Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 1/26/2022 have been fully considered but they are not persuasive. The examiner respectfully disagrees with applicant regarding “one of ordinary skill in the art would not be motivated to combine Semoto with the teachings of Jakobsson”. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the motivation to combine is to allow users to know their PIN by remembering their passwords (see Section III).  Jakobsson also discloses the advantages of a tiered authentication approach where certain types (and sizes) of transactions can be performed on mobile devices, an rely on PINs for authentication, while more secure devices and stronger authentication could be required for other transactions.  This limits the exposure of passwords (Introduction).  

Drawings
The drawings are objected to because they contain unlabeled boxes which should be provided with descriptive text labels.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Semoto (US 2017/0109508) hereafter Semoto in view of Bootstrapping Mobile PINs Using Passwords by Jakobsson et al. hereafter Jakobsson.

1. Semoto method for managing access to a device that has a first input interface and a second input interface, each for inputting a character string, the method comprising: 
generating a password having a prescribed minimum number of characters and having a measure of complexity (para 51-52; see also fig 5B, 5C and corresponding text [password must have been generated to exist]); 
generating a subpassword on the a basis of the generated password and a prescribed mapping specification, wherein the subpassword has a smaller measure of complexity than the password (para 51-52; see also fig 5B, 5C and corresponding text [subpassword is generated from password based on a prescribed mapping of first two characters in the instance of figure 5A, figure 5B provides other instances in which the mapping can take place; smaller measure of complexity is inherent with less character length]); 
enabling access to the device if a character string input via the first input interface corresponds to the password or a character string input via the second input interface corresponds to the subpassword (fig 6 and corresponding text, para 58-62); 
wherein the first input interface is for remote access and the second input interface is for exclusively local access (para 37-38, 48, two authentication routes provided by the control panel interface (local access interface) and web service interface (remote access interface);
wherein the password consists of characters of a first character set and the subpassword consists of characters of a second character set, further wherein the first character set comprises more characters than the second character set (figs 5A-5C and corresponding text [‘abc@defg’ has more characters in that character set than ‘ab’]). 
Semoto does not explicitly disclose wherein the prescribed mapping specification maps multiple characters of the first character set onto one character of the second character set. However, in an (figure 1 and corresponding text, To log in, the consumer would simply enter the first four characters of her password, using the numeric keypad. If a password character is “2”, “A”, “a”, “B”, “b”, “C” or “c”, then the user presses the 2-button – we are not case sensitive. A password starting with “Blu2” would correspond top the PIN 2852.).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Semota with the implementation of Jakobsson in order allow users to know their PIN by remembering their passwords (Section III. The User Perspective).


4. Semoto and Jakobsson disclose the method as claimed in one of claim 1, wherein the prescribed mapping specification takes into consideration only a selection of characters of the password, the selection being at least one character at the a beginning of the password (Semoto, figs 5A-5C and corresponding text). 

5. Semoto and Jakobsson disclose the method as claimed in claim 1, wherein the characters of the subpassword are a selection of characters of the password (Semoto, figs 5A-5C and corresponding text). 

6. Semoto and Jakobsson disclose the method as claimed in claim 1, wherein the password contains upper and lowercase letters as characters, further wherein the prescribed mapping specification maps upper and lowercase letters of one same letter onto a character of the subpassword (Jakobsson, figure 1 and corresponding text). 

7. Semoto and Jakobsson disclose the method as claimed in claim 6, wherein the prescribed mapping specification maps upper- and lowercase letters of one same letter onto the corresponding letter of the subpassword (Jakobsson, figure 1 and corresponding text).  

8. Semoto and Jakobsson disclose the method as claimed in one of claim 1, wherein the first input interface is a network interface and the second input interface is a keyboard interface (Semoto, figs 3A-3B and corresponding text). 

9. Semoto and Jakobsson disclose the method as claimed in one of claim 1, wherein the first input interface and the second input interface allow access to one same function of the device for a respective pair comprising the password and the associated subpassword (Semoto, para 60). 

10. Semoto and Jakobsson disclose the method as claimed in one of claim 1, wherein the password and the subpassword are stored independently of one another, in particular in encrypted or hashed form (Semoto, para 61, figs 5A, subpassword is stored independent of password]). 

Claim 12 is similar in scope to claim 1 and is rejected under similar rationale.

13. Semoto and Jakobsson disclose the access system as claimed in claim 12, wherein the access system is configured to perform a method for managing access to the device (Semoto, para 37-38, 48).

14. Semoto and Jakobsson disclose the access system as claimed in claim 12, wherein the first input interface has a first associated memory device for storing the prescribed password and the second (Semoto, para 37-38, 48).

15. Semoto and Jakobsson disclose the access system as claimed in one of claim 12, wherein the first input interface is configured to perform the authentication using an authentication service and the second input interface is a manual interface (Semoto, para 37-38, 41, 48).

Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Semoto and Jakobsson as applied to claim 1 above, and further in view of Govande et al. (US 2016/0050209) hereafter Govande.
11. Semoto and Jakobsson disclose the method as claimed in one of claims 1, but does not explicitly disclose wherein a function of the device is accessed for a purpose of changing the password exclusively via the first input interface.  However, in an analogous art, Govande discloses access control based on authentication including wherein a function of the device is accessed for a purpose of changing the password exclusively via the first input interface (para 74-77 [‘for a purpose of changing the password exclusively via the first input interface’ is considered intended use; the full password will allow for changing passwords while short and intermediate can be blocked]).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Semoto and Jakobsson with the implementation of Govande in order to grant tiered access based on a length of a password (para 66).

Conclusion


THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/Primary Examiner, Art Unit 2439