Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsPure Storage Inc. › 18658901
Last updated: May 29, 2026
Application No. 18/658,901

Storage Resource Access Through Role-Based Access Control (RBAC) Configuration

Non-Final OA §103
Filed
May 08, 2024
Examiner
WONG, NANCI N
Art Unit
2137
Tech Center
2100 — Computer Architecture & Software
Assignee
Pure Storage Inc.
OA Round
3 (Non-Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
6m
Est. Remaining
99%
With Interview

Interview Optional

+22.3% interview lift. Interview already conducted in this application's prosecution history. This examiner has a 87% grant rate with +22.3% interview lift. Since an interview has already been tried, recommend written response with narrowed claims based on precedent claim evolution patterns.
Based on 458 resolved cases, 2023–2026

Examiner Intelligence

WONG, NANCI N View full profile →
Grants 87% — above average
87%
Career Allowance Rate
399 granted / 458 resolved
+32.1% vs TC avg
Strong +22% interview lift
Without
With
+22.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
12 currently pending
Career history
483
Total Applications
across all art units

Statute-Specific Performance

§101
0.8%
-39.2% vs TC avg
§103
94.4%
+54.4% vs TC avg
§102
1.0%
-39.0% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 458 resolved cases

Office Action

§103
DETAILED ACTION The present Office Action is in response to Applicant Arguments/Remarks and amended claims filed on 01/30/2026. Claims 1, 11, and 20 have been amended. Claims 1-20 remain pending in the application. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/30/2026 has been entered. Response to Amendments and Arguments Applicant’s amendments and remarks have been fully considered, with the Examiner’s response set forth below. (1)Applicant’s arguments are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. (2) Another iteration of claim analysis has been made. Refer to the corresponding sections of the claim analysis below for details. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 4, 6, 11, 14, 16, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lionetti (US 2017/0317991), hereinafter Lionetti in view of Bhat et al. (US2013/0054888), hereinafter Bhat, and further in view of Kodama (US2006/0031594), hereinafter Kodama and Prabhu et al. (US 2023/0418651), hereinafter Prabhu. Regarding claims 1, 11, and 20, taking claim 11 as exemplary, Lionetti teaches a system comprising: a memory (Lionetti, claim 14, a machine-readable medium); and a processing device (Lionetti, claim 14, processor), operatively coupled to the memory, the processing device configured to: generate, by a storage layer of a storage system, an identifier including access rights associated with one or more volumes, wherein the access rights expire after a threshold amount of time; provide the identifier to a host and by a role-based access control (RBAC) layer of the storage system, (Lionetti, [0049], The encryption server 315 may send an ID for the temporary clone LUN 312 to the host 301); receive, from the host, a request to access the one or more volumes, wherein the request comprises the identifier (Lionetti, [0043], host 301 sends information to the storage controller 306 identifying the unencrypted file to be encrypted and moved to the LUN 311. The information may include a location (e.g. file path, LUN identifier, block address or offset) and file metadata such as name, size, or type; [0050], the host 301 sends a command to the storage controller 306 to move the encrypted file 330 from the temporary clone LUN 312 to the LUN 311.); and establish, a connection between the host and the one or more volumes (Lionetti, [0049], The encryption server 315 may also instruct the storage controller 306 to map the temporary clone LUN 312 to the host 301 to allow access by the host 301). Lionetti teaches providing a volume ID to a host by a encryption server, nevertheless, Lionetti does not explicitly teach providing a volume ID to a host by a role-based access control (RBAC) layer. Lionetti does not explicitly teach generate, by a storage layer of a storage system, an identifier including access rights associated with one or more volumes, wherein the access rights expire after a threshold amount of time, as claimed. However, Lionetti in view of Bhat teaches generate, by a storage layer of a storage system, an identifier (Bhat, [0073], At step 806, the storage system manager receives the request to generate the vvol via the management interface … a unique vvol ID is generated at step 810.); provide the identifier to a host (Bhat, [0073], at step 814, the storage system manager transmits the vvol ID to computer system 103). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lionetti to incorporate the teachings of Bhat to generate a logical/virtual volume ID by a storage layer and provide the volume ID to a host. A person of ordinary skill in the art would have been motivated to combine the teachings of Lionetti with Bhat because it improves efficiency and performance of the storage system disclosed in Lionetti as volumes are part of the storage system and it takes less time for the storage system to control and manage storage volumes than a host device. The combination of Lionetti does not explicitly teach an identifier including access rights associated with one or more volumes, wherein the access rights expire after a threshold amount of time, and provide the identifier a volume ID to a host by a role-based access control (RBAC) layer, as claimed. However, the combination of Lionetti in view of Kodama teaches an identifier including access rights associated with one or more volumes (Kodama, [0048], Volume X-P is referred to as a primary volume, meaning that it is the volume with which the host will perform I/O operations … Volume X-S is referred to as the secondary volume; Note – (the suffix of volume name -P/X indicates the role being either primary or secondary, which also specifies access right (interface with host to service I/O requests) [0050], the primary volume serves as the production volume for data I/O operations made by user-level and system-level applications running on the host. The secondary volume serves as a backup volume for the production volume), wherein the access rights expire after a threshold amount of time (Kodama, [0048], the secondary volume also serves as a failover volume in case the primary volume goes off line for some reason, whether scheduled (e.g., for maintenance activity), or unexpectedly (e.g., failure)). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Kodama to generate a volume identifier that specifies access rights and the access rights expires after a period of time. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Kodama because it improves efficiency of the storage system disclosed in the combination of Lionetti by making it easy to ensure correct volume is accessed. The combination of Lionetti does not explicitly teach provide the identifier a volume ID to a host by a role-based access control (RBAC) layer, as claimed. However, the combination of Lionetti in view of Prabhu teaches provide, to a host and by a role-based access control (RBAC) layer of a storage system, an identifier associated with one or more volumes (Lionetti, [0039]; Note -encryption server allows an encrypted LUN to be accessed by a host; [0049], [0064]-[0070]; Prabhu, [0135], The RBAC module 156 stores information regarding different clients/entities that are given access to storage; [0138], the authorization module of the RBAC module 156 creates custom roles (for example, an administrator, backup administrator, backup operator, backup viewer, restore administrator and others), modifies existing roles, assigns and unassigns permissions to and from a role (for example, a dataset, policy, host, storage connection, a dashboard, a report, discovery, remote installation and others), assigns and unassigns users to roles and assigns and unassigns resources (for example, hosts, datasets, policy and others)). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Prabhu to include functionalities such as assigning roles to hosts and storage controllers as well as granting access permission of encrypted volumes to one or more hosts in the encryption server. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Prabhu because it improves security of the storage system disclosed in the combination of Lionetti by including a role-based access control layer to manage storage access authorities. Claims 1 and 20 have similar limitations as claim 11 and they are rejected for the similar reasons. Regarding claims 4 and 14, taking claim 14 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti further teaches the system of claim 11, wherein the processing device is further configured to: generating, by the storage layer, the identifier (Bhat, [0073], At step 806, the storage system manager receives the request to generate the vvol via the management interface … a unique vvol ID is generated at step 810); and providing, by the storage layer, the identifier to the RBAC layer (Lionetti, [0023], the storage controller 106 sends … and the LUN 110 (“LUN ID and host ID 104”) to the encryption server 115). Claim 4 has similar limitations as claim 14 and they is for the similar reasons. Regarding claims 6 and 16, taking claim 16 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti further teaches the system of claim 11, wherein, to establish the connection between the host and the one or more volumes, the processing device is configured to create an internal host resource for the host in the storage layer (Lionetti, [0045], the encryption server 315 sends a request to the storage controller 306 to create a temporary clone LUN 312 of the LUN 311; [0049], The encryption server 315 may send an ID for the temporary clone LUN 312 to the host 301 … the host 301 can use the LBAs of the sparse file 310 to read the encrypted file 330 from the temporary clone LUN 312.). Claim 6 has similar limitations as claim 16 and they is for the similar reasons. Claim(s) 2-3 and 12-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lionetti, Bhat, Kodama, and Prabhu as applied to claims 1 and 11 respectively above, and further in view of Shiraki (US 2020/0401349), hereinafter Shiraki. Regarding claims 2 and 12, taking claim 12 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti does not explicitly teach the system of claim 11, wherein, to provide the identifier, the processing device is configured to present the identifier as a metadata property of the one or more volumes, as claimed. However, the combination of Lionetti in view of Shiraki teaches the system of claim 11, wherein, to provide the identifier, the processing device is configured to present the identifier as a metadata property of the one or more volumes (Shiraki, [0105], transmits (notifies), to each of the host devices 20, the volume information 106 created for each of the host devices 20). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Shiraki to provide storage volume information to each of host devices as a metadata. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Shiraki because it allows a host to send I/O requests to a specific storage volume. Claim 2 has similar limitations as claim 12 and they is for the similar reasons. Regarding claims 3 and 13, taking claim 13, the combination of Lionetti teaches all the features with respect to claim 12 as outlined above. The combination of Lionetti further teaches the system of claim 12, wherein providing the identifier is performed in response to determining, by the RBAC layer, that the host is associated with a role having access to the read metadata property of the one or more volumes (Lionetti, [0049], the encryption server 315 notifies the host 301 that the encrypted file 330 is available in the temporary clone LUN 312. The encryption server 315 may send an ID for the temporary clone LUN 312 to the host 301. Since the encrypted file 330 was written to the same LBAs as the sparse file 310, the host 301 can use the LBAs of the sparse file 310 to read the encrypted file 330 from the temporary clone LUN 312. ). Claim 3 has similar limitations as claim 13 and they is for the similar reasons. Claim(s) 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lionetti, Bhat, Kodama, and Prabhu as applied to claims 1 and 11 respectively above, and further in view of Jaiswal et al. (US 2021/0124695), hereinafter Jaiswal. Regarding claims 5 or 15, taking claim 15 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti does not explicitly teach the system of claim 11, wherein the identifier comprises an Internet Small Computer System Interface (iSCSI) qualified name (IQN) associated with the one or more volumes, as claimed. However, the combination of Lionetti in view of Jaiswal teaches the system of claim 11, wherein the identifier comprises an Internet Small Computer System Interface (iSCSI) qualified name (IQN) associated with the one or more volumes (Jaiswal, [0014], controller 140 can assign storage devices 130 and/or logical abstractions such as LUNs 124 unique target node names (e.g., iSCSI Qualified Name (IQN) or NVMe Qualified Name (NQN)).). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Jaiswal to assign an iSCSI Qualified Name for LUNs. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Jaiswal because it improves efficiency of the storage system disclosed in the combination of Lionetti by assigning a unique iSCSI qualified name for a logical unit in order to comply with iSCSI network protocol. Claim 5 has similar limitations as claim 15 and they is for the similar reasons. Claim(s) 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lionetti, Bhat, Kodama, and Prabhu as applied to claims 1 and 11 respectively above, and further in view of Beaverson et al. (US 2021/0286734), hereinafter Beaverson. Regarding claims 7 and 17, taking claim 17 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti further teaches the system of claim 11, wherein the one or more volumes are included in a particular set of volumes of a plurality of sets of volumes on the storage system (Lionetti, [0051], a list of existing temporary clone LUNs; [0061], encrypted LUNs associated with each of the hosts), and wherein the storage system is configured to maintain deduplication across the plurality of sets of volumes. The combination of Lionetti teaches performing deduplication, nevertheless, the combination of Lionetti does not explicitly teach maintain deduplication across the plurality of sets of volumes, as claimed. However, the combination of Lionetti in view of Beaverson teaches maintain deduplication across the plurality of sets of volumes (Beaverson, [0045], data deduplication is supported globally across all the LUNs 200 and all the nodes 120). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Beaverson to maintain data deduplication across all volumes and all nodes. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Beaverson because it improves efficiency of the storage system disclosed in the combination of Lionetti by only maintaining one copy of data for all volumes in order to reduce storage space needed. Claim 7 has similar limitations as claim 17 and they is for the similar reasons. Claim(s) 8-9 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lionetti, Bhat, Kodama, and Prabhu as applied to claims 1 and 11 respectively above, and further in view of Colgrove et al. (US7,584,340), hereinafter Colgrove. Regarding claims 8 and 18, taking claim 18 as exemplary, the combination of Lionetti teaches all the features with respect to claim 11 as outlined above. The combination of Lionetti does not explicitly teach the system of claim 11 wherein the processing device is further configured to restrict, by the storage system, access to the one or more volumes to a particular network, as claimed. However, the combination of Lionetti in view of Colgrove teaches the system of claim 11 wherein the processing device is further configured to restrict, by the storage system, access to the one or more volumes to a particular network (Colgrove, col.2, lines 33-46, LUN masking is a security operation that indicates that a particular host 120 ( e.g. host 120A or 120B), HBA (Host Bus Adapter) 122 (e.g. HBA 122A or 122B), or HBA port 124 ( e.g. HBA port 124A or 124B) is able to communicate with a particular LUN 102. In the LUN masking process, a bound AU 108 ( e.g. AU 108A, 108B, 108C or 108D) may be masked to a specified HBA port 124, HBA 122, or host 120 (e.g. all HBAs on the host) through a specified array port 106 in a specified storage device 104; col.2, lines 47-54, The default behavior of the storage device may be to prohibit all access to LUNs unless a host has explicit permission to view the LUNs.). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Colgrove to grant access of storage volumes to a host on an as-needed basis. A person of ordinary skill in the art would have been motivated to combine the teachings of the Lionetti with Colgrove because it improves security of the storage system disclosed in the combination of Lionetti by implementing access controls that ensure a host can only access storage data after explicit permission has been granted, thereby preventing unauthorized data exposure. Claim 8 has similar limitations as claim 18 and they is for the similar reasons. Regarding claims 9 and 19, taking claim 19 as exemplary, the combination of Lionetti teaches all the features with respect to claim 18 as outlined above. The combination of Lionetti further teaches the system of claim 18, wherein the particular network corresponds to a particular tenant of the storage system (Colgrove, col.2, lines 33-46, LUN masking is a security operation that indicates that a particular host 120 ( e.g. host 120A or 120B), HBA (Host Bus Adapter) 122 (e.g. HBA 122A or 122B), or HBA port 124 ( e.g. HBA port 124A or 124B) is able to communicate with a particular LUN 102. In the LUN masking process, a bound AU 108 ( e.g. AU 108A, 108B, 108C or 108D) may be masked to a specified HBA port 124, HBA 122, or host 120 (e.g. all HBAs on the host) through a specified array port 106 in a specified storage device 104; col.2, lines 47-54, The default behavior of the storage device may be to prohibit all access to LUNs unless a host has explicit permission to view the LUNs). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Colgrove to grant access of storage volumes to a host on an as-needed basis. A person of ordinary skill in the art would have been motivated to combine the teachings of the Lionetti with Colgrove because it improves security of the storage system disclosed in the combination of Lionetti by implementing access controls that ensure a host can only access storage data after explicit permission has been granted, thereby preventing unauthorized data exposure. Claim 9 has similar limitations as claim 19 and they is for the similar reasons. Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lionetti, Bhat, Kodama, and Prabhu as applied to claims 1 and 11 respectively above, and further in view of Matosevich et al. (US 2023/0342059), hereinafter Matosevich. Regarding claim 10, the combination of Lionetti teaches all the features with respect to claim 1 as outlined above. The combination of Lionetti does not explicitly teach the method of claim 1, further comprising migrating the one or more volumes from a first storage array to a second storage array, wherein the one or more volumes are accessible to the host in the second storage array using a same identifier as used to access the one or more volumes in the first storage array, as claimed. However, the combination of Lionetti in view of Matosevich teaches the method of claim 1, further comprising migrating the one or more volumes from a first storage array to a second storage array, wherein the one or more volumes are accessible to the host in the second storage array using a same identifier as used to access the one or more volumes in the first storage array (Matosevich, [0053], After setting the reservation(s), the identity of the target volume is set to the identity of the source volume, and the target storage system exposes the migrating volume to the host … the non-disruptive migration process in which the source storage system 340 and target storage system 350 have a source volume and target volume with the same volume ID, Claim 1). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lionetti to incorporate teachings of Matosevich to migrate a volume from a first storage array to a second storage array and keep the volume identifier unchanged. A person of ordinary skill in the art would have been motivated to combine the teachings of the combination of Lionetti with Matosevich because it improves efficiency of the storage disclosed in the combination of Lionetti by using a same identifier from a host perspective, which allows the host to access volumes in a non-disruptive manner. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Miloushev et al. (US2007/0078988) teaches creating a logical name for a volume that specifies the role of the volume. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NANCI N WONG whose telephone number is (571)272-4117. The examiner can normally be reached Monday-Friday 9am -6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan Savla can be reached at 571-272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NANCI N WONG/Primary Examiner, Art Unit 2137
Read full office action

Prosecution Timeline

Show 3 earlier events
Jul 21, 2025
Examiner Interview Summary
Jul 21, 2025
Applicant Interview (Telephonic)
Aug 26, 2025
Response Filed
Nov 05, 2025
Final Rejection mailed — §103
Dec 09, 2025
Interview Requested
Jan 30, 2026
Request for Continued Examination
Feb 10, 2026
Response after Non-Final Action
Apr 01, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/772,553
Patent 12638983
PROVIDING MULTIPLE ERROR CORRECTION CODE PROTECTION LEVELS IN MEMORY
1y 10m to grant Granted May 26, 2026
18/673,276
Patent 12632198
MEMORY WITH VIRTUAL PAGE SIZE
1y 12m to grant Granted May 19, 2026
18/416,329
Patent 12619528
Data Storage Device and Method for Configuring a Memory to Write a Requested Amount of Data Over the Memory's Lifetime
2y 3m to grant Granted May 05, 2026
18/598,318
Patent 12619530
MEMORY SYSTEM
2y 1m to grant Granted May 05, 2026
18/804,363
Patent 12619526
STORAGE DEVICE, STORAGE SYSTEM, AND OPERATING METHOD OF STORAGE SYSTEM
1y 8m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+22.3%)
2y 6m (~6m remaining)
Median Time to Grant
High
PTA Risk
Based on 458 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month