Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed server is a hardware and/or software object as defined in the specification, page 25, lines 19-21.  In addition, the communication link is defined in the specification, page 16, lines 17-33, as a hard-wired or a wireless link (transitory medium, See In re Nuijten, 500 F.3d 1346, 1356-56 (Fed Cir. 2007)).  A processor can be implemented in hardware or implemented virtually so the processor may also be software.
Thus, applying the broadest reasonable interpretation in light of the specification and taking into account the meaning of the words in their ordinary usage as they would be understood by one of ordinary skill in the art, the claimed system can be software and transitory media per se. Therefore, the claimed subject matter as a whole fails to fall within the definition of a process, a machine, manufacture, or composition of matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 5, 6, 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell (US 2019/0116172) hereafter Caldwell in view of Childress et al. (US 2012/0060213) hereafter Childress.
1. Caldwell discloses a method of providing access to at least one password protected device via a password management system comprising first and second password management servers in data communication via a communication link, the method comprising: 
determining, at the first password management server, an active password which is registerable as a device password with, and provides access to, the at least one password protected device (para 39-46 [a server being defined as a computer program or device that provides a service to another program]); 
transmitting the active password to the second password management server via the communication link, the active password for accessing the at least one password protected device from either or both of the first and second password management servers (para 102-104, password manager module 306 may propagate the update/change to one or more other password manager modules 306, on different hardware devices 102 of the user, or the like; see also para 40-46, plurality of aggregation modules 104 may act as a distributed and/or decentralized system 100, executing across multiple hardware devices [the aggregation modules are servers]); 
after communication of the active password and the at least one reserve password to the second password management server, further requesting, by the second password management server, access to the at least one password protected device using the active password (para 40, 58, 67); and 
if the further request using the active password does not provide access, requesting access using one or more of the at least one reserve passwords (the active password provides access, see above; this is a contingent limitation and the claim does not require this condition to occur, See MPEP 2111.04.II).
Caldwell does not explicitly disclose at least one reserve password. However, in an analogous art, Childress discloses orderly change between new and old passwords including a reserve password (para 24-26).  It would have been obvious to a person to modify the implementation of Caldwell with the implementation of Childress in order to allow the user to experiment with different passwords before the required change of password (para 23).

2. Caldwell and Childress disclose the method according to claim 1, further comprising, if one of the at least one reserve password provides access to the at least one password protected device, updating the active password at the second password management server with the corresponding reserve password (the active password provides access, see above; this is a contingent limitation and the claim does not require this condition to occur, See MPEP 2111.04.II).

5. Caldwell and Childress disclose the method according to claim 1, further comprising the first password management server updating the device password at the password protected device with one of the at least one reserve passwords and transmitting a notification of the update to the second password management server via the communication link (Caldwell, para 102-104).

6. Caldwell and Childress disclose the method according to claim 5, wherein a failure of the communication link between the first and second password management servers has occurred such that the second password management server does not receive the notification of the update (it is implicit in Caldwell and Childress that if the communication link fails, then nothing can be transmitted on the communication link).

12. Caldwell and Childress disclose the method according to claim 1, wherein the first password management server is scheduled, in a predetermined timeframe, to update the active password of the at least one password-protected device to be a predetermined one of the at least one reserve passwords (Caldwell, 103-104; Childress, 24-26), and wherein the second password management server, if it does not receive a notification by the end of the predetermined timeframe that this update has been performed, updates its active password to be the predetermined one of the at least one reserve passwords (Caldwell, para 103-104, update is received; this is a contingent limitation and the claim does not require this condition to occur, See MPEP 2111.04.II).

Claim(s) 3, 4, 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell and Childress as applied to claim 1 above, and further in view of Venkataramani (US 2018/0004934) hereafter Venkataramani.
3. Caldwell and Childress disclose the method according to claim 1, but do not explicitly disclose further comprising the second password management server transmitting a message to the first password management server via the communication link to determine whether the first password management server has updated the active password registered with the at least one password protected device with one of the at least one reserve passwords.  However, in an analogous art, Venkataramani discloses automatic password management including transmitting a message to the first password management server via the communication link to determine whether the first password management server has updated the active password registered with the at least one password protected device (para 37, checks (requests) the password history database to determine the last time password was changed). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Caldwell and Childress with the implementation of Venkataramani in order to determine if the password needs to be changed (para 37).

4. Caldwell, Childress, and Venkataramani disclose the method according to claim 3, further comprising the second password management server determining that the communication link has failed if no response is received to the transmitted message (a response is received; this is a contingent limitation and the claim does not require this condition to occur, See MPEP 2111.04.II).

7. Caldwell and Childress disclose the method according to claim 1, but do not explicitly disclose further comprising one of the first and second password management servers updating the device password registered with the device with one of the at least one reserve passwords, and transmitting a notification of the update to the other of the first and second password management servers.  Caldwell and Childress do not explicitly disclose recording the time at which the device password was updated.  However, in an analogous art, Venkataramani discloses recording the time and which the device password was updated (para 37). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Caldwell and Childress with the implementation of Venkataramani in order to determine if the password needs to be changed (para 37).

Claim(s) 8-10, 13-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell, Childress, and Venkataramani as applied to claim 7 above, and further in view of Blakely, III et al. (US 5,838,903) hereafter Blakely.
8. Caldwell, Childress, Venkataramani disclose the method according to claim 7, but do not explicitly disclose further comprising, upon failure to send the notification to the other of the first and second password management servers, the one of the first and second password management servers holding the notification for sending when the communication link is restored. However, in an analogous art, Blakely discloses password integrity servers including upon failure to send the notification to the other of the first and second password management servers, the one of the first and second password management servers holding the notification for sending when the communication link is restored (col 8, 65-col 9, 10).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Caldwell, Childress, Venkataramani with the implementation of Blakely in order to provide for failure or lack of response (col 8, 65-col 9, 10).

9. Caldwell, Childress, Venkataramani, and Blakely disclose the method according to claim 8, further comprising, after restoration of the failed communication link, the one of the first and second password management servers transmitting the notification, and the other of the first and second password management servers receiving the notification, and updating the active password to be consistent with the update based on the received notification (Blakely, col 8, 65-col 9, 10).

10. Caldwell, Childress, Venkataramani, and Blakely disclose the method according to claim 8, wherein the notification also contains an identification of the password management server performing the update (it is implicit that there is at least an identifier such as an IP address in communicating over the network).

Claim 13 is similar in scope to claim 9 and is rejected under similar rationale.

14. Caldwell, Childress, Venkataramani, and Blakely disclose the method according to claim 13, further comprising recording a time of the at least one update to the active password, wherein the transmitted notification comprises the recorded time (Venkataramani, para 37).

15. Caldwell, Childress, Venkataramani, and Blakely disclose the method according to claim 13, wherein the first and second password management server are any of a plurality of password management servers (Caldwell, para 39-46; see also fig 1).

16. Caldwell, Childress, Venkataramani, and Blakely disclose the method according to claim 13, wherein the device is one of a plurality of devices (Caldwell, fig 1 and corresponding text).

Claim 17 is similar in scope to claim 1 and is rejected under similar rationale.

Claim 18 is similar in scope to claim 13 and is rejected under similar rationale. 

Claim 19 is similar in scope to claim 1 and is rejected under similar rationale. 

Claim 20 is similar in scope to claim 9 and is rejected under similar rationale.

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell and Childress as applied to claim 1 above, and further in view of Hibbert et al. (US 2017/0111335) hereafter Hibbert.
11. Caldwell and Childress disclose the method according to claim 1, but do not explicitly disclose further comprising one of the first and second password management servers transmitting a request to the second password management server for permission to update the device password and taking one or more of the following actions: if permission is received in response to the request, updating the device password to be one of the at least one reserve passwords; if permission is denied in response to the request, not updating the device password to be one of the at least one reserve passwords; if no response is received in response to the request: attempting to access the device with the active password and if access is granted, updating the device password to be one of the at least one reserve passwords; if access is not granted using the active password, attempting to access the device with one of the at least one reserve passwords and if access is granted, updating the active password for the one of the first and second password management servers to be one of the at least one reserve passwords.  However, in an analogous art, Hibbert discloses password updates including transmitting a request for permission to update the password and updating the password in response to received permission (fig. 5 and corresponding text).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Caldwell and Childress with the implementation of Hibbert in order to reduce exploitation and reduce harmful and malicious exposure to mission-critical systems (para 5).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/               Primary Examiner, Art Unit 2439