Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-12 are pending.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-12 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12, respectively, of U.S. Patent No. 11,025,614. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims anticipate the instant claims.  Further, the Examiner notes that removal of limitations from the patent claims to arrive at the instant claims would have been obvious to a skilled artisan for reasons of breadth.

Allowable Subject Matter
Claims 1-12 are allowable with respect to the prior art.  Regarding claims 1, 5 and 9:
US 20100037046 A1 to Ferg et al. discloses system for managing user credentials, comprising: at least one hardware processor (¶22) configured to: receive a first username corresponding to a first user account of an application for managing user credentials (receive vault credentials, ¶20, including username, ¶25, Fig. 7) and a password of a user (Fig. 7; see also ¶20 teaching a one-time password prompt); in response to determining that the password of the user matches a stored password corresponding to the first user account (verification result, ¶20; logon to vault, ¶23, ¶¶33-34; see also ¶38 referring to additional OTP), cause indications of a group of available services to be presented (list of sites for which the user has entered website credentials, ¶35); receive a selection of a service of the group of available services as a selected service (user navigates to website, Figs. 7-8; selecting site from popup, ¶35); transmit, to a server, an identifier corresponding to the selected service (user requests credentials for particular web site, Fig. 3, 121 and receives credentials, Fig. 3, 122); receive, from the server, an encrypted username and an encrypted password corresponding to a second user account of the selected service (receives encrypted credentials, Fig. 3, 122, including username and password, Fig. 9); decrypt the encrypted username and the encrypted password, resulting in a decrypted username and a decrypted password (decrypt credentials, ¶22); cause a first page to be opened that corresponds to a login page of the selected service (web site/page, ¶36).  Ferg further discloses encrypting the password (encrypt website credentials using user key, ¶50) and transmitting the encrypted password in connection with the identifier corresponding to the selected service to the server (¶50).
US 20140281945 A1 to Avni et al. teaches authenticating a user via a handwritten signature (¶74), including a prompting a user to enter a biometric signature on a touchscreen (¶80), transmitting the signature to a server (¶¶101-104) and the server authenticating the signature (¶110).
US 20130254856 A1 to Krishan teaches that it was known to update a stored password for a remote service (¶¶76-78), including generating a random password by generating a plurality of random characters (¶77) and cause a password to be updated to the new password (¶78).
US 20100199086 A1 to Kuang et al. teaches enhancing an authentication procedure (¶60) by automatically changing a password used by an intermediary on behalf of a client after each successful authentication (¶63), including utilizing web pages to authenticate (¶84) and change the password (¶89).
US 20090228978 A1 to Cooley et al. teaches that it was known to detect a successful login attempt (¶¶11-12) based on heuristics from a subsequent page loaded after authentication (¶12).  
US 20090158412 A1 to Miller et al. teaches that it was known to retrieve a PKI private key for an application (downloadable application) and a PKI private key for a user account (operating system) and utilize both keys to decrypt stored data (¶32).  Miller also teaches that the benefits include restricting other operating system applications from accessing the files (¶32).  
US 10,356,088 B1 to Peddada et al. (Fig. 6C, col. 16) shows double encrypting a challenge with two private keys and col. 18 shows benefits of such a feature.  US 20050055316 A1 to Williams shows similar (¶70).  
Further, the Examiner notes that retrieving keys from remote and/or local sources is generally taught throughout the prior art as a means of managing storage requirements and security policies.  However, the prior art fails to disclose or provide a reasonable combination teaching the user authentication, followed by decrypting the encrypted username and the encrypted password comprising retrieving a private PKI key associated with the first user account from a hardware server separate from the hardware processor and a private PKI key associated with the application from the memory and decrypting the encrypted username and the encrypted password using the private PKI key associated with the first user account and the private PKI key associated with the application, utilizing the decrypted username and password to login, and encrypting, in a similar manner to the decryption, an updated password, in combination with the remaining elements of the claimed invention as a whole.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
September 27, 2022