DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Terminal Disclaimer
The Terminal Disclaimer filed 5/26/2022 has been accepted and there is no longer a double patenting rejection.
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Paul Franz on 5/25/2022.

The application has been amended as follows: 

This listing of claims replaces all prior versions and listings of claims in the application.  
1. (Currently Amended) 	A method performed by data processing apparatus, the method comprising: 
	accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file, wherein each storage location may store one or more subordinate storage locations or files, wherein the hierarchy comprises:
		for each object, a respective node;
		for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object to the node representing the child object; 
	wherein at least one object is represented by a root object, and at least one object is represented by a leaf object; and
	for each object that is not an access control list root object, wherein an access control list root object is an object for which an access control list is owned by the object: 											metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object;
	receiving updates to an access control list for particular objects, and determining, for each update, whether the particular object is an access control list root object;
for each update for a particular object not determined to be an access control list root object: 
	generating a new access control list based on the update and the access control list referenced by the access control list identifier for the node and setting ownership of the new access control list to the particular object to cause the particular object to become an access control list root object;
	generating a new access control list identifier that identifies the new access control list; 
		storing the new access control list identifier in metadata for each object that descends from the particular object and that inherits the access control list from the particular object; and
storing the new access control list identifier as a divergent object in the access control list root object that the particular object descended from to indicate that updates to the access control list for the access control list root object are to be propagated to the new access control list identified by the new access control list identifier;	for each update for a particular object determined to be an access control list root object:		updating the access control list owned by the access control list root object, wherein the updated access control list is identified by the access control list identifier;		for each access control list identifier stored as a divergent object in the access control list root object, updating the access control list identified by the access control list identifier stored as the divergent object;
generating, for a first update request for an update to an access control list of a child object that references an access control list of an access control list root object by use of an access control list identifier, an asynchronous task event that specifies particular operations included in the update to the access control list of the child object;
	generating, for the access control list of the access control list root object, a conflicting access control list update that specifies that the access control list of the child object has started to diverge;
	in response to a second update request for an update to the access control list of the child object, wherein the second update request is received after the first update request and before an update specified by the first update request is completed, and based on the conflicting access control list update that specifies that the access control list of the child object has started to diverge:
		precluding performance of the update specified by the second update request until the update specified by the first update request is completed;
		after the update specified by the first update request is completed:
			removing the second update request from the conflicting access control list; 
			determining whether the second update request is allowable; and
			performing the update specified by the second update request only if the second update request is allowable.

2. (Cancelled) 

3. (Currently Amended)          The method of claim [[2]] 1, wherein the second update request is a request to remove an access capability of a user.

4. (Original)           The method of claim 1, wherein an update for a particular object comprises designating read and write access to either one of a storage location or a file.

5. (Original)           The method of any of claim 1, further comprising:
	receiving a request to generate a new object within the object hierarchy;
	for each new object that it is determined that the object will have only one parent object, assigning to the new object the access control list identifier of the parent object; and
	for each new object that it is determined that the object will have more from one parent object:	
		creating an access control list and an access control list identifier specific to the new object; and	
		storing, at the node corresponding to the new object, the access control list and the access control list identifier.

6. (Currently Amended)  	A system, comprising:
  	data processing apparatus; and 
	a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
	accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file, wherein each storage location may store one or more subordinate storage locations or files, wherein the hierarchy comprises:
		for each object, a respective node;
		for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object to the node representing the child object; 
		wherein at least one object is represented by a root object, and at least one object is represented by a leaf object; and
		for each object that is not an access control list root object, wherein an access control list root object is an object for which an access control list is owned by the object: metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object;
	receiving updates to an access control list for particular objects, and determining, for each update, whether the particular object is an access control list root object;
	for each update for a particular object not determined to be an access control list root object: 
		generating a new access control list based on the update and the access control list referenced by the access control list identifier for the node and setting ownership of the new access control list to the particular object to cause the particular object to become an access control list root object;
		generating a new access control list identifier that identifies the new access control list; 
		storing the new access control list identifier in metadata for each object that descends from the particular object and that inherits the access control list from the particular object; and
storing the new access control list identifier as a divergent object in the access control list root object that the particular object descended from to indicate that updates to the access control list for the access control list root object are to be propagated to the new access control list identified by the new access control list identifier;	for each update for a particular object determined to be an access control list root object:		updating the access control list owned by the access control list root object, wherein the updated access control list is identified by the access control list identifier;		for each access control list identifier stored as a divergent object in the access control list root object, updating the access control list identified by the access control list identifier stored as the divergent object;
generating, for a first update request for an update to an access control list of a child object that references an access control list of an access control list root object by use of an access control list identifier, an asynchronous task event that specifies particular operations included in the update to the access control list of the child object;
	generating, for the access control list of the access control list root object, a conflicting access control list update that specifies that the access control list of the child object has started to diverge;
	in response to a second update request for an update to the access control list of the child object, wherein the second update request is received after the first update request and before an update specified by the first update request is completed, and based on the conflicting access control list update that specifies that the access control list of the child object has started to diverge:
		precluding performance of the update specified by the second update request until the update specified by the first update request is completed;
		after the update specified by the first update request is completed:
			removing the second update request from the conflicting access control list; 
			determining whether the second update request is allowable; and
			performing the update specified by the second update request only if the second update request is allowable.

7. (Cancelled)
	
8. (Currently Amended) 	The system of claim [[7]] 6, wherein the second update request is a request to remove an access capability of a user.

9. (Original)       The system of claim 6, wherein an update for a particular object comprises designating read and write access to either one of a storage location or a file.

10. (Previously Presented)       The system of claim 6, the operations further comprising:
	receiving a request to generate a new object within the object hierarchy;
	for each new object that it is determined that the object will have only one parent object, assigning to the new object the access control list identifier of the parent object; and
	for each new object that it is determined that the object will have more from one parent object:	
		creating an access control list and an access control list identifier specific to the new object; and	
		storing, at the node corresponding to the new object, the access control list and the access control list identifier.

11. (Currently Amended)	A non-transitory computer readable storage medium storing instructions executable by a user device and upon such execution cause the user device to perform operations comprising:	
	accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file, wherein each storage location may store one or more subordinate storage locations or files, wherein the hierarchy comprises:
		for each object, a respective node;
		for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object to the node representing the child object; 
		wherein at least one object is represented by a root object, and at least one object is represented by a leaf object; and
		for each object that is not an access control list root object, wherein an access control list root object is an object for which an access control list is owned by the object: metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object;
	receiving updates to an access control list for particular objects, and determining, for each update, whether the particular object is an access control list root object;
	for each update for a particular object not determined to be an access control list root object: 
		generating a new access control list based on the update and the access control list referenced by the access control list identifier for the node and setting ownership of the new access control list to the particular object to cause the particular object to become an access control list root object;
		generating a new access control list identifier that identifies the new access control list;
		storing the new access control list identifier in metadata for each object that descends from the particular object and that inherits the access control list from the particular object; and
storing the new access control list identifier as a divergent object in the access control list root object that the particular object descended from to indicate that updates to the access control list for the access control list root object are to be propagated to the new access control list identified by the new access control list identifier;	for each update for a particular object determined to be an access control list root object:		updating the access control list owned by the access control list root object, wherein the updated access control list is identified by the access control list identifier;		for each access control list identifier stored as a divergent object in the access control list root object, updating the access control list identified by the access control list identifier stored as the divergent object;
generating, for a first update request for an update to an access control list of a child object that references an access control list of an access control list root object by use of an access control list identifier, an asynchronous task event that specifies particular operations included in the update to the access control list of the child object;
	generating, for the access control list of the access control list root object, a conflicting access control list update that specifies that the access control list of the child object has started to diverge;
	in response to a second update request for an update to the access control list of the child object, wherein the second update request is received after the first update request and before an update specified by the first update request is completed, and based on the conflicting access control list update that specifies that the access control list of the child object has started to diverge:
		precluding performance of the update specified by the second update request until the update specified by the first update request is completed;
		after the update specified by the first update request is completed:
			removing the second update request from the conflicting access control list; 
			determining whether the second update request is allowable; and
			performing the update specified by the second update request only if the second update request is allowable.

12. (Cancelled)
	
13. (Currently Amended) 	The non-transitory computer readable storage medium of claim [[12]] 11, wherein the second update request is a request to remove an access capability of a user.

14. (Original)       The non-transitory computer readable storage medium of claim 12, wherein an update for a particular object comprises designating read and write access to either one of a storage location or a file.

15. (Original)       The non-transitory computer readable storage medium of claim 12 the operations further comprising:
	receiving a request to generate a new object within the object hierarchy;
	for each new object that it is determined that the object will have only one parent object, assigning to the new object the access control list identifier of the parent object; and
	for each new object that it is determined that the object will have more from one parent object:	
		creating an access control list and an access control list identifier specific to the new object; and	
		storing, at the node corresponding to the new object, the access control list and the access control list identifier.
                                                    
Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: Upon review of the evidence at hand, it is hereby concluded that the totality of the evidence, alone or in combination, neither anticipates, reasonable teaches, nor renders obvious the noted features of the applicant's invention.
Applicant's arguments filed 3/21/2022 have been fully considered and are persuasive. The rejections under 35 U.S.C. 103 of claims 1,3-6,8-11, and 13-15 have been withdrawn. Claims 1,3-6,8-11, and 13-15 have been allowed.
The independent claims 1, 6, 11 are related to prior art(s): US 20070100830 A1; Beedubail; Ganesha et al. (hereinafter Bee), US 20070136578 A1 Dubhashi; Kedarnath A. et al. (hereinafter Dubhashi), US 20120036583 A1; KICHIKAWA; Tomohiro, (hereinafter Kich) and US 20120023295 A1 Nemawarkar; Shashank (hereinafter Nema). Bee teaches a method for updating an access control list (ACL) associated with one or more resources in a data processing system are provided. The method includes providing a table including a list of one or more first ACLs that map to a corresponding one or more previously computed second ACLs; and updating a current ACL associated with a first resource of the one or more resources in the data processing system including determining whether one of the one or more first ACLs in the table matches the current ACL associated with the first resource. Dubhashi teaches a item inheritance system can be employed to propagate an access control list to one or more items and can enforce the ACL propagation policies when a change to the security descriptor takes place at the root of a hierarchy. Kich teaches a system for determining whether or not the extracted grantor information represents the first user information; and changing the access right indicated by the operation information if it is determined that the extracted grantor information represents the received first user information. Nema teaches a hybrid address method for memory accesses in a network processor which implements corresponding lock out methods. The independent claim contains the unique concept of implementing a unique divergent object in a process of updating a access control list, this divergent object is combined with a unique access control list (ACL) identifier helps efficiently transverse and update a ACL. The system also uses the unique access control list (ACL) identifier in combination with the divergent object to help determine a child object has started to diverge and precludes the update by secondary request until a primary request has finished and then removes the secondary request from a unique conflicting access control list which is used to further enhance the process of updating ACLs. This unique step in combination with the surrounding language helps give the claim novelty. 	
	All dependent claims are also allowed based on their dependency on the Independent claims. 
The preceding is a general overview of one interpretation of the claims and does not specify the further detail provided by the separate claim limitations. The Examiner further emphasizes the claims as a whole and hereby asserts that the totality of the evidence fails to set forth, either explicitly or implicitly, an appropriate rationale for further modification of the evidence at hand to arrive at the claimed invention. It is thereby asserted by the Examiner that, in light of the above and in further deliberation overall of the evidence at hand, the claims are allowable as the evidence at hand does not anticipate the claims and does not render obvious any further modification of the references to a person of ordinary skill in the art. 						Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
                                                                                               
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARYAN D TOUGHIRY whose telephone number is (571)272-5212. The examiner can normally be reached Monday - Friday, 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on (571) 270-1760. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARYAN D TOUGHIRY/Examiner, Art Unit 2165                                                                                                                                                                                                        
/William B Partridge/Primary Examiner, Art Unit 2183