Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “administrator password update module to” and “module password update module to” in claim 7.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-3, 5-8, 11, 12, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho (US 6,647,498) hereafter Cho in view of Radenkovic et al. (US 2010/0174758) hereafter Radenkovic.
1. Cho discloses a method, comprising: 
receiving, in a basic input/output system (BIOS), a request to modify an administrator password (figs 4A-4C, password changing process 470 and corresponding text; see also figs 5A-5C, 530 and corresponding text); 
updating the administrator password (figs 5A-5C, 530-560 and corresponding text); 
Cho does not explicitly disclose: 
identifying a first password tied to the administrator password; 
generating a first updated password by concatenating a character string to the administrator password, where the character string is generated based on a password policy for the first password; and 
updating the first password to the first updated password.
However, in an analogous art, Radenkovic discloses automatic management of single sign on passwords including:
identifying a first password tied to the administrator password (para 13-14); 
generating a first updated password by concatenating a character string to the administrator password, where the character string is generated based on a password policy for the first password (para 14, appending a random number to the master password … generates passwords for resources according to password policies established for each resource); and 
updating the first password to the first updated password (para 15).
It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Cho with the implementation of Radenkovic in order to prevent a user from having to memorize numerous passwords for different resources (para 11).

2. Cho and Radenkovic disclose the method of claim 1, where the first password is a member of a set of passwords identified by a security policy (Cho, para 13, security policy is the grouping of the resources, usernames, and passwords), and where the method comprises updating each member of the set of passwords by: generating a set of updated passwords by concatenating respective character strings to the administrator password, where the respective character strings are generated based on respective password policies for the members of the set of passwords (Cho, para 14, see above); and updating the members of the set of passwords to corresponding updated passwords (Cho, para 15; see also fig 2 and corresponding text).

3. Cho and Radenkovic disclose the method of claim 1, where the character string is concatenated as one of a prefix and a postfix (Cho, para 14, appending to a string, by nature, is either at the beginning or the end).

5. Cho and Radenkovic disclose the method of claim 1, comprising: detecting an attempt to access a resource secured by the first password (fig 4, 401 and corresponding text); and providing the character string to facilitate granting access to the resource (Radenkovic, fig 4, 411-413 and corresponding text; SSO would provide the password in the instance in which it is available).

6. Cho and Radenkovic disclose the method of claim 5, where the character string is provided by one of, silently concatenating the character string with an entered password, providing a user with a reminder of a password policy associated with the first password, and initializing a text entry field with the character string (para 14, see above).

Claim 7 is similar in scope to claim 1 and is rejected under similar rationale.

8. Cho and Radenkovic disclose the system of claim 7, where the password metadata includes synchronization settings for the members of the set of module passwords that indicate which members of the set of module passwords should be synchronized to the administrator password, and where the module password update module selects members of the set of module passwords to change based on the synchronization settings (Radenkovic, para 25; see also fig 3 and corresponding text).

11. Cho and Radenkovic disclose the system of claim 7, comprising a prefix provision module to, when a user is detected as seeking to access a BIOS module protected by a member of the set of module passwords, provide the user with a provided character string generated based on password policies associated with the member of the set of module passwords (Radenkovic, figure 4, 413, see above).

	Claim 12 is similar in scope to claim 6 and is rejected under similar rationale.

Claim 14 is similar in scope to claim 1 and is rejected under similar rationale.

Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Radenkovic as applied to claim 1 above, and further in view of Kao et al. (US 6,275,944) hereafter Kao.
4. Cho and Radenkovic disclose the method of claim 1 and disclose updating a password (see above), but do not explicitly disclose where updating the first password includes storing an encrypted version of the first updated password in a secure storage, where the encrypted version facilitates verification of future access attempts involving the first password.  However, in an analogous art, Kao discloses password mapping including storing an encrypted version of a first updated password in a secure storage, where the encrypted version facilitates verification of future access attempts involving the first password (col 1, 46-63).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Cho and Radenkovic with the implementation of Kao in order to securely store the passwords via obfuscation (col 1, 46-63).

Claim(s) 9, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Radenkovic as applied to claim 7 above, and further in view of PALPAS – Password Less Password Synchronization by Horsch et al. hereafter Horsch.
9. Cho and Radenkovic disclose the system of claim 7, but do not explicitly disclose comprising a lockout module to preclude modification, except by the module password update module, of members of the set of module passwords that are indicated as being synchronized to the administrator password by the synchronization settings. However, in an analogous art, Horsch discloses synchronizing passwords over several devices including comprising a lockout module to preclude modification, except by the module password update module, of members of the set of module passwords that are indicated as being synchronized to the administrator password by the synchronization settings (Section III.A, PALPAS uses a different salt value for each service to create different passwords for the services. Second, changing the salt for a service allows generating a new password for it, which is necessary in case of a password breach or regular required password changes. The salt is chosen by PALPAS and completely random).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Cho and Radenkovic with the implementation of Horsch in order to simplify password changes in the password by changing the salt value (Section III.A).

10. Cho, Radenkovic, and Horsch disclose the system of claim 9, comprising a synchronization update module to allow a user to adjust which members of the set of module passwords should be synchronized to the administrator password (Radenkovic, see above; Horsch, Section III.C, To synchronize a new password, PALPAS just adds the new salt and the identifier to the SSS. After synchronizing with the SSS, all user devices are able to compute the password and to perform the login [the user adds the module/service and the service is thereby adjusted to synch that password]).

Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Radenkovic as applied to claim 1 above, and further in view of Wang et al. (US 2006/0259782) hereafter Wang.
15. The method of claim 1, where the first password is associated with one of a power on password, a management engine BIOS extension password, and a drive lock password.  However, in an analogous art, Wang discloses data security including a first password is associated with one of a power on password, a management engine BIOS extension password, and a drive lock password (para 13-14).  It would have been obvious to a person of ordinary skill in the art to modify the implementation of Cho and Radenkovic with the implementation of Wang in order to relieve the user from having to remember a long and random password (para 13-14).

Allowable Subject Matter
Claim 13 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/               Primary Examiner, Art Unit 2439