DETAILED ACTION
Applicant’s amendment filed 3/26/2026 and 1/26/2026 has been fully considered.
Claims 1-20 are pending and have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.
Response to Amendment
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The rejection under 35 USC 112 is withdrawn.
Applicant’s arguments with respect to the prior art have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Murakami (20070220270), and further in view of Yang (20150121489) and Krishan (20130254856).
Regarding claim 1, Murakami teaches A computer implemented method, comprising: receiving, using at least one processor, from a contactless card, a first password associated with authenticating of a user (par.16-18, 32-34);
Murakami teaches generating passwords and authenticating a user with the updated passwords to a server (par.16-18, 32-34), but does not expressly disclose, however Yang teaches generating, using the at least one processor, a plurality of second passwords in response to receiving the first password, one or more second passwords in the plurality of second passwords for authentication;
selecting, using the at least one processor, based on at least one factor, at least one second password in the plurality of second passwords;
updating, using the at least one processor, the selected at least one second password to generate an updated at least one second password (par.40-44, 50-55); and
Krishan teaches random passwords configured to authenticate the user for accessing at least one secure service in accordance with one or more requirements of the at least one secure service, authenticating, using the least one processor, the user using the updated at least one random second password for accessing the at least one secure service (par.10-13, 29-33, 42-45).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Murakami to provide a list of passwords as taught by Yang and to use random passwords as taught by Krishan.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Yang, par.40-44, 50-55) and increase security (Krishan, par.10-13, 29-33, 42-45).
Regarding claim 12, Yang teaches A system, comprising: at least one processor; and at least one non-transitory storage media storing instructions, that when executed by the at least one processor, cause the at least one processor to perform operations including (abstract)
generating a random second passwords in response to receiving, from a contactless card, a first password (par.16-18, 32-34),
Murakami teaches generating passwords and authenticating a user with the updated passwords to a server (par.16-18, 32-34), but does not expressly disclose, however
Yang teaches generating a plurality of second passwords one or more second passwords in the plurality of second passwords; selecting at least one second password in the plurality of second passwords based on at least one of the following: a time corresponding to a predetermined validity duration of the at least one second password in the plurality of second passwords, at least one user activity associated with using the at least one second password for authentication, and any combination thereof; updating the selected at least one second password to generate an updated at least one second password (par.40-44, 50-55); and
Krishan teaches random passwords for authenticating the user using the updated at least one random second password for accessing the at least one secure service (par.10-13, 29-33, 42-45).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Murakami to provide a list of passwords as taught by Yang and to use random passwords as taught by Krishan.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Yang, par.40-44, 50-55) and increase security (Krishan, par.10-13, 29-33, 42-45).
Regarding claim 20, Murakami teaches A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising (abstract, par.16-18, 32-34):
generating a random second passwords in response to receiving, from a contactless card, a first password (par.16-18, 32-34),
Murakami teaches generating passwords and authenticating a user with the updated passwords to a server (par.16-18, 32-34), but does not expressly disclose, however
Yang teaches generating a plurality of second passwords, one or more second passwords in the plurality of second passwords are configured to authenticate a user, selecting at least one second password in the plurality of second passwords; updating the selected at least one random second password to generate an updated at least one random second password; receiving the updated at least one second password in response to the user providing the first password; and transmitting the received updated at least one second password to at least one device (par.40-44, 50-55); and
Krishan teaches random passwords and receiving the updated at least one second password in response to the user providing the first password; and transmitting the received updated at least one second password to at least one server, wherein the server is configured to compare the received updated at least one random second password and the updated at least one random second password stored in the storage location; and generate a result of the comparison; upon the generated result indicating the received updated at least one random second password matches the updated at least one random second password stored in the storage location, executing the authenticating; and upon the generated result indicating the received updated at least one random second password fails to match the updated at least one random second password stored in the storage location, preventing the authenticating, the password for accessing at least one secure service in accordance with one or more requirements of the at least one secure service (par.10-13, 29-33, 42-45).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Murakami to provide a list of passwords as taught by Yang and to use random passwords as taught by Krishan.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Yang, par.40-44, 50-55) and increase security (Krishan, par.10-13, 29-33, 42-45).
Regarding claims 2 and 13, Murakami/Yang/Krishan teaches wherein the at least one secure service includes at least one of the following: a website, a mobile application, and any combination thereof (Murakami, 40-44, Yang, 30-33, Krishan, 27-32).
Regarding claim 3, Murakami/Yang/Krishan teaches wherein the at least one factor includes at least one of the following: a time corresponding to a predetermined validity duration of the at least one random second password in the plurality of random second passwords, at least one user activity associated with using the at least one random second password for authentication, and any combination thereof (Murakami, 47-51, Krishan, 34-36).
Regarding claims 4 and 14, Murakami/Yang/Krishan teaches wherein the at least one random second password is selected based on an expiration of time corresponding to a predetermined validity duration associated with the at least one random second password (Krishan, 34-36).
Regarding claims 5 and 15, Murakami/Yang/Krishan teaches wherein the at least one random second password is selected at at least one of the following times: after expiration of the time corresponding to the predetermined validity duration, before expiration of the time corresponding to the predetermined validity duration, at the time corresponding to the predetermined validity duration, and any combination thereof (Murakami, 47-51, Krishan, 34-36).
Regarding claims 6 and 16, Murakami/Yang/Krishan teaches wherein the at least one user activity includes at least one of the following: an activity by the user, a fraudulent activity by another user, and any combination thereof (Murakami, 41-43, Krishan, 28-31).
Regarding claims 7 and 17, Murakami/Yang/Krishan teaches wherein at least one of the selecting and the updating is executed using at least one of the following: a predetermined schedule, periodically, randomly, and any combination thereof (Krishan, 5-7, 12-14, 59-68).
Regarding claims 8 and 18, Murakami/Yang/Krishan teaches wherein the updating including storing the updated at least one random second password in a storage location (Murakami, 41-50, Yang, 30-37, 53-57, Krishan, 28-31, 54-57).
Regarding claims 9 and 19, Murakami/Yang/Krishan teaches wherein the authenticating including receiving the updated at least one random second password in response to the user providing the first password; transmitting the received updated at least one random second password to at least one server, wherein the server is configured to compare the received updated at least one random second password and the updated at least one random second password stored in the storage location; and generate a result of the comparison; upon the generated result indicating the received updated at least one random second password matches the updated at least one random second password stored in the storage location, executing the authenticating; and upon the generated result indicating the received updated at least one random second password fails to match the updated at least one random second password stored in the storage location, preventing the authenticating (Krishan, 10-13, 29-33, 42-45).
Regarding claim 10, Murakami/Yang/Krishan teaches wherein each random second password in the plurality of random second passwords is different from another random second password in the plurality of random second passwords (Krishan, 28-34).
Regarding claim 11, Murakami/Yang/Krishan teaches wherein each random second password in the plurality of random second passwords includes at least one of the following: one or more alpha- numeric characters, one or more non-alpha-numeric characters, and any combination thereof (Yang, 5-6, Krishan, 25-27, 50-54).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to password usage and generation.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David García Cervetti whose telephone number is (571)272-5861. The examiner can normally be reached Monday-Friday 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI S ARMOUCHE can be reached at (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/David Garcia Cervetti/Primary Examiner, Art Unit 2409
Prosecution Insights