Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 02/12/2020; the provisional application priority date of 03/21/2019 is considered
Claims 1-20 are pending and rejected; claims 1, 10 and 19 are independent claims
The double patenting rejection sent with the first Office action is still unresolved.
 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on with this application is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant's arguments filed on 12/06/2021 have been fully considered but they are not persuasive. 
With respect to applicant’s argument: Tan does not disclose “causing the selected folder to require a heightened authentication protocol for access, where files in the selected folder are restricted from file sharing capability while the selected folder is associated with the heightened authentication protocol”
Examiner respectfully disagrees with applicant’s argument for the following reasons: Tan discloses (see Tan ¶73, the purpose of this PIN request is to allow the client/recipient 215 to proceed into the secondary (tier 2) secure session 285. If the client/recipient 215 chooses to deny the request for PIN, they will remain in their primary secure session, but not be able to access the digital content .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tan et al. US Pub. No. 2017/0235490 A1 (hereinafter Tan).

Tan teaches:
As to claim 1. A method for controlling access to data stored in a cloud-based storage service, the method comprising: 
storing, at the cloud-based storage service, files and folders associated with a user account (see Tan ¶¶2-8, securely storing digital content in a cloud network system using a protected user account w.r.t. an authorized session);; 
receiving, at the cloud-based storage service, a first request to cause a folder to be associated with a heightened authentication protocol  (see Tan ¶¶2-8 & Figs. 2A / E-225 & E-260 and ¶¶70, 80, a process to enable multiple layers of authentication tiers of protection for securely stored digital content constitutes a heightened authentication protocol); 
in response to the first request, causing the selected folder to require the heightened authentication protocol for access (see Tan ¶¶2-8, Figs. 2A / E-225 & E-260 and ¶8 a process to enable multiple layers of authentication tiers of protection for securely stored digital content constitutes a heightened authentication protocol), wherein files in the selected folder are restricted from file sharing capability while the selected folder is associated with the heightened authentication protocol (see Tan ¶¶66 79 108, If the client authentication 140 does not match with the session ID management 145, the connection to the database management 135 will not be established, and the digital content being shared will not be accessible. This authentication provides an additional layer of security for digital content being stored and shared through the system).
receiving, at the cloud-based storage service, a second request for a file that is stored in the portion of the data that is associated with the heightened authentication protocol (see Tan Fig. 2 and ¶73, starting an authentication session to access data upon receiving user’s username and password for an access request); 
authenticating the second request based on the heightened authentication protocol; in response to authenticating the second request, granting permission to access the file that is stored in the portion of the data associated with the heightened authentication protocol (see Tan, Fig. 2A and ¶¶ 73-77, including a primary and a secondary authentication sessions); and 
in response to a failure to authenticate the second request, denying access to the file that is stored in the portion of the data associated with the heightened authentication protocol, while allowing access to files stored in other areas associated with the user account based on an authentication based on a simple or basic authentication mechanism associated with the user account (see Tan ¶73, the purpose of this PIN request is to allow the client/recipient 215 to proceed into the secondary (tier 2) secure session 285. If the client/recipient 215 chooses to deny the request for PIN, they will remain in their primary secure session, but not be able to access the digital content provided in the certified share notification 210 shared by the owner/administrator 205). 

As to claim 2, the method of claim 1, wherein the permission is temporary (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

, wherein the permission is associated with a timeout period (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

As to claim 4, the method of claim 1, wherein the file and folders are accessed via a file system (see Tan ¶58, transferred to, or otherwise shared with using a file sharing or file transfer type system). 

As to claim 5, the method of claim 4, wherein the file and folders accessible via a user interface for accessing the file system (see Tan ¶67, provides a system communications interface module 160 that controls input commands). 

As to claim 6, the method of claim 1, wherein the file and folders accessible based on a temporary session (see Tan ¶57, digital content owner, allowing the access time to the digital content to be restricted to a specific period of time). 

As to claim 7, the method of claim 6, wherein temporary session is associated with a specific user device (see Tan ¶74, the primary session ID 255 being returned during PIN authentication must match the primary session ID provided to the client/recipient 215 during the tier 1 (primary) authentication step 235). 

As to claim 8, the method of claim 3, wherein the permission is withdrawn when the timeout period expires (see Tan ¶78, the share will end when the timer expires). 

As to claim 9, the method of claim 1, wherein the heightened authentication protocol comprises one of two-factor authentication, multifactor authentication, multiple step verification, two-step authentication, or strong authentication (see Tan ¶293, the access rights and permissions 1840, any multi-factor or digital certification analyzer (DCA) protection 1845 applied to the file 1805 and any access expiration information 1850 that may be applied to the file 1805 being accessed). 

As to independent claim 10, this claim directed to a system executing the method of claim 1; therefore it is rejected along similar rationale.
As to independent claim 19, this claim directed to a computing device comprising: one or more data processing units executing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 11-18 and 20, these claims contain substantially similar subject matter as claims 2-9; therefore they are rejected along the same rationale.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433              

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433