Detailed Action
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
This final office action is in response to the amendments filed 12/23/2025. In
which, claims 12 have been amended, no claims have been cancelled, and
claims 1-27 remain pending in the application.
Response to Amendment
The amendment filed on 12/23/2025 has been entered. See response to
amendments.
Response to Arguments
Examiner’s remarks concerning applicant’s claim objection.
The Applicant argument regarding (remark page 10):
“Claim 12 has been amended. As such, withdrawal of the objection is respectfully solicited.”.
Applicant’s arguments have been fully considered and are persuasive in view of the claim amendments. Thus, claim objection as set forth in the previous office action has been waived.
Examiner’s remarks concerning applicant’s arguments 35 U.S.C. 112(b) and 112(a) rejections.
The Applicant argument regarding (remark pages 8-9):
“Claim 1 is rejected, under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second
paragraph, as being allegedly indefinite because the Office indicates that the claim limitation "an 1/0 module configured to accept a service request from an application ... key management and crypto operation module configured to perform the key management or crypto operation ... , AI security module configured to analyze the service request received by the HSM to identify ...
Applicant respectfully submits that, as shown in FIG. 1 (reproduced below), all modules of system 100 including but not limited to the basic 1/0 module 104, crypto operation module 106, and the AI security module 110 run on a hardware security module (HSM) 102, which, as explained in paragraph 14 of the instant application, provides the hardware and software infrastructure for the modules:.. As such, one of ordinary skill in the art would recognize a structure associated
with an I/O module, AI security module, and the key management and cryptographic operations that perform the functions as described above.”.
Applicant’s arguments have been fully considered but they are not persuasive. The Examiner respectfully disagrees there is no specific structure and algorithm being perform by the I/O module, AI security module, and the key management and crypto operation module. The current claim limitations is broad and the current cited module are just a Blackbox that the meats and bound are not defined. See MPEP (MPEP § 2181, subsection II, Part A.) Mere reference to a general purpose computer with appropriate programming without providing an explanation of the appropriate programming, or simply reciting "software" without providing detail about the means to accomplish a specific software function, would not be an adequate disclosure of the corresponding structure to satisfy the requirements of 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. Aristocrat, 521 F.3d at 1334, 86 USPQ2d at 1239; Finisar, 523 F.3d at 1340-41, 86 USPQ2d at 1623. In addition, merely referencing a specialized computer (e.g., a "bank computer"), some undefined component of a computer system (e.g., "access control manager"), "logic," "code," or elements that are essentially a black box designed to perform the recited function, will not be sufficient because there must be some explanation of how the computer or the computer component performs the claimed function. Blackboard, Inc. v. Desire2Learn, Inc., 574 F.3d 1371, 1383-85, 91 USPQ2d 1481, 1491-93 (Fed. Cir. 2009); Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1366-67, 88 USPQ2d 1751, 1756-57 (Fed. Cir. 2008); Ex parte Rodriguez, 92 USPQ2d 1395, 1405-06 (Bd. Pat. App. & Inter. 2009).
The Applicant argument regarding (remark pages 9-10):
“Claim 27 is rejected, under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second
paragraph, as being allegedly indefinite for similar reasons that Claim 1 has been
rejected. Claim 27 is compliant with the requirements, under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, for reasons similar to that of Claim 1 above.”.
Applicant’s arguments have been fully considered but they are not persuasive. The Examiner respectfully disagrees for the same reasons similar to that Claim 1 described above.
The Applicant argument regarding (remark page 10):
“Claim 1 is rejected, under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first
paragraph, as allegedly failing to comply with the written description requirement.
Applicant respectfully requests withdrawal of the rejection for reasons that have been provided above.
Applicant’s arguments have been fully considered and are persuasive. The 35 U.S.C. 112(a) rejections has been withdrawn.
Claim 27 cited similar features as claim 1 and therefore the Examiner withdraw the 35 U.S.C. 112(a) for claim 27.
Examiner’s remarks concerning applicant’s arguments on 35 U.S.C. 103 rejections.
The Applicant argument regarding (remark pages 10-11):
“McCauley discloses a server computer 102, a relay server 103, a risk analysis module 104, and a hardware security module 105 (see McCauley, paragraph 29). The rejection is construing the relay server 103 as the I/0 module, as claimed. However, the relay server 103 is separate from the hardware security module 105, as shown in Figure 1 of McCauley. Figure 1… The relay server 103 that has been construed as the I/0 module by the Office is not part of the HSM 105 but is rather separate therefrom, as disclosed by McCauley. Additionally, the risk analysis module 104 is not part of the HSM 105 but is rather separate therefrom, as disclosed by McCauley.
As such, McCauley fails to teach or suggest a system running on a
hardware security module (HSM), comprising: an 110 module ... and said AI security module configured to analyze the service request received by the HSM, as claimed, as claimed.”.
The Examiner respectfully disagrees and arguments is not persuasive because McCauley discloses a Cryptoasset custodial system includes multiple layers of security so as to enable large volumes of cryptoassets to be maintained in a secure manner (see par.0024). Examiner is interpreting Cryptoasset custodial system as the (HSM). The cryptoasset custodial system 100 includes a server computer 102, a relay server 103 (I/O module) , a risk analysis module 104 (AI security module), the hardware security module 105 (key management and crypto operation module), (see par.0028). All the module described in McCauley are part of the Cryptoasset custodial system.
While McCauley does not recite an explicit “AI module”, McCauley discloses modules that alone or in combination perform functionally equivalent task.
With regards to applicant’s remarks concerning claim limitation element of, “comprising: an I/O module”, McCauley teaches in par. 0033 the following: “receives the request (step 201) and forwards it (step 202) via the relay server 103 to the hardware security module 105”.
With regards to applicant’s remarks concerning claim limitation element of, “said AI security module configured to analyze the service request received by the HSM”, McCauley teaches in par. 0027 the following: “approval of the transaction by the hardware security module 105 occurs only if and after the requested transaction has passed a risk review, which may be partially or fully automated. McCauley teaches in par. 0039 the following: “Once the hardware security module 105 validates compliance with a policy map including any quorum requirements, the hardware security module 105 authorizes the requested transaction”.
The Applicant argument regarding (remark pages 11-12):
“Claim 1 recites that the AI security module is configured to send an alert to the key management and crypto operation module to stop performing the key management or crypto operation requested by the application if the one or more security risks and vulnerabilities are identified, as claimed. The rejection admits that McCauley fails to teach the above recited claim features and relies on Antipa. Applicant respectfully traverses in view of the following.
Antipa discloses that when the integrity checks detect tampering of the
cryptographic provider program instructions or data, information is recorded using the logs module 13 0 and applications/users are alerted and cryptographic
operations may be suspended (see Antipa, paragraph 114). Accordingly, to the
extent that Antipa teaches an alert it is with respect to alerting applications/users
as opposed to the key management and crypto operation module in the claimed
fashion that is within the HSM. As such, Antipa fails to teach or suggest that the
AI security module is configured to send an alert to the key management and
crypto operation module to stop performing the key management or crypto
operation requested by the application if the one or more security risks and
vulnerabilities are identified, as claimed.”
The Examiner respectfully disagrees and arguments is not persuasive because Antipa discloses in par.0114 “the cryptographic suite management unit (key management and crypto operation module) ensures the integrity of cryptographic provider implementations that have been dynamically loaded by implementing integrity checks on the loaded modules. When the integrity checks detect tampering of the cryptographic provider program instructions or data, information is recorded using the Logs module 130 of the cryptographic suite management unit, applications and users are alerted via the alerts module 128 and further cryptographic operations may be suspended to prevent exposure of sensitive information. The cryptographic suite management unit 112 may employ a number of integrity checking techniques including but not limited to the use of checksum functions to verify that program instructions are untampered, the use of test vectors within the cryptographic suite provider that can verify code integrity in association with meta-data that was included with the crypto-provider bundle when it was imported into the cryptographic suite management unit; the use of a challenge-response protocol between the cryptographic suite management unit and the cryptographic provider implementation.” Antipa does disclose send alert to the cryptographic suite management unit (key management and crypto operation module) on top of applications and users. Antipa discloses an alert system that when integrity is detected is then recorded to suspended. The way to achieve that an alert must be inserted in the cryptographic suite management unit and further alerts is sent to the applications and users.
While McCauley does not recite an explicit “key management and crypto operation module”, McCauley discloses modules that alone or in combination perform functionally equivalent task.
Antipa teaches in par. 0056 the following: “a cryptographic suite management unit enables an application to invoke cryptographic functions provided by a plurality of cryptographic provider suites.”.
Antipa teaches in par. 0060 the following: “[0060] By importing more than one cryptographic provider suite to a device, other applications on the device may access one or more of the plurality of cryptographic provider suites to encrypt and/or decrypt data or perform other cryptographic operations. The import/export operation is defined by a protocol configured to negotiate the requirements of both importers and exporters without reducing the security of the underlying applications.”.
As such, Antipa tells us that the cryptographic provider suites performs cryptographic operations.
Antipa teaches in par. 0114 (i.e., cited paragraph) the following: “When the integrity checks detect tampering of the cryptographic provider program instructions or data, information is recorded using the Logs module 130 of the cryptographic suite management unit, applications and users are alerted via the alerts module 128 and further cryptographic operations may be suspended to prevent exposure of sensitive information. The cryptographic suite management unit 112 may employ a number of integrity checking techniques including but not limited to the use of checksum functions to verify that program instructions are untampered, the use of test vectors within the cryptographic suite provider that can verify code integrity in association with meta-data that was included with the crypto-provider bundle when it was imported into the cryptographic suite management unit; the use of a challenge-response protocol between the cryptographic suite management unit and the cryptographic provider implementation.”.
Antipa tells us that the Cryptographic provider suites performs cryptographic operations. Antipa tells us that a fell integrity check provides applications and user with alerts. Moreover, as a result of the failed integrity check, cryptographic operations are stopped. The cryptographic provider suites again performs the cryptographic operations. It is reasonable to conclude that the cryptographic provider suites must receive instructions (i.e., alert) to stop the cryptographic functions. This would include crypto-key related operations because the cryptographic provider suites provides encryption related functions with crypto-keys.
The Applicant argument regarding (remark page 12):
“Accordingly, McCauley alone or in combination with Antipa fails to
render Claim 1 obvious. Claims 14, 17, and 27 are also patentable over the cited
combination for similar reasons that Claim 1 is patentable.”.
The Examiner respectfully disagrees and arguments is not persuasive for the same reason described above in regards with claim 1 noted above.
The Applicant argument regarding (remark page 12):
“Dependent claims are patentable by virtue of their dependency in addition to their own patentable features. As such, allowance of Claims 1-4, 6, 8, 14, 16-20, 22, and 27 is earnestly solicited.”
Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
Claim Interpretation
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: “an I/O module, a key management and crypto operation module, an artificial intelligence (Al) security module” in claim 1, “a means for accepting, a means for performing the key management or crypto, a means for analyzing, a means for stopping” in claim 27.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “an I/O module configured to accept a service request from an application…key management and crypto operation module configured to perform the key management or crypto operation…, AI security module configured to analyze the service request received by the HSM to identify… ” invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification is devoid of adequate structure to perform the claimed function. The specification is devoid of adequate structure to perform the claimed function. In particular, the specification states the claimed function “the BIO module 104 is configured to accept a plurality of service requests from a plurality of applications/users to the HSM 102” furthermore “the BIO module 104 is configured to parse each of the plurality of service requests accepted to identify a type of service requested by a specific application” there is no disclosure of any particular structure, either explicitly or inherently, to perform. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function. The next limitation “the key management and crypto operation module 106 is configured to perform a key management or crypto operation/service” the specification states “the key management and crypto operation module 106 is configured to perform a key management or crypto operation/service according to the type of service requested by each of the plurality of applications.” Furthermore “The key management and crypto operation module 106 then provides the processing result (e.g., the generated key) back to the requesting application” there is no disclosure of any particular structure, either explicitly or inherently, to perform. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function. The next limitation “AI security module configured to analyze the service request received by the HSM to identify” the specification states “the AI security module 110 is configured to identify one or more anomalies, e.g., security risks and vulnerabilities associated with the service request from the application or if the service request deviates beyond a certain threshold from the pattern of behavior of the application.” furthermore “the AI security module 110 is configured to continuously train the one or more AI models with data (e.g., service requests of the applications) received after the one or more AI models have been deployed in order to keep the one or more AI models accurate and update to date”. there is no disclosure of any particular structure, either explicitly or inherently, to perform. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function.
Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Claim 27 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “a means for accepting…”, “a means for performing the key management or crypto…”, “a means for analyzing, a means for stopping…” invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification is devoid of adequate structure to perform the claimed function. In particular, the specification states the claimed function “a means for accepting” furthermore “the BIO module 104 is configured to accept a plurality of service requests from a plurality of applications”, there is no disclosure of any particular structure, either explicitly or inherently, to perform the function. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function. The next limitation “a means for performing the key management or crypto” furthermore “the key management and crypto operation module 106 is configured to perform a key management or crypto operation/service according to the type of service requested by each of the plurality of applications.”, there is no disclosure of any particular structure, either explicitly or inherently, to perform the function. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function. The next limitation “a means for analyzing, a means for stopping” furthermore “If an anomaly or a deviation is detected for a service request by an application, the AI security module 110 may send an alert to the key management and crypto operation module 106 to stop performing the key management or crypto operation requested by the application.”, there is no disclosure of any particular structure, either explicitly or inherently, to perform the function. As would be recognize by those of the ordinary skill in the art would understand which the specification does not provide the recommended analysis procedure creation process of calculating or structure perform the claim function.
Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 - 4, 6, 8, 14, 16 - 20, 22, and 27 are rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa)
Regarding claim 1 McCauley disclose a system running on a hardware security module (HSM) (see McCauley par.0024: “The cryptoasset custodial system 100 (HSM) includes multiple layers of security so as to enable large volumes of cryptoassets to be maintained in a secure manner. In certain embodiments the cryptoasset custodial system 100 includes a combination of biometric-based multi-user validation, transaction risk analysis, and use of a hardware security module 105 to provide authentication/validation functionality and secure storage of private keys of cryptoassets.”), comprising:
an I/O module configured to accept a service request from an application to the HSM and provide the service request from the application to a key management and crypto operation module for a key management or crypto operation and an artificial intelligence (Al) security module for security analysis of the application (see McCauley par.0028-0029: “the cryptoasset custodial system 100 includes a server computer 102, a relay server 103 (I/O module), a risk analysis module 104 (an artificial intelligence (Al) security module), the hardware security module 105 (a key management and crypto operation module)”, par.0029: “the relay server 103 functions as a bridge over a physical air gap to isolate the hardware security module 105 from the public computer network 109. In other embodiments, the relay server 103 functions as a virtual air gap to isolate the hardware security module 105 from the public computer network 109. The risk analysis module 104 and hardware security module 105 operate within a secure zone 110.”, par.0033: “the request for a blockchain deposit address is sent to the server computer 102, which receives the request (step 201) and forwards it (step 202) via the relay server 103 to the hardware security module 105”,) Examiner interpret the relay server 103 as the I/O module;
said key management and crypto operation module configured to perform the key management or crypto operation according to the service request by the application (see McCauley par.0033 : “Once initiated, the request for a blockchain deposit address is sent to the server computer 102, which receives the request (step 201) and forwards it (step 202) via the relay server 103 to the hardware security module 105 (which as noted above is isolated from the Internet by the relay server 103). The hardware security module 105 generates (step 203) a new public-private key pair 221 to correspond uniquely with the deposit, i.e., to correspond with the requested blockchain address.”, further in par.0033-0035); and
said AI security module configured to analyze the service request received by the HSM to identify one or more security risks and vulnerabilities associated with the service request from the application if the service request has an anomaly or deviates beyond a certain threshold from a pattern of behavior of the application according to one or more AI models (see McCauley par.0039: “each transaction submitted by a customer of the cryptoasset custodial system 100 will go through the risk analysis module 104, which may be partially or fully automated.”, par.0041: “The risk analysis module 104 performs a risk analysis ”, par.0103: “the risk analysis module 104 can determine whether the current withdrawal request amount is an outlier or is suspiciously high.”, par.0112-0113: “the risk analysis module 104 includes a feature extraction module and a machine learning module communicably coupled to the feature extraction module… The machine learning module generates the risk metric based on the feature vector. The machine learning module is trained to indicate the risk of accepting the cryptographic endorsement based on whether the multiple data point match expected values of the multiple data points. The machine learning module includes a mathematical and connectivity model that is trained to make predictions or decisions without being explicitly programmed”); and
McCauley does not explicitly teach but however Antipa teaches
send an alert to the key management and crypto operation module to stop
performing the key management or crypto operation requested by the application if the one or more security risks and vulnerabilities are identified. (See Antipa par.0114 “the cryptographic suite management unit (key management and crypto operation module) ensures the integrity of cryptographic provider implementations that have been dynamically loaded by implementing integrity checks on the loaded modules. When the integrity checks detect tampering of the cryptographic provider program instructions or data, information is recorded using the Logs module 130 of the cryptographic suite management unit, applications and users are alerted via the alerts module 128 and further cryptographic operations may be suspended to prevent exposure of sensitive information. The cryptographic suite management unit 112 may employ a number of integrity checking techniques including but not limited to the use of checksum functions to verify that program instructions are untampered, the use of test vectors within the cryptographic suite provider that can verify code integrity in association with meta-data that was included with the crypto-provider bundle when it was imported into the cryptographic suite management unit; the use of a challenge-response protocol between the cryptographic suite management unit and the cryptographic provider implementation.” Examiner interpret that the alert is send to the cryptographic suite management unit (key management and crypto operation module) on top of applications and users. Antipa discloses an alert system that when integrity is detected is then recorded to suspended. The way to achieve that an alert must be inserted in the cryptographic suite management unit to suspend cryptographic operations and further alerts is send to the applications and users.).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley teaching “the cryptoasset custodial system 100 includes a combination of biometric-based multi-user validation, transaction risk analysis, and use of a hardware security module 105 to provide authentication/validation functionality and secure storage of private keys of cryptoassets.”, (see McCauley par.0024), with Antipa teaching “The cryptographic suite management unit 112 may comprise: a cryptographic API 114; a key management API
116; a rights management API 118; an OpenSSL API 120; a logsAPI 122; a provider registration AP I 124; a configuration management API 126; an alerts module 128; a logs module 130; a configuration manager 132; a cipher suite vault 134 for secure storage of cryptographic provider suites; a key vault 136 for secure storage of cryptographic keys,”, (see Antipa par.0058).
Regarding claim 14 is a system claim that recites similar limitations as the method claim 1 and is being rejected based on the same rational as claim 1.
Regarding claim 17 is a Method claim that recites similar limitations as the method claim 1 and is being rejected based on the same rational as claim 1.
Regarding claim 27 is a system claim that recites similar limitations as the method claim 1 and is being rejected based on the same rational as claim 1.
Regarding claim 2 McCauley in view of Antipa disclose the system of Claim 1, McCauley further discloses wherein:
the I/O module is configured to identify a type of service requested by the application to be performed by the HSM. (See McCauley par.0048 : “the hardware security module 105 receives (step 401) from the relay server 103 an operation description, which specifies an Organization. The operation description is a set of data and metadata describing a requested operation, such as a requested deposit, withdrawal or transfer of cryptocurrency.”).
Regarding claim 18 is a Method claim that recites similar limitations as the method claim 2 and is being rejected based on the same rational as claim 2.
Regarding claim 3 McCauley in view of Antipa disclose the system of Claim 1, McCauley further discloses wherein:
the I/O module is configured to compose and transmit a response including a processing result back to the application sending the service request once the service request has been processed. (See McCauley par.0049 : “The hardware security module 105 can determine (step 405) whether any of the received cryptographic endorsements (from users) indicate to "REJECT' the requested operation. If so, the hardware security module 105 can reject (step 411) the requested operation, by returning a "REJECT" message to the relay server, which returns a corresponding "REJECT" message to the server computer, to cause notification to the requester.”).
Regarding claim 19 is a Method claim that recites similar limitations as the method claim 3 and is being rejected based on the same rational as claim 3.
Regarding claim 4 McCauley in view of Antipa disclose the system of Claim 1, McCauley further discloses wherein:
the I/O module is configured to inform the application that the service request has been declined if the alert is received for the service request of the application. (See McCauley par.0049: “The hardware security module 105 can determine (step 405) whether any of the received cryptographic endorsements (from users) indicate to "REJECT' the requested operation. If so, the hardware security module 105 can reject (step 411) the requested operation, by returning a "REJECT" message to the relay server 103, which returns a corresponding "REJECT" message to the server computer, to cause notification to the requester.”) Examiner interpret The relay server 103 (I/O module) inform the service requester by forwarding the message to the server computer 102 that the received service request has been declined.
Regarding claim 20 is a Method claim that recites similar limitations as the method claim 4 and is being rejected based on the same rational as claim 4.
Regarding claim 6 McCauley in view of Antipa disclose the system of Claim 1, Antipa further disclose wherein:
the key management and crypto operation module is configured to stop or abort the key management or crypto operation if the alert is received. (See Antipa par.0114: “When the integrity checks detect tampering of the cryptographic provider program instructions or data, information is recorded using the Logs module 130 of
the cryptographic suite management unit, applications and users are alerted via the alerts module 128 and further cryptographic operations may be suspended to prevent exposure of sensitive information.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Antipa teaching “systems and methods are provided for the protection of cryptographic suites that are exchanged between applications and devices”, (see Antipa par.0014).
Regarding claim 8 McCauley in view of Antipa disclose the system of Claim 1, McCauley further discloses wherein:
the key management and crypto operation module is configured to notify an administrator, user, owner or host of the application that the application has been compromised. (See McCauley par.0049 : “The hardware security module 105 can determine (step 405) whether any of the received cryptographic endorsements (from users) indicate to "REJECT' the requested operation. If so, the hardware security module 105 can reject (step 411) the requested operation, by returning a "REJECT" message to the relay server, which returns a corresponding "REJECT" message to the server computer, to cause notification to the requester.”, par.0050: “The hardware security module 105 determines (step 406) whether all of the received cryptographic
endorsements for the transaction are valid. The determination includes verifying the validity of the cryptographic endorsements provided by checking that: i) the user is in the Organization, ii) the signature is correct for the specified operation, and iii) each of the signatures has an "APPROVE" decision. If not all of the received cryptographic endorsements for the transaction are valid, the process proceeds to step 411 as described above.”).
Regarding claim 22 is a Method claim that recites similar limitations as the method claim 8 and is being rejected based on the same rational as claim 8.
Regarding claim 16 McCauley in view of Antipa the system of claim 14, McCauley further teaches wherein:
the HSM includes a secure storage configured to maintain keys and data associated with the application in a secure environment. (See McCauley par.0026: “The hardware security module 105 generates a signature using a private key and validates the signature using a public key of a public-private key pair for each of the users, in cryptographic endorsements received from the users”, par.0027: “The private key (sometimes referred to as a "cryptoasset key") of the particular cryptographic asset may be accessed or derived using a client key and the client key can be derived from an encrypted client key stored on one or more user devices for authorized representatives of the client. The encrypted client key can be transmitted to the hardware security module 105 and the hardware security module can derive the client key from the encrypted client key by decrypting the encrypted client key using the hardware-based cryptographic key stored within the secure storage device of the hardware security module 105. The hardware-based cryptographic key within the secure storage device 107 of the hardware security module 105 is stored only in the hardware security module 105,””).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), in further view of Iyer et al. (US-20200175179-A1 hereafter Iyer).
Regarding claim 5 McCauley in view of Antipa disclose the system of Claim 1, McCauley in view of Antipa appear to be silence however Iyer teaches wherein:
the key management or crypto operation is one of generating a key, storing the key into a secure storage, exporting the key back to the application, deleting an existing key from the secure storage, encrypting or decrypting data using the key, and storing the encrypted or decrypted data in the secure storage. (See Iyer par.0036: “The HSMs are computing devices that can be used for securely storing and managing encryption keys, which can be used in data security for encrypting data using crypto processing (e.g., processing that utilizes the encryption key to encrypt and decrypt the data, or the like). These HSMs may be operatively coupled to systems (e.g., computers, services, or the like) to provide encrypting processing for a particular system or application thereof. HSMs have a number of benefits, such as but not limited to the generation of secure cryptographic keys, secure storage of the keys, key management capabilities, key retrieval, and/or the like.”, par.0053: “the HSM may generate, store, and/or allow access to one or more keys for use in encrypting and/or decrypting data. In the case of symmetric keys, the systems that use and/or store the data have the same key that is used to both encrypt and decrypt the data. Alternatively, which respect to public-private keys, a public key is used to encrypt a session key (e.g., a key used by both parties to transfer data) to create an encrypted key (e.g., encrypted symmetric session key). The application then sends the unique encrypted key to the other system (e.g., other application and/or other party). The other system decrypts the unique encrypted key using the private key paired with the public key used to create the encrypted key, which only the receiving party has in order to read the unique encrypted key to identify the session key created. As such, the systems (or applications thereof) have created a secure link, and can send encrypted information between the two using the symmetric session key because only the two systems have the decrypted session key. Communications made between the systems (or applications thereof) are encrypted with the unique session key since only the systems have the unique session key. In some embodiments of the invention, multiple public and private key pairs may be utilized to encrypt, share, and decrypt in order to provide additional security when sharing the symmetric session key. After the session is terminated the unique session key may be deleted and/or returned to a pool of unique session keys to be used at a future point in time”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Iyer teaching “HSMs may be certified to international standards to provide assurance that the HSMs are secure. HSMs may include features to improve security, such as taking a security action when unauthorized users try to breach the HSMs. The security actions may include preventing tampering of the keys and/or data therein, providing alerts, deleting keys, or the like when unauthorized users are detected.”, (see Iyer par.0036).
Claims 7 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), in further view of Corella et al. (US-20220103573-A1 hereafter Corella).
Regarding claim 7 McCauley in view of Antipa disclose the system of Claim 1, McCauley in view of Antipa do not explicitly teach but however Corella teaches wherein:
the key management and crypto operation module is configured to block any future service request from the application if the alert is received. (See Corella par.0069 : “OSPl causes the visibility middlebox to send a decryption failure alert to the intrusion prevention system 170, which then instructs the gateway 150 to block further traffic received from the client 120. Then process 400 continues at 480.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Corella teaching “visibility middlebox mitigates this risk by alerting the intrusion prevention system 170 of a failure to decrypt traffic that may have been caused by such an attack. The intrusion prevention system 170 can then instruct the gateway 150 to block further client-originated traffic”, (see Corella par.0025).
Regarding claim 21 is a Method claim that recites similar limitations as the method claim 7 and is being rejected based on the same rational as claim 7.
Claims 9, 12, 13, 23, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), in further view Marosi-Bauer of et al. (US-20240031146-A1 hereafter Marosi-Bauer).
Regarding claim 9 McCauley in view of Antipa disclose the system of Claim 1, McCauley in view of Antipa appear to be silence however Marosi-Bauer teaches wherein:
the one or more AI models are trained ahead of time with one or more datasets of a plurality of service requests to the HSM from the application before the one or more AI models are deployed into the AI security module. (See Marosi-Bauer par.0082: “the training techniques for a machine learning model may be supervised, semi supervised, or unsupervised. In supervised learning, the machine learning models may be trained with a set of training samples that are labeled. For example, for a machine learning model trained to predict if a request is noncompliant, the training samples may be past transactions labeled with compliant or noncompliant. The labels for each training sample may be binary or multi-class. Labels may be used to indicate which threat(s) are connected to the request: drain, sybil, etc. Binary (has vulnerability or not) and composite multi-class (binary: yes; vulnerabilities: drain) labels may be used. In training a machine learning model for identifying malicious activities, the training samples may be past transactions with contextual data of those transactions.”, par.0088: “Multiple rounds of forward propagation and back propagation may be iteratively performed. Training may be completed when the objective function has become sufficiently stable (e.g., the machine learning model has converged) or after a predetermined number of rounds for a particular set of training samples. The trained machine learning model can be used for performing prediction or another suitable task for which the model is trained.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Marosi-Bauer teaching “the access control engine 220 may use one or more machine learning models 235 to identify abnormal patterns and traffic related to an autonomous program protocol 155 and may react to any potential malicious attack such as by blocking access attempts (e.g., not generating digital signatures) from parties that are identified as potential malicious parties. The type of suitable access controls vary among embodiments and may be decided by an application publisher”, (see Marosi-Bauer par.0041).
Regarding claim 23 is a method claim that recites similar limitations as the method claim 9 and is being rejected based on the same rational as claim 9.
Regarding claim 12 McCauley in view of Antipa disclose the system of Claim 1, McCauley in view of Antipa appear to be silence however Marosi-Bauer teaches wherein:
the one or more AI models include a behavior analysis model, which establishes the pattern of behavior of associated with usage of one or more functions and services in the HSM by the application during a lifecycle of crypto operations. (See Marosi-Bauer par.0046 : “A machine learning model 235 may be part of the access control engine 220 and may receive various data and contextual information related to an attempted request for accessing an autonomous program protocol 155 to predict whether the request may be noncompliant. The input of the machine learning model 235 may include IP address of the request, the function call in the request, the purported identity of the requestor, parameters used in the request, date and time of the request, frequency of the request, usage patterns of the autonomous program protocol 155, authentication information of the request, past activities of the requester, past activities of other relevant users, client data (e.g., wallet data, browser data, operating system data), cookies, user behavior on an application frontend, other activities by other users on the blockchain (e.g., to detect correlated attacks), smart contract code (e.g., both source code, if available, and binary code), geographical location estimations from IP addresses, and other suitable information.”) Examiner based on the broadest reasonable interpretation is interpreting “its” as the application.
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Marosi-Bauer teaching “the access control engine 220 may use one or more machine learning models 235 to identify abnormal patterns and traffic related to an autonomous program protocol 155 and may react to any potential malicious attack such as by blocking access attempts (e.g., not generating digital signatures) from parties that are identified as potential malicious parties. The type of suitable access controls vary among embodiments and may be decided by an application publisher”, (see Marosi-Bauer par.0041).
Regarding claim 26 is a Method claim that recites similar limitations as the method claim 12 and is being rejected based on the same rational as claim 12.
Regarding claim 13 McCauley in view of Antipa, and Marosi-Bauer the system of Claim 12, Marosi-Bauer further teaches wherein:
the pattern of behavior associated with the application includes one or more of
distribution of a plurality of service requests sent by the application over a certain period of time, types and/or frequencies of services requested by the service requests, and how many of the service requests were rejected before. (See Marosi-Bauer par.0046: “A machine learning model 235 may be part of the
access control engine 220 and may receive various data and contextual information related to an attempted request for accessing an autonomous program protocol 155 to predict whether the request may be noncompliant. The input of the machine learning model 235 may include IP address of the request, the function call in the request, the purported identity of the requestor, parameters used in the request, date and time of the request, frequency of the request, usage patterns of the autonomous program protocol 155, authentication information of the request, past activities of the requester, past activities of other relevant users, client data (e.g., wallet data, browser data, operating system data), cookies, user behavior on an application frontend, other activities by other users on the blockchain (e.g., to detect correlated attacks), smart contract code (e.g., both source code, if available, and binary code), geographical location estimations from IP addresses, and other suitable information.”, par.0038: “The transaction records
may be used as training samples in one or more machine learning models for identifying normal usage patterns of an autonomous program protocol 155 in distinguishing normal
operations from potentially fraudulent operations or malicious activities.”, par.0039: “If
the access control engine 220 determines that the request is not valid or authorized, a digital signature is not generated and the access control engine 220 may block the request and log the request as part of the record.”) Examiner interpret the when the request is not valid or authorized the access control 220 block the request and log it as part of the record which is part of the behavior use by the machine learning to predict not authorized access based on the attempted request.
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa, and Marosi-Bauer teaching of claim in 12 with Marosi-Bauer teaching “A machine learning model 235 may be trained using past transaction instances as training samples. For example, the data and contextual information related to past transaction
instances may be stored in the data store 215. Each training sample may be stored as a feature vector that includes the data and contextual information as the dimensions
of the vector. Each of the past transactions may be labeled as compliant or noncompliant.”, (see Marosi-Bauer par.0046).
Claims 10 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), view Marosi-Bauer of et al. (US-20240031146-A1 hereafter Marosi-Bauer), in further view of Rosen et al. (US-20230196318-A1hereafter Rosen).
Regarding claim 10 McCauley in view of Antipa, and Marosi-Bauer the system of Claim 9, McCauley in view of Antipa, and Marosi-Bauer do not explicitly disclose but however Rosen explicitly teaches wherein:
the AI security module is configured to continuously train the one or more AI models with data of the application received after the one or more AI models have been deployed. (See Rosen par.0074 : “AI component 126 can utilize machine learning techniques, that can employ a model ( explicitly or implicitly trained) to learn transactions, rules, preferences, smart contracts, regulations, etc., and facilitate authenticating users. AI component 126, for example, can be trained on prior historical data to identify and authenticate users, execute or deny transactions, monitor events or conditions and take automated action at desirable confidence levels (e.g., 99.99% confidence), or above any desired confidence threshold. AI component 126 can, in an embodiment, build and continuously train a model that can facilitate carrying out functions”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa, and Marosi-Bauer teaching of claim in 9 with Rosen teaching “The components can employ various AI-based schemes for carrying out various embodiments/ examples disclosed herein. In order to provide for or aid in the numerous determinations (e.g., determine, ascertain, infer, calculate, predict, prognose, estimate, derive, forecast,
detect, compute) of the present innovation, components of the present innovation can examine the entirety or a subset of the data to which it is granted access and can provide for reasoning about or determine states of the system and/or environment from a set of observations as captured via events and/or data.”, (see Rosen par.0077).
Regarding claim 24 is a Method claim that recites similar limitations as the method claim 10 and is being rejected based on the same rational as claim 10.
Claims 11 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), in further view of Crabtree et al. (US-20250007942-A1 hereafter Crabtree).
Regarding claim 11 McCauley in view of Antipa disclose the system of Claim 1, McCauley in view of Antipa appear to be silence however Crabtree teaches wherein:
the one or more AI models include an anomaly detection model, which uses one or more statistical methods or machine learning algorithms to detect the anomaly in the service request without relying on predefined rules or patterns. (See Crabtree par.0059 : “Machine learning algorithms and statistics module 800 may be used to assess cybersecurity risk and to generate scenarios for defensive cyber operations ( e.g., network security changes, red and blue team exercises, etc.). By using techniques like deep learning, reinforcement learning, Monte Carlo tree searches, hierarchical task networks, and "another modeling language" (ANML) solvers, it is possible to generate scenarios for defensive cyber operations that leverage a large number of metrics and objective functions arising from the information contained in attack knowledge manager 700. Because of their ability to identify nonobvious or hidden connections among large amounts of complex information, properly-trained machine learning algorithms are ideal for identifying previously unknown or unidentified cybersecurity vulnerabilities, attack paths or methods, and other cybersecurity concerns.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 1 with Rosen teaching “of machine learning algorithms
include cyber metric analysis for making meaningful comparisons across networks, enterprises, and scenarios, so as to more accurately and effectively allow for analysis of cybersecurity risk management and systemic risk, entities and relationships analysis for assessing risks associated with complex relationships or network arrangements, statistical analysis for comparing averages and baselines, partial observability analysis”, (see Crabtree par.0060).
Regarding claim 25 is a Method claim that recites similar limitations as the method claim 11 and is being rejected based on the same rational as claim 11.
Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over McCauley et al. (US-20210056540-A1 hereafter McCauley), in view Antipa et al. (US-20160028698-A1hereafter Antipa), in further view of Hussain et al. (US-20150358313-A1 hereafter Hussain).
Regarding claim 15 McCauley in view of Antipa the system of Claim 14, McCauley in view of Antipa appear to be silence however Hussain teaches wherein:
the HSM is a multi-chip embedded hardware/firmware cryptographic module. (See Hussain par.0021 : “the HSM 102 is a multi-chip embedded hardware/firmware cryptographic module having software, firmware, hardware, or another component that is used to effectuate a purpose. The HSM-VMs 104, the HSM managing VM 106 typically run on a network accessible multi-tenant computing unit/appliance/host 103 that is certified under Federal Information Processing Standard (FIPS) for performing secured cryptographic operations.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined McCauley in view of Antipa teaching of claim in 14 with Hussain teaching “A new approach is proposed that contemplates systems and methods to support security communication between a hardware security module (HSM) and for a plurality of web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM.
Each HSM is a high-performance, Federal Information Processing Standards (PIPS) 140-compliant security solution for crypto acceleration of the web services. Specifically, each HSM can be a hardware/firmware multi-chip embedded cryptographic
module/adapter, which provides cryptographic functionalities including but not limited to key management”, (see Hussain par.0018).
Conclusion
The prior art made of record and not relied upon is considered pertinent to
applicant's disclosure:
Lal et al. (US-20200134180-A1) a host system and a hardware accelerator and establishing a shared secret key with the hardware accelerator, the system including a trusted execution environment (TEE) having a machine learning (ML) service enclave, and the hardware accelerator including a cryptographic engine and metering hardware, the ML service enclave to perform processing with an ML model; establishing trust between the host system and one or more data owners and establishing a shared secret key with each of the one or more data owners; receiving encrypted ML data from the one or more data owners and performing access control for the received ML data; decrypting the encrypted ML data by the cryptographic engine and generating statistics for the ML data by the metering hardware; and performing analysis of the ML data from the one or more data owners by monitoring software to identify suspicious patterns in the ML data.
Collins et al. (US-20200057920-A1) The AI Asset Exchange can be responsible for asset management, transaction management, rights (encryption key) management, data management, model management, grading of assets.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUILIO MUNGUIA whose telephone number is (571)270-5277. The examiner can normally be reached M-F 9:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUILIO MUNGUIA/Examiner, Art Unit 2497 /ELENI A SHIFERAW/ Supervisory Patent Examiner, Art Unit 2497