DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
     The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
     An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  Authorization for the Examiner’s Amendment was given in an interview with the Applicant’s representative, Ali Assar (Reg. No. 65,848) on February 2, 2021.  
     The Examiner acknowledges the electronic terminal disclaimer filed and approved on 2/7/2022.
     Claims 1-3, 8, and 15 have been amended by the Applicant.
     The following Examiner’s amendment is listed below:

Claims

1. 	(Currently Amended) A computer-implemented method, comprising:
obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece 
determining that: 
a first location reference in the list and a second location reference in the list are indicative of a same location, 
a first account identifier in the list associated with the first location reference is different than a second account identifier in the list associated with the second location reference, and 
a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list;
in response to the determination, modifying a password blacklist to include a first piece of password data identified as being associated with a plurality of failed login attempts that (i) used a plurality of account identifiers comprising the first account identifier and the second account identifier and (ii) were associated with the same location indicated by the first location reference in the list and the second location reference in the list, wherein the first piece of password data was stored in the number of generated records in the list, wherein the password blacklist is associated with a set of account identifiers; 
supplementing a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and
upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to 
2.	(Currently Amended) The computer-implemented method of claim 1, wherein the password blacklist includes a first label indicative of a first security schema associated with adding the first piece of password data to the password blacklist 

3. 	(Currently Amended) The computer-implemented method of claim [[1]] 2, wherein the password blacklist includes 

8. 	(Currently Amended) A non-transitory computer-readable medium storing instructions that, when executed, cause performance of operations comprising:
obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts;
determining that: 
a first account identifier in the list is identical to a second account identifier in the list, 

a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list;
in response to  that (i) used a plurality of pieces of password data comprising the first piece of password data and the second piece of password data and (ii) were associated with a same account identifier indicated by the first account identifier in the list and the second account identifier in the list, wherein the first piece of password data was stored in the number of generated records in the list, wherein the password blacklist is associated with a set of account identifiers;
supplementing a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and
upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist.




15. 	(Currently Amended) A system comprising:
a hardware processor; and
memory storing instructions that, when executed by the hardware processor, cause the hardware processor to:


determine that: 
a first location reference in the list and a second location reference in the list are indicative of different locations, 
a first account identifier in the list associated with the first location reference is a same account identifier as a second account identifier in the list associated with the second location reference, and 
a number of generated records in the list that are indicative of two or more different locations in association with the same account identifier exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list;
in response to the  (i) were associated with a plurality of location references comprising the first location reference and the second location reference and (ii) were associated with the same account identifier indicated by the first account identifier in the list and the second account identifier in the list, wherein the password blacklist is associated with a set of account identifiers 
supplement a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and
upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employ the password blacklist to prevent an adoption of the new password when the new password matches the first piece of password data in the password blacklist matches the first piece of password data in the password blacklist.

                                     Examiner’s Statement of Reasons for Allowance

         Claims 1-20 are allowable.
         The following is an Examiner’s statement of reasons for allowance:
         The present invention is directed to computing systems regularly employ password blacklists designed to prevent users from adopting certain passwords in association with their accounts. While traditional methods for blacklisting passwords are generally limited to the user’s password history, a system or method that can automatically supplement password blacklists with passwords associated with detected suspicious activities would be highly beneficial.
The invention is directed to improving account security based on identified suspicious patterns of activity. More specifically, records corresponding to a number of failed login attempts are obtained. The records include, among other things, the password, or a variation thereof, used in 
          The prior art of Popoveniuc et al. (2016/0173485) discloses attempted user credentials data may include one or more counters to keep track of distinct attempted user credentials.  Attempted user credentials data includes one counter: distinct counter. Distinct counter may be initialized when the first record for a particular attempted user credential is created. Distinct counter may keep track of distinct attempted account identifiers for a particular attempted user credential.  The distinct counter keeps track of distinct account identifiers for which attempted user credential of "HOUSTON" was entered.  The distinct counter may track distinct attempted account identifiers for a particular attempted user credential since the last successful attempted user credential, within the last hour, within the last day, or any other timeframe. If a successful attempted user credential is entered for account, then distinct counter may be reset to zero.
The prior art of Popoveniuc et al. (2016/0173485) does not disclose or suggest, wherein the first piece of password data was stored in the number of generated records in the list, “wherein the password blacklist is associated with a set of account identifiers; supplementing a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist”.
The prior art of Bajenov et al. (2016/0197907) discloses user login information submitted as part of an attempt to log into a computer system is evaluated for unauthorized or illegitimate use based on indicators of suspicious behavior.  Indicators of suspicious behavior include whether the login information is known to have been compromised, whether the login attempt originates from a network source or a physical source that has previously originated an attempt to log in using login information known to have been compromised, and whether multiple login attempts using the login information from multiple users has originated from the source. A suspicion index can be calculated based on the presence of the indicators of suspicious behavior. The system can require enhanced authentication based on the measurement of suspicious behavior.
The prior art of Bajenov et al. (2016/0197907) does not disclose or suggest, “wherein the password blacklist is associated with a set of account identifiers; supplementing a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist”.

The non-patent literature of Jo et al. (Title: Mindmetrics: Identifying Users without their Login IDs) teaches there are two parts in the Mindmetrics-based authentication process. First, Mindmetrics token is requested in the login page. A user specifies the token with which a computing system can identify a user account. Then the identification server looks up the registered access tokens to find a matching token and login ID. Second, the server presents multiple login IDs to the user, with one of the login IDs being the correct login ID for the user account and some more real or fake IDs. To prevent the attackers from recognizing the login IDs, the login IDs are partially obscured. Among these partial login IDs, a legitimate user can still recognize the correct login ID and choose it. This completes the identification stage, and the rest is same as password verification system. If the login ID and password match the credentials stored for the user account, the user is authenticated to access information associated with the user account. For a failed login attempt, no information is given back to the user, so the attacker will not know whether he entered a valid access token, chose a wrong login ID, or entered a wrong password.
The non-patent literature of Jo et al. (Title: Mindmetrics: Identifying Users without their Login IDs) does not teach or suggest, “wherein the password blacklist is associated with a set of account identifiers; supplementing a master password blacklist, associated with two or more account identifiers not in the set of account identifiers, with the first piece of password data, wherein the master password blacklist is different than the password blacklist; and upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist”.
Therefore the claims are allowable over the cited prior art.
Any comments considered necessary by applicant must be submitted no later than the
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for
Allowance."


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more 





2/5/2022
/JJ/
AU 2439


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439