Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
2. NO restrictions warranted at initial time of filing for patent.
Priority
3. Applicant claims domestic priority under 35 USC 119e to provisional application filed on 04/09/2024.
Information Disclosure Statement
4. The information disclosure statement (IDS) submitted on 06/30/2025, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Oath/Declaration
5. Applicant’s Oath was filed on 10/30/2024.
Drawings
6. Applicant’s drawings filed on 10/30/2024 has been inspected and is in compliance with MPEP 608.01.
Specification
7. Applicant’s specification filed on 10/30/2024 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8. NO objections warranted at initial time of filing for patent.
Remarks
9. Examiner request Applicant review relevant prior art under the conclusion of this office action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
10. Claims 1, 3, 4, 9, 10, 11, 13, 14, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20210336959 hereinafter Shah in view of U.S. Patent No. US 9763078 hereinafter Zheng.
As per claim 1, Sawant discloses:
A method for policy-based transparent packet inspection for last mile zero-trust workload protection (para 0003 “The present disclosure relates to systems and methods for application server protection by maintaining cross-session inspection context.” Para 0028 “ZPA is a cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc.”), comprising:
receiving a packet on a network interface of a provisioned resource in a data center or a user device within a network (Fig. 10, para 0091 “ With the application 350 executing on the user device, the user 102 makes a request to the enterprise file share and application 402, 404, e.g., intranet.company.com, crm.company.com, etc. (step 752).”);
determining, whether to inspect the packet based on rules received from a control plane of the network (para 0092 “This request is intercepted by the enforcement node 150A and redirected to the central authority 152, which performs a policy lookup for the user 102 and the user device 300 (step 754), transparent to the user 102. The central authority 152 determines if the user 102 and the user device 300 are authorized for the enterprise file share and application 402, 404.”)
selectively invoking a deep packet inspection of the packet based on inspection of the packet by the first intercepting agent using the rules from the control plane (para 0160 “FIG. 18 is a flow diagram of a system for server protection with cross-session inspection context. With the present systems and methods in place, when a user 102 performs clipboard access or uploads a file, the contents are sent for inspection to the inspection engine (DPI engine) 1852, i.e., the user traffic is monitored and sent to the DPI engine 1852 for inspection. The DPI engine 1852 is adapted to provide a verdict (label) for the contents. In an embodiment, the verdict can be any of no match, partial match, or full match. The central processing module 1854 acts as a deep learning module that builds the context database 1856 for storing context entries. The deep learning uses matched offsets from the DPI engine 1852. Various embodiments rely on the DPI engine 1852 for signature matching. For example, the engine capability to detect the match will decide the accuracy of the threat detection. Typical cases, other than splitting files into chunks, include an attacker adding padded data or scramble and reordering the packets while sending it to the target server 1858. In embodiments, the DPI engine 1852 supports TCP streaming and IP-reassembly before regex matching, this helps to provide accurate results.”);
and blocking the packet at the network interface based on the deep packet inspection identifying malicious content within the packet (para 0161 “In the case of a no match verdict, no context is created and stored, and the content is allowed. In response to a full match verdict, the content is treated as a threat, and the content is blocked and an alert is reported. The blocking of content can also include removing the content, or combination of content (chunks), from the server, database, etc. In embodiments, the blocking and alerting can be based on the various policies/rules described herein, and the high level example described in the present section shall be construed as a non-limiting example.”).
Sawant does not disclose:
determining, by a first intercepting agent provisioned within the network interface, whether to inspect the packet based on rules received from a control plane of the network
wherein the network interface comprises a smart network interface card (SmartNIC) or a data processing unit (DPU) and is configured with the first intercepting agent based on the control plane;
Zheng discloses:
determining, by a first intercepting agent provisioned within the network interface, whether to inspect the packet based on rules received from a control plane of the network, wherein the network interface comprises a smart network interface card (SmartNIC) or a data processing unit (DPU) and is configured with the first intercepting agent based on the control plane (Col. 6 Lines 26-51 “ In accordance with various embodiments, PGW 110 intercepts a PMIPv6 proxy binding update (PBU) message received from a particular MAG 104a-104c, inserts subscriber session information needed by LMA 114 and sends the subscriber session information to LMA 114. A PBU message is a PMIPv6 control plane request message sent by a mobile access gateway, such as one or more of MAG 104a-104c, to LMA 114 for establishing a binding between the mobile node's home network prefix(es) assigned to a given interface of a mobile node and its current care-of address (Proxy-CoA). In an example operation of PGW 110 according to at least one embodiment, when configured for subscriber continuity, PGW 119 performs Deep Packet Inspection (DPI) on the packets sent by one or more of MAG 104a in order to identify the PBU message. In a particular embodiment, the native IPv6 PBU is identified as having a Next Header field=135 in the IPv6 header and IPv4 PBU is identified as having UDP port=5436. Once the PBU message is intercepted, if authorized by the wireless operator's policy, PGW 110 constructs and appends a new Vendor Specific Mobility Option to the original PBU. This option may include the MAG's International Mobile Subscriber Identity (IMSI), Mobile Station International Subscriber Directory Number (MSISDN), Mobile Directory Number (MDN), Access Point Name (APN), Virtual Routing and Forwarding (VRF) name and other relevant information.” Col. 7 Lines 31-50 “Referring now to FIGS. 2A-2C, FIGS. 2A-2C illustrate a simplified flow diagram depicting a flow 200 associated with providing subscriber awareness for a mobile private network routing service in a network environment in accordance with one embodiment of the present disclosure. In 202, first MAG 104a (MAG A) constructs an original proxy binding update (O-PBU) message and sends the original PBU (O-PBU) message addressed to LMA 114 via PGW 110 as control plane traffic. In 204, PGW 110 performs packet inspection and intercepts the O-PBU message. In one or more embodiments, PGW 110 is configured to intercept PMIP control plane traffic having a destination address matching a set of LMA IP addresses associated with LMA 114. In a particular embodiment, PGW 110 intercepts IP user datagram protocol (UDP) packets to a particular destination port (e.g., destination port 5436) and matching a particular destination IP address. In particular embodiments in which an IPv6 protocol is used, PGW 110 may determine whether the packets match a IPv6 Mobility Header packets having a mobility header (MH) type of PBU.”)
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify systems and methods for application server protection by maintaining cross-session inspection context of Sawat to include determining, by a first intercepting agent provisioned within the network interface, whether to inspect the packet based on rules received from a control plane of the network and wherein the network interface comprises a smart network interface card (SmartNIC) or a data processing unit (DPU) and is configured with the first intercepting agent based on the control plane, as taught by Zheng.
The motivation would have been to properly inspect a packet to properly route a packet.
As per claim 3, Sawant in view of Zheng discloses:
The method of claim 1, further comprising: based on the inspection of the packet by the first intercepting agent, updating a state associated with a policy; and invoking an event based on a condition in the policy being satisfied by the state (Sawant para 0092 “This request is intercepted by the enforcement node 150A and redirected to the central authority 152, which performs a policy lookup for the user 102 and the user device 300 (step 754), transparent to the user 102. The central authority 152 determines if the user 102 and the user device 300 are authorized for the enterprise file share and application 402, 404. Once authorization is determined, the central authority 152 provides information to the enforcement nodes 150A, 150B, 150C, the application 350, and the lightweight connectors 400 at the enterprise file share and application 402, 404, and the information can include the certificates 720 and other details necessary to stitch secure connections between the various devices. Specifically, the central authority 152 can create connection information with the best enforcement nodes 150 for joint connections, from the user 102 to the enterprise file share and application 402, 404, and the unique tokens (step 756). With the connection information, the enforcement node 150A connects to the user 102, presenting a token, and the enforcement node 150C connects to the lightweight connector 400, presenting a token (step 758). Now, a connection is stitched between the user 102 to the enterprise file share and application 402, 404, through the application 350, the enforcement nodes 150A, 150B, 150C, and the lightweight connector 400.” Para 0142 “ The enforcement node 150 evaluates the request against defined policies, and upon a match, the enforcement node 150 redirects the request to a remote browser isolation service 2000 with the original URL appended as a query string (step 2004). The native browser 1402 follows the redirect and make a connection to a browser isolation endpoint, for the remote browser isolation service 2000 (step 2006). The remote browser isolation service 2000 spins up an isolated browser, such as in a container, and makes a connection to the originally requested webpage (step 2008). Note, this can be direct or via the enforcement node 150.”).
As per claim 4, Sawant in view of Zheng discloses:
The method of claim 1, further comprising: determining a second intercepting agent is associated with a source of the packet; and configuring an encrypted network connection between the first intercepting agent and the second intercepting agent (Sawant para 0047 “FIG. 2 is a network diagram of an example implementation of the cloud-based system 100. In an embodiment, the cloud-based system 100 includes a plurality of enforcement nodes (EN) 150, labeled as enforcement nodes 150-1, 150-2, 150-N, interconnected to one another and interconnected to a central authority (CA) 152. The nodes 150 and the central authority 152, while described as nodes, can include one or more servers, including physical servers, virtual machines (VM) executed on physical hardware, etc.” Para 0077 “In general, the VPN device 420 can be implemented as software instances on the enforcement nodes 150, as a separate virtual machine on the same physical hardware as the enforcement nodes 150, or a separate hardware device such as the server 200, but part of the cloud-based system 100. The VPN device 420 is the first point of entry for any client wishing to connect to the Internet 104, SaaS apps, or the enterprise private network. In addition to doing traditional functions of a VPN server, the VPN device 420 works in concert with the topology controller 450 to establish on-demand routes to the on-premises redirection proxy 430. These routes are set up for each user on demand. When the VPN device 420 determines that a packet from the user 102 is destined for the enterprise private network, it encapsulates the packet and sends it via a tunnel between the VPN device 420 and the on-premises redirection proxy 430. For packets meant for the Internet 104 or SaaS clouds, the VPN device 420 can forwards it to the enforcement nodes 150—to continue processing as before or send directly to the Internet 104 or SaaS clouds.” Para 0086 “The connection is established through the enforcement nodes 150, and is encrypted with a combination of the customer's client and server-side certificates.” Para 0090 “Note, there can be direct connectivity between the enforcement nodes 150A, 150C, the enforcement nodes 150A, 150C can connect through the enforcement node 150B, or both the user 102 and the enterprise file share and application 402, 404 can be connected to the same node 150. That is, the architecture of the cloud-based system 100 can include various implementations.” Para 0092 “Once authorization is determined, the central authority 152 provides information to the enforcement nodes 150A, 150B, 150C, the application 350, and the lightweight connectors 400 at the enterprise file share and application 402, 404, and the information can include the certificates 720 and other details necessary to stitch secure connections between the various devices.”).
As per claim 9, Sawant in view of Zheng discloses:
The method of claim 1, wherein determining whether to inspect the packet comprises: identifying a corresponding flow associated with the packet, wherein the packet is designated for the deep packet inspection based on the flow not existing (para 0158 “Traditional deep packet inspection (DPI) engines maintain per network flow context while inspecting packet contents. Once flow is terminated (i.e., ending the session), the context is deleted by the DPI engine.”).
As per claim 10, Sawant in view of Zheng discloses:
The method of claim 1, further comprising: receiving a local packet from a first application on a localhost interface directed to a second application; and inspecting, by the first intercepting agent, the local packet based on the rules received from the control plane (para 0036 “There are various techniques to forward traffic between the users 102 at the locations 112, 114, 118, and via the devices 110, 116, and the cloud-based system 100. Typically, the locations 112, 114, 118 can use tunneling where all traffic is forward through the cloud-based system 100. For example, various tunneling protocols are contemplated, such as Generic Routing Encapsulation (GRE), Layer Two Tunneling Protocol (L2TP), Internet Protocol (IP) Security (IPsec), customized tunneling protocols, etc. The devices 110, 116, when not at one of the locations 112, 114, 118 can use a local application that forwards traffic, a proxy such as via a Proxy Auto-Config (PAC) file, and the like. An application of the local application is the application 350 described in detail herein as a connector application. A key aspect of the cloud-based system 100 is all traffic between the users 102 and the Internet 104 or the cloud services 106 is via the cloud-based system 100. As such, the cloud-based system 100 has visibility to enable various functions, all of which are performed off the user device in the cloud.” Sawat para 0091 “The virtual private access process 750 is described with reference to both the user 102, the cloud-based system 100, and the enterprise file share and application 402, 404. First, the user 102 is executing the application 350 on the user device 300, in the background. The user 102 launches the application 350 and can be redirected to an enterprise ID provider or the like to sign on, i.e., a single sign on, without setting up new accounts. Once authenticated, Public Key Infrastructure (PKI) certificate 720 enrollment occurs, between the user 102 and the enforcement node 150A. With the application 350 executing on the user device, the user 102 makes a request to the enterprise file share and application 402, 404, e.g., intranet.company.com, crm.company.com, etc. (step 752). Note, the request is not limited to web applications and can include anything such as a remote desktop or anything handling any static Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) applications.”).
As per claim 11, the implementation of the method of claim 1 will execute the computing device of claim 11. The claim is analyzed with respect to claim 2.
As per claim 13, the claim is analyzed with respect to claim 3.
As per claim 14, the claim is analyzed with respect to claim 4.
As per claim 19, the claim is analyzed with respect to claim 9.
As per claim 20, the claim is analyzed with respect to claim 10.
11. Claims 2, 5, 6, 12, 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Sawant in view of Zheng, and further in view of U.S. Patent No 12537776 hereinafter Kwan.
As per claim 2, Sawant in view of Zheng discloses:
The method of claim 1, further comprising: based on the inspection of the packet by the first intercepting agent (Sawat para 0092)
Sawant in view of Zheng does not disclose:
forwarding a duplicated version of the packet to a data recording system for storing the packet
Kwan discloses:
forwarding a duplicated version of the packet to a data recording system for storing the packet (Col. 46 Lines 45-52 “Block 320 comprises assigning the packet (or one or more copies thereof) to a queue, such as a queue 142. Block 320 may comprise, for instance, the buffer manager sending the packet, or information indicating a location in memory where the packet has been stored, to queue management logic, along with an indication of a queue that has been selected for the processing of the packet (e.g. as provided by upstream logic, such as packet processor 150A).”
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify systems and methods for application server protection by maintaining cross-session inspection context of Sawat in view of Zheng to include forwarding a duplicated version of the packet to a data recording system for storing the packet, as taught by Kwan.
The motivation would have been to inspect and queue packets to route a packet properly.
As per claim 5, Sawant in view of Zheng discloses:
The method of claim 4, wherein the second intercepting agent (Sawat Para 0086 “The connection is established through the enforcement nodes 150, and is encrypted with a combination of the customer's client and server-side certificates.” Para 0090 “Note, there can be direct connectivity between the enforcement nodes 150A, 150C, the enforcement nodes 150A, 150C can connect through the enforcement node 150B, or both the user 102 and the enterprise file share and application 402, 404 can be connected to the same node 150. That is, the architecture of the cloud-based system 100 can include various implementations.” Para 0092 “Once authorization is determined, the central authority 152 provides information to the enforcement nodes 150A, 150B, 150C, the application 350, and the lightweight connectors 400 at the enterprise file share and application 402, 404, and the information can include the certificates 720 and other details necessary to stitch secure connections between the various devices.”)
Sawant in view of Zheng does not disclose:
second intercepting agent is configured to inject metadata into packets received at the first intercepting agent
Kwan discloses:
second intercepting agent is configured to inject metadata into packets received at the first intercepting agent (Col. 53 Lines 53-61 ”Block 1610
comprises receiving a packet. For instance, the packet may be received at pre-event sampler 920 in a traffic manager and/or coupled to a queue manager. Block 1620 comprises determining whether the packet is eligible for visibility monitoring. If so, then in block 1630, the packet is tagged as eligible for pre-event monitoring (e.g. by inserting a tag in a packet header, inserting associated
metadata, etc.) and considered to have been “sampled” for visibility-eligibility.” Col. 54 Lines 26-35 “Block 1670 comprises determining whether to sample the visibility packet. Block 1670 may comprise processing the visibility packet with one or more samplers, such as a single post-event sampler, or chain of samplers, each configured to implement a different type of sampling logic. Examples of sampling logic may include, without limitation, probability-based sampling, rate-aware sampling, contextual sampling, flow-based sampling, class-based sampling, priority-based sampling, or sampling based on other packet attributes, as described elsewhere herein.”)
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify systems and methods for application server protection by maintaining cross-session inspection context of Sawat in view of Zheng to include second intercepting agent is configured to inject metadata into packets received at the first intercepting agent, as taught by Kwan.
The motivation would have been to inspect and queue packets to route a packet properly.
As per claim 6, Sawant in view of Zheng and Kwan discloses:
The method of claim 5, wherein the metadata includes at least one of user authentication information, network address information, or application entry point information (Kwan Col. 26 Line 66 – Col. 67 Line 7 “According to an embodiment, a visibility subsystem such as visibility subsystem 160 may be configured to generate visibility reports based on the visibility packets it receives. A visibility report may include metadata related to one or more visibility events, such as one or more dropped packets, contents of a queue related to the event(s), a delay value indicating the delay experienced by the queue(s), a queue size, a queue size acceleration value, a flow identifier, a heavy flow indicator, and so forth.”).
As per claim 12, the claim is analyzed with respect to claim 2.
As per claim 15, the claim is analyzed with respect to claim 5.
As per claim 16, the claim is analyzed with respect to claim 6.
12. Claims 7, 8, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sawant in view of Zheng, and further in view of U.S. Publication No. 20040015905 hereinafter Huima.
As per claim 7, Sawant in view of Zheng discloses:
The method of claim 1, further comprising: receiving a policy update from the control plane (Sawat para 0041 and 0047)
Sawant in view of Zheng does not disclose:
reinitiating the first intercepting agent based on the policy update
Huima discloses:
reinitiating the first intercepting agent based on the policy update (para 0031 “FIG. 1 shows a flow diagram of a method according to an advantageous embodiment of the invention. In step 110, a new or a modified rule for processing packets is compiled by the rule compiling entity, i.e. the entity responsible for compiling rules. In step 120, the compiled code is sent to the packet processing entity. After receiving the compiled code, the packet processing entity pauses 130 processing of packets at a suitable instant in time. Such a suitable instant may be for example such a time, when the execution point or execution points in the code regarding any packet or packets are not within the piece of code or pieces of code, which were sent in step 120. The packet processing entity may also block jumps to such pieces of code and wait until any execution point or points leaves the code to be deleted or replaced. In the next step 140 the packet processing entity inserts the new code within the compiled code used for processing, and continues 150 processing of packets. If the new code is intended to replace some of the existing code, the packet processing entity can for example simply overwrite the existing code in step 140, or delete the affected part or parts of the existing code.”)
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify systems and methods for application server protection by maintaining cross-session inspection context of Sawat in view of Zheng to include reinitiating the first intercepting agent based on the policy update, as taught by Huima.
The motivation would have been to update rules and update processing packet agents accordingly.
As per claim 8, Sawant in view of Zheng and Huima discloses:
The method of claim 7, wherein the network interface is configured to pause acceptance of packets while reinitiating the first intercepting agent (Huima para 0031 “FIG. 1 shows a flow diagram of a method according to an advantageous embodiment of the invention. In step 110, a new or a modified rule for processing packets is compiled by the rule compiling entity, i.e. the entity responsible for compiling rules. In step 120, the compiled code is sent to the packet processing entity. After receiving the compiled code, the packet processing entity pauses 130 processing of packets at a suitable instant in time. Such a suitable instant may be for example such a time, when the execution point or execution points in the code regarding any packet or packets are not within the piece of code or pieces of code, which were sent in step 120. The packet processing entity may also block jumps to such pieces of code and wait until any execution point or points leaves the code to be deleted or replaced. In the next step 140 the packet processing entity inserts the new code within the compiled code used for processing, and continues 150 processing of packets. If the new code is intended to replace some of the existing code, the packet processing entity can for example simply overwrite the existing code in step 140, or delete the affected part or parts of the existing code.” Though Sawant in view of Zheng discloses policy updates, Huima discloses wherein the network interface is configured to pause acceptance of packets while reinitiating the first intercepting agent. The motivation would have been to update rules and update processing packet agents accordingly.” )
As per claim 17, the claim is analyzed with respect to claim 17.
As per claim 18, the claim is analyzed with respect to claim 18.
Conclusion
13. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A. U.S. Publication No. 20170126516 discloses on paragraph 0070 “The embodiments described above utilize load balancers to send copies of a subset of user traffic packets to the DPI engine to generate metrics. In some alternative embodiments, the DPI engine is utilized to collect network metrics without the use of load balancers. FIG. 8 conceptually illustrates a host 800 that implements auto discovery and health check using DPI in some embodiments. As shown, the host 800 is hosting several VMs 401-402. Each VM can implement a server such as any of the webservers 310, application servers 315, and database servers 320 shown in FIG. 3. The host also includes a managed forwarding element (MFE) 410 and a deep packet inspection (DPI) engine (or deep packet inspector) 880. The MFE 410 and VMs 401-402 are similar to the MFE and VMs described above by reference to FIG. 4. Similar to the DPI engine discussed above, the DPI engine in FIG. 8 can be either implemented to run on a service VM (as shown) or to run as a process that runs on the host operating system.” Paragraph 0071 “In the example of FIG. 8, all L4 ports (i.e., TCP or UDP ports) of all instances of an application to be monitored are identified and stored in storage 805. Any packet traffic to and from these ports are intercepted by the DPI engine 880 and analyzed to provide metrics for the particular application that is utilizing the ports. In this example, instead of deep packet inspection beyond L4 layer, the DPI engine prepares performance metrics for the L4 layer of the application. For instance, the DPI engine collects metrics such the size of the TCP receive window, the round trip response time of the application, the packet rate, the error rate, etc., and stores the metrics in storage 415. One of the differences between the embodiment of FIG. 8 and the prior art system shown in FIGS. 1 and 2 is that the embodiment of FIG. 8 utilizes a generic DPI engine that performs health check for any application without writing application-specific health check scripts or adding agents or code to each application that is going to be monitored.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GARY S GRACIA/Primary Examiner, Art Unit 2499