Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 17 is objected to because of the following informalities:  The claim recites ‘password 6’. The claims are objected to because they include reference characters which are not enclosed within parentheses.  
Reference characters corresponding to elements recited in the detailed description of the drawings and used in conjunction with the recitation of the same element or group of elements in the claims should be enclosed within parentheses so as to avoid confusion with other numbers or characters which may appear in the claims.  Generally, the presence or absence of such reference characters does not affect the scope of a claim. See MPEP § 608.01(m).

Claims 17-34 are objected to because of the following informalities:  The claims are directed to process claims that fail to recite active steps.  As an example, the examiner recommends amending the language to recite active steps such as:
-the user (17):
	-giving his or her user identifier to an application (12),
	-graphically selecting …

Claims 17, 19, 29, 31 use the word “wherein” as a transitional phrase.  The phrase “wherein” is synonymous with “comprising” or “characterized by” as seen in MPEP 2111.03 and, while not improper, is not consistent with recommended claim construction. 

Claim 33 is objected to because of the following informalities:
A series of singular dependent claims is permissible in which a dependent claim refers to a preceding claim which, in turn, refers to another preceding claim.
A claim which depends from a dependent claim should not be separated by any claim which does not also depend from said dependent claim (see claim 33 which depends on 23 which depends on 19).  It should be kept in mind that a dependent claim may refer to any preceding independent claim.  In general, applicant's sequence will not be changed.  See MPEP § 608.01(n). 

Appropriate correction is required.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 17-18, 29-30 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by User Authentication System Using Emoji pictures passwords by Raghda Ahmed Malih  hereafter Malih.

17. Malih discloses method for authenticating a user (17) by user identifier and associated graphical password 6, wherein: 
-the graphical password 6 comprises a sequence of several images (A-Y) belonging to a group of images (1-5) (page 51, figure 4.1 and corresponding text), 
-the user (17): 
-gives his or her user identifier to an application (12) (page 52, figure 4.2 and corresponding text, ‘User Name’), 
-graphically selects a sequence of several images (A-Y) in this group of images (1-5), the order of the images in this group of images (1-5) being randomly displayed by the application (12) with each new authentication of said user (17) (page 50, distribute the characters in the selected keyboard randomly over its cells -> Click on the arrow which points to the row that contains the desired character in the keyboard; see entire ‘Login session” image on page 50 and corresponding text), 
-the application (12): 
-identifies the position (xi,yk) of each selected image (A-Y) in said sequence (page 50, ‘Login session’ image), 
-establishes (14) the correspondence between the sequence of said positions (xi,yk) and the sequence of the identifiers of the selected images (A-Y) (page 51, section 4.2.1; see also page 50), 
-compares (15-16) the sequence of the identifiers of the selected images (A-Y) with the sequence of the identifiers of the images (A-Y) of the password 6 registered for said user (17) identifier (page 52, Section 4.2.2, enter each character in the user’s Emoji password), 
-the application (12) being the only entity able to establish this correspondence and/or the application (12) being the only entity able to make this comparison (page 56; see also page 49-50), 
(page 56, enter each character in the new Emoji password [it is implicit in the authentication system to permit access when successful and deny access when not successful]).

18. Malih and Osborn disclose authentication method according to claim 17, wherein said order of the images (A-Y) in this group of images (1-5) is randomly displayed by the application (12) with each new authentication of said user (17), in the form of a grid (1-5) of images distributed into rows and columns (page 51, figure 4.1 and corresponding text).

	Claims 29-30 are lesser in scope to claims 17-18 and are rejected under similar rationale found in the citations provided above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 19-28, 31-32 is/are rejected under 35 U.S.C. 103 as being unpatentable over User Authentication System Using Emoji pictures passwords by Raghda Ahmed Malih  hereafter Malih and Osborn et al. (US 2009/0077653) hereafter Osborn.
19. Malih discloses method for authenticating a user (17) by user identifier and associated graphical password (6), wherein: 
-the graphical password (6) comprises two parts: 
-a first part obtained by a first selection of a group of images (1-5) from several groups of images (1-5) (page 51, figure 4.1 and corresponding text; see also page 42, figure 4.2, as explained above), 
-a second part obtained by a second selection of a sequence of several images (A-Y) in the selected group of images (1-5) (page 50, as explained above), 
-the user (17) gives his or her user identifier to an application (12), and graphically performs: 
-a first selection of a group of images (1-5) in a set of several groups of images (1-5) (page 50, as explained above), 
-a second selection of a sequence of several images (A- Y) in this group of images (1-5), the order of the images (A-Y) in this group of images (1-5) being randomly displayed by the application (12) with each new authentication of said user (17) (page 50, as explained above), 
-the application (12): 
(page 51, figure 4.1 and page 50, as explained above), 
-establishes (14) the correspondence between the position of the selected group of images (1-5) and the identifier of the selected group of images (1-5), and between the sequence of the positions of the selected images (A-Y) and the sequence of the identifiers of the selected images (A-Y) (page 51, figure 4.1 and page 50, as explained above), 
-compares (15-16) the identifier of the group of selected images (1-5) with the identifier of the group of images (1-5) of the password (6) registered for said user (17) identifier, and compares the sequence of the identifiers of the selected images (A-Y) with the sequence of the identifiers of the images (A-Y) of the password (6) registered for said user (17) identifier ()page 51, figure 4.1 and page 50, as explained above,
-the application (12) being the only entity able to establish this correspondence and/or the application (12) being the only entity able to make this comparison (page 56; see also page 49-50), 
-authenticates (15) said user (17) if said comparison is positive but refuses (16) to authenticate said user (17) if said comparison is negative (page 56, as explained above).
Malih discloses randomizing the order of emoji to grant a higher immunity against shoulder surfing attacks. Malih does not explicitly disclose the order of the groups of images (1-5) in this set of groups of images (1-5) being randomly displayed by the application (12) with each new authentication of said user (17).  However, in an analogous art, Osborn discloses graphic image authentication including the order of the groups of images (1-5) in this set of groups of images (1-5) being randomly displayed by the application (12) with each new authentication of said user (17) (para 57, 62, randomized location of categories (similar to Malih’s keyboards: ABC, Num/Sym, Smiley Faces, etc) and randomized images in those categories (similar to Malih’s emojis)).  It would have been obvious to a person of ordinary skill in (para 57).

20. Malih and Osborn disclose authentication method according to claim 19, wherein: -said order of the groups of images (1-5) in this set of groups of images (1-5) is randomly displayed by the application (12) with each new authentication of said user (17), in the form a carousel (19) of image grids (1-5), -and/or said order of the images (A-Y) in this group of images (1-5) is randomly displayed by the application (12) with each new authentication of said user (17), in the form of a grid of images (1-5) distributed into rows and columns (page 51, 52, distribute randomly over its cells).

21. Malih and Osborn disclose authentication method according to claim 19, wherein the number of groups of images (1-5) in the set of groups of images (1-5) is at least two or even at least five times smaller than the number of images (A-Y) in a group of images (1- 5), regardless of whether all the groups (1-5) have the same number of images (A-Y) (page 51, as explained above).

22. Malih and Osborn disclose authentication method according to claim 19, wherein the images (A-Y) are divided into the groups of images (1-5) by theme (page 51, Section 4.2.1, Classify).

23. Malih and Osborn disclose authentication method according to claim 19, wherein the user (17) makes these two selections graphically: -in a graphical interface (7) that sends the number of the selected group (1-5) and/or the coordinates of each selected image (A-Y) in said sequence, -to an authentication function (8) which establishes the correspondence between said number and the identifier of the selected group (1-5) and/or between the sequence of said coordinates and the (page 50, 56-57, Section 4.2.2, as explained above).

24. Malih and Osborn disclose authentication method according to claim 23, wherein: -said graphical interface (7), said authentication function (8), and said database (9) are under the control of at least two independent actors, advantageously are respectively under the control of three independent actors (pages 49-50, graphical user interface is under control of the user and authentication function/database under control of User Authentication System).

25. Malih and Osborn disclose authentication method according to claim 19, wherein: -said set of groups of images (1-5) comprises a number of groups of images (1-5) which is between 3 and 10 (Section 4.2.1, Classify), -and/or said groups of images (1-5) each comprise a number of images (A-Y) which is comprised between 10 and 50 (page 51, figure 4.1, as explained above).

26. Malih and Osborn disclose authentication method according to claim 19, wherein several separate applications (12) use the same images (A-Y) but with a different distribution between groups of images (1-5) from one application (12) to another (page 49-50 [separate applications meaning the application running on different devices (different participants’ devices)]).

27. Malih and Osborn disclose authentication method according to claim 19, wherein the graphical password (6) is stored by the application (12) in a non-reversible form (page 57, encrypt the passwords in its database [encryption is non-reversible (infeasible) to an outside party]).

28. Malih and Osborn disclose authentication method according to claim 19, wherein: -either no image (A-Y) is common to two groups of images (1- 5) that are distinct from each other, -or, if one or more images (A-Y) are common to at least two groups of images (1-5) that are distinct from each other, then for at least half of the groups of images (1-5), any two groups of images (1-5) in this half of the groups of images (1-5) always have less than half of their images (A-Y) in common (page 51, figure 4.1, as explained above, no image is common to two groups).

Claims 31-32 are lesser in scope to claims 19-20 and are rejected under similar rationale found in the citations provided above.

Claims 33-34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Malih and Osborn as applied to claim 19, 23 above, and further in view of Mossoba et al. (US 10,169,566) hereafter Mossoba.
33. Malih and Osborn disclose authentication method according to claim 23, wherein: -said graphical interface (7), said authentication function (8), and said database (9) are under the control of at least two independent actors, advantageously are respectively under the control of three independent actors (pages 49-50, graphical user interface is under control of the user and authentication function/database under control of User Authentication System), 
(figure 1A-1C and corresponding text).   It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Malih and Osborn with the implementation of Mossoba in order to provide an additional layer of security by storing, in separate places, the information needed to uncover a user’s password (col 2, 56-62).

34. Malih and Osborn disclose authentication method according to claim 19, wherein the graphical password (6) is stored by the application (12) in a non-reversible hashed form, this hashed form not having any collisions, this hashed form using a salting function introducing information relating to the user (17). Malih and Osborn do not explicitly disclose wherein the graphical password (6) is stored by the application (12) in a non-reversible hashed form, this hashed form not having any collisions, this hashed form using a salting function introducing information relating to the user (17).  However, in an analogous art, Mossoba discloses authentication using emoji-based passwords including wherein the graphical password (6) is stored by the application (12) in a non-reversible hashed form, this hashed form not having any collisions, this hashed form using a salting function introducing information relating to the user (17) (col 4, 53-col 5, 2).   It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Malih and Osborn with the implementation of Mossoba in order to help protect passwords stored in a database from being reverse-engineered.
Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/               Primary Examiner, Art Unit 2439