Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
Claims 1-20 are subject to examination.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-9, 17-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1, 10, 17, contains, “correct the incorrectly entered sensitive information based on a response from the user before transmitting the incorrectly entered sensitive information”, which is not implemented by the specification.
The specification contains, [0031] When the machine learning model 202 detects that sensitive information has been entered incorrectly, that information is passed to the warning logic 210. The warning logic 210 uses this information to request that the user (or agent) rectify the sensitive information that was incorrectly entered. The request may be in the form of a text box that pops up near where the sensitive information was incorrectly entered, explaining why the information was incorrectly entered and how to correctly re-enter that sensitive information. Alternatively, the warning logic 210 may invoke a chat box to pop up and guide the user on how to correctly enter the sensitive information. In other alternatives, the warning logic 210 may cause lights to flash, or objects within the electronic document may flash or change colors to indicate sensitive information has been incorrectly entered. Additionally, the warning logic 210 may cause activation of audible sounds such as alarms, beeping noises, or other sounds when sensitive information has been incorrectly entered. In some configurations, the warning logic 210 may prevent the entering of any further data until a current sensitive information entry is corrected.
However, the specification does not specifically mention about “transmitting the incorrectly entered sensitive information” after performing “correct the incorrectly entered sensitive information”.
Hence, the specification fails to properly define/limit the scope of the claimed “transmitting the incorrectly entered sensitive information”.
Claims 2-9, 18-20 depend upon claims 1 and 17 and hence subject to the same rejections.
Claim 17 contains, “receiving feedback devoid of sensitive information to further train the machine learning model”, which is not implemented by the specification.
The specification contains, [0078] The machine learning model uses regular expressions, at reference numeral 720, to detect that the sensitive information was incorrectly entered. At reference number 730, the method 700 provides for the user to provide feedback that the sensitive information is correctly entered when the machine learning model indicates that the sensitive information was incorrectly entered. This feedback may be used to further train the machine learning model to improve the model accuracy in the future. In some cases, a human data steward may review the sensitive information and provide feedback to the machine learning model.
However, the specification does not specifically mention about what all is considered in “receiving feedback devoid of sensitive information”. (For example, any/other information that is considered “sensitive information” and which has nothing to do with the method’s “correcting the improperly entered sensitive data”, etc.)
Hence, the specification fails to properly define/limit the scope of the claimed “devoid of sensitive information” (unrelated to “improperly entered sensitive data”. The feedback is subject to more than what is in the specification. The feedback is not just because of a particular action, but any action among millions of actions that happen around the world by different entities/persons etc. Also, the feedback can be provide by millions of different entities around the world. Since, the claimed “feedback” not actually a feedback for something in particular, it can be best interpreted as receiving information that is used to train the machine learning machine. The receiving by itself cannot accomplish training the machine learning machine.
The feedback would only happen after the “when the machine learning model indicates that the sensitive information was incorrectly entered”.
The claimed “sensitive information” is not limited to what is mentioned in the specification but also includes beyond what the specification intends to.
The claimed “further train the machine learning model” cannot be trained by mere receiving the feedback. Also, the “further” is improper because the machine learning model is not trained earlier in the claim.
Mere, mention of unrelated information and steps, receiving step, etc., do not provide full, clear, concise, and exact terms and which would cover beyond what is mentioned in the specification. The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar et al., US 20190251250 A1 in view of Ackmann et al., US 20170097621 A1, WU et al., CN 104904163 A.
Referring to claim(s) 1, Nandakumar substantially discloses a system, comprising: a processor coupled to memory that includes instructions that, when executed by a processor, cause the processor to:
detect, with a browser extension of a web browser, a user entering sensitive information associated with the user into an input;
[0046] the extension may be included as part of the web browser [0030] determine that account credentials are to be generated due to the user selecting a new account option, in response to the user entering invalid credentials a predetermined number of times, and the like application 102 may detect the account sign-up page by comparing information, such as a uniform resource locator (URL) associated with the account sign-up page, to a stored list of URLs. [0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
monitor, with the browser extension, the user entering sensitive information into the input;
[0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
detect that the user incorrectly entered the sensitive information;
[0030] user entering invalid credentials a predetermined number of times,
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
provide, through the browser extension, a warning to the user that sensitive information has been entered incorrectly;
[0044] browser extension 303 displays an indication for the user that the current values for account credentials 304 may pose a security risk, and requests that the user enter new values for account credentials 304.
0035] indicates to the user that account credentials 104 are not secure and requests the user to change at least a portion of the credentials, e.g., a passcode. capture new account credentials and make new attempts to login to the other online servers using the new credentials.
[0036] determines that the UID and the different passcode correspond to an invalid login, then the application indicates to the user that the different passcode has been accepted (block 207). the different application may verify if a UID included in account credentials 104 is already in use with a different account on the server.
display an indication corresponding to incorrectly entered information
[0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
[0035] requests the user to change at least a portion of the credentials, e.g., a passcode
correct the incorrectly entered sensitive information based on a response from the user before transmitting the incorrectly entered sensitive information
[0003] detect an account sign-up page for a new online account, and capture account credentials entered by a user for the new online account. The application may attempt to login to one or more other online accounts using information based on the account credentials entered for the new online account. In response to logging in to at least one of the other online accounts using the information based on the account credentials, the application may request a change in the account credentials before the account credentials are submitted for the new online account.
[0018] user account credentials were accessed by a hacker, resulting in affected users having to change account credentials for these web sites as well as any other online service.
[0038] application 102 to request the user to change at least a part of account credentials 104, then account credentials 104 may be approved by the new account server for use with the new online account. (note: the approval require sending the credential information).
Nandakumar does not specifically mention about, which is well-known in the art, which Ackmann discloses, an electronic form, an electronic form field; [0532] a free-form notes field
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing form field.
A Free Text field is a multi-line text box which is typically used for narratives, descriptions, comments and feedback. Examples of standard Free Text fields include “Issue Description” on issues. An example of a Free Text field.
The form field would enable displaying, selecting, and/or entering data associated with the sensitive data, para 532.
Nandakumar and Ackmann do not specifically mention about, prevent, in real-time, transmission of the information which Wu discloses, first para, page 12, third para, page 49, last para, page 10, last para, page 13.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing correction of the information prior to the transmitting of the information. The user entered invalid data would be prevented from submission. This would enable meeting the data validation and reduce network traffic, page 12, first para.
Claim(s) 2, 3, 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and Talmat 20230281296.
Referring to claim 2, Nandakumar discloses to detect that the user has incorrectly entered the sensitive information, para 31, 36. Nandakumar, Wu and Ackmann do not disclose invoke a machine learning model on a user device of the user, which Talmat discloses,
[0007] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password using a trained machine learning model.
[0023] FIG. 1 is a flow chart illustrating an embodiment of a process for detecting password strength using a location pattern analysis. For example, the process of FIG. 1 can be used to evaluate whether a password meets a minimum password strength. In the event the password does not meet the required password strength, the user or operator can be asked to provide a stronger password. By utilizing the process of FIG. 1, a password-protected system can significantly decrease the threat posed by weak passwords.
[0039] The reference dictionary can include, for example, English words, compromised passwords, commonly used passwords, previously used passwords, and other weak passwords. In some embodiments, the analysis utilizes a machine learning model trained using a data set of ordered series generated with the reference dictionary of weak passwords.
identifying an invalid password character; determining a physical location associated with the invalid password character on a key input device; and in response to a determination that the physical location is on a periphery of the key input device, removing a corresponding input key of the invalid password character, claim 11.
[0044] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password strength using a trained machine learning model. In various embodiments, the process of FIG. 5 is used to compare a provided (or candidate) password to known weak and/or strong passwords. For example, the process can predict a password strength score for a provided password by using a trained machine learning model. In some embodiments, the step of 503 is performed at 105 of FIG. 1 and/or 403 of FIG. 4, and the step of 505 is performed at 107 of FIG. 1 and/or 405 of FIG. 4.
[0045] At 501, a machine learning model is trained to predict password strength. In some embodiments, the model is trained to classify a provided password by password strength. For example, the model can be trained with passwords that are labeled either strong (i.e., not weak) or weak. The training data set is created by applying the same techniques disclosed herein for generating an ordered series based on location coordinates but instead applied to the set of training passwords. For example, an ordered series is created for the training password as described with respect to step 503. The weak passwords can be sourced from a reference dictionary of weak passwords that includes trivial passwords, common or English dictionary words, compromised passwords, and/or previously used passwords, among other passwords deemed weak. The strong passwords can be generated, for example, by using a strong password generator. In various embodiments, the model is trained to classify a provided password as strong or weak
[0024] As shown in FIG. 3. In various embodiments, keys that are not used in passwords and/or are associated with invalid password characters
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known machine learning model. The machine learning model would enable verifying entered information for determining whether the information entered is proper or not. This would enable using trained information for enabling a legitimate user to provide valid information for authentication, para 39, claim 11.
Referring to claim 3, Nandakumar discloses to detect that the user incorrectly entered sensitive information, para 31, 36. Talmat discloses when a likelihood predicted by the machine learning model satisfies a predetermined threshold (
[0048] At 505, a trained machine learning model is applied to the created ordered series. For example, using for model trained at 501, a password strength is predicted for the ordered series created at 503. In various embodiments, the form of the predicted password result is dependent on the type of model used. For example, in some embodiments, the model can predict whether the password is strong (i.e., not weak) or weak. In some embodiments, the model predicts a strength metric, such as a strength score between 0.0 and 1.0, that corresponds to the relative strength of the password. In some embodiments, the model predicts how closely the provided password matches a known weak password. In various embodiments, the predicted password result can be further processed to perform additional analysis, such as comparing the password to configured password strength thresholds.
Claim(s) 4, 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, Talmat, Epstein et al., CN 110537180 A and Official Notice.
Referring to claim 4, Nandakumar discloses to detect that the user has incorrectly entered the sensitive information, para 31, 36. Talmat discloses to invoke the machine learning model
[0048] At 505, a trained machine learning model is applied to the created ordered series. For example, using for model trained at 501, a password strength is predicted for the ordered series created at 503. In various embodiments, the form of the predicted password result is dependent on the type of model used. For example, in some embodiments, the model can predict whether the password is strong (i.e., not weak) or weak. In some embodiments, the model predicts a strength metric, such as a strength score between 0.0 and 1.0, that corresponds to the relative strength of the password. In some embodiments, the model predicts how closely the provided password matches a known weak password. In various embodiments, the predicted password result can be further processed to perform additional analysis, such as comparing the password to configured password strength thresholds.
Nandakumar, Talmat, Wu, and Ackmann do not disclose based on context information of the form, the sensitive information, which Epstein discloses,
the selected element is identified as benign or harmful, identifying and selecting from the webpage context attribute to support or oppose the selected element is identified as benign or harmful, deletion or expected in the content of element and/or context attribute from the content identification, collecting ability, elements of selected elements as benign or harmful identification, and/or to be introduced to the portal 140 in the context attribute. As an example, the user may via a menu option to identify and addition of character string, an image, and/or a link in the content as the context attribute. As another example, the user can input desired but not need element or context attribute is in accordance to one or more elements of judging in the webpage of the user in the webpage by the user.
For example, the condition user elements in the content in identification is false, can dynamically generate the context menu by the user confirmation can be applied attribute/metadata is appended to request additional information, such as the content for the brand/longitudinal/account is trusted or not trusted, elements is not authorized in the site/context (which may use the browser extension to prompt the user not to approve additional information about why the element). and the element associated with malarkey (verbiage) deletion, 2nd para page 8
context attribute is the element content can be specified in other information related to content with the element and used in combination to find, creating and improving policy from reporting/classification trend. when generating the similar policies, portal 140 can train one or more machine learning algorithms to dynamically specifies the context menu. For example, portal 140 may be browser extension autonomously generated based on historical data of one or more queries, , 3rd para page 8.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing a machine learning model for verifying entered information context surrounding the sensitive information for determining whether the information entered is proper or not. This would enable using trained information for enabling a user to provide valid information for authentication, 2nd para page 8.
Nandakumar, Talmat, Wu, Epstein and Ackmann do not disclose unstructured data, which is well-known in the art. Official Notice is taken that addition of such well-known type of data is expected in the art. For example, Gifford et al., 20160085754 discloses it, Para 36.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known unstructured data. Unstructured data (for example, a paragraph of English natural language prose), or semi-structured data (like a free-form field), would be amenable to automated processing along with structured data, to effectively process information in these forms. Data quality (for example, missing or invalid data), automated processing techniques, particularly for data derived from unstructured or semi-structured sources would be implemented for the transmission the data, para 36.
Referring to claim 5. Talmat discloses the context information, para 48. is included in
Ackmann discloses a free-form notes field (para 532)
Claim(s) 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and Zhu et al., CN 117521057 A.
Referring to claim 6, Nandakumar discloses to detect that the user has incorrectly entered the sensitive information, para 31, 36. Nandakumar, Wu, and Ackmann do not disclose based on pattern matching with a regular expression, which Zhu discloses,
A machine learning is a research of automatically improving computer algorithm through experience and history data. It is a learning process of the computer, the computer can form the mode cognition based on the sample data or build the model based on the continuous learning of the data, and make the prediction or decision,The machine learning is a form of artificial intelligence, which can efficiently and automatically process and analyze the modelling process so that the computer can independently adapt to the new scene, second last para, page 7.
In the field of statistical learning and machine learning, integrated learning (ensemble learning) refers to obtaining better predictive performance than a single algorithm model by combining multiple learning algorithms. The model obtained by integrated learning can be called integrated model. The integrated model comprises but not limited to stacking model and Bagging model. The stacking model includes a meta-classifier and a plurality of classifiers. The Bagging model comprises a meta classifier and multiple classifiers, after the multiple classifiers of the Bagging model output the candidate type of the suspected sensitive information, the meta classifier votes the multiple candidate types so as to obtain the type of the suspected sensitive information, last para, page 6.
Specifically, one or more regular expressions are configured according to the sensitive information type. The type of sensitive information may be tokens, password and so on. the regular expression is matched with the character string of the code text to be detected, the successfully matched character string is used as the suspected sensitive information, the character string which is not successfully matched is judged as the non-sensitive information. 3rd para, page 10.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known pattern matching with a regular expression. one or more regular expressions would be configured according to the sensitive information type. The regular expression would be matched with the character string of the code text to be detected, the successfully matched character string would be used as the suspected sensitive information, the character string which would be not successfully matched is judged as the non-sensitive information, 3rd para, page 10.
Claim(s) 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and Kwok et al., US 20230418915 A1.
Referring to claim 7, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, Wu, and Ackmann do not disclose from proceeding to a next electronic form screen until the incorrectly entered sensitive information has been corrected, which Kwok discloses,
[0075] Other configurations of the method 700 can include other useful features and functionality. For instance, when the sensitive information is entered incorrectly, the user can be prevented from moving to the next screen until the sensitive information is entered correctly. In some aspects, a light indicator can be generated when sensitive information is entered incorrectly. In other aspects, an audible or tactile indicator can be created when sensitive information is entered incorrectly.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known correcting of entry. Prior to the user moving further from the present screen, the user would be required to enter valid information. This would enable completion of authentication prior to accessing the resources, para 75.
Claim(s) 8, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and DEMOPOULOS et al., KR 20140060304 A
Referring to claim 8, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, Wu, and Ackmann do not disclose to at least one of remove, encrypt, or obfuscate the incorrectly entered sensitive information to correct the incorrectly entered sensitive information, which DEMOPOULOS discloses,
The device user may enter a password in the text box, for example, in the user interface page, and the password character is hidden so that the user does not expose the pad word as the user enters the password. If a user mistakes a mistake when entering a password character, the user can not confirm which character of the password is incorrectly input. Input of an incorrect password can result in several undesirable results. For example, the authentication service may take a considerable amount of time to verify an incorrect password. Moreover, the authentication service can only give the user a limited number of opportunities to enter the correct password before locking the user. Additionally, when an incorrect password is entered, the system typically deletes all password text, allowing the user to re-enter the entire password, 1st para page 2.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known correcting of entry. Prior to the user moving further from the present screen, the user would be required to enter valid information. This would enable completion of authentication prior to accessing the resources, 1st para page 2.
Claim(s) 9, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and JP 3558897 B2
Referring to claim 9, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, Wu, and Ackmann do not disclose, which JP 3558897 B2 discloses, wherein the user is a telephone center agent.
FIG. 3 is a diagram showing a configuration example of the telephone server. In FIG. 3, a telephone server 30 is provided at the center and telephone agents 12a and 12b used by two users are shown on both sides thereof. Each telephone agent 12a and 12b has a user interface unit 18a and 18b thereof. ing. The telephone server 30 is a software module belonging to the server machine, and includes a state management unit 31, a display management unit 32, a service management unit 33, a user management unit 34, and a database (DB) 35. In FIG. 3, each of these modules is shown in two sets. However, it is merely divided into a part that performs processing of the telephone agent 12a and a part that performs processing of the telephone agent 12b, para 35.
When the telephone agent 12a displays telephone service information on the telephone directory screen of the Web browser, service requests of various user request events such as telephone connection, reservation, transfer destination specification, and shared reference URL specification are displayed through the screen. In the telephone server 30, the service management unit 33 receives the service request, processes the telephone service corresponding to the request, and displays the service status to the telephone agent 12a. If the service content is for another user, the service management unit 33 displays the service request on the other party's telephone agent 12b. At this time, the other party's telephone agent 12b displays the service content. Can be. For example, when the message service is used, the service management unit 33 performs a process of writing on the message board of the other party's telephone directory according to the service request from the telephone agent 12a, and notifies the other party's telephone agent 12b of the content, para 38
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known telephone center agent. The telephone center agent would enable completion of authentication prior to allowing access to the resources, para 35, 38.
Claim(s) 10, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar et al., US 20190251250 A1 in view of Ackmann et al., US 20170097621 A1, Wu.
Referring to claim(s) 10, Nandakumar substantially discloses A system, comprising: a processor coupled to memory that includes instructions that, when executed by a processor, cause the processor to:
detect, with a browser extension of a web browser, a user entering sensitive information associated with the user into an input;
[0046] the extension may be included as part of the web browser.[0030] determine that account credentials are to be generated due to the user selecting a new account option, in response to the user entering invalid credentials a predetermined number of times, and the like application 102 may detect the account sign-up page by comparing information, such as a uniform resource locator (URL) associated with the account sign-up page, to a stored list of URLs. [0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
monitor, with the browser extension, the user entering sensitive information into the input;
[0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
detect by a user device displaying the web browser, that the user incorrectly entered / entered incorrectly the sensitive information;
[0030] user entering invalid credentials a predetermined number of times,
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
provide, through the browser extension, a warning to the user that sensitive information has been entered incorrectly / / entered incorrectly;
[0044] browser extension 303 displays an indication for the user that the current values for account credentials 304 may pose a security risk, and requests that the user enter new values for account credentials 304.
0035] indicates to the user that account credentials 104 are not secure and requests the user to change at least a portion of the credentials, e.g., a passcode. capture new account credentials and make new attempts to login to the other online servers using the new credentials.
[0036] determines that the UID and the different passcode correspond to an invalid login, then the application indicates to the user that the different passcode has been accepted (block 207). the different application may verify if a UID included in account credentials 104 is already in use with a different account on the server.
display an indication corresponding to the correct the incorrectly entered sensitive data / information; and
[0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
[0035] requests the user to change at least a portion of the credentials, e.g., a passcode
correct the incorrectly entered sensitive information/data based on a response from the user before transmitting the incorrectly entered sensitive information
[0003] detect an account sign-up page for a new online account, and capture account credentials entered by a user for the new online account. The application may attempt to login to one or more other online accounts using information based on the account credentials entered for the new online account. In response to logging in to at least one of the other online accounts using the information based on the account credentials, the application may request a change in the account credentials before the account credentials are submitted for the new online account.
[0018] user account credentials were accessed by a hacker, resulting in affected users having to change account credentials for these web sites as well as any other online service.
[0038] application 102 to request the user to change at least a part of account credentials 104,. then account credentials 104 may be approved by the new account server for use with the new online account.
Nandakumar does not specifically mention about, which is well-known in the art, which Ackmann discloses, an electronic form, an electronic form field; [0532] a free-form notes field
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing form field.
A Free Text field is a multi-line text box which is typically used for narratives, descriptions, comments and feedback. Examples of standard Free Text fields include “Issue Description” on issues. An example of a Free Text field.
The form field would enable displaying, selecting, and/or entering data associated with the sensitive data/information, para 532.
Nandakumar and Ackmann do not specifically mention about, prevent, in real-time, transmission of the information which Wu discloses, first para, page 12, third para, page 49, last para, page 10, last para, page 13.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing correction of the information prior to the transmitting of the information. The user entered invalid data would be prevented from submission. This would enable meeting the data validation and reduce network traffic, page 12, first, para.
Claim(s) 11, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, and Talmat 20230281296.
Referring to claim 11, Nandakumar discloses to detect that/if the user has incorrectly entered the sensitive information incorrectly, para 31, 36. Nandakumar, Wu, and Ackmann do not disclose invoke a machine learning model, which Talmat discloses,
[0007] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password using a trained machine learning model.
[0023] FIG. 1 is a flow chart illustrating an embodiment of a process for detecting password strength using a location pattern analysis. For example, the process of FIG. 1 can be used to evaluate whether a password meets a minimum password strength. In the event the password does not meet the required password strength, the user or operator can be asked to provide a stronger password. By utilizing the process of FIG. 1, a password-protected system can significantly decrease the threat posed by weak passwords.
[0039] The reference dictionary can include, for example, English words, compromised passwords, commonly used passwords, previously used passwords, and other weak passwords. In some embodiments, the analysis utilizes a machine learning model trained using a data set of ordered series generated with the reference dictionary of weak passwords.
identifying an invalid password character; determining a physical location associated with the invalid password character on a key input device; and in response to a determination that the physical location is on a periphery of the key input device, removing a corresponding input key of the invalid password character, claim 11.
[0044] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password strength using a trained machine learning model. In various embodiments, the process of FIG. 5 is used to compare a provided (or candidate) password to known weak and/or strong passwords. For example, the process can predict a password strength score for a provided password by using a trained machine learning model. In some embodiments, the step of 503 is performed at 105 of FIG. 1 and/or 403 of FIG. 4, and the step of 505 is performed at 107 of FIG. 1 and/or 405 of FIG. 4.
[0045] At 501, a machine learning model is trained to predict password strength. In some embodiments, the model is trained to classify a provided password by password strength. For example, the model can be trained with passwords that are labeled either strong (i.e., not weak) or weak. The training data set is created by applying the same techniques disclosed herein for generating an ordered series based on location coordinates but instead applied to the set of training passwords. For example, an ordered series is created for the training password as described with respect to step 503. The weak passwords can be sourced from a reference dictionary of weak passwords that includes trivial passwords, common or English dictionary words, compromised passwords, and/or previously used passwords, among other passwords deemed weak. The strong passwords can be generated, for example, by using a strong password generator. In various embodiments, the model is trained to classify a provided password as strong or weak
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known machine learning model. The machine learning model would enable verifying entered information for determining whether the information entered is proper or not. This would enable using trained information for enabling to prevent a user entering invalid information for authentication, para 39, claim 11.
Claim(s) 14, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu and Kwok.
Referring to claim 14, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, WU and Ackmann do not disclose from proceeding to a next electronic form screen until the incorrectly entered sensitive information has been corrected, which Kwok discloses,
[0075] Other configurations of the method 700 can include other useful features and functionality. For instance, when the sensitive information is entered incorrectly, the user can be prevented from moving to the next screen until the sensitive information is entered correctly. In some aspects, a light indicator can be generated when sensitive information is entered incorrectly. In other aspects, an audible or tactile indicator can be created when sensitive information is entered incorrectly.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known correcting of entry. Prior to the user moving further from the present screen, the user would be required to enter valid information. This would enable completion of authentication prior to accessing the resources, para 75.
Claim(s) 13, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu and Mazza et al., 20190182382.
Referring to claim 13, Nandakumar discloses detecting the user incorrectly entered sensitive information, para 46. Nandakumar, Wu and Ackmann do not disclose, which Mazza discloses with one or more regular expressions.
[0085] The cleaning and normalizing in operation 310 may further include preprocessing the descriptions and bodies of the interactions. The preprocessing may include: standardizing abbreviations (e.g., expanding abbreviations to non-abbreviated forms, such as “you'll” to “you will”) and standardizing spelling variations (e.g., “log-in” to “login” and “user name” to “username”). The preprocessing may also include named entity recognition (NER) which uses pattern matching, such as regular expressions, to identify dates, times periods, prices, usernames, passwords, and the like. These diverse data can then be replaced by a token representing that data. In some embodiments, the named entity recognition can be performed using a generic, pre-trained NER tool or a neural network can be trained based on sample annotated data.
PNG
media_image1.png
432
397
media_image1.png
Greyscale
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing model based on pattern matching with regular expressions. A regular expression is a pattern that the regular expression engine attempts to match in input text. A pattern consists of one or more character literals, operators, or constructs. Such patterns enable input validation associated with a user, para 85.
Claim(s) 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Talmat, Wu and ENUKA et al. CN 112639845 A.
Referring to claim 12, Nandakumar discloses to detect that/if the user has incorrectly entered the sensitive information incorrectly, para 31, 36. Nandakumar, Talmat, Wu, and Ackmann do not disclose Which Enuka discloses providing a mechanism to receive feedback from a user regarding performance of the machine learning model (
the system uses a supervised active learning process to train the machine learning model, to classify the personal information (e.g., so as to create and/or update the personal information rule). As shown, the user through specific attribute adjusting/customizing algorithm according to the user data to train and re-training model, so as to generate more accurate prediction result. For example, when displaying the prediction result related to the training data in step 835, the user can review these results and provide feedback 840 (e.g., reject one or more results). then providing user feedback to the machine learning model, so that the training process is continuously repeated until the user represents that they are satisfied with the prediction result and/or until the predetermined stop criterion is satisfied,6th para, page 23
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known user feedback to the machine learning model, so that the training process is continuously repeated until the user represents that they are satisfied with the prediction result and/or until the predetermined stop criterion is satisfied, para, page 23.
Claim(s) 16, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, WU and DEMOPOULOS
Referring to claim 16, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, WU and Ackmann do not disclose to at least one of remove, encrypt, or obfuscate the incorrectly entered sensitive data/information to correct the incorrectly entered sensitive data/information, which DEMOPOULOS discloses,
The device user may enter a password in the text box, for example, in the user interface page, and the password character is hidden so that the user does not expose the pad word as the user enters the password. If a user mistakes a mistake when entering a password character, the user can not confirm which character of the password is incorrectly input. Input of an incorrect password can result in several undesirable results. For example, the authentication service may take a considerable amount of time to verify an incorrect password. Moreover, the authentication service can only give the user a limited number of opportunities to enter the correct password before locking the user. Additionally, when an incorrect password is entered, the system typically deletes all password text, allowing the user to re-enter the entire password, 1st para page 2.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known correcting of entry. Prior to the user moving further from the present screen, the user would be required to enter valid information. This would enable completion of authentication prior to accessing the resources, 1st para page 2.
Claim(s) 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar et al., US 20190251250 A1 in view of Ackmann, WU, and ZHANG et al. CN 112968797 B.
Referring to claim 15, Nandakumar discloses displaying instructions on how the incorrectly entered sensitive information is to be corrected
[0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
[0035] requests the user to change at least a portion of the credentials, e.g., a passcode
[0003] detect an account sign-up page for a new online account, and capture account credentials entered by a user for the new online account. The application may attempt to login to one or more other online accounts using information based on the account credentials entered for the new online account. In response to logging in to at least one of the other online accounts using the information based on the account credentials, the application may request a change in the account credentials before the account credentials are submitted for the new online account.
[0018] user account credentials were accessed by a hacker, resulting in affected users having to change account credentials for these web sites as well as any other online service.
[0038] application 102 to request the user to change at least a part of account credentials 104,. then account credentials 104 may be approved by the new account server for use with the new online account.
Nandakumar, Ackmann, WU does not specifically mention about, which is well-known in the art, which Zhang discloses, in a pop-up text box.
if the user sets the initialization password as "123456789", the user terminal pops up the text box "the password is not in accordance with the rule". Table 1 shows the various configuration parameters, meanings, and input value validity judgments that need to be input, second last para, page 9,
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known pop-up text box. Pop-up messages are small windows or dialog boxes that appear in the device to display a message or prompt users to take an action. This would enable a user to enter information and/or read displayed information. The pop-up message would enable providing text box to the user for interaction, second last para, page 9.
Claim(s) 17, 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar et al., in view of Ackmann, WU, and Talmat and Official Notice.
Referring to claim 17, a computer-implemented method, comprising: detecting, by a user device, with a browser extension associated with a web browser, a user entering sensitive data into an input;
[0046] the extension may be included as part of the web browser.[0030] determine that account credentials are to be generated due to the user selecting a new account option, in response to the user entering invalid credentials a predetermined number of times, and the like application 102 may detect the account sign-up page by comparing information, such as a uniform resource locator (URL) associated with the account sign-up page, to a stored list of URLs. [0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
detect improper entry of sensitive data into input
[0030] user entering invalid credentials a predetermined number of times,
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
0035] indicates to the user that account credentials 104 are not secure and requests the user to change at least a portion of the credentials, e.g., a passcode. capture new account credentials and make new attempts to login to the other online servers using the new credentials.
[0036] determines that the UID and the different passcode correspond to an invalid login, then the application indicates to the user that the different passcode has been accepted (block 207). the different application may verify if a UID included in account credentials 104 is already in use with a different account on the server.
providing, with the browser extension, a warning to the user that sensitive data has been improperly entered;
[0044] browser extension 303 displays an indication for the user that the current values for account credentials 304 may pose a security risk, and requests that the user enter new values for account credentials 304.
0035] indicates to the user that account credentials 104 are not secure and requests the user to change at least a portion of the credentials, e.g., a passcode. capture new account credentials and make new attempts to login to the other online servers using the new credentials.
[0036] determines that the UID and the different passcode correspond to an invalid login, then the application indicates to the user that the different passcode has been accepted (block 207). the different application may verify if a UID included in account credentials 104 is already in use with a different account on the server. [0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
displaying an indication corresponding to the improperly entered sensitive data; and
[0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
[0035] requests the user to change at least a portion of the credentials, e.g., a passcode
correcting the improperly entered sensitive data based on a response from the user before transmitting the improperly entered sensitive data
[0003] detect an account sign-up page for a new online account, and capture account credentials entered by a user for the new online account. The application may attempt to login to one or more other online accounts using information based on the account credentials entered for the new online account. In response to logging in to at least one of the other online accounts using the information based on the account credentials, the application may request a change in the account credentials before the account credentials are submitted for the new online account.
[0018] user account credentials were accessed by a hacker, resulting in affected users having to change account credentials for these web sites as well as any other online service.
[0038] application 102 to request the user to change at least a part of account credentials 104,. then account credentials 104 may be approved by the new account server for use with the new online account.
Nandakumar does not specifically mention about, which is well-known in the art, which Ackmann discloses, an electronic form, an electronic form field; [0532] a free-form notes field
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing form field.
A Free Text field is a multi-line text box which is typically used for narratives, descriptions, comments and feedback. Examples of standard Free Text fields include “Issue Description” on issues. An example of a Free Text field.
The form field would enable displaying, selecting, and/or entering data associated with the sensitive data, para 532.
Nandakumar, Ackmann does not specifically mention about, which is well-known in the art, which Talmat discloses, predicting, with a machine learning model on the device
[0007] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password using a trained machine learning model.
[0023] FIG. 1 is a flow chart illustrating an embodiment of a process for detecting password strength using a location pattern analysis. For example, the process of FIG. 1 can be used to evaluate whether a password meets a minimum password strength. In the event the password does not meet the required password strength, the user or operator can be asked to provide a stronger password. By utilizing the process of FIG. 1, a password-protected system can significantly decrease the threat posed by weak passwords.
[0039] The reference dictionary can include, for example, English words, compromised passwords, commonly used passwords, previously used passwords, and other weak passwords. In some embodiments, the analysis utilizes a machine learning model trained using a data set of ordered series generated with the reference dictionary of weak passwords.
identifying an invalid password character; determining a physical location associated with the invalid password character on a key input device; and in response to a determination that the physical location is on a periphery of the key input device, removing a corresponding input key of the invalid password character, claim 11.
[0044] FIG. 5 is a flow chart illustrating an embodiment of a process for analyzing password strength using a trained machine learning model. In various embodiments, the process of FIG. 5 is used to compare a provided (or candidate) password to known weak and/or strong passwords. For example, the process can predict a password strength score for a provided password by using a trained machine learning model. In some embodiments, the step of 503 is performed at 105 of FIG. 1 and/or 403 of FIG. 4, and the step of 505 is performed at 107 of FIG. 1 and/or 405 of FIG. 4.
[0045] At 501, a machine learning model is trained to predict password strength. In some embodiments, the model is trained to classify a provided password by password strength. For example, the model can be trained with passwords that are labeled either strong (i.e., not weak) or weak. The training data set is created by applying the same techniques disclosed herein for generating an ordered series based on location coordinates but instead applied to the set of training passwords. For example, an ordered series is created for the training password as described with respect to step 503. The weak passwords can be sourced from a reference dictionary of weak passwords that includes trivial passwords, common or English dictionary words, compromised passwords, and/or previously used passwords, among other passwords deemed weak. The strong passwords can be generated, for example, by using a strong password generator. In various embodiments, the model is trained to classify a provided password as strong or weak
[0048] At 505, a trained machine learning model is applied to the created ordered series. For example, using for model trained at 501, a password strength is predicted for the ordered series created at 503. In various embodiments, the form of the predicted password result is dependent on the type of model used. For example, in some embodiments, the model can predict whether the password is strong (i.e., not weak) or weak. In some embodiments, the model predicts a strength metric, such as a strength score between 0.0 and 1.0, that corresponds to the relative strength of the password. In some embodiments, the model predicts how closely the provided password matches a known weak password. In various embodiments, the predicted password result can be further processed to perform additional analysis, such as comparing the password to configured password strength thresholds. The predicted password that do no meet the threshold
[0024] As shown in FIG. 3. In various embodiments, keys that are not used in passwords and/or are associated with invalid password characters
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known machine learning model. The machine learning model would enable predicting entered information for determining whether the information entered is proper or not. This would enable using trained information for enabling a user to provide valid information for authentication, para 39, 48, claim 11.
Nandakumar, Talmat, and Ackmann do not specifically mention about, preventing, in real-time, transmission of the information, which Wu discloses, first para, page 12, third para, page 49, last para, page 10, last para, page 13.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing correction of the information prior to the transmitting of the information. The user entered invalid data would be prevented from submission. This would enable meeting the data validation and reduce network traffic, page 12, first para.
Nandakumar, Wu, Talmat and Ackmann do not specifically mention about, receiving accuracy feedback devoid of sensitive information to further train the machine learning model. However, such limitations are well-known and expected in the art. Hence, Official Notice is taken for it.
Touati et al., 20220129257
PNG
media_image2.png
338
604
media_image2.png
Greyscale
[151] CQ platform 1002 may be configured to interface with content sources(s) 128, to retrieve relevant content for a query based on the identified intent and configure the results for presentation to client device 108. CQ platform 1002 may also be configured to interface with live agent server 128, to initiate and provide live agent chat to client device via live agent 118, retrieve relevant content for a query based on the identified intent and configure the results for presentation to client device 108. CQ platform 1002 may also be configured to interface with analytics server 122, to provide conversational detail information/data for further analysis
[0156] Chat bot 132 may include an artificial intelligence (AI) (e.g., machine learning) engine configured to conduct an automated conversation with user 106 via text-based communication such as text messages in a chat interface. CQ platform 1002, via chat bot 132, may be configured to handle at least an initial portion of a query session with user 106, for example, to determine an intent for the query, so that user 106 may be properly routed to live agent 118 to handle the intent. In other cases, CQ platform 1002, via chat bot 132, may provide sufficient information or resolution to user 106 without involving live agent 118. In some cases, AI-generated content segments may be distributed throughout a chat session.
[0059] As violations and errors occur, the system may report to end-users, notify them with recommendations for fixes
[0091] Auto-mapping recommender 116 may train the neural network to provide more accurate recommendations over time based on user provided feedback, for example, corrections made by a user to the recommendation, a user acceptance of the recommendation, or a user rejection of the recommendation.
[0126] Users may choose for the system to notify them and report on issues to allow for manual correction instead of automatic correction. Users may be able to choose to let the errors be auto-corrected, or to manually handle the errors. In addition, the system may notify end users of issues.
[0157] Chat bot 132 may be configured to manage a conversation using one or more dialogs. Each chat with chat bot 132 may be associated with a conversation identifier (e.g., ConversationID). When a user initiates a chat with chat bot 132, a ConversationID may be generated. Chat bot 132 may be configured to read and analyze user input via chat bot interface 150, and generate conversational answer(s) to the user input, by further processing via intent analysis system 136 and query system 138.
[0159] Intent analysis system 136 may be configured receive a message including user input from message controller 134. Intent analysis system 136 may be configured to identify an intent and entity(s) from the user input. Intent analysis system 136 may transmit the identified intent and entity(s) to query system 138.
[0160] Query system 138 may be configured receive the identified intent and entity(s) from message intent analysis system 136. Based on the intent/entity(s), query system 138 may be configured to determine whether to perform an automated search or to initiate handoff of communication to live agent server 1200. Query system 138 may also be configured to perform an automated search of relevant content among content source(s) 128 upon a determination to proceed with the automated search. Query system 138 may also be configured to format any search results for display on chat bot interface 150.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing correction of the information at multiple fields prior to the transmitting of the information. The user entered invalid data at multiple fields would be prevented from submission. This would enable meeting the data validation and reduce network traffic, Last para, page 5, 2nd & 6th para, page 6. The claimed receiving of data/information such as feedback by anything/anyone would be available for possible/future training of the machine learning model.
Touati’s recommender 116 may train the neural network to provide more accurate recommendations over time based on user provided feedback, for example, corrections made by a user to the recommendation, a user acceptance of the recommendation, or a user rejection of the recommendation, para 91.
Referring to claim 18, Nandakumar to detect that the user has incorrectly entered the sensitive information, para 31, 36. Talmat discloses predicting and when a confidence score provided by the machine learning model satisfies a predetermined threshold
[0048] At 505, a trained machine learning model is applied to the created ordered series. For example, using for model trained at 501, a password strength is predicted for the ordered series created at 503. In various embodiments, the form of the predicted password result is dependent on the type of model used. For example, in some embodiments, the model can predict whether the password is strong (i.e., not weak) or weak. In some embodiments, the model predicts a strength metric, such as a strength score between 0.0 and 1.0, that corresponds to the relative strength of the password. In some embodiments, the model predicts how closely the provided password matches a known weak password. In various embodiments, the predicted password result can be further processed to perform additional analysis, such as comparing the password to configured password strength thresholds.
Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Talmat, Wu, Johnston et al., US 20220121776 A1 and Official Notice.
Referring to claim 19, Nandakumar to detect that the user has incorrectly entered the sensitive information, para 31, 36. Talmat discloses predicting. Nandakumar, Wu, Ackmann, and Talmat do not disclose based on context information of the electronic form, the sensitive data, which Johnston discloses (para 113),
[0056] As indicated above, for screens on the sensitive screen list 132, in addition to executing action rules 134 that pertain to controlling the input, access, manipulation, and storage of data on screens and in fields, the DAE 140 also determines if the attempted use, input, manipulation, storage, and/or access of the sensitive data 199 is appropriate on a field by field basis based on the type of data and the metadata associated with the data (CSR using data, client associated with the data, etc.). Whether the sensitive data 199 is being used/accessed/input/stored/manipulated appropriate is based on the field data analysis 152 performed by the DAE 140.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing context information. The context information being surrounding the sensitive data would be would be utilized by a trained machine learning model. This would enable verifying the user with information besides password for stronger authentication, para 113, 56.
Nandakumar, Ackmann, Wu, Johnston, Talmat do not disclose unstructured data, which is well-known in the art. Official Notice is taken that addition of such well-known type of data is expected in the art. For example, Gifford et al., 20160085754 discloses it, Para 36.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known unstructured data. Unstructured data (for example, a paragraph of English natural language prose), or semi-structured data (like a free-form field), would be amenable to automated processing along with structured data, to effectively process information in these forms. Data quality (for example, missing or invalid data), automated processing techniques, particularly for data derived from unstructured or semi-structured sources would be implemented for the transmission the data, para 36.
Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Talmat, Wu, and DEMOPOULOS and Official Notice.
Referring to claim 20, Nandakumar discloses to prevent the user, by the browser extension, para 46. Nandakumar, Wu, Talmat, and Ackmann do not disclose to at least one of remove, encrypt, or obfuscate the incorrectly entered sensitive data to correct the incorrectly entered sensitive data, which DEMOPOULOS discloses,
The device user may enter a password in the text box, for example, in the user interface page, and the password character is hidden so that the user does not expose the pad word as the user enters the password. If a user mistakes a mistake when entering a password character, the user can not confirm which character of the password is incorrectly input. Input of an incorrect password can result in several undesirable results. For example, the authentication service may take a considerable amount of time to verify an incorrect password. Moreover, the authentication service can only give the user a limited number of opportunities to enter the correct password before locking the user. Additionally, when an incorrect password is entered, the system typically deletes all password text, allowing the user to re-enter the entire password, 1st para page 2.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known correcting of entry. Prior to the user moving further from the present screen, the user would be required to enter valid information. This would enable completion of authentication prior to accessing the resources, 1st para page 2.
Claim(s) 4, 5, is/are rejected under 35 U.S.C. 103 as being unpatentable over Nandakumar in view of Ackmann, Wu, Talmat, and GUPTA et al., (US 20220210154 A1) and Official Notice.
Referring to claim 4, Nandakumar discloses to detect that the user has incorrectly entered the sensitive information, para 31, 36. Talmat discloses to invoke the machine learning model
[0048] At 505, a trained machine learning model is applied to the created ordered series. For example, using for model trained at 501, a password strength is predicted for the ordered series created at 503. In various embodiments, the form of the predicted password result is dependent on the type of model used. For example, in some embodiments, the model can predict whether the password is strong (i.e., not weak) or weak. In some embodiments, the model predicts a strength metric, such as a strength score between 0.0 and 1.0, that corresponds to the relative strength of the password. In some embodiments, the model predicts how closely the provided password matches a known weak password. In various embodiments, the predicted password result can be further processed to perform additional analysis, such as comparing the password to configured password strength thresholds.
Nandakumar, Talmat, Wu, and Ackmann do not disclose base on context surrounding the sensitive information, which GUPTA discloses,
[0020] other relevant parameters that may indicate the user intent (e.g., website browsing context, such as session history, cookies, and/or open tabs within a browser, among other examples).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing verifying entered information context surrounding the sensitive information for determining whether the information entered is proper or not. This would enable using trained information for enabling a user to provide valid information for authentication, para 20.
Nandakumar, Talmat, Wu, Gupdat and Ackmann do not disclose unstructured data, which is well-known in the art. Official Notice is taken that addition of such well-known type of data is expected in the art. For example, Gifford et al., 20160085754 discloses it, Para 36.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Nandakumar to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known unstructured data. Unstructured data (for example, a paragraph of English natural language prose), or semi-structured data (like a free-form field), would be amenable to automated processing along with structured data, to effectively process information in these forms. Data quality (for example, missing or invalid data), automated processing techniques, particularly for data derived from unstructured or semi-structured sources would be implemented for the transmission the data, para 36.
Referring to claim 5. Talmat discloses the context, para 48. is included in
Ackmann discloses a free-form notes field (para 532)
Response to Arguments
Remarks/Arguments filed 12/17/25, have been fully considered but they are not persuasive. Therefore, rejection of claims 1-20 is maintained.
Regarding the remarks for the amended claims, the rejections are updated accordingly. Please refer to the above updated rejections for the amended limitations.
Nandakumar substantially discloses a system, comprising: a processor coupled to memory that includes instructions that, when executed by a processor, cause the processor to:
detect, with a browser extension of a web browser, a user entering sensitive information associated with the user into an input;
[0046] the extension may be included as part of the web browser.[0030] determine that account credentials are to be generated due to the user selecting a new account option, in response to the user entering invalid credentials a predetermined number of times, and the like application 102 may detect the account sign-up page by comparing information, such as a uniform resource locator (URL) associated with the account sign-up page, to a stored list of URLs. [0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
monitor, with the browser extension, the user entering sensitive information into the input;
[0057] In the illustrated example, browser extension 303 prevents web browser 302 from submitting account credentials 304 to the associated server until browser extension 303 has approved the values of account credentials 304. Browser extension 303 may utilize any suitable method for preventing web browser 302 from submitting account credentials 304. For example, if browser extension 303 detects the entry of account credentials 304 before the submit icon is selected, then browser extension 303 may prevent the user from selecting the submit icon by, for example, obscuring the submit icon with a pop-up window, or, if supported by web browser 302, requesting web browser 302 to ignore user input on the account sign-up page until browser extension 303 approves values of account credentials 304.
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
detect that the user incorrectly entered the sensitive information;
[0030] user entering invalid credentials a predetermined number of times,
[0031] Account credentials 104 may include a UID and a passcode, and in some embodiments, additional information. Application 102 also, in some embodiments, may prevent account credentials 104 from being sent until the entered credentials have been verified to be invalid
provide, through the browser extension, a warning to the user that sensitive information has been entered incorrectly;
[0044] browser extension 303 displays an indication for the user that the current values for account credentials 304 may pose a security risk, and requests that the user enter new values for account credentials 304.
0035] indicates to the user that account credentials 104 are not secure and requests the user to change at least a portion of the credentials, e.g., a passcode. capture new account credentials and make new attempts to login to the other online servers using the new credentials.
[0036] determines that the UID and the different passcode correspond to an invalid login, then the application indicates to the user that the different passcode has been accepted (block 207). the different application may verify if a UID included in account credentials 104 is already in use with a different account on the server.
display an indication corresponding to incorrectly entered information
[0034] if all attempts to login to the other online accounts are unsuccessful, then method 200 moves to block 207 to submit account credentials
[0035] requests the user to change at least a portion of the credentials, e.g., a passcode
correct the incorrectly entered sensitive information based on a response from the user before transmitting the incorrectly entered sensitive information
[0003] detect an account sign-up page for a new online account, and capture account credentials entered by a user for the new online account. The application may attempt to login to one or more other online accounts using information based on the account credentials entered for the new online account. In response to logging in to at least one of the other online accounts using the information based on the account credentials, the application may request a change in the account credentials before the account credentials are submitted for the new online account.
[0018] user account credentials were accessed by a hacker, resulting in affected users having to change account credentials for these web sites as well as any other online service.
[0038] application 102 to request the user to change at least a part of account credentials 104, then account credentials 104 may be approved by the new account server for use with the new online account. (note: the approval require sending the credential information).
Nandakumar does not specifically mention about, which is well-known in the art, which Ackmann discloses, an electronic form, an electronic form field; [0532] a free-form notes field
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing form field.
A Free Text field is a multi-line text box which is typically used for narratives, descriptions, comments and feedback. Examples of standard Free Text fields include “Issue Description” on issues. An example of a Free Text field.
The form field would enable displaying, selecting, and/or entering data associated with the sensitive data, para 532.
Nandakumar and Ackmann do not specifically mention about, prevent, in real-time, transmission of the information which Wu discloses, first para, page 12, third para, page 49, last para, page 10, last para, page 13.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Johnston to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing correction of the information prior to the transmitting of the information. The user entered invalid data would be prevented from submission. This would enable meeting the data validation and reduce network traffic, page 12, first para.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973. The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2496