Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/10/2025 has been entered.
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 102/103
The applicant’s remarks, on pages 9-15 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 102/103 rejections.
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
Response to Applicant’s Arguments Regarding Interpretation under 35 U.S.C. § 112(f)
The applicant’s brief remarks, on page 9, were not persuasive regarding the interpretation under 35 U.S.C. § 112(f), and thus, the interpretation will be maintained. However, the examiner has modified the interpretation in light of the applicant’s remarks, as indicated below.
Previous Claim Objections
Claim 10 was previously objected to because of minor informalities. The applicant’s present amendments have overcome the rejection. Therefore, the previous objections to the claims are withdrawn.
Claim Interpretation under U.S.C. 112(f):
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term "means" or "step" or a term used as a substitute for "means" that is a generic placeholder (also called a nonce term or a nonstructural term having no specific structural meaning) for performing the claimed function;
(B) the term "means" or "step" or the generic placeholder is modified by functional language, typically, but not always linked by the transition word "for" (e.g., "means for'') or another linking word or phrase, such as "configured to" or "so that"; and
(C) the term "means" or "step" or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word "means" (or "step") in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations uses a generic placeholder. First, (e.g., attack classification module) that is coupled with functional language (e.g., " determining …. by a classification module, a final score ... ") without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such limitations are in claims 10 and 15. Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification (e.g., the structural/physical connections shown and described in paragraphs [0025], [0030], & [0082] and the attack classification module of figs. 1 & 5.) as performing the claimed functions, and equivalents thereof.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 8-13, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210160247 Gaddam et al. (hereinafter Gaddam), in view of US 20210112091 to Compton (hereinafter Compton).
Regarding claim 1, Gaddam teaches,
A computer-implemented method, the method comprising:
receiving real time event data indicative of a user behavior on a cloud; ([0006] teaches entities behavioral characteristics being used to analyze requests by the entity. [0001] system for preventing malicious access. Also, Gaddam’s Title teaches “Real-Time Entity Anomaly Detection” emphasis added by examiner.)
determining, based at least in part on inputting the real time event data to a first trained machine learning (ML) model, (fig. 7B, supervised submodels 728) a first anomaly score corresponding to a first anomaly and in a first context associated with the first anomaly; (fig. 7B teaches trust scores 722 into supervised submodels 728. [0224] teaches using contextual and subtext information to identify appropriate machine learning models. Fig. 12 and [0219-220] teaches using natural language processing to identify the context such as theft prevention and access request data, and choosing the appropriate model and outputs a score. It is well understood by one of ordinary skill in the art that classification \ labeling performed by supervised models inherently uses different criteria / contexts in classifying and labeling. The use of keywords may be used to identify the different models in [0220], where keywords identify different behaviors as discussed in [0033].)
determining, based at least in part on inputting the real time event data to a second trained ML model, (fig. 7B, unsupervised submodels 726) one or more second anomaly scores corresponding to one or more second anomalies and one or more second contexts associated with the one or more second anomalies, respectively; ([0177-178] teaching using scores with unsupervised model 726. Fig. 7A and [0219-220] teaching contexts and scoring. Fig. 7B also teaches that the classification of the supervised model is used as an input into the unsupervised model during training, thus utilizing contexts.) Additionally, [0031] teaches unsupervised models can receive unlabeled data an categorize (“context”) the inputs (data) based on characteristics previously learned.
determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, and the one or more second contexts, ([0177-178] describing fig. 7B and [0219-220]) to a classification module, a final score corresponding to a final anomaly and a final context associated with the final anomaly; and (fig. 7B and [0178] teaches ensemble classifier module 724, including ensemble 730, producing trust scores from supervised and unsupervised models. [0061] teaches generating trust scores in real time. The examiner asserts that running a new anomaly in Gaddam results in the updating of the scores in fig. 7B, which are used to identify malicious code using supervised and unsupervised models, as discussed in [0001-0004] of Gaddam.)
determining, based on the final score being equal to or greater than a threshold, that the final anomaly is a malicious attack; and ([0068] teaches using trust score thresholds. See also fig. 3, thresholds 306, also using resource access polies 308 to determine resource access policy in [0112]. Regarding “final anomaly”, [0178] teaches that ensemble is trained. [0061] teaches generating trust scores in real time. The examiner asserts that running a new anomaly in Gaddam results in the updating of the scores in fig. 7B, which are used to identify malicious code, as discussed in [0001-0004] of Gaddam.)
Gaddam fails to teach determining an attack and providing alerts to other network entities to intercept / mitigate the attack,
However, Compton teaches,
based on determining that the final anomaly is the malicious attack, transmitting an alert to network entities connected to the cloud, wherein the alert automatically triggers the network entities to intercept the malicious attack. (Compton, [0026] teaches a central controller that determines if a denial of service (DDoS) attach is underway, based on information from a network router, and then generates a d rule to activate a specific type of filter, for example based on the attacker’s address, to mitigate the attack. [0058] teaches a mitigation device / peering router 224 receiving messages from the central controller 212 to perform actions to mitigate the attack. Additionally, the teachings of [0026] & [0058] are directed to detecting threats in “real time event data”. )
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Gaddam, which teaches using a supervised and unsupervised model to detect malicious access attempts based on context of the data and scoring of the data by the different models (fig. 7B, 726 & 728), with Compton, which also teaches the use of machine learning to detect anomalous data / malicious data ([0032]), and additionally teaches a central controller determining an attack ([0026]) and providing messages to mitigation devices / peering routers that mitigate the attack ([0058]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Gaddam with the added ability to provide alerts to other devices when an attack is detected, as taught by Compton, for the purpose of increasing security by allowing multiple devices / routers to implement the rules / filters from a central controller to mitigate the attack.
Regarding claim 2, Gaddam and Compton teach,
The method of claim 1, wherein the first trained ML model includes a supervised ML model trained to detect an anomaly in the first context, and the supervised ML model is trained by performing the actions including: (Gaddam, fig. 7B, supervised submodels 728)
obtaining, based on historical events stored in a database, a set of training data; (Gaddam, fig. 7B teaches training the models (supervised and unsupervised) which is based on historical data. Also, it is well understood by one of ordinary skill in the art that supervised models use labeled data that is based on historical data that trains the model.) (Additionally, [0015] of the applicant’s printed publication admits that labeled data is based on past events.)
determining, based at least in part on known anomaly behaviors, a plurality of first features corresponding to the known anomaly behaviors in the first context; (Gaddam, [0027-29] teaching feature vectors that being used to classify behavior as normal and abnormal. See fig. 7B feature store 720.)
labeling, based at least in part on the plurality of first features, the set of training data to obtain labeled training data; and (Gaddam, fig. 7B, feature store 720. [0031] teaching labeled data for supervised model.)
training a first ML model using the labeled training data to obtain the first trained ML model. (Gaddam, fig. 7B and [0178] teach the supervised submodel 726 being used to train the ensemble classifier. See also [0070] where scores and feature vectors are used to train supervised model.)
Regarding claim 3, Gaddam and Compton teach,
The method of claim 2, wherein the set of training data includes timestamps associated with the historical events, respectively, and the actions further include:
obtaining, based on the timestamps, the historical events in a time period; (Gaddam, [0024] teaches using time data regarding when a request (i.e., access request) is made, where the time is included in the request data.)
aggregating the historical events in the time period to obtain aggregated historical events; and
obtaining, based on the aggregated historical events, the set of training data. (Gaddam, [0024] using request data, including time, to generate feature vectors to train the model. See also [0103] using the time at which a request was made for evaluating behaviors. By using time to generate the model, on of ordinary skill in the art would understand that events occurring within a time period are being grouped together.)
Regarding claim 4, Gaddam and Compton teach,
The method of claim 1, wherein the second machine learned model includes an unsupervised ML model (Gaddam, fig. 7B, unsupervised submodels 726) trained to detect an anomaly in at least one second context, and the unsupervised ML model is trained by performing the actions including:
obtaining, based on historical events stored in a database, a set of training data; (Gaddam, fig. 7B teaches training the models (supervised and unsupervised) which is based on historical data.)
clustering the set of training data to obtain a plurality of clustered data sets; and ([0126] teaches the use of clusters of feature vectors. It is well understood by one of ordinary skill in the art the unsupervised models use cluster analysis.)
training a second ML model using the plurality of clustered data sets to obtain the second trained ML model. (Gaddam, fig. 7B and [0178] teach the unsupervised submodel 724 being used to train the ensemble classifier.)
Regarding claim 8, Gaddam and Compton teach,
The method of claim 1, further comprising:
determining, based at least in part on the final context, that the final anomaly is a new attack; and (Gaddam, [0081] identifies malicious requests based on machine learning, not static ruleset, and has the ability to identify new attacks.)
providing the final context to a security agency to take actions to address the new attack. (Gaddam, [0115] and [0180] security operations are informed of malicious request based on scores.)
Regarding claim 9, Gaddam and Compton teach,
The method of claim 8, wherein the first context and the one or more second contexts represent discrete domains including at least one of user identity, user behavior, privilege escalation entity access, geolocation anomalies, data exfiltration, or authentication. (Gaddam, [0103] teaches evaluating user behavior. [0137] teaches using user identity that is extracted from online sources. [0024] teaches identifying the location that an access request was made.)
Regarding claim 10, Gaddam and Compton teach,
A computing device comprising:
a processor, and (Gaddam, [0009])
a memory storing instructions executed by the processor to perform actions including: ([0009])
receiving real time event data indicative of a user behavior on a cloud;
determining, based at least in part on inputting the real time event data to a first trained machine learning (ML) model, a first anomaly score corresponding to a first anomaly and a first context associated with the first anomaly text;
determining, based at least in part on inputting the real time event data to a second trained ML model, one or more second anomaly scores corresponding to one or more second anomalies and one or more second contexts associated with the one or more second anomalies, respectively;
determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, and the one or more second contexts to an attack classification module, a final score corresponding to a final anomaly and a final context associated with the final anomaly; and
determining, based on the final score being equal to or greater than a threshold, that the final anomaly is a malicious attack; and
based on determining that the final anomaly is the malicious attack, transmitting an alert to network entities connected to the cloud, wherein the alert automatically triggers the network entities to intercept the malicious attack.
Claim 10 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 11, Gaddam and Compton teach,
The computing device of claim 10, wherein the first trained ML model includes a supervised ML model trained to detect an anomaly in the first context, and the supervised ML model is trained by performing the actions including:
obtaining, based on historical events stored in a database, a set of training data;
determining, based at least in part on known anomaly behaviors, a plurality of first features corresponding to the known anomaly behaviors in the first context;
labeling, based at least in part on the plurality of first features, the set of training data to obtain labeled training data; and
training a first ML model using the labeled training data to obtain the first trained ML model.
Claim 11 is rejected using the same basis of arguments used to reject claim 2 above.
Regarding claim 12, Gaddam and Compton teach,
The computing device of claim 11, wherein the set of training data includes timestamps associated with the historical events, respectively, and the actions further include:
obtaining, based on the timestamps, the historical events in a time period;
aggregating the historical events in the time period to obtain aggregated historical events; and
obtaining, based on the aggregated historical events, the set of training data.
Claim 12 is rejected using the same basis of arguments used to reject claim 3 above.
Regarding claim 13, Gaddam and Compton teach,
The computing device of claim 10, wherein the second machine learned model includes an unsupervised ML model trained to detect an anomaly in at least one second context, and the unsupervised ML model is trained by performing the actions including:
obtaining, based on historical events stored in a database, a set of training data;
clustering the set of training data to obtain a plurality of clustered data sets; and
training a second ML model using the plurality of clustered data sets to obtain the second trained ML model.
Claim 13 is rejected using the same basis of arguments used to reject claim 4 above.
Regarding claim 16, Gaddam and Compton teach,
The computing device of claim 10, wherein the actions further include:
determining, based at least in part on the final context, that the final anomaly is a new attack; and
providing the final context to a security agency to take actions to address the new attack,
wherein the first context, the one or more second contexts, and the final context represent discrete domains including at least one of user identity, user behavior, privilege escalation entity access, geolocation anomalies, data exfiltration, or authentication.
Claim 16 is rejected using the same basis of arguments used to reject claim 8 and 9 above.
Regarding claim 17, Gaddam and Compton teach,
A non-transitory computer-readable storage medium storing computer-readable instructions, that when executed by a processor, cause the processor to perform actions comprising: (Gaddam, [0009])
receiving real time event data indicative of a user behavior on a cloud;
determining, based at least in part on inputting the real time event data to a first trained machine learning (ML) model, a first anomaly score corresponding to a first anomaly and a first context associated with the first anomaly;
determining, based at least in part on inputting the real time event data
determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, and the one or more second contexts to a classification module, a final score corresponding to a final anomaly and a final context associated with the final anomaly; and
determining, based on the final score being equal to or greater than a threshold, that the final anomaly is a malicious attack; and
based on determining that the final anomaly is the malicious attack, transmitting an alert to network entities connected to the cloud, wherein the alert automatically triggers the network entities to intercept the malicious attack.
Claim 17 is rejected using the same basis of arguments used to reject claim 1 above.
Regarding claim 18, Gaddam and Compton teach,
The non-transitory computer-readable storage medium of claim 17, wherein the first trained ML model includes a supervised ML model trained to detect an anomaly in the first context, and the supervised ML model is trained by performing the actions including:
obtaining, based on historical events stored in a database, a set of training data;
determining, based at least in part on known anomaly behaviors, a plurality of first features corresponding to the known anomaly behaviors in the first context;
labeling, based at least in part on the plurality of first features, the set of training data to obtain labeled training data; and
training a first ML model using the labeled training data to obtain the first trained ML model.
Claim 18 is rejected using the same basis of arguments used to reject claim 2 above.
Regarding claim 19, Gaddam and Compton teach,
The non-transitory computer-readable storage medium of claim 18, wherein the set of training data includes timestamps associated with the historical events, respectively, and the actions further include:
obtaining, based on the timestamps, the historical events in a time period;
aggregating the historical events in the time period to obtain aggregated historical events; and
obtaining, based on the aggregated historical events, the set of training data.
Claim 19 is rejected using the same basis of arguments used to reject claim 3 above.
Regarding claim 20, Gaddam and Compton teach,
The non-transitory computer-readable storage medium of claim 17, wherein the actions further include:
determining, based at least in part on the final context, that the anomaly is a new attack; and
providing the final context to a security agency to take actions to address the new attack,
wherein the first context, the one or more second contexts and the final context represent discrete domains including at least one of user identity, user behavior, privilege escalation entity access, geolocation anomalies, data exfiltration, or authentication.
Claim 20 is rejected using the same basis of arguments used to reject claim 8 and 9 above.
Claims 5, 6, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Gaddam, in view of Compton, in view of US 20180357559 to Truong et al. (hereinafter Truong).
Regarding claim 5, Gaddam and Compton teach,
The method of claim 1, further comprising:
Gaddam and Compton fail to teach a third trained model that is used to determine a final score,
However, Truong teaches,
determining, based at least in part on inputting the real time event data to a third trained ML model, (fig. 3 and [0055] teaches a semi-supervised risk evaluation) a third anomaly score corresponding to a third anomaly and a third context associated with the third anomaly; and (fig. 3 and [0055] teaches a third model (semi-supervised) as well as an unsupervised and supervised model being combined to create a scorecard entity risk. [0030] teaches classification \ contexts for the semi-supervised model.)
determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, the one or more second contexts, the third anomaly score, or the third context associated with the third anomaly, the final score. ([0055] teaches combining the outputs (“scores”) of the unsupervised, semi-supervised, and supervised models. [0030] teaches using different classifications of entities / contexts. See also [0027-30] description of fig. 3 and [0031-40 describing semi-supervised model in detail.) (As discussed above, Gaddam also teaches scores and contexts being used with the different types of learning models.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Gaddam, which teaches using a supervised and unsupervised model to detect malicious access attempts based on context of the data and scoring of the data by the different models (fig. 7B, 726 & 728), with Compton, which also teaches the use of machine learning to detect anomalous data / malicious data ([0032]), and additionally teaches a central controller determining an attack ([0026]) and providing messages to mitigation devices / peering routers that mitigate the attack ([0058]), with Truong, which teaches the use of semi-supervised models, in combination with supervised and unsupervised models (fig. 3, 304, 306, & 308). One of ordinary skill in the art would have been motivated to perform such an addition to provide Gaddam and Compton, which use supervised and unsupervised models, with the added capability of utilizing a semi-supervised model of Truong, as well as unsupervised and supervised model of Truong (fig. 3) to use / combine the scores and contexts of the different models, as taught in Truong, in order to utilize the semi-supervised model of Truong, in order to increase prediction accuracy of threats, which also increases security.
Regarding claim 6, Gaddam, Compton, and Truong teach,
The method of claim 5,
Truong teaches,
wherein the third trained ML model includes a semi-supervised ML model trained to detect an anomaly in the third context, and the semi-supervised ML model is trained by performing the actions including: (fig. 3 and [0055] teaches a third model (semi-supervised) as well as an unsupervised and supervised model being combined to create a scorecard entity risk.)
obtaining, based on historical events stored in a database, a first set of labeled training data annotated based on known anomaly behaviors in the third context; ([0030] and [0054] labeled training data from a semi-supervised model.)
obtaining, based on historical events stored in the database, a second set of unlabeled training data; and ([0032-35] teaching semi-supervised training model approach)
training a third ML model using the first set of labeled training data and second set of unlabeled training data to obtain the third trained ML model. ([0039] teaches using the semi-supervised training model output that is trained.)
Regarding claim 14, Gaddam, Compton, and Truong teach,
The computing device of claim 13, wherein the actions further include:
determining, based at least in part on inputting the real time event data to a third trained ML model, a third anomaly score corresponding to a third anomaly and a third context associated with the third anomaly; and
determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, the one or more second contexts, the third anomaly score, and the third context to the attack classification module, the final score.
Claim 14 is rejected using the same basis of arguments used to reject claim 5 above.
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Gaddam, in view of Compton, in view of Truong, in view of US 20140033307 to Schmidtler (hereinafter Schmidtler).
Regarding claim 7, Gaddam, Compton, and Truong teach,
The method of claim 5,
Truong teaches,
wherein determining, based at least in part on the inputting first anomaly score, the first context, the one or more second anomaly scores, the one or more second contexts, the anomaly third score, and the third context to the classification module, the final score, further comprises: (Truong, [0055] and [0030])
determining, based at least in part on the first score, the one or more second scores, and the third score, and using a classification algorithm, the final score, (Truong, [0055] teaches using scores from three different types of learning models to arrive at a score. See also rejection of claim 5 above.)
Gaddam, Compton, and Truong fail to teach using a voting method,
Schmidtler teaches,
wherein the classification algorithm includes at least one of a bagging algorithm, a boosting algorithm, a voting algorithm, or a weighted majority voting algorithm. ([0054] teaches using different types of machine learning model, and combining using voting, which generates the classification score for phishing / malicious events. See also voting in [0058])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Gaddam, which teaches using a supervised and unsupervised model to detect malicious access attempts based on context of the data and scoring of the data by the different models (fig. 7B, 726 & 728), with Compton, which also teaches the use of machine learning to detect anomalous data / malicious data ([0032]), and additionally teaches a central controller determining an attack ([0026]) and providing messages to mitigation devices / peering routers that mitigate the attack ([0058]), with Truong, which teaches the use of semi-supervised models, in combination with supervised and unsupervised models (fig. 3, 304, 306, & 308), with Schmidtler, which also teaches supervised and unsupervised machine learning models to score malicious / phishing ([0054]), and additionally teaches the use voting to combine the scores of different learning models ([0054] & [0058]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Gaddam, Compton, and Truong with the added capability of utilizing voting as a method of combing scores of different voting models to increase prediction accuracy of threats, which increases security.
Regarding claim 15, Gaddam, Compton, Truong, and Schmidtler teach,
The computing device of claim 14, wherein determining, based at least in part on inputting the first anomaly score, the first context, the one or more second anomaly scores, the one or more second contexts, the third anomaly score, and the third context to the attack classification module, the final score, further comprises:
determining, based at least in part on the first anomaly score, the one or more second anomaly scores, and the third anomaly score, and using a classification algorithm, the final score,
wherein the classification algorithm includes at least one of a bagging algorithm, a boosting algorithm, a voting algorithm, or a weighted majority voting algorithm.
Claim 15 is rejected using the same basis of arguments used to reject claim 7 above.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942. The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/B.W.A./
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495