Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 02/12/2020; the provisional application priority date of 03/21/2019 is considered
Claims 1-20 are pending and rejected; claims 1, 10 and 19 are independent claims

Information Disclosure Statement
The information disclosure statement (IDS) submitted on with this application is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 provisionally rejected on the ground of nonstatutory double patenting over claim 1-20 of copending Application No. (16/428,830) since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent application.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: 
Copending application (16/428,830)
Instant application (16/428,824)
1.  A method for controlling access to data stored in a cloud-based storage service, 
the method comprising: storing, at the cloud-based storage service, data associated with a user account; 






receiving, at the cloud-based storage service, a user request for an application to access data that is associated with the heightened authentication protocol;
authenticating the user request based on the heightened authentication protocol; 
in response to authenticating the request, granting permission to the application to access the data that is associated with the heightened authentication protocol, wherein the permission is time-limited; 
determining that a time limit has been reached; 
in response to determining that the time limit has been reached, determining that the application is editing the data that is associated with the heightened authentication protocol; and


the method comprising: storing, at the cloud-based storage service, data associated with a user account; 

in response to the first request, causing the portion of the data to require the heightened authentication protocol for access; 
receiving, at the cloud-based storage service, a second request for a file that is stored in the portion of the data that is associated with the heightened authentication protocol;
authenticating the second request based on the heightened authentication protocol; 
in response to authenticating the second request, granting permission to access the file that is stored in the portion of the data associated with the heightened authentication protocol; and 


in response to a failure to authenticate the second request, denying access to the file that is stored in the portion of the data associated with the heightened authentication protocol, while allowing access to files stored in other areas associated with the user account based on an 


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claims 10 & 19 are rejected under 35 U.S.C. 101 because the claimed invention may be directed to software per se which is directed to non-statutory subject matter.  Examiner notes for a system / device claim, at least one recited element, in the claim body, must be a hardware component; however, the claim recited as (i) a functional unit (i.e. a data processing unit) may be reasonably interpreted as being not limited to hardware elements and (ii) a computer readable medium, as recited in the claim, may be reasonably interpreted as being intended to include communication media that include signals / carrier waves which “bear" instructions as claimed according to the disclosure of the specification (SPEC: Para [0085]) and as such, the claim may be merely directed to software per se as a non-statutory subject matter in the claim body, for example, to explicitly include (comprise) “at least one hardware processor (or processor device)”.   Any other claims not addressed are rejected by virtue of their dependency

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tan et al. US Pub. No. 2017/0235490 A1 (hereinafter Tan).

Tan teaches:
As to claim 1. A method for controlling access to data stored in a cloud-based storage service, the method comprising: 
storing, at the cloud-based storage service, data associated with a user account (see Tan ¶¶2-8, securely storing digital content in a cloud network system using a protected user account w.r.t. an authorized session);; 
receiving, at the cloud-based storage service, a first request to cause a portion of the data to be associated with a heightened authentication protocol  (see Tan ¶¶2-8 & Figs. 2A / E-225 & E-260 and ¶¶70, 80, a process to enable multiple layers of authentication tiers of protection for securely stored digital content constitutes a heightened authentication protocol); 
in response to the first request, causing the portion of the data to require the heightened authentication protocol for access (see Tan ¶¶2-8, Figs. 2A / E-225 & E-260 and ¶8 a process to enable 
receiving, at the cloud-based storage service, a second request for a file that is stored in the portion of the data that is associated with the heightened authentication protocol (see Tan Fig. 2 and ¶73, starting an authentication session to access data upon receiving user’s username and password for an access request); 
authenticating the second request based on the heightened authentication protocol; in response to authenticating the second request, granting permission to access the file that is stored in the portion of the data associated with the heightened authentication protocol (see Tan, Fig. 2A and ¶¶ 73-77, including a primary and a secondary authentication sessions); and 
in response to a failure to authenticate the second request, denying access to the file that is stored in the portion of the data associated with the heightened authentication protocol, while allowing access to files stored in other areas associated with the user account based on an authentication based on a simple or basic authentication mechanism associated with the user account (see Tan ¶73, the purpose of this PIN request is to allow the client/recipient 215 to proceed into the secondary (tier 2) secure session 285. If the client/recipient 215 chooses to deny the request for PIN, they will remain in their primary secure session, but not be able to access the digital content provided in the certified share notification 210 shared by the owner/administrator 205). 

As to claim 2, the method of claim 1, wherein the permission is temporary (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

As to claim 3, the method of claim 1, wherein the permission is associated with a timeout period (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

As to claim 4, the method of claim 1, wherein the file is accessed via a file system (see Tan ¶58, transferred to, or otherwise shared with using a file sharing or file transfer type system). 

As to claim 5, the method of claim 4, wherein the file is accessible via a user interface for accessing the file system (see Tan ¶67, provides a system communications interface module 160 that controls input commands). 

As to claim 6, the method of claim 1, wherein the file is accessible based on a temporary session (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

As to claim 7, the method of claim 6, wherein temporary session is associated with a specific user device (see Tan ¶74, the primary session ID 255 being returned during PIN authentication must match the primary session ID provided to the client/recipient 215 during the tier 1 (primary) authentication step 235). 

As to claim 8, the method of claim 3, wherein the permission is withdrawn when the timeout period expires (see Tan ¶78, the share will end when the timer expires). 

As to claim 9, the method of claim 1, wherein the heightened authentication protocol comprises one of two-factor authentication, multifactor authentication, multiple step verification, two-step authentication, or strong authentication (see Tan ¶293, the access rights and permissions 1840, any multi-factor or digital certification analyzer (DCA) protection 1845 applied to the file 1805 and any access expiration information 1850 that may be applied to the file 1805 being accessed). 

As to independent claim 10, this claim directed to a system executing the method of claim 1; therefore it is rejected along similar rationale.
As to independent claim 19, this claim directed to a computing device comprising: one or more data processing units executing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 11-18 and 20, these claims contain substantially similar subject matter as claims 2-9; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478.  The examiner can normally be reached on Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NEGA WOLDEMARIAM/Examiner, Art Unit 2433                     

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433