Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 5/28/2019. Claims 1 and 22 are independents. Claims 1-44 are currently pending.

Objection 
Claim 1 is objected. The last line but one on p.53/61 should be “control information of the first data server…”
Claim 9 is objected. The number 300 in the second line of claim 9 should be removed.
Appropriate correction is required.

Claim Rejections -35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	Claims 1-44 are rejected under 35 U.S.C. 103 as being unpatentable over BIRKEL et al. (WO 2015/069234 A1), hereinafter D1, in view of Guo (CN 106127064 A), hereinafter D2.

	Regarding claims 1 and 22, D1 teaches a cloud data storage system for managing access authority to a cloud storage (FIG. 1,  #160 and #170, file and directory storages in cloud service), comprising:
	a plurality of data servers for receiving at least one input/output request (I/O request) from at least one client computer and for serving the at least one I/O request, 
	a central processing unit for processing the at least one I/O request from the at least one client computer and for processing associated data (FIG. 9 and p.11/34 ln25-p. 12/34 ln2, system in cloud service process file/directory access requests [I/O requests] through user interface #920, processor #920 [including central processing unit] and other components); and
	an access control enforcement unit that executes or rejects the at least one I/O request from the at least one client computer, and comprises a set of local access control information (FIG. 3, #320 and #330 and FIG. 7);
	a set of cloud data that is located in a cloud storage unit, the set of cloud data (FIG. 1,  #160 and #170; FIG. 3 #320 and #330) comprises:
	a plurality of user object files for being accessed by the plurality of data servers in order to serve the at least one I/O request from the at least one client computer, where each of the plurality of user object files respectively corresponds to one of a plurality of folders, and the plurality of folders belong to file systems of the plurality of data servers (FIG. 1,  #160 and #170, files and folders, FIG. 3  p.5/34 ln10-16, cloud content sharing service will typically store metadata related to the files and/or directories stored by the service. This metadata may include, for example, access control data that describes the parties or groups that have permission to access the files and/or directories stored by the service. The interaction between the user's devices, such as user device, and the 
	a plurality of metadata object files comprising a set of global access control information and plural sets of status data, for being used by the plurality of data servers, wherein the global access control information is used to record corresponding relationships regarding access rights for the plurality of data servers to the plurality of folders, and each of the plural sets of status data represents a corresponding relationship between one of the plurality of data servers and one of the plurality of folders (FIG. 1,  #160 and #170, files and folders, FIG. 3  p.5/34 ln10-16, cloud content sharing service will typically store metadata related to the files and/or directories stored by the service. This metadata may include, for example, access control data that describes the parties or groups that have permission to access the files and/or directories stored by the service. The interaction between the user's devices, such as user device, and the cloud content sharing services, may take place via a network 105, such as the Internet, an intranet, a wide area network, a local area network, a personal area network, or some combination thereof; FIG. 3. #320 and #330 files/folders access permissions; user/group granted corresponding permissions);
	wherein when content of the global access control information is changed, among the plurality of data servers a first data server that is associated with the change detects the disappearance of a first set of status data among the plural sets status data, in which the first set of status data is associated with the first data server, and the first 
D1 does not explicitly disclose a memory unit for temporarily storing the at least one I/O request from the at least one client computer and the associated data. However, in an analogous art, D2 teaches a memory unit for temporarily storing the at least one I/O request from the at least one client computer and the associated data (p. 4/7, para. 2, sending the request in the request queue [temporary storage], the idle synchronous process is removed from the request queue request and processes the request, updating the transaction state, and finally the processing result is returned to the requesting user).


	Regarding claims 2 and 23, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein the global access control information comprises a plurality of entries, and each of the plurality of entries records one of the corresponding relationships regarding one of the access rights for one of the plurality of data servers to one of the plurality of folders (FIG. 1, FIG. 3 #350 and FIG. 3 #320 and #330 and cited contents above).

	Regarding claims 3 and 24, the combination of D1 and D2 teaches all of the limitations of claims 2 and 23, respectively, as described above. D1 further teaches wherein each of the plurality of entries further comprises a plurality of fields which store setting information comprising a data server identity (ID), a folder name, and an access right (FIG. 1, FIG. 3 #350 and FIG. 3 #320 and #330 and cited contents above; p. 15/34 ln8-17, construct a persisted aggregated users/groups store that identifies files controlled by a user, wherein the files are maintained in a plurality of cloud content sharing services; construct a persisted aggregated file permissions store that identifies access permissions associated with each file [data that identifies files controlled by a 
input from the user indicating how one or more of the access permissions are to be changed; and issue an instruction to one or more of the cloud content sharing services to implement the change).

	Regarding claims 4 and 25, the combination of D1 and D2 teaches all of the limitations of claims 2 and 23, respectively, as described above. D1 further teaches wherein the plurality of entries further form a table (FIG. 7).

	Regarding claims 5 and 26, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein in the global access control information, for any one of the plurality of folders, only one of the plurality of data servers has a higher access right to the one folder (p. 13/34, the last para., extending, to a second user, access rights to a filing directory; and revoking, from the second user, access rights to the file or directory).

	Regarding claims 6 and 27, the combination of D1 and D2 teaches all of the limitations of claims 5 and 26, respectively, as described above. D1 further teaches wherein the higher access right comprises a write access right (p. 13/34, ln24-25, permitted read or write to the file; write will have higher privilege).

Regarding claim 7, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein the cloud storage unit further comprises a cloud application programming interface (cloud API) which is a data access interface between the cloud storage unit and the plurality of data servers for assisting in command communication when transmitting data (FIG. 1 and FIG. 3, users using for example, Google Realtime API for transmitting data between local storages [data servers] and cloud content sharing service [cloud storage]).

	Regarding claim 8, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein the plurality of data servers are connected to the cloud storage unit through a first network, and the first network is an internet or a local area network (FIG. 3, request can go through #340 directly to #350 [local], or go through #371 (or #372 or the like) [internet] ).

	Regarding claim 9, the combination of D1 and D2 teaches all of the limitations of claim 8, as described above. D1 further teaches wherein the at least one client computer is connected to the plurality of data servers 300 through a second network, and the second network is an internet or a local area network (FIG. 3, request can go through #340 directly to #350 [first, local], or go through #371 (or #372 or the like) [second, internet]).

	Regarding claim 10, the combination of D1 and D2 teaches all of the limitations of claim 9, as described above. D1 further teaches wherein the first network and the 

	Regarding claim 11, the combination of D1 and D2 teaches all of the limitations of claim 9, as described above. D1 further teaches wherein the first network is different from the second network (p. 5/34, ln10-16, [t]he interaction between the user's devices, such as user device 110, and the cloud content sharing services, may take place via a network 105, such as the Internet [FIG. 3 request goes through #350 directly interpreted as local; request goes through cloud service interpreted as internet], an intranet, a wide area network, a local area network, a personal area network] or some combination thereof).

	Regarding claims 12 and 28, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein there is no need to use a central management mechanism to manage the access rights in the cloud data storage system when the plurality of data servers make data access to the cloud data (p. 6/34, ln16-25, local user files in storage 350 may be synchronized with the various cloud content sharing services 371, 372, etc., using the respective applications 25 (361, 362, ... ) for these services [in this synchronized case, no need for a central management mechanism]).

	Regarding claims 13 and 29, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein after the plurality of the data servers translate file names of the plurality of user object files, the file names of the plurality of user object files represent a structure corresponding to the plurality of folders (p. 5/34, ln30-p. 6/34 ln8, [t]he system may include a unified cloud service management (UCSM) application 310. This application may include a user interface module 315 in communication with two stores, a persisted aggregated file permissions (PAFP) store 320 and a persisted aggregated users/groups (PAUG) store 330. The PAFP store 320 may reflect some or all of the local file system in storage 350 and some or all of the files and directories (i.e., objects) shared in the various cloud content sharing services).

	Regarding claims 14 and 31, the combination of D1 and D2 teaches all of the limitations of claims 1 and 30, respectively, as described above. D1 further teaches wherein the first data server detects the disappearance of the first set of status data by regularly checking whether or not the first set of status data still exists in the cloud storage unit (p. 8/34, ln30-p.9/34, ln9, user  may also delete or add names; but then as in p. 6/34, para. 3, local user files in storage 350 may be synchronized with the various cloud content sharing services 371, 372, etc., using the respective applications 25 (361, 362, ... ) for these services).

Regarding claim 15, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein the access control enforcement unit refers to the local access control information so as to determine whether or not to execute the I/O request from the at least one client computer (p. 5/34, ln30-p. 6/34 ln8, [t]he PAFP store 320 and the PAUG store 330 may provide enough information to describe the shared files and directories controlled by the local user, and the users and groups that may access them. Further, the UCSM application may expose application program interface (API) functions that extend the functions of the User Interface to other programs on the platform on which the UCSM executes).

	Regarding claims 16 and 32, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein the local access control information is a part of the global access control information or is the whole global access control information (p. 7/34, ln1-5, the other parties (e.g., other persons or groups) having access to each such file or directory may be determined. Again, this determination is made per cloud content sharing service, so that each party's access to a particular file or directory is determined for each service through which the file/directory is shared).

	Regarding claims 17 and 33, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively as described above. D1 further teaches wherein the global access control information is recorded in a positive listing manner that records settings of the access rights for the plurality of data servers to the plurality 

	Regarding claim 18, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein the local access control information contained in each of the plurality of data servers records settings of the access right to at least one of the associated folders only for the data server to which the local access control information belongs (FIG. 7, FIG. 8 and p. 8/34 ln6-21, In an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

	Regarding claims 19 and 35, the combination of D1 and D2 teaches all of the limitations of claims 1 and 22, respectively, as described above. D1 further teaches wherein by scheduling a higher access right to a first folder of the plurality of folders, a 

	Regarding claim 20, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein after the first data server detects the disappearance of the first set of status data that are associated with the first data server, and downloads the global access control information, the first data server knows according to the downloaded global access control information that its access right to a second folder of the plurality of folders is given with a higher access right, and the first data server has to wait for a second data server's completion of a handling procedure for releasing the higher access right of the second folder by lowering the access right for itself to the second folder, and then the first data server performs an access right change procedure for the second folder (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  

	Regarding claim 21, the combination of D1 and D2 teaches all of the limitations of claim 1, as described above. D1 further teaches wherein after the first data server detects the disappearance of the first set of status data that are associated with the first data server, and downloads the global access control information, the first data server knows according to the downloaded global access control information that its access right to a second folder of the plurality of folders is given with a lower access right, and the first data server directly performs an access right change procedure for the second folder (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

	Regarding claim 30, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches wherein the step of downloading the global access control information from the cloud storage unit is triggered by an event that the first data server detects the disappearance of the first set of status data that are associated with the first data server (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the 

	Regarding claim 34, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches wherein the local access control information in the first data server only records settings of the access rights to at least one of the associated folders, which is associated with the first data server (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art). 

Regarding claim 36, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches wherein when the first data server knows according to the downloaded global access control information that its access right to the first folder is given with a higher access right, while the access right of a second data server to the first folder is given with a lower access right from the higher access right, the first data server has to wait for the second data server's completion of an access right change procedure for releasing the higher access right to the first folder, 

	Regarding claim 37, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches wherein when the first data server knows according to the downloaded global access control information that its access right to the first folder is given with a lower access right, while the access right of a second data server to the first folder is given with a higher access right from the lower access right, the first data server directly performs an access right change procedure for the first folder (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

	Regarding claim 38, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches further comprising a step of 

	Regarding claim 39, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches further comprising a step of determining whether the access right of the first data server to the first folder is given with a higher access right, when the content of the global access control information is changed (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

	Regarding claim 40, the combination of D1 and D2 teaches all of the limitations of claim 39, as described above. D1 further teaches further comprising, when it is determined that the access right of the first data server to the first folder is given with the higher access right, a step of waiting, by the first data server, for a second data 

	Regarding claim 41, the combination of D1 and D2 teaches all of the limitations of claim 40, as described above. D1 further teaches wherein the first data server knows the second data server's completion of the access right change procedure by regularly checking whether or not a second set of status data appears in the cloud storage unit, in which the second set of status data represents a corresponding relationship between the second data server and the first folder (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

Regarding claim 42, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches further comprising a step of checking whether there are cache data needed to be uploaded to the cloud storage unit in the first data server, when the content of the global access control information is changed (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

	Regarding claim 43, the combination of D1 and D2 teaches all of the limitations of claim 42, as described above. D1 further teaches further comprising, when there are cache data needed to be uploaded to the cloud storage unit in the first data server, a step of uploading the cache data and a message, by the first data server, to the cloud storage unit, in which the message represents the access right for the first data server to the first folder is in transition (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

Regarding claim 44, the combination of D1 and D2 teaches all of the limitations of claim 22, as described above. D1 further teaches further comprising a step of uploading a third set of status data into the cloud storage unit, in which the third set of status data represents a corresponding relationship between the first data server and the first folder, after the first data server completes updating its local access control information (FIG. 7, FIG. 8 and p. 8/34 ln6-21, [i]n an alternative embodiment, a user interface may be organized by person or group in the first column, for example, such that information related to a person or group (e.g., files or directories that this person or group  may access, and the service(s) involved)  may be found in the same row. Other 20 variations of such an interface may also be used, as would be understood by a person of ordinary skill in the art).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/ 	Examiner, Art Unit 2437 


/MATTHEW SMITHERS/           Primary Examiner, Art Unit 2437