DETAILED ACTION
This office action is in response to the application filed on 12/29/2023. Claims 1-20 are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application claims the benefit of priority to both U.S. Provisional Patent Applications No. 63/436,425, filed on December 30, 2022 and No. 63/470,571, filed on June 02, 2023, which is hereby incorporated by reference in its entirety.
Claim Objections
Claims 5-17 are objected to for the following reasons:
Claims 5-6, 8-9, 11 and 14-17 are objected to under 37 CFR 1.75(c) as being in improper form because a multiple dependent claim should refer to other claims in the alternative only, and/or cannot depend from any other multiple dependent claims. See MPEP § 608.01(n). Accordingly, the claims 5-6, 8-9, 11 and 14-17 have not been further treated on the merits.
Claims 7, 10 and 12-13 are objected to for being dependent from objected to claims 6, 10, and 11-12 respectively.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.
Claims 1-4 and 11-20 are rejected under 35 U.S.C. 103 as being unpatentable over Subramaniam et al. (U.S Pub No. 2022/0,164,697 A1, referred to as Subramaniam), in view of McLean (U.S Pub No. 2021/0,273,958 A1, referred to as McLean).
Regarding claim 1, Subramaniam teaches:
An apparatus to protect a network from a potential cyber threat associated with a new endpoint to that network (Subramaniam: Fig. 1, Item 122; ¶ 0044- ¶ 0045, “The functionality of the one or more computing devices 122 can be provided, in various embodiments, by one or more server computers, desktop computers, laptop computers, other computing systems, and the like. For purposes of describing the concepts and technologies disclosed herein, the computing device 122 is described herein as a server computer such as an application server, or the like”; Fig. 2, Process 200; ¶ 0082- ¶ 0099, “The method 200 begins at operation 202. At operation 202, the computing device 122 can detect an attempted connection by a connecting device. In some embodiments, the device attempting to connect in operation 202 can correspond to a benign or legitimate device (e.g., the device 114A or the server 116B shown in FIG. 1)”).
Subramaniam does not explicitly disclose, however McLean teaches:
the apparatus comprising: a memory to store a representation of an artificial intelligence (AI) model (McLean: Fig. 1, Item 120; ¶ 0028, “Referring now to FIG. 1, an AI based cyber threat security system 100 having one or more host endpoint agents 101A-B configured to cooperate with an AI based cyber security appliance 120 over a network 110 is shown, in accordance with an embodiment of the disclosure.”; Fig. 4; ¶ 0083- 0086),
where the AI model is at least partly trained based on information aggregated from a first information source and a second information source, where the first information source comprises information about a first factor that at least partly characterizes endpoints, and where the second information source comprises information about a second, different, factor that at least partly characterizes endpoints (McLean: Fig. 1, Item 120; ¶ 0031- ¶ 0032, “The AI based cyber security appliance 120 may be configured with various modules that reference at least one or more AI and/or machine learning models (e.g., as shown with the AI models depicted in FIG. 3), which may be trained on any of the normal pattern of life, potential cyber threats, host endpoint agents, and network pattern of life observed from various entities in order to protect such entities from any cyber threats within the AI based cyber threat security system 100. ”; ¶ 0037, “In some embodiments, the collections module may also be used to gather/collect any desired pattern of life data points observed from that particular endpoint computing device. These observed pattern of life data points may include, but are not limited to, metadata, triggered events, newly detected process chains, and/or predetermined alerts pertaining to, for example, users, users' activities, various software processes, relationships between such software processes, device operations, altered operating system configurations, etc., as well as any other type of observed pattern of life data point (EN: different factors) selected to be sent with the communications module to the AI based cyber security appliance 120.”; ¶ 0084, “The AI based cyber security appliance 120 may include components one or more modules, stores, and/or components, including, but not limited to, a trigger module, a gather module (or a collections module), a data store”; ¶ 0087, “Accordingly, the gather module may be triggered by specific events and/or alerts of anomalies, such as an abnormal behavior, a suspicious activity, and/or any combination thereof. The inline data may be gathered on the deployment from a data store when the traffic is observed. The scope and wide variation of data available in the data store results in good quality data for analysis. The collected data may be passed to the various modules as well as to the data store.”; ¶ 0088 “The gather module (or the collections module) may comprise of multiple automatic data gatherers that each look at different aspects of the data depending on the particular hypothesis formed for the analyzed event and/or alert. The data relevant to each type of possible hypothesis will be automatically pulled from additional external and internal sources”(EN: multiple sources); ¶ 0031- ¶ 0088).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Subramaniam by McLean to have an AI system capable of collecting different type of data from multiple data sources in order to train the AI system to detect harmful threats to network devices. (McLean: ¶ 0031- ¶ 0088).
Subramaniam further teaches:
a processor to: receive information about the new endpoint to that network (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 202- 204; ¶ 0083- ¶ 0085, “From operation 202, the method 200 can proceed to operation 204. At operation 204, the computing device 122 can identify the connecting device. Thus, operation 204 can correspond to the computing device 122 identifying the connecting device that connected to the carrier network 112 in operation 202. In some embodiments, the computing device 122 can identify the connecting device using a device identifier such as, for example, a MAC address, an IMSI, an IMEI, or other device identifier; a network identifier such as, for example, an IP address associated with the connecting device (e.g., a server 116), a network identifier associated with the connecting device, or the like”);
determine, using the AI model (Subramaniam: Fig. 1, Item 102; Fig. 3, Method 300; ¶ 0086- ¶ 0088,” At operation 308, the server computer 102 can train models on the features extracted in operation 306. Thus, in some embodiments, operation 308 can correspond to the server computer 102 training a machine learning model and/or a deep learning model using the data features extracted in operation 306.”),
whether the information about the new endpoint indicates that a characteristic of the new endpoint overlaps with a profile of characteristics associated with endpoints known to be associated with a cyber threat (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 206- 208; ¶ 0086- ¶ 0088, “the computing device 122 can determine if the connecting device should be rejected from connecting to the carrier network 112, or if some other operation should be performed (e.g., performing deep packet inspection on traffic associated with the connecting device). In some embodiments, operation 208 can correspond to the computing device 122 determining if the connecting device is included as a blocked device on a device list 128 and/or determining that the connecting device is not included as an allowed device on the device list 128. In some other embodiments, operation 208 can correspond to the computing device 122 determining if the connecting device is not included as a blocked device on a device list 128 and/or determining that the connecting device is included as an allowed device on the device list 128.” (EN: overlapping)); and
in response to determining that the characteristic of the new endpoint overlaps with the profile of characteristics, instruct an action to be taken to protect the network from the cyber threat (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 210- 216; ¶ 0089- ¶ 0098, “If the computing device 122 determines, in operation 208, that the connecting device should be rejected, the method 200 can proceed to operation 210. At operation 210, the computing device 122 can reject the connection by the connecting device or perform another action such as, for example, invoking the deep packet inspection 130 to perform deep packet inspection on traffic associated with the connecting device.”).
Regarding claim 18, Subramaniam teaches:
A non-transitory computer readable medium storing instruction readable and executable by a processor (Subramaniam: ¶ 0126, “Computer storage media includes only non-transitory embodiments of computer readable media as illustrated and described herein. ”) to:
determine, using an artificial intelligence (AI) model, whether information about a new endpoint to a network indicates that a characteristic of the new endpoint overlaps with a profile of characteristics associated with endpoints known to be associated with a cyber threat (Subramaniam: Fig. 2, Process 200; ¶ 0082- ¶ 0099).
Subramaniam does not explicitly disclose, however McLean teaches:
where the AI model is at least partly trained based on information aggregated from a first information source and a second information source, where the first information source comprises information about a first factor that at least partly characterizes endpoints, and where the second information source comprises information about a second, different, factor that at least partly characterizes endpoints (McLean: Fig. 1, Item 120; ¶ 0028- ¶ 0082; Fig. 4; ¶ 0083- 0088).
Same motivation as claim 1.
Subramaniam further teaches:
in response to determining that the characteristic of the new endpoint overlaps with the profile of characteristics, instruct an action to be taken to protect the network from the cyber threat (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 210- 216; ¶ 0089- ¶ 0098).
Regarding claim 19, Subramaniam teaches:
A computer-implemented method of protecting a network from a potential cyber threat associated with a new endpoint to the network, the method comprising:
determining, using an artificial intelligence (AI) model, whether information about the new endpoint indicates that a characteristic of the new endpoint overlaps with a profile of characteristics associated with endpoints known to be associated with a cyber threat (Subramaniam: Fig. 2, Process 200; ¶ 0082- ¶ 0099).
Subramaniam does not explicitly disclose, however McLean teaches:
where the AI model is at least partly trained based on information aggregated from a first information source and a second information source, where the first information source comprises information about a first factor that at least partly characterizes endpoints, and where the second information source comprises information about a second, different, factor that at least partly characterizes endpoints (McLean: Fig. 1, Item 120; ¶ 0028- ¶ 0082; Fig. 4; ¶ 0083- 0088).
Same motivation as claim 1.
Subramaniam further teaches:
in response to determining that the characteristic of the new endpoint overlaps with the profile of characteristics, instructing an action to be taken to protect the network from the cyber threat (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 210- 216; ¶ 0089- ¶ 0098).
Regarding claim 20, Subramaniam teaches:
A computer-implemented method of training an artificial intelligence (AI) model for use in protecting a network from a potential cyber threat (Subramaniam: Fig. 3, Method 300; ¶ 0101- ¶ 0115, “From operation 306, the method 300 can proceed to operation 308. At operation 308, the server computer 102 can train models on the features extracted in operation 306. Thus, in some embodiments, operation 308 can correspond to the server computer 102 training a machine learning model and/or a deep learning model using the data features extracted in operation 306”).
Subramaniam does not explicitly disclose, however McLean teaches:
the method comprising: accessing information aggregated from a first information source and a second information source, where the first information source comprises information about a first factor that at least partly characterizes endpoints, and where the second information source comprises information about a second, different, factor that at least partly characterizes endpoints (McLean: Fig. 1, Item 120; ¶ 0028- ¶ 0082; Fig. 4; ¶ 0083- 0088).
training an AI model, using the information aggregated from the first information source and the second information source (McLean: Fig. 1, Item 120; ¶ 0028- ¶ 0082; Fig. 4; ¶ 0083- 0088, “Referring now to FIG. 4, an AI based cyber security appliance 120 with various modules cooperating with various AI/machine learning models trained on the discrete pattern of life of one or more host endpoint agents to detect anomalous process chains is shown, in accordance with an embodiment of the disclosure.”).
Same motivation as claim 1.
Subramaniam further teaches:
to determine whether information about a new endpoint to the network indicates that a characteristic of the new endpoint overlaps with a profile of characteristics associated with endpoints known to be associated with a cyber threat (Subramaniam: Fig. 3, Method 300; ¶ 0101- ¶ 0115, “The generating of predictions in operation 310 can also include, in some embodiments, categorization of the connecting device based on the NetFlow data 110. For example, operation 310 can include the server computer 102 categorizing the connecting device as a legitimate device (e.g., the devices 114 and/or a benign or legitimate server such as the server 116B) or an illegitimate device or malicious device (e.g., one of the botnet devices 118 and/or a command and control server such as the server 116A) ”).
Regarding claim 2, the combination of Subramaniam and McLean teaches all the features of claim 1, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where factors that at least partly characterize endpoints comprise one or more of: an identifier of the new endpoint; geographic region of the new endpoint; age of the new endpoint; where the new endpoint is registered; content accessible at the new endpoint; an activity time associated with the new endpoint; a number of connections associated with the new endpoint; an identity of one or more nodes that have communicated with the new endpoint; and metadata associated with the new endpoint (McLean: ¶ 0037, “In some embodiments, the collections module may also be used to gather/collect any desired pattern of life data points observed from that particular endpoint computing device. These observed pattern of life data points may include, but are not limited to, metadata, triggered events, newly detected process chains, and/or predetermined alerts pertaining to, for example, users, users' activities, various software processes, relationships between such software processes, device operations, altered operating system configurations, etc., as well as any other type of observed pattern of life data point selected to be sent with the communications module to the AI based cyber security appliance 120.”).
Same motivation as claim 1.
Regarding claim 3, the combination of Subramaniam and McLean teaches all the features of claim 2, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the information about the new endpoint includes a factor value corresponding to a factor that at least partly characterizes endpoints including the new endpoint (McLean: ¶ 0037, “For example, the anomalous process may be classified with a unique identifier (UID) name formed from the specific resolvable path of the specific executable program it corresponds to. Additionally, in these examples, the UID name may include (i) a UID directory name to identify a specific location of a specific directory that contains that specific executable program in conjunction with (ii) a UID name to identify that specific executable program. Correspondingly, as used herein, a process chain (or an anomalous process chain) may refer to a chain or string of anomalous processes (i.e., a chain of symbols, tokens, words, etc.) that are discretely observed with the respective host endpoint agents 101A-B.”).
Same motivation as claim 1.
Regarding claim 4, the combination of Subramaniam and McLean teaches all the features of any of claims 1 to 3, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the information aggregated from the first information source and the second information source is derived from one or more of: publicly available information; privately held information; a database comprising information about malicious endpoints; a database comprising information about safe endpoints; a database comprising information about emails sent by malicious entities; a database comprising information about emails sent by safe entities; data provided by a fleet of cyber security appliances (McLean: ¶ 0087, “The inline data may be gathered on the deployment from a data store when the traffic is observed. The scope and wide variation of data available in the data store results in good quality data for analysis. The collected data may be passed to the various modules as well as to the data store.”; ¶ 0088, “The data relevant to each type of possible hypothesis will be automatically pulled from additional external and internal sources. ”).
Same motivation as claim 1.
Regarding claim 11, the combination of Subramaniam and McLean teaches all the features of any of claims 1 to 10, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the aggregated information comprises a metric that at least partly characterizes a known endpoint (McLean: ¶ 0067, “In these embodiments, the network module and the endpoint agent coordinator module of the appliance 120 may be used to analyze metrics from these entities (e.g., network entities including servers, networking gateways, routers, each endpoint agent connected to the network) using one or more models. The models may be a self-learning model trained on a normal behavior of each of these entities.”).
Same motivation as claim 1.
Regarding claim 12, the combination of Subramaniam and McLean teaches all the features of claim 11, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the metric is derived from data associated with an activity of the known endpoint (McLean: ¶ 0067), where the data is obtained by a plurality of detectors, and where the metric is a combined metric based on a combination of a plurality of metrics determined by the plurality of detectors that has been weighted according to a relevance of the metric determined by each detector (McLean: ¶ 0025, “In general, the embodiments described herein include a multi-stage anomaly detector in an analyzer module that may use artificial intelligence (AI) to analyze cyber security threats and anomalous processes in real time in a multi-host environment. The analyzer module may generate an anomaly score for an anomalous process chain for an AI based cyber threat security platform on a host endpoint agent. The multi-stage anomaly detector may include various stages of anomaly detectors. The various stages may include a first stage of the anomaly detector, a second stage of the anomaly detector, and/or a third stage of the anomaly detector. Each stage of the multi stage anomaly detector generates its own anomaly score to produce at least one or more rapidly determined anomaly scores as well as one or more thoroughly determined anomaly scores”; Fig. 5, Item 115; ¶ 0100- ¶ 0104).
Same motivation as claim 1.
Regarding claim 13, the combination of Subramaniam and McLean teaches all the features of claim 12, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the combined metric is based on a distribution indicative of how many detectors of the plurality of detectors have determined that the metric associated with the detector falls within one of a set of intervals that represent a range of metric values, and where a weighting function is applied to the metric value associated with each interval based on how many detectors fall within the interval (McLean: Fig. 5, Item 115; ¶ 0100- ¶ 0104; Fig. 6; Steps 602- 616; ¶ 0127- ¶ 0129, “the process 600 may also proceed to block 616. That is, a combined anomaly score may be generated based on at least one anomaly score being generated such as the first anomaly score; such that even if the generated first, second, and/or third anomaly scores do not exceed a predetermined threshold, those generated anomaly scores may still be combined to generate the combined anomaly score.”).
Same motivation as claim 1.
Regarding claim 14, the combination of Subramaniam and McLean teaches all the features of any one of claims 12 to 13, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the data associated with the activity of the known endpoint is indicative of: a popularity of communications with the known endpoint or a node associated with the known endpoint; or a rarity of communications with the known endpoint or a node associated with the known endpoint (McLean: ¶ 0111, “The first stage anomaly detector 511 may be used to determine how often that process chain has been executed, i.e., the first stage anomaly detector 511 counts the number of times the individual processes (or symbols) have been executed previously. As such, the generated anomaly score may correlate to how unusual the process chain is based on a total number frequencies that those individual processes have been previously executed (or estimating its distribution over possible chains), such as 70 times, 20 time, and so on. That is, the first stage anomaly detector 511 may generate a first anomaly score that correlates the more interesting and higher generated first anomaly score to the more rare and/or less frequent a uniquely identified process has executed on that device (and vice-versa).”).
Same motivation as claim 1.
Regarding claim 15, the combination of Subramaniam and McLean teaches all the features of any one of claims 1 to 14, as outlined above.
Subramaniam further teaches:
where the processor is to receive the information about the new endpoint, and in response, determine whether information about the new endpoint indicates that the characteristic of the new endpoint overlaps with the profile of characteristics. (Subramaniam: Fig. 1, Item 122; Fig. 2, Method 200; Steps 202- 216; ¶ 0083- ¶ 0098, “At operation 204, the computing device 122 can identify the connecting device. Thus, operation 204 can correspond to the computing device 122 identifying the connecting device that connected to the carrier network 112 in operation 202. In some embodiments, the computing device 122 can identify the connecting device using a device identifier such as, for example, a MAC address, an IMSI, an IMEI, or other device identifier; a network identifier such as, for example, an IP address associated with the connecting device (e.g., a server 116), a network identifier associated with the connecting device, or the like; a user identifier or other identity such as, for example, an account number, user name, or other authentication information associated with the connecting device and/or a user thereof, or the like; other identifying information; combinations thereof; or the like.in response to determining that the characteristic of the new endpoint overlaps with the profile of characteristics, instruct an action to be taken to protect the network from the cyber threat”…“If the computing device 122 determines, in operation 208, that the connecting device should be rejected, the method 200 can proceed to operation 210. At operation 210, the computing device 122 can reject the connection by the connecting device or perform another action such as, for example, invoking the deep packet inspection 130 to perform deep packet inspection on traffic associated with the connecting device.”).
Regarding claim 16, the combination of Subramaniam and McLean teaches all the features of any one of claims 1 to 15, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where the apparatus is a cyber security appliance (McLean: Fig. 1, Item 120; ¶ 0028, “Referring now to FIG. 1, an AI based cyber threat security system 100 having one or more host endpoint agents 101A-B configured to cooperate with an AI based cyber security appliance 120 over a network 110 is shown, in accordance with an embodiment of the disclosure.”; Fig. 4; ¶ 0083- 0086).
Same motivation as claim 1.
Regarding claim 17, the combination of Subramaniam and McLean teaches all the features of any one of claims 1 to 16, as outlined above.
Subramaniam does not explicitly disclose, however McLean teaches:
where one or more of the first and second information source belongs to a fleet of cyber security appliances (McLean: ¶ 0084, “The AI based cyber security appliance 120 may include components one or more modules, stores, and/or components, including, but not limited to, a trigger module, a gather module (or a collections module), a data store”; ¶ 0087, “Accordingly, the gather module may be triggered by specific events and/or alerts of anomalies, such as an abnormal behavior, a suspicious activity, and/or any combination thereof. The inline data may be gathered on the deployment from a data store when the traffic is observed. The scope and wide variation of data available in the data store results in good quality data for analysis. The collected data may be passed to the various modules as well as to the data store.”; ¶ 0088 “The gather module (or the collections module) may comprise of multiple automatic data gatherers that each look at different aspects of the data depending on the particular hypothesis formed for the analyzed event and/or alert. The data relevant to each type of possible hypothesis will be automatically pulled from additional external and internal sources”; ¶ 0031- ¶ 0088).
Same motivation as claim 1.
Allowable Subject Matter
Claims 5-10 would be allowable if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims, also should applicant overcome the claim objections, set forth in this office action.
The following is an examiner’s statement of reasons for identifying allowable subject matter.
The closest prior arts made of records are, over Subramaniam et al. (U.S Pub No. 2022/0,164,697 A1, referred to as Subramaniam), McLean (U.S Pub No. 2021/0,273,958 A1, referred to as McLean) and Seifert et al. (U.S Pub No. 2021/0,141,897 A1, referred to as Seifert).
Subramaniam discloses creating and using learning models to identify botnet traffic can include obtaining net-flow data associated with a connecting device that is communicating with a carrier network. The net-flow data can represent communications associated with the connecting device.
McLean discloses a multi-stage anomaly detector analyzes an anomalous process chain in real time and rapidly determines whether the process chain is indicative of a cyber threat on an endpoint computing device in a multi-host environment. The multi-stage anomaly detector is used in an analyzer module configured within a host endpoint agent on that device.
Seifert discloses various embodiments to enable detection of malicious content, by determining a similarity score between content, computer objects, or indications (e.g., vectors, file hashes, file signatures, code, etc.) known to be malicious and other content (e.g., unknown files) or indications based on feature weighting. Over various training stages, certain feature characteristics for each labeled malicious content or indication can be learned.
However, regarding claim 5, the prior art Subramaniam, McLean and Seifert, when taken in the context of the claim as a whole do not disclose nor suggest, “where the processor is to determine that the characteristic of the new endpoint overlaps with the profile of characteristics by identifying that a metric defining a distance between a factor value representative of the characteristic of the new endpoint and a corresponding factor value of endpoints known to be associated with a cyber threat is within a specified range indicative of characteristic overlap.”.
Regarding claim 6, the prior art Subramaniam, McLean and Seifert, when taken in the context of the claim as a whole do not disclose nor suggest, “where the AI model is trained to detect a property associated with the new endpoint, where the property is masked in the information about the new endpoint.”.
Regarding claim 9, the prior art Subramaniam, McLean and Seifert, when taken in the context of the claim as a whole do not disclose nor suggest, “ where the AI model is trained to detect an indication that a command and control server is associated with the new endpoint, where the AI model is at least partly trained based on information indicative of a behavior profile of command and control servers.”.
Claims 7 and 8 depend on claim 6 and claims 10 depends on claim 9, and are of consequence identified as allowable.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: See PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HASSAN SAADOUN/ Examiner, Art Unit 2435
/J. BRANT MURPHY/Primary Examiner, Art Unit 2435