DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This Office Action is in response to communication filed on 08/30/2021.
The claims 1-9 are pending.

Response to Arguments
With respect to the 112(b) rejection, the applicant’s arguments are not persuasive. As explained in the previous office action, the claim 1 limitation recites “the other devices or systems” there is no recitation of “the other devices or systems” prior to that limitation therefore there is antecedence issue. The claim should have stated perhaps "one or more of other devices and systems of the plurality of devices or systems", which applicant tries to recite in claim 1, lines 10-11. The 112(b) rejection is maintained.  
With respect to the 35 U.S.C. 103 rejection, the applicant’s arguments with respect to Blair are moot in light of new grounds of rejection.

Claim Objections
Claim 1 line 13 is objected to because of the following informalities: the claim recites “first device of the plurality of device” it should be “first device of the plurality of devices”.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 lines 3-6   recitation of “a datastore configured to store access control rules for a plurality of devices or systems, the access controls rules for one or more layers defining access to a set of digital objects stored on the devices or systems by the other devices or systems within the plurality of devices or systems” implies that the digital objects are stored on the devices or systems by the other devices or systems, which is not supported by the applicant specifications document. 
Claims 2-9 do not cure the deficiencies of independent claim 1 thus rejected under 35 U.S.C. 112(a)

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim 1 in lines 3-6 recites stored on the devices or systems by the other devices or systems within the plurality of devices or systems. There is lack of antecedent basis in this limitation of the claim. The claim seems should have recited “… by one or more other devices or systems …”
Claim 1 in lines 3-6 recites “… stored on the devices or systems by …”. There is lack of antecedent basis in this limitation of the claim. Claim 1 in lines 3-6 it seems should have stated "... stored on one of the plurality of devices or system by ...", which applicant tries to claim in claim 1, lines 10-11.

Claims 2-9 do not cure the deficiencies of independent claim 1 thus rendering the claims indefinite. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-4, and 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Larkin (US 20040044776 A1) hereinafter referred to as Larkin in view of Benraz (US 20150169616 A1) hereinafter referred to as Benraz.

With respect to claim 1, Larkin discloses: A system for enforcing restrictive access control with respect to a set of digital objects, (Larkin [0031] discloses “The security framework also allows for a 
comprising: a datastore configured to store access control rules for a plurality of devices or systems, (Larkin [0031-0032] disclose “the third party is a security authority (SA) that acts as a centralized security manager. All access between users must authenticate to the SA, and the SA distributes security keys that allow the users to share files. In the second embodiment, the SA acts as a security inspector, and grants or denies sharing based on metadata about the files being shared and the two users.” Wherein the later example makes it clear that there are access control rules stored on the SA memory for the plurality of devices exchanging files. Wherein Larkin [0062] discloses storage 190 illustrated in Fig. 1 coupled with the third party 185).
the access controls rules for one or more layers defining access to a set of digital objects stored on the devices or systems by the other devices or systems within the plurality of devices or systems; (Larkin [0031-0032] disclose “the SA acts as a security inspector, and grants or denies sharing based on metadata about the files being shared and the two users.” Which is interpreted as access control rules associated with defining access to a set of specific files based on their metadata that are stored on one device and to be shared with another device).
a central server coupled with the data store, (Larkin [0031-0032 and 0062] disclose “the third party is a security authority (SA)” which is mapped to the server and coupled with storage 190).
the central server configured to run programs and applications that cause the central server to access the access control rules in order to enforce the access control rules with respect to accessing digital objects stored on one of the plurality of devices or systems by one or more of the other devices and systems of the plurality of devices and systems via the access control rules … network; (Larkin [0060] discloses “third party 185 inspects characteristics of subject data, such as filename, content type, checksum, date, etc. and, based on some rule, decides whether a transfer of the subject data between 
a first device of the plurality of device and associated with a first user operatively coupled to the network, the first device comprising a user interface, and a processor configured to run programs or applications configured to cause the first device to: (Larkin [0021] discloses remote computer system as illustrated in Figs. 1 coupled to network 125 and Larkin [0038] discloses the computing devices used are comprising the recited components).
receive a request, from a second device of the plurality of devices and comprising a user interface and a processor configured to run programs or applications, the second device associated with a second user, to allow access to a set of digital objects stored on the first device; (Larkin [0021] discloses “local user accessing data from a remote system” wherein the file request is to another user in a “peer-to-peer relationship”. Wherein Larkin paragraph [0060] discloses based on determination rules to allow data transfer from one user to the other.).
determine, based at least in part on a first access control rule of the stored access control rules, to block the second device from accessing at least a first digital object included in the set of digital objects, (Larkin paragraph [0060-0061] discloses also user being denied access based on Access Control List (ACL)).
while the user of the first device can access the first digital object. (Larkin [0052] discloses one embodiment wherein A wants to share a file with B which means a first user can access the file. This limitation is implicit since a user has access to their files on his/her device).
Larkin does not explicitly disclose “an access control rules synchronization network;”
However, Benraz in an analogous art discloses controlling access to files between a user device and remote device as illustrated in Figs. 4-5 also discloses an access control rules synchronization network; (Benraz [0076] discloses “step 1240, the method may include providing to another device a list 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Larking with an access control rules synchronization network as disclosed by Benraz to enable user access without the need to remember remote file location of know additional information like username, password, and/or IP address of the remote computer to perform an access, see Benraz [0005].

With respect to claim 3, Larkin in view of Benraz disclose: The system of claim 1, wherein the first access control rule includes blocking access based on an identification or determination of at least one of the second device, the second user, an application associated with the digital object, an attribute associated with the digital object, or metadata of the digital object. (Larkin paragraph [0031] discloses using file metadata to allow or deny access).

With respect to claim 4, Larkin in view of Benraz disclose: The system of claim 1, wherein the first device is further configured to determine, based at least in part on a second access control rule, to provide access to at least the first digital object included in the set of digital objects. (Larkin [0042-0055] explain “A uses configuration tool 115 to mark file 102 as shareable, and to permit B's access to file 102.” So for this embodiment, for every file there is an access control rule that is determined by first device A). 

With respect to claim 6, Larkin in view of Benraz disclose: The system of claim 1, wherein the request is received during a browsing session with the second device. (Larkin paragraph [0021] 

With respect to claim 7, Larkin in view of Benraz disclose: The system of claim 6, wherein the first device is configured to determine, based at least in part on a first access control rule, to permit a third user on a third device access to the first digital object. (Larkin paragraph [0023] discloses in a peer-to-peer one user is able to share with any number of users).

With respect to claim 8, Larkin in view of Benraz disclose: The system of claim 1, wherein the first device and the second device are configured to engage in a browsing session (Larkin paragraph [0069] discloses user would be able to browse files available).
wherein the second user browses the set of digital objects via the first device. (Larkin paragraph [0032] discloses user deciding which files on the local workstation to be shared, which means the second user browser would be able to access them).

With respect to claim 9, Larkin in view of Benraz disclose: The system of claim 1, wherein the second device access the first device using a peer-to-peer network. (Larkin paragraph [0021] discloses peer-to-peer access between users’ devices).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Larkin in view of Benraz as applied to claims 1, 3-4, and 6-9 above, and further in view of Huang et al. (US 20150278486 A1) hereinafter referred to as Huang.

With respect to claim 2, Larkin in view of Benraz disclose: The system of claim 1, 
wherein the second user, based at least in part on a first access control rule, is blocked from accessing the first digital object by the first device and the second device. 
However, Huang in an analogous art discloses wherein the second user, based at least in part on a first access control rule, is blocked from accessing the first digital object by the first device and the second device. Abstract discloses “usage policy (P1.P2) pertaining to source data (D1,D2) generated by a source node (300a, 300b). The usage policy dictates permission to access and use the source data” paragraph [0044] the policies including allowing or blocking to data wherein paragraph [0032] disclose enforcing the policies at subsequent nodes which means that includes receiver node as well. Wherein the nodes could belong to users as recited in paragraph [0005]. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Larkin and Benraz as combined above to ensure “usage policy pertaining to new data generated directly or indirectly from original source data can likewise be verified as being valid and trustworthy.” (see Huang paragraph [0032-0033]).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Larkin in view of Benraz as applied to claims 1, 3-4, and 6-9 above, and further in view of Scafaria et al. (US 20160162695 A1) hereinafter referred to as Scafaria.

With respect to claim 5, Larkin in view of Benraz disclose: The system of claim 4, 
They do not explicitly disclose the overriding disclosed: wherein the second access control rule is a session layer rule, wherein the first access control rule is an application layer rule, and the second access control rule overrides the first access control rule. (according to applicant specifications [00251-
However, Scafaria in an analogous art using access rules to control user access wherein paragraph [0078] discloses “the second data being based on the analyzed first data” and paragraph [0080] discloses “updating, by the UE, the second data with a third data, the third data including a second rule set governing access to the third data. Block 516 specifies wherein the second rule set replaces the rule set governing access to the first data.” Which explains overriding one data layer rule with another.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Larkin and Benraz as combined above for a second access control rule overrides a first access control rule disclosed by Scafaria in order “to provide a better understanding of relationships with other individuals or companies” (see Scafaria paragraph [0080]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322.  The examiner can normally be reached on Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/H.S.G./Examiner, Art Unit 2493                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491