Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is a Final Office action in response to communications received November 12, 2025. Claims 1, 6, 7, 12, 13, 18 have been amended. Therefore, claims 1-18 are pending and addressed below.
Claim Objections
Claim 13 is objected to because of the following informalities: status of claim is “Original” however has been “amended”. Examiner has treated claim 13 as “amended”. Appropriate correction is required.
Response to Amendment
Applicant's amendments to claims 1, 7, 13 are sufficient to overcome the minor informalities of claims 1, 7, 13, objections set forth in the previous office action. Therefore, the objections are withdrawn.
Applicant's amendments to claims 1, 6, 7, 12, 13, 18 are sufficient to overcome the 35 USC 112 rejections of claims 1, 6, 7, 13, 18, rejections set forth in the previous office action. Therefore, the rejections are withdrawn.
e-Terminal Disclaimer
Applicant's filed and approved e-Terminal Disclaimer (11/12/2025) is sufficient to overcome the Double Patenting rejection of claims 1-18 of Patent 12034769 (application 17/242268). Therefore, the rejections are withdrawn.
Response to Argument’s
Applicant’s arguments, see Pages 7-9, filed November 12, 2025, with respect to the rejection(s) of claim(s) 1-18 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art reference, Howry et al. (US2017/0324733 A1, publish date 11/09/2017) and Konda et al. (US2022/0321362 A1, file date 03/31/2021).
Based on claim’s amendments, the Examiner rejects claims 1-18 with the new ground of rejections.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Shravan et al. (US2021/0281576 A1, file date 03/04/2020) in view of Levin et al. (US2022/0029988 A1, file date 07/27/2020) further in view of Howry et al. (US2017/0324733 A1, publish date 11/09/2017), further in view of Konda et al. (US2022/0321362 A1, file date 03/31/2021).
Claims 1 and 13:
With respect to claims 1 and 13, Shravan et al. discloses a method for zero trust security processing for an endpoint device in a network (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010) (The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) controller, etc.), 0022)(Figures 1 and 6)/a non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processing resources of a computer system, causes the one or more processing resources (Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed. Computer-readable media may include non-transitory computer-readable storage media, 0051) to perform the method comprising:
receiving, by a first processing device, a first request from an endpoint device (receiving a first request to access a protected network resource from an endpoint device, 0011), wherein the endpoint device includes an endpoint agent executing on the endpoint device (client 120 makes an initial request for access to a protected network zone and/or protected resource 116 within the private network 104 (602), 0043) (Figure 6, 602), and wherein the first request includes a security posture of the endpoint device (The network appliance 110 requests all compliance information related to the identified requirements (606), 0044) (the client 120 sends the collected details (e.g., the requested compliance information) to the network appliance 110 (612), 0045) (Figure 6, 608, 612);
generating, by the first processing device, a security certificate (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025) for the endpoint device, and wherein the certificate is usable for access authentication (an “authentication check” - (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, etc. 0025);
accessing device identification from the security certificate issued by the endpoint management system (an “authentication check” - (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, etc. 0025);
requesting a device record (a compliance database 124, Figure 1) (The network appliance stores the compliance information in a compliance database, 0010) for endpoint device (in response to receiving, by the network appliance, a second request to access a protected network resource from the endpoint device, (a) accessing the compliance information of the endpoint device stored in the database, (b) requesting an update from the endpoint device, (c) in response to requesting the update, receiving updated compliance information that includes less than all of the compliance details required by the policies, (d) in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance details required by the policies, evaluating the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state, and (e) providing access based on the updated compliance state, 0011);
determining network access based on the device record, user authentication utilizing the security certificate (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025) and one or more network security policies (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010) ((c) evaluating the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) storing the received compliance information in a database associated with the network appliance, 0011); and
selectively granting network access to the endpoint device based on the determination (The network appliance 110 proceeds determine whether the user device 118 is compliant with the applicable policies (614). As a result of the updated compliance information, the network appliance 110 may adjusts the access level of the user device 118, 0048).
Shravan et al. does not disclose generating, by the first processing device, a security certificate for the endpoint device, wherein the certificate includes one or more posture-derived attributes as claimed.
However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024), wherein the request from the endpoint device is a request to register the endpoint device, the method further comprising:
generating, by the first processing device, a security certificate for the endpoint device, wherein the certificate includes one or more posture-derived attributes (a primary certificate authority (CA) certificate and intermediate CA certificates are created, The primary CA certificate and each intermediate CA certificate identifies the host on which the certificate was generated as well as a cloud provider signature identifying that host, 0026); (the intermediate CA certificates are sent to respective entities installed on nodes of a network, Each entity receives a unique intermediate CA certificate, new intermediate CA certificates are sent, for example, periodically (e.g., when the current period of time is about to expire), 0028) (configured to generate and send certificate authority (CA) certificates to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, 0024).
Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Levin et al. in Shravan et al. for generating, by the first processing device, a security certificate for the endpoint device utilizing at least the security posture of the endpoint device as claimed for purposes of enforcing identity-based network firewall policies in a seamless manner which does not require modifying entities or network infrastructure. By distributing CA certificates to and deploying agents at each node, the central authority can cause enforcement of the firewall policy in a distributed manner and without requiring modifying the underlying infrastructure and improve security by providing techniques for preventing unauthorized use of stolen certificates (see Levin et al. 0021)
Neither Shravan et al. and Levin et al. discloses wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed.
However, Howry et al. teaches a security posture contained in a certificate (Figure 2), first node compares the security posture associated with the second node to an expected security posture level associated with the first node. If the security posture associated with the second node is adequate as compared to the expected security posture level, a connection is established between the first node and the second node. (0003)
Shravan et al., Levin et al, and Howry et al. are analogous art because they are from the same field of endeavor of network security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Howry et al. in Shravan et al. and Levin et al. for wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed for purposes of preventing using security postures lack functionality, and thus nodes lack capability that can be facilitated using security postures. (see Howry et al. 0002-0003)
Konda et al. teaches gateway 208 may have endpoints connected to it that do not have a TEE, do not have an installed host security agent, or otherwise lack the ability to perform this secure authentication. In those cases, gateway 208 may treat the devices as untrusted, and for those devices, full security services may be provided. Nevertheless, depending on overall enterprise or family security policy, untrusted devices may still be allowed to connect to the network. They simply receive more security services than trusted devices do. (0140), wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device (to dynamically generate a cryptographic attestation token that indicates the security posture of the device, 0033) (an endpoint security application such as a host security agent may optionally provide a thin agent (for closed operating system devices) on the endpoint. This thin agent can assess the security posture of the device. The security posture may contain various parameters like the operating system version, applications/extensions installed, and similar. The assessed posture may then be signed using the client certificate's private key in a TEE to generate the SPAT. 0034) (On receiving the SPAT token, the home gateway may cryptographically assert the attested security posture of the endpoint, and then allow specific access or privileges, or enforce specific policies for the endpoint, based on the SPAT., 0036) (assert security posture, Figure 7, 732)
Shravan et al., Levin et al, and Konda et al. are analogous art because they are from the same field of endeavor of network security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Konda et al. in Shravan et al. and Levin et al. for wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed for purposes of attest the security posture and capabilities of the endpoint and provides a secure attestation of capability. Provides an ability for security applications running on the home gateway to craft individual network security policies for endpoint devices. This not only helps to provide appropriate access to devices, networks, and services, but also helps to determine the amount of scrutiny required on traffic generated by, or received on, these devices. (see Konda et al. 0027, 0032)
Claims 2, 8, 14:
With respect to claims 2, 8, 14, Shravan et al. discloses the method further comprising determining, by the processing device, an owner of the endpoint device based at least in part on information received as part of the request from the endpoint device, wherein updating the device record is done based in part upon the owner (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025).
Claims 3, 9, 15:
With respect to claims 3, 9, 15, Shravan et al. discloses wherein determining the owner is done by accessing a network database (the authentication credentials are stored by authentication server 112, 0025).
Claims 4, 10, 16:
With respect to claims 4, 10, 16, Shravan et al. discloses wherein the security posture includes at least one of: an indication of an out of date operating system executing on the endpoint device, an insecure application executing on the endpoint device, a vulnerable hardware element included as part of the endpoint device, or an up to date virus detection and mitigation application executing on the endpoint device (a policy may require that the user device 118 have a certain antivirus product, settings of the antivirus product, a certain firewall product, settings of the firewall product, a certain patch management product, settings of the patch management product, a certain status of an application (e.g., the application is open, etc.), a certain a file on the device, a certain status of one or more ports, and/or settings of registry keys, etc. The network appliance 110 requests all compliance information related to the identified requirements (606), 0044).
Claims 5, 11, 17:
With respect to claims 5, 11, 17, Shravan et al. discloses a security certificate for the endpoint device (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025).
Shravan et al. does not disclose further comprising installing the security certificate into a register of the endpoint agent as claimed.
However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024),
further comprising installing the security certificate into a register of the endpoint agent
(a primary certificate authority (CA) certificate and intermediate CA certificates are created, The primary CA certificate and each intermediate CA certificate identifies the host on which the certificate was generated as well as a cloud provider signature identifying that host, 0026) (the intermediate CA certificates are sent to respective entities installed on nodes of a network, Each entity receives a unique intermediate CA certificate, new intermediate CA certificates are sent, for example, periodically (e.g., when the current period of time is about to expire), 0028).
Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.
The motivation for combining Shravan et al. and Levin et al. is recited in claims 1, 7, 13.
Claims 6, 12, 18:
With respect to claims 6, 12, 18, Shravan et al. discloses wherein the first processing device is an endpoint management system, wherein a second processing device is an access node, and wherein the endpoint management system and the access node are communicably coupled (Network appliance 110, user device 120, authentication server 112, Figure 1).
Claim 7:
With respect to claim 7, Shravan et al. discloses a system for zero trust security processing for an endpoint device in a network (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010) (The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) controller, etc.), 0022)(Figures 1 and 6), the system comprising:
an endpoint device (Figure 1) including a first processing device and a non-transitory computer readable storage medium, wherein the non-transitory computer readable medium includes instructions which when executed by a first processing device cause the endpoint device (Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed. Computer-readable media may include non-transitory computer-readable storage media, 0051) to:
receiving, by a first processing device, a first request from an endpoint device (receiving a first request to access a protected network resource from an endpoint device, 0011), wherein the endpoint device includes an endpoint agent executing on the endpoint device (client 120 makes an initial request for access to a protected network zone and/or protected resource 116 within the private network 104 (602), 0043) (Figure 6, 602), and wherein the first request includes the security posture of the endpoint device (The network appliance 110 requests all compliance information related to the identified requirements (606), 0044) (the client 120 sends the collected details (e.g., the requested compliance information) to the network appliance 110 (612), 0045) (Figure 6, 608, 612);
generating, by the first processing device, a security certificate (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025) for the endpoint device, and wherein the certificate is usable for access authentication (an “authentication check” - (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, etc. 0025);
accessing device identification from the security certificate issued by the endpoint management system (an “authentication check”) - (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, etc. 0025);
requesting a device record (a compliance database 124, Figure 1) (The network appliance stores the compliance information in a compliance database, 0010) for endpoint device (in response to receiving, by the network appliance, a second request to access a protected network resource from the endpoint device, (a) accessing the compliance information of the endpoint device stored in the database, (b) requesting an update from the endpoint device, (c) in response to requesting the update, receiving updated compliance information that includes less than all of the compliance details required by the policies, (d) in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance details required by the policies, evaluating the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state, and (e) providing access based on the updated compliance state, 0011);
determining network access based on the device record, user authentication utilizing the security certificate (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025)
and one or more network security policies (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010)
((c) evaluating the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) storing the received compliance information in a database associated with the network appliance, 0011); and
selectively granting network access to the endpoint device based on the determination (The network appliance 110 proceeds determine whether the user device 118 is compliant with the applicable policies (614). As a result of the updated compliance information, the network appliance 110 may adjusts the access level of the user device 118, 0048).
Shravan et al. does not disclose generating, by the first processing device, a security certificate for the endpoint device utilizing at least the security posture of the endpoint device as claimed.
However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024), wherein the request from the endpoint device is a request to register the endpoint device, the method further comprising:
generating, by the first processing device, a security certificate for the endpoint device utilizing at least the security posture of the endpoint device (a primary certificate authority (CA) certificate and intermediate CA certificates are created, The primary CA certificate and each intermediate CA certificate identifies the host on which the certificate was generated as well as a cloud provider signature identifying that host, 0026); (the intermediate CA certificates are sent to respective entities installed on nodes of a network, Each entity receives a unique intermediate CA certificate, new intermediate CA certificates are sent, for example, periodically (e.g., when the current period of time is about to expire), 0028) (configured to generate and send certificate authority (CA) certificates to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, 0024).
Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Levin et al. in Shravan et al. for generating, by the first processing device, a security certificate for the endpoint device utilizing at least the security posture of the endpoint device as claimed for purposes of enforcing identity-based network firewall policies in a seamless manner which does not require modifying entities or network infrastructure. By distributing CA certificates to and deploying agents at each node, the central authority can cause enforcement of the firewall policy in a distributed manner and without requiring modifying the underlying infrastructure and improve security by providing techniques for preventing unauthorized use of stolen certificates (see Levin et al. 0021)
Neither Shravan et al. and Levin et al. discloses wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed.
However, Howry et al. teaches a security posture contained in a certificate (Figure 2), first node compares the security posture associated with the second node to an expected security posture level associated with the first node. If the security posture associated with the second node is adequate as compared to the expected security posture level, a connection is established between the first node and the second node. (0003)
Shravan et al., Levin et al, and Howry et al. are analogous art because they are from the same field of endeavor of network security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Howry et al. in Shravan et al. and Levin et al. for wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed for purposes of preventing using security postures lack functionality, and thus nodes lack capability that can be facilitated using security postures. (see Howry et al. 0002-0003)
Konda et al. teaches gateway 208 may have endpoints connected to it that do not have a TEE, do not have an installed host security agent, or otherwise lack the ability to perform this secure authentication. In those cases, gateway 208 may treat the devices as untrusted, and for those devices, full security services may be provided. Nevertheless, depending on overall enterprise or family security policy, untrusted devices may still be allowed to connect to the network. They simply receive more security services than trusted devices do. (0140), wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device (to dynamically generate a cryptographic attestation token that indicates the security posture of the device, 0033) (an endpoint security application such as a host security agent may optionally provide a thin agent (for closed operating system devices) on the endpoint. This thin agent can assess the security posture of the device. The security posture may contain various parameters like the operating system version, applications/extensions installed, and similar. The assessed posture may then be signed using the client certificate's private key in a TEE to generate the SPAT. 0034) (On receiving the SPAT token, the home gateway may cryptographically assert the attested security posture of the endpoint, and then allow specific access or privileges, or enforce specific policies for the endpoint, based on the SPAT., 0036) (assert security posture, Figure 7, 732)
Shravan et al., Levin et al, and Konda et al. are analogous art because they are from the same field of endeavor of network security.
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Konda et al. in Shravan et al. and Levin et al. for wherein the certificate includes one or more posture-derived attributes generated from the security posture of the endpoint device as claimed for purposes of attest the security posture and capabilities of the endpoint and provides a secure attestation of capability. Provides an ability for security applications running on the home gateway to craft individual network security policies for endpoint devices. This not only helps to provide appropriate access to devices, networks, and services, but also helps to determine the amount of scrutiny required on traffic generated by, or received on, these devices. (see Konda et al. 0027, 0032)
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468. The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/HELAI SALEHI/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433