DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 2/20/2026 has been placed of record in the file.
Claims 1, 12, and 20 are amended.
The objection to the specification is withdrawn in view of the amendment.
Claims 1-20 are pending.
The applicant’s arguments with respect to claims 1-20 have been considered but are moot in view of the following new grounds of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kao et al. (U.S. Patent Application Publication Number 2017/0185780), hereinafter referred to as Kao, in view of Emerson et al. (U.S. Patent Application Publication Number 2023/0134324), hereinafter referred to as Emerson, further in view of Kacherov et al. (U.S. Patent Application Publication Number 2012/0297444), hereinafter referred to as Kacherov.
Kao disclosed techniques for securing BIOS passwords in a server computer. In an analogous art, Emerson disclosed techniques for managing storage of secrets in server computers. Also in an analogous art, Kacherov disclosed techniques for ensuring compliance with organizational policies. All of these systems are directed toward the management of secure passwords using management devices.
Regarding claim 1, Kao discloses a method, comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords).
Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81).
The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3).
Regarding claim 2, the combination of Kao, Emerson, and Kacherov discloses wherein the device comprises a server, the firmware program comprises a basic input/output system, and the dedicated controller comprises a baseboard management controller (Kao, paragraph 13, server computer, BIOS, and BMC).
Regarding claim 3, the combination of Kao, Emerson, and Kacherov discloses wherein determining to start the device comprises: in response to the first user password being the same as the verification password, sending an authentication success signal from the baseboard management controller to the basic input/output system to start the server (Kao, paragraph 16, notifies BIOS of authentication result).
Regarding claim 4, the combination of Kao, Emerson, and Kacherov discloses acquiring an administrator authority based on a secure network of the baseboard management controller; and updating the verification password stored in the baseboard management controller based on the administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and paragraph 18, BIOS user privilege control operation to change passwords).
Regarding claim 5, the combination of Kao, Emerson, and Kacherov discloses in response to receiving a second user password, determining whether the second user password is the same as a changed verification password; and in response to the second user password being the same as the changed verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on).
Regarding claim 6, the combination of Kao, Emerson, and Kacherov discloses updating the verification password stored in the baseboard management controller based on a preset policy (Kao, paragraph 18, changes passwords when user privilege is “password granted”).
Regarding claim 7, the combination of Kao, Emerson, and Kacherov discloses in response to receiving a third user password, determining whether the third user password is the same as an updated verification password; and in response to the third user password being the same as the updated verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on).
Regarding claim 8, the combination of Kao, Emerson, and Kacherov discloses encrypting the verification password stored in the baseboard management controller based on an encryption policy; in response to receiving a fourth user password, encrypting the fourth user password; determining whether an encrypted fourth user password is the same as an encrypted verification password; and in response to the encrypted fourth user password being the same as the encrypted verification password, determining to start the server (Kao, paragraph 17, encrypts and compares passwords, and notifies BIOS of authentication result, and Emerson, paragraph 69, seals password, and paragraph 14, BMC stores secrets in secure memory).
Regarding claim 9, the combination of Kao, Emerson, and Kacherov discloses acquiring an administrator authority based on a secure network of the baseboard management controller; and determining the encryption policy based on administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and Emerson, paragraph 28, controlling aspects related to storing and accessing secret).
Regarding claim 10, the combination of Kao, Emerson, and Kacherov discloses setting a plurality of dedicated controllers corresponding to a plurality of devices based on the plurality of devices; and performing cluster management on the plurality of dedicated controllers to manage passwords for starting the plurality of devices (Emerson, paragraph 38, remote management server manages network of multiple computer platforms).
Regarding claim 11, the combination of Kao, Emerson, and Kacherov discloses receiving, by the basic input/output system, the verification password stored in the baseboard management controller from the server (Kao, paragraph 16, BIOS redirects keyboard events).
Regarding claim 12, the combination of Kao, Emerson, and Kacherov discloses an electronic device, comprising: at least one processor; and memory coupled to the at least one processor and having instructions stored therein, wherein the instructions, when executed by the at least one processor, cause the electronic device to perform actions comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords).
Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81).
The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3).
Regarding claim 13, the combination of Kao, Emerson, and Kacherov discloses wherein the device comprises a server, the firmware program comprises a basic input/output system, and the dedicated controller comprises a baseboard management controller (Kao, paragraph 13, server computer, BIOS, and BMC).
Regarding claim 14, the combination of Kao, Emerson, and Kacherov discloses wherein determining to start the device comprises: in response to the first user password being the same as the verification password, sending an authentication success signal from the baseboard management controller to the basic input/output system to start the server (Kao, paragraph 16, notifies BIOS of authentication result).
Regarding claim 15, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: acquiring an administrator authority based on a secure network of the baseboard management controller; and updating the verification password stored in the baseboard management controller based on the administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and paragraph 18, BIOS user privilege control operation to change passwords).
Regarding claim 16, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: in response to receiving a second user password, determining whether the second user password is the same as a changed verification password; and in response to the second user password being the same as the changed verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on).
Regarding claim 17, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: updating the verification password stored in the baseboard management controller based on a preset policy (Kao, paragraph 18, changes passwords when user privilege is “password granted”).
Regarding claim 18, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: in response to receiving a third user password, determining whether the third user password is the same as an updated verification password; and in response to the third user password being the same as the updated verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on).
Regarding claim 19, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: encrypting the verification password stored in the baseboard management controller based on an encryption policy; in response to receiving a fourth user password, encrypting the fourth user password; determining whether an encrypted fourth user password is the same as an encrypted verification password; and in response to the encrypted fourth user password being the same as the encrypted verification password, determining to start the server (Kao, paragraph 17, encrypts and compares passwords, and notifies BIOS of authentication result, and Emerson, paragraph 69, seals password, and paragraph 14, BMC stores secrets in secure memory).
Regarding claim 20, Kao discloses a computer program product comprising a non-transitory computer-readable medium having machine-executable instructions stored therein, wherein the machine-executable instructions, when executed by a machine, cause the machine to perform actions comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords).
Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81).
The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Victor Lesniewski/Primary Examiner, Art Unit 2493