DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status
Claims 5-18 are allowed in this Office action.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Mr. John Harris on February 24, 2021.
The claims are amended as presented below and will replace all previous versions of claims:
Claims 1-4. (Cancelled)  
  	Claim 5. (Currently Amended) A method comprising: 
ingesting a plurality of records comprising: 

slitting the received plurality of records into data portions comprising the record data, and ACL portions comprising the ACLs;
optimizing the ACL portions to generate a plurality of virtual ACL nodes each specifying a plurality of authorized entities from the authorized entities of the received plurality of records, wherein the optimizing comprises: 
identifying all identical ACLs of the received ACLs, and 
replacing each of the identical ACLs with a single virtual ACL node; 
combining the data portions and the optimized ACL portions respective authorized entities of the ACL portions with corresponding virtual ACL nodes having the same respective authorized entities; 
generating an index of the combined data portions and optimized ACL portions based at least on
querying the plurality of ingested records comprising: 
receiving a query including an ACL filter specifying an entity; 
determining one or more virtual ACL nodes specifying the entity of the ACL filter from the index 
specified in the query with the determined one or more virtual ACL nodes; 
querying the index ; and 
returning at least one of the plurality of ingested records matching the index in response to the received query.  
Claim 6. (Currently Amended) The method of claim 5, wherein the generating the index 
indexing a first mapping between the respective authorized entities and the corresponding virtual ACL nodes 
indexing a second mapping between the corresponding virtual ACL nodes and the respective authorized entities specified on the corresponding virtual ACL nodes.  
Claim 7. (Currently Amended) The method of claim 5, wherein the optimizing the ACL portions comprises replacing authorized entities of the [[a]] plurality of authorized entities common to records of the [[a]] plurality of received records with [[a]] the single virtual ACL node.  
Claim 8. (Currently Amended) The method of claim 7, comprising: 

determining a processing savings by replacing the authorized entities of the plurality of authorized entities common to the records of the plurality of received records with the single virtual ACL node.  


Claim 9. (Currently Amended) The method of claim 8, wherein the authorized entities of the plurality of authorized entities common to the records of the plurality of received records are replaced with the single virtual ACL node if the processing savings is above a threshold value.  
Claim 10. (Currently Amended) The method of claim [[5]] 7, further comprising: 
hashing the common authorized entities that have been replaced by [[a]] the single virtual ACL node; and 
indexing the hashed common authorized entities and the single virtual ACL node that replaced the common authorized entities. 
Claim 11. (Currently Amended) The method of claim 10, the replacing the respective authorized entities of the ACL portions with the corresponding virtual ACL nodes 
hashing the respective authorized entities of the ACL portions 
using the hashed authorized entities 
replacing the hashed authorized entities indexed virtual ACL node.  
Claim 12. (Currently Amended) A system comprising: 
one or more processors; and 
one or more computer readable memories coupled to the one or more processors, the one or more computer readable memories having instructions stored thereon, which when executed by the one or more processors configure the system to:

receiving a plurality of records each comprising record data and an associated access control list (ACL) specifying one or more authorized entities that are authorized to access the 
slitting the received plurality of records into data portions comprising the record data, and ACL portions comprising the ACLs;
optimizing the ACL portions to generate a plurality of virtual ACL nodes each specifying a plurality of authorized entities from the authorized entities of the received plurality of records, wherein the optimizing comprises: 
identifying all identical ACLs of the received ACLs, and 
replacing each of the identical ACLs with a single virtual ACL node; 
combining the data portions and the optimized ACL portions respective authorized entities of the ACL portions with corresponding virtual ACL nodes having the same respective authorized entities; 
generating an index of the combined data portions and optimized ACL portions based at least on
query the plurality of ingested records comprising: 
receiving a query including an ACL filter specifying an entity; 

transforming the received query by replacing the entity specified in the query with the determined one or more virtual ACL nodes; 
querying the index ; and 
returning at least one of the plurality of ingested records matching the index in response to the received query.  
Claim 13. (Currently Amended) The system of claim 12, wherein the generating the index 
indexing a first mapping between the respective authorized entities and the corresponding virtual ACL nodes 
indexing a second mapping between the corresponding virtual ACL nodes and the respective authorized entities specified on the corresponding virtual ACL nodes.  
Claim 14. (Currently Amended) The system of claim 12, wherein the optimizing the ACL portions comprises replacing authorized entities of the [[a]] plurality of authorized entities common to records of the [[a]] plurality of received records with [[a]] the single virtual ACL node.  
Claim 15. (Currently Amended) The system of claim 14, comprising: 

determining a processing savings by replacing the authorized entities of the plurality of authorized entities common to the records of the plurality of received records with the single virtual ACL node.  
Claim 16. (Currently Amended) The system of claim 12, wherein the authorized entities of the plurality of authorized entities common to the records of the plurality of received records are replaced with the single virtual ACL node if the processing savings is above a threshold value.  
Claim 17. (Currently Amended) The system of claim [[12]] 14, further comprising: 
hashing the common authorized entities that have been replaced by [[a]] the single virtual ACL node; and 
indexing the hashed common authorized entities and the single virtual ACL node that replaced the common authorized entities.  
Claim 18. (Currently Amended) The system of claim 17, the replacing the respective authorized entities of the ACL portions with the corresponding virtual ACL nodes 
hashing the respective authorized entities of the ACL portions 
using the hashed authorized entities 
replacing the hashed authorized entities indexed virtual ACL node.



Summary of Related Prior Arts
The prior arts on record are summarized as follows:
i)	Young (Pub. No. US 2002/0186260) teaches displaying of access control in a graphical user interface including displaying resources in a tree structure having a plurality of nodes. Each node represents a resource and each resource has the potential for one or more users in relation to one or more actions on the resource. Permission to perform an action on a resource by a principal can be selectively displayed. The principal can be an individual user or a group of users. The result of a query relating to permission to perform an action on a specified resource for a principal can be displayed on the tree structure.
ii)	Palmer et al. (Pub. No. US 2014/0282910) teaches an information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors may be configured for integrating data stored in the disparate information systems utilizing a common model employed by the set of integration services. The common security model may include permissions particularly defined for use by the set of integration services. These common property definitions and permissions may be uniquely defined and utilized by the information integration system. 
iii)	Badhwar et al. (Pat. No. US 10,432,669) teaches using a security appliance to evaluate the software defined infrastructure. The security appliance includes a data ingestion and query engine. The data ingestion and query engine is configured to retrieve configuration and operational information associated with the 
iv)	Edwards et al. (Pub. No. US 2014/0041053) teaches data block access system accesses access control information associated with a plurality of data blocks of a storage volume at a data store, and determines whether a user associated with a request for access to a data block from the plurality of data blocks is authorized for the requested access. The data block access system determines whether the user is authorized for the requested access based on the access control information associated with that data block.
v)	Smolen et al. (Pat. No. US 7,792,791) teaches establishing and maintaining authenticity of a plurality of records and/or documentary materials to be persisted in an electronic archives system. Each record and/or documentary material may be safeguarded throughout its entire lifecycle by monitoring and recording both intended changes to each said record and/or documentary material and its corresponding status, as well as unintended changes to each said record and/or documentary material. Substantially uninterrupted proof-of-custody including at least a source may be established and preserved for each said record and/or documentary material throughout its entire lifecycle. 
Reasons for Allowance
The following is an examiner's statement of reasons for allowance of Claims 5-18:
In interpreting the claims filed on 19 November 2020, in light of the Specification, the relevant prior art of records and interview dated 24 February 2021, the Examiner finds the claimed invention to be patentably distinct from the prior art of records. Specifically, the prior art of records, individually or in combination, fail to explicitly teach, suggest or render obvious the claimed invention as recited in independent claims 5, and 12.
Other dependent claims are also allowed based on their dependencies on claims 5, and 12.
Any comments considered necessary by the Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Son Hoang whose telephone number is (571) 270-1752. The Examiner can normally be reached on Monday – Friday (7:00 AM – 4:00 PM).
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Usmaan Saeed can be reached on (571) 272-4046. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.


          /SON T HOANG/Primary Examiner, Art Unit 2169                                                                                                                                                                                                                February 24, 2021