Prosecution Insights
Last updated: July 17, 2026
Application No. 18/675,497

METHOD, DEVICE, AND COMPUTER PROGRAM PRODUCT FOR VERIFYING PASSWORD

Non-Final OA §103
Filed
May 28, 2024
Priority
Apr 26, 2024 — CN 202410511189.4
Examiner
LESNIEWSKI, VICTOR D
Art Unit
2493
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
3 (Non-Final)
59%
Grant Probability
Moderate
3-4
OA Rounds
1y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 59% of resolved cases
59%
Career Allowance Rate
286 granted / 488 resolved
+0.6% vs TC avg
Strong +55% interview lift
Without
With
+55.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
19 currently pending
Career history
510
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
87.0%
+47.0% vs TC avg
§102
9.0%
-31.0% vs TC avg
§112
0.8%
-39.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 488 resolved cases

Office Action

§103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The amendment filed 2/20/2026 has been placed of record in the file. Claims 1, 12, and 20 are amended. The objection to the specification is withdrawn in view of the amendment. Claims 1-20 are pending. The applicant’s arguments with respect to claims 1-20 have been considered but are moot in view of the following new grounds of rejection. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kao et al. (U.S. Patent Application Publication Number 2017/0185780), hereinafter referred to as Kao, in view of Emerson et al. (U.S. Patent Application Publication Number 2023/0134324), hereinafter referred to as Emerson, further in view of Kacherov et al. (U.S. Patent Application Publication Number 2012/0297444), hereinafter referred to as Kacherov. Kao disclosed techniques for securing BIOS passwords in a server computer. In an analogous art, Emerson disclosed techniques for managing storage of secrets in server computers. Also in an analogous art, Kacherov disclosed techniques for ensuring compliance with organizational policies. All of these systems are directed toward the management of secure passwords using management devices. Regarding claim 1, Kao discloses a method, comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords). Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81). The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3). Regarding claim 2, the combination of Kao, Emerson, and Kacherov discloses wherein the device comprises a server, the firmware program comprises a basic input/output system, and the dedicated controller comprises a baseboard management controller (Kao, paragraph 13, server computer, BIOS, and BMC). Regarding claim 3, the combination of Kao, Emerson, and Kacherov discloses wherein determining to start the device comprises: in response to the first user password being the same as the verification password, sending an authentication success signal from the baseboard management controller to the basic input/output system to start the server (Kao, paragraph 16, notifies BIOS of authentication result). Regarding claim 4, the combination of Kao, Emerson, and Kacherov discloses acquiring an administrator authority based on a secure network of the baseboard management controller; and updating the verification password stored in the baseboard management controller based on the administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and paragraph 18, BIOS user privilege control operation to change passwords). Regarding claim 5, the combination of Kao, Emerson, and Kacherov discloses in response to receiving a second user password, determining whether the second user password is the same as a changed verification password; and in response to the second user password being the same as the changed verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on). Regarding claim 6, the combination of Kao, Emerson, and Kacherov discloses updating the verification password stored in the baseboard management controller based on a preset policy (Kao, paragraph 18, changes passwords when user privilege is “password granted”). Regarding claim 7, the combination of Kao, Emerson, and Kacherov discloses in response to receiving a third user password, determining whether the third user password is the same as an updated verification password; and in response to the third user password being the same as the updated verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on). Regarding claim 8, the combination of Kao, Emerson, and Kacherov discloses encrypting the verification password stored in the baseboard management controller based on an encryption policy; in response to receiving a fourth user password, encrypting the fourth user password; determining whether an encrypted fourth user password is the same as an encrypted verification password; and in response to the encrypted fourth user password being the same as the encrypted verification password, determining to start the server (Kao, paragraph 17, encrypts and compares passwords, and notifies BIOS of authentication result, and Emerson, paragraph 69, seals password, and paragraph 14, BMC stores secrets in secure memory). Regarding claim 9, the combination of Kao, Emerson, and Kacherov discloses acquiring an administrator authority based on a secure network of the baseboard management controller; and determining the encryption policy based on administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and Emerson, paragraph 28, controlling aspects related to storing and accessing secret). Regarding claim 10, the combination of Kao, Emerson, and Kacherov discloses setting a plurality of dedicated controllers corresponding to a plurality of devices based on the plurality of devices; and performing cluster management on the plurality of dedicated controllers to manage passwords for starting the plurality of devices (Emerson, paragraph 38, remote management server manages network of multiple computer platforms). Regarding claim 11, the combination of Kao, Emerson, and Kacherov discloses receiving, by the basic input/output system, the verification password stored in the baseboard management controller from the server (Kao, paragraph 16, BIOS redirects keyboard events). Regarding claim 12, the combination of Kao, Emerson, and Kacherov discloses an electronic device, comprising: at least one processor; and memory coupled to the at least one processor and having instructions stored therein, wherein the instructions, when executed by the at least one processor, cause the electronic device to perform actions comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords). Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81). The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3). Regarding claim 13, the combination of Kao, Emerson, and Kacherov discloses wherein the device comprises a server, the firmware program comprises a basic input/output system, and the dedicated controller comprises a baseboard management controller (Kao, paragraph 13, server computer, BIOS, and BMC). Regarding claim 14, the combination of Kao, Emerson, and Kacherov discloses wherein determining to start the device comprises: in response to the first user password being the same as the verification password, sending an authentication success signal from the baseboard management controller to the basic input/output system to start the server (Kao, paragraph 16, notifies BIOS of authentication result). Regarding claim 15, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: acquiring an administrator authority based on a secure network of the baseboard management controller; and updating the verification password stored in the baseboard management controller based on the administrator authority (Kao, paragraph 15, inputted passwords sent from remote console encrypted over network, and paragraph 18, BIOS user privilege control operation to change passwords). Regarding claim 16, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: in response to receiving a second user password, determining whether the second user password is the same as a changed verification password; and in response to the second user password being the same as the changed verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on). Regarding claim 17, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: updating the verification password stored in the baseboard management controller based on a preset policy (Kao, paragraph 18, changes passwords when user privilege is “password granted”). Regarding claim 18, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: in response to receiving a third user password, determining whether the third user password is the same as an updated verification password; and in response to the third user password being the same as the updated verification password, determining to start the server (Kao, paragraph 16, compares inputted passwords with valid passwords, and paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on). Regarding claim 19, the combination of Kao, Emerson, and Kacherov discloses wherein the actions further comprise: encrypting the verification password stored in the baseboard management controller based on an encryption policy; in response to receiving a fourth user password, encrypting the fourth user password; determining whether an encrypted fourth user password is the same as an encrypted verification password; and in response to the encrypted fourth user password being the same as the encrypted verification password, determining to start the server (Kao, paragraph 17, encrypts and compares passwords, and notifies BIOS of authentication result, and Emerson, paragraph 69, seals password, and paragraph 14, BMC stores secrets in secure memory). Regarding claim 20, Kao discloses a computer program product comprising a non-transitory computer-readable medium having machine-executable instructions stored therein, wherein the machine-executable instructions, when executed by a machine, cause the machine to perform actions comprising: determining a first user password input to a firmware program of a device (paragraph 16, user inputs BIOS passwords); determining whether the first user password is the same as a verification password stored in a dedicated controller (paragraph 16, compares inputted passwords with valid passwords); and in response to the first user password being the same as the verification password stored in the dedicated controller, determining to start the device (paragraph 16, notifies BIOS of authentication result, and paragraph 18, authentication result is BIOS power on); wherein the verification password and a first policy for updating the verification password in the dedicated controller are stored in the dedicated controller (paragraph 17, valid passwords are stored in BMC, and paragraph 18, BMC provides privileges including process to change passwords). Kao does not explicitly state wherein a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller. However, storing passwords in such a fashion was well known in the art as evidenced by Emerson. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kao by adding the ability that a second policy, different than the first policy, for controlling encryption of the verification password in the dedicated controller is stored in the dedicated controller as provided by Emerson (see paragraph 28, managing secret including sealing and unsealing). One of ordinary skill in the art would have recognized the benefit that managing passwords in this way would assist in implementing a BMC that can provide both management-related roles and security-related roles for the host (see Emerson, paragraph 81). The combination of Kao and Emerson does not explicitly state wherein the stored elements are received in the dedicated controller from an additional device via a secure network. However, managing organizational data in such a fashion was well known in the art as evidenced by Kacherov. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kao and Emerson by adding the ability that the stored elements are received in the dedicated controller from an additional device via a secure network as provided by Kacherov (see paragraph 40, management platform sets restrictions on managed computing device, and paragraph 46, policies for managed devices). One of ordinary skill in the art would have recognized the benefit that utilizing organizational policies for data use and storage would assist in protecting sensitive data on managed devices (see Kacherov, paragraph 3). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Victor Lesniewski/Primary Examiner, Art Unit 2493
Read full office action

Prosecution Timeline

May 28, 2024
Application Filed
Dec 05, 2025
Non-Final Rejection mailed — §103
Feb 20, 2026
Response Filed
Apr 16, 2026
Final Rejection mailed — §103
Jun 16, 2026
Response after Non-Final Action
Jun 26, 2026
Request for Continued Examination
Jul 01, 2026
Response after Non-Final Action
Jul 14, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683976
SYSTEM AND METHOD FOR CONTINUOUS MONITORING AND REVOCATION OF DEVICE ACCESS AUTHORIZATION
2y 5m to grant Granted Jul 14, 2026
Patent 12671997
ELEVATED SECURITY EXECUTION MODE FOR NETWORK-ACCESSIBLE DEVICES
2y 5m to grant Granted Jun 30, 2026
Patent 12665764
VERIFICATION SYSTEM FOR OMNICHANNEL END-USER VERIFICATION
2y 4m to grant Granted Jun 23, 2026
Patent 12665902
PINNING DEVICE IDENTIFIERS TO CRYPTOGRAPHIC KEY PAIRS
2y 1m to grant Granted Jun 23, 2026
Patent 12659316
MEDIA USAGE MONITORING AND CONTROL
7y 0m to grant Granted Jun 16, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
59%
Grant Probability
99%
With Interview (+55.1%)
3y 3m (~1y 2m remaining)
Median Time to Grant
High
PTA Risk
Based on 488 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month