DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17 (e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17 (e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/31/2022 has been entered.
This office Action is in response to the RCE filed on 03/31/2022. As per instant Amendment, Claims 1, 15 and 20 have been amended; Claims 1, 15 and 20 are independent Claims; Claims 1-20 have been examined and are pending. This Office Action is made Non-Final.
Response to Arguments
The rejections of claims 1-20 under the 35 USC 101 rejection as the claims are directed to an abstract idea are withdrawn as the claims have been amended and applicants’ arguments are found persuasive..
Applicants’ arguments with respect to claims 1 -20 have been considered but are moot in view of the new ground(s) of rejection.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (313) 446-6644 to schedule an interview.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 11-13, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zhu et al. (“Zhu,” US 20180176188, published on 06/21/2018) in view of Geller et al. (“Geller,” US 20030070074, published on 04/10/2003) and further in view of Veugen et al. (“Veugen,” US 20150295712, published on 10/15/2015)

Regarding Claim 1;
	
Zhu discloses a computing system configured to facilitate a determination as to whether a password satisfies one or more password constraints, said computing system comprising (par 0063; checks whether the complexity (namely password strength) of a password set by the user meets the predetermined password strength requirement): 
one or more hardware processors; and one or more computer-readable hardware storage devices that store computer- executable instructions that are executable by the one or more hardware processors to cause the computing system to (par 0164; one or more processors; par 0165; the memory is arranged to store a software program and a component [] the processor executes various function applications and data processing by running the software program and the component stored in the memory):
access a password selected by a user (par 0014; in a process of  encrypting an original activation password input by a user); 
encrypt the selected password (par 0059; after the user inputs an original activation password, the client terminal encrypts the original activation password); 
transmit the encrypted password to the remote server (par 0059; after the user inputs an original activation password, the client terminal encrypts the original activation password and then sends an encrypted activation password to the network monitoring apparatus);
based on a result provided by the remote server, determine whether the selected password satisfies the one or more password constraints (par 0075; fig.8; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement. When a complexity of the decrypted original activation password meets the predetermined password strength requirement, the network monitoring apparatus is activated, and information indicating that the network monitoring apparatus is successfully activated).
Zhu disclose all the limitations as recited above, but do not explicitly disclose generate a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password, and the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints; transmit the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition, on the encrypted password.
However, in an analogous art, Geller discloses authentication system/method that includes:
generate a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password (Geller: par 0067: generate the encryption key; par 0090; the encryption key includes the selected function definition; par 0091; the encryption key include a function to be performed on the permuted characters; par 0082; for example [] the function definition so that the function Y can be calculated by substituting the password for X. As another example, if the same function is assumed to be used to encrypt a password e, then X, n and optionally the function definition can be transmitted in the encryption key so that the function Y can be calculated by substituting the password for e; par 0092; identification center terminal, and optional intermediate service provider terminal are configured to execute), and 
the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints (Geller: par 0092; identification center terminal are configured to execute; par 0093; identification center terminal is a simulator configured to simulate the encryption on one or more passwords retrieved from storage. For example, if the encryption includes applying a function, simulator is configured to calculate the function; par 0094; a comparator configured to compare the simulated encrypted passwords with the encrypted password received from the use; par 0014; if results of the comparing are sufficient, the identification center sending via the communication medium an indication that the user has been authenticated);
transmit the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition, on the encrypted password (Geller: par 0067; transmit the encryption key along with the transaction number to the intermediate service provider for forwarding to the identification center; par 0090; the encryption key includes the selected function definition; par 0091; the encryption key include a function to be performed on the permuted characters; par 0093; identification center terminal is a simulator configured to simulate the encryption on one or more passwords retrieved from storage. For example, if the encryption includes applying a function, simulator is configured to calculate the function; par 0094; a comparator configured to compare the simulated encrypted password(s) with the encrypted password received from the use).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Geller with the method/system of Zhu to include generate a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password, and the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints; transmit the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition, on the encrypted password. One would have been motivated to simulation by the identification center of the encryption, comparison of the simulated encrypted passwords with the received encrypted password, and authentication of the user if comparison results are sufficient (Geller: abstract).
Zhu in combination with Geller disclose determination as to whether a password satisfies one or more password constraints as recited above, but do not explicitly disclose without divulging the password to a third party remote server; wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password, the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password; 
However, in an analogous art, Veugen discloses protected exchange of data system/method that includes:
without divulging the password to a third party remote server (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0038; utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information);
wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0040; a secure comparison protocol, use is made of an encryption scheme with a public and private encryption key, the encryption scheme having a homomorphic property. That is, an algorithm exists which, from two encrypted numbers, computes directly, without decryption, an encrypted version of the sum of the numbers, for example, by multiplication of the encrypted numbers), the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0038; utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information);
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Veugen with the method/system of Zhu and Geller to include without divulging the password to a third party remote server; wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password, the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password. One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 2; 
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 1, 
Zhu discloses wherein the result is an encrypted result received from the remote server, and wherein the computing system is further configured to (Zhu: par 0074; the network monitoring apparatus receives the activation password encrypted by the client terminal via the second algorithm. Since the encryption key is the original random string generated by the network monitoring apparatus, the network monitoring apparatus decrypts the activation password via the second algorithm to obtain the original activation password): decrypt the received result received from the remote server (Zhu: par 0075; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement [] and information indicating that the network monitoring apparatus is successfully activated); and determine from the decrypted result whether the password satisfies the one or more password constraints (Zhu: par 0075; fig.8; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement. When a complexity of the decrypted original activation password meets the predetermined password strength requirement, the network monitoring apparatus is activated, and information indicating that the network monitoring apparatus is successfully activated).
Veugen further discloses encrypted result (Veugen: par 0042; encrypt a result of those computations with the public encryption key and send it). 
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 11;  
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 2, 
Veugen further discloses the act of encrypting of the password comprising an act of homomorphic encrypting of the password (Veugen: utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information; par 0045; a encrypts the L+1st bit R from the least significant bit in the random number and uses the homomorphic property to compute the encrypted sum of Z, R and the encrypted remainder bit).
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 12;
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 2, 
the function being a homomorphic function (Veugen: utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information; par 0045; a encrypts the L+1st bit R from the least significant bit in the random number and uses the homomorphic property to compute the encrypted sum of Z, R and the encrypted remainder bit).
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).
  


Regarding Claim 13; 
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 2,
Zhu further discloses the encrypted result being generated using private set intersection (Zhu: par 0074; the network monitoring apparatus receives the activation password encrypted by the client terminal via the second algorithm. Since the encryption key is the original random string generated by the network monitoring apparatus, the network monitoring apparatus decrypts the activation password via the second algorithm to obtain the original activation password).  
Veugen further discloses encrypted result (Veugen: par 0042; encrypt a result of those computations with the public encryption key and send it). 
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 15; 
Zhu discloses a method for privately looking up whether a password satisfies one or more constraints, the method comprising (par 0063; checks whether the complexity (namely password strength) of a password set by the user meets the predetermined password strength requirement): 
accessing a password selected by a user (par 0014; in a process of  encrypting an original activation password input by a user); 
encrypting the selected password (par 0059; after the user inputs an original activation password, the client terminal encrypts the original activation password); 
transmitting the encrypted password to the remote server (par 0059; after the user inputs an original activation password, the client terminal encrypts the original activation password and then sends an encrypted activation password to the network monitoring apparatus); 
detecting receipt of an encrypted result of the function on the encrypted password (par 0062; determined whether the original activation password meets a predetermined password strength requirement; par 0074; the network monitoring apparatus receives the activation password encrypted by the client terminal via the second algorithm. Since the encryption key is the original random string generated by the network monitoring apparatus, the network monitoring apparatus decrypts the activation password via the second algorithm to obtain the original activation password);
decrypting the received result received from the remote server (par 0074; the network monitoring apparatus receives the activation password encrypted by the client terminal via the second algorithm. Since the encryption key is the original random string generated by the network monitoring apparatus, the network monitoring apparatus decrypts the activation password via the second algorithm to obtain the original activation password; par 0075; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement [] and information indicating that the network monitoring apparatus is successfully activated); and
determining from the decrypted result whether the password satisfies the one or more password constraints (par 0075; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement. When a complexity of the decrypted original activation password meets the predetermined password strength requirement, the network monitoring apparatus is activated, and information indicating that the network monitoring apparatus is successfully activated).
  Zhu discloses all the limitations as recited above, but do not explicitly disclose generating a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password, and the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints; transmitting the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition. 
However, in an analogous art, Geller discloses authentication system/method that includes:
generating a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password (Geller: par 0067: generate the encryption key; par 0090; the encryption key includes the selected function definition; par 0091; the encryption key include a function to be performed on the permuted characters; par 0082; for example [] the function definition so that the function Y can be calculated by substituting the password for X. As another example, if the same function is assumed to be used to encrypt a password e, then X, n and optionally the function definition can be transmitted in the encryption key so that the function Y can be calculated by substituting the password for e; par 0092; identification center terminal, and optional intermediate service provider terminal are configured to execute), and 
the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints (Geller: par 0092; identification center terminal, and optional intermediate service provider terminal are configured to execute; par 0093; identification center terminal is a simulator configured to simulate the encryption on one or more passwords retrieved from storage. For example, if the encryption includes applying a function, simulator is configured to calculate the function; par 0094; a comparator configured to compare the simulated encrypted password(s) with the encrypted password received from the use; par 0014; if results of the comparing are sufficient, the identification center sending via the communication medium an indication that the user has been authenticated);
transmitting the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition  (Geller: par 0067; transmit the encryption key along with the transaction number to the intermediate service provider for forwarding to the identification center; par 0090; the encryption key includes the selected function definition; par 0091; the encryption key include a function to be performed on the permuted characters; par 0093; identification center terminal is a simulator configured to simulate the encryption on one or more passwords retrieved from storage. For example, if the encryption includes applying a function, simulator is configured to calculate the function; par 0094; a comparator configured to compare the simulated encrypted password(s) with the encrypted password received from the use).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Geller with the method/system of Zhu to include generating a function definition defining a function, wherein: the function is structured for execution by a remote server, the function is structured for execution on the encrypted password, and the function is structured such that, when executed by the remote server, the function operates to determine whether the password, despite being encrypted, satisfies the one or more password constraints; transmitting the function definition to the remote server to trigger the remote server to execute the function, which is defined by the function definition, on the encrypted password. One would have been motivated to simulation by the identification center of the encryption, comparison of the simulated encrypted password(s) with the received encrypted password, and authentication of the user if comparison results are sufficient (Geller: abstract).
Zhu in combination with Geller disclose determination as to whether a password satisfies one or more password constraints; received result as recited above, but do not explicitly disclose without divulging the password to a third party remote server; encrypted result; on the encrypted passwords wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password, the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password. 
However, in an analogous art, Veugen discloses protected exchange of data system/method that includes:
without divulging the password to a third party remote server (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0038; utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information);
encrypted result (Veugen: par 0042; encrypt a result of those computations with the public encryption key and send it). 
on the encrypted passwords wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0040; a secure comparison protocol, use is made of an encryption scheme with a public and private encryption key, the encryption scheme having a homomorphic property. That is, an algorithm exists which, from two encrypted numbers, computes directly, without decryption, an encrypted version of the sum of the numbers, for example, by multiplication of the encrypted numbers), the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password (Veugen: par 0037; intermediary service provider device is configured to be able to execute the secure comparison protocol in communication with each of the information provider devices; par 0038; utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information);
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Veugen with the method/system of Zhu and Geller to include without divulging the password to a third party remote server; encrypted result; on the encrypted passwords wherein, as a result of the encrypted password remaining encrypted while in possession by the remote server and as a result of the remote server executing the function against the encrypted password, the password is prevented from being divulged to the remote server, including during a time when the remote server is executing the function against the encrypted password. One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).
 
Regarding Claim 20;
This Claim recites a device that perform the same steps as method of Claim 15, and has limitations that are similar to Claim 15, thus are rejected with the same rationale applied against claim 15.  
Claims 3-10, 14 and 16-19 are rejected under 35 U.S.C. 103 as being patentable over Zhu et al. (US 20180176188) in view of Geller et al. (US 20030070074) and Veugen et al. (US 20150295712) and further in view of Farivar et al. (“Farivar,” US 10909235, filed on 08/23/2019)

Regarding Claim 3;  
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 2, 
Zhu in combination with Geller and Veugen disclose all the limitations as recited above, but do not explicitly disclose the function being a lookup function against a list of passwords, the one or more password constraint being that the password is not in the list of passwords.
However, in an analogous art, Farivar discloses password security warning system/method that includes:
the function being a lookup function against a list of passwords, the one or more password constraint being that the password is not in the list of passwords (Farivar: Col 2, lines 43-46; fig.2 and fig. 3; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 8, lines 7-9; the password security warning platform may determine that because identical matches do not exist, no warnings are generated).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Farivar with the method/system of Zhu and Geller and Veugen to include the function being a lookup function against a list of passwords, the constraint being that the password is not in the list of passwords. One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).

Regarding Claim 4;
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 3, 
Farivar further discloses the list of passwords comprising a list of weak passwords (Farivar: Col 2, lines 43-46; fig.2 and fig. 3; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 5, lines 6-10; to determine weak passwords may include [] calculate a distance between an input password with a set of blacklisted passwords). 
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).

Regarding Claim 5;
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 3, 
Farivar further discloses the list of passwords comprising a list of breached passwords (Farivar: Col 2, lines 43-46; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 2, lines 10-12; trained with a set of blacklisted passwords (e.g., commonly cracked or compromised passwords). 
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).

Regarding Claim 6; 
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 3, 
Veugen further discloses wherein encrypting the password includes homomorphically encrypting the password, and wherein the lookup function includes a homomorphic lookup function (Veugen: utilizing the homomorphic property of the encryption scheme of the secure comparison protocol, which makes it possible to compute the encryption of blinded information from the encryption of the information without decryption of the information; par 0045; a encrypts the L+1st bit R from the least significant bit in the random number and uses the homomorphic property to compute the encrypted sum of Z, R and the encrypted remainder bit).
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 7; 
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 3, 
Farivar discloses the decrypted result being a value representing whether or not the password is in the list of passwords (Farivar: Col 2, lines 43-46; fig.2 and fig. 3; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 8, lines 7-9; the password security warning platform may determine that because identical matches do not exist, no warnings are generated).
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).
Veugen further discloses a Boolean value (Veugen: par 0161; Boolean
Attribute Verification against a Norm).
One would have been motivated to decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user (Veugen: abstract).

Regarding Claim 8; 
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 3, 
Farivar further discloses wherein the result includes a plurality of passwords, and wherein determining from the result whether the password satisfies the one or more password constraints include (Farivar: Col 3, lines 27-30; fig. 4; by comparing user-created or user entered passwords to these possible passwords generated by the artificial neural network; Col 8, lines 7-10; the password security warning platform may determine that because identical matches do not exist, no warnings are generated, the user may be allowed to proceed to create the passwords): determining whether the password is in the plurality of passwords (Farivar: Col 3, lines 27-30; fig. 4; by comparing user-created or user entered passwords to these possible passwords generated by the artificial neural network; Col 7, lines 65-67; determine that the user-entered password identically matches one of the possible password strings); if the password is in the plurality of passwords, determining that the password is in the list of passwords (Farivar: Col 3, lines 27-30; fig. 4; by comparing user-created or user entered passwords to these possible passwords generated by the artificial neural network; Col 7, line 63- Col 8, line 3; the password security warning platform may also compare this password with the plurality of possible password strings and determine that the user-entered password identically matches one of the possible password strings. a restriction interface may display a message indicating that the user is restricted from creating or using the entered password); and if the password is not in the plurality of passwords, determining that the password is not in the list of passwords (Farivar: Col 2, lines 43-46; fig. 4; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 8, lines 7-9; the password security warning platform may determine that because identical matches do not exist, no warnings are generated).
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).
Zhu further discloses decrypted result (Zhu: par 0075; fig.8; the network monitoring apparatus determines whether a complexity of the decrypted original activation password meets a predetermined password strength requirement. When a complexity of the decrypted original activation password meets the predetermined password strength requirement, the network monitoring apparatus is activated, and information indicating that the network monitoring apparatus is successfully activated).
One would have been motivated to receive an encrypted activation password sent by a client terminal; decrypting the encrypted activation password to obtain an original activation password; determining whether the original activation password meets a predetermined password strength requirement (Zhu: abstract).

Regarding Claim 9; 
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 8, 
Farivar further discloses the list of passwords including a list of weak passwords, the plurality of passwords including a plurality of weak passwords (Farivar: Col 2, lines 43-46; fig. 4; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 5, lines 6-10; to determine weak passwords may include [] calculate a distance between an input password with a set of blacklisted passwords). 
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).

Regarding Claim 10; 
Zhu in combination with Geller and Veugen and Farivar disclose the computing system in accordance with Claim 8, 
Zhu further discloses wherein the computing system is further configured to:  prior to transmitting the encrypted password and the function definition (Zhu: par 0073; fig. 2; the client terminal sets the decrypted original random string as an encryption key of a second algorithm, and encrypts an original activation password via the second algorithm to obtain an activation password. Then, the activation password is sent to the network monitoring apparatus).
Farivar further discloses configuring passwords in the plurality of passwords (Farivar: Col 7, lines 33-40; the user may be required to create a password. User-created passwords, PW1 to PW5 may be different possible passwords that the user may create).
One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).

Regarding Claim 14; 
Zhu in combination with Geller and Veugen disclose the computing system in accordance with Claim 1, 
Zhu in combination with Geller disclose all the limitations as recited above, but do not explicitly disclose wherein determining whether the selected password satisfies the one or more password constraints includes using multi-party computation to determine whether the selected password satisfies the one or more password constraints.
However, in an analogous art, Farivar discloses password security warning system/method that includes:
wherein determining whether the selected password satisfies the one or more password constraints includes using multi-party computation to determine whether the selected password satisfies the one or more password constraints (Farivar: Col 2, lines 43-46; fig.2; when the user creates a new password, that password is compared against the plurality of possible password strings generated by the artificial neural network; Col 5, lines 46-59; typical or predictable character combinations involve combining certain words or characters in a typical or predictable way [] the user's city of birth and the user's name may be combined, and also, the user's cellular phone number and the user's name may be combined. It may be understood that the possible typical or predictable combinations of characters or words are vast and numerous and not limited).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Farivar with the method/system of Zhu and Geller and Veugen to include multi-party computation to determine whether the selected password satisfies one or more password constraints. One would have been motivated to create a new password and that password is compared against the plurality of possible password string generated by the artificial neural network (Farivar: Col 2, lines 44-46).


Regarding Claim 16;
This Claim recites a device that perform the same steps as system of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 17;
This Claim recites a device that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  

Regarding Claim 18;
This Claim recites a device that perform the same steps as system of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 19;
This Claim recites a device that perform the same steps as system of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8. 
 





Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  


For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.W./Examiner, Art Unit 2439   



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439