Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 17-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Specifically, Claim 17 recite the limitation “receiving, by a computing device, an entered password, wherein the entered password includes a special character indicating a version of a password to be entered”, which seems to be contradictory in terms and applicants do not point out that if the computing device has already received the entered password how could the entered password includes a special character indicating a version of a password to be entered.  Therefore, this limitation with these ambiguous terms is indefinite with the present application. The examiner will interpret this limitation with the regarding claims as best understood for applying appropriate art for rejection purposes. Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 10-13, 16-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 9590808), hereinafter Jiang in view of Dayan et al. (US 20050273625), hereinafter Dayan.
	Regarding Claim 1, Jiang teaches
	A computing device, comprising: a processing resource; and a memory resource storing non-transitory machine-readable instructions to cause the processing resource to: receive an entered password (Col. 1, lines 29-38, According to embodiments of the present disclosure, a method for obfuscating an electronic password can include receiving at least a first symbol of a first password, wherein the first password has a plurality of symbols. Next, a second password (the obfuscated password) can be generated, the second password being derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule. Col. 7, lines 5-9, The components of computer system/server 12 may include, but are not limited to, one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including system memory 28 to processor 16. Col. 4, lines 45-46, visual feedback such as displaying an image or a symbol on a display device);
	generate, based on the entered password, a transposed version of the entered password (Col. 1, lines 47-56, According to various embodiments, a system is provided for obfuscating an electronic password. The system can include a password obfuscating module configured to: receive at least a first symbol of a first password, wherein the first password has a plurality of symbols; generate a second password derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule);
Col. 5, lines 29-40, lines If the input is complete, the system may proceed to the method step shown in block 130 where the received sequence of password symbols can be compared against an obfuscated password derived from the user's stored password and obfuscation rule. In the next method step, the system may then determine whether the two passwords match, consistent with block 135. The system may then proceed to the method step shown in block 140 where it grants access to the session if the passwords match. If the passwords do not match, the system may deny access to the session, consistent with the method step illustrated in block 145. The method ends at block 150).
	Jiang does not explicitly teach a device that compare the transposed version of the password to a stored password.
	In the same field of endeavor, Dayan teaches
	compare the transposed version of the password to a stored password (Para [0013] According to the preferred embodiment of the present invention, the system 100 includes a password validation engine 110 and a random pattern generator 140. The password validation engine 110 analyzes a password entered by the user 101 and compares it to the password information 132 stored in the storage device 130).
	Although Jiang teaches a device that generate, based on the entered password, a transposed version of the entered password,
	Dayan also teaches
	generate, based on the entered password, a transposed version of the entered password (Para [0009] FIG. 3 is a flowchart illustrating a method for utilizing the random pattern generator to protect a user's password from a monitoring intruder according to a preferred embodiment of the present invention. Para [0011] … In a second aspect of the present invention, the password obfuscation method includes generating a random pattern for each request to access a protected system or data and appending the random pattern to the apparent password to form a modified apparent password. The modified apparent password is validated only if the password and the random pattern for the request are among the characters entered).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by Jiang to incorporate the teachings of Dayan such that the device of Jiang generate, based on the entered password, a transposed version of the entered password; and compare the transposed version of the password to a stored password. One would have been motivated to make such combination in order to provide analyzing the string of characters and keystrokes by the computing system to find the password, and validating the apparent password if the password is found in any position in the string of characters and keystrokes. (Dayan, para [0004]).
	Regarding Claim 2, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
	The computing device of claim 1, including instructions to cause the processing resource to display a character to indicate a version of a password to be entered (Jiang, Col. 4, lines 39-47, The feedback indicator may include an output from the system generated in response to receiving a symbol of the user's password sequence, where the received symbol is also a member of the set of generating symbols determined for the session. The feedback indicator may include tactile or haptic feedback such as vibrating or shaking an input device, visual feedback such as displaying an image or a symbol on a display device, and auditory feedback such as a tone or audio recording).
	Regarding Claim 3, the combination of Jiang and Dayan teaches all the limitations of claim 1 and claim 2 above,
	The computing device of claim 2, including instructions to cause the processing resource to: receive the entered password, wherein the entered password is based on the character to indicate the Jiang, Col. 4, lines 47- 53, In particular embodiments, the feedback indicator may only be perceivable by the user. The feedback indicator may prompt the user to apply an encryption rule to the last character entered, and input the resulting obfuscating character. A feedback indicator may be provided for each symbol in the set of generating symbols); and
	generate the transposed version of the entered password based on the displayed character (Dayan, Para [0011] … In a second aspect of the present invention, the password obfuscation method includes generating a random pattern for each request to access a protected system or data and appending the random pattern to the apparent password to form a modified apparent password. The modified apparent password is validated only if the password and the random pattern for the request are among the characters entered).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 4, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
	wherein the entered password includes a special character indicating a version of a password to be entered (Jiang, Col. 6, lines 8-17, The third session access 245 illustrates a scenario where symbols from the sequence of obfuscating symbols are included in the set of generating symbols. Received symbol and feedback table 255 shows that the obfuscating symbols `G` and `H` are used to generate the encrypting symbols `L` and `M`, respectively. This scenario serves to illustrate the idea that the authenticating system can produce an obfuscated password 260 of arbitrary length by including symbols from the sequence of obfuscating symbols in the set of generating symbols).
	Regarding Claim 5, the combination of Jiang and Dayan teaches all the limitations of claim 1 and claim 4 above,
	The computing device of claim 4, including instructions to cause the processing resource to:    receive the entered password, wherein the entered password is based on the special character to Jiang, Col. 4, lines 47- 53, In particular embodiments, the feedback indicator may only be perceivable by the user. The feedback indicator may prompt the user to apply an encryption rule to the last character entered, and input the resulting obfuscating character. A feedback indicator may be provided for each symbol in the set of generating symbols); and
	generate the transposed version of the entered password based on the special character included in the entered password (Dayan, Para [0011] … In a second aspect of the present invention, the password obfuscation method includes generating a random pattern for each request to access a protected system or data and appending the random pattern to the apparent password to form a modified apparent password. The modified apparent password is validated only if the password and the random pattern for the request are among the characters entered).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 6, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
	The computing device of claim 1, including instructions to cause the processing resource to generate the transposed version of the entered password by performing a transpose operation on the entered password (Jiang, Col. 1, lines 47-56, According to various embodiments, a system is provided for obfuscating an electronic password. The system can include a password obfuscating module configured to: receive at least a first symbol of a first password, wherein the first password has a plurality of symbols; generate a second password derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule).
	Regarding Claim 7, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
Dayan, Para [0011] … In a second aspect of the present invention, the password obfuscation method includes generating a random pattern for each request to access a protected system or data and appending the random pattern to the apparent password to form a modified apparent password. The modified apparent password is validated only if the password and the random pattern for the request are among the characters entered. Para [0013] According to the preferred embodiment of the present invention, the system 100 includes a password validation engine 110 and a random pattern generator 140. The password validation engine 110 analyzes a password entered by the user 101 and compares it to the password information 132 stored in the storage device 130).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 10, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
	The computing device of claim 1, wherein the instructions to grant access based on the comparison include instructions to grant access in response to the transposed version of the password matching the stored password (Jiang, Col. 5, lines 29-38, If the input is complete, the system may proceed to the method step shown in block 130 where the received sequence of password symbols can be compared against an obfuscated password derived from the user's stored password and obfuscation rule. In the next method step, the system may then determine whether the two passwords match, consistent with block 135. The system may then proceed to the method step shown in block 140 where it grants access to the session if the passwords match).
	Regarding Claim 11, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
Jiang, Col. 5, lines 38-40, If the passwords do not match, the system may deny access to the session, consistent with the method step illustrated in block 145. The method ends at block 150).
Regarding Claim 12,
Claim 12 is rejected for similar reasons as in claim 2 and parent claim 1.
 Regarding Claim 13,
Claims 13 is rejected for similar reasons as in claim 6.
	Regarding Claim 16, the combination of Jiang and Dayan teaches all the limitations of claim 12 above,
	The medium of claim 12, including instructions to modify the character such that the character dictates a different version of the password to be entered (Jiang, Col. 4, lines 6-19,  In particular embodiments, multiple obfuscation rules may be used to generate obfuscating symbols for a given user's passwords. For example, a first obfuscation rule may dictate that a first obfuscating symbol may be derived from a first symbol of a user's password by "adding 2" to the first symbol of the user's password, while a second obfuscation rule may dictate that a second obfuscating symbol may be derived from a second symbol of a user's password by "subtracting 4". According to other embodiments, a different obfuscation rule may be employed to obfuscate a user's password for each session access. For example, the rule for a first session access may be "subtract 2", while the rule for a second session may be "subtract 4”).
Regarding Claim 17, Jiang teaches
	A method, comprising: receiving, by a computing device, an entered password, wherein the entered password includes a special character indicating a version of a password to be entered (Col. 1, lines 29-38, According to embodiments of the present disclosure, a method for obfuscating an electronic password can include receiving at least a first symbol of a first password, wherein the first password has a plurality of symbols. Next, a second password (the obfuscated password) can be generated, the second password being derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule. Col. 7, lines 5-9, The components of computer system/server 12 may include, but are not limited to, one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including system memory 28 to processor 16. Col. 4, lines 45-46, visual feedback such as displaying an image or a symbol on a display device);
	generating, by the computing device based on the special character included in the entered password, a transposed version of the entered password (Col. 1, lines 47-56, According to various embodiments, a system is provided for obfuscating an electronic password. The system can include a password obfuscating module configured to: receive at least a first symbol of a first password, wherein the first password has a plurality of symbols; generate a second password derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule);
	granting, by the computing device, access based on the comparison in response to the transposed version of the password matching the stored password (Col. 5, lines 29-40, lines If the input is complete, the system may proceed to the method step shown in block 130 where the received sequence of password symbols can be compared against an obfuscated password derived from the user's stored password and obfuscation rule. In the next method step, the system may then determine whether the two passwords match, consistent with block 135. The system may then proceed to the method step shown in block 140 where it grants access to the session if the passwords match. If the passwords do not match, the system may deny access to the session, consistent with the method step illustrated in block 145. The method ends at block 150).
	Jiang does not explicitly teach a device that comparing, by the computing device, the transposed version of the password to a stored password.
	In the same field of endeavor, Dayan teaches
	comparing, by the computing device, the transposed version of the password to a stored password (Para [0013] According to the preferred embodiment of the present invention, the system 100 includes a password validation engine 110 and a random pattern generator 140. The password validation engine 110 analyzes a password entered by the user 101 and compares it to the password information 132 stored in the storage device 130).
	Although Jiang teaches a device that generating, by the computing device based on the special character included in the entered password, a transposed version of the entered password,
	Dayan also teaches
	generating, by the computing device based on the special character included in the entered password, a transposed version of the entered password (Para [0009] FIG. 3 is a flowchart illustrating a method for utilizing the random pattern generator to protect a user's password from a monitoring intruder according to a preferred embodiment of the present invention. Para [0011] … In a second aspect of the present invention, the password obfuscation method includes generating a random pattern for each request to access a protected system or data and appending the random pattern to the apparent password to form a modified apparent password. The modified apparent password is validated only if the password and the random pattern for the request are among the characters entered).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by Jiang to incorporate the teachings of Dayan such that the device of Jiang generate, based on the entered password, a transposed 
Regarding Claim 18,
Claim 18 is rejected for similar reasons as in claim 16.
	Regarding Claim 20, the combination of Jiang and Dayan teaches all the limitations of claim 17 above,
	wherein the method includes receiving the entered password via a user input (Jiang, Col. 4, lines 57-65, Turning now to the figures, FIG. 1 depicts a flowchart of a method 100 for obfuscating an electronic password, according to various embodiments. In some embodiments, the method 100 may be performed by a computing system, such as the computer described herein in reference to FIG. 4. The method may begin at block 105 with a session access request. The request may include activating an input device, or receiving user credentials, such as an identifier or account number, input by a user).	
Claims 8, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 9590808), hereinafter Jiang in view of Dayan et al. (US 20050273625), hereinafter Dayan in view of Gupta (US 10262129), hereinafter Gupta.
	Regarding Claim 8, the combination of Jiang and Dayan teaches all the limitations of claim 1 above,
	The combination of Jiang and Dayan does not explicitly teach a device including instructions to cause the processing resource to hash the transposed version of the entered password.
	In the same field of endeavor, Gupta teaches

	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by the combination of Jiang and Dayan to incorporate the teachings of Gupta such that the device of the combination of Jiang and Dayan includes instructions to cause the processing resource to hash the transposed version of the entered password. One would have been motivated to make such combination in order to provide transformed passwords  that may be appended or prepended with a salt (e.g. a random piece of data), yielding a salted transform, and then subsequently hashed (for example using SHA256, MD5, or any other hashing technique) creating a salted and hashed phrase (Gupta, Col. 9, lines 1-5).
	Regarding Claim 9, the combination of Jiang, Dayan and Gupta teaches all the limitations of claim 1 and claim 8 above,
	wherein the instructions to compare the transposed version of the password to the stored password include instructions to compare the hashed transposed version of the password to the stored password, wherein the stored password is a hashed stored password (Gupta, Col. 7, lines 61-67, Each salted and hashed phrase may be compared to stored login credentials in the database 420. The database 420 may be stored locally with the password generator 410. If any one of the salted and hashed passwords, combined with any other login credential information required, matches that of login passwords in the database 420 of the password generator 410, a success message may be returned).
	The motivation/rationale to combine the references is similar to claim 8 above.
Claims 14, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 9590808), hereinafter Jiang in view of Dayan et al. (US 20050273625), hereinafter Dayan in view of Lindsay (US 20070250920), hereinafter Lindsay, in view of LOGAN et al. (US 10262129), hereinafter LOGAN.
	Regarding Claim 14, the combination of Jiang, Dayan and Lindsay teaches all the limitations of claim 12 and claim 13 above,
	The combination of Jiang, Dayan and Lindsay does not explicitly teach a medium wherein the transpose operation includes reversing a k and n-k character swap.
	In the same field of endeavor, LOGAN teaches
	wherein the transpose operation includes reversing a k and n-k character swap (Para [0029] … Thus, any user of the password builder program is able to build, design, and encrypt a unique ID and/or password and, as part of that password, add a layer of appearance alterations, including one or more of character reversal, shadowing, tilting, mirroring, and shattering the characters for a fragmented appearance. …).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by the combination of Jiang, Dayan and Lindsay to incorporate the teachings of LOGAN such that the device of the combination of Jiang, Dayan and Lindsay includes wherein the transpose operation includes reversing a k and n-k character swap. One would have been motivated to make such combination in order to allow users to create complex, highly secure passwords using memorable text in a rich format, thereby increasing password security (LOGAN, Para [0005]).
	Regarding Claim 15, the combination of Jiang, Dayan and Lindsay teaches all the limitations of claim 12 and claim 13 above,
LOGAN, Para [0029] … Thus, any user of the password builder program is able to build, design, and encrypt a unique ID and/or password and, as part of that password, add a layer of appearance alterations, including one or more of character reversal, shadowing, tilting, mirroring, and shattering the characters for a fragmented appearance. …).
	The motivation/rationale to combine the references is similar to claim 14 above.
Claims 19 is rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 9590808), hereinafter Jiang in view of Dayan et al. (US 20090249447), hereinafter Dayan in view of Ogawa (US 10262129), hereinafter Ogawa.
	Regarding Claim 19, the combination of Jiang and Dayan teaches all the limitations of claims 12, 16 and 18 above,
	The combination of Jiang and Dayan does not explicitly teach a method wherein the method includes modifying the special character at least one of: after a predetermined amount of time; or in response to a user input to modify the special character.
	In the same field of endeavor, Ogawa teaches
	wherein the method includes modifying the special character at least one of: after a predetermined amount of time; or in response to a user input to modify the special character (Para [0024] In the password managing apparatus: the symbol sequence request receiving unit receives the authentication purpose symbol sequence request sent by the display apparatus; the symbol sequence generating unit generates an authentication purpose symbol sequence in response to the received authentication purpose symbol sequence request; the symbol sequence retaining unit retains the generated authentication purpose symbol sequence until a predetermined elapse time passes; and the symbol sequence response sending unit sends an authentication purpose symbol sequence response in which the generated authentication purpose symbol sequence is specified to the display apparatus).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491