Prosecution Insights
Last updated: July 17, 2026
Application No. 18/778,103

PERSONALIZED PASSWORD PROMPTING SYSTEM

Final Rejection §103
Filed
Jul 19, 2024
Priority
Jun 22, 2021 — continuation of 12/072,969
Examiner
PHAM, PHUC H
Art Unit
2408
Tech Center
2400 — Computer Networks
Assignee
Kyndryl Inc.
OA Round
2 (Final)
89%
Grant Probability
Favorable
3-4
OA Rounds
7m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 89% — above average
89%
Career Allowance Rate
158 granted / 177 resolved
+31.3% vs TC avg
Strong +19% interview lift
Without
With
+18.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
11 currently pending
Career history
194
Total Applications
across all art units

Statute-Specific Performance

§101
1.8%
-38.2% vs TC avg
§103
92.5%
+52.5% vs TC avg
§102
1.0%
-39.0% vs TC avg
§112
2.6%
-37.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 177 resolved cases

Office Action

§103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to communication filed on March 30, 2026. Status of claims within the present application: Claims 1 – 20 are pending. Claims 1, 9, and 15 are amended. Response to Amendment Applicant’s arguments with respect to claims 1, 9, and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1 – 20 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 – 20 of U.S. Patent No. 12072969. Although the claims at issue are not identical, they are not patentably distinct from each other because both the application and the patent disclose a processor may receive authentication data related to inputs of a user to predetermined authentication prompts. The processor may select devices from a set of registered devices to use for providing a first password prompt to the user. The processor may identify one or more output formats for each of the selected devices. The processor may generate a first password prompt having two or more password prompt components, where each password prompt component has an output format. The processor may send the two or more password prompt components to respective selected devices. 18/778,103 US 12,072,969 B2 1. A computer-implemented method, the method comprising: generating, by a processor, a first password prompt having two or more password prompt components; and sending a first password prompt component of the two or more password prompt components to a first device and a second password prompt component of the two or more password prompt components to a second device, wherein each of the two or more password prompt components comprises a different portion of the first password prompt, and wherein a combination of the two or more password prompt components equals an entirety of the first password prompt. 1. A computer-implemented method, the method comprising: receiving, by a processor, authentication data related to inputs of a user to predetermined authentication prompts; selecting, by the processor, devices from a set of registered devices to use for providing a first password prompt to the user; identifying, by the processor, one or more output formats for each of the selected devices; generating, by the processor, a first password prompt having two or more password prompt components; and sending a first password prompt component of the two or more password prompt components to a first device of the selected devices and a second password prompt component of the two or more password prompt components to a second device of the selected devices, wherein each of the two or more password prompt components has a unique output format, wherein each of the two or more password prompt components comprises a different portion of the first password prompt, and wherein a combination of the two or more password prompt components equals an entirety of the first password prompt. 2. The method of claim 1, further comprising: receiving a first password response having two or more password response components; and determining whether the first password response is valid, at least in part, based on whether each of the two or more password response components matches respective expected response components. 2. The method of claim 1, further comprising: receiving a first password response having two or more password response components; and determining whether the first password response is valid, at least in part, based on whether each of the two or more password response components matches respective expected response components. 3. The method of claim 2, further comprising: identifying that at least one of the two or more password response components does not match its respective expected response component; determining a percentage of the two or more password response components that match their respective expected response components; determining that the percentage exceeds a match threshold; generating one or more additional password prompt components; and sending the one or more additional password prompt components to respective selected devices. 3. The method of claim 2, further comprising: identifying that at least one of the two or more password response components does not match its respective expected response component; determining a percentage of the two or more password response components that match their respective expected response components; determining that the percentage exceeds a match threshold; generating one or more additional password prompt components; and sending the one or more additional password prompt components to respective selected devices. 4. The method of claim 1, further comprising: selecting devices to use for providing a second password prompt to a user; determining one or more output formats for each of the selected devices; generating the second password prompt having two or more second password prompt components, wherein the second password prompt has a security factor that differs from a security factor of the first password prompt; and sending the two or more second password prompt components to their respective selected devices. 4. The method of claim 1, further comprising: selecting devices to use for providing a second password prompt to the user; determining one or more output formats for each of the selected devices; generating a second password prompt having two or more second password prompt components, wherein the second password prompt has a security factor that differs from a security factor of the first password prompt; and sending the two or more second password prompt components to their respective selected devices. 5. The method of claim 1, wherein at least one of the two or more password prompt components is generated based on usage data from one or more devices. 5. The method of claim 1, wherein at least one of the two or more password prompt components is generated based on usage data from one or more devices of the set of registered devices. 6. The method of claim 1, the method further comprising: identifying that the first password prompt is being provided to a user for a heighted security transaction; and generating the first password prompt to have an increased number of password prompt components. 6. The method of claim 1, the method further comprising: identifying that the first password prompt is being provided to the user for a heighted security transaction; and generating the first password prompt to have an increased number of password prompt components. 7. The method of claim 1, wherein the first password prompt component of the two or more password prompt components has an audio output format and the second password prompt component of the two or more password prompt components has a text output format. 19. The method of claim 1, wherein the first password prompt component of the two or more password prompt components has an audio output format and the second password prompt component of the two or more password prompt components has a text output format. 8. The method of claim 1, wherein the first password prompt component of the two or more password prompt components comprises less than half of the first password prompt and the second password prompt component of the two or more password prompt components comprises more than half of the first password prompt. 20. The method of claim 1, wherein the first password prompt component of the two or more password prompt components comprises less than half of the first password prompt and the second password prompt component of the two or more password prompt components comprises more than half of the first password prompt. Regarding claims 9 – 20 of 18/778,103, they recite features similar to features within claims 7 – 18 of US 12,072,969 B2, therefore, they are rejected under non-statutory double patenting. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 10586036 B2 to Turgeman in view of US 10423775 B1 to Kane-Perry et al., (hereinafter, “Kane”) and US 20140189808 A1 to Mahaffey et al., (hereinafter, “Mahaffey”). Regarding claim 1, Turgeman teaches a computer-implemented method, the method comprising: generating, by a processor, a first password prompt having two or more password prompt components; [Turgeman, col. 10 lines 7 – 18 discloses User authentication module 150 may comprise a Task Generator 152 able to generate an on-screen task that the user is required to perform. The task may be or may comprise, for example, a request that the user will move an on-screen pointer from on-screen Point A to on-screen Point B, enabling the system to track the manner in which the user performs the on-screen dragging or moving of the on-screen pointer, and to enable the system to extract a unique user-specific feature from that manner of form such user interactions (e.g., whether the line is straight, or curved, or curved counter-clockwise, or performed using a single stroke or multiple strokes, or performed slowly or rapidly);], but Turgeman does not teach sending a first password prompt component of the two or more password prompt components to a first device and a second password prompt component of the two or more password prompt components to a second device, wherein each of the two or more password prompt components has a different output format corresponding to a respective one of the first device and the second device to which a respective one of the two or more password prompt components is sent, wherein each of the two or more password prompt components comprises a different portion of the first password prompt, and wherein a combination of the two or more password prompt components equals an entirety of the first password prompt. However, Kane does teach sending a first password prompt component of the two or more password prompt components to a first device and a second password prompt component of the two or more password prompt components to a second device, [Kane, col. 8 lines 54 – 62 discloses the list of passwords 114 may be provided to the user 102 through the client computing device 104 using a variety of techniques such as those described above, such as a webpage. The user 102 may then, using an input device connected to client computing device 104, select a password from the list of passwords 114. Selecting a password from the list of passwords 114 may cause information corresponding to the selected password to be transmitted to the password management service 110.] wherein each of the two or more password prompt components comprises a different portion of the first password prompt, [Kane, col. 2 lines 64 – 67 to col. 3 lines 1 – 11 discloses entropy of the password is increased by randomly selecting components of the password from a collection of password components of a fixed size until the desired entropy is achieved. For instance, the collection of password components could be lower case alphabetic characters. The password management service or other password generator may choose randomly one password component at a time from a set of twenty six lower case alphabetic characters until the entropy requirement is reached. The password management service may randomly choose nine lower case characters achieving roughly forty bits of entropy. Similarly, the password management service may use a collection of words, where the collection of words is large enough, and achieve similar entropy and complexity by choosing at least four words from the collection.] and wherein a combination of the two or more password prompt components equals an entirety of the first password prompt. [Kane, col. 13 lines 47 – 60 discloses the password management service may obtain a set of words associated with each category and combine the sets into a single set, select a certain number of words from each set to combine into a single set or may maintain the set of words separately. Furthermore, the password management service may select a certain number of words from each category to include in the password. In the example illustrated in FIG. 4, the password management service may generate the one or more passwords including one password component from each category, such as “chaintouchdownlocamotive” or “wheelrouterail.” As described above, additional characters, words or password components may be added to increase entropy.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kane’s system with Turgeman’s system, with a motivation for entropy of a password is improved by requiring users to select a password generated by a password management service, the password management service being responsible for introducing a certain amount of entropy into the passwords available for the users to select. [Kane, col. 2 lines 50 – 55] However, Turgeman in view of Kane does not teach wherein each of the two or more password prompt components has a different output format corresponding to a respective one of the first device and the second device to which a respective one of the two or more password prompt components is sent, but Mahaffey does teach wherein each of the two or more password prompt components has a different output format corresponding to a respective one of the first device and the second device to which a respective one of the two or more password prompt components is sent, [Mahaffey, para. 117 discloses login through the display window 904 uses a universal password and eliminates the need to login through the dedicated website process 902. The authentication system can be configured to allow login through a default or single authorizing client device. Alternatively, one of several different devices may be used as an authorizing client device. In this case, the login display area may display several different devices, of which a particular device is selected through a drop-down or similar menu selection method. Thus, as shown in FIG. 10, display area 1002 in browser window 1000 shows several different device types that can be selected. Various different display formats and selection techniques can be used to provide the user with a prompt to utilize the comprehensive login system.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mahaffey’s system with modified Turgeman’s system, with a motivation for a comprehensive login option displayed in a web browser, under an embodiment. As shown in FIG. 9, a browser display screen for a particular website (e.g., Google) includes a sign-in or login display window 902. This is the normal login area for the website. Under an embodiment, the authentication server 102 causes a separate login window 904 to be displayed. This invites the user to login to the site using credentials exchanged through an authorizing client. [Mahaffey, para. 117] As per claim 2, modified Turgeman teaches the method of claim 1, further comprising: receiving a first password response having two or more password response components; [Turgeman, col. 15 lines 4 - 14 discloses a task or challenge, that the system may generate and then monitor, may require the user to move or tilt or spin or rotate his end-user device (e.g., his smartphone, smart-watch, tablet) in the air (e.g., while holding the end-user device), at a particular angel or shape or pattern; for example, instructing the user “please life your smartphone 30 centimeters upward, then lower your smartphone 50 centimeters downward”, while the accelerometer and/or gyroscope of the smartphone monitor the particular manner in which the user performs such task] and determining whether the first password response is valid, at least in part, based on whether each of the two or more password response components matches respective expected response components. [Turgeman, col. 14 lines 52 – 59 discloses a historical or original or previously-determined task-based behavioral signature which had been extracted and stored for that original or genuine user. If the two task-based behavioral signatures are identical, or match each other, or are different from each other only by a relatively-insignificant percentage value that is smaller than a pre-defined threshold, then the user is authenticated to the end-user device or the computerized service.] As per claim 3, modified Turgeman teaches the method of claim 2, further comprising: identifying that at least one of the two or more password response components does not match its respective expected response component; [Turgeman, col. 12 lines 64 – 67 to col. 13 lines 1 – 6 discloses user Bob had used his password “swordfish” in the year 2014, across 45 log-in sessions. Then, in January 2015, user Bob changed his password to “catfish”, and entered it correctly for 15 times. Then, in April 2015, user Bob forgets his current password “catfish”, and instead he attempts (one time, or multiple times) to log-in by entering the word “starfish” as his password. The currently-entered password (“starfish”) is incorrect; its content is not identical to the user's current correct password, and its content is not identical even to a prior password of the same user.] determining a percentage of the two or more password response components that match their respective expected response components; determining that the percentage exceeds a match threshold; [Turgeman, col. 13 lines 7 – 17 discloses the Partial Prior Password Analyzer 158 may detect that the manner in which the current user types the letters “fish”, when he enters the incorrect string “starfish” as his password, is identical or is very similar (e.g., beyond a threshold value of similarity) to the manner in which the user used to type the letters “fish” in previous log-in sessions in 2015 in which he had typed “catfish”, and/or is identical or is very similar (e.g., beyond a threshold value of similarity) to the manner in which the user used to type the letters “fish” in previous log-in sessions in 2015 in which he had types “swordfish”.] generating one or more additional password prompt components; [Turgeman, col. 13 lines 31 – 45 discloses The Task Generator 152 may generate a task, which requests the user of the end-user device 101 to perform a particular task, by utilizing an input unit (e.g., mouse, touch-pad, touch-screen) of the end-user device 101; and may monitor and track the precise manner (e.g., gestures, interactions, device movements during the interaction and any other type of data that the device's sensors collect or produce during the interaction, and/or immediately prior to the interaction, and/or immediately after the interaction; including, but not limited to, data collected by or monitored by an accelerometer, a gyroscope, an orientation sensor, or the like) in which the user performs the requested task; and may analyze the monitored interactions to extract from them user-specific characteristics or user-specific features or a user-specific profile;] and sending the one or more additional password prompt components to respective selected devices. [Turgeman, col. 14 lines 13 – 23 discloses The Task Allocator 171 may take into account other information, as well as contextual analysis of words or phrases that the user types or entered in the past and/or that are part of his user profile, in order to define or select or allocate a different user-specific challenge to each different user (e.g., of the system, or of a sub-group of users of the system); or to otherwise ensure that the challenge that is allocated to each user is indeed a challenge that is unique to that user, or a challenge that has increased probability (compared to a threshold probability level) to cause that particular user to exhibit his user-specific manner of entering the data and/or performing the task.] As per claim 4, modified Turgeman teaches the method of claim 1, further comprising: selecting devices to use for providing a second password prompt to a user; [Turgeman, col. 19 lines 53 – 67 discloses a tablet or a smartphone or a dashboard or a device having a touch-screen may be placed at an entrance to an access-controlled physical area (e.g., building, room, floor in a building, organization, office); and users may be required to perform an initial advance registration process, such that each authorized user (who is allowed to enter the physical area) would be associated with a particular user-specific task that can be performed on that touch-screen. Subsequently, that touch-screen device may be used as an authentication terminal, requiring each guest or visitor to authenticate by entering his name or username, then presenting to the user his suitable pre-defined on-screen task, and then allowing (or blocking) the user's physical entry based on the behavioral traits of how the user performs that task] determining one or more output formats for each of the selected devices; [Turgeman, col. 10 lines 14 – 18 discloses to enable the system to extract a unique user-specific feature from that manner of form such user interactions (e.g., whether the line is straight, or curved, or curved counter-clockwise, or performed using a single stroke or multiple strokes, or performed slowly or rapidly); Col. 10 lines 23 – 27 discloses to extract from them a user-specific feature (e.g., the number of strokes used, the pattern performed, the speed of movement, the acceleration or tilt of the end-user device while or during or before or after the motion is performed); Col. 10 lines 29 – 36 discloses to enable the system to extract user-specific feature(s) from the typing (e.g., typing speed; whether the user capitalized or did not capitalize certain letters or words; identifying a sequence of several characters that the particular user types faster or slower, compared to his average or median typing speed, or compared to other words that he typed or types, or compared to other users, or compared to a threshold value).] generating the second password prompt having two or more second password prompt components, wherein the second password prompt has a security factor that differs from a security factor of the first password prompt; [Turgeman, col. 10 lines 10 – 14 discloses a request that the user will move an on-screen pointer from on-screen Point A to on-screen Point B, enabling the system to track the manner in which the user performs the on-screen dragging or moving of the on-screen pointer; col. 10 lines 10 – 14 discloses a request that the user will move an on-screen pointer from on-screen Point A to on-screen Point B, enabling the system to track the manner in which the user performs the on-screen dragging or moving of the on-screen pointer. Col. 10 lines 19 – 22 discloses a request that the user will draw a shape or item or letter or digit or character on the screen by dragging an on-screen pointer (e.g., to draw a circle, a square, a rectangle, a heart, a start, a flower); Col. 10 lines 27 – 29 discloses a request that the user will type a particular word or phrase or string (e.g., “Philadelphia” or “Checking Account”), ] and sending the two or more second password prompt components to their respective selected devices. [Turgeman, col. 14 lines 12 – 23 discloses The Task Allocator 171 may take into account other information, as well as contextual analysis of words or phrases that the user types or entered in the past and/or that are part of his user profile, in order to define or select or allocate a different user-specific challenge to each different user (e.g., of the system, or of a sub-group of users of the system); or to otherwise ensure that the challenge that is allocated to each user is indeed a challenge that is unique to that user, or a challenge that has increased probability (compared to a threshold probability level) to cause that particular user to exhibit his user-specific manner of entering the data and/or performing the task.] As per claim 5, modified Turgeman teaches the method of claim 1, wherein at least one of the two or more password prompt components is generated based on usage data from one or more devices. [Turgeman, col. 13 lines 31 – 39 discloses The Task Generator 152 may generate a task, which requests the user of the end-user device 101 to perform a particular task, by utilizing an input unit (e.g., mouse, touch-pad, touch-screen) of the end-user device 101; and may monitor and track the precise manner (e.g., gestures, interactions, device movements during the interaction and any other type of data that the device's sensors collect or produce during the interaction, and/or immediately prior to the interaction, and/or immediately after the interaction;] As per claim 6, modified Turgeman teaches the method of claim 1, the method further comprising: identifying that the first password prompt is being provided to a user for a heighted security transaction; [Turgeman, col. 9 lines 23 – 33 discloses the interference selection may be based on user characteristics, and/or based on attributes of the computerized service, and/or based on pseudo-random selection; or by selecting interferences of a type that was not yet used for a particular user, or conversely by selecting interferences of a type that had been already used for a particular user, or by taking into account the level of risk associated with a user-requested functionality of the computerizes service, or the like. The injection of interferences, and/or the analysis of user reactions to interference, and/or the analysis of corrective gestures, may be optional.] and generating the first password prompt to have an increased number of password prompt components. [Turgeman, col. 9 lines 4 – 14 discloses interferences may be injected or used continuously; or may be used only in particular portions or regions of the computerized service (e.g., only on certain pages of a website, or only when certain functionalities of the application are requested, such as high-risk or higher-risk functions); or may be injected pseudo-randomly, or at pre-defined time intervals; or may be injected if one or more other conditions are true (e.g., if there are other indicators of fraudulent activity or irregular activity);] Regarding claim 7, modified Turgeman teaches the method of claim 1, but Turgeman does not teach wherein the first password prompt component of the two or more password prompt components has an audio output format and the second password prompt component of the two or more password prompt components has a text output format. However, Kane does teach wherein the first password prompt component of the two or more password prompt components has an audio output format and the second password prompt component of the two or more password prompt components has a text output format. [Kane, col. 18 lines 48 – 61 discloses the account service 804 may also request information from the media service 808 for use in generating one or more passwords by the password management service 810. The media service 808 may be a collection of computing resources collectively configured to retrieve one or more media files for use with the password management service including books, audio or video. The media service 808 may also contain one or more storage systems for storing media files. The media service 808 may also provide the account service 804 or the password management service 810 with information corresponding to the electronic book, audio or video file such as director, composer, genre, duration, performance, performer or any other information corresponding to the audio or video clip.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kane’s system with Turgeman’s system, with a motivation for entropy of a password is improved by requiring users to select a password generated by a password management service, the password management service being responsible for introducing a certain amount of entropy into the passwords available for the users to select. [Kane, col. 2 lines 50 – 55] Regarding claim 8, modified Turgeman teaches the method of claim 1, but Turgeman does not teach wherein the first password prompt component of the two or more password prompt components comprises less than half of the first password prompt and the second password prompt component of the two or more password prompt components comprises more than half of the first password prompt. However, Kane does teach wherein the first password prompt component of the two or more password prompt components comprises less than half of the first password prompt and the second password prompt component of the two or more password prompt components comprises more than half of the first password prompt. [Kane, col. 2 lines 64 – 67 to col. 3 lines 1 – 11 discloses entropy of the password is increased by randomly selecting components of the password from a collection of password components of a fixed size until the desired entropy is achieved. For instance, the collection of password components could be lower case alphabetic characters. The password management service or other password generator may choose randomly one password component at a time from a set of twenty six lower case alphabetic characters until the entropy requirement is reached. The password management service may randomly choose nine lower case characters achieving roughly forty bits of entropy. Similarly, the password management service may use a collection of words, where the collection of words is large enough, and achieve similar entropy and complexity by choosing at least four words from the collection.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kane’s system with Turgeman’s system, with a motivation for entropy of a password is improved by requiring users to select a password generated by a password management service, the password management service being responsible for introducing a certain amount of entropy into the passwords available for the users to select. [Kane, col. 2 lines 50 – 55] Regarding claims 9 – 14, they recite features similar to features within claims 1 – 6, therefore, they are rejected in a similar manner. Regarding claim 15 – 20, they recite features similar to features within claims 1 – 6, therefore, they are rejected in a similar manner. Conclusion Pertinent prior art made of record however not relied upon: US 20180189470 A1 to Kim et al. “Provided is an authentication method including receiving an authentication request; obtaining authentication data for authenticating a user from at least one of a plurality of external devices as when the authentication request is received; obtaining an authentication score based on the obtained authentication data and reliability information assigned to a type of the authentication data in advance; and determining whether additional authentication is necessary based on the obtained authentication score.” Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /P.P./Patent Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Jul 19, 2024
Application Filed
Dec 29, 2025
Non-Final Rejection mailed — §103
Mar 10, 2026
Examiner Interview Summary
Mar 10, 2026
Applicant Interview (Telephonic)
Mar 30, 2026
Response Filed
Jun 02, 2026
Final Rejection mailed — §103
Jul 15, 2026
Applicant Interview (Telephonic)
Jul 15, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683760
TERMINAL DEVICE, COMPUTER PROGRAM, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD
3y 7m to grant Granted Jul 14, 2026
Patent 12683770
SYSTEMS AND METHODS FOR SECURE MODULAR HARDWARE BINDING
2y 11m to grant Granted Jul 14, 2026
Patent 12676746
RECOVERY USING AN ENCRYPTED FALLBACK KEY IN METADATA
2y 2m to grant Granted Jul 07, 2026
Patent 12652160
ANONYMOUS, AUTHENTICATED AND PRIVATE SATELLITE TASKING SYSTEM
3y 5m to grant Granted Jun 09, 2026
Patent 12645825
CLIENT-SIDE ENCRYPTION WITH LOW-COST INTEGRITY CHECK
3y 5m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
89%
Grant Probability
99%
With Interview (+18.8%)
2y 7m (~7m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 177 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month