DETAILED ACTION
1	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in reply to applicant communication filed on February 05, 2022. Claims 1, 3, 11, 12 and 18 have been amended. New claim 20 has been added. Claims 1, 3-20 are pending. Claims 1, 11 and 18 are independent form are presented for examination.

IDS
2	Applicant’s IDSs filed on February 05, 2022 and June 01, 2022 have been considered. 
Response to Argument
3	Applicant’s arguments filed on February 05, 2022 have been fully considered but they are moot based on new grounds of rejection.

Claim Rejections - 35 USC § 103
4	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5	Claims 1, 4-12, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) further in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1).
Regarding claim 1, Low discloses a method for computer security, the method comprising:
receiving an indication that a user is attempting to access a resource on a computing system ([0176]; a request to enumerate computing resources is transmitted from a client machine 10), wherein the resource is a file or directory stored on the computing system ([0234]; files such as word document and spreadsheet);
determining a source identifier associated with the user ([0176] ; the request includes an identification of a user of the client machine 10…[0178]; In some embodiments, information associated with the client machine 10 or with a user of the client machine 10 is received with the request); 
determining whether or not an access control list associated with the resource specifies the source identifier as allowable ([0233]; Each remote machine in the list has an associated set of resources. Associated with each resource is resource-related information that can include the resource name, a list of remote machines, and client users that are authorized to use that resource…[0234]; table two contains access privileges of user identifiers);
controlling access based on whether or not (1) the source identifier is specified as allowable ([0233]; Associated with each resource is resource-related information that can include the resource name, a list of remote machines, and client users that are authorized to use that resource…[0234]; table two contains access privileges of user identifiers); and
disallowing access to the resource when the source identifier is specified as not allowable ([0233] & [0186]; Users A and B are users of the client machines 10, “n/a” indicates that a desired application program is hosted, but is not available to client machine users … [0234]; the server 30 hosts the Spreadsheet program, the Customer Database and the Word Processor. User A is authorized to use the Spreadsheet, User B is authorized to use the Customer Database, and no users are authorized to use the Word Processor).
But Low doesn’t explicitly discloses determining whether the computing system is executing maintenance mode; determining, based on a permission bit associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode; and controlling access based on whether or not (2) the resource can only be accessed in maintenance mode, and (3) the system is executing in maintenance mode.
However, Sugano in analogous authenticated file system, discloses determining whether the computing system is executing maintenance mode ([0047]; the activation of the maintenance mode is determined at s402 as a precondition for authorizing access to the resource, Fig. 4, s402); and 
controlling access based on whether or not (2) the resource can only be accessed in maintenance mode ([0047]; If it is determined that the setting value is turned on (activation in the maintenance mode) in step S402, the processing proceeds to step S404, the USB control module 303 controls so as to write the data requested in step S401 into the USB memory 210…access to the resource is only available while the system is in the maintenance mode), and (3) the system is executing in maintenance mode ([0047]; access is allowed while the maintenance mode is activated, Fig. 4, s402).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Sugano to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.
But Low in view of Sugano doesn’t fully discloses determining, based on a permission bit associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode.
However, McNabb in analogous file access control system, discloses determining, based on a permission bit (permission bit 600, Fig. 11) associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode (Col. 14, line 56-Col. 15, line 15 & Col. 18, lines 23-32; The permission bits are checked at step 600, then at step 604 the SL labels are verified to establish that the process SL (272) is equal to or greater than the file SL (292). In step 608, the process user ID (UID) (262 not shown) is looked up in a database to determine if it has at least one of the accesses listed in the access authorization set (280) …The management and control of this table is preferably accessed in the maintenance mode of the system. The management functions may be stored in a separate partition of the storage of the trusted server such that authorized users may execute the maintenance mode, Fig. 11).
controlling access based on whether or not (1) the source identifier is specified as allowable (Col. 14, line 65-Col. 15, line 11 & Col. 8, lines 56-67; user ID is allowed/authorized to access), (2) the resource can only be accessed in maintenance mode (Col. 18, lines 20-23 & Col. 8, lines 56-67; In the preferred embodiment, the process table is an encrypted file stored on the trusted server that is a read only data structure. The management and control of this table is preferably accessed in the maintenance mode of the system), and (3) the system is executing in maintenance mode (Col. 18, lines 20-27; In the preferred embodiment, the process table is an encrypted file stored on the trusted server that is a read only data structure. The management and control of this table is preferably accessed in the maintenance mode of the system).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of McNabb to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.

Regarding claim 4, Low teaches the method of claim 1, wherein the receiving an indication that a user is attempting to access a resource on a computing system includes: 
receiving a user identifier associated with a process identifier that is associated with a program executing on the computing system ([1189] & [0234]; The session server 8620 in Table 4 includes data associating each application session with the user that initiated the application session, an identification of the client machine 10, if any, from which the user is currently connected to the remote machine 30′, and the IP address of that client computer 10).

Regarding claim 5, Low further teaches the method of claim 1, wherein the receiving an indication that a user is attempting to access a resource on a computing system includes: 
receiving an indication that a program executed by the user is attempting to read, write, or execute a file ([0384]; reading and/or writing access requests).

Regarding claim 6, Low further teaches the method of claim 1, wherein the determining a source identifier associated with the user includes: receiving a network address of a computing system operated by the user ([1189] & [0234]; The session server 8620 in Table 4 includes data associating each application session with the user that initiated the application session, an identification of the client machine 10, if any, from which the user is currently connected to the remote machine 30′, and the IP address of that client computer 10).

Regarding claim 7, Low teaches the method of claim 1, wherein the determining a source identifier associated with the user includes: receiving a hardware identifier of a computing system operated by the user ([1189] & [0234]; The session server 8620 in Table 4 includes data associating each application session with the user that initiated the application session, an identification of the client machine 10, if any, from which the user is currently connected to the remote machine 30′, and the IP address of that client computer 10…[0266]; information collected from user device includes MAC address).

Regarding claim 10, Low further teaches the method of claim 1, wherein the disallowing access to the resource includes: executing the program in an alternative execution environment ([0196; he remote machine 30 may verify the user credentials received from the client machine 10. Alternatively, the remote machine 30 may pass the user credentials to another remote machine for authentication).




Regarding claim 11, Low further teaches a method for computer security, the method comprising: 
receiving an indication that a user is attempting to access a resource on a computing system ([0176]; a request to enumerate computing resources is transmitted from a client machine 10), wherein the resource is a file or directory stored on the computing system ([0234]; files such as word document and spreadsheet);
But Low doesn’t explicitly discloses determining whether the computing system has been booted in maintenance mode; determining, based on a permission bit associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode; and when the resource can only be accessed in maintenance mode and when the system has not booted in maintenance mode, disallowing access to the resource.
However, Sugano in analogous authenticated file system, discloses determining whether the computing system has been booted in maintenance mode ([0047]; the activation of the maintenance mode is determined at s402 as a precondition for authorizing access to the resource, Fig. 4, s402); and 
when the resource can only be accessed in maintenance mode and when the system has not booted in maintenance mode ([0047]; If it is determined that the setting value is turned on (activation in the maintenance mode) in step S402, the processing proceeds to step S404, the USB control module 303 controls so as to write the data requested in step S401 into the USB memory 210…access to the resource is only available while the system is in the maintenance mode), disallowing access to the resource ([0047]; If it is determined that the setting value is turned on (activation in the maintenance mode) in step S402, the processing proceeds to step S404, the USB control module 303 controls so as to write the data requested in step S401 into the USB memory 210…access to the resource is only available while the system is in the maintenance mode), and (3) the system is executing in maintenance mode ([0047]; if the maintenance mode is not activated, the resource access is not allowed, Fig. 4, s402 no branch).



It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Sugano to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.
But Low in view of Sugano doesn’t fully discloses determining, based on a permission bit associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode.
However, McNabb in analogous file access control system, discloses determining, based on a permission bit (permission bit 600, Fig. 11) associated with the resource by the access control list, whether or not the resource can only be accessed in maintenance mode (Col. 14, line 56-Col. 15, line 15 & Col. 18, lines 23-32; The permission bits are checked at step 600, then at step 604 the SL labels are verified to establish that the process SL (272) is equal to or greater than the file SL (292). In step 608, the process user ID (UID) (262 not shown) is looked up in a database to determine if it has at least one of the accesses listed in the access authorization set (280) …The management and control of this table is preferably accessed in the maintenance mode of the system. The management functions may be stored in a separate partition of the storage of the trusted server such that authorized users may execute the maintenance mode, Fig. 11).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of McNabb to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.

Regarding claim 12, Low further teaches the method of claim 11, wherein the receiving an indication that a user is attempting to access a resource on a computing system includes: 
receiving a user identifier associated with a process identifier that is associated with a program executing on the computing system ([0233]-[0234]; User A is authorized to use the Spreadsheet, User B is authorized to use the Customer Database, and no users are authorized to use the Word Processor. It is to be understood that other techniques can be used to indicate who is authorized to use a particular application).

Regarding claim 16, Low further teaches the method of claim 11, further comprising: 
determining a source identifier associated with the user ([0176] ; the request includes an identification of a user of the client machine 10…[0178]; In some embodiments, information associated with the client machine 10 or with a user of the client machine 10 is received with the request); 
determining whether or not an access control list associated with the resource specifies the source identifier as allowable ([0233]; Each remote machine in the list has an associated set of resources. Associated with each resource is resource-related information that can include the resource name, a list of remote machines, and client users that are authorized to use that resource…[0234]; table two contains access privileges of user identifiers);
controlling access based on whether or not (1) the source identifier is specified as allowable ([0233]; Associated with each resource is resource-related information that can include the resource name, a list of remote machines, and client users that are authorized to use that resource…[0234]; table two contains access privileges of user identifiers); and
But Low doesn’t explicitly discloses controlling access based on whether or not (2) the resource can only be accessed in maintenance mode, and (3) the system is executing in maintenance mode.
However, Sugano in analogous authenticated file system, discloses controlling access based on whether or not (2) the resource can only be accessed in maintenance mode ([0047]; If it is determined that the setting value is turned on (activation in the maintenance mode) in step S402, the processing proceeds to step S404, the USB control module 303 controls so as to write the data requested in step S401 into the USB memory 210…access to the resource is only available while the system is in the maintenance mode), and (3) the system is executing in maintenance mode ([0047]; access is allowed while the maintenance mode is activated, Fig. 4, s402).

It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Sugano to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.

As for claim 18, the limitations of claim 18 are similar to the limitations of claim 1 above. Further Low discloses a computing system ([0021]; a computing system, Fig. 1) comprising: a processor ([0166]; main processor 102), and a module (management node 30, Fig. 1). Therefore, the limitations of claim 18 are rejected in the analysis of claim 1 above, and the claim is rejected on that basis.

Regarding claim 20, Low further discloses the system of claim 18, wherein the access control list associated with the resource (2) specifies source IP addresses that are allowed to access the resource ([1189] & [0234]; The session server 8620 in Table 4 includes data associating each application session with the user that initiated the application session, an identification of the client machine 10, if any, from which the user is currently connected to the remote machine 30′, and the IP address of that client computer 10).
But Low doesn’t teach wherein the access control list associated with the resource (1) includes a permission bit that indicates whether or not the resource is accessible only in safe mode.
However, McNabb further discloses wherein the access control list associated with the resource (1) includes a permission bit that indicates whether or not the resource is accessible only in safe mode (Col. 14, line 56-Col. 15, line 15 & Col. 18, lines 23-32; The permission bits are checked at step 600, then at step 604 the SL labels are verified to establish that the process SL (272) is equal to or greater than the file SL (292). In step 608, the process user ID (UID) (262 not shown) is looked up in a database to determine if it has at least one of the accesses listed in the access authorization set (280) …The management and control of this table is preferably accessed in the maintenance mode of the system. The management functions may be stored in a separate partition of the storage of the trusted server such that authorized users may execute the maintenance mode, Fig. 11).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of McNabb to the system of Low in order to optimize the system’s access control operation by implementing an access control mechanism into the system’s maintenance mode operation. The modification enables the Low system’s files and directories to be modified by authorized user(s) only.

6.	Claim 3, 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1) further in view of Liebman (US 2008/0256242 A1). 
Regarding claim 3, But Low in view of Sugano and McNabb doesn’t explicitly disclose the limitation of claim 3.
However, Liebman in analogous art, discloses wherein the determining whether the computing system is executing maintenance mode includes: 
determining whether an operating system executing on the computing system is operating in single-user diagnostic mode ([0082]; via the Maintenance Mode functionality provided by the present invention, the following actions may be performed: 1) changing the names of the directory symlinks in a single chosen user's view of the Media Space such that that user's Avid NLE application will be able to delete or modify media files and modify media databases if it is asked to perform a function that would require such actions…single-user diagnostic mode).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Liebman to the system of Low in order to optimize the system performance my designating specialized personnel for system maintenance.

Regarding claim 13, But Low didn’t explicitly disclose the limitation of claim 13.
However, Liebman in analogous art, discloses wherein the determining whether the computing system has been booted in maintenance mode includes: 
determining whether an operating system executing on the computing system is operating in single-user diagnostic mode ([0082] & [0073]; via the Maintenance Mode functionality provided by the present invention, the following actions may be performed: 1) changing the names of the directory symlinks in a single chosen user's view of the Media Space such that that user's Avid NLE application will be able to delete or modify media files and modify media databases if it is asked to perform a function that would require such actions…single-user diagnostic mode).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Liebman to the system of Low in order to optimize the system performance my designating specialized personnel for system maintenance.

Regarding claim 14, But Low didn’t explicitly disclose the limitation of claim 14.
However, Liebman in analogous art, discloses wherein the determining whether the computing system has been booted in maintenance mode includes: 
determining whether an operating system executing on the computing system is operating in a mode that allows only administrative users to log in ([0082] & [0073]; via the Maintenance Mode functionality provided by the present invention, the following actions may be performed: 1) changing the names of the directory symlinks in a single chosen user's view of the Media Space such that that user's Avid NLE application will be able to delete or modify media files and modify media databases if it is asked to perform a function that would require such actions…single-user diagnostic mode).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Liebman to the system of Low in order to optimize the system performance my designating specialized personnel for system maintenance.




7.	Claim 8, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1) further in view of Hydell et al. (Hydell, hereinafter) (US 2019/0312872 A1).
Regarding claim 8, Low doesn’t explicitly disclose the limitations of claim 8. However, Hydell in analogous art, teaches wherein the determining a source identifier associated with the user includes: 
receiving a token generated during an authentication process between the user and the computing system; and determining the source identifier based on the token ([0003]; Before allowing the subject to access a resource, the system checks to determine whether the access token for the subject is authorized to access the object and complete the desired task. The system does this by comparing information in the access token with access control entries contained in an access control list for the resource). 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Hydell to the system of Low in order to optimize the security of the stored files by tokenizing access keys.

Regarding claim 17, Low doesn’t explicitly disclose the limitations of claim 17. However, Hydell in analogous art, teaches wherein the determining whether the computing system has been booted in maintenance mode includes: 
receiving a token generated during an authentication process between the user and the computing system ([0003]; The system does this by comparing information in the access token with access control entries contained in an access control list for the resource); and 



determining the source identifier based on the token ([0003]; Before allowing the subject to access a resource, the system checks to determine whether the access token for the subject is authorized to access the object and complete the desired task. The system does this by comparing information in the access token with access control entries contained in an access control list for the resource). 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Hydell to the system of Low in order to optimize the security of the stored files by tokenizing access keys.

8.	Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1) further in view of Ludwig (US 2005/0144284 A1).
Regarding claim 9, Low doesn’t explicitly disclose the limitations of claim 9. 
However, Ludwig in analogous art, teaches wherein the disallowing access to the resource includes: 
terminating the program ([0242]; The AVSM 160 initiates a maintenance tool session by performing A/V file access authorization operations as described in detail below. If access authorization is unsuccessful, the AVSM 160 terminates the session), suspending the program, and/or raising an exception.
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Ludwig to the system of Low in order to optimize the system resource utilization by avoiding unnecessary executions.



9.	Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1) further in view of Kavuri et al. (Kavuri, hereinafter) (US 2005/0226059 A1).
Regarding claim 15, Low doesn’t explicitly disclose the limitations of claim 15. 
However, Kavuri in analogous art, teaches wherein the determining whether the computing system has been booted in maintenance mode includes: 
determining whether an operating system executing on the computing system is operating in a mode that allows log in only from a local console ([0326]; A system setting determines which state of operation is entered when the system is powered up. Normally this will be set to online, but a lower level can be set to allow diagnostics or maintenance to be performed without starting the complete system… Note that when the system is in diagnostic (maintenance) mode, the only access is via direct logon (i.e.no network access). The web server is disabled in this mode, so remote CLI commands and the GUI are not available).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Kavuri to the system of Low in order to optimize the system control operation.

10.	Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Low et al. (Low, hereinafter) (US 2007/0180448 A1) in view of Sugano et al. (Sugano, hereinafter) (US 2015/0143506 A1) in view of McNabb et al. (McNabb, hereinafter) (US 6,289,462 B1) further in view of Dasar et al. (Dasar, hereinafter) (US 2016/0180094 A1).


Regarding claim 19, Low doesn’t explicitly disclose the limitations of claim 19. 
However, Dasar in analogous art, teaches a secure boot module ([0030]; a secure boot module 236) that checks a digital signature of every code module executed during system startup ([0030]; Secure boot module 236 is a software and/or firmware module that secures the boot process by preventing the loading of UEFI images 205 that are not signed with an acceptable digital signature or certificate). 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made to utilize the teaching of Dasar to the system of Low in order to optimize the security of the stored files and its associated metadata.

Conclusion
11.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MELAKU Y HABTEMARIAM whose telephone number is (571)272-8373.  The examiner can normally be reached on Mon - Fri 9 am - 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 5712701684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).




/M. H./
Melaku Habtemariam
Examiner, Art Unit 2445

/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445