DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Applicant's arguments and amendments, filed on 04/05/2022 has been entered and carefully considered. Claim 23 is new. Claims 10, 20 and 22 are cancelled. Claims 1-9, 11-19, 21 and 23 have been examined and rejected.
 
Response to Amendment and Arguments
Applicant’s amendments and arguments filed on 04/05/2022 with respect to rejections of claims 1-9, 11-19, 21 and 23 have been considered but are found to be not persuasive. 
Applicant argues, “...the combined teachings of the cited references do not disclose or suggest a method that includes in response to determining that the client requests the permission, obtaining pattern information related to an access pattern in which the client accesses the target file, as in independent claim 1”, the examiner respectfully disagree. The applicant argues that “Lev Ran is attempting to consider the access patterns of other VFN lease clients whose leases were just revoked when processing the current write lease request, in order to prevent highly active other clients from being denied access or experiencing delays as a result of their leases being revoked. Such an approach is fundamentally different from the presently claimed technology, which obtains the patterns of access of the requesting client, as is expressly performed by the current independent claims”, the examiner respectfully disagree. 

The current application teaches what the pattern information include in paragraphs 0044 and 0046 as reproduced below: 
[0044] The pattern information may further include the level or type of permission for the target file 111 which the client 120 can obtain. In some embodiments, the server 110 may determine whether the target file 111 is being accessed or to be accessed by a further client. If the target file 111 is being accessed or to be accessed by the further client (e.g., the client 130), then the server 110 may determine that the permission requested by the client 120 has a first permission level. If there is no further client that is accessing or to access the target file 111, then the server 110 may determine the permission requested by the client 120 has a second permission level that is higher than the first permission level.

[0046] For example, where a permission is implemented as a lease, the exclusive lease may start one or more of read caching, write caching and handle caching, for example, read and write caching RW as well as read, write and handle caching RWH. The shared lease may start one or more of read caching and handle caching, for example, read caching R as well as read and handle caching RH. In this case, if the server 110 determines there is no further client accessing the target file 111, then the server 110 may determine the lease which can be granted to the client 120 has a higher level, for example, an exclusive lease. If the server 110 determines the request from the client 120 will cause a file access conflict or conflicts with an existing file access, then the server 110 may determine the lease which can be granted to the client 120 has a lower level, such as a shared lease.

In light of above mentioned embodiment of the specification, the broadest reasonable interpretation of the claim limitation, “in response to determining that the client requests the permission, obtaining pattern information related to an access pattern in which the client accesses the target file;”, as it would be understood and interpreted by one with the skill in the at the time of the invention that obtaining the pattern information does not only collect the access pattern of the client but also many other clients present at the same time that are accessing the same resource.
The specification further teaches in paragraph 0062,  the client 120 is refused grant of a permission for the target file 111, when an access conflict has happened, that is, whether there is a further client accessing the target file 111 during a period of time. This process is the same as the method taught by Lev Ran, where the method consider the access patterns of other VFN lease clients whose leases were just revoked when processing the current write lease request, in order to prevent highly active other clients from being denied access or experiencing delays as a result of their leases being revoked. As such the applicant’s arguments are found to be not persuasive.


Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-4, 11-14 and 21 are rejected under AIA  35 U.S.C. 103 as being unpatentable over LEV RAN et al. (U.S. PGPub 2010/0169392 hereafter LEV) in view of Ojha (U.S. PGPub 2020/0065509).
As per claims 1, 11 and 21, 
LEV teaches a method of accessing a file comprising: determining whether a client requests a permission for a target file (LEV, see fig., 9 para 0317, the VFN receiver's lease client 38 requests a write lease from lease manager 44 of the VFN transmitter that is the resource owner, at a write lease request step 132, the lease manager checks whether any other lease clients hold valid read leases for the resource, at a read lease check step 134 if so the lease manager revokes all of the other outstanding read leases for the at step 142), 
the permission allowing the client to cache data associated with the target file (LEV, see para 0266 the VFN receiver support caching of authorized content., authorized caching is supported for content accessed through a VFN transmitter, and for content fetched retrieved directly by a VFN receiver from an origin Web site and implementing authorized content caching , the VFN receiver caches the resource's data, but, before it grants the client access to the data, the VFN receiver sends an authorization request to the proper VFN transmitter, which is responsible for granting access to the content, write operations can be performed using a write-back cache scheme); 
5in response to determining that the client requests the permission, obtaining pattern information related to an access pattern in which the client accesses the target file; determining availability of the permission to the client by applying the pattern (LEV, see para 0313, 0317-0319, the VFN receiver's lease client 38 requests a read lease from the lease manager 44 of the VFN transmitter that is the resource owner, at a read lease request at step 120, the lease manager checks whether any other lease clients hold valid write leases for the resource, at a write lease check at step 122, the lease manager denies the read lease request,  as shown in fig. 9, lease client 38 requests a write lease from lease manager 44 of the VFN transmitter that is the resource owner, at a write lease request step 132. The lease manager checks whether any other lease clients hold valid read leases for the resource, at a read lease check step 134. In such a case, the lease manager revokes all of the other outstanding read leases for the resource, the lease manager then grants the write lease or grants the lease immediately, if no read leases were revoked, at a lease grant step 139); 
LEV exclusively fails to tech determining availability of the permission to the client by applying the pattern information to a decision model, the decision model being trained based on training pattern information and training permission information; and 10providing, to the client, an indication on the availability.  
In a similar field of endeavor Ojha teaches 
in response to determining that the client requests the permission, obtaining pattern information related to an access pattern in which the client accesses the target file (Ojha see para 0053, message processor 312 at server 310 monitors the messages 322 to detect the user interaction events performed by the plurality of users, message processor 312 codifies certain interaction attributes 344 pertaining to the user interaction events in a set of event records 334 stored in storage devices 330, message processor 312 will access user attributes 342, user identifiers, stored in user profiles 332 and/or the object attributes 340); 
determining availability of the permission to the client by applying the pattern information to a decision model (Ojha see para 0055, when instances of messages 322 corresponding to collaborative relationships initiated by the users are received at message processor 312, the collaboration attributes associated with the collaborative relationships are forwarded to permissions generator 316 which applies the collaboration attributes to activity-based permissions model 132 to determine respective sets of access permissions 326 to assign to the collaborative relationships, where access roles are determined as indicated by a set of representative access roles 324, access permissions 326 might correspond to a “co-owner” access role, an “editor” access role, a “viewer/uploader” access role, a “previewer/uploader” access role, a “viewer” access role, a “previewer” access role, an “uploader” access role), 
the decision model being trained based on training pattern information and training permission information (Hojer see para 0069-0075, collaborative relationship feature vectors 444, a user identifier, stored in a “userID” field, a content object identifier ,stored in an “objID” field, a collaboration action, stored in an “action” field, a set of access permissions associated with the collaborative relationship, stored in a “permissions” object, collaborative relationship properties or characteristics are used to form and train a learning model 446, the extracted, cleaned and filtered collaborative relationship feature vectors are prepared for input into the learning model, a first portion of the collaborative relationship feature vectors 442 are used to train the learning model  at step 416, a second portion of the feature vectors are used to validate the learning model  at step 420); 
and 10providing, to the client, an indication on the availability (Ojha, see para 0058, 0082, 0089, a set of access permissions are processed to update a set of access rules 338 stored in storage devices 330 at content management system 350. such as access rules 338  comprises data records storing various information that can be used to form one or more constraints to apply to certain functions and operations., the information pertaining to a rule in the rule base might comprise conditional logic operands input variables, conditions, constraints, operators  for forming a conditional logic statement that returns one or more results. More specifically, a set of access rules for a particular collaborative relationship might comprise conditional logic operands that identify the entities, users, content objects, that comprise the collaborative relationship, access rules 338 will be updated to assign a “viewer” access role to user u2 when accessing file f2, a set of representative access rule pseudo code 624, access rules 338 allows merely “viewer” access to content object “f2” by user “u2”).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of LEV with the teaching of Ojha, as doing so would provide an efficient method for assigning fine-grained, user-specific access permissions to shared content objects in the context of content management systems (Ojha see para 0025).

 	As per claims 2 and 12,
LEV in view of Ojha teaches the method of claim 1, wherein obtaining the pattern information comprises: determining whether the target file is being accessed or is to be accessed by a further client; 15in response to determining that the target file is being accessed or is to be accessed by the further client, determining that the permission has a first permission level; and in response to determining that no further client is accessing or is to access the target file, determining that the permission has a second permission level higher than the first permission level (LEV, see para 0313, 0317-0319, the VFN receiver's lease client 38 requests a read lease from the lease manager 44 of the VFN transmitter that is the resource owner, at a read lease request at step 120, the lease manager checks whether any other lease clients hold valid write leases for the resource, at a write lease check at step 122, the lease manager denies the read lease request,  as shown in fig. 9, lease client 38 requests a write lease from lease manager 44 of the VFN transmitter that is the resource owner, at a write lease request step 132, the lease manager checks whether any other lease clients hold valid read leases for the resource, at a read lease check step 134, the lease manager revokes all of the other outstanding read leases for the resource, the lease manager then grants the write lease or grants the lease immediately, if no read leases were revoked, at a lease grant step 139);

As per claims 3 and 13,
LEV in view of Ojha teaches the method of claim 2, wherein the first permission level corresponds to a shared permission, and the second permission level corresponds to an exclusive permission (LEV, see para 0313, the VFN receiver's lease client 38 requests a read lease from the lease manager 44 of the VFN transmitter that is the resource owner, at a read lease request step 120, the lease manager checks whether any other lease clients hold valid write leases for the resource, at a write lease check step 122. In such a case, the lease manager denies the read lease request, at a lease denial step 128, access to the requested resource is still provided to the client, at a validated access step 130, in the manner described above with reference to steps 102 through 118 of fig. 6).

As per claims 4 and 14,
LEV in view of Ojha teaches the method of claim 2, wherein obtaining the pattern information further comprises 25obtaining at least one of: an operation to be performed on the target file by the client, an identification of the client; and a time when the client makes a request for the permission (Ojha see para 0053, message processor 312 at server 310 monitors the messages 322 to detect the user interaction events performed by the plurality of users, message processor 312 codifies certain interaction attributes 344 pertaining to the user interaction events in a set of event records 334 stored in storage devices 330. In some cases, message processor 312 will access user attributes 342, user identifiers, stored in user profiles 332 and/or the object attributes 340);
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of LEV with the teaching of Ojha, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 1, 11 and 21;

7.	Claims 5-9, 15-19 and 23 are rejected under AIA  35 U.S.C. 103 as being unpatentable over LEV RAN et al. (U.S. PGPub 2010/0169392 hereafter LEV) in view of Ojha (U.S. PGPub 2020/0065509) in view of NEVATIA et al. (U.S. PGPub 2020/0412726).
30	As per claims 5 and 15,
LEV in view of Ojha teaches the method of claim 1, yet fails to teach further comprising: determining event information associated with providing of the availability, the 21Attorney Docket No.: 1003-1068 event information indicating at least one of maintenance of the permission, disabling of the permission and access to the target file; determining, for the decision model, a feedback corresponding to the availability, based on the event information; and 5updating the decision model with the feedback corresponding to the availability.  
In a similar field of endeavor NEVATIA teaches further comprising: determining event information associated with providing of the availability, the 21Attorney Docket No.: 1003-1068 event information indicating at least one of maintenance of the permission, disabling of the permission and access to the target file; determining, for the decision model, a feedback corresponding to the availability, based on the event information; and 5updating the decision model with the feedback corresponding to the availability (NEVATIA, see para 0039 as shown in fig 1C, the security monitoring platform apply the one or more reinforcement learning techniques to update the access rights data model based on the feedback received from the client device, the reinforcement learning technique(s) may include a deep Q-network (DQN) learning technique, a Q-learning technique, a Markov decision process (MDP), and/or the like, the reinforcement learning technique may be based on a lookup table a Q-table that includes a set of possible states and a set of actions that are possible for each state, the set of possible states correspond to a mapping between a set of features and a particular access level and/or the like, and the set of actions may include maintaining, revising, revoking, elevating, and/or modifying the access level).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of LEV in view of Ojha with the teaching of NEVATIA, as doing so would provide an efficient method for security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions (NEVATIA see para 0002-0003).

As per claims 6 and 16,
LEV in view of Ojha in of NEVATIA teaches the method of claim 5, wherein the availability indicates that the client is refused to be granted the permission, and wherein determining the feedback corresponding to the availability comprises: 10in response to the event information indicating that the target file is not accessed by a further client during a period of time, determining that the feedback corresponding to the availability is a negative feedback (NEVATIA see para 0021, 0027 ,  the attributes can be used to describe users a name, role, clearance level, job title, organization, department, and/or the like, resources, a data type, sensitivity level, classification, and/or the like, contexts., a location, time, , actions read, delete, modify, view, and/or the like, in an ABAC scheme, a PBAC scheme, and/or the like, policies can be defined to control access to resources based on certain combinations of attributes, the security monitoring platform perform the dimensionality reduction using a principal component analysis technique to determine a linear mapping of the historical data to a lower-dimensional space, using a non-negative matrix factorization to decompose a non-negative matrix to a product of two non-negative matrices, the security monitoring platform may perform feature hashing to transform the historical data into numeric values to enable certain machine learning algorithms that may depend on having a numeric representation of data to facilitate processing and statistical analysis).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of LEV in view of Ojha with the teaching of NEVATIA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 5 and 15;

As per claims 7 and 17,
LEV in view of Ojha teaches the method of claim 5, wherein the availability indicates that the client is allowed to be 15granted the permission, and wherein determining the feedback corresponding to the availability comprises: in response to the event information indicating that the permission is maintained during a period of time, determining that the feedback corresponding to the availability is a positive feedback; and 20in response to the event information indicating that the permission is disabled during the client accessing the target file, determining that the feedback corresponding to the availability is a negative feedback ( NEVATIA see para 0036, 0037, the probability scores that are determined using the access rights data model may generally be dependent upon a particular time or environmental state that existed at a time that the access rights data model was trained, access control policies that affect user access rights within the cloud applications may change from time to time, and these policy changes may lack a basis in the historical data that was used to train the access rights data model, the security monitoring platform performs actions to maintain, revoke, elevate, or otherwise revise user access rights based on the trained access rights data model over time, the reinforcement learning techniques enable the security monitoring platform to perform self-learning through feedback data that rewards or penalizes the actions that are performed based on whether the feedback data indicates that the actions were correct or incorrect).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of LEV in view of Ojha with the teaching of NEVATIA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 5 and 15;

As per claims 8 and 18,
LEV in view of Ojha in view of NEVATIA teaches the method of claim 7, wherein amounts of the positive feedback and the negative 25feedback depend on at least one of a type of the permission and duration of the permission ( NEVATIA see para 0036, 0037, the probability scores that are determined using the access rights data model may generally be dependent upon a particular time or environmental state that existed at a time that the access rights data model was trained, access control policies that affect user access rights within the cloud applications may change from time to time, and these policy changes may lack a basis in the historical data that was used to train the access rights data model, the security monitoring platform performs actions to maintain, revoke, elevate, or otherwise revise user access rights based on the trained access rights data model over time, the reinforcement learning techniques enable the security monitoring platform to perform self-learning through feedback data that rewards or penalizes the actions that are performed based on whether the feedback data indicates that the actions were correct or incorrect).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of LEV in view of Ojha with the teaching of NEVATIA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 5 and 15;
 
As per claims 9 and 19,
LEV in view of Ojha teaches the method of claim 1, yet fails to teach wherein the decision model is a model based on reinforcement learning.  
In a similar field of endeavor NEVATIA teaches wherein the decision model is a model based on reinforcement learning (NEVATIA, see para 0039 as shown in fig 1C, the security monitoring platform apply the one or more reinforcement learning techniques to update the access rights data model based on the feedback received from the client device, the reinforcement learning technique(s) may include a deep Q-network (DQN) learning technique, a Q-learning technique, a Markov decision process (MDP), and/or the like, the reinforcement learning technique may be based on a lookup table a Q-table that includes a set of possible states and a set of actions that are possible for each state, the set of possible states correspond to a mapping between a set of features and a particular access level and/or the like, and the set of actions may include maintaining, revising, revoking, elevating, and/or modifying the access level).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of LEV in view of Ojha with the teaching of NEVATIA, as doing so would provide an efficient method for security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions (NEVATIA see para 0002-0003).

As per claim 23
LEV in view of Ojha teaches the method of claim 5, yet fails to teach wherein determining the feedback corresponding to the availability further comprises: determining as the feedback a reward in response to a period of time during which the permission is maintained; wherein the reward has a first value in the event that a break in the permission happens before the period of time during which the permission is maintained reaches an average permission duration; wherein the reward has a second value in the event that a break in the permission happens after the period of time during which the permission is maintained reaches the average permission duration; and wherein the first value is less than the second value.
In a similar field of endeavor NEVATIA teaches wherein determining the feedback corresponding to the availability further comprises: determining as the feedback a reward in response to a period of time during which the permission is maintained; wherein the reward has a first value in the event that a break in the permission happens before the period of time during which the permission is maintained reaches an average permission duration ( NEVATIA see para 0036, 0037, the probability scores that are determined using the access rights data model may generally be dependent upon a particular time or environmental state that existed at a time that the access rights data model was trained, access control policies that affect user access rights within the cloud applications may change from time to time, and these policy changes may lack a basis in the historical data that was used to train the access rights data model, the security monitoring platform performs actions to maintain, revoke, elevate, or otherwise revise user access rights based on the trained access rights data model over time, the reinforcement learning techniques enable the security monitoring platform to perform self-learning through feedback data that rewards or penalizes the actions that are performed based on whether the feedback data indicates that the actions were correct or incorrect); 
wherein the reward has a second value in the event that a break in the permission happens after the period of time during which the permission is maintained reaches the average permission duration; and wherein the first value is less than the second value (NEVATIA, see para 0041, a state-action pair in the lookup table may be initialized based on a score that represents the probability that the current access level assigned to the at least one user is correct and the exploration and exploitation technique to update the score associated with the state-action pair based on the feedback by applying a reward that increase the score as the second value based on the feedback indicating that the modification to the current access level is approved or by applying a penalty  that  decreases the score as the first value based on the feedback indicating that the modification to the current access level is revised or rejected).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of LEV in view of Ojha with the teaching of NEVATIA, as doing so would provide an efficient method for security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions (NEVATIA see para 0002-0003).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANJOY K ROY whose telephone number is (571) -270-0675.  The examiner can normally be reached on Mon-Fri 8:30am-5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Nicholas R. Taylor can be reached on 571-272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.

/SANJOY ROY/
Examiner, Art Unit 2443

/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443