Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
	This is a reply to the request for Continued Examination (RCE) filed on 03/15/2022, in which Claim(s) 1-5, 8-12 and 15-19 are presented for examination.
Claim(s) 6-7, 13-14 and 20 is/are cancelled.

When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/15/2022 has been entered.

Response to Argument
Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s argues that Going-Hernacki combination does not teaches “wherein the password change rules are based on at least one of: a period of time the user remains online, a frequency of the user remaining online, a level of importance of the account record, and a list of computer systems known to the user”. (see remark pp. 9-10)
The Examiner respectfully disagrees. Since the claim does not clearly disclosed “the level of importance of the account record” or how “a list of computer systems known to the user” would cause the password changes rules. Therefore, The Examiner believes Going-Hernacki combination teaches in broadest reasonable interpretation. Going-Hernacki combination teaches the accounts data is breached, in which the accounts can be of financial account or any type of accounts would contains user information which is consider importance and requires password changes [Goings; 7:42-67, 8:1-25], furthermore, Goings teaches whenever a transaction occurs for a financial account (e.g., credit card), the system determines the POS location and the user mobile device location to see if they are closed to teach others, and if they are more than one mile threshold it would consider suspicious or breached. This would be considered computer systems known to the user [Goings; 13:1-67, 14:1-11].

Applicant’s argues with respect to claims 3, 10 and 17, Goings-Hernacki combination does not explicilty discloses “wherein the hardware processor generates the set of user account records by at least one of:
adding user account records which the user has indicated when working with an application having a function of a password manager; analyzing data being entered in real time, 
The Examiner respectfully disagrees. Since the claim reciting “at least one of”. Therefore, Going teaches adding user accounts to records of the security centers, in which the username/password is associated with a website/program and the password is managed by security center [Goings; fig. 2 and associated text]).

Therefore, Applicants’ arguments with respect to claims rejected under prior art have been fully considered but they are not persuasive.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 8-11 and 15-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goings (Pat. No.: US 10/917,400 B1) in view of Hernacki et al. (Pat. No.: US 9,781,159 B1 – IDS; hereinafter Hernacki).
Regarding claims 1, 8 and 15, Goings discloses a method for protecting a user account from unlawful access, the method comprising:
generating, by a hardware processor, a set of user account records (receiving credentials from selected websites/application and creating a record of accounts [Goings; 9:38-67; fig. 2-3 and associated text])
determining, by the hardware processor, whether the user account has been accessed and collecting data about the accessed user account (determine that someone enter the credentials for the website/application and try to access, and using the location of mobile device or transactions locations to determine if it is the user or suspicious activity [Goings; 11:60-67, 12:1-27; Fig. 4-6 and associated text]);
determining, by the hardware processor, whether an unlawful access was performed to the user account, by analyzing the collected data including a period of time of a web session and device information from which the user account has been accessed (determine if the current session access is done by the user or suspicious activity, when determined that the login session is suspicious activity based on device used, location threshold, etc., [Goings; 11:60-67, 12:1-27, 13:24-67; Fig. 4-6 and associated text]);

wherein the password change rules are based on at least one of: a period of time the user remains online, a frequency of the user remaining online, a level of importance of the account record, and a list of computer systems known to the user (when the accounts data is breached, in which the accounts can be of financial account or any type of accounts would contains user information which is consider importance and requires password changes [Goings; 7:42-67, 8:1-25], furthermore, Goings teaches whenever a transaction occurs for a financial account (e.g., credit card), the system determines the POS location and the user mobile device location to see if they are closed to teach others, and if they are more than one mile threshold it would consider suspicious or breached. This would be considered computer systems known to the user [Goings; 13:1-67, 14:1-11]).
Goings discloses an online security center that stored authentication information may be associated with an account registered with a website, an application, or both. The processor may receive input of a selection related to managing a stored password of the authentication information. The processor may automatically generate a new password based at least in part on one or more password specifications that enhance security of the new password, a configurable time limit for changing the authentication information, or some combination. Goings does not explicilty discloses the accounts are compromised/unlawful access; however, in a related and analogous art, Hernacki teaches this feature.


Regarding claims 2, 9 and 16, Goings-Hernacki combination discloses further comprising:
storing the password change rules for changing the password in a rules database (the password change rules are stored at the server database, new password are generated based on the password specification [Goings; 10:1-30; Fig. 3 and associated text]).

Regarding claims 3, 10 and 17, Goings-Hernacki combination discloses wherein the hardware processor generates the set of user account records by at least one of:
adding user account records which the user has indicated when working with an application having a function of a password manager; analyzing data being entered in real time, the data being entered in fields designed for entry of a login and password; and analyzing a history of visited web sites, emails that contain a reference to registration on at least one web site, and user text files containing data similar to a login and password (adding user accounts to records, in which the username/password is associated with a website/program [Goings; fig. 2 and associated text]).

claims 4, 11 and 18, Goings-Hernacki combination discloses wherein the hardware processor determines whether the user account record has been accessed by:
identifying an actual use of a combination of a login and password (launch the selected website/application and enter the credentials when supported [Goings; fig. 4 and associated text]); and 
intercepting a reception of a notification as to a successful entry into an information system using an account record (login to the website/application successfully [Goings; fig. 4 and associated text]), determine location of device used to log in to the website/application, determine if exceeded the threshold, in which all information are logged as record [Goings; fig. 5 and associated text]).

Claims 5, 12 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goings-Hernacki combination further in view of Alexander (Pat. No.: US 9,825,934 B1).
Regarding claims 5, 12 and 19, Goings-Hernacki combination does not explicilty discloses wherein the identification of the actual use of the combination of the login and password comprises at least one of:
ascertaining an entry of characters making up the combination of the login and password of the at least one account record from the generated set of known account records; intercepting the actions of the user when entering data containing the combination of the login and password from a clipboard; and intercepting the actions of an application with a password manager function regarding a use of the clipboard; however, in a related and analogous art, Alexander teaches this feature.


Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
	

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/DAO Q HO/Primary Examiner, Art Unit 2432