DETAILED ACTION
Claims 1-20 are pending in this action.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 6, 10, 12, 15, 19 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Serpa et al. (US 6954862 B2) [hereinafter “Serpa”].
As per claim 1, Serpa discloses a method for authentication of a user, comprising:
selecting a username associated with a user; ([Serpa, Fig2] “Receive [user ID]” interpreted by the Examiner as equivalent, because the user ID or username is directly linked to the user’s password and serves as the identifier for authentication.)
providing a plurality of characters selected and applying a set of typing styles relating to at least one character selected so as to create a password for said user selected so as to create a password for said user; ([Serpa, col.4 40-45] “The pace, rhythm, or tempo of keystrokes [becomes as much a part of the password] as the actual letters, numbers, or Symbols comprising the password. An unauthorized individual might Still obtain the ID and password belonging to a legitimate user but, without knowledge of the correct timing element associated with the password, the information will be useless.”)
storing said username, and password in a database; wherein said password includes said typing styles; ([Serpa, col.5 ln 60-65-col. 7 ln 25-30]” Both the [user] and the computer/program agree on both the [password] and the [pace, rhythm, or tempo of the password]” and “this password character sequence is stored by the [computer/program] responsible for user authentication”).
allowing said user to access a resource by authenticating said user, said authentication including; providing said username and said password, said password including providing said characters using said selected typing styles; and retrieving from said database said stored username and password and checking this information to ensure provided username and password are identified correctly, wherein said password match also includes a match between characters and typing styles. ([Serpa col.6 ln 5-15] “The user begins by entering a user ID and the program receives this information. Next, the program asks the user to enter a password. A decision is then made as to whether the password is correct (i.e., does it match the password characters stored for that user'?) and whether it was entered with the correct pace, rhythm, or tempo (i.e., does the pace, rhythm, or tempo of password entry match the Stored pace, rhythm, or tempo for that password?). If the user has entered the correct password character Sequence with the correct pace, rhythm, or tempo, [the program continues and grants access to the restricted function]. If the user has made an error in either the password characters/sequence or the timing element of the password, access is denied and a failure message or Signal is generated. At this time the program may ask the user to try again.”).
As per claim 6, Serpa discloses the method claim 1. Wherein said password characters selected by said user are stored and recorded. ([ Serpa, claim9] “password including a Sequence of characters, wherein the Sequence of characters of the password is [Stored in the computer memory];” interpreted by the Examiner as equivalent to recorded, since once a password or sequence of characters is stored in computer memory, an electronic record of that information necessarily exists for subsequent retrieval or comparison).
As per claim 10, Serpa discloses the method of claim 1. The username and password are stored in a database ([Serpa, col.5 ln 60-65-col. 7 ln 25-30]” Both the [user] and the computer/program agree on both the [password] and the [pace, rhythm, or tempo of the password]” and “this password character sequence is stored by the [computer/program] responsible for user authentication”).
As per claim 12, Serpa discloses a computer system for authentication of a user, comprising:
one or more computer-readable storage medium and program instructions stored on at least one of the one or more tangible storage medium, the program instructions executable by a processor, the program instructions comprising: one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is enabled to perform the steps: selecting a username associated with a user;( [Serpa, Fig2] “Receive [user ID]” interpreted by the Examiner as equivalent, because the user ID or username is directly linked to the user’s password and serves as the identifier for authentication.) providing a plurality of characters selected and applying a set of typing styles relating to at least one character selected so as to create a password for said user selected so as to create a password for said user; ([Serpa, col.4 40-45] “The pace, rhythm, or tempo of keystrokes [becomes as much a part of the password] as the actual letters, numbers, or Symbols comprising the password. An unauthorized individual might Still obtain the ID and password belonging to a legitimate user but, without knowledge of the correct timing element associated with the password, the information will be useless.”) storing said username, and password in a database; wherein said password includes said typing styles; ([Serpa, col.5 ln 60-65-col. 7 ln 25-30]” Both the [user] and the computer/program agree on both the [password] and the [pace, rhythm, or tempo of the password]” and “this password character sequence is stored by the [computer/program] responsible for user authentication”). allowing said user to access a resource by authenticating said user, said authentication including; providing said username and said password, said password including providing said characters using said selected typing styles; and retrieving from said database said stored username and password and checking this information to ensure provided username and password are identified correctly, wherein said password match also includes a match between characters and typing styles. ([Serpa col.6 ln 5-15] “The user begins by entering a user ID and the program receives this information. Next, the program asks the user to enter a password. A decision is then made as to whether the password is correct (i.e., does it match the password characters stored for that user'?) and whether it was entered with the correct pace, rhythm, or tempo (i.e., does the pace, rhythm, or tempo of password entry match the Stored pace, rhythm, or tempo for that password?). If the user has entered the correct password character Sequence with the correct pace, rhythm, or tempo, [the program continues and grants access to the restricted function]. If the user has made an error in either the password characters/sequence or the timing element of the password, access is denied and a failure message or Signal is generated. At this time the program may ask the user to try again.”).
As per claim 15, the substance of the claimed invention is substantially similar to that of claim 6. Accordingly, this claim is rejected under the same rationale as 6. Serpa discloses the method claim 6. Wherein said password characters selected by said user are stored and recorded. ([ Serpa, claim9] “password including a Sequence of characters, wherein the Sequence of characters of the password is [Stored in the computer memory];” interpreted by the Examiner as equivalent to recorded, since once a password or sequence of characters is stored in computer memory, an electronic record of that information necessarily exists for subsequent retrieval or comparison).
As per claim 19, the substance of the claimed invention is substantially similar to that of claim1. Accordingly, this claim is rejected under the same rationale as 1. Serpa discloses a computer program product for authentication of a user, comprising:
one or more computer-readable storage medium and program instructions stored on at least one of the one or more tangible storage medium, the program instructions executable by a processor, the program instructions comprising: one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is enabled to perform the steps comprising: selecting a username associated with a user; ([Serpa, Fig2] “Receive [user ID]” interpreted by the Examiner as equivalent, because the user ID or username is directly linked to the user’s password and serves as the identifier for authentication.) and ([Serpa, col.8 10-20] “This second embodiment, like the first embodiment, is compatible with Systems/gadgets employing an input command as well as those that do not employ an input command. If the Subject device or System does employ an input command, then, as in the case of the first embodiment, the device used to input the password preferably has the capability to Store an extra Signal indicating the pace, rhythm, or tempo with which the user entered their password (by following the true prompts). This information, along with the password, would then be entered into [the computer/program] when the input command is engaged.) providing a plurality of characters selected and applying a set of typing styles relating to at least one character selected so as to create a password for said user selected so as to create a password for said user; ([Serpa, col.4 40-45] “The pace, rhythm, or tempo of keystrokes [becomes as much a part of the password] as the actual letters, numbers, or Symbols comprising the password. An unauthorized individual might Still obtain the ID and password belonging to a legitimate user but, without knowledge of the correct timing element associated with the password, the information will be useless.”) storing said username, and password in a database; wherein said password includes said typing styles; ([Serpa, col.5 ln 60-65-col. 7 ln 25-30]” Both the [user] and the computer/program agree on both the [password] and the [pace, rhythm, or tempo of the password]” and “this password character sequence is stored by the [computer/program] responsible for user authentication”). allowing said user to access a resource by authenticating said user, said authentication including; providing said username and said password, said password including providing said characters using said selected typing styles; and retrieving from said database said stored username and password and checking this information to ensure provided username and password are identified correctly, wherein said password match also includes a match between characters and typing styles. ([Serpa col.6 ln 5-15] “The user begins by entering a user ID and the program receives this information. Next, the program asks the user to enter a password. A decision is then made as to whether the password is correct (i.e., does it match the password characters stored for that user'?) and whether it was entered with the correct pace, rhythm, or tempo (i.e., does the pace, rhythm, or tempo of password entry match the Stored pace, rhythm, or tempo for that password?). If the user has entered the correct password character Sequence with the correct pace, rhythm, or tempo, [the program continues and grants access to the restricted function]. If the user has made an error in either the password characters/sequence or the timing element of the password, access is denied and a failure message or Signal is generated. At this time the program may ask the user to try again.”).
As per claim 20, The substance of the claimed invention is substantially similar to that of claim 6. Accordingly, this claim is rejected under the same rationale as 6. Serpa discloses the method of claim 6. Wherein said password characters selected by said user are stored and recorded. ([ Serpa, claim9] “password including a Sequence of characters, wherein the Sequence of characters of the password is [Stored in the computer memory];” interpreted by the Examiner as equivalent to recorded, since once a password or sequence of characters is stored in computer memory, an electronic record of that information necessarily exists for subsequent retrieval or comparison).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2-5, 7, 8, 9, 11, 13, 14, 16, 17, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Serpa et al. (US 6954862 B2) [hereinafter “Serpa”] in view of Kellas-Dicks et al. (US 8332932 B2) [hereinafter “Kellas”]
As per claim 2, Serpa discloses the method of claim 1. Serpa does not explicitly disclose wherein said typing style includes holding a certain character for a certain amount of time. However, Kellas in the same field of endeavor discloses wherein said typing style includes holding a certain character for a certain amount of time. ([Serpa, col.4 Ln 35-40] “One simple, useful datum that can be computed from the raw keystroke timing data is the length of time a key is depressed the "dwell time.").
Therefore, it would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to modify Serpa to have said typing style includes holding a certain character for certain amount of time as suggested by Kellas. One of ordinary skill in the art would have been motivated to do so because Kellas discloses that using a plurality of real derived data points improves the precision and reliability of distinguishing between legitimate and imposter keystroke entries. ([Kellas, col.14 Claim 12]”collecting a plurality of real data points of a user operating a keyboard, wherein the plurality of real data points are key press time and key release time for each of a plurality of key strokes of a keyboard pressed and released by one single user; computing a first plurality of derived dwell data points based on the plurality of real data points; computing a second plurality of derived dwell tendency data points based on the first plurality of derived data points; and preparing a user authentication template based on the first plurality of derived dwell data points and the second plurality of derived dwell tendency data points.”).
As per claim 3, Serpa discloses the method of claim 1 above. Kellas further discloses, wherein there is a preselected time between a first and a second character, wherein any time less than said preselected time makes the characters to be distinguished as one character and time more than said preselected time make the characters be distinguished as two distinct characters ([Kellas, col. 4 ln 45-55] “Other derived measures could also be used by an embodiment. For example, [the key-press-to-subsequent-key-press time 430, or key-release-to-subsequent-key-release time 440] also permit the events that occurred during the typing of the phrase to be represented in a useful way. Some embodiments may compute key press and release times relative to the key press event that starts the entry of the phrase, or the key press or release) event that ends entry of the phrase. The first set of derived values can be computed trivially by subtraction. Table 2 shows dwell values thus computed from the raw key-press and key-release times shown in Table 1:”). Claim 3 is also rejected on the same rationale as claim 2 above.
As per claim 4, the references as combined above disclose the method of claim 3. Serpa further discloses wherein said two or more characters can be identical characters. ([ Serpa col. 4 ln 65-68, col.5 ln 1-10] “The first three keystrokes are struck within a set time period (for example, a two-second period) and this entry is then followed by a pause of Some predetermined length. (In this example, the pause could be between four and Six Seconds long.) After this pause the final three keystrokes must then be entered within a set time period (e.g., a two-second period). The pattern would thus appear Something like: [ “ZZZ” (pause) 66 ss ZZZ. A variation of this Same password would appear as "ZZ” (pause) “ZZ” (pause) “ZZ.” Another variation could consist of “ZZZ” (pause) “ZZ” (pause) “Z”. Still others are “Z” (pause) “ZZZZZ”; “ZZZZ” (pause) “ZZ”; or “Z” (pause) “Z” (pause) “Z” (pause) “Z” (pause) “Z” (pause) “Z”], etc.”).
As per claim 5, the references as combined above disclose the method of claim 3. Serpa further discloses wherein said characters can be selected character more than once and spaced by a time period more or less than said time period. ([ Serpa col. 4 ln 65-68, col.5 ln 1-10] “The [first three keystrokes are struck within a set time period (for example, a two-second period) and this entry is then followed by a pause of Some predetermined length. (In this example, the pause could be between four and Six Seconds long.)] After this pause the final three keystrokes must then be entered within a set time period (e.g., a two-second period). The pattern would thus appear Something like: “ZZZ” (pause) 66 ss ZZZ. A variation of this Same password would appear as "ZZ” (pause) “ZZ” (pause) “ZZ.” Another variation could consist of “ZZZ” (pause) “ZZ” (pause) “Z”. Still others are “Z” (pause) “ZZZZZ”; “ZZZZ” (pause) “ZZ”; or “Z” (pause) “Z” (pause) “Z” (pause) “Z” (pause) “Z” (pause) “Z”, etc.”).
As per claim 7, the references as combined above disclose the method of claim 6. Kellas further discloses wherein two consecutive characters are to be treated as one when the time entry between them is below a threshold. ([Kellas, fig3. 390-395, col.3 ln 45-50]” Sometimes a key release corresponding to a first key press may occur after the subsequent key press. This situation is depicted in FIG. 3: the second depression of 'U' key 370, which produces the upper-case 'U' 375 in phrase 300, [continues until time 390], after the depression of" Space" key 380 time 395 which produces the corresponding space character 385 in phrase 300.”). Claim 7 is also rejected based on the same rationale as the rejection of claim 2.
As per claim 8, Serpa discloses the method of claim 6. Kellas further discloses wherein same characters are deemed to be different characters if they are entered for a period above a threshold. ([Kellas, col.4 ln 35-45] “Another useful measure is the time from the release of one key to the depression of the next 420, called the "flight time." Dwell and flight times can efficiently represent all of the key events that occur during the typing of a phrase. Note that flight time may be negative, as shown at 450: the 'U' key was not released until after the "Space" key was pressed, so the "U----; Space" flight time is negative.”) as interpreted by the examiner as it explicitly measures dwell time and flight time, and explains that longer intervals represent distinct character events. Claim 8 is also rejected based on the same rationale as the rejection of claim 2.
As per claim 9, the references as combined above disclose the method of claim 6. Kellas further discloses wherein a new character is recorded with at least two characters are entered simultaneously. ([Kellas, fig. 3, col.3 ln 35-45] “Characters of the phrase 300 are produced in the order that character-generating keys are depressed. [Two or more keys may be depressed simultaneously] (for example, both "Shift" key 315 and key 325 are depressed during the interval circled at 330. Character-generating keys are those that produce a character when they are depressed. Of the keys shown in this Figure, except "Shift" key 315 are character-generating. The "Shift" key 315 is a modifier that may change the character produced when a character-generating key is depressed.”) Claim 9 is also rejected based on the same rationale as the rejection of claim 2.
As per claim 11, the references as combined above disclose the method of claim 7. Kellas further discloses wherein the username and password are stored in different databases. ([ Kellas, fig7. 780, 730; fig6 670 and col.11 ln 35-60] “A [mass storage interface 660] permits the system to store data on a device like hard disk 670. Thus, for example, user identification templates and related data can be stored for later use by keyboard dynamics application 630. These and other components and subsystems of the computer system are connected to, and exchange data and control signals via, a system bus 680. FIG. 7 shows another embodiment of the invention. A system 710 has a group of instructions and data (shown as document 720), which may be stored [on a mass storage device 730]. ..... invention.” ) Claim 11 is also rejected based on the same rationale as the rejection of claim 2.
As per claim 13, the substance of the claimed invention is substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale as claim 2.
As per claim 14, the substance of the claimed invention is substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale as claim 3 above.
As per claim 16, the substance of the claimed invention is substantially similar to that of claim 7. Accordingly, this claim is rejected under the same rationale as claim 7.
As per claim 17, the references as combined above disclose the computer system of claim 16. Kellas further discloses wherein same characters are deemed to be different characters if they are entered for a period above a threshold. The substance of the claimed invention is substantially similar to that of claim 8. Accordingly, this claim is rejected under the same rationale as claim 8.
As per claim 18, the substance of the claimed invention is substantially similar to that of claim 9. Accordingly, this claim is rejected under the same rationale as claim 9.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure:
Cho et al., (US 2006/0280339 A1) discloses keystroke-dynamics authentication using dwell and flight times between key entries, threshold profiles for user verification, and adaptive recalibration after repeated logins.
WANG JIAN, (DE 112012003640 T5 (B5)) discloses behavioral-biometric verification using temporal and sequential user interaction features, including weighted scoring of consistent timing behaviors.
WANG YIMIN, (WO 2021/086390 A1 discloses adaptive behavioral authentication employing periodic retraining of timing profiles and context-based weighting of biometric timing data to improve recognition reliability.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Komi N. AMEVIGBE whose telephone number is (571)272-3381. The examiner can normally be reached Monday-Friday 2pm-10pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/K.N.A./ Examiner, Art Unit 2493
/CARL G COLIN/ Supervisory Patent Examiner, Art Unit 2493