DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 06/24/2020.  	Claims 1-20 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 06/24/2020 are accepted. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



3.	Claims 1-5, 10-15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. US 10,110,600 B1 to Simca, (hereinafter, “Simca”) in view of US Patent No. US 7,958,347 B1 to Ferguson, (hereinafter, “Ferguson”) and in further view of US Pub. No. US 2018/0176195 A1 to Pangam, (hereinafter, “Pangam”).
As per claims 1 and 11, Simca teaches a method and a computing device, respectively, configured to implement an execution of a method for facilitating credential management in a Structured Query Language (SQL) Server Integration Services (SSIS) environment, the computing device comprising: 
(Simca, col. 25 lines 39-52 “Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.”), wherein the processor is configured to: 
identifying, by the at least one processor, at least one credential update trigger event (Simca, col. 13 lines 31-43 “In situations where the spun up asset is authenticated, confirmation or other information of the authentication may be stored. For example, in a registry or database of active cloud assets, the spun up asset may be indicated as authenticated. On the other hand, in situations where the spun up asset is not authenticated, a similar registry or database may be updated to indicate that authentication has failed. Further, the fact that authentication has failed may be used to trigger other actions, such as spinning down the asset, disabling the asset, quarantining the asset from other assets, updating a password or credential vault to disable a password or credential associated with the asset, etc.”); 
accessing, by the at least one processor, at least one user credential at an electronic password vault (EPV) in response to the at least one credential update trigger event (Simca, col. 14 lines 62-66 and col. 15 lines 1-3 “the credential may be stored in a secure credential system (e.g., secure credential vault) or other accessible system that intermediates secure access between the spun up asset and the other asset to which it desires to communicate. In this manner, the spun up asset may be able to communicate with the vault, which will then present the credential to the other asset, without requiring that the credential actually be stored on (or known to) the spun up asset or the machine running it.”), 
updating, by the at least one processor, the password (Simca, col. 15 lines 18-44 “the control action may involve connecting to the target asset with which a newly spun up or identified asset wishes to communicate, and altering access permissions on the target asset. This may involve, for example, creating a new account on the target asset, modifying an existing account on the target asset, or modifying access permissions stored in a separate computer device (e.g., updating permissions in an LDAP database). In some embodiments, operations 603, 604, or 605 may also involve rotating passwords or other credentials associated with the spun up asset. For example, if an asset includes an initial password or other credential upon being spun up (e.g., hard-coded credential), and is then authenticated and determined to be authorized to perform secure communication functionality with another asset, a new password or other credential may be provided, as discussed above. In connection with providing this new password or other credential, the initial password or credential may be rotated, cancelled, deleted, or otherwise rendered ineffective for the asset to use in performing secure communication functionality with the other asset. For example, in situations where passwords or other credentials are maintained in a secure vault, as discussed below in connection with FIG. 8, the initial password or credential may be rendered ineffective for accessing the vault, or a preexisting password or credential in the vault may be replaced with the new password or credential.”); and 

the at least one user credential including at least one string; parsing, by the at least one processor, the at least one user credential to identify a username and a password that are associated with the at least one user credential; splitting, by the at least one processor, the at least one user credential into the username and the password (Ferguson, col. 10 lines 23-37 “the authentication agent 150 can maintain password information (i.e., password hash key information) associated with users authorized to use network environment 100. FIG. 2 is a diagram more specifically illustrating how domain controller 160 forwards such information to authentication agent 150 according to an embodiment herein. For example, using a tool Such as pwdump.exe, authentication agent 150 periodically or occasionally (e.g., every few minutes or so) receives a memory dump 225 from the domain controller 160. The memory dump 225 can include a text string of usernames and corresponding password hash key information (e.g., MD4 password hash key information). The authentication agent 150 parses the text string and stores the username and password information in storage 230 (e.g., memory, disk, etc.).”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ferguson’s authentication agent into Simca’s secure communication environment, with a motivation for verification of password information (Ferguson, col. 3 lines 4-8). 
The combination of Simca and Ferguson teaches all the limitations of claims 1 and 11 above, however fails to explicitly teach but Pangam teaches:
(Pangam, para. [0036] “The repository 116 is configured to store data in relation to the entity application 105, each of the one or more functional accounts corresponding to an entity application account that are managed by the system 100, and the user 111, as described below. In the described embodiments, the repository 116 is implemented within a separate computing device to the password management device 104. Specifically, the repository 116 is a device implementing a database system that contains a functional account information table 118, and entity application information table 120, and a user information table 122.” And para. [0040] “The repository 116 includes a management module 117 which operates to efficiently retrieve and store data from the functional account information 118, entity application information 120, and user information 122 tables. In the described embodiments, the management module 117 is a database management system (DBMS) configured to use the SQL language to query the tables 118, 120, and 122 which are relational database tables. In other embodiments, the password management system 100 may implement a different organization and/or structure for the data repository 116. For example, repository 116 may be configured to store functional account, entity application, and/or user data using a different database table configuration. The repository 116 can also be implemented as a module within the password management device 104, such as in the form of a specific database application.” And para. [0048] “the web server 226, scripting language module 228, and SQL module 230 provide the system 200 with the general ability to allow users of the Internet 220 with standard computing devices equipped with standard web browser software to access the system 200 and in particular to provide data to and receive data from the database 232.” And para. [0082] “Following the generation of the new password for the functional account, the password management application 106 updates the repository 116 with the new password (at step 510). The updater module 110 instructs the management module 117 of the repository 116 to store, into the repository 116, the new password by overwriting the contents of the password representation field of the corresponding entry in the functional account information table 118. The updater module 110 is configured to buffer the existing password data of the functional account (such as the existing secure password representation) prior to performing the overwrite operation, such that the existing password data can be used within the synchronization process described herein below. Following the buffering operation, the new secure password representation replaces the existing secure password representation in the functional account information table 118 entry.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pangam’s password management system into Ferguson’s authentication agent and Simca’s secure communication environment, with a motivation to reduce the likelihood of unauthorized access to information (Pangam, para. [0006]). 

As per claims 2 and 12, the combination of Simca, Ferguson and Pangam teach the method of claim 1 and the computing device of claim 11, respectively, wherein the at least one credential update trigger event includes at least one from among a periodic credential update schedule and an episodic credential update schedule, the periodic credential update schedule including at least once every sixty days (Pangam, para. [0041] “The scheduler 112 is configured to maintain scheduling data representing the conditions for performing a password update for one or more functional accounts that are managed by the system. The scheduling data is specific to the entity application 105 and the particular functional account for which password updates are being performed. Specifically, the scheduler 112 maintains a record of the time and date of the last password update for each functional account enrolled within the password management system 100. When the password update conditions for a particular functional account are met, the scheduler 112 invokes the updater module 110 to initiate a password update for that functional account. In the described embodiments, the scheduling data can specify that password updates are performed periodically. In this case, the update period can be set to a pre-determined number of days (such as, for example, 60 or 90 days). In other embodiments, the scheduling data can specify one or more dynamic update conditions that, when satisfied, will automatically trigger a password update for the functional account. Dynamic update conditions can be assigned in conjunction with a fixed update period, and the scheduler 112 can be configured to reset the update period on the occurrence of a dynamically triggered update.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pangam’s password management system into Ferguson’s authentication agent and Simca’s secure communication environment, with a motivation to manage the passwords of users, including requiring that passwords be updated periodically (Pangam, para. [0006]). 
As per claims 3 and 13, the combination of Simca, Ferguson and Pangam teach the method of claim 1 and the computing device of claim 11, respectively, wherein the at least one string includes at least one from among a string of alphanumeric text and a string of character symbols (Pangam, para. [0077] “The password management application 106 performs a scheduled update of the password for a particular functional account of the entity application 105, at step 508. As shown in FIG. 6, the automatic password update process commences (at step 602) with the updater module 110 retrieving, from the functional account information table 118 of the repository 116, stored functional account data corresponding to the functional account that is to be updated. At step 604, the retrieved functional account data, including the corresponding password data, is processed by the updater module 110. In the described embodiments, processing the retrieved functional account data includes extracting the existing password from the corresponding password data of the functional account that is to be updated. The updater module 110 is configured to generate new password data, at step 606. The updater module 110 invokes a password generation utility to create a string representation of a new plaintext password according to one or more password creation conditions. The password creation conditions can be configured such that passwords generated are cryptographically strong. For example, the password creation conditions may specify a minimum character length for the password (e.g. 8 characters), and/or a minimum number of alpha, numeric and/or special characters which must be included in the generated new plaintext password.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pangam’s password management system into Ferguson’s authentication agent and Simca’s secure communication environment, with a motivation to manage the passwords of users, including requiring that passwords be updated periodically (Pangam, para. [0006]). 
As per claims 4 and 14, the combination of Simca, Ferguson and Pangam teach the method of claim 1 and the computing device of claim 11, respectively, wherein when the at least one credential update trigger event is identified, the method further comprises: 
identifying, by the at least one processor, at least one job that is associated with the at least one user credential, the at least one job including a currently executing job (Simca, col. 15 lines 18-44 “the control action may involve connecting to the target asset with which a newly spun up or identified asset wishes to communicate, and altering access permissions on the target asset. This may involve, for example, creating a new account on the target asset, modifying an existing account on the target asset, or modifying access permissions stored in a separate computer device (e.g., updating permissions in an LDAP database). In some embodiments, operations 603, 604, or 605 may also involve rotating passwords or other credentials associated with the spun up asset. For example, if an asset includes an initial password or other credential upon being spun up (e.g., hard-coded credential), and is then authenticated and determined to be authorized to perform secure communication functionality with another asset, a new password or other credential may be provided, as discussed above. In connection with providing this new password or other credential, the initial password or credential may be rotated, cancelled, deleted, or otherwise rendered ineffective for the asset to use in performing secure communication functionality with the other asset. For example, in situations where passwords or other credentials are maintained in a secure vault, as discussed below in connection with FIG. 8, the initial password or credential may be rendered ineffective for accessing the vault, or a preexisting password or credential in the vault may be replaced with the new password or credential.”); 
determining, by the at least one processor, a stopping point for the at least one job; disabling, by the at least one processor, the at least one job based on the determined stopping point (Simca, col. 14 lines 5-16 and 51-59 “Policies may, for example, govern time periods during which assets may be able to obtain authorization for performing secure communication functionality with other assets. For example, a time limit may apply such that within a specific time period after spin up, an authenticated asset may be able to obtain authorization, but after the time period such authorization may be denied. Policies may also be configured to allow authorization for certain types of communications (e.g., to perform specific asset tasks) by an asset. In further embodiments, some policies may provide that any asset that is successfully authenticated is authorized to perform secure communication functionality with another asset…a unique credential may include an identifier associated with the spun up asset that indicates the asset's identification number, spin up date and time, container identification number, associated user account, associated operating system, etc. Depending on the embodiment, the credential may be for unlimited use by the spun up asset, for a restricted use (e.g., certain number of times, or certain duration), or for temporary or one-time use.”); and 
(Simca, col. 13 lines 32-49 “In situations where the spun up asset is authenticated, confirmation or other information of the authentication may be stored. For example, in a registry or database of active cloud assets, the spun up asset may be indicated as authenticated. On the other hand, in situations where the spun up asset is not authenticated, a similar registry or database may be updated to indicate that authentication has failed. Further, the fact that authentication has failed may be used to trigger other actions, such as spinning down the asset, disabling the asset, quarantining the asset from other assets, updating a password or credential vault to disable a password or credential associated with the asset, etc. In some embodiments, the authentication process may be performed as part of an audit or compliance mechanism for approving or denying assets meeting one or more compliance policies. In such embodiments, responsive to denying an asset, a security alert may be triggered indicative of a security breach or a vulnerability associated with the asset, for example.”).
As per claims 5 and 15, the combination of Simca, Ferguson and Pangam teach the method of claim 4 and the computing device of claim 14, respectively, wherein the stopping point includes a point in a process flow when the at least one job has completed at least one task (Simca, col. 13 lines 39-67 “operation 604 may involve determining that a new communications flow involving an asset is authorized. In some embodiments, once an asset is authenticated, the policies may be applied to determine if the asset should be able to securely communicate with another asset. As discussed above, the secure communication functionality may be based on a secure communication protocol (e.g., IPSec, SHTTP, SSL, TLS, PPTP, L2TP, etc.) between assets, a security requirement (e.g., tokens, SSH keys, Kerberos authentication, etc.) for accessing an asset, or a combination of the two.” And col. 14 lines 5-16 and 51-59 “Policies may, for example, govern time periods during which assets may be able to obtain authorization for performing secure communication functionality with other assets. For example, a time limit may apply such that within a specific time period after spin up, an authenticated asset may be able to obtain authorization, but after the time period such authorization may be denied. Policies may also be configured to allow authorization for certain types of communications (e.g., to perform specific asset tasks) by an asset. In further embodiments, some policies may provide that any asset that is successfully authenticated is authorized to perform secure communication functionality with another asset…a unique credential may include an identifier associated with the spun up asset that indicates the asset's identification number, spin up date and time, container identification number, associated user account, associated operating system, etc. Depending on the embodiment, the credential may be for unlimited use by the spun up asset, for a restricted use (e.g., certain number of times, or certain duration), or for temporary or one-time use.”).
As per claims 10 and 20, the combination of Simca, Ferguson and Pangam teach the method of claim 1 and the computing device of claim 11, respectively, wherein the at least one user credential at the EPV is accessed by using an application programming interface (API) call (Simca, col. 6 lines 53-64 “The present disclosure also describes techniques for providing credentials to spun up assets, either directly or indirectly. Credentials may be a variety of different types of security information or a security requirement that is needed for one asset to engage in secure communications with another asset. Examples of credentials are passwords, SSH keys, symmetric (e.g., public/private) keys, and other types of cryptographic data or privileged access tokens. As discussed further below, credentials may be provided to (e.g., stored in or on the same machine as) assets, or stored in secure credential management systems (e.g., credential vaults).” And col. 7 lines 6-23 “the characteristics or parameters may take a wide variety of forms, and examples include an asset's IP address, MAC address, host name, involvement with orchestration tools or specific orchestration parameters (e.g., using an API, service account, container source, etc.), involvement in a development pipeline (e.g., how the image or docker was created, the creator user, container labels, etc.), time of requesting access to another resource (e.g., whether or not during regular work hours), time of requesting access to another resource in view of an exception (e.g., system maintenance) schedule, environment parameters (e.g., current load on the asset or target resource, load on other parts of the environment, topology changes, etc.), applicative monitoring system (e.g., which may be specific for each asset, account, user, etc.), and various other parameters. In some embodiments, the baseline context may be manually or automatically trained, as discussed further below.”).

4.	Claims 6-9 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Simca, Ferguson and Pangam, as disclosed above, in further view of US Pub. No. US 2018/0007059 A1 to Innes, (hereinafter, “Innes”).
As per claims 6 and 16, the combination of Simca, Ferguson and Pangam teach the method of claim 1 and the computing device of claim 11, respectively, however fail to explicitly teach but Innes teaches, wherein the updating further comprises: 
decrypting, by the at least one processor, the password that is associated with the at least one user credential (Innes, para. [0181] “The virtualization agent 1237 may present the logon ticket (or the secure virtual smart card reference decrypted using the logon ticket) to the credential mapping service 1229, and use the smart card class certificate to log the client device 1201 on to a directory service 1241, such as MICROSOFT AD.” And para. [0200] “using the logon ticket to derive the decryption key, the credential handle may be recovered and used to request credential operations be performed by the credential mapper 1229. The operations that are requested may be used to remotely perform a smart card logon, such as operations to get the user certificate itself, to perform one or more sign operations, and/or to perform one or more decrypt operations to unwrap Kerberos session keys. An alternative form of interaction may be to create the ephemeral virtual smart card directly on the virtualization agent 1237 (e.g., just in time). In this example, the CSP may create a key pair and then send a certificate signing request for the public key to the credential mapper 1229, in place of the normal get certificate request. This request may be made using the credential handle and using machine authentication.”); 
automatically generating, by the at least one processor via a password generator, a new password based on a predetermined requirement (Innes, para. [0106] “Gateway server 606 may provide policies to control and enforce password standards with respect to the minimum length, character class composition, and age of passwords, such as described by the standard Windows Server password complexity requirements” and para. [0162] “After a full domain logon, the session may have full network credentials (e.g., Kerberos ticket granting ticket (TGT) and challenge/response password hash (e.g., NTLM password hash)). For example, users may authenticate to a virtual desktop session, physical PC, or a remote desktop server session as an Active Directory user account by providing a SAML authorization token. As will be discussed in further detail in the examples that follow, a user may authenticate to an external component/service/device, such as an Identity Provider (IdP), using any type of credential and/or authentication protocol that is appropriate.” And para. [0176] “the SAML token or other trusted logon credential may be mapped to the corresponding AD user password, even if the password is not directly available during the gateway server 1223 or application store 1225 logon process (which will be described in further detail below). For example, the password may be captured by the IdP 1213 during its logon and relayed over a trusted back channel to the gateway server 1223 or the application store 1225. In other aspects, a password vault or password control service may return the password to the gateway server 1223 or the application store 1225.” And para. [0188] “Once the first certificate has been issued, a second certificate template may allow an RA certificate rollover to be handled automatically. A rollover may comprise issuance of a new certificate as the expiration of the current certificate draws near.”); 
replacing, by the at least one processor, the decrypted password with the new password; and encrypting, by the at least one processor, the new password (Innes, para. [0208] “the application store 1225 may encrypt the logon data and send the encrypted data to the delivery controller 1235…during session preparation, much like an encrypted username and password would be passed during a standard launch request. The application store 1225 may place the encryption key or a random value from which it can be derived in a client agent file as the logon ticket.” And para. [0239] As with a launch, a normal (e.g., WINDOWS or other OS) authentication process may occur for the reconnect…the virtualization agent (which may be orchestrating this activity during the reconnect operation) may arrange that the Kerberos ticket information for the session (based on the original authentication to launch the session) be discarded and replaced with the new Kerberos tickets that were obtained during the re-authentication. Existing APIs in the OS may be used to discard and replace Kerberos tickets in this way. For example, the WINDOWS command klist.exe may be used. The updated information may also be propagated to certain parts of the OS that work in special ways, such as services which manages file share access.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Innes’s access control into Pangam’s password management system, Ferguson’s authentication agent and Simca’s secure communication environment, with a motivation to prevent replay and cryptanalytic attacks (Innes, para. [0102]). 
As per claims 7 and 17, the combination of Simca, Ferguson, Pangam and Innes teach the method of claim 6 and the computing device of claim 16, respectively, further comprising: 
(Simca, col. 19 lines 1-22 “the baseline context may be stored as groupings of assets and corresponding rules or access rights for the assets. For example, the groupings of assets may indicate types or forms of assets. Such categories may be descriptive (e.g., web serving assets, database accessing assets, administrator assets, computation assets, etc.), may specify a time that certain assets were spun up (e.g., by day, hour, second, etc.), may be based on what orchestration tool or process created them (e.g., a scaling process, a load balancing process, a customized development process, etc.), or use various other categorization techniques. The corresponding access rights may be based on rules that are manually or automatically integrated into the baseline context as part of its creation and training, as discussed above. Access rights may define the abilities of individual assets, or groups of assets, to communicate with other assets or target resources. In some embodiments, access rights may have different versions (e.g., there may be different versions of the definitions of access rights, or versions of the baseline context itself). Based on such versions, it may be determined whether certain access rights are current or not, and whether to revert back to prior versions of access rights.”); and 
storing, by the at least one processor, the at least one electronic document in the SSIS database (Ferguson, col. 10 lines 23-37 “the authentication agent 150 can maintain password information (i.e., password hash key information) associated with users authorized to use network environment 100. FIG. 2 is a diagram more specifically illustrating how domain controller 160 forwards such information to authentication agent 150 according to an embodiment herein. For example, using a tool Such as pwdump.exe, authentication agent 150 periodically or occasionally (e.g., every few minutes or so) receives a memory dump 225 from the domain controller 160. The memory dump 225 can include a text string of usernames and corresponding password hash key information (e.g., MD4 password hash key information). The authentication agent 150 parses the text string and stores the username and password information in storage 230 (e.g., memory, disk, etc.).”).
As per claims 8 and 18, the combination of Simca, Ferguson, Pangam and Innes teach the method of claim 7 and the computing device of claim 17, respectively, further comprising: 
receiving, by the at least one processor via a graphical user interface, at least one request for a record of the updating (Innes, para. [0155] “After the client device 1001 receives a request for information, user interface interactions, including selecting certificates and requesting PINs, may be handled by the authentication manager service 1008 on the client device 1001. The virtual channel (as previously discussed) may be used rather than the existing smart card virtual channel (e.g., PC/SC) if smart card logon is enabled. In some aspects, the client device 1001 may interactively prompt the user for input (e.g., to select a certificate, to enter a PIN or biometric, etc.) in order to perform the operations requested by the server 1021. For example, the user interaction steps may occur early on during the client agent connection, before the credential provider is triggered.”); 
obtaining, by the at least one processor from the SSIS database, the at least one electronic document corresponding to the request; automatically generating, by the at least one processor, the record based on the obtained at least one electronic document (Innes, para. [0180] “A logon ticket may be issued and go in a remote display protocol (e.g., client agent) file. With the logon ticket approach, the logon ticket sent to the client agent 1201 may also be used to first encrypt the virtual smart card private key held by the credential mapping service 1229. Additionally or alternatively, a proof key held by the client agent 1201 may be linked (e.g., bound) to the short-lived certificate. Optionally, the credential mapper 1229 may be presented with the original IdP authentication token as evidence of a valid logon by the client 1201. The logon ticket may additionally or alternatively be used to encrypt a secure reference to the virtual smart card provided by the credential mapper 1229. In this example, the virtual smart card might only be recovered by the virtualization agent 1237 that is authorized by the delivery controller 1235 to use the virtual smart card. The encrypted virtual smart card reference may be sent from the application store 1225 to the delivery controller 1235 and then to the virtualization agent 1237, while the logon ticket is sent to the client agent 1201. This may allow the virtual smart card to be created before the virtualization agent 1237 is known, or to be used to logon separately to multiple virtualization agents.”); and 
displaying, by the at least one processor via the graphical user interface, the generated record (Innes, [0051] “Some embodiments include a client device 240 that displays application output generated by an application remotely executing on a server 206 or other remotely located machine. In these embodiments, the client device 240 may execute a virtual machine receiver program or application to display the output in an application window, a browser, or other output window. In one example, the application is a desktop, while in other examples the application is an application that generates or presents a desktop. A desktop may include a graphical shell providing a user interface for an instance of an operating system in which local and/or remote applications can be integrated. Applications, as used herein, are programs that execute after an instance of an operating system (and, optionally, also the desktop) has been loaded.” And para. [0172] “The logon pages 1215, which may comprise HTML pages containing web forms, may be used to collect authentication credentials from the user or potentially from the browser or client agent itself. These credentials can range from username and password forms to sophisticated risk-based authentication systems. The IdP 1213 may use these logon pages 1215 to authenticate legitimate users with any appropriate authentication method or methods.” And para. [0173] “The directory 1217 may comprise an identity store or account database or other directory that supports the IdP 1215. For example, the directory 1217 may be an instance of Active Directory in another company's network, or use another vendor's LDAP directory product”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Innes’s access control into Pangam’s password management system, Ferguson’s authentication agent and Simca’s secure communication environment, with a motivation to prevent replay and cryptanalytic attacks (Innes, para. [0102]). 
As per claims 9 and 19, the combination of Simca, Ferguson, Pangam and Innes teach the method of claim 6 and the computing device of claim 16, respectively, wherein the predetermined requirement includes at least one from among a password length requirement, a password complexity requirement, and a previous use of the password requirement (Pangam, para. [0079] “the new password data represents a new password that sufficiently differs from the existing password of the functional account according to one or more password comparison criteria. Specifically, generating new password data includes: i) generating new plaintext password data representing a new plaintext password for the corresponding functional account, ii) comparing the new plaintext password to the existing plaintext password represented by the password data of the functional account, and iii) repeating steps (i) and (ii) if the new plaintext password does not meet one or more password comparison criteria. In the described embodiments, the one or more password comparison criteria specify a set of minimal character specific differences that exist between a new password and an existing password. For example, a password comparison criterion may be whether the new password differs from the existing password in at least 3 character positions.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20180176195 A1 – Password management system.
US 20090320108 A1 – Generating and changing credentials of a service account.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437