DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Amendment filed on 12/4/2020.
In the instant amendment, claims 1, 2, 4, 6-8, 13 and 14 have been amended; claims 15 and 16 have been newly added; claims 1, 8 and 14 are independent claims. Claims 1-16 have been examined and are pending. This Action is made Final. 

Response to Arguments
The objection to the Claims 11 and 13 is withdrawn as Claims 11 and 13 have been amended.
The rejection to the Claims 1-14 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph is withdrawn as the claims have been amended.
Applicant Argument in the instant Amendment, filed on 12/4/2020 with respect to 35 U.S.C. 103, have been fully considered but they are not persuasive and/or moot.  
Applicant Argues: Neither Kendall nor Knjazihhin teaches "creating a node responsive to indicia received from a user, without a default password." (emphasis added), see p. 10 and further Furthermore, Kendall and Knjazihhin, either individually or in combination, fail to teach "storing the seed password in the encrypted keystore." see p. 11.
Examiner Response:  The examiner would first like to note that in light of the amendment clarifying “without a default password” in Claim 1 and 8 and further amendments clarifying a concept of “built in user account” in Claim 1, 8, and 14 has clarified the scope thus 
 The examiner notes that Kendall teaches the limitation creating a node responsive to indicia received from a user ([0139] - At step 1602 an employee downloads a wrapped version of an app that may be characterized as generic in that at time of downloading and installation on the device, the app is not customized in any manner for a specific device or user).  The examiner notes a wrapped version of an app that is downloaded to a specific device reads on the concept of “creating a node responsive to indicia received from a user”  Further, Masurkar was now shown to teach concepts of “creating ... responsive of indicia received from a user, without a default password” (Masurkar, col. 6, lines 6-11). Further the examiner notes newly cited reference of Masurkar additionally teaches storing the seed password in the encrypted keystore (Masurkar, col. 7, lines 21-35 – puts it in the temporary password cache table and col. 8, lines 26-24). The examiner notes that Masurkar further teaches in col. 7, lines 21-35 – puts it in the temporary password cache table and col. 8, lines 26-24 - Here, in this mechanism, a single temporary password data record can stay in the cache for as long as twenty four hours, hence a more secure mechanism needs to be devised. AES, or Advanced Encryption Standard, is utilized for protecting the privacy and confidentiality of the temporary password data and SHA-256, Secure Hash Algorithm, for computing hashes to assert integrity).  The examine notes as reasonably constructed a cache table with encryption represents an encrypted keystore.   The examiner further notes it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Masurkar to the node and keystore of Kendall to include creating ... responsive of indicia received from a user, without a default password to thereby render a combination in which the steps of Masurkar can be applied to the node and keystore of Kendall.  
The examiner suggests to advance prosecution clarifying what a “node” entails or represents to overcome the Kendall and Masurkar references.  

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6, 8, 12, 14 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kendall (US 2014/0208100 A1) in view of Masurkar (US 7,685,430 B1).  

Regarding Claim 1;
Kendall discloses a computer-implemented method for starting a node without a default password ([0140]-[0141] – The first time the wrapped app starts, it recognizes that it has not yet been provided for the user (the user does not yet have a user specific section in the keystore), comprising:
creating a node responsive to indicia received from a user ([0139] - At step 1602 an employee downloads a wrapped version of an app that may be characterized as generic in that at time of downloading and installation on the device, the app is not customized in any manner for a specific device or user); 
([0140]-[0141] – The first time the wrapped app starts, it recognizes that it has not yet been provided for the user (the user does not yet have a user specific section in the keystore)); 
when no existing keystore is in the node ([0140]-[0141] – The first time the wrapped app starts, it recognizes that it has not yet been provided for the user (the user does not yet have a user specific section in the keystore): 
creating an encrypted keystore in the node ([0144] – In one embodiment some or all of the key store files (e.g., the policy files) are based and the hashed values are stored in a TOC file... [0145] - ...The TOC file on the app protection server is hashed....  [0147] -  At step 1618 the resulting partial or complete keystore on the server is transmitted to the app on the device. At step 1620 the partial or complete keystore is installed in the wrapped app) and [0163] – keystore, in an encrypted format); and
storing ... in the encrypted keystore ([0144] - At step 1610 the user and device-specific (policy) files are embedded into the user section of the app keystore on the app protection server. In one embodiment, some or all of the keystore files (e.g., the policy files) are hashed and the hash values are stored in a TOC file at step 1612 and [0147] and [0163] – keystore, in an encrypted format); 
allowing access to the node using the built-in user ... password ([0150]).
Kendall fails to explicitly disclose a computer-implemented method ..., comprising:
		creating a node responsive of indicia received from a user, without a default password;
		[when..]:
generating a seed password for a built-in user account of the node; 
;
 [creating an encrypted keystore ...]; and
 storing the seed password in the encrypted keystore and
 allowing access to the node using the built-in user account and the seed password.
However, in an analogous art, Masurkar teaches a computer-implemented method ..., comprising:
	creating ... responsive of indicia received from a user, without a default password (Masurkar, col. 6, lines 6-11).
		[when..]:
generating a seed password for a built-in user account ... (Masurkar, col. 6, lines 21-32 – first generates a random initial temporary password for the first login... and col. 7, lines 21-35); 
non-persistently providing the seed password to the user (Masurkar, col. 6, lines 21-32 and col. 7, lines 21-35 – sent to the user by email);
 [creating an encrypted keystore ...] (Masurkar, col. 7, lines 21-35 – puts it in the temporary password cache table and col. 8, lines 26-24 - Here, in this mechanism, a single temporary password data record can stay in the cache for as long as twenty four hours, hence a more secure mechanism needs to be devised. AES, or Advanced Encryption Standard, is utilized for protecting the privacy and confidentiality of the temporary password data and SHA-256, Secure Hash Algorithm, for computing hashes to assert integrity);  As reasonably constructed a cache table with encryption represents an encrypted keystore;  and
(Masurkar, col. 7, lines 21-35 – puts it in the temporary password cache table and col. 8, lines 26-24);   and
allowing access ... using the built-in user account and the seed password (Masurkar, col. 8, lines 59-col. 8, lines 9).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Masurkar to the node and keystore of Kendall to include creating ... responsive of indicia received from a user, without a default password; [when..]: generating a seed password for a built-in user account ...; non-persistently providing the seed password to the user; [creating an encrypted keystore ...]; storing the seed password in the encrypted keystore allowing access ... using the built-in user account and the seed password to thereby render a combination in which the steps of Masurkar can be applied to the node and keystore of Kendall
One would have been motivated to combine the teachings of Masurkar to Kendall to do so as it provides / allows for a high level process and functionality for a secure, practical and logically optimized, yet friendly, inter-network authentication mechanism by employees, partners and customers of an enterprise into the hosted Internet site (Masurkar, col. 3, lines 41-48). 






Regarding Claim 6;
Kendall and Masurkar disclose the method to Claim 1.
Masurkar further teaches wherein the encrypted keystore is encrypted using at least one of: Triple DES, RSA, Blowfish, Twofish, and Advanced Encryption Standard (AES) (Masurkar, col. 8, lines 21-34).
Similar motivation is noted for Claim 6, as per claim 1 above.

Regarding Claim(s) 8 and 12, claim(s) 8 and 12 is/are directed to a/an system associated with the method claimed in claim(s) 1 and 6. Claim(s) 8 and 12 is/are similar in scope to claim(s) 1 and 6, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 14, claim(s) 14 is/are directed to a/an system associated with the method claimed in claim(s) 1. Claim(s) 14 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.


Regarding Claim 16;
Kendall and Masurkar disclose the method to Claim 1.
Kendall further disclose further comprising authenticating the user by the node...  ([0150]).
Masurkar further teaches further comprising authenticating the user... using the built-in user account and the seed password (AES) (Masurkar, col. 7, lines 58-col. 8, lines 9).
Similar motivation is noted for Claim 16, as per claim 1 above.
Claims 2-4, 7, 9-11 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kendall (US 2014/0208100 A1) in view of Masurkar (US 7,685,430 B1) and further in view of Nettleton (US 2011/0265160 A1).

Regarding Claim 2;
Kendall and Masurkar disclose the method to Claim 1.
Kendall further discloses further comprising: receiving a new password for the predefined user from the user or another user ([0117] - ...asking the user to “Change Password”... enters, a new long-term passphrase which is used going forward to unlock the app); and storing ... in the encrypted keystore ([0121] - FIG. 15 is a flow diagram showing processes of unlocking or recovering from a locked app in accordance with one embodiment. As noted above with respect to FIG. 13, the user has locked himself out of the app (e.g., forgetting the passphrase, making too many failed attempts to login, etc.) and needs to unlock the app and establish a new long-term passphrase and[0126] - Finally, the keystore master key is re-encrypted with the new symmetric key derived from the new user passphrase (i.e., form of storing a new password in the encrypted keystore) and the symmetric key derived from the new device generated random recovery passphrase and [0159] - Any subsequent passphrase update by the user on the device requires the wrapped app to successfully hash the protected files in the keystore before the user's updated passphrase is accepted. Those same hashes are then added transparently as inputs to the key derivation function for the new updated passphrase. A "chain of trust" is maintained because no new passphrase can be created that does not use a verified version of those files and [0163] – keystore, in an encrypted format).

	However, in an analogous art, Nettle teaches storing the new password in the encrypted “store” (Nettleton, [0072] – encrypt the password before storing)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Nettleton to the method of Kendall and Masurkar to include storing the new password in the encrypted “store”. 
One would have been motivated to combine the teachings of Nettleton to Kendall and Masurkar to provide users with a means for automatic updates of dynamic passwords for computer systems (Nettleton, [0005]).

Regarding Claim 3;
Kendall and Masurkar and Nettleton disclose the method to Claim 2.
Nettleton further teaches wherein creating the node includes at least one of: setting a name for the node (Nettleton, [0045] – register new child nodes and [0047] and [0052] – a server identification for the child node) and configuring the node to see other nodes in a cluster, the node being a part of the cluster. 

Regarding Claim 4;
Kendall and Masurkar and Nettleton disclose the method to Claim 3.
Masurkar further teaches wherein the seed password is randomly generated (Masurkar, col. 6, lines 21-32).
 
Regarding Claim 7;
Kendall and Masurkar disclose the method to Claim 1.
Kendall and Masurkar fail to disclose wherein the node is at least one of a master node and data node.
However, in an analogous art, Nettleton teaches wherein the node is at least one of a master node and data node (Nettleton, [0026] - One or more of the child nodes 120 can act as servers as well. For example, a child node 120 can be a server for a website accessed by the computing devices, or can perform as a server in some other manner. For further example, a child node 120 can be a web server, an application server, a game server, a database server or many other server types. It is not necessary, however, that a child node 120 be a server. In some embodiments of the password management system 100, the child nodes 120 can comprise a mix of servers and non-server computer systems, or alternatively, the child nodes 120 can comprise all servers or all non-server computer systems).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Nettleton to the method of Kendall and Masurkar to include wherein the node is at least one of a master node and data node. 
One would have been motivated to combine the teachings of Nettleton to Kendall and Masurkar to provide users with a means for automatic updates of dynamic passwords for computer systems (Nettleton, [0005]).

Regarding Claim(s) 9-11 and 13; .
Claims 5 and 15  is/are rejected under 35 U.S.C. 103 as being unpatentable over Kendall (US 2014/0208100 A1) in view of Masurkar (US 7,685,430 B1) and further in view of Nettleton (US 2011/0265160 A1) and further in view of Knjazihhin et al. (US 9,781,102 B1).

Regarding Claim 5;
Kendall and Masurkar and Nettleton disclose the method to Claim 4.
Kendall and Masurkar and Nettleton fail to explicitly disclose wherein the seed password is randomly generated using a cryptographically secure pseudo-random number generator. 
However, in an analogous art, Knjazihhin teaches wherein the seed password is randomly generated using a cryptographically secure pseudo-random number generator. (Knjazihhin, col. 5, lines 1-7 – pseudo-random or random number generator).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Knjazihhin to the method of Kendall and Masurkar and Nettleton to include wherein the seed password is randomly generated using a cryptographically secure pseudo-random number generator.
One would have been motivated to combine the teachings of Knjazihhin to Kendall and Masurkar and Nettleton to provide users with a means for an improved technique [obtaining of a password] (Knjazihhin, col 2, lines 40-51).

Regarding Claim(s) 15, claim(s) 15 is/are directed to a/an system associated with the method claimed in claim(s) 5. Claim(s) 15 is/are similar in scope to claim(s) 5, and is/are therefore rejected under similar rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/KARI L SCHMIDT/Primary Examiner, Art Unit 2439