Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/18/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Specification
The abstract of the disclosure is objected to because the abstract repeats information in the title at line 1.  Correction is required.  See MPEP § 608.01(b).
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 7-8, 9-11, 14, 15, 16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lempel et al. (US 2007/0016583 A1) in view of Rudeanu et al. (WO 2021/252550 A1), hereinafter Lempel and Rudeanu.

	Regarding claim 1, Lempel discloses a computer-implemented method comprising:
receiving, by a server (Lempel, 120-140), a search query (Lempel, 500) and encrypted cache data from a search client (Lempel, 100),
searching, by the server, one or more indices comprising a listing of target data that matches the search query; (Lempel, 502)
querying, by the server, a data source server (Lempel, 160) to ascertain a second accessibility determination to a second data of the target data that is not collated with the decrypted cache data; (Lempel, 506, [0049] “the enterprise search engine 144 requests the backend server 160a . . . 160b to check access to a document through impersonation”)
receiving, by the server and in response to the querying, the second accessibility determination from the data source server; (Lempel, 506, [0049] “The backend server 160a . . . 160b may believe it is interacting directly with the user and may consequently respond with data the end user is authorized to access”)
and preparing, by the server, a result list by removing a third data from the target data in response to at least one of the first accessibility determination and the second accessibility determination indicating that the third data is inaccessible by the search client. (Lempel, 506, [0049] “the enterprise search engine 144 generates a final result set based on impersonation for the documents in the interim result set.”) 
Lempel fails to teach wherein the encrypted cache data contains information pertaining to previous data access control determinations for the search client 
and decrypting, by the server, the encrypted cache data, wherein the decrypted cache data is collated with the listing of target data to ascertain a first accessibility determination to a first data of the target data.
Rudeanu teaches receiving, by a server, a search query (Rudeanu, 512 “Third Request”) and encrypted cache data from a search client (Rudeanu, 512 “Second Cookie”), 
wherein the encrypted cache data contains information pertaining to previous data access control determinations for the search client; (Rudeanu, 422)
decrypting, by the server, the encrypted cache data, (Rudeanu, 514, [0048] “The key management service may use the same private key that was previously used to encrypt the second cookie to decrypt it…”)
wherein the decrypted cache data is collated with the listing of target data to ascertain a first accessibility determination to a first data of the target data; (Rudeanu, 516 “…the security check performed by the validator determines what response to send to the client and further what data (e.g., access to the webpage or some alternate authenticate method), if any, is sent or provided to the client 516.”)
Rudeanu is directed to using an encrypted cookie for access authentication to web content. The encrypted cookie is analogous to the encrypted cache data because it contains prior access information, it is encrypted by the server, and is stored by the client. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lempel to incorporate the teachings of Rudeanu to include receiving, by a server, encrypted cache data from a search client, wherein the encrypted cache data contains information pertaining to previous data access control determinations for the search client; decrypting, by the server, the encrypted cache data, wherein the decrypted cache data is collated with the listing of target data to ascertain a first accessibility determination to a first data of the target data. Such modifications would be motivated to notify the server of previous activity of the client each time the client requests content. (Rudeanu, [0029])
	Claims 9 and 15 are substantially similar to that of claim 1. Therefore, claims 9 and 15 are rejected on similar grounds as claims 1 over Lempel in view of Rudeanu.

	Regarding claim 2, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, further comprising:
updating, by the server, the decrypted cache data based on the second accessibility determination that was received from the data source server; (Rudeanu, [0038] “Similar to the previously sent cookies, the third cookie 114, may be sent to the client along with code that 30 can be run to obtain data about the client.”)
encrypting, by the server, the updated cache data; (Rudeanu, [0038] “after authentication, the web server may invoke the key management service 118 to use a key to encrypt a third cookie 114.”)
and sending, by the server, the result list (Lempel, 508) and the encrypted updated cache data to the search client. (Rudeanu, 114, [0038] “Thus, any subsequent requests, which for example, may include using a third cookie may be processed by a security check on the data about the client first.”)
	Claim 10 is substantially similar to that of claim 2. Therefore, claim 10 is rejected on similar grounds as claim 2 over Lempel in view of Rudeanu.
	
Regarding claim 3, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, wherein the server stores an encryption key for decrypting the cache data, and wherein the encryption key is inaccessible by the search client. (Rudeanu, [0031] “Information contained in the second cookie 110 may include historical data about the client, so by encrypting the second cookie 110, information therein cannot be changed or altered since the web server is the only entity that can decrypt it.”)
	Claims 11 and 16 are substantially similar to that of claim 3. Therefore, claims 11 and 16 are rejected on similar grounds as claim 3 over Lempel in view of Rudeanu.

	Regarding claim 7, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, wherein the second accessibility determination received from the data source server is based, in part, on an access control list. (Lempel, [0034] “In block 204, the enterprise search engine 144 maps the retrieved one or more native levels of access control list information to indexed levels of access control list information stored in the search index 146.”)
Claims 14 and 19 are substantially similar to that of claim 7. Therefore, claims 14 and 19 are rejected on similar grounds as claim 7 over Lempel in view of Rudeanu.

	Regarding claim 8, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, wherein the information pertaining to previous data access control determinations for the search client is based on a previous accessibility determination from a prior search query. (Rudeanu, [0047] “The second cookie may include a second code (that when executed) logs and obtains data about client activity and/or client behavior 510.”)
	Claim 20 is substantially similar to that of claim 8. Therefore, claim 20 is rejected on similar grounds as claim 8 over Lempel in view of Rudeanu.

Claims 4-6, 12-13 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Lempel in view of Rudeanu as applied to claims 1 and 9 above, and further in view of Mankovskill (US2016/0112397 A1).

	Regarding claim 4, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, but fail to disclose wherein the cache data comprises an ordered list having a predetermined size threshold.
Mankovskii teaches wherein the cache data comprises an ordered list having a predetermined size threshold. (Mankovskii, [0044] “The training data may comprise contextual information covering the past 500 access requests made by the username (e.g., covering a previous number of access requests)…”)
Mankovskii is directed to determining user access to content based on prior access history. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lempel in view of Rudeanu to incorporate the teachings of Mankovskii to include wherein the cache data comprises an ordered list having a predetermined size threshold. Such modification would be motivated to reduce the storage cost of the access history log stored in the encrypted cookie taught by Rudeanu and to reduce the performance cost of determining access based on the prior access history.

	Regarding claim 5, Lempel in view of Rudeanu and Mankovskii disclose The computer-implemented method of claim 4, wherein the predetermined size threshold is a maximum size threshold, and wherein cache data is deleted sequentially from the ordered list from oldest to newest when the maximum size threshold is met. (Mankovskii, [0044] “The training data may comprise contextual information covering the past 500 access requests made by the username (e.g., covering a previous number of access requests)…”)

	Regarding claim 6, Lempel in view of Rudeanu disclose the computer-implemented method of claim 1, but fails to disclose wherein the cache data comprises an ordered list, and wherein the cache data is deleted sequentially from the ordered list based on an elapsed time value.
Mankovskii teaches wherein the cache data comprises an ordered list, and wherein the cache data is deleted sequentially from the ordered list based on an elapsed time value. (Mankovskii, [0044] “…or covering the past six months of access requests made by the username (e.g., covering a previous period of time).”)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lempel in view of Rudeanu to incorporate the teachings of Mankovskii to include wherein the cache data comprises an ordered list, and wherein the cache data is deleted sequentially from the ordered list based on an elapsed time value. Such modifications would be motivated to refresh a baseline set of rules (access control policy) based on prior access history over a period of time. (Mankovskii, [0021])
	Claims 12-13 and 17-18 are substantially similar to that of claims 4-6. Therefore, claims 12-13 and 17-18 are rejected on similar grounds as claims 4-6 over Lempel in view of Rudeanu and Mankovskii.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Popa et al. (US 2017/0250816 A1) – Regarding management of a document sharing process.
Lewis et al. (CN 108513659 B) – Regarding a digital deduplication system including a keyed database storing keyed data representing a particular digital component.
Drawer et al. (US 2020/0311309 A1) – Regarding preventing unauthorized access to private user information by improving cookie security.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA NEIL GONZALES whose telephone number is (571)272-0286. The examiner can normally be reached 7:30-11:00 AM; 11:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.N.G./Examiner, Art Unit 2496    
                                                                                                                                                                                                    /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496