DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Todd Noah on 07/27/2021 & 07/30/2021.
The application has been amended as follows: 

15. (Currently Amended) A computer program product comprising a non-transitory computer-readable medium having computer-readable program code embodied therein to be executed by one or more processors w, the program code including instructions to: 
encrypt, after successful verification of a user's identification and a question based on a first password associated with the user question previously answered by the user during registration;
 transmit the encrypted question to a user computing system; 

decrypt the encrypted response based on the first password to generate a response; and 
establish a login session with the user computing system based on successful verification of the response.
17. (Currently Amended) The computer program product of claim 16, wherein said encrypting and decrypting  are based on a hashed password generated from the first password, the hashed password stored in a database .
20. (Currently Amended) The computer program product of claim 19, wherein the encrypted question transmitted  is decrypted by the user computing system based on the hashed password generated from the second password, and wherein a hashing function used  is the same as a hashing function used by the user computing system.

Response to Amendment
Claims 1-20 are pending. Claims 1, 4, 7-8, 11, 14-15, 17-18 and 20 are currently amended. 
Applicant’s amendments to the claims will overcome each and every 112(b) rejection previously set forth in the Non-Final Office Action mailed 01/25/2021. 
Response to Arguments
Applicant’s arguments, see pages 6-8, filed 04/23/2021, with respect to the 103 rejections have been fully considered and are persuasive.  The 103 rejections of claims 1-5, 8-12 and 15-19 has been withdrawn. 

Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: After further search and consideration and applicant remarks put forth in the Remarks of 04/23/2021 on pages 6-8, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art Sama (US Pub No. 2014/0101738) discloses transmitting a User ID and a full Password of a user of a client device to a server via the client device, and then establishing a network connection between the client device and the server after the User ID and the full Password.  The method also includes receiving, from the server via the client device, an encrypted secret PIN (ESPIN) and a challenge for corresponding positions of a Partial Password, entering the Partial Password via the client device, and computing a secret PIN (SPIN) from the ESPIN via the client device in response to a correct entry of the Partial Password.  The Additional Factor is unlocked using the SPIN, and the unlocked Additional Factor is transmitted to the server to request authentication of the user of the client device (Sama, Abstract), Brown et al. (US Pub No. 2005/0250473) discloses a challenge response scheme includes the authentication of a requesting device by an Brown, Abstract), Griffin (US Patent No. 10,855,473) discloses a challenge question may require a response answer from the relying party.  The computing system (e.g., the signing party computing system 102) may receive a challenge response, including a response answer from the relying party to the challenge question, which may be encrypted using a response key generated using the stored secret knowledge factor as an input to the password authenticated key exchange protocol.  If the relying party responds appropriately, then the signing party may mutually authenticate the relying party.  For example, the computing system (e.g., the signing party computing system 102) may mutually authenticate the relying party and the signing party by decrypting the challenge response using a response decryption key generated using the secret knowledge factor as an input to the password authenticated key exchange protocol to retrieve the response answer.  The Griffin, column 16, lines 40-64), Chow et al. (US Pub No. 2010/0122340) discloses a system for automatically authenticating a user.  During operation, the system receives a user's request for authentication.  The system then extracts information associated with the user from user-specific information stored in an enterprise computer.  The extracted user information does not explicitly relate to a password.  The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges.  Subsequently, the system compares the user's response to the extracted user information, and authenticates the user. Note that password related information, such as a backup password or answers to security questions, are often encrypted and in general not extractable.  The question can be formulated in a way that little information is revealed by the question itself. (Chow, Abstract and page 2, paragraph 0023) and Chan et al. (US Pub No. 2014/0101451) discloses  a computing device encrypts at least one data set into an encrypted data set using a private encryption key.  The computing device encrypts the private encryption key using a password provided by a user of the device.  The password is also encrypted using the user's answers to password recovery questions.  The encrypted data set, the encrypted key and the encrypted password are transmitted to and stored by a server.  The computing device can retrieve and decrypt the encrypted data set form the server.  The encryption key can be recovered by decrypting the encrypted key using the password.  The password can be recovered by decrypting the encrypted password using answers to the password recovery Chan, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “encrypting, by a server computing system, after successful verification of a user's identification and a question based on a first password associated with  the user a question previously answered by the user during registration; transmitting, by the server computing system, the encrypted question to a user computing system; receiving, by the server computing system, an encrypted response from the user computing system, the encrypted response associated with the encrypted question; decrypting, by the server computing system, the encrypted response based on the first password to generate a response; and establishing, by the server computing system, a login session with the user computing system based on successful verification of the response” (as recited in claims 1, 8 and 15). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SHAQUEAL D WADE/Examiner, Art Unit 2437    

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437  /