Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/19/2025 has been entered. Claims 1, 3 and 7-9 are amended. Claim 10 is new. Claims 1 and 3-10 are pending.
Response to Arguments
Examiner’s Remarks - 35 USC § 103 – Independent claims 1 and 8
The applicant has amended each independent claim to include the feature(s) of, “the attribute including a period of forbiddance of reuse of the personal identification information”. In view of the claim amendment(s), the examiner introduces the teachings of prior art reference MANOLACHE (WO 2007/095326) to record. The examiner contends that MANOLACHE teaches the reuse of credentials after a period of time. See rejection below.
Examiner’s Remarks - 35 USC § 103 – Dependent claims 3-7 and 9
Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Yasuda (US Patent Publication No. 2010/0014652) in view of QIAN JIANBO (EP 3792798) and further in view of MANOLACHE (WO 2007/095326)
As to claims 1 and 8, Yasuda teaches an image forming apparatus comprising: a processing device (i.e., …teaches in par. 0108 the following: “A terminal 10, which is used by a user in a restriction control system, can be configured to include, for example, a Web browser part 11, a camera processing part 12, a code reading part 13, a voice communication part 14, and an e-mail receiving part 15.”);
and an input device, wherein the processing device (i.e., …teaches in par. 0108 the following: “A terminal 10, which is used by a user in a restriction control system, can be configured to include, for example, a Web browser part 11, a camera processing part 12, a code reading part 13, a voice communication part 14, and an e-mail receiving part 15.”):
registers, in association with a user, a string as personal identification information for identifying the user (i.e., …teaches in par. 0035 the following: “This group creation can be performed in such a way that a user registers in the network side identification information identifying a user's terminal constituting the group by operating the user's terminal, or a user asks a service provider in advance to make a registration of identification information identifying a user's terminal constituting the group by using another terminal or telephone.”),
determines, in response to a reception of a request for deletion of a registered user, via the input device (i.e., …teaches in par. 0069 the following: “The Web application part 24 performs control of a user interface that is used for registration and deletion of groups and for registration and deletion of user terminals, by using Web applications.”),
based on an attribute imparted to the registered user, whether to forbid reuse of the string as a piece of the personal identification information (i.e., …teaches in par. 0077 the following: “The group ID 211 stores a value which can uniquely specify each group. In order to prevent duplicating of the group IDs, even after a group is deleted, the same group ID of the deleted group is treated so as not be reused. An example of a generation method of a group ID 211 will be described below with reference to FIG. 7.”),
which is associated with the registered user for which the request for deletion is received (i.e., …teaches in par. 0086 the following: “a temporary group ID 211c is generated on the basis of a telephone number 211a of a representative user and time information 211b corresponding to the timing when the group was created, so as to prevent generation of duplicated group IDs.”).
Yasuda does not expressly teach:
refuses, in accordance with a result of the determination, a request for registration of the user associated with the string as the piece of the personal identification information.
In this instance the examiner notes the teachings of prior art reference QIAN.
QIAN teaches as part of his claim 14 claim limitation(s) the following: “wherein the refuse registration mode comprises: determining whether the login password received in connection with the registration request from the current user is the same as a login password associated with an account of the conflicting old user; and in the event that the login password received in connection with the registration request is the same as the login password associated with the account of the conflicting old user, refusing registration and providing an indication that the login password received in connection with the registration request does not satisfy a security rule to the current user.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda with the teachings of QIAN by having their system comprise an enhanced user access control process. One would have been motivated to do so to provide a simple and effective means to manage user system access, wherein the enhanced user access control process helps facilitate proper user registration and makes it easier to configure the system for access control.
The system of Yasuda and QIAN does not expressly teach:
the attribute including a period of forbiddance of reuse of the personal identification information.
In this instance the examiner notes the teachings of prior art reference MANOLACHE.
MANOLACHE teaches in par. 0063 the following: “[… the application service server 120 retains a deactivated user account and its associated data, the user account can therefore be revived at any time during the probation time period. For the same reason, any requests to create a new account using the same username are not allowed. As shown in Figure 6, upon receipt of a request to restore the user account (611), the application service server 120 revives the user account, brings back the hosted services associated with the user account, and terminates the probation time period (615). If the user account's username has been changed to an alternative username previously, the application service server 120 restores the user account's information and user data by changing the alternative username back to the original username. [0064] But if the application service server 120 does not receive any account restoration request until the end of the probation time period (613, yes), the application service server 120 deletes the user account and its associated information (617). The username of the deleted user account can be reused, e.g., for a new user or for other purposes such as a nickname or an email list.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda and QIAN with the teachings of MANOLACHE by having their system comprise an enhanced user credential management process. One would have been motivated to do so to provide a simple and effective means to manage user access credentials, wherein the enhanced user credential management process helps facilitate proper user credential maintenance and makes it easier to configure the system for authentication access control.
2. (Canceled)
As to claim 3, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically Yasuda does not expressly teach a mage forming apparatus according to claim wherein the attribute further includes at least one of among: a history of user identification performed based on the personal identification information, a history of an operation performed by the user identified based on the personal identification information and a type of the personal identification information.
In this instance the examiner notes the teachings of prior art reference QIAN.
The examiner notes that applicant’s usage of the alternative phrase “at least one of”, places the above limitation(s) in alternative form. As such with regards to applicant’s alternative limitation of, “a history of user identification performed based on the personal identification information”, QIAN teaches as part of his claim 14 claim limitation(s) the following: “wherein the refuse registration mode comprises: determining whether the login password received in connection with the registration request from the current user is the same as a login password associated with an account of the conflicting old user; and in the event that the login password received in connection with the registration request is the same as the login password associated with the account of the conflicting old user, refusing registration and providing an indication that the login password received in connection with the registration request does not satisfy a security rule to the current user.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda with the teachings of QIAN by having their system comprise an enhanced user access control process. One would have been motivated to do so to provide a simple and effective means to manage user system access, wherein the enhanced user access control process helps facilitate proper user registration and makes it easier to configure the system for access control.
As to claim 9, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically Yasuda does not expressly teach a image forming apparatus according to claim 1, wherein the attribute includes on-registration authentication mode information (i.e., …teaches in par. 0086 the following: “a temporary group ID 211c is generated on the basis of a telephone number 211a of a representative user and time information 211b corresponding to the timing when the group was created, so as to prevent generation of duplicated group IDs.”).
As to claim 10, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically neither Yasuda nor QIAN expressly teaches an image forming apparatus according to claim 1, wherein the processing device further withdraws the forbiddance of reuse of the personal identification information when the period of forbiddance of reuse of the personal identification information has elapsed.
In this instance the examiner notes the teachings of prior art reference MANOLACHE.
MANOLACHE teaches in par. 0063 the following: “… the application service server 120 retains a deactivated user account and its associated data, the user account can therefore be revived at any time during the probation time period. For the same reason, any requests to create a new account using the same username are not allowed. As shown in Figure 6, upon receipt of a request to restore the user account (611), the application service server 120 revives the user account, brings back the hosted services associated with the user account, and terminates the probation time period (615). If the user account's username has been changed to an alternative username previously, the application service server 120 restores the user account's information and user data by changing the alternative username back to the original username. [0064] But if the application service server 120 does not receive any account restoration request until the end of the probation time period (613, yes), the application service server 120 deletes the user account and its associated information (617). The username of the deleted user account can be reused, e.g., for a new user or for other purposes such as a nickname or an email list.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda and QIAN with the teachings of MANOLACHE by having their system comprise an enhanced user credential management process. One would have been motivated to do so to provide a simple and effective means to manage user access credentials, wherein the enhanced user credential management process helps facilitate proper user credential maintenance and makes it easier to configure the system for authentication access control.
Claim(s) 4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Yasuda and QIAN in view of MANOLACHE as applied to claim 1 above and further in view of Singh (US Patent Publication No. 2022/0300630).
As to claim 4, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically Yasuda teaches an image forming apparatus according to claim 1, wherein, if a block deletion of all registered users is requested (i.e., …teaches in par. 0077 the following: “The group ID 211 stores a value which can uniquely specify each group. In order to prevent duplicating of the group IDs, even after a group is deleted, the same group ID of the deleted group is treated so as not be reused. An example of a generation method of a group ID 211 will be described below with reference to FIG. 7.”).
The system of Yasuda, QIAN and MANOLACHE do not expressly teach:
the processing device further permits a reuse with respect to all personal identification information, associated with all the registered users.
In this instance the examiner notes the teachings of prior art reference Singh.
Singh teaches in par. 0109 the following: “… security policy that allows limited reuse of corporate credentials that are us”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda, QIAN and MANOLACHE with the teachings of Singh by having their system comprise an enhanced credential reuse analysis process. One would have been motivated to do so to provide a simple and effective means to control system access, wherein the enhanced credential reuse analysis process helps facilitate security within the network and makes it easier to control access.
As to claim 7, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically neither reference expressly teaches a image forming apparatus according to claim 6, wherein the attribute further includes at least one of: a history of a user identification performed based on the personal identification information a history of an operation performed by the user identified based on the personal identification information a manager authority imparted to the user associated with the personal identification information.
In this instance the examiner notes the teachings of prior art reference Singh.
The examiner notes that applicant’s usage of the alternative phrase, “at least one among”, places the above limitation in alternative form. As such with regards to applicant’s alternative claim limitation element of, “manager authority imparted to the user associated with the personal identification information”, Singh teaches in par. 0108 the following: “For example, the organization may define a security policy that prohibits the reuse of corporate credentials that are used by users to access financial resources. In such embodiments, resource access application 424 may monitor for login to an enterprise resource or an external resource and determine whether a credential that was input or otherwise provided to login to the resource is a corporate credential used for accessing financial resources. If so, resource access application 424 may apply the applicable security policy (e.g., restrict the use of the credential).”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda, QIAN and MANOLACHE with the teachings of Singh by having their system comprise an enhanced credential reuse analysis process. One would have been motivated to do so to provide a simple and effective means to control system access, wherein the enhanced credential reuse analysis process helps facilitate security within the network and makes it easier to control access.
Claim(s) 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Yasuda and QIAN in view of MANOLACHE as applied to claim 1 above and further in view of DeCusatis et al. (US Patent Publication No. 2011/0185404 and DeCusatis).
As to claim 5, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically neither reference expressly teaches an image forming apparatus according to claim 1, wherein the processing device further withdraws a forbiddance of reuse of the personal identification information.
In this instance the examiner notes the teachings of prior art reference DeCusatis.
DeCusatis teaches in par. 0031 the following: “... Upon transitioning to the deleted state 306, the user ID and associated data are removed, preventing any further actions using the user ID. …teaches in par. 0031 the following: “If the administrator determines that the user ID should not be deleted, the administrator can initiate transition 310 to change the status value of the user ID from the marked for deletion state 304 to the active state 302.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda, QIAN and MANOLACHE with the teachings of DeCusatis by having their system comprise an enhanced credential reuse analysis process. One would have been motivated to do so to provide a simple and effective means to control system access, wherein the enhanced credential reuse analysis process helps facilitate security within the network and makes it easier to control access.
As to claim 6, the system of Yasuda, QIAN and MANOLACHE as applied to claim 1 above teaches user registration control, specifically neither reference expressly teaches an image forming apparatus according to claim 5, wherein the processing device withdraws the forbiddance of reuse of the personal identification information according to the personal identification information or an attribute imparted to the user associated with the personal identification information.
In this instance the examiner notes the teachings of prior art reference DeCusatis.
DeCusatis teaches in par. 0031 the following: “... Upon transitioning to the deleted state 306, the user ID and associated data are removed, preventing any further actions using the user ID. …teaches in par. 0031 the following: “If the administrator determines that the user ID should not be deleted, the administrator can initiate transition 310 to change the status value of the user ID from the marked for deletion state 304 to the active state 302.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Yasuda, QIAN and MANOLACHE with the teachings of DeCusatis by having their system comprise an enhanced credential reuse analysis process. One would have been motivated to do so to provide a simple and effective means to control system access, wherein the enhanced credential reuse analysis process helps facilitate security within the network and makes it easier to control access.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/Examiner, Art Unit 2497