DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to the communication filed 2/24/2020.
Claims 1-20 are presented for examination.

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/16/2020.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner. 

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d) or (f).
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  

Specification
The disclosure is objected to because of the following informalities:
“<0}” at last line of [0220] should be deleted.
The intended meanings of [0100]-[0103] from the specification are not clear or conflict with each other. 
Both of [0100] and [0101] state feature of if “the virtual machine does not have the password reset function”, then the password reset request would be performed in a manner that is discussed at the prior art like [0005] of the specification. However, [0102], the subsequent descriptions for embodiment of [0100]-[0101], states a feature of if “the first identifier indicates that the virtual machine does not have the password reset function, the virtual machine specifies the first identifier in the metadata server”. If [0102] is really the subsequent descriptions for the embodiment of [0100]-[0101], it is not clear the purpose for the virtual machine to specify the first identifier in the metadata server when the first identifier indicates that the virtual machine does not have the password reset function since the password reset at this situation would be performed in a different manner as the invention does (process of specifying the first identifier at the metadata server is a subprocess of the password reset manner of the invention, but such process is not required for the manner discussed at prior art like [0005] from the specification).
The descriptions between [0102] and [0103] do not make sense to one with ordinary skill in the art or it is not clear the relationship between [0102] and [0103]. Both of [0102] and [0103] state “the virtual machine specifies the first identifier in the metadata server”, [0102] provides the one of the conditions to perform such action, i.e., “the first identifier indicates that the virtual machine does not have the password reset function” and [0103] provides the further details of such action, i.e., “indicates that the first identifier is specified to indicate that the virtual machine has the password reset function”. One with ordinary skill in the art would not understand such descriptions at [0102] and [0103] since [0102] just states feature of that the virtual machine does not the password reset function, then perform a specific action while [0103] just states feature of performing such specific action is to indicate the virtual machine does have the password reset function. It is not clear whether the invention here misses a link of installing or deploying such password reset function at the virtual machine that did not have such password reset function would actually specify the first identifier to indicate the virtual machine does have the password reset function even at the situation of the virtual machine does not have the password reset function. 
The intentions of the virtual machine try to specify the first identifier to/in the metadata server at [0101] and then obtain the first identifier from the metadata server at [0102] do not make sense to one with ordinary skill in the art. If the purpose of specifying and obtaining the first identifier is to figure out whether the corresponding virtual machine include the password reset function, then it is not clear the purpose for the virtual machine itself to specify and/or obtain such first identifier to/from the metadata server since the virtual machine itself can find out whether such password reset function exists at the virtual machine. According to [0096] or [0103], the first identifier or the flag for the virtual machine to be specified to the metadata server should be included or provided with a value to indicate whether there is a password reset function/module being installed at the virtual machine or not. If so, then it is clear to the invention or the virtual machine that whether the corresponding virtual machine include the password reset function or not, i.e., the purpose for the virtual machine tries to specify and/or obtain the first identifier in/from the metadata server is achieved. It is not clear to one with the purpose of performing these two actions is already achieved before performing these two actions.    
Appropriate correction is required.

Claim Objections
Claim 11 is objected to because of the following informalities:
“configure the reset password” at line 8 should be “configure a reset password”.
“a metadata service coupled to he cloud service computing node” at line 17 should be “a metadata service coupled to the cloud service computing node”.
  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3-4 and 8-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding to Claim 3, the meanings of “The virtual machine password reset method of claim 2, further comprising: sending an identifier obtaining request to the cloud service computing node …; receiving an identifier obtaining response from the cloud service computing node in response to sending the identifier obtaining request …in the metadata server” at lines 1-10 are not clear. First of all, based on the plain meaning and the preambles of Claims 1 and 3, the positively cited steps/actions from Claim 3 should be implemented by the claimed virtual machine, i.e., both of the claimed sending an identifier obtaining request to the cloud service computing node and the claimed receiving an identifier obtaining response from the cloud service computing node should be performed by the claimed virtual machine. Based on the specification, the main purpose of implementing such claimed sending and receiving steps/actions are determining whether the current claimed virtual machine has a password reset function or not in order to perform the further processing related to the password reset request. However, also based on the specification, the result of whether the current claimed virtual machine has a password reset function or not is actually achieved by the virtual machine itself. It is not clear to one with ordinary skill in the art that the purpose of a component would like to send a request to obtain data or information from other component that was determined/obtained by the component itself if the performances of the claimed sending and obtaining are only to obtain the same data or information. It would be reasonable for the console device to send the password identifier obtaining request and receive the identifier obtaining response as required by Claim 13 and other locations from the specification. Thereby, it is not clear whether Applicant intend to mean the virtual machine to perform such claimed sending an identifier obtaining request and claimed receiving an identifier obtaining response OR it is the console device to perform those claimed steps/actions (note: if it is the console device to perform those claimed steps/actions, then these two claimed steps/actions are not recited as the scope of the claim since Claim 1 or Claim 3 is a method implemented by the virtual machine while the consoled device is not the virtual machine).
In addition, it is not clear whether the limitation “specifying the first identifier in the metadata server when the identifier obtaining response indicates the first identifier is not obtained” is specifying the first identifier to indicate the actual status of whether the claimed virtual machine has the password reset function or not OR specifying the first identifier to indicate the claimed virtual machine has the password reset function even the actual status of the claimed virtual machines shows the claimed virtual machine does not have the password reset function.
Note: based on [0103] from the specification, the specification does state “the virtual machine specifies the first identifier in the metadata server specifically indicates that the first identifier is specified to indicate that the virtual machine has the password reset function” instead of indicating whether the virtual machine has the password reset function or not.
In order to determine patentability, Examiner seeks clarification with regard to claimed limitations. 

Claim 4 is rejected for failing to cure the deficiency from their respective parent claim by dependency. In addition, it is not clear whether the limitation “the cloud service computing node to specify the first identifier in the metadata server” is specifying the first identifier to indicate the actual status of whether the claimed virtual machine has the password reset function or not OR specifying the first identifier to indicate the claimed virtual machine has the password reset 
Note: based on [0103] from the specification, the specification does state “the virtual machine specifies the first identifier in the metadata server specifically indicates that the first identifier is specified to indicate that the virtual machine has the password reset function” instead of indicating whether the virtual machine has the password reset function or not.
In order to determine patentability, Examiner seeks clarification with regard to claimed limitations. 

Regarding to Claim 8, Claim 8 is rejected under the same reason set forth in the rejection of Claim 3 above.
Claim 9 is rejected for failing to cure the deficiency from their respective parent claim by dependency.

Due to the confusion and uncertainty as to the proper interpretation of the limitations of the claims above (i.e., Claims 3-4 and 8-9), it would not be proper to reject such claims on the basis of prior art. As stated In re Steele, 305 F.2d 859,134 USPQ 292 (CCPA 1962) (it is improper to rely on speculative assumptions regarding the meaning of a claim and then base a rejection under 35 U.S.C. 103 on these assumptions), a rejection should not be based on considerable speculation about the meanings of limitations in a claim or assumptions that must be made as to the scope of the claims.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  

Regarding to Claim 1, Claim 1 is a method claim and recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “sending a password obtaining request”, “receiving a password obtaining response” and “configuring the reset password as a password of the virtual machine”). Steps/actions performed mentally or with a pen or paper have been found by the courts to be abstract.
The limitation of “wherein the password obtaining response is received after … and wherein the password obtaining response comprises the reset password” is only further descriptions of some details context of the abstract idea of “receiving a password obtaining response”. Such limitation does not change the nature of the abstract idea. In addition, limitation “the cloud service computing node to query the reset password in a metadata server” is not positively cited as the step/action to be performed by the claimed method since the claimed method is steps/actions performed by the claimed virtual machine while such query is performed by the claimed cloud service computing node which is not the claimed virtual machine (note: even Applicant amends the claim as method performed by the claimed virtual machine and the claimed cloud service computing node, such query is still considered as abstract idea that is performed mentally (like evaluation, judgement, opinion) or with a pen or paper).

The additional limitations like “a virtual machine”, “a cloud service computing node” and “a metadata server” are merely citing computer components as tool to perform the abstract idea. Such type of additional limitations is not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claims 2-5 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For Claim 2, Claims 2 further cites steps/actions of retrieving or generating data then decrypting encrypted data (i.e., limitations of “obtaining a universally unique identifier of the virtual machine”, “extract a salt from the encrypted reset password”, “generating a key based on the universally unique identifier of the virtual machine and the salt”, “extracting a cyphertext from the encrypted reset of password” and “decrypting the cyphertext using the key to obtain a plaintext password”) and configuring plaintext password as password of the virtual machine. Those steps/actions can be performed mentally (like evaluation, judgement, opinion) or with a pen or paper. Steps/actions performed mentally or with a pen or paper have been found by the courts to be abstract. The additional limitations like “the reset password in the metadata server is an an abstract idea) without significantly more.

For Claim 3, similar to Claim 1, limitations “sending an identifier obtaining request”, “receiving an identifier obtaining response” and “specifying the first identifier” are abstract idea that is performed mentally or with a pen or paper. The limitations of “wherein the identifier obtaining request is for obtaining a first identifier, wherein the first identifier indicates whether the virtual machine has a password reset function”, “wherein the identifier obtaining response is received after the first identifier is queried in the metadata server” and “when the identifier obtaining response indicates that the first identifier is not obtained” are merely further specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitations like “the virtual machine”, “the cloud service computing node” and “the metadata server” are merely citing computer components as tool to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 3 is also rejected under an abstract idea) without significantly more.

For Claim 4, limitation “sending an identifier specifying request” is abstract idea that is performed mentally or with a pen or paper. The limitations of “to enable the cloud service computing node to specify the first identifier in the metadata server” is merely further specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitations like “the cloud service computing node” and “the metadata server” are merely citing computer components as tool to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 4 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

For Claim 5, limitation “sending a password deletion request” is abstract idea that is performed mentally or with a pen or paper. The limitation of “to enable the cloud service computing node to delete the reset password in the metadata server” is merely further specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitations like “the cloud service computing node” and “the metadata server” are merely citing computer components as tool to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept an abstract idea) without significantly more.

Regarding to Claim 6, Claim 6 is a system claim and contains same steps/actions that are cited at Claim 1 which are considered as abstract idea that is performed mentally (like evaluation, judgement, opinion) or with a pen or paper. The additional limitations like “a physical host”, “a processor”, “a memory”, “a virtual machine”, “a cloud service computing node” and “a metadata server” are merely citing computer components as tool to perform the abstract idea. The additional limitation like “run a virtual machine” is merely adding insignificant extra-solution activity to the judicial expectation. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations “a physical host”, “a processor”, “a memory”, “a virtual machine”, “a cloud service computing node” and “a metadata server” are merely citing computer components as tool to perform the abstract idea.
The following references provided as provided to show the additional limitation “run a virtual machine” is simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.

Fig. 1 and [0017] from Singh et al. (US PGPUB 20110191834 A1-IDS recorded) disclose feature of running a virtual machine on physical host.

Fig. 3, [0002] and [0053] from Aluvala et al. (US PGPUB 20170339142 A1) show feature of running a virtual machine on physical host.
[0028] from Liu et al. (US PGPUB 20190129804 A1) discloses feature of running a virtual machine on physical host.

In this way, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole. Thereby, Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claims 7-10 are rejected for failing to cure the deficiency from their respective parent claim by dependency. In addition, Claims 7-10 are rejected for the same reasons set forth in the rejections of Claim 2-5 above respectively.

Regarding to Claim 11, Claim 11 is a system claim and recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “send a password obtaining request”, “receive a password obtaining response in response to sending the password obtaining request”, “configure the reset password as a password … comprises the rest password”, “receive a password specifying request”, “send the reset password”, “query the reset password of the virtual machine”, “send the password obtaining response”, “obtain the reset password that is entered” and “send the password specifying request, wherein the 
The additional limitations like “a physical host”, “a virtual machine”, “a cloud service computing node”, “a metadata server” and “a console device” are merely citing computer components as tool to perform the abstract idea. The additional limitation like “store the reset password” is merely adding insignificant extra-solution activity to the judicial expectation. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations “a physical host”, “a virtual machine”, “a cloud service computing node”, “a metadata server” and “a console device” are merely citing computer components as tool to perform the abstract idea.
The following references provided as provided to show the additional limitation “store the reset password” is simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.
[0030] from Fuse et al. (US PGPUB 20140090015 A1) discloses feature of storing password in a storage.
[0005] from Miller et al. (US PGPUB 20140089683 A1) discloses feature of storing password in a storage.
Fig. 6 and [0003] from Fazal et al. (US PGPUB 20070079143 A1) disclose feature of storing password in a storage.
[0206] from Mashimo (US PGPUB 20120011577 A1) discloses feature of storing password in a storage.
an abstract idea) without significantly more.

Claims 12-20 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For Claim 12, Claims 12 further cites steps/actions of retrieving or generating data then encrypting and decrypting encrypted data (i.e., limitations of “obtaining a universally unique identifier of the virtual machine”, “generate a random number as a salt”, “generate a key based on the universally unique identifier of the virtual machine and the salt”, “encrypt the reset password using the key to generate a cyphertext”, “obtain the universally unique identifier of the virtual machine”, “extract the salt from the encrypted reset password”, “generate the key based on the universally unique identifier of the virtual machine and the salt”, “extract the cyphertext from the encrypted reset of password” and “decrypt the cyphertext using the key to obtain a plaintext password”) and configuring plaintext password as password of the virtual machine. Those steps/actions can be performed mentally (like evaluation, judgement, opinion) or with a pen or paper. Steps/actions performed mentally or with a pen or paper have been found by the courts to be abstract. The additional limitation like “save the salt and the ciphertext together as an encrypted reset password into the metadata server” is merely adding insignificant extra-solution activity to the judicial expectation that is proved as simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception at Claim 11 above. Such two types of additional limitations are neither indicative of an abstract idea) without significantly more.

For Claim 13, similar to Claim 11, limitations “send an identifier obtaining request”, “query the first identifier”, “return an identifier obtaining response”, “receive the identifier obtaining response”, “determine … whether the virtual machine has the password reset function” are abstract idea that is performed mentally or with a pen or paper. The limitations of “wherein the identifier obtaining request used to obtain a first identifier, wherein the first identifier indicates whether the virtual machine has a password reset function” are merely further specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitations like “the console device”, “the virtual machine”, “the cloud service computing node” and “the metadata server” are merely citing computer components as tool to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 13 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.


For Claim 14, limitations “send a password deletion request”, “receive the password deletion request” and “delete the reset password” are abstract idea that is performed mentally or an abstract idea) without significantly more.

For Claim 17, in additional to the limitations from Claim 11, the additional limitation of Claim 15 is merely restarting the virtual machine by the cloud service computing node. Such limitation is merely adding insignificant extra-solution activity to the judicial expectation. Such type of additional limitation is not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the following references provided as provided to show the additional limitation mentioned above is simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.


[0003] from Nagy (US PGPUB 20170123836 A1) disclose feature of a cloud manager to restart a virtual machine.
[0029] from Shu et al. (US PGPUB 20140344805 A1) show feature of a cloud provider to restart a virtual machine.
In this way, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole. Thereby, Claim 17 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over DeMoss et al. (US PGPUB 9935940 B1, hereafter DeMoss) in view of Yan (CN 105530246 A-IDS recorded, English translation version is provided by Dialog).

Regarding to Claim 1, DeMoss discloses: A virtual machine password reset method implemented by a virtual machine (see Figs. 1, 5, lines 45-52 of col. 2, lines 55-67 of col. 17; “providing on-demand access to compute resources, such as virtual machine instances”, “data processing resources may be available as virtual machine instances”), wherein the virtual machine password reset method comprises:
sending a password obtaining request to a cloud service computing node (see Figs. 1, 5, lines 48-54 of col. 10; “an application sending a query to a database, where the application routes a password reset query through a password reset service. In embodiments, the operating procedures of FIG. 5 may be implemented by an application executing on VM instance 114A of FIG. 1 as it queries database 116 via password reset service 122”);
receiving a password obtaining response from the cloud service computing node in response to sending the password obtaining request, wherein the password obtaining responses is received after the password obtaining request permits the cloud service computing node to query the reset password in a metadata server (see Figs. 1, 5, lines of 4-7, 30-37, 41-43, 55-57 of col. 11; “the request from the user is a request to reset the user's password”, “the password reset service sending the query to the database” and “the database sending the response to the password reset service, which in turn sends the response to the application”. In response to receive the password reset request send from the application running on the virtual machine, the password reset service, i.e., claimed cloud service computing node, queries the database, i.e.,  it is reasonable to state that the password reset service from Fig. 1 is a cloud service computing node). 

DeMoss does not disclose:
wherein the password obtaining response comprises the reset password; and
configuring the reset password as a password of the virtual machine.
However, Yan discloses: a virtual machine password reset method implemented by a virtual machine, wherein the virtual machine password reset method comprises:
receiving a password obtaining response, wherein the password obtaining response comprises the reset password (see [0010]-[0012]; “the receiving VMM authentication response sent from the client, the authentication password and carrying the target in response to the random captcha digital signature, the authentication response forwarded to the security agent module”. The response send back to the virtual machine includes target password, i.e., the claimed reset password. Also see Fig. 1, [0005] and [0010]; “created for the user when the virtual machine, the virtual machine OS with administrator authority is installed on the security agent module”. The security agent module that receives the response from the VMM described 
configuring the reset password as a password of the virtual machine (see [0011]-[0012]; “the security agent module may invoke different system interfaces OS login password modification of the virtual machine, for example, the security agent module invocation command line interface window system or netuser linux passwd interface of the system of the virtual machine OS login password modification stated goal password”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the password reset response received by the virtual machine requests the password reset request and the components of the virtual machine from DeMoss by including process of reconfiguring the virtual machine with the new password received from the password reset response from Yan, since it would provide a mechanism of ensuring the password at the virtual machine side is actually updated or reconfigured with the new/reset password (see [0010]-[0012] from Yan).

Regarding to Claim 6, Claim 6 is a system claim corresponds to method Claim 1 and is rejected for the same reason set forth in the rejection of Claim 1 above (note: based on Figs. 1, 5, lines 48-54 of col. 10 from DeMoss, the password reset request is sent from the application executing within a virtual machine while the steps/actions discussed at Claim 1 is performed by the virtual machine, and thus it would inherently require the physical server/host that host the virtual machine to run the virtual machine).

Claims 2 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over DeMoss et al. (US Patent 9935940 B1, hereafter DeMoss) in view of Yan (CN 105530246 A-IDS recorded, English translation version is provided by Dialog) and further in view of Man et al. (US PGPUB 20040240670 A1, hereafter Man), Jeon et al. (US PGPUB 20180309580 A1, hereafter Jeon) and German et al. (US PGPUB 20130067229 A1, hereafter German).

Regarding to Claim 2, the rejection of Claim 1 is incorporated and further the combination of DeMoss and Yan discloses: configuring the reset password as the password of the virtual machine (see [0011]-[0012] from Yan; “the security agent module may invoke different system interfaces OS login password modification of the virtual machine, for example, the security agent module invocation command line interface window system or netuser linux passwd interface of the system of the virtual machine OS login password modification stated goal password”).
the combination of DeMoss and Yan does not disclose: the reset password in the metadata server is an encrypted reset password, configuring the reset password as the password of the virtual machine comprises:
obtaining a universally unique identifier of the virtual machine;
extracting a salt from the encrypted reset password;
generating a key based on the universally unique identifier of the virtual machine and the salt;
extracting a ciphertext from the encrypted reset password;
decrypting the ciphertext using the key to obtain a plaintext password; and
configuring the plaintext password as the password of the virtual machine.

It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the password mechanism from the combination of DeMoss and Yan by including encryption and decryption of password from Man, since it would provide a secured password system with encrypted password (see [0012] and [0046] from Man).

Furthermore, Jeon discloses: obtaining a universally unique identifier of a device; extracting a salt; generating a key based on the universally unique identifier of the device and the salt (see [0022]; “The key management system 110 may create a salt, a device identifier (ID), an identifier, and a secret key. The key management system 110 may create an authentication key based on the salt, the device ID, the identifier, and the secret key”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the key generation for the password encryption and decryption processes from the combination of DeMoss, Yan and Man by including generating key based on device ID and a salt value from Jeon, since it would provide a mechanism of generating key based on device/component specific information (see [0022] from Jeon).


It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the salt for the password encryption and decryption processes from the combination of DeMoss, Yan, Man and Jeon by including obtaining salt value from encrypted password from German, and thus the combination of DeMoss, Yan, Man, Jeon and German would disclose the missing limitations from the combination of DeMoss and Yan, since it is well-known to generating a value from encrypted password (see [0071] and [0078 from German).

Regarding to Claim 7, the rejection of Claim 6 is incorporated and further Claim 7 is a system claim corresponds to method Claim 2 and is rejected for the same reason set forth in the rejection of Claim 2 above.

Claims 5 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over DeMoss et al. (US Patent 9935940 B1, hereafter DeMoss) in view of Yan (CN 105530246 A-IDS recorded, English translation version is provided by Dialog), Man et al. (US PGPUB 20040240670 A1, hereafter Man), Jeon et al. (US PGPUB 20180309580 A1, hereafter Jeon) and German et al. (US PGPUB 20130067229 A1, hereafter German) and further in view of Fukao et al. (US PGPUB 20040024912 A1, hereafter Fukao).

Regarding to Claim 5, the rejection of Claim 2 is incorporated, the combination of DeMoss, Yan, Man and Jeon does not disclose: further comprising sending a password deletion request to the cloud service computing node to enable the cloud service computing node to delete the reset password from the metadata server.
However, Fukao discloses: sending a password deletion request to the manager service computing node to enable the manager service computing node to delete the password from the metadata server (see [0199]; “When the device management server 100 receives the user information deletion request with the user name and user password, it verifies the user based on the received user name and password, then deletes the user information for the indicated user, deletes all device information, service information”. Also see Fig. 3 and [0059], the user information for an indicated user includes user password of the indicated user).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the management of the database 116 from the combination of DeMoss, Yan, Man and Jeon by including the process of deleting user password in a user information database from Fukao, and thus the combination of DeMoss, Yan, Man, Jeon and Fukao would discloses the missing limitations from the combination of DeMoss, Yan, Man and Jeon, since it would provide a power management interface to help the users to manage user information database while providing security to help the managements (see [0199] from Fukao, the deletion or management on the particular user information would require to provide corresponding user password to ensure credentials of the requestors).

Regarding to Claim 10, the rejection of Claim 7 is incorporated and further Claim 10 is a system claim corresponds to method Claim 5 and is rejected for the same reason set forth in the rejection of Claim 5 above.

Allowable Subject Matter
Claims 11-20 contains allowable subject matter.

Regarding to Claim 11, the primary reason for allowance is “a cloud service computing node coupled to the physical host and configured to: receive a password specifying request; send the reset password to a metadata server; receive the password obtaining request from the virtual machine; query the reset password of the virtual machine in the metadata server based on the password obtaining request to obtain a result; and send the password obtaining response to the virtual machine based on the result; a metadata server coupled to the cloud service computing node and the physical host and configured to save the reset password; and a console device coupled to the cloud service computing node and the metadata server and configured to: obtain the reset password that is entered on the console device; and send the password specifying request, wherein the password specifying request comprises the reset password” in conjunction with the rest of the limitations at claims.
Based on the claim limitations, there is a console device is obtained an entered reset password, the claimed invention stores such obtained reset password to a metadata server via a cloud service computing node in response to a request from the console device to the cloud service computing node; such stored reset password would been returned as new password later to a virtual machine that whose password is required to be reset.

The current prior art references found fail to disclose the reset password generation mechanism required by the claimed invention in a manner of the combination of the console device, cloud service computing node and the metadata server. Such as, DeMoss would disclose cloud server computing node and the metadata server without disclosing the console device (see Figs. 1, 5 and lines 47-57 of cols. 10-11). Yan would disclose the console device without disclosing the cloud service computing node and the metadata server (see Fig. 1, [0005] and [0011]-[0012]). Even combining the above features from DeMoss and Yan, the combination would still fail to disclose the requirements of the claimed invention since they miss the request to make the entered reset password being stored from console device to the metadata server via the cloud service computing node. In additional, either of the database 116 from DeMoss as the claimed metadata server or client device from Yan as the claimed console device alone would provide sufficient mechanism or manner to provide reset password to the virtual machine that requests password reset. Thereby, there is no motivation for the prior art references to combine to teach the limitations mentioned above.

The remaining claims, i.e., Claims 12-20, not specifically mentioned, contain same allowable subject matter because they are dependent upon the claims mentioned above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196