. 7 and associated text). The motivation regarding the obviousness of claim 1 is also applied to claim 11.
As per claim 12, the combination of Goldberg, Mo, Liu and Himberger discloses the method of claim 11, wherein the removed input key is a shift key, a caps lock key, an is enter key, a space key, or a delete key (Liu, col. 5, lines 57-67 to col 6, lines 1-30, fig. 7 and associated text). The motivation regarding the obviousness of claim 1 is also applied to claim 12.
Claim 13, is rejected for similar reasons as stated above.
6.3. Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Goldberg, Mo, Liu and Himberger as applied to claim above, and in view of US Patent Application No. 20150143509 to Selander et al (“Selander”).
As per claim 2, the combination of Goldberg, Mo, Liu and Himberger discloses the invention as described above. Goldberg, Mo, Liu and Himberger do not explicitly disclose however, In the same field of endeavor, Selander discloses the method of claim 1, wherein the determined location coordinates are two-dimensional location coordinates ([0025], two-dimensional grid).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg, Mo, Liu and Himberger with the teaching of Selander by including the feature of dimensional location, in order for Goldberg’s system to calculating the value representing the strength of the graphical password. The solution provides a computer program product for estimating the strength of a graphical password comprising two or more segments, the computer program product includes a non-transient computer readable medium storing computer code. In some embodiments, the computer readable program code includes: (i) instructions for applying a first operation on a first segment of the graphical password to produce a first transformed segment; (ii) instructions for performing a comparison operation between the first transformed segment and a second segment of the graphical password; and (iii) instructions for performing a penalty operation with respect to the first segment based on an outcome of the comparison operation, wherein the instructions for performing the penalty operation comprises one or more of (a) instructions for calculating a penalty value, wherein the penalty value may be used in calculating a value representing the strength of the graphical password and (b) instructions for disregarding the first or the second segment when calculating the value representing the strength of the graphical password (Selander).
As per claim 3, the combination of Goldberg, Mo, Liu, Himberger and Selander the method of claim 1, wherein the determined location coordinates are three- is dimensional location coordinates ([0027], three-dimensional). The motivation regarding the obviousness of claim 2 is also applied to claim 3.
6.4. Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Goldberg, Mo, Liu, Himberger and Selander as applied to claim above, and in view of US Patent No. 12079562 issued to Gamble et al (“Gamble”).
As per claim 4, the combination of Goldberg, Mo, Liu, Himberger and Selander discloses the invention as described above. Goldberg, Mo, Liu, Himberger and Selander do not explicitly disclose however, In the same field of endeavor, Gamble discloses the method of claim 3, wherein a dimension of the three-dimensional location coordinates is based on a modifier key (Gamble, col. 14, lines. 25-45).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg, Liu and Selander with the teaching of Gamble by including the feature of modifier key, in order for Goldberg’s system to assigning function or symbol may be rendered, reproduced, or displayed allowing for quick and efficient math computation. A system includes a processor configured to execute a source mathematical application, a destination mathematical application, and a mathematical symbol conversion application, the processor being configured to, in response to detecting that data indicative of a mathematical symbol has been copied from the source mathematical application, use the mathematical symbol conversion application to identify a first language associated with the source mathematical application and, in response to detecting that the copied data has been pasted into the destination mathematical application, identify a second language associated with the destination mathematical application, convert the copied data from the first language to the second language, and reproduce the copied data in the second language within the second mathematical application, wherein the first and second languages are different from one another, and wherein the reproduced data retains visual and operational qualities of the copied data (Gamble).
As per claim 5, the combination of Goldberg, Mo, Liu, Himberger, Selander and Gamble discloses the method of claim 4, wherein the modifier key is a shift key (Gamble, col. 14, lines. 25-45). The motivation regarding the obviousness of claim 4 is also applied to claim 5.
6.5. Claims 21-23, 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over Goldberg, Mo, Liu, and Himberger as applied to claim above, and in view of US Patent Application No. 20140282939 to Pieczul et al (“Pieczul”).
As per claims 21 and 26, the combination of Goldberg, Mo, Liu, and Himberger discloses the invention as described above. Goldberg, Mo, Liu, and Himberger do not explicitly disclose however, In the same field of endeavor, Pieczul discloses the method/system of claims 1 and 13, wherein the machine learning model is configured to generate a password strength metric, and wherein the strength of the password is based on the password strength metric ([0007], also see [0027]-[0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Goldberg, Mo, Liu, and Himberger with the teaching of Pieczul by including the feature of a metric, in order for Goldberg’s system for unauthorized individuals to access sensitive information. A strong password matrix, also known as a password policy, offers several benefits for individuals and organizations. It enhances security by making it difficult for unauthorized individuals to access sensitive information. By implementing and following a strong password policy, users and organizations reduce the risk of data breaches and cyberattacks. Additionally, a well-defined policy can demonstrate a commitment to cybersecurity and build trust with customers and partners
As per claim 22, the combination of Goldberg, Mo, Liu, Himberger and Pieczul discloses the method of claim 21, wherein the password strength metric indicates how closely the password matches a plurality of known weak passwords (Pieczul, [0036]-[0038]). The motivation regarding the obviousness of claim 21 is also applied to claim 22.
As per claim 23, the combination of Goldberg, Mo, Liu, Himberger and Pieczul discloses the method of claim 21, wherein using the one or more processors to determine the strength of the password comprises: comparing the password strength metric to a password strength threshold value (Pieczul, [0027]-[0028], also see [0038]). The motivation regarding the obviousness of claim 21 is also applied to claim 23.
As per claim 25, the combination of Goldberg, Mo, Liu, Himberger and Pieczul discloses the method of claim 1, wherein the machine learning model has been trained using a plurality of training passwords, wherein the plurality of training passwords comprises a plurality of known weak passwords (Mo, [0016]). The motivation regarding the obviousness of claim 1 is also applied to claim 25.
Goldberg, Mo, Liu do not explicitly disclose however, In the same field of endeavor, Pieczul discloses metric, wherein the password for evaluation is not one of the plurality of training passwords ([0035]-[0038]). The motivation regarding the obviousness of claim 21 is also applied to claim 25.
7. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892).
a). CN Patent Application No. CN114417315A discloses the invention provides a password strength evaluation method, a password strength evaluation device, electronic equipment, a storage medium and a product, wherein the password strength evaluation method comprises the following steps: analyzing the spacing distance between a first character and each other character in the password to be detected to obtain first character distance information, and analyzing the adjacent distance between each adjacent character in the password to be detected to obtain second character distance information, wherein the other characters are characters except the first character in the password to be detected; and determining the evaluation grade of the password to be detected based on the first character distance information and the second character distance information. The first character distance information is determined and obtained through the sum of the distances between each character and the first character in the password, the second character distance information is obtained through the average distance between every two adjacent characters in the password, and therefore the strength of the password to be detected is comprehensively evaluated according to the first character distance information and the second character distance information.
b). US Patent Application No. 20120272288 to Ashbrook et al., discloses methods, apparatus, and computer program products are provided for determining the strength of a rhythm-based password to facilitate selection by a user of an appropriately secure rhythm-based password. A method may include receiving input defining a rhythm-based password and determining, by a processor, at least one property of the rhythm-based password. The method may also determine a strength value of the rhythm-based password based at least in part on the at least one property of the rhythm-based password. Corresponding apparatus and computer program products may also be provided.
Conclusion
8. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
HARUNUR . RASHID
Primary Examiner
Art Unit 2497
/HARUNUR RASHID/Primary Examiner, Art Unit 2497