Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Amendment
This is a reply to the application filed on 11/05/2025, in which, claim(s) 1-20 is/are pending.
Response to Arguments
Claim Rejections - 35 U.S.C. § 112:
Applicants’ arguments with respect to 112 2nd paragraph with rejection of claim(s) 1-7 have been fully considered and are persuasive. The rejection of 112 2nd paragraph have been partially withdrawn in view of the amendment to claim; however, the rejection for the limitation “the additional computing system being configured to…” is still maintained, as there is lack of structure, material, or acts that perform the claimed function for “the additional computing system”. Note, the processor is only executing the machine learning model and not the additional computing system.
Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim(s) 1-7 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim limitations “the additional computing system being configured to…” in claim 1 is limitations that invoke 35 U.S.C. 112, sixth paragraph. The written description only implicitly or inherently sets forth the corresponding structure, material, or acts that perform the claimed function.
Pursuant to 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181, applicant should:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112, sixth paragraph; or
(b) Amend the written description of the specification such that it expressly recites the corresponding structure, material, or acts that perform the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) State on the record what corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function.
Dependent claim(s) 2-7 disclose the modules from claim 1, configured to perform additional features and thus is rejected under the same rationale.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 8 and 15 reciting “receiving candidate login data that includes a candidate password for an account for a secured computing system, wherein the candidate password is determined based on a request to generate or modify user profile data associated with the account;”. (emphasis added)
It is unclear how the candidate password is determined based on a request to generate or modify user data. Paragraph [0019]-[0020] disclose a request to change the account password; however, it is unclear how the request to change account password, would determined the current candidate password. Paragraph [0021] disclose in some cases, the multi-perspective evaluation system identifies, from the request data, one or more portions of the candidate login data, such as a candidate username and password combination that is provided by a user of the user computing system. Which stated that the candidate password can be identifies from the request data, not the request itself.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alarifi et al. (US 20180069843 A1; hereinafter Alarifi) in view of Kirby et al. (US 20250131083 A1; hereinafter Kirby) further in view of DeLuca et al. (US 20170093862 A1; hereinafter DeLuca).
Regarding claims 1, 8 and 15, Alarifi discloses a system for multi-perspective evaluation of login data, the system comprising a processor and a storage device storing instructions that are executable by the processor [Alarifi; fig. 1 and associated text], the processor being configured to execute:
a trained mnemonic generation model and a trained mnemonic evaluation model (generating of hash values and objects hints for user’s authentication [Alarifi; ¶30-34; figs. 1-2 and associated text]),
wherein the trained mnemonic generation model is configured for:
receiving candidate login data that includes a candidate password for an account for a secured computing system, wherein the candidate password is determined based on a request to generate or modify user profile data associated with the account (the password for the user account of the user is received while the user types the password in a password field of a login page. The password comprises a plurality of characters, a user name and a service provider ID associated with the user account of the user for first time generation of a hint for the new password. Then, processor 104 inserts the username and the service provider ID into enroll list to keep track of the object within the object library. When a request to alter the index of the altered object within the object library, the index of the object is used to generate the hint for the previously used passwords for the user account. The password can be recovered based on the object and the index [Alarifi; ¶26-45; figs. 2-3 and associated text]).
Alarifi discloses a method and system for dynamically generating a hint to recall a password for a user account of a user. Alarifi does not explicilty discloses using machine learning model; however, Kirby teaches this feature.
In particular, Kirby teaches using machine learning model to allowing the user to use a word and/or phrase related to self-improvement. The word and/or phrase may be a motto, slogan, or other form of positive reinforcement that may be unique to the user and prevent guessing of the password and generation of a strong, secure, and memorable password for the users account [Kirby; ¶9, 53-56]. It would have been obvious before the effective filing date of the claimed invention to modify Alarifi in view of machine learning model of Kirby to help create creative password/phrase to prevent others from guessing.
generating candidate mnemonic data that [includes media data associated with the candidate login data] (once the password is received, the password is converted from a plain text to a hash value. The password is converted from the plain text to the hash value, a hash value of the passwords using one-way cryptographic hash function makes the invention resistant against dictionary attacks as the hint is associated with a large number of dictionary words relative to the hash value in which the probability of two passwords hashed to same value is almost zero [Alarifi; ¶21, 30-34; figs. 1-2 and associated text]).
Alarifi-Kirby combination does not explicilty discloses the candidate mnemonic data that includes media data; however, in a related and analogous art, DeLuca teaches this feature.
In particular, Deluca teaches cognitive aid prompts that encourage recall through repeated exposure to associative cues for a given password may involve the use of correlated contexts. Currently, as a security feature, many websites present a picture, chosen by the user, at the password entry screen. This picture is often derived from a server other than the one serving up the password entry component, and makes it more difficult for a malicious entity to spoof the password entry screen without failing to display (or displaying incorrect) associated images [DeLuca; ¶15]. It would have been obvious before the effective filing date of the claimed invention to modify Alarifi-Kirby combination with cognitive aid prompts from DeLuca with the motivation to makes it more difficult for a malicious entity to spoof the password entry screen without failing to display (or displaying incorrect) associated images [DeLuca; ¶15].
wherein the trained mnemonic evaluation model is configured for:
determining mnemonic guess features of the media data included in the candidate mnemonic data, wherein the trained mnemonic evaluation model is prevented from accessing the candidate login data (a modulo operation is then, performed on the hash value using processor to obtain index pointing to an object within an object library associated within an object library associated with the user, the object as the hint is displayed using display [Alarifi; ¶21, 30-34; figs. 2-3 and associated text]); and
generating login guess data that is based on at least one of the mnemonic guess features of the media data included in of the candidate mnemonic data, the login guess data including at least one text string (creating hints with respect to the objects, The hint enables the user to create a mental association between the password and the object for the user account [Alarifi; ¶30-34; figs. 2-3 and associated text], a cognitive aid image can be provided to assist in establishing a context by which a user may remember the password itself. The cognitive aid image can be sourced from a different server than the security-based image, include automatically generated associative context in many forms, such as a three-dimensional virtual room or environment in which the password has been entered previously. Visual depictions as cognitive aids can be arbitrary, as there is no direct link to system security. Another example of an associative context form includes the use of a mnemonic to assist the user in remembering the password, e.g., a simulated kinesthetic mnemonic for the password [DeLuca; ¶15-16]);
wherein the processor is further configured for:
providing the login guess data to an additional computing system, the additional computing system being configured to present the login guess data via a display device (displaying the object as the hint using display. The hint enables the user to create a mental association between the password and the object for the user account [Alarifi; ¶21, 30-34; figs. 1-2 and associated text], displaying of cognitive aid prompts that encourage recall through repeated exposure to associative cues for a given password may involve the use of correlated contexts and makes it more difficult for a malicious entity to spoof the password entry screen without failing to display (or displaying incorrect) associated images [DeLuca; ¶15]);
responsive to receiving, from the additional computing system, approval data indicating that the login guess data is dissimilar from the candidate login data, generating or modify the account for the secured computing system based on the candidate login data (a hash value of the passwords using one-way cryptographic hash function makes the invention resistant against dictionary attacks as the hint is associated with a large number of dictionary words relative to the hash value in which the probability of two passwords hashed to same value is almost zero. Additionally, only the object within the object library is used as the hint. Thus, other data from the user devices may not be helpful for attackers to perform a root attack and the hint reveals no information about the password in question, generating a hint to recall a password for a user account [Alarifi; ¶13, 49-50; fig. 2 and associated texts], a cognitive password service is interposed in a password entry process between the website. The cognitive password service can be implemented in the cloud computing environment. The cognitive password service includes prompting policy and cognitive aid prompts, which presents hints to help with the login. Wherein the hints, are not the same as the login data and providing access when the condition is met, hints such as “You seem to be trying similar passwords.”, “You are getting warmer.”, “Good. You remembered! In the future, I advise you to think about this website as the kind that accepts the second version of the password you entered.”, “Would you like to create a cognitive associative context to be displayed whenever I ask you if you remember you password?”, “Please don't make the cognitive associative context an obvious depiction of your password.”, “May I suggest the following cognitive associative context?” [Deluca; ¶50-65; Figs. 4-5 and associated text], generation of a strong, secure, and memorable password for the users account [Kirby; ¶9]). The motivation to help assisting user remember their password(s) and keep the accounts more secured.
Regarding claims 2, 9 and 16, Alarifi-Kirby-DeLuca combination discloses wherein the user profile data associated with the account for the secured computing system includes one or more of: i) password data that includes the candidate password, or ii) the candidate mnemonic data (the password with mapping and index [Alarifi; ¶39-44]).
Regarding claims 3, 10 and 17, Alarifi-Kirby-DeLuca combination discloses the processor being configured for: receiving, from the additional computing system, prompt data describing a modification to the candidate mnemonic data; generating, by the trained mnemonic generation model, modified candidate mnemonic data that includes modified media data corresponding to a combination of the prompt data with one or more of: i) the media data or ii) the candidate login data; and generating, by the trained mnemonic evaluation model and based on the modified candidate mnemonic data, modified login guess data that includes at least one additional text string (updates an index of the object within the object library. Processor 104 creates a new index for a new object added to the object library. The new index is created at an end of the object library for the new object. Thus, at a time of insertion of a new object, the new object may not be associated with a hint generated for a user account of a user. The new index is not used by processor 104 to generate the hint for previously used passwords for the user account [Alarifi; ¶27], modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the invention [DeLuca; ¶76]). the motivation to help assisting user remember their password(s) and keep the accounts more secured.
Regarding claims 4, 11 and 18, Alarifi-Kirby-DeLuca combination discloses the processor being configured for: determining, by the trained mnemonic generation model, a feature set that describes candidate features of the candidate login data, wherein generating the candidate mnemonic data includes: comparing one or more of the candidate features to media features describing the media data; determining, based on the comparison, a similarity relationship between the media data and the one or more of the candidate features of the candidate login data; and selecting one or more portions of the media data based on the similarity relationship (the password is hashed, mapped and index with the hint and objects, related but are distinct differences [Alarifi; ¶27, 39-44]).
Regarding claims 5, 12 and 19, Alarifi-Kirby-DeLuca combination discloses the processor being configured for: determining, by the trained mnemonic evaluation model, a feature set that describes the mnemonic guess features of the candidate mnemonic data, wherein generating the login guess data includes: identifying, from the candidate mnemonic data, the mnemonic guess features; and generating, based on the mnemonic guess features, the at least one text string (a hint string can give displayed based on the user account [Alarifi; ¶27, 39-44]).
Regarding claims 6, 13 and 20, Alarifi-Kirby-DeLuca combination discloses wherein the trained mnemonic evaluation model generates the at least one text string based on a combination of the mnemonic guess features of the candidate mnemonic data with one or more of: i) first additional features describing criteria for login data of the secured computing system, or ii) second additional features describing publicly available user history data (contact name and known information are needed to understand the hints [Alarifi; ¶27, 39-44]).
Regarding claims 7 and 14, Alarifi-Kirby-DeLuca combination discloses wherein the trained mnemonic generation model generates the candidate mnemonic data based on a combination of candidate features of the candidate login data with one or more of: i) publicly available user history data, or ii) privately available user history data (contact name and contact list are private data [Alarifi; ¶27, 39-44]).
Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http://www.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998. The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DAO Q HO/Primary Examiner, Art Unit 2432