DETAILED ACTION
The claim objections are withdrawn based on the amendments filed 12/29/2025.
The 112(b) rejection is withdrawn based on the amendments filed 12/29/2025.
Claims 11 and 23 are canceled.
Claims 1-10, 12-22, and 24 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 12/29/2025 have been fully considered but they are not persuasive.
Regarding applicant’s arguments, on pages 4-7 of the remarks, that Wright does not anticipate at least the step of automatically providing a portion of the secure information to execute the application, to access the document, and to access the account, Examiner agrees with applicant. Therefore, the 102 rejection is withdrawn.
Regarding applicant’s arguments, on pages 7-9 of the remarks, that Wright and Maresh, alone or in combination, do not teach the limitations of amended claims 1 and 13, and therefore, do not teach dependent claims 3 and 15, Examiner respectfully disagrees. Wright and LastPass teach the amended portions of claim 1 as seen in the 103 rejection below. To clarify how the LastPass autofill automatically provides a portion of the secured information, see the following description of the autofill feature: Save a password or shipping address one last time. LastPass autofill will securely populate form fields with your relevant information the next time you need it. Autofill important credentials right from your browser extension without opening your vault; [Autofill from your encrypted vault], e.g., Next time you need a vault item for a form field, simply use autofill: Passwords and usernames, Email addresses, Home and business shipping addresses, Credit card info, Bank accounts. In addition, Wright, LastPass, and Maresh, in combination, teach dependent claims 3 and 15. Therefore, Wright, LastPass, and Maresh, in combination, teach all the limitations of claims 1, 3, 13, and 15.
Regarding applicant’s argument, on pages 9-11 of the remarks, that the combination of Wright and Maresh to reach the claimed invention, as recited in claims 3 and 15, is by impermissible hindsight, Examiner respectfully disagrees. Wright teaches vaults which hold private data in para.[0062]. Private data stored in an unprotected form could lead to the private data being accessed by unauthorized users. Maresh teaches encrypting data within a vault, which is, well-known, understood, and routinely used within the art to protect data from unauthorized access and use. Therefore, it would be obvious to a person of ordinary skill in the art to modify the teachings of Wright with the teachings of Maresh for the benefit of encrypting secured information to prevent/reduce password leakage.
Regarding applicant’s arguments, on pages 11-12 of the remarks, that Wright, Maresh, and gHacks, alone or in combination, do not teach Claims 4 and 16 because amended independent Claims 1 and 13 is not fully taught, Examiner respectfully disagrees. As mentioned above, Wright and LastPass teach the amended limitations of claim 1. Wright, LastPass, and Maresh teach the limitations of claim 3 and 15. Wright, LastPass, Maresh, and gHacks, teach dependent claims 4 and 16. Therefore, claims 4 and 16 are not allowable because Wright, LastPass, Maresh, and, gHacks, in combination, teach all the limitations of claims 1, 3, 4, 13, 15, and 16.
Regarding applicant arguments, on pages 12-16 of the remarks, that the combination of Wright and LastPass to reach the claimed invention, as recited in claims 1, 12, 13, and 24, is by impermissible hindsight, Examiner respectfully disagrees. Wright teaches using username and password credentials to access a service provider system which host the vaults and lockboxes. A password is a string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. A person of ordinary skill in the art would know that longer passwords correlate with stronger passwords and passwords should not be reused. These guidelines would result in multiple lengthy passwords, for each unique application that requires credentials. Thus, it may be difficult for users to keep track of all these passwords. LastPass teaches of a method that would autofill credentials for logins. Therefore, it would have been obvious to one of ordinary skill in the art to have modified the teachings of Wright with the teachings of LastPass for the benefit of saving time, increasing security, and reducing password theft as taught by LastPass section [Simply your online life with save and autofill].
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-2, 5-10, 12-14, 17-22 and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20130145426 A1 to Wright et al. (Wright) in view of “Autofill for Passwords, Saved Payment Methods & Logins, 04 June, 2023” (LastPass).
Regarding claim 1, Wright teaches a collaborative security management system, comprising: a processing device in communication with a plurality of user devices (Wright [0065], e.g., More particularly, a service provider system 102 is coupled to communicate bidirectionally through a communications network, or cloud, 104, with a user system 106 and a designated recipient system 108); and a memory device in communication with the processing device (Wright [0105], e.g., any other computer-readable storage medium, wherein, when the computer program code is loaded into and executed by a computer), the memory device storing instructions (Wright [0105], e.g., any other computer-readable storage medium, wherein, when the computer program code is loaded into and executed by a computer) that when executed by the processing device result in: storing a plurality of data structures in the memory device (Wright [0062], e.g., The user's legacy may contain legal documents), each of the data structures including secured information (Wright [0062], e.g., legal documents relating to wills, trusts, estates, taxes, insurance, location of assets, accounts and pass codes); establishing at least one safe associated with one or more of the data structures (Wright [0059], e.g., The contents of the legacy may be organized, as noted above, into an arrangement that includes one or more vaults……… Each vault may contain one or more lock-boxes, and each lock-box may contain a portion of, or all of, the collection of information); defining one or more security rules for the safe (Wright [0059], e.g., each vault being accessible by its owner, i.e., the user, and further accessible by designated recipients in accordance with rules of access specified by the user), each of the security rules governing for one or more of the user devices: an access privilege for granting or for denying access to at least one of the safe and the one or more data structures associated therewith by the one or more of the user devices via an interface (Wright [0059], e.g., further accessible by designated recipients in accordance with rules of access specified by the user……… The rules of access may be the same or different for each designated recipient; Fig. 10, e.g., add shared users); and an operations privilege for enabling or for disabling performance of operations upon the at least one safe and the one or more data structures associated therewith initiated by the one or more of the user devices from the interface (Wright [0057], e.g., The legacy may include autobiography and/or contributed biography, each accessible for editing exclusively by the user. Contributed biography refers to materials obtained, provided, or submitted for inclusion in the legacy by sources other than the user; Fig. 10, e.g., add contributors); and controlling, by application of the security rules, at least one of access to and operations performed upon the at least one safe and the one or more data structures associated therewith by the one or more of the user devices (Wright [0057], e.g., The legacy may include autobiography and/or contributed biography, each accessible for editing exclusively by the user, [0059], e.g., further accessible by designated recipients in accordance with rules of access specified by the user; Fig. 10, e.g., add contributors, add shared users)[; wherein when the operations privilege includes an operation of at least one of executing an application, accessing a document, and following a link to access an account presented on the interface, the processing device further automatically providing a portion of the secured information to execute the application, to access the document, and to access the account].
Wright does not explicitly teach, but LastPass teaches wherein when the operations privilege includes an operation of at least one of executing an application, accessing a document, and following a link to access an account presented on the interface (LastPass, [Just click on the LastPass icon to autofill], e.g., Next time you log in or check out, click on the LastPass icon in the form field to autofill), the processing device further automatically providing a portion of the secured information to execute the application, to access the document, and to access the account (LastPass, [Just click on the LastPass icon to autofill], e.g., click on the LastPass icon in the form field to autofill).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Wright with the teachings of LastPass with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of saving time, increasing security, and reducing password theft (LastPass [Simplify your online life with save and autofill], e.g., Save time - Save your information once and let LastPass handle all future input forms, Improve security - Leave password memorization in the past. Log in to your favorite websites with one click when you use password autofill).
Regarding claim 2, most of the limitations of this claim have been noted in the rejection of claim 1. Wright further teaches wherein the secured information includes at least one of login credentials, cryptographic keys, documents, or data strings (Wright [0062], e.g., The user's legacy may contain legal documents relating to wills, trusts, estates, taxes, insurance, location of assets, accounts and pass codes, physical safe deposit boxes, health directives, burial instructions, and so on).
Regarding claim 5, most of the limitations of this claim have been noted in the rejection of claim 1. Wright further teaches wherein one of the plurality of user devices initiates the establishing of the safe (Wright [0063], e.g., A user may establish one or more vaults for content to be shared).
Regarding claim 6, most of the limitations of this claim have been noted in the rejection of claim 5. Wright further teaches wherein the one of the plurality of user devices initiates the defining of the one or more security rules for the safe (Wright [0059], e.g., each vault being accessible by its owner, i.e., the user, and further accessible by designated recipients in accordance with rules of access specified by the user).
Regarding claim 7, most of the limitations of this claim have been noted in the rejection of claim 1. Wright further teaches wherein an administrator of the security management system initiates the establishing of the safe (Wright [0063], e.g., A user may establish one or more vaults for content to be shared; Note that user = administrator).
Regarding claim 8, most of the limitations of this claim have been noted in the rejection of claim 7. Wright further teaches wherein the administrator initiates the defining of the one or more security rules for the safe (Wright [0059], e.g., each vault being accessible by its owner, i.e., the user, and further accessible by designated recipients in accordance with rules of access specified by the user).
Regarding claim 9, most of the limitations of this claim have been noted in the rejection of claim 1. Wright further teaches wherein the access privilege includes at least one of read-only access or read-and-write access to the at least one safe and the one or more data structures associated therewith (Wright [0059], e.g., each vault being accessible by its owner, i.e., the user, and further accessible by designated recipients in accordance with rules of access specified by the user, [0057], e.g., The legacy may include autobiography and/or contributed biography, each accessible for editing exclusively by the user).
Regarding claim 10, most of the limitations of this claim have been noted in the rejection of claim 1. Wright further teaches wherein the operations privilege includes operations of at least one of adding, modifying, deleting, copying, or sharing between one or more of the plurality of user devices and the at least one safe and the one or more data structures associated therewith (Wright [0057], e.g., The legacy may include autobiography and/or contributed biography, each accessible for editing exclusively by the user, Fig. 10, e.g., add contributor).
Regarding claim 12, most of the limitations of this claim have been noted in the rejection of claim 1. Wright does not explicitly teach, but LastPass teaches verifying the one or more of the user devices performing the operation is compatible to operate effectively with the at least one of application to be executed, document to be accessed, or account to be accessed prior to initiating performance of the operation (LastPass [Just click on the LastPass icon to autofill], e.g., The next time you log in, tap the LastPass pop-up and your credentials will autofill into the password field).
The motivation to combine is the same as that of claim 1.
Regarding claim 13, the claim recites a method of the system of claim 1, and is similarly analyzed.
Regarding claim 14, the claim recites a method of the system of claim 2, and is similarly analyzed.
Regarding claim 17, the claim recites a method of the system of claim 5, and is similarly analyzed.
Regarding claim 18, the claim recites a method of the system of claim 6, and is similarly analyzed.
Regarding claim 19, the claim recites a method of the system of claim 7, and is similarly analyzed.
Regarding claim 20, the claim recites a method of the system of claim 8, and is similarly analyzed.
Regarding claim 21, the claim recites a method of the system of claim 9, and is similarly analyzed.
Regarding claim 22, the claim recites a method of the system of claim 10, and is similarly analyzed.
Regarding claim 24, the claim recites a method of the system of claim 12, and is similarly analyzed.
Claim(s) 3 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wright in view of LastPass, and in further view of US 20220391490 A1 to Maresh et al. (Maresh).
Regarding claim 3, most of the limitations of this claim have been noted in the rejection of claim 3. Wright and LastPass do not explicitly teach, but Maresh teaches wherein at least a portion of the secured information is encrypted prior to storing in the memory device (Maresh [0079], e.g., At step 402, vault manager program 101 stores one or more encrypted passwords associated with a resource located on a host device in a partition of a vault located on a client device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Wright and LastPass with the teachings of Maresh with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit reducing and/or preventing password leakage (Maresh [0020], e.g., authentication of user accounts in which the user does not know any of the passwords contained in the vault and thus, cannot accidently divulge passwords or inadvertently store unprotected passwords locally on their device).
Regarding claim 15, the claim recites a method of the system of claim 3, and is similarly analyzed.
Claim(s) 4 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wright in view of LastPass and Maresh, and in further view of “Is LastPass Password Manager worth using? “, 2021 (hereinafter, gHacks).
Regarding claim 4, most of the limitations of this claim have been noted in the rejection of claim 3. Wright, LastPass, and Maresh do not explicitly teach, but gHacks teaches wherein when the one or more user devices access the safe and the one or more data structures associated therewith, the encrypted secured information remains encrypted when presented on the interface until selected for decrypting and viewing on the interface (gHacks, Figure below shows a hidden password, which can be unhidden by clicking the eye icon).
PNG
media_image1.png
605
821
media_image1.png
Greyscale
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Wright, LastPass, and Maresh with the teachings of gHacks with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit preventing shouldering surfing attacks or prevent leaking the password to the surrounding area.
Regarding claim 16, the claim recites a method of the system of claim 4, and is similarly analyzed.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20240020376 A1 to Li discloses a password manager for safely autofilling user login credentials. User interface elements are parsed to determine if password input fields are present. When password input fields are detected, a user is authenticated to ensure that the user is authorized to access the password manager. When the authentication is successful, the password manager autofills the login password input field with login data.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAWRENCE TRUONG whose telephone number is (571)272-6973. The examiner can normally be reached Monday - Friday, 8:00 am - 4 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LAWRENCE TRUONG/Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434