Prosecution Insights
Last updated: July 17, 2026
Application No. 18/614,182

UTILIZING EXTENDED FILE ATTRIBUTES FOR WORKING DIRECTORY

Final Rejection §103
Filed
Mar 22, 2024
Priority
Dec 03, 2020 — continuation of 11/941,104
Examiner
MAHMOUDI, RODMAN ALEXANDER
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Red Hat Inc.
OA Round
4 (Final)
80%
Grant Probability
Favorable
5-6
OA Rounds
5m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
197 granted / 247 resolved
+21.8% vs TC avg
Strong +17% interview lift
Without
With
+16.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
18 currently pending
Career history
269
Total Applications
across all art units

Statute-Specific Performance

§101
2.5%
-37.5% vs TC avg
§103
81.6%
+41.6% vs TC avg
§102
1.9%
-38.1% vs TC avg
§112
5.7%
-34.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 247 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendments This communication is in response to the amendments filed on 23 January 2026: Claims 1, 7-8, 12 and 17 are amended. Claims 1-20 are pending. Response to Arguments In response to Applicant’s remarks filed on 23 January 2026: a. Applicant’s arguments that Giampaolo, Zaifman and Kleinpeter, alone or in combination, fail to teach or suggest “wherein the extended attribute value overrides a default current working directory behavior of a file system for a first application at a process start for the first application” has been fully considered but is deemed not-persuasive. Applicant’s attention is directed to Kleinpeter, Claim 1, see “…a first folder in a restrictive access control list the restrictive access control list overrides a default access policy for a directory including the first folder to prohibit all user accounts having access to the directory from accessing the first folder except for a user account that is included in the restrictive access control list in association with the first folder”, which is analogous to the extended attribute value (comprised within the access control list) overriding a default working directory behavior of a file system for an application, wherein the behavior includes prohibiting all user accounts except for specific users. Applicant’s attention is further directed to Kleinpeter, Paragraph [0070], see “…client device is a computing device having a local file system accessible by multiple applications residents thereon”. Applicant’s attention is further directed to Kleinpeter, Paragraph [0269], see “…on start-up of the client device or client synchronization service 156, the tree data structures may be retrieved from persistent memory and loaded into main memory. Tree storage 554 may access and update the tree data structures on main memory…”, which is analogous to overriding a default current working directory behavior of a file system (e.g., through updating the tree data structures) for an application at a process start of the application (e.g., on start-up). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo et al. (U.S. PGPub. 2012/0185518), hereinafter Giampaolo, in view of Zaifman et al. (U.S. PGPub. 2017/0154190), hereinafter Zaifman, in further view of Kleinpeter et al. (U.S. PGPub. 2019/0266342), hereinafter Kleinpeter. Regarding claim 1, Giampaolo teaches A method, comprising: identifying, in a kernel space, an extended attribute value (Giampaolo, Paragraph [0019], see “…the kernel can read an extended attribute 208 associated with the file to identify the particular file operations to be performed, e.g., prior to allowing the requested file operation to proceed”), wherein the extended attribute value comprises a first session identifier identifying a session (Giampaolo, Paragraph [0019], see “…the kernel can read an extended attribute 208 associated with the file to identify the particular file operations to be performed…”, where “identify the particular file operations to be performed” is being read as comprising a first session identifier identifying a session, due to the particular file operations to be performed is being done during a user session), wherein the session comprises a group of processes running under control of a user (Giampaolo, Paragraph [0019], see “…The kernel further can set a timer in which the user space handler 206 has to perform the one or more actions or request additional time to perform the one or more actions”) (Giampaolo, Paragraph [0027], see “…other requests for resources can be made (e.g., as part of other processes) while the user space file handler is performing the one or more actions”), Giampaolo does not teach the following limitation(s) as taught by Zaifman: identifying, in a kernel space, an extended attribute value associated with a shared working directory (Zaifman, Paragraph [0008], see “…A directory in the hierarchical file structure is accessed having access permission defined by a first owner…An access time for an invalid directory path is compared to a threshold access time. When the access time equals or exceeds the threshold access time, then the method notifies of a security threat”), determining, by a processing device, whether a first application has permission to use the shared working directory by comparing the first session identifier to a second session identifier associated with the first application (Zaifman, Paragraph [0008], see “…A directory in the hierarchical file structure is accessed having access permission defined by a first owner…An access time for an invalid directory path is compared to a threshold access time. When the access time equals or exceeds the threshold access time, then the method notifies of a security threat”, where “access time” is being read as comprising the first session identifier, where “threshold access time” is being read as comprising the second session identifier, which are compared to determine whether the first application has permission to use the directory. In this case, the application does not have permission to use the directory (access time equals or exceeds the threshold access time), which notifies the system of a security threat, and determines that the application does not have permission to use the directory) (Zaifman, Paragraph [0044], see “…When the operating system 24 and/or the software application 28 query the trusted key server 120 for access permissions, here the trusted key server 120 retrieves the access permissions 60 for the entire hierarchical file…”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, by implementing techniques of determining whether a first application has permission to use a shared working directory by comparing a first session identifier to a second session identifier associated with an application, disclosed of Zaifman. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of determining whether a first application has permission to use a shared working directory by comparing a first session identifier to a second session identifier associated with an application. This allows for better security management by comparing session identifiers before allowing an application to use a directory, disclosed of Zaifman (Zaifman, Paragraph [0008]). Giampaolo as modified by Zaifman do not teach the following limitation(s) as taught by Kleinpeter: wherein the extended attribute value overrides a default current working directory behavior of a file system for a first application at a process start for the first application (Kleinpeter, Claim 1, see “…a first folder in a restrictive access control list the restrictive access control list overrides a default access policy for a directory including the first folder to prohibit all user accounts having access to the directory from accessing the first folder except for a user account that is included in the restrictive access control list in association with the first folder”, which is analogous to the extended attribute value (comprised within the access control list) overriding a default working directory behavior of a file system for an application, wherein the behavior includes prohibiting all user accounts except for specific users) (Kleinpeter, Paragraph [0070], see “…client device is a computing device having a local file system accessible by multiple applications resident thereon”) (Kleinpeter, Paragraph [0269], see “…on start-up of the client device or client synchronization service 156, the tree data structures may be retrieved from persistent memory and loaded into main memory. Tree storage 554 may access and update the tree data structures on main memory…”, which is analogous to overriding a default current working directory behavior of a file system (e.g., through updating the tree data structures) for an application at a process start of the application (e.g., on start-up)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, and techniques disclosed of Zaifman, by implementing techniques of an extended attribute value overriding a default working directory behavior of a file system for an application, disclosed of Kleinpeter. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of an extended attribute value overriding a default working directory behavior of a file system for an application. This allows for better security management and user flexibility by allowing the extended attributes to provide user-specific settings for a first application by overriding a default working directory of a file system. Kleinpeter is deemed as analogous art due to the art disclosing techniques of an extended attribute value overriding a default working directory behavior of a file system for an application (Kleinpeter, Claim 1). Regarding claim 12, the claim is rejected under the same reasoning as claim 1. Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Alpern et al. (U.S. PGPub. 2009/0178035), hereinafter Alpern. Regarding claim 2, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Alpern: The method of claim 1, further comprising: responsive to determining that the first application has the permission to use the shared working directory, inheriting the shared working directory by a process running an executable file (Alpern, Paragraph [0648], see “…it analyzes the command line, and current working directory supplied by or inherited from its invoker and decides which (if any) executable to invoke and with what command line, environment and CWD”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques for simplifying the deployment and serviceability of commercial software environments, comprising inheriting the working directory by a process running the executable file, disclosed of Alpern. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising inheriting the working directory by a process running the executable file. This allows for the application requesting to execute a different application to acquire the needed resources to properly execute the requested application. Alpern is deemed as analogous art due to the art disclosing methods for inheriting a working directory from its invoker (Alpern, Paragraph [0648]). Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Degirmenci et al. (U.S. PGPub. 2017/0220400), hereinafter Degirmenci. Regarding claim 3, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Degirmenci: The method of claim 1, further comprising: responsive to determining that the first application does not have the permission to use the shared working directory, notifying a user account that the first application does not have the permission to use the shared working directory (Degirmenci, FIGURE 6, see “355 RECEIVE REQUEST”, “360 PARSE REQUEST”, “365 VALID?”, “366 SEND ERROR”, where responsive to denying the first application to use the working directory based on parsing the request and determining if its valid, an error message is sent to the client notifying the user of the denial). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of notifying a user account that the first application does not have permission to use the shared working directory, disclosed of Degirmenci. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of notifying a user account that the first application does not have permission to use the shared working directory. This allows for better security management and a more user-friendly environment by notifying the user that the application does not have permission to use the directory when access is restricted. Degirmenci is deemed as analogous art due to the art disclosing techniques of notifying a user account that the first application does not have permission to use the shared working directory (Degirmenci, FIGURE 6). Regarding claim 14, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Degirmenci: The non-transitory machine-readable storage medium of claim 12, wherein the instructions, when executed by the processing device, further cause the processing device to: responsive to a determination that the application does not have the permission to use the shared working directory as the working directory, notify a user account that the application does not have the permission to use the shared working directory as the working directory (Degirmenci, FIGURE 6, see “355 RECEIVE REQUEST”, “360 PARSE REQUEST”, “365 VALID?”, “366 SEND ERROR”, where responsive to denying the first application to use the working directory based on parsing the request and determining if its valid, an error message is sent to the client notifying the user of the denial). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of notifying a user account that the first application does not have permission to use the shared working directory, disclosed of Degirmenci. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of notifying a user account that the first application does not have permission to use the shared working directory. This allows for better security management and a more user-friendly environment by notifying the user that the application does not have permission to use the directory when access is restricted. Degirmenci is deemed as analogous art due to the art disclosing techniques of notifying a user account that the first application does not have permission to use the shared working directory (Degirmenci, FIGURE 6). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Degirmenci, in further view of HAJMASAN et al. (U.S. PGPub. 2019/0034634), hereinafter Hajmasan. Regarding claim 4, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Degirmenci: The method of claim 1, further comprising: receiving an execute function invocation request from a second application to run an executable file of the first application (Degirmenci, Paragraph [0061], see “…the Sandbox Manager 134 receives requests from the Client Application 132 and performs the commands included in the requests…The Sandbox Manager 134 also manages execution of the virtual application 110 on the client computing device 9…The Sandbox Manager 134 includes a communications server 300 (e.g., a TCP server), one or more predefined Client Request object types 305, a Client Request Manager 310, a Downloader 315, an Executer 320, and a UI manager 322…”, where “Sandbox Manager 134” is comprised within the client computing device, where the exec function invocation request is received from a second application (Client Application 132) to run a first application (virtual application)), Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of receiving an execute function invocation request from a second application to run an executable file of a first application, disclosed of Degirmenci. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of receiving an execute function invocation request from a second application to run an executable file of a first application. This allows for better security management by allowing a second application to request a function call from a different application to perform its operations. Degirmenci is deemed as analogous art due to the art disclosing techniques of receiving an execute function invocation request from a second application to run an executable file of a first application (Degirmenci, Paragraph [0061]). Giampaolo as modified by Zaifman and further modified by Kleinpeter and Degirmenci do not teach the following limitation(s) as taught by Hajmasan: wherein the execute function invocation request is a system call request for a service from a kernel of an operating system (Hajmasan, Paragraph [0040], see “In a typical flow of execution, the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by using a system call, such as SYSCALL and SYSENTER on x86 platforms”, where “user-mode API function” is analogous to the exec function invocation request which is ultimately a system call request for a service from a kernel of an operating system). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, techniques disclosed of Kleinpeter and techniques disclosed of Degirmenci, by implementing techniques of an invocation request being a system call request for a service from a kernel of an operating system, disclosed of Hajmasan. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising an invocation request being a system call request for a service from a kernel of an operating system. This allows for the user to be provided with an interface between the processor and operating system to allow user-level processes to request services of the operating system. System calls are typically made when a process in user mode requires access to a resource. Hajmasan is deemed as analogous art due to the methods invoking a system call request for a service from a kernel of an OS (Hajmasan, Paragraph [0040]). Claims 5-7 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Qiu (U.S. PGPub. 2019/0005260). Regarding claim 5, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein the extended attribute value indicates that the first application has the permission to use the shared working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating that the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0106], see “…a determination has been made that the first application is in a domain that has access authorization to the data of the second application, and the first application is therefore permitted to perform the access operation. For example, the first application can read data files located in a directory corresponding to the second application”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of the one or more attribute values indicating that the first application has a permission to use the working directory, disclosed of Qiu. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraphs [0093] and [0106]). Regarding claim 6, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein the extended attribute value indicates that the first application is denied the permission to use the shared working directory (Qiu, Paragraph [0093], see “…based on domain attributes of the first application and the second application and preset intradomain and interdomain data access rules, a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application…”, where “based on domain attributes…a determination can be made as to whether the first application is in the domain that has access authorization to the data of the second application” is analogous to the one or more attribute values indicating whether or not the first application has permission to use the working directory of the second application) (Qiu, Paragraph [0108], see “In the event that the access operation is denied, a determination has been made that the first application is not in a domain that has access authorization to the second application, and the first application is denied performance of the data access operation. For example, the first application is not permitted to read data files located in a directory corresponding to the second application”, where “In the event that the access operation is denied” is analogous to based on the attribute values indicating that the first application does not have permission to access the working directory of the second application, and where “the first application is denied performance of the data access operation” is analogous to denying a permission to use the working directory of the second application). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources, disclosed of Qiu. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising utilizing the extended attribute values to determine whether or not the application/user has permission to utilize the resources. This allows for better security management by utilizing extended attribute values to determine respective user/application privileges before granting them access to respective resources. Qiu is deemed as analogous art due to the art disclosing methods of utilizing extended attribute values to determine whether or not the application/user has permission to utilize certain resources (Qiu, Paragraph [0108]). Regarding claim 7, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Qiu: The method of claim 1, wherein: the extended attribute value comprises one or more extended attribute values (Qiu, Paragraph [0024], see “assigning a unique application identifier respectively to each application, each preset domain respectively to a unique group, and a unique group identifier respectively to each group”, where “unique application identifier” is analogous to one or more extended attribute values, which indicates a user/role); and the one or more extended attribute values further include a security context that indicates at least one of the user, a role, or a type (Qiu, Paragraph [0024], see “assigning a unique application identifier respectively to each application, each preset domain respectively to a unique group, and a unique group identifier respectively to each group”, where “unique application identifier” is analogous to one or more extended attribute values, which indicates a user/role) (Qiu, Claim 7, see “…the application identifier is a user ID (UID); the group identifier is a group ID (GID)…”) Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of the extended attribute values including a security context that indicates a user and/or role, disclosed of Qiu. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising the extended attribute values including a security context that indicates a user and/or role. This allows for better security management by assigning different roles to users based on their privileges/permissions. Qiu is deemed as analogous art due to the art disclosing utilizing extended attribute values (i.e., permissions/privileges) that indicate a user and/or role (Qiu, Claim 7). Regarding claim 15, the claim is rejected under the same reasoning as claim 5. Regarding claim 16, the claim is rejected under the same reasoning as claim 6. Regarding claim 17, the claim is rejected under the same reasoning as claim 7. Claims 8 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Zaifman, in view of Hajmasan, in further view of Kleinpeter. Regarding claim 8, Zaifman teaches A system (Zaifman, FIG. 2, see “20”), comprising: a memory (Zaifman, FIG. 2, see “26”); and a processing device, coupled to the memory (Zaifman, FIG. 2, see “22”, which is coupled to the memory), the processing device to: determine whether a first extended attribute value conflicts with the second extended attribute value (Zaifman, Paragraph [0008], see “…A directory in the hierarchical file structure is accessed having access permission defined by a first owner…An access time for an invalid directory path is compared to a threshold access time…”, where “an access time for an invalid directory path is compared to a threshold access time” is being read as determining whether a first extended attribute value conflicts with a second extended attribute value), responsive to determining that the first extended attribute value does not conflict with the second extended attribute value, associate the shared working directory with a process running an application (Zaifman, Paragraph [0008], see “…A directory in the hierarchical file structure is accessed having access permission defined by a first owner…An access time for an invalid directory path is compared to a threshold access time. When the access time equals or exceeds the threshold access time, then the method notifies of a security threat”, where “access time” is being read as comprising the first session identifier, where “threshold access time” is being read as comprising the second session identifier, which are compared to determine whether the first application has permission to use the directory. If the application does have permission to use the directory (access time DOES not equal or exceed the threshold access time), the directory would be associated with a process running the application (allow permission to use the directory)). Zaifman does not teach the following limitation(s) as taught by Hajmasan: determine, in a kernel space, a second extended attribute value associated with a shared working directory (Hajmasan, Paragraph [0039], see “…security application 36 may hook into certain functions of the KERNEL32.DLL and/or NTDLL.DLL libraries, to instruct the respective functions to redirect execution to a component of application 36”) (Hajmasan, Paragraph [0040], see “…the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by issuing a system call…such system calls are intercepted by event interceptor 28b…such interception comprises, for instance, modifying a system call handler routine by changing a value stored in a model-specific register (MSR) of processor 12, which effectively redirects execution of the respective handler routine to interceptor 28b or directly to a component of application 36”, where “application 36” is analogous to security application) (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category each entity belongs” is analogous to determining one or more extended attribute values, which are performed in a kernel space). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, by implementing techniques of identifying, in a kernel space, an extended attribute value associated with a shared working directory, disclosed of Hajmasan. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of identifying, in a kernel space, an extended attribute value associated with a shared working directory. This allows for better security management by utilizing the kernel space to determine one or more extended attribute values when the system calls for it before the kernel provides the necessary resources between the applications and hardware. Hajmasan is deemed as analogous art due to the art disclosing methods of determining extended attribute values in a kernel environment (Hajmasan, Paragraph [0044]). Zaifman as modified by Hajmasan do not teach the following limitation(s) as taught by Kleinpeter: wherein at least one of the first extended attribute value or the second extended attribute value overrides a default current working directory behavior of a file system for a process running an application at a start of the process (Kleinpeter, Claim 1, see “…a first folder in a restrictive access control list the restrictive access control list overrides a default access policy for a directory including the first folder to prohibit all user accounts having access to the directory from accessing the first folder except for a user account that is included in the restrictive access control list in association with the first folder”, which is analogous to the extended attribute value (comprised within the access control list) overriding a default working directory behavior of a file system for an application, wherein the behavior includes prohibiting all user accounts except for specific users) (Kleinpeter, Paragraph [0070], see “…client device is a computing device having a local file system accessible by multiple applications resident thereon”) (Kleinpeter, Paragraph [0269], see “…on start-up of the client device or client synchronization service 156, the tree data structures may be retrieved from persistent memory and loaded into main memory. Tree storage 554 may access and update the tree data structures on main memory…”, which is analogous to overriding a default current working directory behavior of a file system (e.g., through updating the tree data structures) for an application at a process start of the application (e.g., on start-up)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, and techniques disclosed of Hajmasan, by implementing techniques of an extended attribute value overriding a default working directory behavior of a file system for an application, disclosed of Kleinpeter. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of an extended attribute value overriding a default working directory behavior of a file system for an application. This allows for better security management and user flexibility by allowing the extended attributes to provide user-specific settings for a first application by overriding a default working directory of a file system. Kleinpeter is deemed as analogous art due to the art disclosing techniques of an extended attribute value overriding a default working directory behavior of a file system for an application (Kleinpeter, Claim 1). Regarding claim 11, Zaifman as further modified by Kleinpeter do not teach the following limitation(s) as taught by Hajmasan: The system of claim 8, wherein to determine the first extended attribute value associated with the shared working directory, the processing device is to determine the first extended attribute value in the kernel space after a system call is invoked (Hajmasan, Paragraph [0039], see “…security application 36 may hook into certain functions of the KERNEL32.DLL and/or NTDLL.DLL libraries, to instruct the respective functions to redirect execution to a component of application 36”) (Hajmasan, Paragraph [0040], see “…the user-mode API function called by entity 60a may request service from the operating system’s kernel…such operations are carried out by issuing a system call…such system calls are intercepted by event interceptor 28b…such interception comprises, for instance, modifying a system call handler routine by changing a value stored in a model-specific register (MSR) of processor 12, which effectively redirects execution of the respective handler routine to interceptor 28b or directly to a component of application 36”, where “application 36” is analogous to security application) (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category each entity belongs” is analogous to determining one or more extended attribute values, which are performed in a kernel space). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques for tracking malicious behavior across multiple software entities, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space after a system call is invoked, disclosed of Hajmasan. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein determining one or more extended attribute values associated with a particular resource comprises determining the one or more extended attribute values in a kernel space after a system call is invoked. This allows for better security management by utilizing the kernel space to determine one or more extended attribute values when the system calls for it before the kernel provides the necessary resources between the applications and hardware. Hajmasan is deemed as analogous art due to the art disclosing methods of determining extended attribute values in a kernel environment (Hajmasan, Paragraph [0044]). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Zaifman, in view of Hajmasan, in further view of Kleinpeter, in further view of Nikam et al. (U.S. PGPub. 2022/0191237), hereinafter Nikam. Regarding claim 9, Zaifman as modified by Hajmasan and further modified by Kleinpeter do not teach the following limitation(s) as taught by Nikam: The system of claim 8, wherein to associate the shared working directory with the process running the application, the processing device is further to run the application (Nikam, Paragraph [0021], see “…a REST API may allow an application running on a first server to access the functionality of another application running on a second server and thereby allow users of the first server to create, read, update, and delete records associated with the application running on the first server”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, techniques disclosed Hajmasan, and techniques disclosed of Kleinpeter, by implementing techniques of associating the directory with the processing running the application by running the application, disclosed of Nikam. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of associating the directory with the processing running the application by running the application. This allows for better security management by executing the application in the directory that is being requested by a different application to allow users to access the functionality of another application in a different directory. Nikam is deemed as analogous art due to the art disclosing techniques of associating the directory with the processing running the application by running the application (Nikam, Paragraph [0021]). Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Zaifman, in view of Hajmasan, in further view of Kleinpeter, in further view of Manjunath et al. (U.S. PGPub. 2017/0169069), hereinafter Manjunath. Regarding claim 10, Zaifman as further modified by Kleinpeter do not teach the following limitation(s) as taught by Hajmasan: The system of claim 8, (Hajmasan, Paragraph [0044], see “Some embodiments of security application 36 may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources, an OS registry entry, a digital signature, and a memory location of the respective entity…security application may perform an audit of client system 10 and/or of OS 30 to locate a set of resources associated to group creator entities such as OS services, browsers, and file managers, and later use such information to determine whether an executing entity belongs to one category or another. Security application 36 may further identify an entity and establish its category by comparing a set of hashes of the respective entity to a database of hashes of known entities”, where “category” is analogous to comprising the extended attribute values and where “may determine which category each entity belongs to according to certain features of the respective entity, such as a path, a filename, a set of resources…a memory location” is analogous to the extended attribute values including a directory path for the working directory). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques for tracking malicious behavior across multiple software entities, comprising the extended attribute value including a directory path for the working directory, disclosed of Hajmasan. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising the extended attribute value including a directory path for the working directory. This allows for better security management and organization by associating each extended attribute value with a directory path for the working directory. Hajmasan is deemed as analogous art due to the art disclosing techniques that utilize extended attribute values which include information regarding a directory path for a specific resource (Hajmasan, Paragraph [0044]). Zaifman as modified by Hajmasan and further modified by Kleinpeter do not teach the following limitation(s) as taught by Manjunath: wherein the first extended attribute value is associated with an index node of an executable file of the application (Manjunath, Paragraph [0052], see “…The processing device can examine the extended attributes of the on-disk inode…to determine whether an extended attribute contains a value for an object version for the object”, where “inode” is analogous to an index node of an executable file of an application). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, techniques disclosed of Kleinpeter and techniques disclosed of Hajmasan, by implementing techniques for data integrity checking in a distributed filesystem, comprising wherein the extended attribute values are associated with an index node of an executable file of an application, disclosed of Manjunath. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising wherein the extended attribute values are associated with an index node of an executable file of an application. This allows for better security management for Unix-style file systems, where each inode stores the attributes of the object’s data. Manjunath is deemed as analogous art due to the art disclosing techniques of extended attributes values being associated with index nodes for a particular object (Manjunath, Paragraph [0052]). Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Duval et al. (U.S. Patent 11,500,820), hereinafter Duval. Regarding claim 13, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Duval: The non-transitory machine-readable storage medium of claim 12, wherein the instructions, when executed by the processing device, further cause the processing device to: responsive to a determination that the application has the permission to use the shared working directory as the working directory, set a second shared working directory of a process running the application to be the shared working directory (Duval, Claim 1, see “…maintain a second folder hierarchy at the first client, the second folder hierarchy at the first client including a first folder that is a local version of the shared folder, the first folder at the first client including a local version of the shared content below the first folder that is automatically synchronized with the shared folder…”, where “second folder” is analogous to setting a second shared working directory of a process running the application to be the shared working directory for the client (application), where the second folder is set responsive to a determination that the client (application) has the permission to use it). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of setting a second shared working directory of a process running the application to be the shared working directory responsive to a determination that the application has the permission to use the shared working directory, disclosed of Duval. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of setting a second shared working directory of a process running the application to be the shared working directory responsive to a determination that the application has the permission to use the shared working directory. This allows for better security management by setting a second shared working directory to be the working directory for the application to use in cases where certain files and/or data get modified. Duval is deemed as analogous art due to the art disclosing techniques of setting a second shared working directory of a process running the application to be the shared working directory responsive to a determination that the application has the permission to use the shared working directory (Duval, Claim 1). Claims 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Giampaolo, in view of Zaifman, in further view of Kleinpeter, in further view of Wolf et al. (U.S. PGPub. 2014/0188808), hereinafter Wolf. Regarding claim 18, Giampaolo as modified by Zaifman and further modified by Kleinpeter do not teach the following limitation(s) as taught by Wolf: The method of claim 1, wherein identifying the extended attribute value comprises retrieving the extended attribute value from an inode (Wolf, Paragraph [0044], see “…That such an extended attribute exists can be indicated in a flag bit of a file inode. The inode is a unique identifier for each file”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Giampaolo, techniques disclosed of Zaifman, and techniques disclosed of Kleinpeter, by implementing techniques of retrieving the extended attribute value from an inode, disclosed of Wolf. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of retrieving the extended attribute value from an inode. This allows for better security management by utilizing an inode for efficient file identification and enhancing file system integrity. Wolf is deemed as analogous art due to the art disclosing techniques of retrieving the extended attribute value from an inode (Wolf, Paragraph [0044]). Regarding claim 20, the claim is rejected under the same reasoning as claim 18. Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Zaifman, in view of Hajmasan, in further view of Kleinpeter, in further view of Wolf. Regarding claim 19, Zaifman as modified by Hajmasan and further modified by Kleinpeter do not teach the following limitation(s) as taught by Wolf: The system of claim 8, wherein to determine the second extended attribute value, the processing device is to retrieve the second extended attribute value from an inode (Wolf, Paragraph [0044], see “…That such an extended attribute exists can be indicated in a flag bit of a file inode. The inode is a unique identifier for each file”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Zaifman, techniques disclosed of Hajmasan, and techniques disclosed of Kleinpeter, by implementing techniques of retrieving the extended attribute value from an inode, disclosed of Wolf. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for utilizing extended file attributes for working directory, comprising of retrieving the extended attribute value from an inode. This allows for better security management by utilizing an inode for efficient file identification and enhancing file system integrity. Wolf is deemed as analogous art due to the art disclosing techniques of retrieving the extended attribute value from an inode (Wolf, Paragraph [0044]). Conclusion THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747. The examiner can normally be reached on M-F 11:00am – 7:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Show 6 earlier events
Oct 10, 2025
Request for Continued Examination
Oct 22, 2025
Response after Non-Final Action
Oct 29, 2025
Non-Final Rejection mailed — §103
Jan 14, 2026
Interview Requested
Jan 21, 2026
Applicant Interview (Telephonic)
Jan 23, 2026
Response Filed
Jan 24, 2026
Examiner Interview Summary
Jun 01, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12651053
APP PROFILE VERIFICATION SETUP
2y 0m to grant Granted Jun 09, 2026
Patent 12645780
VEHICLE CONTROL DEVICE, SYSTEM, AND METHOD
2y 0m to grant Granted Jun 02, 2026
Patent 12647432
Quantification of Adversary Tactics, Techniques, and Procedures using Threat Attribute Groupings and Correlation
1y 10m to grant Granted Jun 02, 2026
Patent 12632559
OPEN-SOURCE SOFTWARE VULNERABILITY ANALYSIS
7y 9m to grant Granted May 19, 2026
Patent 12632533
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM
2y 3m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
80%
Grant Probability
96%
With Interview (+16.7%)
2y 9m (~5m remaining)
Median Time to Grant
High
PTA Risk
Based on 247 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month