DETAILED ACTION
This office action is in response to the amendments filed on 04/02/2026.
Claims 1, 10, 28 and 31 are amended.
Claims 2-4, 11-13, 19-27 are cancelled.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see Remarks pg. 9-10, filed 04/02/2026, with respect to 35 USC 112(a) rejections to claims 1, 5-10, 28-34 have been fully considered and are persuasive. The 35 USC 112(a) rejections to claims 1, 5-10, 28-34 has been withdrawn.
Applicant's arguments filed 04/02/2026 in Remarks pg10-12 regarding 35 USC 102 rejections and 35 USC 103 rejections to the independent claims have been fully considered but they are not persuasive.
Applicant argues in essence:
[a] Regarding independent claim 28, Applicants submit that Chatterton does not teach or suggest that the policy validation check comprises attempting to detect, by the device, one or more passive policy grant devices, within a predetermined perimeter, wherein the one or more passive policy-granting devices include one of a graphical information detected with a camera or biometric information, wherein the attempting to detect includes attempting detection of the graphical information or the biometric information. In particular, pages 6-8 appear to map the "passive policy-granting devices" to "authentication factors." Applicants submit that Chatterton does not teach or suggest passive policy-granting devices that comprise graphical information or biometric information.
In particular, the authentication factors of Chatterton are described in paragraph [0020] as: "a plurality of wireless environments, a plurality of detected touch inputs, a plurality of application use details, captured images, captured sounds, and determined locations" which does not include "graphical information detected with a camera or biometric information." Therefore, Applicants request withdrawal of the rejection of claim 28 under 35 USC 102.
Regarding claims 1 and 10, page 15 of the Office Action indicates that Rice and Koneru do not disclose attempting communication with a passive policy granting device and cites to Chatterton as teaching this feature. Applicants submit that Chatterton does not teach this feature for the reasons described above. For the foregoing reasons, Applicant submits that the cited references do not teach each and every feature of claims 1, 10, and 28. Thus, Applicant requests withdrawal of the rejections of claims 1, 10, and 28 and all claims dependent thereon.” Pg 11-12 of Remarks.
In response to [a], Chatterton is not relied upon for the new limitation, and previously used Zaki et al. (hereinafter Zaki, US 10,748,136 B1) reference used in previous Claim 1 is mapped to these limitations for each independent claim.
Chatterton discloses a process of detecting a location of the user based on detection of a particular wireless environment based on an access point, and based on the location, a policy length may be extended, i.e. refreshed.
Chatterton Para.0039 “ In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user). Thus when those wireless environments are detected, it can be assumed that that authorized user is using the user device rather than an unauthorized user that has stolen the user device (as an unauthorized user that has stolen the user device will not typically try to use it in the authorized users home).”
Para.0049 “Similarly, the work wireless environment authentication profile 208 b and the coffee shop wireless environment authentication profile 208 c may allow authentication time periods for the user device and/or applications to be extended substantially as described above when the user is a work or in a coffee shop they visit regularly (or have otherwise authorized for continuous authorization).”
However Chatterton does not perform this process of determining the users location to refresh the policy via a graphical information or biometrics.
Zaki discloses a process of determining the users location based on scanning of a QR code with a camera.
Zaki: col.4 lines 9-13 “According to some embodiments, the tags may each comprise, for example, quick-response (QR) codes, bar codes, and/or any other types of tags that may be optically readable by a camera of a mobile device.” Col. 5 lines 37-45 “Further aspects discussed herein may relate to methods and techniques for determining that the mobile device is at a particular location based on determining whether the mobile device is able to authenticate a tag received by the mobile device, wherein the tag is available to the mobile device at the physical location. For example, the tag may be an optically-readable (e.g., electronically displayed) object, such as a quick-response (QR) code or bar code, that may be unique to the location (and that may identify the location).”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine [[Rice-Koneru-]]Chatterton with Zaki in order to incorporate the one or more passive devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information, such that the process of Chatterton that extends a policy based on location, which is open to any location determination known in the art in para.0073 and uses camera for location determination in para.0037, would detect a location based on scanning a QR code of a passive device using a camera as in Zaki.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device (Zaki: col. 1 lines 42-col. 2 line 44).
Therefore because of at least the reasons set forth above, examiner maintains rejection in view of the same combination of references, the rejections explained in more detail below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 and 10, are rejected under 35 U.S.C. 103 as being unpatentable over Rice (US 2011/0055891 A1) in view of Koneru et al. (hereinafter Koneru, US 2013/0298185 A1) further in view of Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1).
Regarding Claim 1, Rice discloses A method for managing a device (Rice: para.0077 “Thus, the methods and apparatuses for maintaining device security via a heartbeat signal,…”),
the method comprising: in response to a policy check trigger comprising a heartbeat operation (Examiner notes: “In other words, a heartbeat operation is an operation in which the device200 periodically checks whether a policy206 grants use of the device200.” Therefore a heartbeat operation in the claim is interpreted to be a periodic trigger to check for a policy.), attempting communication with a policy-granting system including one or more active policy-granting devices (Rice: Para.0014 “In various embodiments, the heartbeat signal can be provided by the device 2 to the security policy server 8, provided by the security policy server 8 to the device 2, or a combination thereof. For example, in one embodiment, the heartbeat signal is provided by the device 2 to the security policy server 8. The heartbeat signal can be provided either periodically or aperiodically.” The device periodically sends a heartbeat signal to a security policy server. The period trigger of sending the heartbeat is a heartbeat operation.),
wherein the one or more active policy-granting devices are devices capable of transmitting information to the device (Rice: para.0016 “ Or, the device 2 can send the heartbeat signal to the security policy server 8, and the security policy server 8, upon receipt of the heartbeat signal, sends a response signal to the device 2 indicating receipt of the heartbeat signal.” The policy server 8 may send information back to the device via a heartbeat signal),
in response to failing to receive a response from the policy-granting system at a first heartbeat check time, checking for a stored policy within the device (Rice: para.0016 “In yet other example embodiments, the heartbeat signal is initiated by the security policy server 8 or the device 2, and the recipient of the heartbeat signal provides a response indicating receipt of the heartbeat signal….The heartbeat signal can be provided either periodically or aperiodically. In either embodiment (device 2 initiates heartbeat signal or security policy server initiates heartbeat signal), if the response signal is received within expected time periods, the device 2 is allowed to operate normally. If the response signal is not received within expected time periods, the device 2 takes appropriate action. In the first embodiment, if the security policy server 8 does not receive the response signal, the security policy server 8 sends an indication to the device 2 to take appropriate action. In the second embodiment, if the device 2 does not receive the response signal, the device 2 takes appropriate action.” The device can initiate the heartbeat signal to the policy service, and if no response is received, the device takes an appropriate action based on a programmed rule, therefore checks for the rule and implements this rule in step 18, 20 or 24 in Fig. 2. Para.0022 “Thus, appropriate action is taken when the device is not located in the designated geographic region.” is a location based action. In addition, para.0027 “If, at step 16, the heartbeat signal is not detected, the user is requested to provide authentication, via the device, at step 18. If authentication is provided to the device, the device is allowed to perform normal operations. Authentication can comprise any appropriate authentication, for example, a secret, a password, to secure identifier (security ID), a cryptographic key, or the like. The authentication can be in any appropriate form, such as, for example, a textual response (e.g., keyboard entered password), an audio response (e.g., voice response), a biometric response (e.g., fingerprint), or the like.” By not receiving a response from the server, a trigger for checking for alternative authorization can occur based on security id, key etc.).
However Rice does not explicitly disclose attempting communication with a policy-granting system including one or more passive policy-granting devices, and the one or more passive policy-granting devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information; in response to detecting presence of the one or more passive policy-granting devices, refreshing a cached policy within the device, the cached policy indicating whether to deny or permit access to the device, wherein the cached policy subsequently becomes expired in response to a time period elapsing; in response to failing to receive a response from the policy-granting system at a first heartbeat check time, checking for the cached policy within the device; and denying access to the device in response to the cached policy being invalid or expired.
Koneru discloses in response to failing to receive a response from the policy granting system, at a first heartbeat check time, checking for the cached policy within the device (Koneru: para.0051 “ The policy file can be stored in cache or other local storage system on the mobile device 200.” para.0052 “For example, a default policy (or most recently updated policy) can specify that each time the mobile application starts it must check for an updated policy within the mobile application management server 12. In this case, the policy enforcement application layer 210 inside the mobile device (or called by the mobile application) connects to the mobile application management server 12 to check for an updated policy. If an updated policy is found, the local copy of the policy is updated on the mobile device 200. If an updated policy is found, but cannot be downloaded and updated locally, the policy may enforce a message to the user to install the latest version of the mobile application and block the mobile application from running. In alternative embodiments, the policy enforcement application layer 210 can continue functioning if the mobile application management server 12 cannot be reached during startup if the default policy or most updated policy allows for such action. In other embodiments, the existing local policy may only allow the mobile application to function for a limited time span before requiring communication with the mobile application management server 12.” On start up, the application attempts to connect to a server in order to obtain the most updated policy, however if the server cannot be reached, the default policy file stored in the cache may be used,)
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice with Koneru in order to incorporate in response to failing to receive a response from the policy granting system, at a first heartbeat check time, checking for the cached policy within the device and apply this concept to device access as in Rice.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security (Koneru: para.0002, para.0009), and the expected benefits of cache storage that allows for quicker data retrieval (Koneru: para.0051).
However Rice-Koneru does not explicitly disclose attempting communication with a policy-granting system including one or more passive policy-granting devices, and the one or more passive policy-granting devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information; in response to detecting presence of the one or more passive policy-granting devices, refreshing a cached policy within the device, the cached policy indicating whether to deny or permit access to the device, wherein the cached policy subsequently becomes expired in response to a time period elapsing; denying access to the device in response to the cached policy being invalid or expired.
Chatterton discloses attempting communication with a policy-granting system including one or more passive policy-granting devices (Chatterton: para.0039 “ In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user). Thus when those wireless environments are detected, it can be assumed that that authorized user is using the user device rather than an unauthorized user that has stolen the user device (as an unauthorized user that has stolen the user device will not typically try to use it in the authorized users home).” para.0051 “Thus, an authentication time period in which a user is allowed access to a user device, application, or application function or feature may be extended based on the detection of a plurality of wireless environments and without any input from the user. It has been found that because users typically use their user device in the same location or locations, the authentication systems and methods described herein may be used to allow for authentication time periods to be extended when a user device is determined to be located in one of those locations based on detected wireless environments that are commonly present at those locations” the location of the user may be determined based on a communication with an access point or other network providing device that represents a wireless environment that represents the location of the user device), and the one or more passive policy-granting devices are capable of being observed or detected by one or more sensors of the device;
in response to detecting presence of the one or more passive policy-granting devices, refreshing a stored policy within the device, the stored policy indicating whether to deny or permit access to the device (Chatterton: para.0046 “For example, the extended authentication time period may allow the first user to continue to use the user device (e.g., by allowing access to the operating system on the user device) without providing an authentication passcode input on an input device of the user device.” Para.0049 “ In response, the method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202, one or more applications on the user device 202, and/or functions in the application without providing an authentication passcode input through an input device on the user device 202.” In response to detecting the presence of the passive policy granting device, i.e. access point or other devices para.0039, para.0051, the authentication period is extended, i.e. refreshed, such that access to the device is permitted for another time period.),
wherein the stored policy subsequently becomes expired in response to a time period elapsing (Chatterton: para.0041 “In some embodiments, decision block 108 may be performed upon expiration of the authentication time period (provided in response to the authentication of the first user at block 104).” Para.0042 “thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on the user device 202 is restricted” the stored policy, i.e. authentication time period, becomes expired after the time period ends.);
denying access to the device in response to the stored policy being invalid or expired (Chatterton: para.0041 “In some embodiments, decision block 108 may be performed upon expiration of the authentication time period (provided in response to the authentication of the first user at block 104).” Para.0042 “thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on the user device 202 is restricted” access to the device is restricted after expiration of the time period.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru with Chatterton in order to incorporate attempting communication with a policy-granting system including one or more passive policy-granting devices; in response to detecting presence of the one or more passive policy-granting devices, refreshing a stored policy within the device, the stored policy indicating whether to deny or permit access to the device, wherein the stored policy subsequently becomes expired in response to a time period elapsing; denying access to the device in response to the stored policy being invalid or expired, and apply this concept to the cached policy of Rice-Koneru.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device (Chatterton: para.0005)
However Rice-Koneru-Chatterton does not explicitly disclose the one or more passive policy-granting devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information.
Zaki discloses the one or more passive devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information (Zaki: col.4 lines 9-13 “According to some embodiments, the tags may each comprise, for example, quick-response (QR) codes, bar codes, and/or any other types of tags that may be optically readable by a camera of a mobile device.” Col. 5 lines 37-45 “Further aspects discussed herein may relate to methods and techniques for determining that the mobile device is at a particular location based on determining whether the mobile device is able to authenticate a tag received by the mobile device, wherein the tag is available to the mobile device at the physical location. For example, the tag may be an optically-readable (e.g., electronically displayed) object, such as a quick-response (QR) code or bar code, that may be unique to the location (and that may identify the location). ” the location of the user device maybe determined by reading a QR code that is digitally displayed at a particular location. The device that is digitally displaying the QR code is the passive device. By scanning the QR code from the device, the location of the device may be determined. ).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru-Chatterton with Zaki in order to incorporate the one or more passive devices include one of a graphical information detected with a camera or biometric information, wherein the attempting communication includes attempting detection of the graphical information or the biometric information, such that the process of Chatterton that extends a policy based on location, which is open to any location determination known in the art in para.0073 and uses camera for location determination in para.0037, would detect a location based on scanning a QR code of a passive device using a camera as in Zaki.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device (Zaki: col. 1 lines 42-col. 2 line 44).
Regarding Claim 10 the claim teach all of the same elements as claim 1 but in A device, comprising: a processor; and a memory that has instructions that when executed by the processor, cause the processor to (Rice: para.0035). Therefore, the supporting rationale for the rejections of claim 1 apply equally as well to that of claim 10.
Claim(s) 5-8, 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Rice (US 2011/0055891 A1) in view of Koneru et al. (hereinafter Koneru, US 2013/0298185 A1) further in view of Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1) further in view of Myers et al. (hereinafter Myers, US 10,061,933 B1).
Regarding Claim 5, Rice-Koneru-Chatterton-Zaki discloses claim 1 as set forth above.
Rice further discloses at a second heartbeat check time prior to the first heartbeat check time (Rice: Fig. 2, para.0026 “At step 16, as the device is monitoring (looking for) the heartbeat signal (at step 14), it is determined if the heartbeat signal is detected.” In step 34 and step 14, at every heartbeat signal, the check iterates, therefore in a check prior to the one where the device was forced to power down, an iteration of Fig. 2 can occur wherein it was determined the device was permitted to stay on.),
performing operations comprising: determining that a policy indicates that the device is usable by a user; in response, permitting the device to boot or to remain powered on (Rice: para.0028 “At step 20, it is determined if the authentication provided is proper, and thus, if the user is authorized to operate the device. The user can be determined to be authorized, or not authorized, in any appropriate matter, such as, for example, comparing the provided authentication with an expected, stored, indication of the authentication, using the provided authentication to decrypt an encrypted value indicative of proper authentication, or the like. If it is determined that the user is authorized (at step 20), operation of the device is allowed at step 34. From step 34 the process continues at step 14, wherein the device monitors (looks for) the heartbeat signal.” The policy may determine the user was authorized to have access to the device, and the device remains powered on.)
However Rice-Koneru-Chatterton-Zaki does not explicitly disclose wherein determining that a policy obtained based on the communications with the one or more policy-granting devices or a cached policy is valid and not expired and indicates that the device is usable by a user; and in response, permitting the device to boot or to remain powered on.
Myers further discloses determining that a policy obtained based on the communications with the one or more policy-granting devices or a cached policy is valid and not expired and indicates that the device is usable by a user (Myers: col.13 15-20 “ The validity determination performed by the OSRPM is the same determination performed by the first bootloader 306 in the method of FIG. 5.” col.12 line 26-49 “The evaluation process determines whether the control policy 302 is valid. By executing the first boot loader 306 the hardware processor 208 is configured to evaluate various properties of or information contained in the control policy 302 including, for example, information identifying a physical location for enforcement of the control policy 302, a date or date range of enforcement, a user or device identifier against which the policy is to be enforced, formatting of the control policy 302, syntax, and/or various other attributes or parameters of the control policy 302 as desired. ” the policy has a time range, and therefore checks if it has expired, and checks a user ID to the policy to confirm if the policy is valid.); and
in response, permitting the device to boot or to remain powered on (Myers: col.12 lines 49-61 “If the evaluation results in a valid control policy 302 (s520), the hardware processor 208 under the control of the first bootloader 306 determines whether the valid control policy 302 allows boot up of the mobile computing device (s522). If the boot up of the mobile computing device is allowed, the first bootloader 306 controls the hardware processor 208 to initiate the OS bootloader 210 (s524). ” if the policy is valid and all other conditions from col.12 line 26-49 are met, Fig. 5 flow goes to 5222 and 524 where the device is allowed to boot, or denied in step 526.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru-Chatterton-Zaki with Myers in order to incorporate determining that a policy obtained based on the communications with the one or more policy-granting devices or a cached policy is valid and not expired and indicates that the device is usable by a user; and in response, permitting the device to boot or to remain powered on.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of a device by only using valid security policies (Myers: Col.2 line 39-col.3 line 11. Col. 12 lines 26-35).
Regarding Claim 6, Rice-Koneru-Chatterton-Zaki discloses claim 1 as set forth above.
However Rice-Koneru-Chatterton-Zaki does not explicitly disclose in response to determining that a wipe timer has elapsed, wiping one or more of a hard drive of the device and a trusted memory that stores cryptographic keys of the device.
Myers further discloses in response to determining that a wipe timer has elapsed, wiping one or more of a hard drive of the device and a trusted memory that stores cryptographic keys of the device (Myers: col.12 62-col.13 5 “If the evaluation results in the control policy 302 being found not valid, the hardware processor 208 next determines whether a wipe threshold has expired (s528). If the wipe threshold is exceeded, the hardware processor 208 is controlled by the first bootloader 306 to dump the encryption keys 214 from trusted memory and initiate a disk wipe (s530). On the other hand, if the wipe threshold is not expired, the hardware processor 208 controls the power controller 218 to enter a power off state (s526).” if the wipe threshold has expires, i.e. after a certain amount of time, a disk wipe is performed, and the keys from the trusted memory are dumped.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru-Chatterton-Zaki with Myers in order to incorporate in response to determining that a wipe timer has elapsed, wiping one or more of a hard drive of the device and a trusted memory that stores cryptographic keys of the device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of a device by only using valid security policies (Myers: Col.2 line 39-col.3 line 11.).
Regarding Claim 7, Rice-Koneru-Chatterton-Zaki discloses claim 6 as set forth above.
However Rice-Koneru-Chatterton-Zaki does not explicitly disclose wherein wiping the hard drive includes rebooting the device, executing a policy management software without executing an operating system, and wiping the hard drive.
Myers further discloses wherein wiping the hard drive includes rebooting the device (Myers: col.13 line 36-50 “ If the wipe threshold is expired, the hardware processor 208 under the control of the OSRPM 208 initiates a reboot of the mobile computing device 200 and the OSRPM 208 stops communication with the power control module 312 (s626).” when the wipe threshold has expired, the device is rebooted.),
executing a policy management software without executing an operating system (Myers: col.13 lines 36-50 “Upon reboot, the hardware processor 208 executes the boot control program 304 (s628). Under control of the boot control program 204, the hardware processor 208 initiates the first boot loader 206 in the boot sequence (s630).” the boot control program is executed without executing an OS.), and
wiping the hard drive (Myers: col.13 lines 36-50 “Under control of the first bootloader 306, the hardware processor 204 dumps encryption keys 234 from trusted memory and initiates a disk wipe (s632).” the disk is wiped.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru-Chatterton-Zaki with Myers in order to incorporate wherein wiping the hard drive includes rebooting the device, executing a policy management software without executing an operating system, and wiping the hard drive.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of a device by only using valid security policies (Myers: Col.2 line 39-col.3 line 11.).
Regarding Claim 8, Rice-Koneru-Chatterton-Zaki discloses claim 6 as set forth above.
However Rice-Koneru-Chatterton-Zaki does not explicitly disclose in response to determining that the wipe timer has elapsed, deleting one or more of communication credentials, cryptographic keys, and authentication certificates.
Myers further discloses in response to determining that the wipe timer has elapsed, deleting one or more of communication credentials, cryptographic keys, and authentication certificates (Myers: col.12 62-col.13 5 “If the evaluation results in the control policy 302 being found not valid, the hardware processor 208 next determines whether a wipe threshold has expired (s528). If the wipe threshold is exceeded, the hardware processor 208 is controlled by the first bootloader 306 to dump the encryption keys 214 from trusted memory and initiate a disk wipe (s530).” if the threshold has expired, the keys are dumped.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice-Koneru-Chatterton-Zaki with Myers in order to incorporate in response to determining that the wipe timer has elapsed, deleting one or more of communication credentials, cryptographic keys, and authentication certificates.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of a device by only using valid security policies (Myers: Col.2 line 39-col.3 line 11.).
Regarding Claims 14-17 they do not teach nor further define over the limitations of claims 5-8. Therefore the supporting rationale for the rejections to claims 5-8 apply equally as well to that of claims 14-17.
Claim(s) 9 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rice (US 2011/0055891 A1) in view of Koneru et al. (hereinafter Koneru, US 2013/0298185 A1) further in view of Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1) in view of See et al. (hereinafter See, US 2003/0067874 A1).
Regarding Claim 9, Rice-Koneru-Chatterton-Zaki discloses claim 1 as set forth above.
Rice further discloses at a second heartbeat check time subsequent to the first heartbeat check time, performing operations comprising: causing the device to be powered down (Rice: para.0037 “determining if provided authorization is proper (e.g., user is authorized), taking any appropriate action, reporting a location of the device, powering down the device” in response to not being authorized to use the device, the device may be shut down, in a next iteration of Fig. 2 from step 34 -> step 14 and back to step 22.).
However Rice does not explicitly disclose determining that no policy is obtained based on communications with the one or more policy- granting devices, and that no policy is cached, and in response, causing the device to be powered down.
Koneru discloses determining that no policy is obtained based on communications with the one or more policy- granting devices (Koneru: para.0051 “ The policy file can be stored in cache or other local storage system on the mobile device 200.” para.0052 “For example, a default policy (or most recently updated policy) can specify that each time the mobile application starts it must check for an updated policy within the mobile application management server 12. In this case, the policy enforcement application layer 210 inside the mobile device (or called by the mobile application) connects to the mobile application management server 12 to check for an updated policy. If an updated policy is found, the local copy of the policy is updated on the mobile device 200. If an updated policy is found, but cannot be downloaded and updated locally, the policy may enforce a message to the user to install the latest version of the mobile application and block the mobile application from running. In alternative embodiments, the policy enforcement application layer 210 can continue functioning if the mobile application management server 12 cannot be reached during startup if the default policy or most updated policy allows for such action. In other embodiments, the existing local policy may only allow the mobile application to function for a limited time span before requiring communication with the mobile application management server 12.” On start up, the application attempts to connect to a server in order to obtain the most updated policy, however if the server cannot be reached, i.e. no policy is obtained, the default policy file stored in the cache may be used,),
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Rice with Koneru in order to incorporate determining that no policy is obtained based on communications with the one or more policy- granting devices and apply this concept to device access.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security (Koneru: para.0002, para.0009), and the expected benefits of cache storage that allows for quicker data retrieval (Koneru: para.0051).
However Rice-Koneru-Chatterton-Zaki does not explicitly disclose determining that no policy is obtained based on communications with the one or more policy- granting devices, and that no policy is cached.
See discloses determining that no policy is obtained based on the communications with the one or more policy- granting devices (See: para.0047 “If no match exists in the policy cache 116, the central policy engine 106 determines in step 408 whether there is an exact match of the extracted fields with conditions of a rule in the central policy repository 100.” it is determined that the central DB, a policy granting device, does not contain the policy), and
that no policy is cached (See: para.0046 “ In step 404, the central policy engine 106 determines whether the policy cache contains entries that match the extracted fields of the packet. ” it is determined that the policy is not cached. When both of the above conditions are met, Fig. 8 flow chart goes to 420 and takes a default action.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Rice-Koneru-Chatterton-Zaki with See in order to incorporate determining that no policy is obtained based on the communications with the one or more policy- granting devices, and that no policy is cached that handles packet policies, to that of a policy check in Rice-Koneru, such that a default action of preventing operation of the device would occur in the case of no valid policies to permit access can be located.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of handling situations where no policy is available but still is able to take a default action rather than an error failover (See: para.0047-0050).
Regarding Claim 18, the claim does not teach nor further define over the limitations of claim 9, therefore the supporting rationale for the rejection of claim 9 applies equally as well to that of claim 18.
Claim(s) 28-30 and 34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1).
Regarding Claim 28, Chatterton discloses A method for managing a policy issued for a device (Chatterton: Fig. 1 para.0022 “Referring now to FIG. 1, an embodiment of a method 100 for authenticating one or more users is illustrated…. …, from access to an operating system application that operates essentially restricts access to the user device by restricting access to any function of the user device” para.0028 “As is known in the art, authenticated access to applications as described above may be associated with an authentication time period in which a user is allowed access to the application or applications” Para.0049 “ In response, the method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202, one or more applications on the user device 202, and/or functions in the application without providing an authentication passcode input through an input device on the user device 202.” managing the policy, i.e. rule governing a time period of access for a device.), the method comprising:
executing a policy validation check for validation of the policy issued for the device (Chatterton: para.0030 “The method 100 then proceeds to block 106 where authentication factors are detected.” Para.0041 “In other embodiments, decision block 108 may be performed throughout the authentication time period.” Throughout the authentication period, the device is checked for authentication factors in step 108 that dictate the time period for device access, such as step 118 that follows step 108),
where the policy validation check comprises attempting to detect, by the device one or more passive policy grant devices (Chatterton: para.0038 “The method 100 then proceeds to decision block 108 where it is determined whether the detected authentication factors match an authentication profile” para.0039 “In some embodiments, the authentication factors included in the authentication profiles may be provided by the user device. For example, a user device may automatically determine one or more authentication factors for an authentication profile that may include, for example, one or more wireless environments in one or more locations that the user device is commonly located at… In other words, the user device may be configured to recognize factors (e.g., wireless environments… In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user).” The device may attempt to detect wireless environments provided by devices and access points. ),
within a predetermined perimeter (Chatterton: para.0039 “ In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user). Thus when those wireless environments are detected, it can be assumed that that authorized user is using the user device rather than an unauthorized user that has stolen the user device (as an unauthorized user that has stolen the user device will not typically try to use it in the authorized users home).” The perimeter in this case is defined by the location that is determined based on detection of the wireless environment provided by certain devices. For example it can be determined that the user device is within a perimeter of an authorized users home.),
and managing a state of the policy for the device based on a result of the policy validation check (Chatterton: para.0049 “Thus, at block 108 the authentication engine 206 may determine that the detected wireless environments provided by the secondary user device(s) 210 and the access points 212, 216, and 218 match the home wireless environment authentication profile 208 a which, in the illustrated embodiment, details the secondary user device 210 providing a Bluetooth environment, the access point 212 providing a Wifi to LAN wireless environment, and each of the access points 216 and 218 providing Wifi to Internet wireless environments. In response, the method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202” upon determining the user location based on the wireless environments based on the sensor communication, para.0037 above, the state of the policy is managed by extending the usage time of the user device.).
However Chatterton does not explicitly disclose wherein the one or more passive policy-granting devices include one of a graphical information detected with a camera or biometric information, wherein the attempting to detect includes attempting detection of the graphical information or the biometric information.
Zaki discloses wherein the one or more passive devices include one of a graphical information detected with a camera or biometric information, wherein the attempting to detect includes attempting detection of the graphical information or the biometric information (Zaki: col.4 lines 9-13 “According to some embodiments, the tags may each comprise, for example, quick-response (QR) codes, bar codes, and/or any other types of tags that may be optically readable by a camera of a mobile device.” Col. 5 lines 37-45 “Further aspects discussed herein may relate to methods and techniques for determining that the mobile device is at a particular location based on determining whether the mobile device is able to authenticate a tag received by the mobile device, wherein the tag is available to the mobile device at the physical location. For example, the tag may be an optically-readable (e.g., electronically displayed) object, such as a quick-response (QR) code or bar code, that may be unique to the location (and that may identify the location). ” the location of the user device maybe determined by reading a QR code that is digitally displayed at a particular location. The device that is digitally displaying the QR code is the passive device. By scanning the QR code from the device, the location of the device may be determined. ).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chatterton with Zaki in order to incorporate wherein the one or more passive devices include one of a graphical information detected with a camera or biometric information, wherein the attempting to detect includes attempting detection of the graphical information or the biometric information, such that the process of Chatterton that extends a policy based on location, which is open to any location determination known in the art in para.0073 and uses camera for location determination in para.0037, would detect a location based on scanning a QR code of a passive device using a camera as in Zaki.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device (Zaki: col. 1 lines 42-col. 2 line 44).
Regarding Claim 29, Chatterton- Zaki discloses claim 28 as set forth above.
Chatterton further discloses wherein the managing of the state of the policy comprises refreshing the policy to extend usability of the device within the predetermined perimeter based on confirmation of communication between the device and the one or more passive policy grant devices (Chatterton: para.0049 “Thus, at block 108 the authentication engine 206 may determine that the detected wireless environments provided by the secondary user device(s) 210 and the access points 212, 216, and 218 match the home wireless environment authentication profile 208 a which, in the illustrated embodiment, details the secondary user device 210 providing a Bluetooth environment, the access point 212 providing a Wifi to LAN wireless environment, and each of the access points 216 and 218 providing Wifi to Internet wireless environments. In response, the method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202” Para.0041 “In other embodiments, decision block 108 may be performed throughout the authentication time period.” upon determining the user location based on the wireless environments based on the sensor communication, para.0037 above, the state of the policy is managed by extending the usage time of the user device. The user location is continuously monitored, i.e step 108 is repeated continuously during the authentication period, to determine is the user device is within the perimeter.).
Regarding Claim 30, Chatterton- Zaki discloses claim 28 as set forth above.
Chatterton further discloses wherein when the policy validation check yields a determination that communication has failed between the device and the one or more passive policy grant devices (Chatterton: para.0042 “In an embodiment of block 110, the authentication engine 206 has determined that the current wireless environments detected by the communication device 204 in the user device 202 do not match any known wireless environments defined by the authentication profiles in the authentication database” para.0039 “In some embodiments, the authentication factors included in the authentication profiles may be provided by the user device. For example, a user device may automatically determine one or more authentication factors for an authentication profile that may include, for example, one or more wireless environments in one or more locations that the user device is commonly located at… In other words, the user device may be configured to recognize factors (e.g., wireless environments… In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user).” Para.0049 “Thus, at block 108 the authentication engine 206 may determine that the detected wireless environments provided by the secondary user device(s) 210” It can be determined that communication with a recognized access point or device that provides a wireless environment is failed, i.e. a different device and/or different Bluetooth connection, therefore there is no communication with a valid passive policy grant device.), and
the managing of the state of the policy comprises one of: updating a current policy to expired or allowing the current policy to expire (Chatterton: para.0042 “ In an embodiment of block 110, the authentication engine 206 has determined that the current wireless environments detected by the communication device 204 in the user device 202 do not match any known wireless environments defined by the authentication profiles in the authentication database, and thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on the user device 202 is restricted” upon determining that there is no communication to a passive policy grant device, the authentication time is allowed to expire.).
Regarding Claim 34, Chatterton- Zaki discloses claim 28 as set forth above.
Chatterton further discloses wherein the executing of the policy validation check occurs based on a completion of a heartbeat operation, wherein the heartbeat operation comprises detecting an issuance of the policy for the device and detecting that a threshold time period has elapsed from the issuance of the policy for the device (Chatterton: para.0041 “In some embodiments, decision block 108 may be performed upon expiration of the authentication time period (provided in response to the authentication of the first user at block 104).” Para.0026 “The method 100 then proceeds to block 104 where the first user is authenticated in response to the authentication passcode input matching a user authentication passcode. In an embodiment, at block 104, an authentication engine in the user device compares the authentication passcode input received at block 102 to one or more user authentication passcodes stored in a database (e.g., located in the user device, connected to the user device through a network, etc.) and, in response to that authentication passcode input matching a user authentication passcode, the authentication engine authenticates the first user to access and use the application or applications” In step 104 the user is authenticated and an authentication time period is issued for the device, i.e. policy that indicates the device is usable for a period of time. Upon expiration of this time period, i.e. threshold time period has passed, step 108 is triggered. Step 108-114 is the policy validation check step, therefore occurs upon completion of the issuance of the policy and detection of a threshold time period elapsing since issuance of the policy.), and
wherein the policy validation check initiates based on the completion of the heartbeat operation (Chatterton: para.0041 “In some embodiments, decision block 108 may be performed upon expiration of the authentication time period (provided in response to the authentication of the first user at block 104).” Para.0046 “In such embodiments, decision block 112 may be skipped and the method 100 may proceed from decision block 108 to block 114 where the authentication time period for the first user is extended, discussed in further detail below.” Upon completion of the heartbeat operation, i.e. issuance and threshold time elapsing from issuance, of step 104 for the issuance, and after expiration of the authentication time period, the policy validation check that would extend the authentication time for the device is performed in steps 108-114).
Claim(s) 31, 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1) in view of Rice (US 2011/0055891 A1).
Regarding Claim 31, Chatterton-Zaki discloses claim 30 as set forth above.
However Chatterton-Zaki does not explicitly disclose where the executing of the policy validation check further comprises attempting to establish communication between the device and one or more active policy grant devices that actively transmit a policy signal to the device while the device is within the predetermined perimeter.
Rice discloses where the executing of the policy validation check further comprises attempting to establish communication between the device and one or more active policy grant devices that actively transmit a policy signal to the device while the device is within the predetermined perimeter (Rice: Para.0014 “In various embodiments, the heartbeat signal can be provided by the device 2 to the security policy server 8, provided by the security policy server 8 to the device 2, or a combination thereof. For example, in one embodiment, the heartbeat signal is provided by the device 2 to the security policy server 8. The heartbeat signal can be provided either periodically or aperiodically.” Para.0023 “When the security policy server 8 determines that the device 2 was moved out of the designated area, the security policy server 8 will cease transmitting the heartbeat signal to the device 2. Accordingly, the device 2 will take appropriate action.” Para.0013 “ If the heartbeat signal is not detected, appropriate action is taken. Appropriate action can include, for example, powering down the device, restricting access to files, erasing files, erasing the contents of a disk on the device, preventing access to designated files, reporting the location of the device, preventing the device from being turned on after it is turned off, or a combination thereof” the device 2 attempts communication with the server 8 periodically. The server 8 transmits a heartbeat signal back to the device 2 while it is in a predetermined perimeter, i.e. geographic area/designated area. If a response is not received, the device takes appropriate action such as powering down the device.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Chatterton-Zaki with Rice in order to incorporate where the executing of the policy validation check further comprises attempting to establish communication between the device and one or more active policy grant devices that actively transmit a policy signal to the device while the device is within the predetermined perimeter.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device by confirming location of the device to a server (Rice: para.0004).
Regarding Claim 33, Chatterton-Zaki discloses claim 28 as set forth above.
However Chatterton-Zaki does not explicitly disclose wherein the executing of the policy validation check occurs based detection a power-on of the device.
Rice discloses wherein the executing of the policy validation check occurs based detection a power-on of the device (Rice: para.0024 “FIG. 2 is a flow diagram of an example process for maintaining security of a device via a heartbeat signal. The heartbeat signal is initiated at step 12. The heartbeat signal can be initiated automatically, manually, or combination thereof. For example, when the device is turned on, the heartbeat signal can automatically be initiated. That is, the device can send a signal to the network indicating that it is being powered up” Fig. 2 step 12 may be initiated based on a powering up of the device, which initiates the process that flows to steps 34 and 36 that controls access to the device.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Chatterton-Zaki with Rice in order to incorporate wherein the executing of the policy validation check occurs based detection a power-on of the device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security of the device by confirming location of the device to a server to allow operation of the device (Rice: para.0004).
Claim(s) 32 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chatterton et al. (hereinafter Chatterton, US 2015/0066762 A1) in view of Zaki et al. (hereinafter Zaki, US 10,748,136 B1) in view of Berg et al (hereinafter Berg, US 10,581,872 B1).
Regarding Claim 32, Chatterton-Zaki discloses claim 28 as set forth above.
Chatterton further discloses where the policy validation check further comprises confirming detection by the device of the one or more passive policy grant devices within the predetermined perimeter (Chatterton: para.0038 “The method 100 then proceeds to decision block 108 where it is determined whether the detected authentication factors match an authentication profile” para.0039 “In some embodiments, the authentication factors included in the authentication profiles may be provided by the user device. For example, a user device may automatically determine one or more authentication factors for an authentication profile that may include, for example, one or more wireless environments in one or more locations that the user device is commonly located at… In other words, the user device may be configured to recognize factors (e.g., wireless environments… In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user).” Para.0050 “In some embodiments, the different wireless environment authentication profiles may result in different authentication levels. For example, authentication level for the coffee shop wireless environment authentication profile 208 c may be restricted relative to the authentication level of the home wireless environment authentication profile 208 b (e.g., payments may be transacted using applications at home but not at the coffee shop)” The device confirms that one of the valid wireless environments provided by devices and access points in the authentication database of user device 202 in Fig. 2 are being used by the user device.),
and refreshing the policy issued for the device based on a confirmation of detection of the one or more passive policy grant devices (Chatterton: para.0049 “Thus, at block 108 the authentication engine 206 may determine that the detected wireless environments provided by the secondary user device(s) 210 and the access points 212, 216, and 218 match the home wireless environment authentication profile 208 a which, in the illustrated embodiment, details the secondary user device 210 providing a Bluetooth environment, the access point 212 providing a Wifi to LAN wireless environment, and each of the access points 216 and 218 providing Wifi to Internet wireless environments. In response, the method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202” upon determining the user location based on the wireless environments based on the sensor communication, para.0037 above, the policy is refreshed by extending the usage time of the user device.).
However Chatterton-Zaki does not explicitly disclose initiating a request to refresh the policy issued for the device based on a confirmation of detection of the one or more passive policy grant devices, and wherein the managing of the state of the policy for the device comprises refreshing the policy for the device based on a confirmation of approval of the request by one or more active policy grant devices that are usable to actively transmit policy signals to the device.
Berg discloses initiating a request to refresh the policy issued for the device (Berg: col. 2 lines 6-13 “In some implementations, the processor is configured to send an authorization request to the authorization server to renew the authorization before an end of the first predetermined time period, the authorization message being sent by the authorization server in response to the authorization request.” The device may send an authorization request to renew authorization, i.e. refresh) and
wherein the managing of the state of the policy for the device comprises refreshing the policy for the device based on a confirmation of approval of the request by one or more active policy grant devices (Berg: col.6 line 54-col. 7 line 34 Col. 7 lines 44-60 server 110) that are usable to actively transmit policy signals to the device (Berg: col.6 line 54-col. 7 line 34 “The server 110 computes an authorization key hash labelled CLOUD_AUTH, which can be expressed as CLOUD_AUTH=hash(AUTH_KEY+TS), where AUTH_KEY represents a shared secret key and TS represents the current timestamp. … The server 110 sends an authorization message containing CLOUD_AUTH to the IoT device 130… Further, based on a successful match, the IoT device 130 maintains its authorization and continues to function as normal, and resets its re-authorization timer (AUTH_TIMER). The server 110, after receiving the notification, updates an expected de-authorization time for the IoT device 130.” Col. 7 lines 44-60 “In some implementations, the server can access a customer service plan database and determine whether a service plan associated with the device is in good standing, e.g., paid-up. If not paid-up or the IoT device is no longer included in the service plan, the server generates an authorization failure notification at 415. If the device is included in the service plan, the server, at 420, computes CLOUD_AUTH=hash(AUTH_KEY+TS), where AUTH_KEY represents a shared secret key and TS represents the current timestamp.” The server confirms if the device is in good standing and sends a CLOUD_AUTH authorization message to the device which resets the authorization timer on the device.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chatterton-Zaki with Berg in order to incorporate initiating a request to refresh the policy issued for the device; and wherein the managing of the state of the policy for the device comprises refreshing the policy for the device based on a confirmation of approval of the request by one or more active policy grant devices that are usable to actively transmit policy signals to the device such that prior to extending the time at the device in Berg, authorization is confirmed at an active policy granting device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of ensuring device compliance prior to enabling access to the device (Berg: Col. 7 lines 44-60)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Goldman et al. US 2020/0167474 A1 Handling of Remote Attestation and Sealing During Concurrent Update, See Fig. 12 and para.0081 showing system boot process and policy checking for data access.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EUI H KIM whose telephone number is (571)272-8133. The examiner can normally be reached 7:30-5 M-R, M-F alternating.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 5712725863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EUI H KIM/ Examiner, Art Unit 2453
/KAMAL B DIVECHA/ Supervisory Patent Examiner, Art Unit 2453