DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of claims
This office action is in response to claims filed on 06/02/2022
Claims 1-4, 6-9, and 12-23 are pending and rejected; Claims 5 and 10-11 are canceled; Claims 21-23 are new; and claims 1, 13 and 17 are independent claims
The amendment to the Specification filed on 06/02/2022 is considered by the examiner and entered.

Response to Arguments
Applicant's arguments filed on 06/02/2022 have been fully considered but they are not persuasive.
With respect to applicant’s argument: the cited prior art references do not teach or suggest, the limitation “responsive to validating the authentication request, initializing the secure device with respect to the client system by connecting the secure device to the client system”

Examiner respectfully disagree with applicant argument for the following reasons: Van teaches the recited claim limitation, (see Van Col. 4 line 67 – Col 5 lines 1-2, The cloud operator can then initiate an IAM-authenticated connection to the resource [i.e. client system] using the provided credential); (see Van Col. 4, lines 10-15, the pre-authorization of the cloud operator can be based on an explicit set of permissions (associated with the cloud operator) maintained in another system (e.g., data store), such as an active directory (AD)/lightweight directory access protocol (LDAP) serve). The connection/initialization is based on [after] automation (i.e. authenticated connection). Disclosing the recited claim limitation.
With respect to applicant’s argument: the cited prior art references do not teach the limitation, “wherein the authentication request is validated only upon confirming that the secure device is within a predetermined location or geographic range.”
Examiner respectfully disagrees with applicant argument for the following reasons: Van  discloses the recited claim limitation, (see Van  Col. 8 lines 23-40, the user context 116 can indicate the number of requests received from the cloud operator…. a geographical location of the cloud operator, a configuration of a device used by the cloud operator (e.g., whether the device is a sanctioned device or unsanctioned device, a geographical location of the device, etc.), an authentication method used to authenticate the cloud operator, and the like.), disclosing the recited claim limitation.
With respect to applicant’s argument: the cited prior art references do not teach the limitation, “wherein distributing the password via the at least one predetermined technique comprises injecting the password into the client system without disclosing the password directly to an administrator associated with client system security.”
Examiner respectfully disagrees with applicant argument for the following reasons: Van discloses the recited claim limitation, (see Van Col. 10 lines 5-15, request may include the authentication credential along with the user attributes (e.g., embedded within the authentication credential) received from the authentication service in step 2. In one embodiment, the request may be sent using a Representational State Transfer (REST) API method [i.e. injecting the password/credential into the client system without disclosing the password directly to an administrator…]. For example, the computing system 210 can send an API method request (or HyperText Transfer Protocol (HTTP) request) “GET /myinstances” to the access component 112.) Disclosing the recited claim limitation.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-9, and 12-23 are rejected under 35 U.S.C. 103 as being unpatentable over Van US Patent No.: 11,206,269 B1 (hereinafter Van) in view of Banerjee US Pub. No.: 2016/0212141 A1 (hereinafter Banerjee)

Van teaches:
As to claim 1, a computer-implemented method of facilitating password creation via a secure device in a defined corporate environment (see Van Col. 12, lines 42-44), the method comprising: 
receiving an authentication request associated with an authorized client of a client system in the defined corporate environment (see Van Col. 9 lines 54-57, The identity provider 204 can authenticate the identity of the user 100 based on information (e.g., a client ID) supplied in the authentication request and retrieve one or more attributes of the user 100 [i.e. authorized client]) 
responsive to validating the authentication request, initializing the secure device with respect to the client system responsive to validating the authentication request by connecting the secure device to the client system (see Van Col. 4 line 67 – Col 5 lines 1-2, The cloud operator can then initiate an IAM-authenticated connection to the resource using the provided credential); (see Van Col. 4, lines 10-15, the pre-authorization of the cloud operator can be based on an explicit set of permissions (associated with the cloud operator) maintained in another system (e.g., data store), such as an active directory (AD)/lightweight directory access protocol (LDAP) serve)
creating a password for the client system in compliance with policy criteria associated with the defined corporate environment (see Van Col. 5, lines 5-7, using the access broker to provide a credential that is only able to connect to the single infrastructure component; Col. 9, lines 61-65, Assuming authentication is successful, the authentication service 120 returns to the computing system 210 an authentication credential (e.g., an authentication token) that includes the user attributes (step 2)); 
distributing the password via at least one predetermined technique (see Van Col 5 line 5, provide a credential; Fig. 6, access broker 110 then transmits the time bound access credential to the user (block 616));
Van does not explicitly teach but the related art Banerjee teaches
encrypting the password (see Banerjee ¶53, the stored credentials are encrypted);
Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was filed to modify managing non-persistent privileged and non-privileged operator access to infrastructure system in a cloud computing environment disclosed by Van to include the invisible password reset protocol as thought by Banerjee, in order to securely encrypt credentials and passwords. a person with ordinary skill in the art would have been motivated to securely encrypt the created credentials/password in order to enhance security.
As to Claim 2, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, further comprising: creating access control credentials for the client system in compliance with the policy criteria associated with the defined corporate environment (see Van Col. 7 lines 14-18, the cloud computing user could grant a particular cloud operator access to their infrastructure components 104 by attaching a set of permissions (e.g., a policy) to the cloud operator (e.g., the cloud operator's identity or role associated with the cloud operator's identity)) .
As to Claim 3, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, further comprising: 
receiving an additional authentication request associated with an additional authorized client of an additional client system (see Van Col. 8 lines 41-45, after authenticating the user 100 via the authentication service 120, the access broker 110 may receive an authenticated request from the user 100 to access (or connect to) a particular infrastructure component); initializing the secure device with respect to the additional client system responsive to validating the additional authentication request (see Van Col. 8 lines 45-50, the access broker 110 can determine the current environmental state 114 and the user context 116, and make an authorization decision of whether to grant the user 100 access to the infrastructure component 104-1, based on the current environmental state 114 and the user context 116); and creating an additional password for the additional client system (see Van Col. 8 lines 65-68, the access broker 110 can interact with the token service 130 to retrieve a time-bound access credential specifically scoped to the infrastructure component 104-1. The access broker 110 returns the access credential to the user 100).
As to Claim 4, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein the authentication request is validated only upon confirming that the secure device is within a predetermined location or geographic range (see Van Col. 11 lines 2-10, determine current environment including…, context information about the user's device, location, authentication method).
As to Claim 5, (canceled).
As to Claim 6, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein validating the authentication request comprises: receiving at least one biometric aspect associated with the authentication request via at least one biometric device; and confirming that each of the received at least one biometric aspect corresponds to biometric information linked to the authorized client of the client system (see Banerjee ¶84, the additional information can include relative device proximity information, geolocation information (e.g., GPS or IP information), biometric information, device movement information, PIN information, etc.).
As to Claim 7, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein validating the authentication request comprises: receiving at least one gesture associated with the authentication request via at least one motion detection device; and confirming that each of the received at least one gesture corresponds to at least one gesture attribute linked to the authorized client of the client system (see Banerjee ¶112, a motion input device for detecting non-touch gestures and other motions by a user, and other comparable input devices and associated processing elements capable of receiving user input from a use).
As to Claim 8, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein validating the authentication request comprises: receiving a locational signal associated with the authentication request via a location detection device; and confirming that the received locational signal originated within a predetermined location or geographic range (see Van Col. 8 lines 35-40, a configuration of a device used by the cloud operator (e.g., whether the device is a sanctioned device or unsanctioned device, a geographical location of the device, etc.) .
As to Claim 9, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein validating the authentication request comprises: receiving a short range communication signal associated with the authentication request via a short range communication device; confirming that the received short range communication signal corresponds to short range communication information linked to the authorized client of the client system; and confirming that the received short range communication signal originated within a predetermined location or geographic range (see Banerjee ¶28, the proximity can be determined based on Bluetooth connectivity or a determination as to Bluetooth RSSI strength to ascertain a physical distance between the mobile device 112 and the access system 110) .
As to Claim 10, (canceled).
As to Claim 11, (canceled).
As to Claim 12, the combination of Van and Banerjee teaches the computer-implemented method of claim 1, wherein distributing the password via the at least one predetermined technique comprises injecting the password into the client system without disclosing the password directly to administrator associated with the client system security. (see Van Fig. 6, access broker 110 then transmits the time bound access credential to the user (block 616); Col. 10 lines 5-15, The request may include the authentication credential along with the user attributes (e.g., embedded within the authentication credential) received from the authentication service in step 2. In one embodiment, the request may be sent using a Representational State Transfer (REST) API method. For example, the computing system 210 can send an API method request (or HyperText Transfer Protocol (HTTP) request) “GET /myinstances” to the access component 112).
As to Claim 21, the combination of Van and Banerjee teaches the method of  claim 1, wherein the secure device is physically connected to the client system (see Banerjee ¶111, connections and devices may communicate over communication media to exchange communications with other computing systems or networks of systems, such as metal, glass, air, or any other suitable communication media).
As to Claim 22, the combination of Van and Banerjee teaches the method of claim 1, wherein the secure device is a plug-and-play device or a self-configurable device see Van Col. 9 lines 11-16, computing system 210 is representative of a variety of computing devices (systems) including, for example, a desktop computer, a laptop computer, a mobile computer (e.g., a tablet or a smartphone), etc.).
As to Claim 23, the combination of Van and Banerjee teaches the method of claim 1, wherein the secure device is compatible with Universal Serial Bus human interface device (USB-HID) capabilities (see Van Col. 9 lines 11-16, computing system 210 is representative of a variety of computing devices (systems) including, for example, a desktop computer, a laptop computer, a mobile computer (e.g., a tablet or a smartphone), etc. [i.e. with USB-HID capabilities]).
As to independent claim 13, this claim directed to a computer program product comprising a computer readable storage medium having program instructions embodied therewith executing the method of claim 1; therefore, it is rejected along similar rationale.
As to independent claim 17, this claim directed to a system executing the method of claim 1; therefore, it is rejected along similar rationale.
As to dependent claims 14-16 and 18-20, these claims contain substantially similar subject matter as claim 2-4; therefore, they are rejected along the same rationale.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433                     

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433