DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant is hereby notified that there has been a new examiner assigned for the prosecution process of the instant application.
This written action is responding to the amendment dated on 02/23/2022.
Claims 1-4, 11-14, and 20 have been amended and all other claims are previously presented.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment filed on February 23, 2022 has claims 1-4, 11-14, and 20 amended, and all other claims are previously presented. Among the amended claims, claims 1, 11 and 20 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on February 23, 2022 at page 8, indicates, “Claims 1, 11, and 20 stand rejected under 35 U.S.C. § 112, first paragraph for allegedly failing to comply with the written description requirement. Office Action, p. 2. Applicant respectfully disagrees with the rejection of the written description for all claims. Without addressing the propriety of the 112 rejections, Applicant has amended the claims herein in a manner believed to obviate these rejections. Support for this amendment can be found throughout the original specification, particularly at paragraph [0026].” 
Applicant’s argument has been considered and is found persuasive. Therefore, claim rejection under U.S.C 112(a) to Claims 1, 11 and 20 has been withdrawn.
Applicant’s remark, filed on February 23, 2022 at page 9, indicates, “Claims 1-20 stand rejected under 35 U.S.C. § 112 (b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor regards as the invention. Applicant has amended the claims herein in a manner which Applicant believes obviates these claim rejections. In view of the foregoing, Applicant respectfully requests withdrawal of the § 112 rejections.” 
Applicant’s argument has been considered and is found persuasive. Therefore, claim rejection under U.S.C 112(b) to Claims 1-20 has been withdrawn.
Applicant’s remark, filed on February 23, 2022 at page 9, indicates, “Applicant respectfully disagrees with the § 103 rejections for at least the following reasons. Applicant respectfully submits that the Office has not articulated a reason why a person skilled in the art would combine the prior art references, does not have adequate evidentiary basis for that finding, and has not provided a satisfactory explanation for the In re NuVasive, Inc., 842 F.3d 1376, 1382 (Fed. Cir. 2016). Additionally, Applicant respectfully submits that the combined references fail to teach or suggest all claimed limitations, as is required. See Ex parte H. Garrett Wada et al., pp. 7, Appeal No. 2007-3733 (BPAI January 14, 2008). For example, Applicant respectfully submits that one skilled in the art would not combine the teachings of Johansson with Szydlo, Fort, Grunin Abadir, or Chow, at least because they are directed to wholly different fields of endeavor. Additionally, Applicant respectfully submits that Szydlo, Fort, Grunin Abadir, or Chow, even if combinable with Johansson, fails to overcome the deficiencies of Johansson. … Applicant respectfully submits that the references fail to teach, or even suggest, the claimed limitations, either as previously presented or as currently amended. For example, Applicant respectfully submits that in addition to the above noted limitation, Johansson in view of the other references fails to teach, or even suggest, "...providing, to the user, a prompt containing an indication of the temporary password, wherein the prompt comprises at least one security question, from the list of security questions, that corresponds to the at least one answer, wherein the list of security questions informs the user of a proper order to assemble the temporary password based upon the list of user- provided answers." Accordingly, Applicant respectfully requests reconsideration and withdrawal of the § 103 rejections.”
Applicant’s argument has been considered and is found persuasive. Therefore, the previous prior-art rejection is withdrawn.  However, Applicant’s amendment 
Accordingly, a new ground of rejection based on the newly identified prior-art by Dinia et al. (US 2018/0288019) has been applied to the amendment.
Specifically, Dinia discloses a method when the user needs to set a new password (i.e. recover or temporary), the user may request to generate a new one via password service by selecting an input to trigger password request interface. Then, a password generator of password service may prompt the user with a set of questions and the user will provide a set of answers in order to set or recover the password and access to a service or application (see Parag. [0031-0039]). In addition, Dinia teaches the amended limitation “… wherein the list of security questions informs the user of a proper order to assemble the temporary password based upon the list of user-provided answers.” See Parag. [0080] of Dinia and detailed rejection below.
The Examiner respectfully submits that Dinia does not change the principle of operation of the primary reference or render the reference inoperable for its intended purpose. See MPEP § 2143.01. The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference by Johansson. Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425, 208 USPQ 871, 881 (CCPA 1981). See also In re Sneed, 710 F.2d 1544, 1550, 218 USPQ 385, 389 (Fed. 
Finally, Examiner respectfully submits that Johansson discloses the previous limitations presented as rejected in the Non-Final Office Action. (See rejection below). Thus, the new combination of Johansson and Dinia would render the claimed limitations obvious.
Regarding amended independent claims 11 and 20 has been considered and is addressed based on the same rationale presented for the amended claim 1. Please refer to the rejection to the claims in details below.
Regarding dependent claims 2-10, 12-19, please refer to the aforementioned response, which addresses how the new combination of prior-art references by Johansson and Dinia would render the claimed limitations obvious.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-9, 11-15, 17-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Johansson et al. (US 9,954,867), hereinafter Johansson, in view of Dinia et al. (US 2018/0288019), hereinafter Dinia.
As per Claim 1, Johansson teaches a method, comprising:
receiving, in an application on an information handling device, a password reset request from a user (Johansson, Col. 11, lines 26-32; "When the user has forgotten the password, the reset request field 231 may be checked and (when the submit icon 232 is selected) a corresponding request (password reset request) is sent from the client computing device to the network service 130. The request represents a request to change a credential, namely the password in the present example.");
 (Johansson, Col. 13, 58-61; "the session management module 140 (data store) identifies (accessing) one or more challenge questions and answers that have been established in connection with the user account.") comprising a list of user-provided answers that are responsive to a list of security questions; (Johansson, Col.7, lines 33-35; “The user module 138 reviews the request and header information to accounts 160 also include questions and answers pre-defined determine whether a unique access point designator has by the user.” … Col. 13, lines 58-61; "the session management module 140 identifies one or more challenge questions and answers (list of answers) that have been established in connection with the user account.").
constructing, using the data store, a temporary password (Johansson, Col. 12; lines 8-12, “The reset message 250 informs the user that a temporary password 252 has been established and provides (constructing) the temporary password “12345”.”), [wherein the temporary password consists of at least one answer selected from the list of answers]; and
providing, to the user, a prompt containing an indication of the temporary password, wherein the prompt comprises at least one security question, from the list of security questions, that corresponds to the at least one answer (Johansson, Col. 11, lines 41-44; "The user confirmation page 240 provides a message prompting the user to answer predetermined challenge questions, before the credential reset process can continue."), [wherein the list of security questions informs the user of a proper order to assemble the temporary password based upon the list of user-provided answers].
Johansson does not explicitly teach: 

wherein the list of security questions informs the user of a proper order to assemble the temporary password based upon the list of user-provided answers.
However, Dinia teaches: 
the temporary password consists of at least one answer selected from the list of answers (Dinia, Parag. [0039]; "Password service 112, in contrast, dynamically generates and stores a selection of questions 142 that are unique to the particular user based on detected user events and password service 112 uses the responses to the questions to generate the digits of the unique, complex password. Password service 112 first generates the questions to be answered by a particular user in order to then generate a complex password based on the user's answers."); and
wherein the list of security questions informs the user of a proper order to assemble the temporary password based upon the list of user-provided answers. (Dinia, Parag. [0079]; ”In one example, selector 407, such as selector 172, may select the characters of each of hash 403 and hash 405 that may be used for generating the password. In one example, selector 407 may select the characters based on password generation rules 409. Password generation rules 409 may, for example, be represented by an index 411 that refers to the characters to be selected from each response to the set of questions Q1 and Q2. As shown in FIG. 4A, index 411 includes a value “Q1-3, 8” which refers to character 410A, the third character of hash 403, and character 410B, the eighth character of hash 403”.  Parag. [0080]; “In the example, password generator 162 generates a result password 413. In one example, password generator 162 forms result password 413 from a sequence of characters 410A, 410B, 410C, and 410D, by concatenating the characters of 410A, 410B, 410C, and 410D. Result password 413 illustrated in FIG. 4A may be based on answers 401 and 402, which may be referred to as “correct” or default answers.”).
Johansson and Dinia are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provide user account security when the user forget one or more aspects of their login information, like the username and password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dinia’s system into Johansson’s system, with a motivation to provide a method for generating a password, by a computer system, based on user answers or responses to a set of questions specific for the particular account from among multiple questions (Dania, Parag. [0004]).

As per Claim 2, the combination of Johansson and Dinia teaches the method of claim 1.  Dinia further teaches wherein the at least one answer comprises a numerical answer and a textual answer (Dinia Parag. [0079-0080]; “In one example, selector 407, such as selector 172, may select the characters of each of hash 403 and hash 405 that may be used for generating the password. In one example, selector 407 may select the characters based on password generation rules 409. Password generation rules 409 may, for example, be represented by an index 411 that refers to the characters to be selected from each response to the set of questions Q1 and Q2. As shown in FIG. 4A, index 411 includes a value “Q1-3, 8” which refers to character 410A, the third character of hash 403, and character 410B, the eighth character of hash 403. In addition, as illustrated in FIG. 4A, index 411 includes “Q2:1, 4”, which refers to character 410C, the first character of hash 405, and character 410D, the fourth character of hash 405. Index 411 may further indicate, as shown in FIG. 4A, the characters corresponding to further questions, as illustrated by “Qn-y, y” that may be used in another set of questions. While the example shown in FIG. 4A uses questions Q1 and Q2 as forming the set of questions to be answered, in additional or alternate examples, the set of questions may include additional or alternate questions to Q1 and Q2. In the example, password generator 162 generates a result password 413. In one example, password generator 162 forms result password 413 from a sequence of characters 410A, 410B, 410C, and 410D, by concatenating the characters of 410A, 410B, 410C, and 410D. Result password 413 illustrated in FIG. 4A may be based on answers 401 and 402, which may be referred to as “correct” or default answers.” Examiner submits that the characters are from the alphabet and numerical as shown in Figs. 4A and 4B.).

As per Claim 3, the combination of Johansson and Dinia teaches the method of Claim 2.  Dinia further teaches wherein at least one answer comprises a numerical answer and wherein portions of the numerical answer are comingled among the textual answer in a predefined way (Dinia Parag. [0079-0080]; “In one example, selector 407, such as selector 172, may select the characters of each of hash 403 and hash 405 that may be used for generating the password. In one example, selector 407 may select the characters based on password generation rules 409. Password generation rules 409 may, for example, be represented by an index 411 that refers to the characters to be selected from each response to the set of questions Q1 and Q2. As shown in FIG. 4A, index 411 includes a value “Q1-3, 8” which refers to character 410A, the third character of hash 403, and character 410B, the eighth character of hash 403. In addition, as illustrated in FIG. 4A, index 411 includes “Q2:1, 4”, which refers to character 410C, the first character of hash 405, and character 410D, the fourth character of hash 405. Index 411 may further indicate, as shown in FIG. 4A, the characters corresponding to further questions, as illustrated by “Qn-y, y” that may be used in another set of questions. While the example shown in FIG. 4A uses questions Q1 and Q2 as forming the set of questions to be answered, in additional or alternate examples, the set of questions may include additional or alternate questions to Q1 and Q2. In the example, password generator 162 generates a result password 413. In one example, password generator 162 forms result password 413 from a sequence of characters 410A, 410B, 410C, and 410D, by concatenating the characters of 410A, 410B, 410C, and 410D. Result password 413 illustrated in FIG. 4A may be based on answers 401 and 402, which may be referred to as “correct” or default answers.”).

As per Claim 4, the combination of Johansson and Dinia teaches the method of Claim 2. Johansson further teaches wherein the textual answer is arranged in a predetermined order and wherein the predetermined order is derived from an ordering of the at least one security question in the prompt (Johansson, Col. 11, lines 60-63, Fig. 2D; “the reset message 250 may be sent when the answers to challenge questions entered by the user match the answers saved in connection with the user account,” … Col. 11, lines 49-50; “the questions challenge 242-243 may be based on information entered (i.e. predetermined order) when the corresponding user account was set up.”).
In addition, Dinia further teach:
wherein the textual answer is arranged in a predetermined order (Dinia, Parag. [0079]; ”In one example, selector 407, such as selector 172, may select the characters of each of hash 403 and hash 405 that may be used for generating the password. In one example, selector 407 may select the characters based on password generation rules 409. Password generation rules 409 may, for example, be represented by an index 411 that refers to the characters to be selected from each response to the set of questions Q1 and Q2. As shown in FIG. 4A, index 411 includes a value “Q1-3, 8” which refers to character 410A, the third character of hash 403, and character 410B, the eighth character of hash 403”.  Parag. [0080]; “In the example, password generator 162 generates a result password 413. In one example, password generator 162 forms result password 413 from a sequence of characters 410A, 410B, 410C, and 410D, by concatenating the characters of 410A, 410B, 410C, and 410D. Result password 413 illustrated in FIG. 4A may be based on answers 401 and 402, which may be referred to as “correct” or default answers.”  Parag. [0107-0108]; “At block 702, if there is a trigger to generate a password from the received responses, then the process passes to block 704. Block 704 illustrates applying a hash function to each of the received responses set in the index. Next , block 706 illustrates identifying a separate hash for each of the received responses from the hash function. Thereafter, block 708 illustrates a determination whether there is already an index set for the account At block 708, if an index is already set for the account, then the process passes to block 710. Block 710 illustrates selecting at least one character of at least one hash as a character of a password according to the index for the set of questions. Next, block 712 illustrates concatenating, padding, and ordering the selected characters according to the index, and the process ends.”) 

As per Claim 5, the combination of Johansson and Dinia teaches the method of Claim 4.  Dinia teaches wherein the ordering is randomized (Dinia, Parag. [0109]; “Returning to block 708, if an index is not already set of the account, then the process passes to block 714. Block 714 illustrates selecting at least one character of at least one hash as a character of a password according to password generation rules for randomized selection. Next, block 716 illustrates selecting each position of the selected characters in the password according to password generation rules. Next, block 718 illustrates adding padding to the password according to the password generation rules to set a password of a required length for security requirements for the password. Thereafter, block 720 illustrates generating an index for the account specifying the response hash character positions, ordering, and padding, and the process ends.”) each time the password reset request is received (Johansson, Col. 11, lines 26-32; "When the user has forgotten the password, the reset request field 231 may be checked and (when the submit icon 232 is selected) a corresponding request (password reset request) is sent from the client computing device to the network service 130. The request represents a request to change a credential, namely the password in the present example.").

Claim 8, the combination of Johansson and Dinia teaches the method of Claim 1. Johansson further teaches wherein the providing comprises providing the prompt in the application (Johansson, Col. 11, lines 41-44; "The user confirmation page 240 (Refer Fig. 2C) provides a message prompting the user to answer predetermined challenge questions, before the credential reset process can continue.").

As per Claim 9, the combination of Johansson and Dinia teaches the method of Claim 1.  Dinia teaches wherein the list of answer is received from the user during a password registration process (Dinia, Parag. [0023]; “In one example, the user identified in service identifier 114 may register for service with password service 112. In another example, the user may register one or more types of account identifiers in service identifier 114. For example, the user may register or authorize one or more types of accounts to be monitored by password service 112 in service identifier 114.” … Parag. [0026]; “The term “question”, such as in questions 142, may refer to a request for information or a prompt to the user to obtain information. The obtained information may comprise one or more possible answers to the question, which may or may not be correct. In one example, the question may be defined as an interrogative sentence, or text string, that may be identified by, for example, the presence of a question mark at the end and/or the presence of an interrogative word such as "who", "what”, “when”, "where”, and “why” at the beginning of the sentence. In another example, the question may be a “fill-in-the-blank" style question. The question may be provided as a text message, audio message or video message.”).

Claim 11, it is a device claim that recites limitations similar to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.  In addition, Johansson teaches at least one sensor (Johansson, Col. 10, lines 40-41; “touch-enabled device”); a processor (Johansson, Col. 5, lines 8-9; “one or more processors”); and a memory device (Johansson Col. 20, line 19; “executing program instructions save in memory.”).

As per claim 12, the rejection of claim 11 is incorporated. In addition, it is a device claim that recites limitations to those of claim 2, and therefore it is rejected for the same rationale applied to claim 2.

As per claim 13, the rejection of claim 12 is incorporated. In addition, it is a device claim that recites limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 14, the rejection of claim 12 is incorporated. In addition, it is a device claim that recites limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.

15, the rejection of claim 14 is incorporated. In addition, it is a device claim that recites limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

As per claim 17, the rejection of claim 11 is incorporated. In addition, it is a device claim that recites limitations to those of claim 8, and therefore it is rejected for the same rationale applied to claim 8.

As per claim 18, the rejection of claim 11 is incorporated. In addition, it is a device claim that recites limitations to those of claim 9, and therefore it is rejected for the same rationale applied to claim 9.

As per claim 20, it is a product claim that recites limitations similar to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.

Claims 6-7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Johansson et al. (US 9,954,867), hereinafter Johansson, in view of Dinia et al. (US 2018/0288019), hereinafter Dinia as applied to claim 1, and in further view of Abadir et al. (US 11,133,934) hereinafter Abadir.
 As per Claim 6, the combination of Johansson and Dinia teaches the method of Claim 1.  The combination of Johansson and Dinia does not expressly teach:

However, Abadir teaches wherein the providing comprises transmitting the prompt to the user using a secondary communication channel (Abadir, Col. 4, lines 15-20; "out-of-band user authentication represents a type of two-factor authentication process that involves a username and password processed through a first, primary, communication channel and a secondary verification method through a separate communication channel that is different from the primary communication channel").
Johansson, Dinia and Abadir are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provide user account security when the user forgets one or more aspects of their login information, like the username and password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Abadir system into Johansson-Dinia system, with a motivation to provide the advantage of specifying the secondary communication channel in order to make it harder for potential intruders to gain access to the webpage, application, or service and thereby obtain private data and functionality (Abadir, Col. 4, lines 27-30).

As per Claim 7, the combination of Johansson, Dinia and Abadir teaches the method of Claim 6. Abadir further teaches wherein the secondary communication channel is selected from the group consisting of an SMS message, an email, and a notification (Abadir, Col. 4, lines 21-23; “a typical out-of-band authentication process may involve providing: 1) a username and password of a user (first factor) to a webpage, application, or service”).

As per claim 16, the rejection of claim 11 is incorporated. In addition, it is a device claim that recites limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.


Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Johansson et al. (US 9,954,867), hereinafter Johansson, in view of Dinia et al. (US 2018/0288019), hereinafter Dinia as applied to claim 1, and in further view of Chow et al. (U.S. 8,881,266) hereinafter Chow.
As per Claim 6, the combination of Johansson and Dinia teaches the method of Claim 1.  Tthe combination of Johansson and Dinia does not expressly teach: 
receiving, in an input field of the application, the temporary password; and directing, responsive to confirming the temporary password, the user to a password reset page.
However, Chow teaches:
receiving, in an input field of the application, the temporary password; and directing, responsive to confirming the temporary password, the user to a password reset page (Chow, Col. 3, lines 45-49; "by comparing the user's input to user information previously extracted by the server, the server can verify the user's identity. If the user's answer matches the extracted user information, the server determines that the user is legitimate and resets the user's password as requested").
Johansson, Dinia and Chow are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for provide user account security when the user forgets one or more aspects of their login information, like the username and password.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chow system into Johansson-Dinia system, with a motivation to provide user authentication to verify the user's identity. If the user's answer matches the extracted user information, the server determines that the user is legitimate and resets the user's password as requested (Chow, Col. 3:47-49).

As per claim 19, the rejection of claim 11 is incorporated. In addition, it is a device claim that recites limitations to those of claim 10, and therefore it is rejected for the same rationale applied to claim 10.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ruggiero et al., (US 2009/0037989): relates to method to friendly and intuitively present, to a user of a protected institution, access password codes to be 
Tzur-David et al., (US 11,271,926): relates to a system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.D.C./Examiner, Art Unit 2498    

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498