DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 17/081,780 filed on 10/27/2020.
Claims 1-8 have been examined and are pending in this application.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1 and 5 claim recites the concept of file access control system, more specifically:

Regarding Claim 1, and similarly Claim 5;
A universal file access control system comprising: 


determine whether or not a user or process requesting access to a file has been granted an access privilege to the file by reading an access control list associated with the user or process or with a group to which the user or process is a member;
 if the user or process is determined to have been granted access privilege, retrieve stored directory descriptor information associated with the requested file; 
obtain a unique file handle associated with the user or process and the requested file;
determine if the unique file handle has been used before by comparing the obtained unique file handle with a plurality of stored prior-used file handles; and 
if the unique file handle has not been used before, retrieve the requested file according to a local access protocol.
	The examiner respectfully notes that the limitations not struck out above, i.e. determine whether or not a user or process is requesting access..., if the user or process is determined to have been granted access privilege retrieve..., obtain a unique file handle..., determine if the unique has been used before; and if the unique file handle has not been used before, retrieve....,  as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting a processor and memory nothing in the claim element precludes the step from practically being performed in the mind. For example, but for such elements, the context of this claim encompasses the user manually such determinations and retrieval. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements of a processor and memory to perform the aforementioned steps. These devices in such steps area at a high-level of generality (i.e., as generic computing device performing computer operations) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of processor and memory to perform the aforementioned steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  Further, see MPEP 2106.05(d)(ii) for evidence regarding well-understood, routine, and conventional activity (i.e., Receiving or transmitting data over a network, e.g., using the Internet to gather data, Performing repetitive calculations, and Storing and retrieving information in memory). The claim is not patent eligible.
	Regarding Claims 2-4 and 6-8, Claims 2-4 and 6-8 recite limitations that further define the same abstract idea noted in Claim 1 and/or 5.  Therefore, they are considered patent ineligible for reasons given above. 







Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4 and 8 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 4 recites the limitation "said universal path" and “said universal access control list”.  There is insufficient antecedent basis for this limitation in the claim.

Claim 8 recites the limitation "said universal path" and “said universal access control list”.  There is insufficient antecedent basis for this limitation in the claim.








Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subhash (US 2020/0314109 A1) in view of Yates et al. (US 2019/0201117 A1).

Regarding Claim 1;
Subhash discloses universal file access control system (Abstract and [0046] -. In operation, method 300 may include receiving (block 305) a request or access to an object by a user... The object may include, for example, files, processes, disks, and the like.) comprising: 
a processor (FIG. 7); and 
a memory storing a program for execution by the processor, the program including instructions which, when executed by the processor (FIG. 7), cause the processor to 
determine whether or not a user or process requesting access to a file has been granted an access privilege to the file by reading an access control list associated with the user or process or with a group to which the user or process is a member ([0023] - ACLs may be made up of one or more access control entries (“ACEs”). An ACE is an element in an ACL that controls or monitors access to an object by a specified trustee. Each ACE may specify a subject, type of subject, and permissions. Subjects may refer to a user or group of local or remote systems. There may also be provisions to specify the owner of a protection record, who may thereby update the protection record with any changes and [0033] - As mentioned above, access control module 120 may store the ACLs including the ACEs that define access parameters, such as access specifiers, for a number of objects. A user may request access to an object, and access control module 120 may determine whether the user has access permissions for the object. If the user does not have access permissions for the object, access control module 120 may indicate to platform security module 115, or other modules or sub-modules, that the user does not have access permissions, and the user may be denied access to the object. If access control module 120 determines that the user has access to the object, information about the object may be provided for analysis by evaluation module 125);
if the user or process is determined to have been granted access privilege, retrieve stored directory descriptor information associated with the requested file ([0034] - Evaluation module 125 may refer to a module that analyzes an ACL for an object and determines whether a user has access to the object based on an access specifier. For example, evaluation module 125 may be provided an ACL including an ACE (i.e., directory descriptor information) that has a time specifier. Evaluation module 125 may compare the time of the request to the time specifier and determine whether the user has access to the object. If the user has access to the object, the evaluation module 125 may provide instructions to platform security module 115, or other modules and/or sub-modules, to allow access to the object. If evaluation module 125 determines that the user does not have permissions for the object, evaluation module 125 may instruct platform security module 115 to deny access to the user);
obtain a ... file handle associated with the user or process and the requested file ([0034] - For example, evaluation module 125 may be provided an ACL including an ACE (i.e., directory descriptor information) that has a time specific (i.e., file handle));
... retrieve the requested file according to a local access protocol (FIG. 3 and [0034] and [0036]).
Subhash fails to explicitly disclose
determine if the unique file handle has been used before by comparing the obtained unique file handle with a plurality of stored prior-used file handles; and 
if the unique file handle has not been used before, retrieve the requested file according to a local access protocol.
However, in an analogous art, Yates teaches concepts of determine if the unique file handle has been used before by comparing the obtained unique file handle with a plurality of stored prior-used file handles (Yates, [0322] - However, if the one-time use activation code does not match an activation code in the database or the one-time use activation code (i.e., unique file handle) matches an already used activation code, that one-time use activation code may be placed on a black-list such that the single-use modular component and/or surgical tool is not authorized (e.g., critical system-defined constraint); and 
if the unique file handle has not been used before, retrieve the requested file according to a local access protocol (However, if the one-time use activation code does not match an activation code in the database or the one-time use activation code matches an already used activation code, that one-time use activation code may be placed on a black-list such that the single-use modular component and/or surgical tool is not authorized (e.g., critical system-defined constraint).  As reasonably constructed, if the antithesis is considered, that would be if it has not been “already used” authorization would be allowed. 
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Yates to the obtaining a file handle/retrieving the requested file of Subhash to include features of determine if the unique file handle has been used before by comparing the obtained unique file handle with a plurality of stored prior-used file handles; and  if the unique file handle has not been used before, retrieve the requested file according to a local access protocol.
One would have been motivated to combine the teachings of Yates to Subhash to do so as it provides / allows authorizing use with the system via one-time activation codes ([0322]). 

Regarding Claim(s) 5; claim(s) 5 is/are directed to a/an method associated with the system claimed in claim(s) 1.  Claim(s) 5 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.







Claim(s) 2 and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subhash (US 2020/0314109 A1) in view of Yates et al. (US 2019/0201117 A1) and further in view of Garcia et al. (US 8,788,815 B1).

Regarding Claim 2;
Subhash and Yates disclose the system to Claim 1.
Subhash further discloses ... retrieve the requested file according to a local access protocol (FIG. 3 and [0034] and [0036]).
Subhash and Yates fails to explicitly disclose wherein the instructions stored in memory further comprise instructions which cause the processor to determine if the directory descriptor information is encrypted; and obtain a key along with the unique file handle associated with the user or process and the requested file; and .... using the key.
However, in an analogous art, Garcia teaches wherein the instructions stored in memory further comprise instructions which cause the processor to determine if the directory descriptor information is encrypted (Garcia, col. 2, lines 8-28 – ACL (i.e., that needs decrypting); and obtain a key along with the unique file handle associated with the user or process and the requested file (Garcia, FIG. 12 – Get Process Name (i.e., unique file handle) and Process ID (PID); and [providing access] according to a local access protocol using the key (Garcia, FIG. 12- PID Match – YES – Authorize).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Garcia to retrieve the requested file according to a local access protocol Subhash and Yates to wherein the instructions stored in memory further comprise instructions which cause the processor to determine if the directory descriptor information is encrypted; and obtain a key along with the unique file handle associated with the user or process and the requested file; and [providing access] according to a local access protocol using the key 
One would have been motivated to combine the teachings of Kodama to Subhash and Yates to do so as it provides / allows controlling access to decrypted data (Garcia, col. 1, lines 20-25).

Regarding Claim(s) 6; claim(s) 6 is/are directed to a/an method associated with the system claimed in claim(s) 2.  Claim(s) 6 is/are similar in scope to claim(s) 2, and is/are therefore rejected under similar rationale.

Claim(s) 3 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subhash (US 2020/0314109 A1) in view of Yates et al. (US 2019/0201117 A1) and further in view of Kodama (US 2010/0228798 A1) and Greenblatt et al. (US 11,295,029 B1).

Regarding Claim 3;
Subhash and Yates disclose the system to Claim 1.
Subhash and Yates fails to explicitly disclose wherein the instructions stored in memory further comprise instructions which cause the processor to import stored directory descriptor information associated with a plurality of files, wherein access control to each said file is provided in accordance with one of a plurality of different file systems; for each said file, determine a universal path to said file and its associated access control list which may include any one of said plurality of file systems; and establish a universal file access control list using said determined universal path for each said file.
However, in an analogous art, Kodama teaches wherein the instructions stored in memory further comprise instructions which cause the processor to import stored directory descriptor information associated with a plurality of files (FIG. 18: Object Management Table – Hash ID (i.e., directory descriptor information) and [0096]), wherein access control to each said file is provided ... (FIG. 18: Object Management Table – Hash ID and ACL and [0096]); for each said file, determine a universal path to said file and its associated access control ... (FIG. 18: Object Management Table – Path Name and ACL); and establish a universal file access control list using said determined universal path for each said file (FIG. 18: Object Management Table – Multiple Hash IDs and [0096]);
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Kodama to the system of Subhash and Yates to include wherein the instructions stored in memory further comprise instructions which cause the processor to import stored directory descriptor information associated with a plurality of files, wherein access control to each said file is provided ... ; for each said file, determine a universal path to said file and its associated access control ... ; and establish a universal file access control list using said determined universal path for each said file.
One would have been motivated to combine the teachings of Kodama to Subhash and Yates to do so as it provides / allows geographic distributed storage system configured to have a hierarchical... architecture (Kodama, [0001]).
However, in an analogous art, Greenblatt teaches concepts in which wherein access “control” to each said file is provided in accordance with one of a plurality of different file systems (Greenblatt, col. 7, lines 59-col. 8, lines 7 - In some cases, the file system 110 may be a kernel mode 106 process that manages access to both the content of files, and the metadata about those files, stored on one or more storage media (e.g., hard disk drives, SSDs, magnetic tapes, optical discs, etc.) accessed by the computer system 102. The metadata about files managed by the file system 110 may include filenames, location information (e.g., the location of the file in memory and in a file directory), and length of the contents of the file (e.g., file size). In some embodiments, the file system 110 may be a virtual file system, or “VFS,” that can allow the client-based application 108 to access multiple different types of file systems (e.g., the file system 110, a networked file system, etc.) in a uniform way. A VFS can, for example, be used to access local and network storage devices transparently without the client application noticing the difference.); and for each said file, determine a universal path to said file ... which may include any one of said plurality of file systems (Greenblatt, col. 7, lines 59-col. 8, lines 7) (Li, col. 7, lines 59-col. 8, lines 7 - In some cases, the file system 110 may be a kernel mode 106 process that manages access to both the content of files, and the metadata about those files, stored on one or more storage media (e.g., hard disk drives, SSDs, magnetic tapes, optical discs, etc.) accessed by the computer system 102. The metadata about files managed by the file system 110 may include filenames, location information (e.g., the location of the file in memory and in a file directory), and length of the contents of the file (e.g., file size). In some embodiments, the file system 110 may be a virtual file system, or “VFS,” that can allow the client-based application 108 to access multiple different types of file systems (e.g., the file system 110, a networked file system, etc.) in a uniform way. A VFS can, for example, be used to access local and network storage devices transparently without the client application noticing the difference.);
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Greenblatt to the system of Subhash and Yates and Kodama to include wherein access “control” to each said file is provided in accordance with one of a plurality of different file systems; and for each said file, determine a universal path to said file ... which may include any one of said plurality of file systems
One would have been motivated to combine the teachings of Greenblatt to Subhash and Yates and Kodama to do so as it provides / allows for better protection of documents against cyber intrusions and unauthorized access (Greenblatt, col. 1, lines 37-38).

Regarding Claim(s) 7; claim(s) 7 is/are directed to a/an method associated with the system claimed in claim(s) 3.  Claim(s) 7 and 8 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale.







Claim(s) 4 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subhash (US 2020/0314109 A1) in view of Yates et al. (US 2019/0201117 A1) and further in view of Kodama (US 2010/0228798 A1).

Regarding Claim 4;
Subhash and Yates disclose the system to Claim 1.
Subhash and Yates fail to explicitly disclose wherein said universal path and said universal access control list are stored using a database system
	However, in an analogous art, Kodama further teaches wherein said universal path and said universal access control list are stored using a database system (Kodama, FIG. 18 – Object management table (i.e., database)).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Kodama to the system of Subhash and Yates to include wherein said universal path and said universal access control list are stored using a database system One would have been motivated to combine the teachings of Kodama to Subhash and Yates to do so as it provides / allows geographic distributed storage system configured to have a hierarchical... architecture (Kodama, [0001]).

Regarding Claim(s) 8; claim(s) 8 is/are directed to a/an method associated with the system claimed in claim(s) 4.  Claim(s) 8 is/are similar in scope to claim(s) 4, and is/are therefore rejected under similar rationale.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439