Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the application filed on 06/05/2019, in which, claim(s) 1-20 are pending.

When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d). Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/05/2019, 04/15/2020, 02/19/2021, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Drawings
The drawings filed on 06/05/2019 is/are accepted by The Examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 8-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claims 8-14 are directed to an apparatus or device comprising units being configured to perform some functions. To one of ordinary skill in the art all the functions cited in these claims may be reasonably implemented as software routines. When interpreted broadly as software routines, these claims do not cite any claim elements for performing the functions wherein the claimed elements of the apparatus or device are limited to a machine or a physical part of a device within the meaning of 35 U.S.C. 101. Therefore the claims are directed to non-statutory subject matter.
Although claim 8 reciting a processor; however, a processor can be software.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 6-11, 13-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki et al. (Pat. No.: US 9,781,159 B1 – IDS; hereinafter Hernacki) in view of Leckey et al. (Pub. No.: US 2013/0263250 A1; hereinafter Leckey).
Regarding claims 1, 8 and 15, Hernacki discloses a method for changing a password of an account record under a threat of unlawful access to user data, the method comprising:
generating, by an account records generator, a set of known user account records and sending the generated set of known user account records to a determination module (monitoring 
identifying, by the determination module, a use of at least one user account record from the generated set of known user account records, and sending, to a verification module, data about the at least one user account record the use of which has been identified (identify an account that is potentially or actually comprised [Hernacki; ¶4:44-67; fig. 2 and associated text]);
performing, by the verification module, a verification of a presence of a threat of unlawful access to user data, the unlawful access being performed using the at least one user account record, the verification being based on data about the at least one user account record (verify that the account is compromised and determine other accounts with similar login information [Hernacki; ¶4:44-67, 5:1-10; fig. 2 and associated text]). Hernacki discloses a manager application coupled to the accounts through a network.  The manager application is configured to access the login information and determine at least one potentially or actually compromised account, determine login information related to the at least one potentially or actually compromised account, determine at least one other account having similar login information and notify a user regarding a potential threat to the at least one other account. Hernacki does not explicilty discloses performing, by a change module, the changing of a password of the at least one user account record the use of which has been identified, wherein the change is performed using password change rules; however, in a related and analogous art Leckey teaches this feature.
In particular, Leckey teaches an automated password management system that based on set policy, can identify the account with issue and auto generate new password for the related accounts [Leckey; ¶11, Fig. 3 – elements 310-340 and associated text]. It would have been 

Regarding claims 2, 9 and 16, Hernacki-Leckey combination discloses further comprising:
storing the password change rules in a rules database (the password changing policies is stored at the management system [Leckey; ¶10-11]). The motivation to protect the user and data.

Regarding claims 3, 10 and 17, Hernacki-Leckey combination discloses wherein the account records generator generates the set of known user account records by at least one of:
adding user account records which the user has indicated when working with an application having a function of a password manager; analyzing data being entered in real time, the data being entered in fields designed for entry of a login and password; and analyzing a history of visited web sites, emails that contain a reference to registration on at least one web site, and user text files containing data similar to a login and password (tracking of the various account and the log-in information on various websites, particularly those with breach/compromise [Hernacki; Column 3-4]).

Regarding claims 4, 11 and 18, Hernacki-Leckey combination discloses wherein the determination module identifies the use of the at least one user account record from the generated set of known user account records by at least one of:


Regarding claims 6, 13 and 20, Hernacki-Leckey combination discloses wherein the verification of the presence of a threat of unlawful access to the user data comprises at least one of:
verifying a match between a combination of login and password used when the use of the at least one user account record is identified and the combination of login and password of the information system for which the at least one user account record was created;
analyzing a period of time of a web session and data of a device from which an entry was made using the combination of login and password; and
identifying an unsuccessful entry on a web site using a combination of the login and password of an account record from the generated set of known account records (tracking of the various account and the log-in information on various websites, particularly those with breach/compromise [Hernacki; Column 3-4], including matches of the entry combination [Hernacki; Fig. 2 and associated text]).

Regarding claims 7 and 14, Hernacki-Leckey combination discloses wherein the password change rules are based on at least one of: a period of time the user remains online, a frequency of the user remaining online, a level of importance of the account record, and a list of computer systems known to the user (determine password rules changes based on policy, that .

Claims 5, 12 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki-Leckey combination further in view of Alexander (Pat. No.: US 9,825,934 B1).
Regarding claims 5, 12 and 19, Hernacki-Leckey combination does not explicilty discloses wherein the identification of the actual use of the combination of the login and password comprises at least one of:
ascertaining an entry of characters making up the combination of the login and password of the at least one account record from the generated set of known account records;
intercepting the actions of the user when entering data containing the combination of the login and password from a clipboard; and
intercepting the actions of an application with a password manager function regarding a use of the clipboard; however, in a related and analogous art, Alexander teaches this feature.
In particular, Alexander teaches credential management application helping to input login and password from credential bank, which are input from clipboard that are easily lift by another application [Alexander; 1:10-49], to similar aspect but with extra validation that makes it harder for other application to access system memory such as clipboard [Alexander; columns 5-6]. It would have been obvious before the effective filing date of the claimed invention to modify Hernacki-Leckey combination in view of Alexander with the motivation to prevent leaking credentials from clipboard or other add applications.

Internet Communications
only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/DAO Q HO/Primary Examiner, Art Unit 2432