Prosecution Insights
Last updated: July 17, 2026
Application No. 18/235,060

FILE SYSTEM DATA ACCESS CONTROL METHOD, COMPUTER-READABLE STORAGE MEDIUM AND DATA STORAGE DEVICE

Non-Final OA §103
Filed
Aug 17, 2023
Priority
Mar 23, 2023 — TW 112110967
Examiner
MALINOWSKI, WALTER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Qnap Systems Inc.
OA Round
3 (Non-Final)
70%
Grant Probability
Favorable
3-4
OA Rounds
1m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 70% — above average
70%
Career Allowance Rate
237 granted / 341 resolved
+11.5% vs TC avg
Strong +53% interview lift
Without
With
+52.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
14 currently pending
Career history
360
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
98.4%
+58.4% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 341 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 3/18/2026, for application 18/235,060 has been entered. This Office Action is in response to the amendment filed 3/18/2026 for application 18/235,060. As per instant Amendment, Claims 1, 2, 3, and 5 have been amended. Claim 1 is the sole independent claim. Claims 1-10 have been examined and are pending. This Action is made Non-FINAL. Response to Arguments Applicants’ arguments in the instant Amendment, filed on 3/18/2026, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant argues as follows: The applicant respectfully submits that the amended independent claim 1 and claims 2-10 are patentable over the cited references, and respectfully disagrees with the rejections for the reasons that follow. Firstly, the amended independent claim 1 recites: "1. (currently amended) A file system data access control method, executed by at least one processor of a data storage device and applied in a file system of the data storage device, the file system data access control method comprising: setting, by the at least one processor, an access rule, wherein the access rule specifies a first directory in the file system; selecting, by the at least one processor, a label for the access rule; setting, by the at least one processor, the label into a security context of a virtual inode of the first directory; when a first process of a first application is going to modify the first directory, checking, by the at least one processor, whether the label is already set in a security context of a task structure of the first process, wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device; and when the label is already set in the security context of the task structure, allowing, by the at least one processor, the first process to modify the first directory; otherwise, disallowing, by the at least one processor, the first process from modifying the first directory." Examiner respectfully submits that claim 1 is properly rejected by the combination of Xu, Vincent, and new reference, Ding. Examiner respectfully submits that the cited prior art properly reads on the claims. Regarding claim 1, Xu discloses, 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, and 10th page, lines 4-9, a file system data access control method, executed by at least one processor of a data storage device and applied in a file system of the data storage device, the file system data access control method comprising by disclosing safety, securityfs-create-file, label safety, directory, safety conversion rule, file system, storage device; rules, label, safety; 12th page, lines 9-37, setting, by the at least one processor, an access rule, wherein the access rule specifies a first directory in the file system; 12th page, lines 9-37, 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, setting, by the at least one processor, a label into a security context of a virtual inode of the first directory by disclosing label, run directory, executable file in the host system, virtual executable file path in the virtual machine, safety, securityfs-create-file, label safety, directory, safety conversion rule; 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, 6th page, lines 6-8, when a first process of a first application is going to modify the first directory, checking, by the at least one processor, whether the label is already set in a security context of a task structure of the first process by disclosing safety, securityfs-create-file, label safety, directory, safety conversion rule, safety sub-system; 10th page, lines 14-28, 10th page, line 42, through 11th page, line 10, 8th page, line 38, through 9th page, line 6, 3rd page, lines 31-36, when the label is already set in the security context of the task structure, allowing, by the at least one processor, the first process to modify the first directory by disclosing task structure encompasses environment variable, label, restoring path of executable file, safety, securityfs-create-file, label safety; label, identifier; visualization authorization program. Vincent discloses, col. 61, line 30, through col. 62, line 41, otherwise, disallowing, by the at least one processor, the first process from modifying the first directory by disclosing label, prevent modifications to directory entry. Ding discloses, 8th page, line 15, through 9th page, line 9, 3rd page, lines 25-42, 9th page, lines 19-26, selecting, by the at least one processor, a label for the access rule; wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device by disclosing kernel, security mark mapping table, access control rule. mandatory access control safety label, access control security policy, security context, memory location, operating system, stored kernel. Applicant argues as follows: According to the technical contents recited in the amended independent claim 1, a first process is allowed to modify a first directory if a label for an access rule specifying the first directory is already set in a security context of the first directory and in a security context of the first process. Otherwise, the first process is disallowed from modifying the first directory. In addition, each of the security contexts is a separate memory block provided in a kernel of an operating system. Therefore, when the first process is allowed to modify the first directory, the label is already set in two security contexts (i.e., two separate memory blocks) in the kernel of the operating system. Consequently, the technical means "using two separate memory blocks provided in a kernel of an operating system as security contexts of a directory and a process," "setting the same label of the same access rule in each of the two separate memory blocks in the kernel of the operating system" and "determining whether to allow the process to modify the directory according to whether the label is already set in both of the two separate memory blocks in the kernel of the operating system" can be unambiguously derived from the technical contents of the amended independent claim 1. By contrast, Xu discloses none of the aforementioned technical means. Hence, Xu does not disclose the amended independent claim 1 as a whole. Examiner respectfully notes that the underlined text is not recited in the claims. Examiner respectfully submits that claim 1 is properly rejected by the combination of Xu, Vincent, and new reference, Ding. Examiner respectfully submits that the cited prior art properly reads on the claims. Applicant argues as follows: Further, Vincent discloses a system and a method for connection balancing using connection attempt counts at distributed storage systems. Iga discloses a program execution control system, an execution control method, and a computer program for controlling whether a program introduced from outside a computer terminal can access various functions of the computer terminal. Ramakrishnan discloses a method for managing the fetching and the replacement of cache entries associated with a file system. However, none of Vincent, Iga, and Ramakrishnan discloses the aforementioned technical means of the amended independent claim 1, thus Vincent, Iga, and Ramakrishnan cannot remedy the deficiencies of Xu compared to the amended independent claim 1. Secondly, the Office Action alleges that "the access control rule identified by security ID" disclosed by Iga is analogous to the technical feature "selecting, by the at least one processor, a label for the access rule" of the amended independent claim 1, wherein the security ID of Iga is allegedly comparable to the label of the amended independent claim 1. Fourthly, the Office Action alleges that Xu discloses the step "setting, by the at least one processor, the label into a security context of a virtual inode of the first directory" of the amended independent claim 1 and Iga discloses the step "selecting, by the at least one processor, a label for the access rule" of the amended independent claim 1. However, as mentioned above, the SID of Xu corresponds to or belongs to the software package itself, rather than the access rules associated with the software package. Therefore, the label set by the counterpart of the step "setting the label into a security context of a virtual inode of the first directory" disclosed by Xu is an SID corresponding to or belonging to a software package instead of an access rule. Hence, the combination of Xu, Vincent, Iga, and/or Ramakrishnan does not disclose "setting the label of an access rule into a security context of a virtual inode of a directory" as recited in the amended independent claim 1, thus the rejection of the amended independent claim 1 is untenable. Given the above, the cited references, alone or in combination, cannot render the amended independent claim 1 obvious. In addition, each of claims 2-10 comprises all of the technical contents of the amended independent claim 1. Therefore, the cited references, alone or in combination, cannot render claims 2-10 obvious, either. Hence, withdrawal of the 35 U.S.C. §103 rejections is respectfully requested. Examiner respectfully submits that claim 1 is properly rejected by the combination of Xu, Vincent, and new reference, Ding. Examiner respectfully submits that the cited prior art properly reads on the claims. Regarding claim 1, Xu discloses, 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, and 10th page, lines 4-9, a file system data access control method, executed by at least one processor of a data storage device and applied in a file system of the data storage device, the file system data access control method comprising by disclosing safety, securityfs-create-file, label safety, directory, safety conversion rule, file system, storage device; rules, label, safety; 12th page, lines 9-37, setting, by the at least one processor, an access rule, wherein the access rule specifies a first directory in the file system; 12th page, lines 9-37, 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, setting, by the at least one processor, a label into a security context of a virtual inode of the first directory by disclosing label, run directory, executable file in the host system, virtual executable file path in the virtual machine, safety, securityfs-create-file, label safety, directory, safety conversion rule; 10th page, line 42, through 11th page, line 10, 11th page, lines 20-35, 6th page, lines 6-8, when a first process of a first application is going to modify the first directory, checking, by the at least one processor, whether the label is already set in a security context of a task structure of the first process by disclosing safety, securityfs-create-file, label safety, directory, safety conversion rule, safety sub-system; 10th page, lines 14-28, 10th page, line 42, through 11th page, line 10, 8th page, line 38, through 9th page, line 6, 3rd page, lines 31-36, when the label is already set in the security context of the task structure, allowing, by the at least one processor, the first process to modify the first directory by disclosing task structure encompasses environment variable, label, restoring path of executable file, safety, securityfs-create-file, label safety; label, identifier; visualization authorization program. Vincent discloses, col. 61, line 30, through col. 62, line 41, otherwise, disallowing, by the at least one processor, the first process from modifying the first directory by disclosing label, prevent modifications to directory entry. Ding discloses, 8th page, line 15, through 9th page, line 9, 3rd page, lines 25-42, 9th page, lines 19-26, selecting, by the at least one processor, a label for the access rule; wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device by disclosing kernel, security mark mapping table, access control rule. mandatory access control safety label, access control security policy, security context, memory location, operating system, stored kernel. The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 5, 7, 9, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Xu (CN114003941), published February 1, 2022, in view of Vincent (US9602424), filed March 31, 2014, and Ding (CN105245543), published April 13, 2018. Regarding claim 1, Xu discloses a file system data access control method, executed by at least one processor of a data storage device and applied in a file system of the data storage device, the file system data access control method comprising (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule, file system, storage device; 10th page, lines 4-9, rules, label, safety); setting, by the at least one processor, an access rule, wherein the access rule specifies a first directory in the file system (Xu, 12th page, lines 9-37, rule, label, file in the host system, run directory, executable file in the host system); setting, by the at least one processor, a label into a security context of a virtual inode of the first directory; (Xu, 12th page, lines 9-37, label, run directory, executable file in the host system, virtual executable file path in the virtual machine, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule); when a first process of a first application is going to modify the first directory, checking, by the at least one processor, whether the label is already set in a security context of a task structure of the first process (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule, 6th page, lines 6-8, safety sub-system); when the label is already set in the security context of the task structure, allowing, by the at least one processor, the first process to modify the first directory; (Xu, 10th page, lines 14-28, task structure encompasses environment variable, label, restoring path of executable file, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety; 8th page, line 38, through 9th page, line 6, label, identifier; 3rd page, lines 31-36, visualization authorization program). Xu does not explicitly disclose otherwise, disallowing, by the at least one processor, the first process from modifying the first directory. However, in an analogous art, Vincent discloses otherwise, disallowing, by the at least one processor, the first process from modifying the first directory (Vincent, column 61, line 30, through column 62, line 41, label, prevent modifications to directory entry; col. 10, line 46, through col. 11, line 43, virtual networks, inodes). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vincent with the file system data access control method of Xu to include otherwise, disallowing, by the at least one processor, the first process from modifying the first directory. One would have been motivated to provide users with the benefits of enabling high levels of scalability (Vincent: col. 6, lines 35-37). Xu and Vincent do not explicitly disclose selecting, by the at least one processor, a label for the access rule; wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device . However, in an analogous art, Ding discloses selecting, by the at least one processor, a label for the access rule; wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device (Ding, 8th page, line 15, through 9th page, line 9, kernel, security mark mapping table, access control rule. mandatory access control safety label, 3rd page, lines 25-42, access control security policy, security context, memory location, 9th page, lines 19-26, operating system, stored kernel ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Ding with the file system data access control method of Xu and Vincent to include selecting, by the at least one processor, a label for the access rule; wherein each said security context is a separate memory block provided in a kernel of an operating system of the data storage device. One would have been motivated to provide users with the benefits of a safety field based on mandatory access control method of defense (Ding: 2nd page, lines 9-11). Regarding claim 5, Xu, Vincent, and Ding disclose the file system data access control method of claim 1, wherein when the label is already set in the security context of the task structure of the first process, the access rule specifies the first application and the first directory, and the filesystem data access control method further comprises (Xu, 12th page, lines 9-37, rule, label, file in the host system, run directory, executable file in the host system);: setting, by the at least one processor, dentries of the first directory and the first application to be resident in a dentry cache of the operating system of the data storage device (Xu, 12th page, lines 9-37, rule, label, file in the host system, run directory, executable file in the host system); setting, by the at least one processor, the label into a security context of a virtual inode of the first application (Xu, 12th page, lines 9-37, label, run directory, executable file in the host system, virtual executable file path in the virtual machine); when the at least one processor runs the first application, setting, by the at least one processor, the label in the security context of the virtual inode of the first application into the security context of the task structure of the first process (Xu, 10th page, lines 14-28, task structure encompasses environment variable, label, restoring path of executable file, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety). Regarding claim 7, Xu, Vincent, and Ding disclose the file system data access control method of claim 1, further comprising: setting, by the at least one processor, a plurality of access rules, wherein each of the access rules specifies a directory or a file in the file system (Xu, 2nd page, lines 34-40,policy rules for different files, policy rules); selecting, by the at least one processor, a label for each of the access rules, and then setting, by the at least one processor, the label into a security context of a virtual inode of the directory or the file specified in the access rule, wherein the labels of the access rules are all different (Xu, 2nd page, lines 34-40,policy rules for different files, policy rules, 12th page, lines 9-37, label, run directory, executable file in the host system, virtual executable file path in the virtual machine); when a third process of a third application is going to modify one of the directories and the files, checking, by the at least one processor, whether at least one of the labels is already set in a security context of a task structure of the third process (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule); when at least one of the labels is already set in the security context of the task structure of the third process, allowing, by the at least one processor, the third process to modify the directory or the file (Xu, 10th page, lines 14-28, task structure encompasses environment variable, label, restoring path of executable file, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety); otherwise, disallowing, by the at least one processor, the third process from modifying the directory or the file (Vincent, column 61, line30, through column 62, line 41, label, prevent modifications to directory entry). Regarding claim 9, Xu, Vincent, and Ding disclose a non-transitory computer-readable storage medium storing instructions to be read by a data storage device to execute the file system data access control method according to claim 1 (Xu, 16th page, lines 24-30, executing authority, storage authority, 1st page, abstract, software authority control system based on Linux operating system). Regarding claim 10, Xu, Vincent, and Ding disclose a data storage device comprising a file system and at least one processor, wherein the at least one processor is configured to execute the file system data access control method according to claim 1 in the file system. (Xu, 16th page, lines 24-30, executing authority, storage authority, 1st page, abstract, software authority control system based on Linux operating system) Claims 2 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Xu (CN114003941), published February 1, 2022, in view of Vincent (US9602424), filed March 31, 2014, and Ding (CN105245543), published April 13, 2018, and further in view of Ramakrishnan (US5390318), filed May 16, 1994. Regarding claim 2, Xu, Vincent, and Ding disclose the file system data access control method of claim 1. Xu, Vincent, and Ding do not explicitly disclose further comprising: removing, by the at least one processor, dentries of all directories and all files under the first directory from a dentry cache of the operating system of the data storage device; and setting, by the at least one processor, a dentry of the first directory to be resident in the dentry cache. However, in an analogous art, Ramakrishnan discloses further comprising: removing, by the at least one processor, dentries of all directories and all files under the first directory from a dentry cache of the operating system of the data storage device (Ramakrishnan, col. 26, lines 1-22, directory entry is removed from the directory entry list, col. 24, lines 24-58, removal of a directory entry); setting, by the at least one processor, a dentry of the first directory to be resident in the dentry cache (Ramakrishnan, col. 16, lines 20-33, add a new file contents entry to the cache). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Ramakrishnan with the file system data access control method of Xu, Vincent, and Ding to include further comprising: removing, by the at least one processor, dentries of all directories and all files under the first directory from a dentry cache of the operating system of the data storage device; and setting, by the at least one processor, a dentry of the first directory to be resident in the dentry cache. One would have been motivated to provide users with the benefits of managing files containing information within a digital data processing system (Ramakrishnan: col. 1, lines 10-13). Regarding claim 4, Xu, Vincent, and Ding disclose the file system data access control method of claim 1. Xu, Vincent, and Ding disclose when a second process of a second application is going to modify the second directory or the file, checking, by the at least one processor, whether the label is already set in a security context of a task structure of the second process (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule); when the label is already set in the security context of the task structure of the second process, allowing, by the at least one processor, the second process to modify the second directory or the file (Xu, 10th page, lines 14-28, task structure encompasses environment variable, label, restoring path of executable file, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety); otherwise, disallowing, by the at least one processor, the second process from modifying the second directory or the file (Vincent, column 61, line30, through column 62, line 41, label, prevent modifications to directory entry). Xu and Vincent do not explicitly disclose further comprising: when a second directory or a file under the first directory is created or opened, setting, by the at least one processor, the label into a security context of a virtual inode of the second directory or the file. However, in an analogous art, Ramakrishnan discloses further comprising: when a second directory or a file under the first directory is created or opened, setting, by the at least one processor, the label into a security context of a virtual inode of the second directory or the file (Ramakrishnan, col. 7, lines 35-42, second directory entry, pointer, file header entries). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Ramakrishnan with the file system data access control method of Xu, Vincent, and Ding to include further comprising: when a second directory or a file under the first directory is created or opened, setting, by the at least one processor, the label into a security context of a virtual inode of the second directory or the file. One would have been motivated to provide users with the benefits of managing files containing information within a digital data processing system (Ramakrishnan: col. 1, lines 10-13). Claims 3 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Xu (CN114003941), published February 1, 2022, in view of Vincent (US9602424), filed March 31, 2014, and Ding (CN105245543), published April 13, 2018, and further in view of Ramakrishnan (US5390318), filed May 16, 1994. Regarding claim 3, Xu, Vincent, and Ding disclose the file system data access control method of claim 1. Xu, Vincent, and Ding do not explicitly disclose further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first directory; and removing, by the at least one processor, all dentries of a directory tree whose root node is the first directory from a dentry cache of the operating system of the data storage device to remove the first directory from the access rule. However, in an analogous art, Carter discloses further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first directory (Carter, col. 36, lines 8-14, remove of inode number of the file, directory inode is flushed); removing, by the at least one processor, all dentries of a directory tree whose root node is the first directory from a dentry cache of the operating system of the data storage device to remove the first directory from the access rule (Carter, col. 37, line 47, through col. 38, line 29, removal of file, directory entry, .col. 26, lines 37-45, distribute available resources). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Carter with the file system data access control method of Xu, Vincent, and Ding to include further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first directory; and removing, by the at least one processor, all dentries of a directory tree whose root node is the first directory from a dentry cache of the operating system of the data storage device to remove the first directory from the access rule. One would have been motivated to provide users with the benefits of systems and methods that maintain a highly available distributed store of data (Carter: col. 1, lines 15-18). Regarding claim 6, Xu, Vincent, and Ding disclose the file system data access control method of claim 5. Xu, Vincent, and Ding do not explicitly disclose further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first application and setting the dentry of the first application to be no longer resident in the dentry cache to remove the first application from the access rule. However, in an analogous art, Carter discloses further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first application (Carter, col. 36, lines 8-14, remove of inode number of the file, directory inode is flushed); setting the dentry of the first application to be no longer resident in the dentry cache to remove the first application from the access rule (Vincent, col. 76, lines 40-43, deletion of an entry; col. 18, lines 22-58, evict element from cache; entry may be removed; col 43, line 42, through col. 4, line 19, rules). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Carter with the file system data access control method of Xu, Vincent, and Ding to include further comprising: removing, by the at least one processor, the label from the security context of the virtual inode of the first application and setting the dentry of the first application to be no longer resident in the dentry cache to remove the first application from the access rule. One would have been motivated to provide users with the benefits of systems and methods that maintain a highly available distributed store of data (Carter: col. 1, lines 15-18). Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Xu (CN114003941), published February 1, 2022, in view of Vincent (US9602424), filed March 31, 2014, and Ding (CN105245543), published April 13, 2018, and further in view of Margolus (US20040168058), filed January 7, 2004. Regarding claim 8, Xu, Vincent, and Ding disclose the file system data access control method of claim 7. Xu, Vincent, and Ding disclose wherein each of the access rules specifies a backup application in the file system and one of the directories (Xu, 4th page, lines 3-7, authority application, guides the user to select authorization policy; 7th page, line 5, through 8th page, line 9, rule, base library, file system ); setting, by the at least one processor, the label of each of the access rules into a security context of a virtual inode of the backup application specified in the access rule (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule); setting, by the at least one processor, the label into security contexts of virtual inodes of all directories and all files in the directory tree corresponding to the access rule (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule); performing, by the at least one processor, access control of all directories and all files of each of the directory trees according to the label of each of the access rules (Xu, 10th page, line 42, through 11th page, line 10, safety, securityfs-create-file, label safety, 11th page, lines 20-35, directory, safety conversion rule). Xu, Vincent, and Ding do not explicitly disclose each of the directories is a root directory of a different directory tree; the backup application specified in each of the access rules uses the directory tree of the directory specified in the access rule to store backup data of the backup application; and each of the directory trees is used to store backup data of different time points, and the file system data access control method further comprises. However, in an analogous art, Margolus discloses each of the directories is a root directory of a different directory tree (Margolus, paragraph 0115, root directory; paragraph 0159, directory mapped into a hierarchical tree); the backup application specified in each of the access rules uses the directory tree of the directory specified in the access rule to store backup data of the backup application (Margolus, paragraph 0089, backup programs, historical states ); each of the directory trees is used to store backup data of different time points, and the file system data access control method further comprises (Margolus, paragraph 0089, backup programs, historical states). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Margolus with the file system data access control method of Xu, Vincent, and Ding to include each of the directories is a root directory of a different directory tree; the backup application specified in each of the access rules uses the directory tree of the directory specified in the access rule to store backup data of the backup application; and each of the directory trees is used to store backup data of different time points, and the file system data access control method further comprises One would have been motivated to provide users with the benefits of protecting historical records of stored data entities (Margolus: abstract). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /W.J.M/Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Aug 17, 2023
Application Filed
Apr 10, 2025
Non-Final Rejection mailed — §103
Sep 10, 2025
Response Filed
Nov 19, 2025
Final Rejection mailed — §103
Mar 18, 2026
Request for Continued Examination
Apr 01, 2026
Response after Non-Final Action
Jun 04, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682123
LINE ENCRYPTION OVER ETHERNET CABLE
3y 6m to grant Granted Jul 14, 2026
Patent 12657320
SECURE CONTACT TRACING BETWEEN COMPUTING DEVICES
2y 10m to grant Granted Jun 16, 2026
Patent 12639463
SYSTEMS AND METHODS FOR STORING AND RETRIEVING PUBLIC DATA
2y 5m to grant Granted May 26, 2026
Patent 12632577
PERMISSION CONTROL METHOD AND DEVICE AND ELECTRONIC EQUIPMENT
3y 9m to grant Granted May 19, 2026
Patent 12627637
SECURE DEVICE TO DEVICE COMMUNICATION CHANNEL
7y 7m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
70%
Grant Probability
99%
With Interview (+52.8%)
3y 0m (~1m remaining)
Median Time to Grant
High
PTA Risk
Based on 341 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month