DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/08/2025 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/16/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Amendment
Applicant’s amendment, filed 09/08/2025, has been entered and fully considered.
Response to Arguments
Applicant argues, see page 12, that Crabtree fails to cure the deficiencies of Dunn with respect to limitation “generating the vulnerability risk score further comprises identifying a second vulnerability that co-exists on the client device with the vulnerability and determining a likelihood of the vulnerability and the second vulnerability being exploited together in the attack”. However, Crabtree does teach generating the vulnerability risk score (Crabtree: paragraph [0135], “generate a cybersecurity score for each privilege escalation attack pathway”) further comprises identifying a second vulnerability (Crabtree: FIG. 25, vulnerability 2501b) that co-exists on a client device (Crabtree: FIG. 25, vulnerability 2501b and 2501a are both at network level 2501) with the vulnerability (Crabtree: FIG. 25, vulnerability 2501a; paragraph [0130], “Vulnerabilities of software are represented by nodes in the cyber-physical graph shown here as circles at each privilege level 2501a-c”) and determining a likelihood (Crabtree: paragraph [0130], “Vulnerabilities of software are represented by nodes in the cyber-physical graph…, and the relationships between the components are shown as directional and weighted edges between the nodes.”; paragraph [0130], “The…probability of a vulnerability…may be designated by an edge weight or length”) that a combination of the vulnerability and the second vulnerability being exploited together in the attack (Crabtree: paragraph [0131], “2501a may be a brute force attack on a WPS pin that gains the attacker access to an SSH session 2501b into a host machine on the network”).
Otherwise, Applicant’s further arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Examiner’s Notes
The Examiner notes that:
Claim 6 should have been marked as indicating a deletion of “a” by double brackets and an insertion of “the” by underlining with respect to the currently presented limitation “the client device” on line 2. See MPEP 1.121(C)(2). The limitation “a client device”, as presented in claims filed 06/16/2025 was amended in claims filed 09/08/2025 to recite “the client device” without appropriate marking of a claim amendment. The Examiner respectfully requests Applicant to ensure that future amendments comply with MPEP 1.121.
Claim Interpretation
The Examiner notes:
The United States Patent and Trademark Office (“USPTO”) determines the scope of claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction in light of the specification as it would be interpreted by one of ordinary skill in the art. See MPEP 2111.
The limitation “usefulness score” is being interpreted in light of paragraph [0022] of the specification, as filed 07/29/2022. The limitation “usefulness score” is interpreted to encompass “whether valuable (e.g., system information, private information) could be exposed to an attacker if the vulnerability was exploited, or whether user privileges in the computing environment could be escalated if the vulnerability was exploited”. Whether valuable information could be exposed is a metric related to confidentiality.
Claim Objections
Claim 1, 11, 20 is objected to because of the following informalities:
Claim 1 is objected to under 37 CFR 1.75(i) because claim 1 steps forth a plurality of steps, including “generating…”. However, the “generating…” step is not separated by a line indentation.
Claims 1, 11, 20 recite “determining a likelihood that a combination of the vulnerability and the second vulnerability being exploited together in the attack”. This appears to be grammatically improper. The Examiner suggests reciting “determining a likelihood that a combination of the vulnerability and the second vulnerability is being exploited together in the attack”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites the limitation "the client" in line 2. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-4, 6-8, 10-14, 16-18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dunn et al. (USP App. Pub. 2023/0336581; hereinafter Dunn) in view of Crabtree et al. (USP App Pub 2022/0210202; hereinafter Crabtree) in further view of Doyle et al. (USP App Pub 2020/0210590; hereinafter Doyle).
Regarding claim 1, A method, comprising:
acquiring one or more environment variables associated with a computing environment (Dunn: paragraph [0035], “The CVE tracking module can look at the Operating System and its version”);
identifying a vulnerability in the computing environment based on a vulnerability database (VDB) and the one or more environment variables associated with the computing environment (Dunn: paragraph [0034], “The CVE tracking module can receive vulnerability information from…the Public CVE databases”; paragraph [0035], “the Operating System and its version…can be compared to the information obtained from the third party services”; paragraph [0031], “The CVE tracking module uses tools to track individual vulnerabilities to the cyber-attack on the network nodes”);
generating an input dataset based on behavioral-based endpoint detection and response (EDR) data associated with the vulnerability (Dunn: paragraph [0036], “The CVE tracking module can make some estimations about the software running on the network devices (e.g. external webservers) based upon their behavior in traffic, their interactions”; paragraph [0012], “behavior pattern data”);
applying one or more predictive models, respectively trained to predict probabilities of exploitation of vulnerabilities of computing environments, to the input dataset (Dunn: Figure 8, The CVE tracking module feeds into the device weakness module; paragraph [0056], “The device weakness module can…generate an overall device weakness score”; Figure 8, The device weakness score generator is a sub-component of the device weakness module; paragraph [0057], “The device weakness score generator basically calculates…how bad it thinks that CVEs are on that network device”);
generating, by one or more processors, a vulnerability risk score for the vulnerability of the computing environment based on the input dataset and the one or more predictive models (Dunn: Figure 8, The device weakness module feeds into the node exposure score generator; paragraph [0068], “the node exposure score generator is configured to initially generate just a general weakness score”), wherein
generating the vulnerability risk score (Dunn: paragraph [0068], “the node exposure score generator is configured to initially generate just a general weakness score”) further comprises determining a likelihood of the vulnerability being exploited in an attack based on (Dunn: paragraph [0065], “The node exposure score generator…[calculates]…the possibility of future critical vulnerability CVEs and the possibility of those CVEs being exploited”) application attributes of the application associated with the vulnerability (Dunn: paragraph [0031], “The CVE tracking module can track and profile versions of software and a state of patches”; Figure 8, The CVE tracking module ultimately feeds into the node exposure score generator) and vulnerability attributes of the vulnerability in the computing environment (Dunn: paragraph [0020], “the device weakness module is going to be looking at multiple different types of vulnerabilities including misconfigurations in software, default and/or reuse passwords, denial-of-service vulnerabilities, etc.”; paragraph [0064], “The device weakness module and the user account exposure module combine to calculate the risk associated for common vulnerabilities”; paragraph [0065], “Thus, the device weakness score from the device weakness module is inputted into the node exposure score generator”)…, wherein
the application attributes comprise (Dunn: paragraph [0031], “The CVE tracking module can track and profile versions of software and a state of patches”)…; and
prioritizing a repair of the vulnerability based on the vulnerability risk score (Dunn: paragraph [0031], “version state of each software resident on a network device are utilized by the node exposure score generator and the attack path modeling component in the prioritization of remediation actions on that network node”; paragraph [0084], “The remediation suggester module cooperates with the attack path modeling component to analyze the actual detected vulnerabilities that exist in each network node and suggests how to intelligently prioritization remediation actions on each network node compared to other network nodes with actual detected vulnerabilities”) to minimize computing resource consumption by the vulnerability (Dunn: paragraph [0090], “The remediation suggester module may also automatically take the example remediation actions of reducing the permissions associated with a SaaS account to a level that prevents the cyber-attack pathway into the network” i.e., preventing an attack pathway of a vulnerability reduces the consumption of computing resources because preventing the attack pathway means the attack pathway is not executed on the computing resources, thereby reducing the amount of computing resource consumption).
Dunn does not teach …wherein generating the vulnerability risk score further comprises identifying a second vulnerability that co-exists on a client device with the vulnerability and determining a likelihood that a combination of the vulnerability and the second vulnerability being exploited together in the attack, wherein the vulnerability attributes are indicative of a vulnerability age indicating when the vulnerability initially appeared in other computing environments prior to being identified in the computing environment and a usefulness score associated with the vulnerability being exploited in the attack, wherein determining the likelihood of the vulnerability further comprises determining a probability for user privileges in the computing environment to be escalated if the vulnerability was exploited…prevalence data indicating whether the application is prevalent among a plurality of computing devices in the computing environment…
However, in the same field of endeavor, Crabtree does teach …wherein generating the vulnerability risk score (Crabtree: paragraph [0135], “generate a cybersecurity score for each privilege escalation attack pathway”) further comprises identifying a second vulnerability (Crabtree: FIG. 25, vulnerability 2501b) that co-exists on a client device (Crabtree: FIG. 25, vulnerability 2501b and 2501a are both at network level 2501) with the vulnerability (Crabtree: FIG. 25, vulnerability 2501a; paragraph [0130], “Vulnerabilities of software are represented by nodes in the cyber-physical graph shown here as circles at each privilege level 2501a-c”) and determining a likelihood (Crabtree: paragraph [0130], “Vulnerabilities of software are represented by nodes in the cyber-physical graph…, and the relationships between the components are shown as directional and weighted edges between the nodes.”; paragraph [0130], “The…probability of a vulnerability…may be designated by an edge weight or length”) that a combination of the vulnerability and the second vulnerability being exploited together in the attack (Crabtree: paragraph [0131], “2501a may be a brute force attack on a WPS pin that gains the attacker access to an SSH session 2501b into a host machine on the network”)…wherein determining the likelihood of the vulnerability (Crabtree: paragraph [0135], “generate a cybersecurity score for each privilege escalation attack pathway based on the probability of occurrence for each path in relation to all other vectors of attack (pathways)”) further comprises determining a probability (Crabtree: paragraph [0130], “probability of a vulnerability… may be designated by an edge weight or length”; paragraph [0134], “a scoring engine runs one or more graph-processing algorithms on the cyber-physical graph to identify each privilege escalation attack pathway and a probability of occurrence for each path”) for user privileges (Crabtree: paragraph [0033], “Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user” i.e., privilege escalation relates to elevated access from a user perspective; paragraph [0131], “a brute force attack on a WPS pin that gains the attacker access to an SSH session 2501b into a host machine on the network. From there, an attacker could perform a Windows sticky key attack 2502a to create a local system administrator account”) in the computing environment to be escalated if the vulnerability was exploited (Crabtree: paragraph [0126], “identify the probabilities of success of cyberattacks through a given vulnerability and the impact of a successful cyberattack”; paragraph [0130], “Vulnerabilities of software are represented by nodes in the cyber-physical graph shown here as circles at each privilege level 2501a-c, 2502a-b, 2503a-b, 2504a-d, and 2505a-d, and the relationships between the components are shown as directional and weighted edges between the nodes”)…
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the vulnerability risk scoring engine of Dunn to incorporate the teachings of Crabtree to use attack pathways and a probability of user privilege escalation as components of vulnerability risk scoring. The motivation for doing so is to account for the numerous attack paths that arise from a combination of vulnerabilities (Crabtree: paragraph [0033], “With over ten thousand known exploits and new ones being discovered every day, the combination of pathways open to malicious actors are overwhelmingly numerous.”) and “to identify the probabilities of success of cyberattacks through a given vulnerability and the impact of a successful cyberattack” (Crabtree: paragraph [0126]).
Dunn and Crabtree do not teach … wherein the vulnerability attributes are indicative of a vulnerability age indicating when the vulnerability initially appeared in other computing environments prior to being identified in the computing environment and a usefulness score associated with the vulnerability being exploited in the attack…prevalence data indicating whether the application is prevalent among a plurality of computing devices in the computing environment…
However, in the same field of endeavor, Doyle does teach …wherein the vulnerability attributes (Doyle: paragraph [0058], “In addition to the training data (or vulnerability characteristics) described with respect to 420 of FIG. 4, various ‘secondary’ vulnerability characteristics may also be factored into the threat score prediction model”) are indicative of a vulnerability age indicating when the vulnerability initially appeared in other computing environments prior to being identified in the computing environment (Doyle: paragraph [0060], “An age of the software vulnerability (e.g., the number of days since publication of the software vulnerability on the US National Vulnerability Database, etc.),”) and a usefulness score associated with the vulnerability being exploited in the attack (Doyle: paragraph [0061], “A degree of difficulty or complexity associated with exploit development for the software vulnerability, which may include…CVSS v3 data (e.g., confidentiality impact…)”)…prevalence data indicating whether the application is prevalent among a plurality of computing devices in the computing environment (Doyle: paragraph [0063], “A prevalence of the software vulnerability (e.g., a total number of impacted assets, … within particular Intranets or enterprise networks, etc.)”)…
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the vulnerability scoring engine of Dunn and Crabtree to incorporate the teachings of Doyle to use secondary characteristics like age, confidentiality impact and prevalence. The motivation for doing so is to provide additional data to factor into the threat score prediction model (Doyle: paragraph [0058], “In addition to the training data (or vulnerability characteristics) described with respect to 420 of FIG. 4, various ‘secondary’ vulnerability characteristics may also be factored into the threat score prediction model.”).
Regarding claim 2, Dunn, Crabtree and Doyle teach the method of claim 1, wherein:
determining the likelihood of the vulnerability being exploited in the attack (Dunn: paragraph [0065], “The node exposure score generator…[calculates]…the possibility of future critical vulnerability CVEs and the possibility of those CVEs being exploited”) is further based on
at least one or more historical CVE attributes (Dunn: paragraph [0034], “The CVE tracking module can receive vulnerability information from…the Public CVE databases”) of the vulnerability in the computing environment (Dunn: paragraph [0031], “The CVE tracking module uses tools to track individual vulnerabilities to the cyber-attack on the network nodes that are network devices”).
Regarding claim 3, Dunn, Crabtree and Doyle teach the method of claim 2, wherein the application attributes (Dunn: paragraph [0020], “multiple different types of vulnerabilities including misconfigurations in software”) comprise:
an attack history of the application (Dunn: paragraph [0208], “identify subtle variations in machine events within a computer networks behavioral history that may indicate cyber-threat or compromise”).
Regarding claim 4, Dunn, Crabtree and Doyle teach the method of claim 2, wherein the vulnerability attributes of the vulnerability (Dunn: paragraph [0021], “(e.g. weak Operating System) and/or other known CVEs” i.e., a weak operating system is a vulnerability) in the computing environment are further indicative of at least one of:
a weakness category associated with the vulnerability being exploited in the attack (Dunn: paragraph [0021], “The scanner API integrator module… can know when an example network device (e.g. server device) matches up to the network under analysis and has vulnerable software (e.g. weak Operating System) and/or other known CVEs…, which would make them vulnerable to compromise from an external cyber threat to the network”).
Regarding claim 6, Dunn, Crabtree and Doyle teach the method of claim 2, wherein the vulnerability in the computing environment exists on the client device (Dunn: paragraph [0070], “amount of CVEs associated with the network device/user account and a level of severity of each CVE detected on that network node”).
Regarding claim 7, Dunn, Crabtree and Doyle teach the method of claim 2, wherein generating the vulnerability risk score further comprising:
determining a capability of the client device to defend against the vulnerability being exploited in the attack, the vulnerability in the computing environment exists on the client device (Dunn: paragraph [0092], “generating one or more automated and customizable cyber attacks to pretest one or more defenses implemented in a network”; paragraph [0073], “The attack path modeling component ingests the information for the purposes of modeling and simulating a potential attack against the network and routes that an attacker would take through the network.”);
and adjusting the likelihood of the vulnerability being exploited in the attack based on the capability of the client device to defend against the vulnerability being exploited in the attack (Dunn: paragraph [0074], “The node exposure score generator and the attack path modeling component cooperate to analyze the actual detected vulnerabilities that exist for that network node in the network”).
Regarding claim 8, Dunn, Crabtree and Doyle teach the method of claim 2, wherein the computing environment is associated with the client (Dunn: paragraph [0070], “amount of CVEs associated with the network device/user account and a level of severity of each CVE detected on that network node”), wherein generating the vulnerability risk score (Dunn: paragraph [0068], “the node exposure score generator is configured to initially generate just a general weakness score”) further comprising:
determining the likelihood of the vulnerability being exploited in the attack based on an industry type (Dunn: paragraph [0034], “The CVE tracking module can…compare the software resident on network devices and their current configurations over to best practices within the industry”)
or a geographic location associated with the client.
Regarding claim 10, Dunn, Crabtree and Doyle teach the method of claim 1, further comprising:
prioritizing the vulnerability over other vulnerabilities that are associated with the computing environment based on the vulnerability risk score (Dunn: paragraph [0084], “The remediation suggester module cooperates with the attack path modeling component to analyze the actual detected vulnerabilities that exist in each network node and suggests how to intelligently prioritization remediation actions on each network node compared to other network nodes with actual detected vulnerabilities”);
and providing a notification indicating one or more remedial actions to resolve the vulnerability responsive to prioritizing the vulnerability (Dunn: paragraph [0084], “The remediation suggests module…suggests…remediation actions…in at least one of a report”; paragraph [0085], “The report can be conveyed in an electronic format in a communication to a user”).
The motivation to combine references for the claims listed above is the same as the motivation stated in the rejection of claim 1.
Re. claims 11-14, they recite analogous limitations as claims 1-4, respectively, and therefore is rejected for the same reasons.
Re. claims 16-18, they recite analogous limitations as claims 6-8, respectively, and therefore is rejected for the same reasons.
Re. claim 20, the claim recites analogous limitations as claim 1 and therefore is rejected for the same reasons.
Claim(s) 5, 9, 15, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dunn in view of Crabtree in further view of Doyle in further view of Yavo et al. (USP App. Pub. 2022/0166783; hereinafter Yavo).
Regarding claim 5, Dunn, Crabtree and Doyle teach the method of claim 2, wherein…is associated with a plurality of computing environments, and wherein generating the vulnerability risk score (Dunn: paragraph [0068], “the node exposure score generator is configured to initially generate just a general weakness score”) further comprising:
calculating… a frequency in which the vulnerability might be exploited (Dunn: paragraph [0041], “The CVE frequency estimator can also determine what is the probability of another weakness vulnerability occurring within the next period of time”).
Dunn, Crabtree and Doyle do not teach … the EDR data…based on the EDR data… (i.e. the connected use of the CVE tracking module and the CVE frequency estimator such that the CVE frequency estimator uses the behavioral data from the CVE tracking module)
However, in the same field of endeavor, Yavo teaches …based on the EDR data… (Yavo: paragraph [0049], “System 200 includes multiple endpoint security agents…to work in collaboration for performing asset discovery, vulnerability assessment, taking remedial action, and performing various automated operations. The endpoint security agents may include, for example, an EDR agent” i.e. the use of additional data sources, including EDR data, to perform a vulnerability assessment).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the node exposure score module of Dunn, Crabtree and Doyle to incorporate the teachings of Yavo to utilize the EDR (behavioral) data from the CVE tracking module to calculate the frequency rates in the CVE frequency estimator. The motivation for doing so is to improve the quality of the data analysis and calculation by synergistically incorporating multiple data sources (Yavo: paragraph [0049], “the system 200 may use collected data to achieve synergies in connection…[to perform the] vulnerability assessment”).
Regarding claim 9, Dunn, Crabtree and Doyle teach the method of claim 2, wherein generating the vulnerability risk score (Dunn: paragraph [0068], “the node exposure score generator is configured to initially generate just a general weakness score”) further comprising:
determining the likelihood of the vulnerability being exploited in the attack based on prior attacks observed in the computing environment, or receiving the EDR data from a client device, wherein the vulnerability in the computing environment exists on the client device (Dunn: paragraph [0036], “The CVE tracking module can make some estimations about the software running on the network devices (e.g. external webservers) based upon their behavior in traffic, their interactions” i.e. Since the CVE tracking module can process behavioral data, this necessarily implies the receipt of EDR data);…
calculating… a frequency in which the vulnerability might be exploited (Dunn: paragraph [0041], “The CVE frequency estimator can also determine what is the probability of another weakness vulnerability occurring within the next period of time”).
Dunn, Crabtree and Doyle do not teach “based on the EDR data” i.e. the connected use of the CVE tracking module and the CVE frequency estimator such that the CVE frequency estimator uses the behavioral data from the CVE tracking module.
However, in the same field of endeavor, Yavo teaches …based on the EDR data… (Yavo: paragraph [0049], “System 200 includes multiple endpoint security agents…to work in collaboration for performing asset discovery, vulnerability assessment, taking remedial action, and performing various automated operations. The endpoint security agents may include, for example, an EDR agent” i.e. the use of additional data sources, including EDR data, to perform a vulnerability assessment).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the node exposure score module of Dunn, Crabtree and Doyle to incorporate the teachings of Yavo to utilize the EDR (behavioral) data from the CVE tracking module to calculate the frequency rates in the CVE frequency estimator. The motivation for doing so is to improve the quality of the data analysis and calculation by synergistically incorporating multiple data sources (Yavo: paragraph [0049], “the system 200 may use collected data to achieve synergies in connection…[to perform the] vulnerability assessment”).
Re. claim 15, the claim recites analogous limitations as claim 5 and therefore is rejected for the same reasons.
Re. claim 19, the claim recites analogous limitations as claim 9 and therefore is rejected for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADITYA SRIRAM whose telephone number is (703)756-1715. The examiner can normally be reached Su-Sa: 9:00 AM - 11:59 AM PST and 1:00 PM - 8 PM PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571) 272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.S./Examiner, Art Unit 2491
/WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491