DETAILED ACTION
This Notice of Allowance is in response to applicants’ amendment and remarks filed 03/09/2021.  Claims 2, 11, and 20 have been canceled, and Claims 1, 3, 10, 12, and 19 have been amended.  Claims 1, 3-10, and 12-19 are currently pending and have been considered as follows.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1, 3-10, and 12-19 are allowed.
Examiner’s Statement for Reasons of Allowance
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
Independent Claims 1, 10, and 19 are allowed for the reasons argued by applicants in the remarks filed on 03/09/2021. Claims 3-9 and 12-18 depend upon respective independent claims above and are allowed by virtue of their dependencies.
Although the prior art Stieglitz et al. (US 20050235341 A1) teaches “one or more quality scores are generated for the password. In a related embodiment, the one or more quality scores are generated after the password is obtained… When the access service 150 sends the particular password to the authentication and authorization service 110, the authentication and authorization service 110 performs a check of the quality of the password by retrieving from a machine-readable medium the latest quality score determined for the particular password” [0044],
None of the prior art of record teaches individually or in combination the limitations listed below as recited in the amended independent claims [emphasis added]:
[Claim 1] “wherein the user password has been authenticated at least one additional time in the past… receiving a second request from the user to access a second resource; receiving the user password from the user as a condition of determining whether access to the second resource should be granted; successfully authenticating the user password in connection with the second request; determining a second password score for the user password after successfully authenticating the user password, wherein the second password score indicates quality of the user password; based on the second password score, evaluating strength of the user password; and granting access to the second resource because the second password score exceeds a second threshold score
[Claim 10] “wherein the user password has been authenticated at least one additional time in the past… receive a second request from the user to access a second resource; receive the user password from the user as a condition of determining whether access to the second resource should be granted; successfully authenticate the user password in connection with the second request; determine a second password score for the user password after successfully authenticating the user password, wherein the second password score indicates quality of the user password; based on the second password score, evaluate strength of the user password; and grant access to the second resource because the second password score exceeds a second threshold score”;
[Claim 19] “wherein the user password has been authenticated at least one additional time in the past… receive a second request from the user to access a second resource; receive the user password from the user as a condition of determining whether access to the second resource should be granted; successfully authenticate the user password in connection with the second request; determine a second password score for the user password after successfully authenticating the user password, wherein the second password score indicates quality of the user password; based on the second password score, evaluate strength of the user password; and grant access to the second resource because the second password score exceeds a second threshold score”.


Sanai et al. (US 20040073815 A1) disclosed a password strength checking method that has the steps of inputting a password to be checked, generating a plaintext password candidate according to the same generation procedure as that used by a password guessing tool, determining whether or not the inputted password and the generated password candidate match each other, directing generation of the next password candidate when the match is not determined, determining strength of the inputted password based on the number of the generated password candidates when the match is determined, and outputting information of the determined password strength.
Isaacson et al. (US 20050108579 A1) disclosed a computer that receives a user authentication request from a client. The computer accesses a password associated with the user name, stored locally on the computer, and attempts to authenticate the password using an authentication server. If the password authentication succeeds, the computer hashes the password and compares the hashes. If the hashes match, the user authentication succeeds.
Vedula et al. (US 20090150677 A1) disclosed patterns for passwords that are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.
Troyansky (US 20090241173 A1) disclosed a system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.
HIMBERGER et al. (US 20090313696 A1) disclosed a solution for computing password strength based upon layout positions of input mechanisms of an input device that entered a password. A password including an ordered sequence of at least two characters can be identified. A position of each of the characters of the sequence can be determined relative to a layout of an input device used for password entry. Each position can correspond to an input region (key) of the input device (keyboard). A proximity algorithm can generate a proximately score for the determined positions based upon a pattern produced by the positions given the layout of the input device. A password strength score can be computed based at least in part upon the proximity score.
Hutchison et al. (US 20090328169 A1) disclosed a website access application that accesses an encrypted central repository on a user's computer to store and access a variety of user-based website login and authentication information in the repository. The central repository provides a single point of access for the authentication information and, by accessing the repository; the process of user identification and authentication for multiple websites can be automated. A single user-selected keystroke combination can be utilized to initiate user sessions with multiple disparate secure websites by accessing the user website login information contained in the central repository and extracting the user login and authentication information contained therein. Additionally, the website access application will track and report on the times savings associated with the streamlined login process for accessing secure websites. In yet another preferred embodiment of the present invention, the website access application will analyze the user authentication information for various websites and provide suggestions to enhance the relative strength of the authentication information. Finally, the website access application supports a wide variety of user authentication protocols, thereby ensuring secure access to the repository.
Jakobsson (US 20120284783 A1) disclosed a system, comprising: a non-transitory memory storing user account information, wherein the information comprises a password for a user account; and one or more processors for receiving, by a service provider, a password from a user; decomposing the password into words contained in the password; applying one or more rules to the password; determining a score for the password based on the one or more rules; and comparing the score to a threshold score.
Wheeler (US 20130269010 A1) disclosed a password evaluation system that is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password.
Schechter et al. (US 20130283337 A1) disclosed a current prefix character string representing a prefix of a proposed password that may be obtained from a user input device. A prediction of a most likely next character of the proposed password may be determined, based on applying a set of heuristics to the current prefix character string. A response indicating an impact on a security strength of the proposed password may be determined, based on a selection of the predicted most likely next character.
Belisario et al. (US 20140068731 A1) disclosed managing password strength including receiving a password on a data processing system for a user, filtering for personal information about the user from multiple independent data sources accessible across a computer network, computing the password strength by the data processing system using an algorithm which compares the password to the filtered personal 
Jerdonek et al. (US 8769607 B1) disclosed a password evaluation system that receives password policy data regarding a password policy, including a password constraint. The system analyzes the password policy data to determine a usability index and a password strength index for the password policy, and also determines a usability index and password strength index for a plurality of modified password policies having password constraints different from the password policy. The system then provides a graphical representation of the usability index and the password strength for the password policy and the modified password policies, thereby allowing a password designer to optimize the tradeoffs between usability and security of a password policy.
Waltermann et al. (US 20150067760 A1) disclosed receiving a password entered by a user, the password not conforming to one or more requirements of a password policy, manipulating the password to create one or more compliant passwords conforming to the one or more requirements of the password policy, and presenting a list of the one or more compliant passwords to the user wherein a compliant password is selectable by the user.
Kim et al. (US 20150220715 A1) disclosed a method for evaluating strength of an audio password by an electronic device. The method includes obtaining an audio signal captured by one or more microphones. The audio signal includes an audio password. The method also includes evaluating the strength of the audio password based on measuring one or more unique characteristics of the audio signal. The method 
Zhang (US 20150304302 A1) disclosed a method comprising: receiving a password to be detected; acquiring an identity information set of a user of the password to be detected, the identity information set including a plurality of pieces of identity information of the user and associated users thereof; detecting whether identity information associated with the password to be detected exists in the identity information set; and determining that the password to be detected is a weak password if the identity information associated with the password to be detected exists in the identity information set. The technical solution of the present disclosure can detect whether a password to be detected is set up by a user using identity information thereof or identity information of a user who be closely associated therewith, thus determining whether the password to be detected is prone to cracking, and thereby further improving the security of the password of the user.
Johansson et al. (US 9178876 B1) disclosed determining an expiration of a password or other security data based on a measured complexity of the password or the security data. A user may enter a password to be associated with an account or a resource (e.g., a login for a user account, etc.). The password may be analyzed to determine an entropy value of the password, which is a measure of complexity of the password. A password manager may then determine an expiration of the password based on the entropy value of the password. Thus, a more complex password may be assigned an expiration date that is longer than an expiration date assigned to a less 
However, the prior art of record, taken by itself or in any combination, do not anticipate or make obvious the invention of the present application and in particular the claim features listed above.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Taha et al. (“On Password Strength Measurements: Password Entropy and Password Quality”, August 2013, INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING, pp. 497-501)
Durinovic-Johri et al. (US 5699514 A)
Aggarwal et al. (US 20140373088 A1)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530.  The examiner can normally be reached on Monday - Friday 9-5pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

03.12.2021