Notice of Pre-AIA or AIA Status
The present application is being examined under the pre-AIA first to invent provisions.
DETAILED ACTION
Response to Amendment
This Office Action is in response to the amendment filed on 01/20/26.
The applicant’s remarks and amendments to the claims were considered and results as
follow: THIS ACTION IS MADE FINAL.
No claim has been amended. Claim 1 has been cancelled. Claims 2-21 have been added. As a result, claims 2-21 now pending in this office action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all
obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed
or described as set forth in section 102 of this title, if the differences between the
subject matter sought to be patented and the prior art are such that the subject
matter as a whole would have been obvious at the time the invention was made to
a person having ordinary skill in the art to which said subject matter pertains.
Patentability shall not be negatived by the manner in which the invention was
made.
Claims 2-5, 11-12 and 14-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over
Borthakur et al. (US 2005/0289354 A1) in view of Watanabe et al. (US 2010/0077026 A1).
Regarding claim 2, Borthakur teaches a method for controlling access to file system objects stored on a local file storage system, said method comprising, (See Borthakur paragraph [0036], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system)):
providing a local file system including said file system objects organized according toa hierarchical structure, (See Borthakur paragraph [0036], a file system may be implemented using multiple layers of functionality arranged in a hierarchy);
providing access by a user to said file system objects of said local file system via a virtual file system, (See Borthakur paragraph [0039], file system 205 includes a virtual file system 222…includes device drivers 224 through which local file systems 240 may access storage devices), said virtual file system providing a user interface indicative of said hierarchical structure, (See Borthakur paragraph [0039], provide a common interface to the various local file systems 240, file system 205 includes a virtual file system 222); and
controlling access by said user to said file system objects of said local file system according to said permissions map, (See Borthakur paragraph [0033], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system).
Borthakur does not explicitly disclose receiving, from a remote file storage system associated with said local file storage system, a permissions map defining access rights of said user to said file system objects of said local file system.
However, Watanabe teaches receiving, from a remote file storage system associated with said local file storage system, (See Watanabe paragraph [0042], The client device selects the server device which receives the registration request for access permission and transmits an acquisition request for a remote UI (User Interface) application), a permissions map defining access rights of said user to said file system objects of said local file system, (See Watanabe paragraph [0013], provide a method of registering access permission with which a user can register access permission for a client device).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify receiving, from a remote file storage system associated with said local file storage system, a permissions map defining access rights of said user to said file system objects of said local file system of Watanabe in order to access permitted device list using MAC addresses as physical addresses specific to each communication device.
Regarding claim 3, Borthakur taught the method of claim 2, as described above. Borthakur further teaches wherein receiving said permissions map includes, (See Borthakur paragraph [0065], receiving a file system content access operation):
receiving a file including encoded permissions definitions, (See Borthakur paragraph [0086], obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430); and
generating said permissions map from said encoded permissions definitions, (See Borthakur paragraph [0086], Once security converter 610 has obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430).
Regarding claim 4, Borthakur taught the method of claim 3, as described above. Borthakur further teaches wherein said step of receiving a file including said encoded permissions definitions includes receiving a markup file, (See Borthakur paragraph [0086], obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430).
Regarding claim 5, Borthakur taught the method of claim 4, as described above. Borthakur further teaches wherein said step of receiving a markup file includes receiving an XML formatted file, (See Borthakur paragraph [0090], Upon receiving a record of security information for a given content item selected by a query, a security converter 610 may be configured to extract the security information from the record, for example by parsing an XML-formatted record).
Regarding claim 11, Borthakur taught the method of claim 3, as described above. Borthakur further teaches wherein said step of generating said permissions map includes, (See Borthakur paragraph [0086], Once security converter 610 has obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430):
identifying an amount of memory required to store said permissions map, (See Borthakur paragraph [0103], A permission field may further be used to identify specific file system capabilities the content item owner…Security mapping functionality 700 may map the identification);
identifying a memory location having at least as much memory as said amount of memory, (See Borthakur paragraph [0035], the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device); and
populating at least a portion of said memory location with said permissions map, (See Borthakur paragraph [0113], a portion of a given item) is selected by query engine 430 based on a given query, the permissions associated with the given content item may be examined and compared with the role of the user performing the given query).
Regarding claim 12, Borthakur taught the method of claim 11, as described above. Borthakur further teaches wherein said memory location is a contiguous virtual memory segment, (See Borthakur paragraph [0035]], the data structures may include one or more tables configured to store information such as, for example, the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device)).
Regarding claim 14, Borthakur taught the method of claim 13, as described above. Borthakur further teaches further comprising:
identifying a second memory location having at least as much memory as said amount of memory, (See Borthakur paragraph [0035], the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device); and
reading said permissions map to said second memory location without unmarshalling, (See Borthakur paragraph [0066], the owner of a file may have read, write, and execute permissions for that file, whereas other group members may have only read and execute permissions, and non-group members may have only read permissions).
Regarding claim 15, Borthakur taught the method of claim 14, as described above. Borthakur further teaches wherein:
said step of persisting said permissions map to said persistent storage occurs prior to a shutdown of said local file storage system, (See Borthakur paragraph [0229], A GMA is also free to associate automated operations with triggers other than MARS actions, such as reoccurring times or days of the week, for the purpose of removing expired data such as via a `locate remove` compound action, where the locate query defines the expiration based on a comparison of the current date with the end-pov or modified properties); and
said step of reading said permissions map to said secondary memory location occurs after a corresponding restart of said local file storage system, (See Borthakur paragraph [0066], the given file system content item may have associated permissions defining the allowable actions on that item for the owner, for a member of group GID other than the owner, and for users other than members of group GID. For example, the owner of a file may have read, write, and execute permissions for that file, whereas other group members may have only read and execute permissions), reading said permissions map to said second memory location without unmarshalling, (See Borthakur paragraph [0066], the owner of a file may have read, write, and execute permissions for that file, whereas other group members may have only read and execute permissions, and non-group members may have only read permissions).
Regarding claim 16, Borthakur taught the method of claim 11, as described above. Borthakur further teaches wherein said step of controlling access by said user to said file system objects of said local file system according to said permissions map, (See Borthakur paragraph [0036], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system): includes accessing said permissions map in said memory location in order to identify a data entry of said permissions map, (See Borthakur paragraph [0035], the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device); said data entry specifying access rights associated with a particular file system object of said local file system. (See Borthakur paragraph [0039], the particular local file system 240 targeted by each operation. Additionally, in the illustrated embodiment storage management system 200 includes device drivers 224 through which local file systems 240 may access storage devices).
Regarding claim 17, Borthakur taught the method of claim 3, as described above. Borthakur further teaches further comprising:
controlling access by said user to said file system objects of said local file system according to a prior permissions map during said step of receiving a file, (See Borthakur paragraph [0033], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system), including said encoded permissions definitions and during said step of generating said permissions map from said encoded permissions definitions, (See Borthakur paragraph [0086], Once security converter 610 has obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430):; and wherein said step of controlling access by said user to said file system objects of said local file system according to said permissions map, (See Borthakur paragraph [0033], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system), occurs after said step of receiving a file including said encoded permissions definitions, (See Borthakur paragraph [0066], the given file system content item may have associated permissions defining the allowable actions on that item for the owner, for a member of group GID other than the owner, and for users other than members of group GID. For example, the owner of a file may have read, write, and execute permissions for that file, whereas other group members may have only read and execute permissions), and after said step of generating said permissions map from said encoded permissions definitions, (See Borthakur paragraph [0086], obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430); and said prior permissions map and said permissions map define different access rights associated with at least one file system object of said local file system, (See Borthakur paragraph [0229], A GMA is also free to associate automated operations with triggers other than MARS actions, such as reoccurring times or days of the week, for the purpose of removing expired data such as via a `locate remove` compound action, where the locate query defines the expiration based on a comparison of the current date with the end-pov or modified properties).
Regarding claim 18, Borthakur taught the method of claim 2, as described above. Borthakur further teaches wherein said step of controlling access by said user to said file system objects of said local file system according to said permissions map, (See Borthakur paragraph [0033], a file system may be integrated into an operating system such that any access to data stored on storage devices 230 is governed by the control and data structures of the file system), includes identifying a first data entry of said permissions map, said first data entry specifying access rights associated with a particular file system object of said local file system, (See Borthakur paragraph [0054],The stored metadata record may in various embodiments include various kinds of information about the file 250 and the operation detected, such as the identity of the process generating the operation, file identity, file type, file size, file owner, and/or file permissions).
Regarding claim 19, Borthakur taught the method of claim 13, as described above. Borthakur further teaches wherein:
said permissions map includes a first set of data entries, each data entry of said first set of data entries associating a parent object with a child object; (See Borthakur paragraph [0045], file system 205 that implement a file hierarchy, such as a hierarchy of folders or directories, all or part of the file hierarchy may be included in the file identity. For example, a given file named "file1.txt" may reside in a directory "smith" that in turn resides in a directory "users" ), and
said plurality of data entries are indicative of said hierarchical structure, (See Borthakur paragraph [0045], file system 205 that implement a file hierarchy, a given file's identity may be specified by listing each directory in the path of the file as well as the file name).
Regarding claim 20, Borthakur taught the method of claim 19, as described above. Borthakur further teaches wherein said step of identifying said first data entry of said permissions map includes utilizing a recursive tree search within said permissions map, (See Borthakur paragraph [0117], query system 400 may be configured to identify whether any role indicated in the record of permissions corresponds with the user submitting the query according to security mapping functionality).
Regarding claim 21, Borthakur taught the method of claim 20, as described above. Borthakur further teaches wherein said step of utilizing a recursive tree search within said permissions map includes, (See Borthakur [0045], a file hierarchy, such as a hierarchy of folders or directories, all or part of the file hierarchy may be included in the file identity):
identifying a second data entry of said permissions map, said second data entry being associated with a parent object of said particular file system object, (See Borthakur [0103], a given file system content item has a corresponding owner (e.g., identified through a user ID) and a corresponding group (e.g., identified through a group ID). A permission field may further be used to identify specific file system capabilities the content item owner), and including information indicative of a second memory location of a third data entry associated with said particular file system object, (See Borthakur [0113], the associated permissions indicate that corresponding role 2 has only "read" capability with respect to that file, and query engine 430 or another module within query system 400 may suppress file "/test1/foo.pdf" from the results returned to user "jones");
accessing said third data entry at said second memory location of said third data entry, (See Borthakur paragraph [0035], the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device); said third data entry being associated with said particular file system object and including information indicative of a third memory location of said first data entry, (See Borthakur paragraph [0045], file system 205 that implement a file hierarchy, a given file's identity may be specified by listing each directory in the path of the file as well as the file name); and
accessing said first data entry at said third memory location, (See Borthakur paragraph [0035], the identity of each file, its location within storage devices 230 (e.g., a mapping to a particular physical location within a particular storage device).
Claims 6-7, 9-10 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Borthakur et al. (US 2005/0289354 A1) in view of Watanabe et al. (US 2010/0077026 A1) and further in view of Stickler (US 2003/0093434 A1).
Regarding claim 6, Borthakur together with Watanabe taught the method of claim 4, as described above.
Borthakur together with Watanabe does not explicitly disclose receiving, from a remote file storage system associated with said local file storage system, a permissions map defining access rights of said user to said file system objects of said local file system.
However, Stickler teaches wherein said step of receiving a markup file includes: storing said markup file in persistent storage of said local file storage system, (See Stickler paragraph [0018], the particular encoding of any data is not relevant to storage by or interchange between agents. This does not mean that specific encoding or other media constraints may not exist for any given environment implementing the framework); and deleting from said persistent storage a prior markup file associated with a prior version of said encoded permissions definitions, (See Stickler paragraph [0229], for the purpose of removing expired data such as via a `locate remove` compound action, where the locate query defines the expiration based on a comparison of the current date with the end-pov or modified properties).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify wherein said step of receiving a markup file includes: storing said markup file in persistent storage of said local file storage system, and deleting from said persistent storage a prior markup file associated with a prior version of said encoded permissions definitions of Stickler in order to ascertain the hierarchical relationship between data entities within the object oriented programming environment.
Regarding claim 7, Borthakur taught the method of claim 2, as described above. Borthakur further teaches wherein said step of generating said permissions map from said encoded permissions definitions includes, (See Borthakur paragraph [0086], Once security converter 610 has obtained security information for a given file system content item, it may be configured to map or encode such security information in a format suitable for querying by query engine 430):
Borthakur together with Watanabe does not explicitly disclose processing said markup file in order to re-encode said encoded permissions definitions in a data interchange format, to generate re-encoded permissions definitions, storing in said persistent storage said re-encoded permissions definitions in said data interchange format, and generating said permissions map from said re-encoded permissions definitions stored in said data interchange format.
However, Stickle teaches processing said markup file in order to re-encode said encoded permissions definitions in a data interchange format, (See Stickler paragraph [0018], the particular encoding of any data is not relevant to storage by or interchange between agents. This does not mean that specific encoding or other media constraints may not exist for any given environment implementing the framework), to generate re-encoded permissions definitions, (See Stickler paragraph [0054], provides content properties that allow definition of data characteristics independent of the production, application or realization of that Data. Again, examples of such properties can be found in the MARS section following. MARS 25 also provides encoding properties defining special qualities relating to the format); storing in said persistent storage said re-encoded permissions definitions in said data interchange format, (See Stickler paragraph [0018], the particular encoding of any data is not relevant to storage by or interchange between agents. This does not mean that specific encoding or other media constraints may not exist for any given environment implementing the framework); and generating said permissions map from said re-encoded permissions definitions stored in said data interchange format, (See Stickler paragraph [0054], provides content properties that allow definition of data characteristics independent of the production, application or realization of that Data. Again, examples of such properties can be found in the MARS section following. MARS 25 also provides encoding properties defining special qualities relating to the format).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify processing said markup file in order to re-encode said encoded permissions definitions in a data interchange format, to generate re-encoded permissions definitions, storing in said persistent storage said re-encoded permissions definitions in said data interchange format, and generating said permissions map from said re-encoded permissions definitions stored in said data interchange format of Stickler in order to ascertain the hierarchical relationship between data entities within the object oriented programming environment.
Regarding claim 9, Borthakur taught the method of claim 7, as described above.
Borthakur together with Watanabe does not explicitly disclose wherein said step of generating said permissions map from said re-encoded permissions definitions includes generating said permissions map exactly once.
However, Stickle teaches wherein said step of generating said permissions map from said re-encoded permissions definitions includes generating said permissions map exactly once, (See Stickler paragraph [1683], the given procedure or operation exactly from where they are. The procedural documentation would presumably be encoded using some form of functional markup).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify wherein said step of generating said permissions map from said re-encoded permissions definitions includes generating said permissions map exactly once of Stickler in order to ascertain the hierarchical relationship between data entities within the object oriented programming environment.
Regarding claim 10, Borthakur taught the method of claim 7, as described above.
Borthakur together with Watanabe does not explicitly disclose wherein said step of storing in said persistent storage said re-encoded permissions definitions includes, storing said re-encoded permissions definitions in a data interchange file, and deleting from said persistent storage a prior data interchange file associated with a prior version of said re-encoded permissions definitions.
However, Stickle teaches wherein said step of storing in said persistent storage said re-encoded permissions definitions includes, (See Stickler paragraph [0267], interchange, and (typically) persistent storage of MARS metadata property sets. The Metia Java SDK provides for the importation and exportation of MARS XML encoded instances to and from MARS class instances): storing said re-encoded permissions definitions in a data interchange file, (See Stickler paragraph [0267], interchange, and (typically) persistent storage of MARS metadata property sets. The Metia Java SDK provides for the importation and exportation of MARS XML encoded instances to and from MARS class instances); and deleting from said persistent storage a prior data interchange file associated with a prior version of said re-encoded permissions definitions, (See Stickler paragraph [0267], interchange, and (typically) persistent storage of MARS metadata property sets. The Metia Java SDK provides for the importation and exportation of MARS XML encoded instances to and from MARS class instances).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify wherein said step of storing in said persistent storage said re-encoded permissions definitions includes, storing said re-encoded permissions definitions in a data interchange file, and deleting from said persistent storage a prior data interchange file associated with a prior version of said re-encoded permissions definitions of Stickler in order to ascertain the hierarchical relationship between data entities within the object oriented programming environment.
Regarding claim 13, Borthakur taught the method of claim 11, as described above.
Borthakur together with Watanabe does not explicitly disclose comprising persisting said permissions map to said persistent storage without marshalling. However, Stickle teaches further comprising persisting said permissions map to said persistent storage without marshalling, (See Stickler paragraph [0267], interchange, and (typically) persistent storage of MARS metadata property sets. The Metia Java SDK provides for the importation and exportation of MARS XML encoded instances to and from MARS class instances).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify comprising persisting said permissions map to said persistent storage without marshalling of Stickler in order to ascertain the hierarchical relationship between data entities within the object oriented programming environment.
Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Borthakur et al. (US 2005/0289354 A1) in view of Watanabe et al. (US 2010/0077026 A1) in view of Stickler (US 2003/0093434 A1) and further in view of Wang (US 20110321010 A1).
Regarding claim 8, Borthakur taught the method of claim 7, as described above.
Borthakur together with Watanabe and Wang does not explicitly disclose wherein said step of storing said re-encoded permissions definitions includes storing said re-encoded permissions definitions in Java Script Object Notation (JSON) format. However, Wang teaches wherein said step of storing said re-encoded permissions definitions includes storing said re-encoded permissions definitions, (See Wang paragraph [0048], The security manager checks the client IP permission and URL permission based on a set of customized security rules), in Java Script Object Notation (JSON) format, (See Wang paragraph [0133] JSON JavaScript simple object notation).
It would have been obvious to a person of ordinary skill in art at the time of
invention was made, to modify wherein said step of storing said re-encoded permissions definitions includes storing said re-encoded permissions definitions in Java Script Object Notation (JSON) format of Wang in order to provide a web deployment environment of a high quality on reliability, performance, scalability and security.
Conclusions/Points of Contacts
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MULUEMEBET GURMU whose telephone number is (571)270-7095. The examiner can normally be reached M-F 9am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached at 5712724078. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MULUEMEBET GURMU/Primary Examiner, Art Unit 2163