Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1-13 are pending. 
3.	 After further review of the claims, the rejection requirement is withdrawn.  All claims are examined. 
Claim Rejections - 35 USC § 112
4.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


5.	Claim 4 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
	Claim 4 recites: “the user generated password or PIN must consist of a minimum of 2 characters and an unlimited maximum amount of characters” which makes the claim indefinite because as worded, the claim defines a maximally length password that exceeds in size all known and plausibly all future computer memory sizes which is impossible for one skilled in the art to implement.  If applicant’s intent was only to define a minimum character length for the password, the claim should be rewritten to only define a minimum constraint.  For purpose of examination, the Examiner assumes the limitation as “the user generated password or PIN has at least 2 characters.”
Appropriate correction is required.

Claim Rejections - 35 USC § 112

6.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

7.	Claim 4 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement.  The claim contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. The specification, at the time the application was filed, would not have taught one skilled in the art how to make and/or use the full scope of the claimed invention without undue experimentation because the limitation “the user generated password or PIN must consist of a minimum of 2 characters and an unlimited maximum amount of characters” defines a constraint on a hybrid password to include a maximum length that has an unlimited number of characters, which is impossible for one skilled in the art to implement due to clear limits in computer technology.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


8.	Claim(s) 1-11 are rejected under 35U.S.C 103 as being unpatentable over by Baldev Krishan (US 20130254856) hereinafter Krishan, and further in view of Thomas Hoey (US 20090150991), hereinafter Hoey.

	Regarding claim 1:
	Krishan disclose hybrid password (Fig.9B, step 908, generate the unique secure random password for the online account), but fail to disclose combining programmatically generated based password with a user generated password or Personal Identification Number (PIN) used to access an account located on an online website.
However, Hoey teaches combining programmatically generated based password with a user generated password or Personal Identification Number (PIN) used to access an account located on an online website (Hoey, para 20 & 21, the random seed value may be produced each time the user enters a password, then the random seed value may be combined with other attributes prior to application of the algorithms or combination with the algorithms to generate new random generated password to access the resource 108). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.

	Regarding claim 2:
	Krishan and Hoey disclose whereby the programmatically generated based password is created by an online website acting as a portal to other password protected websites (Krishan, Fig.2, para 37, password management platform 202 is configured, as a website comprising a graphical user interface (GUI).

	Regarding claim 3:
Krishan and Hoey disclose whereby the programmatically generated base password is unknown to the owner of an online portal account (Hoey, para 07). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.

Regarding claim 4:
Krishan and Hoey disclose whereby the programmatically generated base password and the user generate password or PIN must consist of a minimum of 2 characters and an unlimited maximum amount of characters (Krishan, para 48). 
	
Regarding claim 5:
	Krishan and Hoey disclose whereby the programmatically generated base password may contain any combination of upper or lower-case alpha characters, numbers, or symbols (Krishan, para 28).

	Regarding claim 6:
	Krishan and Hoey disclose whereby the user generated password or Pin is never retain by said online website acting as portal to password protected websites (Hoey, para 24, and 38). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.


	Regarding claim 7:
	Krishan and Hoey disclose whereby the user generated password or PIN is entered to the online website acting as a portal to password protected website by the account owner (Krishan, Fig.2, para 37).

	Regarding claim 8:
	Krishan and Hoey disclose whereby the programmatically generated password when combined with the user generated password or PIN from a single password for gaining access to a password protected website (Hoey, para 20 &21). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.


	Regarding claim 9:
	Krishan discloses:
a. portal website accessed by said user to protect said user's accounts accessible only through said portal website where said portal website generates a different randomized password portion that remains unknown to said user (Fig.2, Password management platform 201), and (Fig.9B, step 908, generate the unique secure random password for the online account).
c. said user may enter the same user's portion of said password for any of user's said website accounts without fear of a hacker being able to access more than one of said user's website accounts because said portal website has generated a different randomized portion of said portal websites password portion (para 0068: the password generation module 201d defines instructions for configuring a time interval for automatically generating the unique secure random passwords for each of the online accounts based on user preferences. The notification module 201g defines instructions for transmitting a pass word notification to each of the online accounts via the network 703 to replace the user passwords with the generated unique secure random passwords. The password generation module automatically generating the unique secure random passwords when the user tries to access the online accounts. That will make the hacker or unauthorized very hard to steal the correct user password to access the user accounts). 
However, Krishan fails to disclose said user enters said user's portion of said password concatenated or merged into said password portion generated by said portal website, said user's portion of said password remains unknown to said portal website.
Hoey teaches said user enters said user's portion of said password concatenated or merged into said password portion generated by said portal website, said user's portion of said password remains unknown to said portal website (Hoey, para 20 & 21, the random seed value may be produced each time the user enters a password, then the random seed value may be combined with other attributes prior to application of the algorithms or combination with the algorithms to generate new random generated password to access to resource 108). Examiner interprets the random seed value is a password portion generated by said portal website, and the password enter from a user is user’s portion password.
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.

Regarding claim 10:
Krishan and Hoey discloses where said portal website merges said user’s portion of said user’s pin or user’s password potion by interspersing said user’s portion of said user’s pin or user’s password portion of said user’s password (Hoey, para 23, the user may enter both items but be unaware that the entered password is replaced by the generated password and the generated password is actually used to log into the resource 108). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to have combined Hoey’s invention for combining generated password with a user generated password or PIN with Krishan’s hybrid password because doing so enables the system to generate a hybrid password specific to a user each time a user attempts to access a resource and avoids having the system to store the hybrid password.
.
Regarding claim 11:
Krishan discloses where said password portion generated by said portal website or may consist of non-printable characters or may consist of combination of said non-printable characters and printable ACI-II characters (Krishan, para 49).

9.	Claims 12 and 13 are rejected under 35U.S.C 103 as being unpatentable over by Baldev Krishan (US 20130254856), in view of Thomas Hoey (US 20090150991), and further in view of Steven Bender (US 7206938), hereinafter Bender 


Regarding claim 12:
Krishan and Hoey disclose user’s pin or password portion being enter by said user ( Hoey, para 20, each time user enter password), but fail to disclose said portal website measures the difference in time between the characters of said user's pin or password portion being entered by said user, and said portal website averages the time periods between said characters of said user's pin or of said user's password portion being entered, and said portal website saves said time period averages of a predetermined number of said user's login attempt .
Bender teaches said portal website measures the difference in time between the characters of said user's pin or password portion being entered by said user, and said portal website averages the time periods between said characters of said user's pin or of said user's password portion being entered, and said portal website saves said time period averages of a predetermined number of said user's login attempt (column 11, [lines 35-50], column 13, [lines 23-28]). It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine Bender’s key sequence rhythm recognition system with Krishan’s hybrid password to provide additional security to keyboard based systems by recognizing the patterns of typing by a subject to uniquely identify the subject. 


Regarding claim 13:
Krishan, Hoey and Bender disclose where said portal website measures the difference in time between the characters of said user's pin or password portion being entered and compares said time periods against the average of said saved time period averages and if a difference is detected between the time period of characters of said just entered against the saved time period averages of characters of said user's pin or password are different by a predetermined time period, said user's login is rejected (Bender , column 8, [lines 10-21]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine Bender’s key sequence rhythm recognition system with Krishan’s hybrid password to provide additional security to keyboard based systems by recognizing the patterns of typing by a subject to uniquely identify the subject. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH H LE whose telephone number is (571)272-8556.  The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.
  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/THANH H LE/             Examiner, Art Unit 2494       

/JUNG W KIM/             Supervisory Patent Examiner, Art Unit 2494