DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/910,539 filed on 06/24/2020.
Claims 1-20 have been examined and are pending in this application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-4, 8-11, and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Mashimo (US 2012/0011577) in view of Fleet (US 2017/0178105).
Regarding claim 1, Mashimo teaches a system, comprising: a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory which, when executed by the processor, cause the computing device to at least: 
obtain a request to update a basic input output service (BIOS) password on a client device from a plurality of managed devices (Mashimo: Para. [0232], When the user re-inputs the BIOS password in the BIOS password operation terminal device 2230, the BIOS password operation unit 2331C generates a request (BIOS password rewriting request) for rewriting the current BIOS password of the BIOS password setting terminal device 2210 with the BIOS password re-inputted by the user. The BIOS password operation unit 2331C transmits the BIOS password rewriting request to the password rewriting processing unit 2211G of the BIOS password setting terminal device 2210 (step S134). Para. [0233], Para. [0005], A computer system 1 shown in FIG. 1 includes a password management system 10, a plurality of terminal devices 20 connected to the password management system 10 via a network (not shown), a console directly connected to the password management system 10, and the like.); 
obtain an applied password corresponding to the client device, the applied password stored in a device record associated with the client device (Mashimo: Para. [0236], When the notification indicating that the BIOS password operation terminal device 2330 connected to the device is registered in the device is received from the registered terminal connection detection unit 2112B, the password rewriting processing unit 2211G performs "deletion/change of BIOS password" for rewriting the BIOS password of the device with the password designated in the BIOS password rewriting request received in step S235 (step S238) and advances the process to step S239.); 
Mashimo does not explicitly teach generate a new BIOS password for the client device; generate a command to perform a password reset, the command comprising the new BIOS password and the applied password; transmit the command to the client device, wherein a management agent on the client device performs the password reset within the BIOS of the client device; store the new BIOS password in the device record as a submitted password corresponding to the client device.
In an analogous art, Flett teaches generate a new BIOS password for the client device (Flett: Para. [0053], In an embodiment of 224 and at 225, the SST BIOS credential manager generates a new credential for the BIOS of the SST based on the job that the service engineer was doing in servicing the SST being identified as completed.); 
generate a command to perform a password reset, the command comprising the new BIOS password and the applied password (Flett: Para. [0054], In an embodiment of 225 and at 226, the SST BIOS credential manager instructs and agent executing on the SST to set the new credential for accessing the BIOS of the SST. The credential is invalid for accessing the BIOS once the new credential is set on the BIOS.); 
transmit the command to the client device, wherein a management agent on the client device performs the password reset within the BIOS of the client device (Flett: Para. [0054], In an embodiment of 225 and at 226, the SST BIOS credential manager instructs and agent executing on the SST to set the new credential for accessing the BIOS of the SST. Para. [0055], So, the service engineer gets a one-time use credential for accessing the BIOS of the SST, which becomes invalid once the session associated with the service job completes on the SST because the SST BIOS credential manager randomly generates a new credential and has the agent reset that credential on the SST.); and 
store the new BIOS password in the device record as a submitted password corresponding to the client device (Flett: Para. [0054], The credential is invalid for accessing the BIOS once the new credential is set on the BIOS. [password is stored once it is set]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Flett with the system and method of Mashimo to include generate a new BIOS password for the client device; generate a command to perform a password reset, the command comprising the new BIOS password and the applied password; transmit the command to the client device, wherein a management agent on the client device performs the password reset within the BIOS of the client device; store the new BIOS password in the device record as a submitted password corresponding to the client device because this functionality provides for improved BIOS credential management (Flett: Para. [0006]). 
Regarding claim 2, Machino, in combination with Flett, teaches the system of claim 1, wherein the machine-readable instructions, when executed by the processor, further cause the computing device to at least: obtain a password reset confirmation from the management agent executed by the client device, the management agent configured to execute management commands provided by a management service managing the client device (Mashimo: Para. [0238], The processing result transmitted to the BIOS password operation terminal device 2230 in step S239 is "rewriting of BIOS password completed" or "BIOS password rewriting request denied".).
Regarding claim 3, Machino, in combination with Flett, teaches the system of claim 2, wherein the machine-readable instructions, when executed by the processor, further cause the computing device to at least: store the new BIOS password as a submitted password in the device record; and overwrite the applied password corresponding to the client device in the device record in response to receiving the password reset confirmation from the client device (Mashimo: Para. [0236], When the notification indicating that the BIOS password operation terminal device 2330 connected to the device is registered in the device is received from the registered terminal connection detection unit 2112B, the password rewriting processing unit 2211G performs "deletion/change of BIOS password" for rewriting the BIOS password of the device with the password designated in the BIOS password rewriting request received in step S235 (step S238) and advances the process to step S239.).
Regarding claim 4, Machino, in combination with Flett, teaches the system of claim 1, wherein the request comprises a request to update the BIOS password on a plurality of the managed devices and the new BIOS password comprises one of a plurality of randomly generated new BIOS passwords generated for the plurality of managed devices (Flett: Para. [0022], In a usage case #1, each ATM within an estate or fleet of ATMs controlled by an enterprise has a random BIOS password initially deployed through cooperation of the credential manager 141 and the BIOS credential agent 114A (it is noted that each ATM includes its own independent executing instance of the BIOS credential agent 114A).).
Regarding claims 8-11, claims 8-11 are rejected under the same rational as claims 1-4, respectively.
Regarding claims 15-18, claims 15-18 are rejected under the same rational as claims 1-4, respectively.

Claim(s) 5-6, 12-13, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mashimo (US 2012/0011577) in view of Fleet (US 2017/0178105) and further in view of von der Lippe et al. (US 2015/0047022; Hereinafter “Lippe”).
Regarding claim 5, Machino, in combination with Flett, teaches the system of claim 1.  Machino, in combination with Flett, does not explicitly teach wherein the machine-readable instructions, when executed by the processor, further cause the computing device to at least: obtain an indication that at least one BIOS setting on the client device has changed; and automatically generate the request to update the BIOS password in response to obtaining the indication.  
In an analogous art, Lippe teaches wherein the machine-readable instructions, when executed by the processor, further cause the computing device to at least: obtain an indication that at least one BIOS setting on the client device has changed (Lippe: Para. [0038], In a further embodiment, after successfully modifying the BIOS settings and starting up the computer with the new BIOS settings, the BIOS settings are automatically reset to default values during the next boot-up or after a defined minimum time span t (time period). These default values specify, for example, the boot sequence. Para. [0039], In another embodiment, the BIOS can reset the boot settings or the password protection to the default settings on every boot-up.); and 
automatically generate the request to update the BIOS password in response to obtaining the indication (Lippe: Para. [0034], Or a password can also be requested for modifying the boot sequence or generally enabling the booting of external storage media. It is also conceivable if a hard drive is replaced that the BIOS data must be checked and adapted which is then controlled by a password.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Lippe with the system and method of Machino and Flett to include wherein the machine-readable instructions, when executed by the processor, further cause the computing device to at least: obtain an indication that at least one BIOS setting on the client device has changed; and automatically generate the request to update the BIOS password in response to (Lippe: Para. [0020]). 
Regarding claim 6, Machino, in combination with Flett and Lippe, teaches the system of claim 5, wherein the indication is obtained in response to a trusted platform module (TPM) chip on the client device indicating that a value indicating a state of the BIOS has changed (Lippe: Para. [0029], Such a Crypto Stick generally has a crypto processor which encrypts data and saves it to a memory area if necessary. Authentication is required to get at these data. After authentication, the program or the data that are in the memory area are decrypted and it becomes possible to access the data. Thus, for example, the program can also be encrypted in certain areas after loading in the memory and the program decrypts itself with the help of the crypto processor which is present on the Crypto Stick during the execution process itself. [under the broadest reasonable interpretation, a crypto processor meets the TPM limitation] Para. [0032]-[0035]).
Regarding claims 12-13, claims 12-13 are rejected under the same rational as claims 5-6, respectively.
Regarding claims 19-20, claims 19-20 are rejected under the same rational as claims 5-6, respectively.

Claim(s) 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Mashimo (US 2012/0011577) in view of Fleet (US 2017/0178105) and further in view of Mercier et al. (US 2020/0252292; Hereinafter “Mercier”).
Regarding claim 7, Mashimo, in combination with Flett, teaches the system of claim 1.  Machino, in combination with Flett, does not explicitly teach wherein the command is generated in response to the BIOS being updated to a different version.
In an analogous art, Mercier teaches wherein the command is generated in response to the BIOS being updated to a different version (Mercier: claim 6: wherein the device performs the firmware upgrade and implements the updated security credentials after validating the firmware upgrade and the updated security credentials, wherein a firmware of the device is upgraded to a version newer than an existing version of the firmware of the device.)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mercier with the system and method of Machino and Flett to include wherein the command is generated in response to the BIOS being updated to a different version because this functionality provides improved firmware security for devices that may have been turned off or disconnected from a network for long periods of time and unable to receive the proper updates (Mercier: Para. [0014]). 
Regarding claim 14, claim 14 is rejected under the same rational as claim 7.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patent Application Publication No. US 2016/0028714 by Umberger et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437