Office Action Predictor
Application No. 17/878,350

SYSTEM AND METHOD FOR CAPTURING AND ENCRYPTING GRAPHICAL AUTHENTICATION CREDENTIALS FOR VALIDATING USERS IN AN ELECTRONIC NETWORK

Non-Final OA §103
Filed
Aug 01, 2022
Examiner
DEBNATH, SUMAN
Art Unit
2495
Tech Center
2400 — Computer Networks
Assignee
Bank Of America Corporation
OA Round
3 (Non-Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
4y 2m
To Grant
92%
With Interview

Examiner Intelligence

75%
Career Allow Rate
302 granted / 405 resolved
Without
With
+17.7%
Interview Lift
avg trend
4y 2m
Avg Prosecution
13 pending
418
Total Applications
career history

Statute-Specific Performance

§101
11.7%
-28.3% vs TC avg
§103
53.0%
+13.0% vs TC avg
§102
13.9%
-26.1% vs TC avg
§112
15.8%
-24.2% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending in this application. Claims 1, 4-5, 8, 11-12, 15 and 18-19 are currently amended. No new IDS was submitted by the Applicant. Claim Objections Claims 1, 8 and 15 are objected to because of the following: Claims 1, 8 and 15 recites “a custom trained deep learning model” in line 11 of claim 1, in line 8 of claim 8 and in line 6 of claim 15. It’s unclear what applicant meant by “custom trained” deep learning model. Applicant’s specification didn’t mention about “custom trained deep learning model” other that “trained deep learning model”. Thus, for the purpose of Examination, Examiner interprets the limitation as “trained deep learning model”. Claims 1, 8 and 15 recites “the deep learning model” in line 12 of claim 1, in line 9 of claim 8 and in line 7 of claim 15. There is insufficient antecedent basis for these limitation in the claims. Appropriate corrections and/or clarifications are required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over YU (US 2022/0004821 A1) in view of PALMER et al. (US 2015/0006405 A1) (hereinafter, “PALMER”). As to claim 1, YU discloses a system for validating users in an electronic network based on graphical authentication credentials (Fig. 2), the system comprising: at least one network communication interface (“a network interface component 1012” -e.g., see, [0074], see also, [0078]); at least one non-transitory storage device (“the computer readable medium is non-transitory” -e.g., see, [0076]); and at least one processing device coupled to the at least one non-transitory storage device and the at least one network communication interface (“… execution of instruction sequences to practice the disclosure may be performed by the computer system 1000.” -e.g., see, [0078], see also, [0075]), wherein the at least one processing device is configured to: receive a file comprising graphical authentication credential from a user device of a user (“During authentication, FRS 110 receives an image from a user, such as through a user computing device or an image capture device associated with computing device 102, …” -e.g., see, [0021]); load a custom trained deep learning model associated with the user (“… FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021], see also, [0028], [0029]); build a deep learning network using the deep learning model (“… FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021], see also, [0028], [0029]); run the file comprising the graphical authentication credential through the deep learning network (“… a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021], see also, [0028], [0029]); and verify that the graphical authentication credential matches one or more stored credentials associated with the user based on running the file through the deep learning network (“… authenticates the user by comparing the image provided by the user against the registered images. In some embodiments, FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021], see also, [0028], [0029]). YU doesn’t explicitly disclose wherein the graphical authentication credential is a non-anglophone credential; decrypt the file comprising the graphical authentication credential; and a non-anglophone language repository associated with a non-anglophone language used in the non-anglophone credential; However, in an analogous art, PALMER discloses the graphical authentication credential is a non-anglophone credential (“… the input may be credential characters or components of a credential such as a personal identification number (PIN). The recognition algorithms performed by the one or more processors of input device 302 may be capable of recognizing letters, numbers, and other characters, such as foreign language characters. The recognition algorithms may also be capable of recognizing written words and translating the written words to numbers, such as writing "four", "quatre", or "quatro" as a "4" credential component of the credential” -e.g., see PALMER: [0035]; herein, PALMER teaches foreign language characters as credentials or PIN which is equivalent to non-anglophone credentials); decrypt the file comprising the graphical authentication credential (“… client computing device 102 may then send the received encrypted recognized characters (and any other received encrypted information) to remote server 104 over network 106 (710). Remote server 104 may then process a payment according to the received encrypted information.” -e.g., see, [0050]; see also, Fig. 7; herein, PALMER discloses receiving an encrypted information including credentials by a remote server which then process a payment (e.g., verifies) according to the received encrypted information (e.g., decrypts the encrypted information in order to process the payment)); and a non-anglophone language repository associated with a non-anglophone language used in the non-anglophone credential (“Remote server 104 may then send a payment confirmation or approval if the received credential characters match stored credential characters associated with user 110 and/or a received card number. If there is no match, remote server 104 may send a payment denial.” -e.g., see, PALMER: [0050]; herein, credentials associated with users are stored in a database regardless of the type of credentials, thus reads on the claimed language); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU by adding a non-anglophone credential as part of the graphical authentication credential as taught by PALMER in order to enhance security and personalization by increasing input complexity and accommodating culturally familiar authentication patterns for non-English speaking users. As to claims 8 and 15, these are rejected using the similar rationale as for the rejection of claim 1. As to claim 2, YU in view of PALMER discloses the system of claim 1, YU further discloses wherein the at least one processing device is configured to authenticate the user (“… authenticates the user by comparing the image provided by the user against the registered images. In some embodiments, FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021]). YU doesn’t explicitly disclose allow the user to access a resource based on verifying that the graphical authentication credential matches the one or more stored credentials. However, in an analogous art, PALMER discloses allow the user to access a resource based on verifying that the graphical authentication credential matches the one or more stored credentials (PALMER: “… the received encrypted information may correspond to a PIN number and card number, and remote server 104 may process the payment based on the card number and the PIN number, and authorize a payment to be made using the card number. Remote server 104 may then send a payment confirmation or approval if the received credential characters match stored credential characters associated with user 110 and/or a received card number. If there is no match, remote server 104 may send a payment denial.” -e.g., see, PALMER: [0050]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claims 9 and 16, these are rejected using the similar rationale as for the rejection of claim 1. As to claim 3, YU in view of PALMER discloses the system of claim 1, YU further discloses wherein the at least one processing device is configured to deny authentication of the user (“On the other hand, if validation module 112 determines that FRS 110 does not authenticate synthesized image 206 because confidence score 212 is below the configurable threshold, indicating the adversarial attack was not successful” -e.g., see, YU: [0030]). YU doesn’t explicitly disclose deny the user to access a resource based on verifying that the graphical authentication credential does not match the one or more stored credentials. However, in an analogous art, PALMER discloses deny the user to access a resource based on verifying that the graphical authentication credential does not match the one or more stored credentials (PALMER: “… the received encrypted information may correspond to a PIN number and card number, and remote server 104 may process the payment based on the card number and the PIN number, and authorize a payment to be made using the card number. Remote server 104 may then send a payment confirmation or approval if the received credential characters match stored credential characters associated with user 110 and/or a received card number. If there is no match, remote server 104 may send a payment denial.” -e.g., see, PALMER: [0050]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claims 10 and 17, these are rejected using the similar rationale as for the rejection of claim 3. As to claim 4, YU in view of PALMER discloses the system of claim 1, PALMER further discloses wherein the graphical authentication credential is a credential in a native language of the user (“Input pad 306 may be configured to receive an input from a user and perform one or more recognition algorithms on the input. The recognition algorithms may be known recognition algorithms, such as tactile character recognition algorithms, optical character recognition algorithms, handwriting analysis algorithms, and the like. The recognition algorithms may also incorporate machine-based learning algorithms. In some embodiments, input pad 306 may receive a tactile input from user 110. The received tactile input may be one or more credential components that is written or traced on input pad 306 by user 110.” -e.g., see, PALMER: [0034]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claims 11 and 18, these are rejected using the similar rationale as for the rejection of claim 4. As to claim 5, YU in view of PALMER discloses the system of claim 4, PALMER further discloses wherein the deep learning network is selected based on type of the non-anglophone language (“Input pad 306 may be configured to receive an input from a user and perform one or more recognition algorithms on the input. The recognition algorithms may be known recognition algorithms, such as tactile character recognition algorithms, optical character recognition algorithms, handwriting analysis algorithms, and the like. The recognition algorithms may also incorporate machine-based learning algorithms. In some embodiments, input pad 306 may receive a tactile input from user 110. The received tactile input may be one or more credential components that is written or traced on input pad 306 by user 110.” -e.g., see, PALMER: [0034], see also, [0035]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claims 12 and 19, these are rejected using the similar rationale as for the rejection of claim 5. As to claim 6, YU in view of PALMER discloses the system of claim 1, YU further discloses wherein the at least one processing device is configured to train the deep learning model (YU: [0021]), wherein training the deep learning model comprises: … identify that accuracy of the deep learning model is greater than a threshold based on training the deep learning model (“… authenticates the user by comparing the image provided by the user against the registered images. In some embodiments, FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, YU: [0021], see also, YU: “Validation module 112 may validate whether the confidence score is within a range or above a threshold that indicates that FRS 110 has authenticated the synthesized image.” -e.g., see, YU: [0024]); and link the trained deep learning model with the user (“… authenticates the user by comparing the image provided by the user against the registered images. In some embodiments, FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, YU: [0021], see also, YU: [0028], [0029]). YU doesn’t explicitly disclose but PALMER discloses prompt the user to draw a user credential (… instructions for execution by the one or more processors (not shown) for causing input unit 302 to perform specific tasks.” -e.g., see, PALMER: [0032]); receive the user credential from the user and store the user credential as the one or more stored credentials (“… receiving a tactile input from a user 110, performing character recognition on the tactile input” -e.g., see, PALMER: [0032]); identify one or more characters via a deep learning optical character recognition tool from the user credential (“Input pad 306 may be configured to receive an input from a user and perform one or more recognition algorithms on the input. The recognition algorithms may be known recognition algorithms, such as tactile character recognition algorithms, optical character recognition algorithms, handwriting analysis algorithms, and the like. The recognition algorithms may also incorporate machine-based learning algorithms. In some embodiments, input pad 306 may receive a tactile input from user 110. The received tactile input may be one or more credential components that is written or traced on input pad 306 by user 110.” -e.g., see, PALMER: [0034]); feed the one or more characters to the deep learning model for training (“Input pad 306 may be configured to receive an input from a user and perform one or more recognition algorithms on the input. The recognition algorithms may be known recognition algorithms, such as tactile character recognition algorithms, optical character recognition algorithms, handwriting analysis algorithms, and the like. The recognition algorithms may also incorporate machine-based learning algorithms. In some embodiments, input pad 306 may receive a tactile input from user 110. The received tactile input may be one or more credential components that is written or traced on input pad 306 by user 110.” -e.g., see, PALMER: [0034]); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claims 13 and 20, these are rejected using the similar rationale as for the rejection of claim 6. As to claim 7, YU in view of PALMER discloses the system of claim 6, YU further discloses wherein the at least one processing device is configured to: in response to identifying the one or more characters, prompt the user to provide feedback on the one or more characters; and provide the feedback to the deep learning optical character recognition tool (YU: “… the deep neural network included in FRS 110 may be trained to identify synthesized image 206 as an adversarial image.” -e.g., see, YU: [0029]; herein, training the deep neural network would require a supervised learning; thus, proves user feedback; PALMER discloses the OCR tool: [0034]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of YU as taught by PALMER in order to ensure only the legit users get access to the resource. As to claim 14, it is rejected using the similar rationale as for the rejection of claim 7. Response to Arguments Applicant's arguments filed on 01/06/2025 regarding independent claims 1, 8 and 15 have been fully considered but they are not persuasive. Applicant argues on second page of the remark that: “Nowhere does Yu, teaches or suggests receive a file comprising graphical authentication credential from a user device of a user, wherein the graphical authentication credential is a non-anglophone credential. As such, the office cited references do not teach or suggest the features of claim recitation (1).” In response to the Applicant’s argument, Examiner would like to point out that “a non-anglophone credential” is nothing more than supporting foreign language other than English language as credentials. Newly cited portion of the PALMER supports foreign language as credentials which is equivalent to non-anglophone credential (e.g., see, PALMER: [0035]; herein, PALMER teaches foreign language characters as credentials or PIN which is equivalent to non-anglophone credentials). Applicant argues on second page of the remark that: “Nowhere does Yu teaches or suggests building a deep learning network using the deep learning model and a non-anglophone language repository associated with a non-anglophone language used in the non-anglophone credential.” Examiner respectfully disagrees with the applicant’s argument and would like to point out that Yu teaches the concept of building a deep learning network using the deep learning model (“… FRS 110 may include a deep learning model, which is one or more neural networks trained to authenticate images received by FRS 110. For the purposes of the embodiments below, FRS 110 may include any type of a deep learning model and may be considered to be a black box that either authenticates or does not authenticate a received image.” -e.g., see, [0021], see also, [0028], [0029]); Secondary art PALMER also discloses building machine learning model (e.g., PALMER: “The recognition algorithms may also incorporate machine-based learning algorithms. In some embodiments, input pad 306 may receive a tactile input from user 110. The received tactile input may be one or more credential components that is written or traced on input pad 306 by user 110.” -e.g., see, PALMER); PALMER further discloses storing the credentials associated with the user (e.g., PALMER: [0050]) and also teaches credentials can be foreign language (e.g., PALMER: [0035]); Thus, PALMER teaches a non-anglophone language repository associated with a non-anglophone language used in the non-anglophone credential. Furthermore, it should be noted that instant applicant’s specification vaguely mentions a non-anglophone language repository without really defining the specific. Thus, Examiner interprets that capability of storing credentials as foreign language reads on argued limitation. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. KASATANI (US 2022/0374142 A1) teaches a display apparatus for displaying data, in which indication of handwritten input originated data drawn by the display apparatus is recorded in association with the handwritten data (abstract). KASATANI discloses unlike a typical OCR (Optical Character Reader), in parallel with pen operations by the user, characters (not only in Japanese but also in English and in other languages), numbers, symbols (%, $, &, etc.), and graphics (lines, circles, triangles, etc.) are recognized (e.g., see, [0155]; herein, reads on supporting non-anglophone credential). KASATANI further discloses the handwriting recognition control unit 26 retains language-wise character string candidates converted from handwriting recognition character string candidates d12 using the handwriting recognition dictionary unit 27 (e.g., see, [0156]; herein, dictionary unit reads on non-anglophone language repository). KASATASNI in para. [0244] supports machine learning model. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. SUMAN DEBNATH Patent Examiner Art Unit 2495 /S.D/Examiner, Art Unit 2495 /FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

Aug 01, 2022
Application Filed
Oct 05, 2024
Non-Final Rejection — §103
Jan 06, 2025
Response Filed
Apr 30, 2025
Final Rejection — §103
Sep 04, 2025
Request for Continued Examination
Sep 17, 2025
Response after Non-Final Action
Sep 24, 2025
Non-Final Rejection — §103
Apr 02, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12574377
Ephemeral Gateway for Remote Access
2y 5m to grant Granted Mar 10, 2026
Patent 12574220
Sharing Encryption Information Amongst Storage Devices In A Storage System
2y 5m to grant Granted Mar 10, 2026
Patent 12561419
USAGE-BASED ACCESS AUTHORIZATION FOR SOFTWARE CODE OF MULTI-PATH INPUT-OUTPUT DRIVERS
2y 5m to grant Granted Feb 24, 2026
Patent 12554835
ALWAYS-ON ARTIFICIAL INTELLIGENCE (AI) SECURITY HARWARE ASSISTED INPUT/OUTPUT SHAPE CHANGING
2y 5m to grant Granted Feb 17, 2026
Patent 12556516
EDGE CONNECTIVITY GATEWAY
2y 5m to grant Granted Feb 17, 2026

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
92%
With Interview (+17.7%)
4y 2m
Median Time to Grant
High
PTA Risk
Based on 405 resolved cases by this examiner