DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 28 September 2021 amends claims 1, 10, and 19. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “By requiring a user enter an ‘actual user password,’ Mahmoud precludes the claimed concept, which requires that no subset exactly match a stored password in its entirety. Thus, Mahmoud fails to disclose the above recited element.” This argument has been fully considered and is persuasive. Therefore, the previous rejections have been withdrawn.
Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Jeffrey P. Cobia (Reg. No. 69,466) on 06 April 2022.
The application has been amended as follows: 
Claim 1. (Currently Amended) A device for authenticating a password to be authenticated against a stored password comprising a first set of characters, the device comprising: 
one or more hardware processors; 
a memory, storing instructions, which when executed, cause the one or more hardware processors to perform operations comprising: 
receiving a second set of characters to be authenticated during an authentication attempt; 
and causing access to be granted to an access-controlled resource based on:
determining that no subset of the second set of characters exactly matches the first set of characters corresponding to the stored password in its entirety; 
and determining that the second set of characters includes: 
a first subset of the second set of characters that match a portion of the first set of characters corresponding to the stored password, the portion of the first set of characters having fewer characters than the first set of characters and in a same order;
and a minimum number of additional characters interspersed with the first subset of characters[[.]];
receiving a third set of characters to be authenticated during a second authentication attempt; 
and rejecting access to the access-controlled resource based on a determination that a subset of the third set of characters matches the first set of characters corresponding to the stored password in entirety.
Cancel claim 2.
Claim 10. (Currently Amended) A method for authenticating a password to be authenticated against a stored password comprising a first set of characters, the method comprising: 
using one or more hardware processors: 
receiving a second set of characters to be authenticated during an authentication attempt; 
and causing access to be granted to an access-controlled resource based on:
determining that no subset of the second set of characters exactly matches the first set of characters corresponding to the stored password in its entirety; 
and determining that the second set of characters includes: 
a first subset of the second set of characters that match a portion of the first set of characters corresponding to the stored password, the portion of the first set of characters having fewer characters than the first set of characters and in a same order; 
and a minimum number of additional characters interspersed with the first subset of characters[[.]];
receiving a third set of characters to be authenticated during a second authentication attempt; 
and rejecting access to the access-controlled resource based on a determination that a subset of the third set of characters matches the first set of characters corresponding to the stored password in entirety.
Cancel claim 11.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6-8, 15-17, 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Referring to claims 6-8 and 15-17, the claims require the determination of a match between portions of the second set of characters and the first subset of characters, which renders the claims indefinite because independent claims 1 and 10 specify that the match is determined between the first subset and the first set of characters corresponding to the stored password. Therefore, the claims are not clear with respect to which sets of characters are utilized in the match determination step.
For claims 19 and 20, the claim limitations “means for receiving”, “means for causing access”, and “means for rejecting” invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification does not clearly link any hardware/software to the claimed means. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Allowable Subject Matter
Claims 1-18 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  
The prior art does not or make obvious the claimed password authentication procedure that requires granting access to a resource based on a determination that a received set of characters includes not subset of characters that exactly match the stored password characters in their entirety and rejected access to the resource when the received set of characters does include a subset of characters that match the stored password characters in their entirety.
The closest prior art, Serpa, WO 2004/021108, discloses user authentication with enhanced passwords that could be implemented in a desktop/handheld computer (Pages 1, lines 16-20), which meets the limitation of one or more hardware processors, a memory, storing instructions, which when executed, cause the one or more hardware processors to perform operations. A user enters a password as an access code to access a particular system (Page 9, lines 12-33 & Page 5, lines 1-21), which meets the limitation of receiving a second set of characters to be authenticated during an authentication attempt. The user password input includes entry periods where “ghost” characters are input such that the system will ignore the “ghost” characters during password comparison, but third party observers will believe the password to include the “ghost” characters (Page 9, lines 12-33: password with ghost characters “hdsbn2guiom” while registered password is “hn2gm”; registered password has fewer characters than entered password and both the registered password and the entered password have similar subset “2g”), which meets the limitation causing access to be granted to an access-controlled resource based on determining that no subset of the second set of characters exactly matches the first set of characters corresponding to the stored password in its entirety, and determining that the second set of characters includes a first subset of the second set of characters that match a portion of the first set of characters corresponding to the stored password, the portion of the first characters having fewer characters than the first set of characters and in a same order.
Serpa discloses that the entry of the user password includes entry of “ghost” characters for the specific purpose of being observed by third-parties (Page 9, lines 12-14) such that the “ghost” characters are interspersed with the actual password characters (Page 9, lines 12-33: password with ghost characters “hdsbn2guiom” while registered password is “hn2gm”). Serpa does not disclose or suggest rejecting authentication based upon receiving a password entry that matches the stored password in its entirety.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kong, U.S. Patent No. 10,395,065, discloses a password protection scheme that involves user password entry that includes random characters.
Cerruti, U.S. Publication No. 2009/0106825, discloses a password protection scheme that utilizes randomized password entry.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437