DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to non-provisional application filed 10/29/2019. Claims 1-20 have been filed.

Priority
This application claims benefit of provisional application 62/753,793 filed 10/31/2018.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/14/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

 Claim Objections
Claim 2 is objected to because of the following informalities:  
Claim 2 is read to recite “the remote credential-monitoring application is configured to expose an application program interface”.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-

Claims 1-20 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting over claims 1-20 of copending Application No. 16/667,367 (hereinafter ‘367).  Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-20 of ‘367 anticipate the instant claim 1-20.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claims 1-20 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting over claims 1-20 of copending Application No. 16/667.486 (hereinafter “APP ‘486).  Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-20 of ‘367 anticipate the instant claim 1-20.
This is a provisional obviousness-type double patenting rejection because the conflicting claims have not in fact been patented.

Claims 1-20 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting over claims 1-20 of co-pending Application No. 16/667,447 (hereinafter ‘447).  
Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-20 of ‘367 anticipate the instant claim 1-20.
This is a provisional obviousness-type double patenting rejection because the conflicting claims have not in fact been patented.

Allowable Subject Matter
Claims 4, 11, 13, 17 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Reasons for Allowance will be furnished in a Notice of Allowability action, after all outstanding formal and/or informal issues have been resolved, i.e., the instant 112(b) rejections and Double Patenting rejections.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 first recites the limitation “one or more processors” in the preamble. The antecedent basis for the following recitations of “one or more processors” in claim 1 is unclear.  
For examination, the respective limitations in claim 1 are read as follow:
“obtaining, with one or more processors of an identity management system, …”
“comparing, with the distributed application, …”
the one or more processors, one or more passwords that match …”
“determining, with the distributed application, …; and”
“…causing, with the one or more processors, the first user associated with a first account and the first password to be notified that the first password has been compromised”.
Claims 6, 7, 8, 9, 14 and 9 recite the limitation “one or more processors” respectively.  
For examination, the antecedent basis for these limitations is in claim 1; therefore, all next recitations of said limitation is read “the one or more processors”. 
Claim 20 recites multiple recitations of the limitation “one or more processors”.  The antecedent basis for the following recitations of “one or more processors” in claim 20 is unclear. 
For examination, the respective limitations in claim 20 are read as follow:
“obtaining, with one or more processors of an identity management system, …”
“comparing, with the distributed application, …”
“receiving, with the one or more processors, one or more passwords that match …”
“determining, with the distributed application, …; and”
“…causing, with the one or more processors, the first user associated with a first account and the first password to be notified that the first password has been compromised”.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 1, 3, 5-6, 10, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hong, WO2015/076835A1 in view of Botti, US2020/0026847A1.
 
Per claim 1, Hong discloses a tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising: 
obtaining, with one or more processors, with an identity management system, a first password, the first password being associated with a first username of a first user and serving to afford access to a network-accessible resource, wherein the identity management system is a distributed application configured to provide a single-sign-on service via a password management application of the distributed application (any indications of user submission attempts of the entered candidate password (e.g., a web page click of "log in," "sign in," "submit," etc.) are provisionally blocked for an amount of time or in response to a release indication from the example client password manager 120. In other words, the example transmission delay manager 252 provisionally prevents the candidate password from being used for authentication of the service of interest 226 until after that candidate password can be checked for usage with two or more other services – Hong: par. 0025 – Note: a client password manger 120, operating within each computing device of the example environment of Fig. 1, would not release the login inquiry to the service of interest before it is ascertained that the candidate password is a SSO password), and wherein the password management application is installed on a user computing device and provides the single-sign-on service by which a plurality of different network-accessible resources are accessible by presentation of a plurality of different authentication credentials that are associated with the first user and that correspond to (a first service may facilitate default authentication for other services, which may be referred to as single sign- on (SSO). SSO allows a user to log in with credentials (e.g., a username and password) at a first time with a first service (e.g., Facebook.sup.®), and the first service facilitates additional service access privileges without entering further credentials. For example, after the user logs in to Facebook.sup.®, the SSO services employed by Facebook.sup.® manage tasks associated with authentication for other services such as e-mail accounts, social media accounts, etc. – Hong: par. 0024); 
comparing, with one or more processors, with the distributed application, the first password to a set of compromised credentials within a database external to the network- accessible resource (the comparison between the candidate password hash value and a list of hash values associated with vault passwords may be performed by the example client password manager 120. For example, the example client password manager 120 may receive and/or otherwise retrieve a list of vault password hash values on a periodic, manual, scheduled and/or aperiodic basis so that the example password linkage monitor 208 can perform comparisons… The example client risk monitor 212 may invoke the queries on a periodic, manual, scheduled and/or aperiodic basis to determine whether current events suggest a heightened security strategy… a security feed publishes a report that Facebook.sup.® was successfully attacked and a hacker gained access to user passwords – Hong: par. 0028 and 0033-0034 – Note: The password vault 210 is equivalent to a database external to service resources/security feeds 214); 
(The example password vault 210 also includes an example vault query engine 260 to determine whether the value (e.g., one or more vault databases) includes any duplicates of a password of interest – Hong: par. 0018); 
Hong is not relied on to disclose but Botti discloses determining, with one or more processors, with the distributed application whether the one or more passwords satisfy a criterion (Referring first to FIG. 1, the retrieval component 115 downloads password lists from well-known sources 101, as seen at 111, and also performs active crawling to locate new sources. As seen at 109, active crawling can include search queries with specific keywords on public websites, such as search engines 105 or code repositories 103. As seen at 113, active crawling can also include generic web crawling 107 (i.e., using known web crawlers used for indexing web sites) and matching against predefined password list formats. In most cases, password files are long lists and are either plaintext or hashed values, one entry per line – Botti: par. 0024); and 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hong in view of Botti to include determining, with one or more processors, with the distributed application whether the one or more passwords satisfy a criterion.
One of ordinary skill in the art would have been motivated because it would allow “protection from a false sense of security in seemingly robust/complex/long passwords that have been hacked and are thus no longer safe” – Botti: par. 0010.
(in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference the one or more other services that may be affected by the security breach. For example, the alarm action engine 206 may generate a warning message that recites, "Our security reports indicate that Facebook has been hacked, and there is a possibility that your sign-on information has been compromised. We also notice that you use Facebook logon credentials to access Instagram and Yahoo e-mail accounts. We recommend that you immediately change passwords associated with these services." – Hong: par. 0034).

Per claim 20, it recites a method, comprising operations/method steps as rejected above in claim 1.  
Therefore, claim 20 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 1 above.

Per claim 3, Hong and Botti disclose the medium of claim 1, wherein the first password is obtained via the password management application and in response to the first user inputting the first password via the password management application (the example application interface 216 receives and/or otherwise retrieves the candidate password or hash value of the candidate – Hong: par. 0040 – Note: as shown in Fig. 4, application interface 216 is the interface of client password manager 120 to Apps, Browsers and Executables).

Per claim 5, Hong and Botti disclose medium of claim 1, wherein comparing, with the distributed application, the first password to the set of compromised credentials comprises: 
comparing the first password to the set of compromised credentials responsive to the first user attempting to create the first password associated with the first username via the password management application, the first user attempting to change a previous password associated with the first username to the first password via the password management application, or responsive to a scheduled batch process (the example client password manager 120 may receive and/or otherwise retrieve a list of vault password hash values on a periodic, manual, scheduled and/or aperiodic basis so that the example password linkage monitor 208 can perform comparisons – Hong: par. 0028).

Per claim 6, Hong and Botti disclose medium of claim 1, wherein the operations comprise: in response to the determination that the one or more passwords satisfy the criterion, causing, with one or more processors, the first user associated with the first user account to be notified to change the first password (in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference  – Hong: par. 0034).

Per claim 10, Hong and Botti disclose medium of claim 1, wherein the database is continuously updated with additional compromised credentials (the new password information is updated in the example password vault 210 – Hong: par. 0044), and the operations comprise: 
generating a second criterion for the comparison, the criterion being generated at least based on whether another comparison identifying the first password has been previously made (the example vault interface 262 transmits to the example client password manager 120 an indication that the candidate password has been used on at least one prior occasion. Additionally, the example parity verifier 266 counts a number of instances where the hash of the candidate password matches a hash from the example vault interface 262 and transmits that count value to the example client password manager 120… example alarm action engine 206 identifies a service category type and/or an entity category type associated with the candidate password and determines whether a number of hash matches exceed a threshold value for the identified category type – Hong: par. 0028-0029 – Note: the count criteria/threshold is based on prior comparisons/matchings); and 
(Multiple instances of a match between the hash of the candidate password and hash values from the example password vault 210 are indicative of a user that is re-using the same password for multiple services, thereby creating additional risk in the event that particular password is discovered by an attacker/hacker. In response to retrieving and/or otherwise receiving an indication from the example vault query engine 260 of a hash match of the candidate password and/or a count of the number of times the candidate password has been used with other services, the example password linkage monitor 208 invokes the example alarm action engine 206 if the password has been used before – Hong: par. 0028-0029 – Note: a first match indicating that a candidate password has been used before and a count of such use is the second criteria for comparison, i.e., a threshold count for a service category type).

Per claim 15, Hong and Botti disclose medium of claim 1, wherein: the match is determined based on a cryptographic hash collision (in the event the example parity verifier 266 identifies a match between the hash value associated with the candidate password and one or more hash values from the example password vault 210, then the example vault interface 262 transmits to the example client password manager 120 an indication that the candidate password has been used on at least one prior occasion – Hong: par. 0028).

(in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference the one or more other services that may be affected by the security breach. For example, the alarm action engine 206 may generate a warning message that recites, "Our security reports indicate that Facebook has been hacked, and there is a possibility that your sign-on information has been compromised. We also notice that you use Facebook logon credentials to access Instagram and Yahoo e-mail accounts. We recommend that you immediately change passwords associated with these services." – Hong: par. 0034).

2.	Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Hong, WO2015/076835A1 in view of Botti, US2020/0026847A1 as applied to claim 1 above, and further in view of Nazarov, US20110083181A1.

Per claim 8, Hong and Botti disclose medium of claim 1.
Hong and Botti are not relied on to disclose but Nazarov discloses wherein the operations comprise: 
determining, with one or more processors, with the distributed application, whether the first password satisfies one or more criteria from among a plurality of criteria, wherein determining whether the first password satisfies a first criterion among the plurality of criteria (process block 804 will parse the access credential information and determine the letter, case, repeat and consecutive count of all letter characters. Further, the sequential nature of any numbers will be determined along with overall count, repeat and consecutive number count. Access credential information will be designated strong if criteria relating to the length, case, non-consecutive, non-sequential and lack of repeat character requirements are met...In the event that the access credential information is determined to not meet the threshold requirements of a strong determination, the AST will prompt the user to enter in new access credential information in process block 806 – Nazarov: par. 0056).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hong and Botti further in view of Nazarov to include determining, with one or more processors, with the distributed application, whether the first password satisfies one or more criteria from among a plurality of criteria, wherein determining whether the first password satisfies a first criterion among the plurality of criteria includes determining whether the first password includes sequential characters and wherein the first criterion is satisfied in response to the determination that the first password includes sequential characters.
One of ordinary skill in the art would have been motivated because it would allow “to reduce or eliminate the potential of malicious propagation, data theft and alteration” – Nazarov: par. 0056.

(in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference the one or more other services that may be affected by the security breach. For example, the alarm action engine 206 may generate a warning message that recites, "Our security reports indicate that Facebook has been hacked, and there is a possibility that your sign-on information has been compromised. We also notice that you use Facebook logon credentials to access Instagram and Yahoo e-mail accounts. We recommend that you immediately change passwords associated with these services." – Hong: par. 0034).

Per claim 9, Hong and Botti disclose medium of claim 1.
Hong and Botti are not relied on to disclose but Nazarov discloses wherein the operations comprise: 
determining, with one or more processors, with the distributed application, whether the first password satisfies one or more criteria from among a plurality of criteria, wherein determining whether the first password satisfies a first criterion among the plurality of criteria includes determining whether the first password includes repetitive characters and wherein the first criterion is satisfied in response to the determination that the first password includes repetitive characters (process block 804 will parse the access credential information and the sequential nature of any numbers will be determined along with overall count, repeat and consecutive number count. Access credential information will be designated strong if criteria relating to the length, case, non-consecutive, non-sequential and lack of repeat character requirements are met... In the event that the access credential information is determined to not meet the threshold requirements of a strong determination, the AST will prompt the user to enter in new access credential information in process block 806 – Nazarov: par. 0056).
The same motivation to modify Hong and Botti further in view of Nazarov applied to claim 8 above applies here.

Hong, modified in view of Botti and Nazarov, further discloses in response to the determination that the first password satisfies the first criterion, causing, with one or more processors, the first user associated with the first account and the first password to be notified to change the first password (in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference the one or more other services that may be affected by the security breach. For example, the alarm action engine 206 may generate a warning message that recites, "Our security reports indicate that Facebook has been hacked, and there is a possibility that your sign-on information has been compromised. We also notice that you use Facebook logon credentials  – Hong: par. 0034).

3.	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hong, WO2015/076835A1 in view of Botti, US2020/0026847A1 as applied to claim 1 above, and further in view of Yedidi, US2017/0346797A1.

Per claim 12, Hong and Botti disclose medium of claim 1. Hong and Botti are not relied on to explicitly disclose but Yedidi discloses wherein the first password is compared to the set of compromised credentials responsive to an update to the database (compromised password server 222 can send compromised password data updates to compromised password module 202 periodically or whenever compromised password database 224 is updated with new compromised passwords… In some implementations, compromised password module 202 can store received compromised passwords in compromised password database 206... After authenticating the user, authenticator module 126 can send the login credentials to compromised password module 202. Upon receipt of the login credentials, compromised password module 202 can search compromised password database 206 for the account identifier (e.g., user name, email address, etc.) specified in the login credentials – Yedidi: par. 0045-0046 and 0051 – Note: since compromised password module is kept synchronized with the compromised password database, a comparison following a login inquiry is inherently responsive to the latest update to the compromised password database). 

One of ordinary skill in the art would have been motivated because it would allow to “prevent the user from selecting a compromised password for the user's content management system account in the future” – Yedidi: par. 0054.

4.	Claims 2, 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hong, WO2015/076835A1 in view of Botti, US2020/0026847A1 as applied to claim 1 above, and further in view of Wright, US2018/0046796A1.

Per claim 2, Hong and Botti disclose the medium of claim 1, wherein the distributed application comprises: 
a remote credential-monitoring application external to the network-accessible resource (The example client password manager 120 also includes an example application interface 216 that is communicatively connected to one or more applications of the example computing device 202. Applications may include, but are not limited to, mobile device applications 218 …Each application (e.g., the example mobile device application 218, the example browser application 220, the example executables 222) may also be communicatively connected to a network 224 (e.g., the Internet) to facilitate communication to/from one or more services 226, such as example financial services, social networking  – Hong: par. 0020); and the password management application within the user computing device; 
the remote credential-monitoring application is configured expose an application program interface by which the first password is obtained from the password management application and to determine that the one or more passwords satisfy the criterion (If the example password field identifier 250 detects an input type with the keyword "password," … before an entered password is allowed to be sent to a service (e.g., Facebook ), example methods, apparatus, systems and/or articles of manufacture disclosed herein determine whether the password has been used for one or more alternate services (e.g., the same password used for both Facebook.sup.® and Amazon.com.sup.®… If the candidate password is ultimately deemed to be dangerous, risky and/or otherwise harmful to the security of the user, then the provisional block may be confirmed with a permanent block of the password – Hong: par. 0022 and 0025). 
Furthermore, Botti discloses determine[ing] that the one or more passwords satisfy the criterion (Referring first to FIG. 1, the retrieval component 115 downloads password lists from well-known sources 101, as seen at 111, and also performs active crawling to locate new sources. As seen at 109, active crawling can include search queries with specific keywords on public websites, such as search engines 105 or code repositories 103. As seen at 113, active crawling can also include generic web crawling 107 (i.e., using known web crawlers used for matching against predefined password list formats. In most cases, password files are long lists and are either plaintext or hashed values, one entry per line – Botti: par. 0024).
The same motivation to modify Hong in view of Botti applied to claim 1 above applies here.
Hong in view Botti further discloses the password management application is configured to, in response to the determination that the one or more passwords satisfy the criterion, cause the first user to be notified that the first password has been compromised (in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message to reference the one or more other services that may be affected by the security breach. For example, the alarm action engine 206 may generate a warning message that recites, "Our security reports indicate that Facebook has been hacked, and there is a possibility that your sign-on information has been compromised. We also notice that you use Facebook logon credentials to access Instagram and Yahoo e-mail accounts. We recommend that you immediately change passwords associated with these services." – Hong: par. 0034) and Hong and Botti are not relied on to disclose but Wright discloses cause[ing] a controller of the network-accessible resource to be notified that the first password has been compromised (if a username and password are compromised for a first account of a first service, credential data indicating that the same username is used for a second account with a second service may be useful in determining that the second account is similarly  – Wright: par. 0022).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hong and Botti further in view of Wright to include cause a controller of the network-accessible resource to be notified that the first password has been compromised.
One of ordinary skill in the art would have been motivated because it would allow “automatically setting and/or recommending an account access policy for the account” – Wright: par. 0022.

Per claim 7, Hong and Botti disclose medium of claim 1, wherein determining whether the one or more passwords satisfy the criterion includes determining whether a number of the one or more passwords exceeds a threshold, and the operations comprise: 
in response to the determination that the number of the one or more passwords exceeds the threshold (if a username and password are compromised for a first account of a first service, credential data indicating that the same username is used for a second account with a second service may be useful in determining that the second account is similarly compromised (e.g. if the user uses the same password for both accounts) – Wright: par. 0022 – Note: threshold count is “1”), Hong and Botti are not relied on to disclose but Wright discloses causing, with one or more processors, a controller of the network-accessible resource to be (In this example, a network administrator of the second service can be notified of the risk, and the administrator can handle the security vulnerability accordingly (e.g., through account access modification options supplied in S140)…In a specific example, security history data indicating a history of previous attacker attempts on the compromised account can be presented to the network administrator, and used in recommending that the account be locked – Wright: par. 0022).
The same motivation to modify Hong and Botti further in view of Wright applied to claim 2 above applies here.

Per claim 14, Hong and Botti disclose medium of claim 1, wherein the operations comprise: 
receiving metadata associated with the one or more passwords, the metadata including one or more usernames associated with the one or more passwords (Prior to the one or more services 226 providing and/or otherwise allowing access, an authorized username and password combination must be provided thereto – Botti: par. 0020 – Note: the example password field identifier 250 may parse and/or otherwise identify keywords associated with username and/or password entry options (e.g., first name, last name, user name, password, pwd, l_name, f_name, u_name, etc.) – par. 0022); 
Hong and Botti is not relied on to disclose but Wright discloses determining whether the one or more usernames match the first username (if a username and password are – Wright: par. 0022); and 
in response to the determination that the first username matches the one or more usernames, causing, with one or more processors, a controller of the network-accessible resource to be notified that the first username and first password have been compromised, instructing, with one or more processors, the controller of the network-accessible resource to block access to the first user account associated with the first password and the first username (In this example, a network administrator of the second service can be notified of the risk, and the administrator can handle the security vulnerability accordingly (e.g., through account access modification options supplied in S140)…In a specific example, security history data indicating a history of previous attacker attempts on the compromised account can be presented to the network administrator, and used in recommending that the account be locked – Wright: par. 0022).
The same motivation to modify Hong and Botti further in view of Wright applied to claim 2 above applies here.
Hong, modified in view of Botti and Wright, further discloses causing, with one or more processors, the first user associated with the first user account on the network- accessible resource to be notified to change the first password (in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the example alarm action engine 206 may further tailor a warning message  – Hong: par. 0034).

4.	Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Hong, WO2015/076835A1 in view of Botti, US2020/0026847A1 as applied to claim 1 above, and further in view of Ashley, US10051001B1.

Per claim 19, Hong and Botti disclose medium of claim 1, wherein the operations comprise: 
determining, with one or more processors, with the distributed application, whether the first password satisfies one or more criteria from among a plurality of criteria, wherein determining whether the first password satisfies a first criterion among the plurality of criteria
Hong and Botti are not relied on to explicitly disclose but Ashley discloses [wherein] a first criterion among the plurality of criteria includes determining whether the first password includes one or more context-specific words and wherein the first criterion is satisfied in response to the determination that the first password includes one or more context-specific words (when a firewall decrypts an SSL or HTTPS session, a decoder for the web application identifies the login/password fields that are specific to that external site (e.g., or searches for  – Ashley: col. 7, lines 4-15).
 Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hong and Botti further in view of Ashley to include a first criterion among the plurality of criteria includes determining whether the first password includes one or more context-specific words and wherein the first criterion is satisfied in response to the determination that the first password includes one or more context-specific words.
One of ordinary skill in the art would have been motivated because it would allow “promote and enforce proper credentials management policies for users of the enterprise” and “alert the enterprise (e.g., internal IT/network/security administrators (admins) of the enterprise) to users who have credentials to external sites that present potential security risks for the enterprise” – Ashley: col. 5, lines 51-56.
Hong, modified in view of Botti and Ashley, further discloses in response to the determination that the first password satisfies the first criterion, causing, with one or more processors, the first user associated with the first account and the first password to be notified to change the first password (in the event the query of security reports reveals hacker activity with Facebook.sup.®, and that Facebook.sup.® provides SSO services for the user, then the  – Hong: par. 0034).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Mehta (US2020/0137076A1) discloses generating sets of user interactions per originator based on origination information associated with the user interactions. The sets of the user interactions are processed to identify credentials used to access the web service per originator. The credentials used to access the web service per originator are compared with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database. Security measures are applied for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 





/AREZOO SHERKAT/            Primary Examiner, Art Unit 2494