DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 2022-04-12 has been entered.


Response to Amendment
The amendment filed 2022-04-12 has been entered and fully considered.

In light of applicant’s amendment, filed 2022-04-12, the non-statutory obviousness-type double patenting rejection has been withdrawn.  The Examiner further notes that the prior rejection included an incorrect US Patent number.  It should have recited the Patent number of US Application 13194287 (US-9767262), but instead erroneously referred to the application number as the US Patent number.  Regardless, the rejection is withdrawn.

Applicant’s arguments, see pp. 11-13, filed 2022-04-12, with respect to the claim amendments overcoming the prior art of the rejection of claims 1-20 under 35 U.S.C. § 103 have been fully considered and are persuasive. 


Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Matthew Sanders (Reg on 2022-04-19.

Please replace the Claims as follows:
1. (Currently Amended) A method, comprising:
receiving, via at least one of one or more computing devices, a request to authenticate a user account, the request comprising a master security credential, a valid master security credential being employed to authenticate the user account for access to a plurality of security credentials;
determining, via at least one of the one or more computing devices, that the master security credential is invalid;
-determining, via at least one of the one or more computing devices, to generate a plurality of dynamic knowledge-based questions instead of retrieving static knowledge-based questions, the determination being based at least in part on a sufficiency of user data associated with the user account;
 generating, via at least one of the one or more computing devices, the plurality of dynamic knowledge-based questions in an instance in which the master security credential is invalid; 
providing, via at least one of the one or more computing devices, the plurality of dynamic knowledge-based questions to an application executing on a client device; 
generating, via the at least one of the one or more computing devices, a score based at least in part on a comparison of a plurality of received answers to the plurality of dynamic knowledge-based questions with a plurality of valid answers to the plurality of dynamic knowledge-based questions, the plurality of received answers being received from the application; and
in response to determining that the score meets or exceeds a predetermined threshold, granting, via the at least one of the one or more computing devices, access to reset a master security credential associated with the user account.

2. (Original) The method of claim 1, further comprising providing access to the plurality of security credentials for a predetermined number of minutes.

3. (Previously Presented) The method of claim 1, wherein providing the plurality of dynamic knowledge-based questions to the application comprises sending data to the application configured to generate a user interface to be rendered by the application, the user interface comprising the plurality of dynamic knowledge-based questions.

4. (Original) The method of claim 1, wherein the plurality of security credentials grant access for the user account to a plurality of different applications. 

5. (Original) The method of claim 1, further comprising:
receiving a new master security credential from the application; and 
storing a hashed version of the new master security credential as the master security credential. 

6. (Original) The method of claim 1, further comprising sending a configuration file including a security credential specification to the client device, the security credential specification specifying at least one of: a character set, a minimum length, or a maximum length for a password.

7. (Previously Presented) The method of claim 1, wherein at least one of the plurality of dynamic knowledge-based questions is generated based at least in part on at least one of: purchase transaction data, browsing history, order history, search history, or profile information associated with the user account.

8. (Previously Presented) The method of claim 1, wherein individual received answers of the plurality of received answers are weighted with a respective different weight based at least in part on a respective knowledge-based question of the plurality of dynamic knowledge-based questions.

9. (Previously Presented) A system, comprising:
at least one computing device; and
a manager executable in the at least one computing device, wherein, when executed, the manager causes the at least one computing device to at least:
receive a request to authenticate a user account, the request comprising a master security credential, a valid master security credential being employed to authenticate the user account for access to account data associated with a user account;
determine to generate a plurality of dynamic knowledge-based questions instead of retrieving static knowledge-based questions, the determination being based at least in part on a sufficiency of user data associated with the user account;
 generate the plurality of dynamic knowledge-based questions in an instance in which the master security credential is invalid;
generate a user interface comprising the plurality of dynamic knowledge-based questions; 
receive a plurality of knowledge-based answers to the plurality of dynamic knowledge-based questions from a client device;
generate a score based at least in part on the plurality of received knowledge-based answers to the plurality of dynamic knowledge-based questions; and
in response to determining that the score meets or exceeds a predetermined threshold, perform an action comprising at least one of: establishing a new master security credential as the valid master security credential or providing access to the account data for a predetermined number of minutes.

10. (Original) The system of claim 9, wherein receiving the request comprises receiving a request to reset a master security credential associated with the user account.

11. (Original) The system of claim 9, wherein the account data comprises a plurality of security credentials accessible via the master security credential, and wherein, when executed, the manager causes the at least one computing device to at least provide the plurality of security credentials to the client device.

12. (Original) The system of claim 9, wherein the account data comprises a plurality of security credentials accessible via the master security credential, and wherein, when executed, the manager causes the at least one computing device to at least: 
automatically generate at least one of the plurality of security credentials according to a security credential specification received from a remote computing device; and
send the at least one of the plurality of security credentials and the security credential specification to the client device.

13. (Previously Presented) The system of claim 9, wherein at least one of the plurality of dynamic knowledge-based questions is generated based at least in part on a recency of at least one of: purchase transaction data, browsing history, order history, search history, or profile information associated with the account data.

14. (Original) The system of claim 9, wherein the request comprises a master security credential, and receiving the request comprises determining that the master security credential is not valid based at least in part on comparing a hashed version of the master security credential with a master security credential stored in association with the user account. 

15. (Previously Presented) A non-transitory computer-readable medium embodying specific instructions that, when executed, cause at least one computing device to at least:
receive a request for account data required to access a network site, the request being received from an application executing on a client device, and the request comprising a master security credential, a valid master security credential employed to authenticate a user account for access to the account data;
determine to generate a plurality of dynamic knowledge based questions instead of retrieving static knowledge-based questions, the determination being based at least in part on a sufficiency of user data associated with the user account;
generate the plurality of dynamic knowledge-based questions in an instance in which the master security credential is invalid;
provide the plurality of dynamic knowledge-based questions to the application; 
generate a score based at least in part on a comparison of a plurality of received answers to the plurality of dynamic knowledge-based questions with a plurality of valid answers to the plurality of dynamic knowledge-based questions, the plurality of received answers being received from the application; and
in response to determining that the score meets or exceeds a predetermined threshold, perform an action comprising at least one of resetting the master security credential or providing the application with access to the account data for a predetermined number of minutes.

16. (Original) The non-transitory computer-readable medium of claim 15, wherein, when executed, the instructions further cause the at least one computing device to at least assign a different weight to individual answers of the plurality of received answers based at least in part on a recency of at least one of purchase transaction data or profile information associated with the account data. 

17. (Original) The non-transitory computer-readable medium of claim 15, wherein the account data comprises at least one of a username, a password, a security key, or a certificate. 

18. (Original) The non-transitory computer-readable medium of claim 15, wherein the instructions, when executed, further cause the at least one computing device to at least automatically generate at least one of a plurality of security credentials accessible via the master security credential according to a security credential specification received from a remote computing device. 

19. (Original) The non-transitory computer-readable medium of claim 15, wherein the instructions, when executed, further cause the at least one computing device to at least deny access to the account data based at least in part on the score failing to meet a predetermined threshold.

20. (Original) The non-transitory computer-readable medium of claim 15, wherein providing the plurality of dynamic knowledge-based questions comprises at least one of: generating a network page for rendering in a browser in the client device or sending data to the application in order for a user interface to be rendered by the application. 

Allowable Subject Matter
Claims 1-20 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments with respect to the claim amendments traversing the prior art of record are persuasive.  In addition, based on an updated search and further consideration, the Examiner has been unable to locate prior art that would anticipate or render obvious the claimed invention as a whole.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436.  The examiner can normally be reached on Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491