METHOD FOR THREAT DETECTION IN A THREAT DETECTION SYSTEM AND A THREAT DETECTION SYSTEM

§101 §102 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to application 1/974,018 filed on 12/9/2024. Claims 1-15 have been examined and are pending in this application. As per the Preliminary Amendment filed on 12/9/2024, claims 3-10, 13 and 14 have been amended. Claims 1-15 are pending in this application. The examiner notes the IDS(s) filed on 12/9/2024 and 4/30/2025 has been considered. Claim Objections Claims 1-12 are objected to because of the following informalities: Regarding Claims 1, 2, 9, 11 and 12; claims 1, 2, 9, 11 and 12 recite reference number from Figures 1 and 2... for example “at least one endpoint (101, 205a-205h). The examiner notes for better clarity to remove reference numbers within the claims. Appropriate correction is required. Regarding Claim 2-10; claims 2-10 recited “A method according to claim 1...”. The examiner notes for better clarity to further amend to “The method according to claim 1...”. Appropriate correction is required. Regarding Claim 4; claim 4 recites the acronyms EDR and MDR without spelling out in full at its first occurrence. The examiner notes for better clarity to spell out the acronyms EDR and MDR at its first occurrence. Appropriate correction is required. Regarding Claim 9; claim 9 recites “wherein the at least one endpoint collects...” and “wherein the thread detection controller controls...” however, such a limitations are not positively recited. The examiner suggests for better clarity to positively recite the steps carried out by the endpoint, i.e., “further comprising: collecting by at least one point threat detect data...; sending the collected data...” and for better clarity to positively recite the steps carried out by the threat detection controller, i.e., “analyzing by the thread detection controller the received thread detection related data”. Appropriate correction is required. Regarding Claim 10; claim 10 recites “wherein the at least one threat detection component carries out actions...” and “wherein an output of the threat detection component relates to...” however, such a limitations are not positively recited. The examiner suggests for better clarity to positively recite the steps carried out by the threat detection component, i.e., “carrying out actions by the at least one threat detection component by prioritizing...” and “outputting by the threat detection component at least one of the following...”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim(s) 2-9 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding claim(s) 2-4, 6, and 8, the phrase "such as" renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention. See MPEP § 2173.05(d). Regarding claim 4, 7, 9, the phrase "for example" in this instance "example given (e.g.)" renders the claim indefinite because it is unclear whether the limitation(s) following the phrase are part of the claimed invention. See MPEP § 2173.05(d). Regarding claim 2; Claim 2 is found indefinite because the claim recites both method and system. Claim 2 is directed to a method including embodiments of a system claim (i.e. “server or a service, such as...”). A claim is considered indefinite under 35 U.S.C. 112(b) or 35 U.S.C. § 112 (pre-AIA ), second paragraph, if it does not reasonably apprise those skilled in the art of its scope. See MPEP 2173.05(p) and IPXL Holdings, 430 F.3d at 1384; See also In re Katz Interactive Call Processing Patent Litig., 639 F.3d 1303 (Fed. Cir. 2011) and Ex Parte Lyell, 17 USPQ2d 1548 (BPAI 1990) at 1550-51.") for details. Regarding claim 4; Claim 4 is found indefinite because the claim recites both method and system. Claim 4 is directed to a method including embodiments of a system claim (i.e. “a service component, an external data source, and internal data source”). A claim is considered indefinite under 35 U.S.C. 112(b) or 35 U.S.C. § 112 (pre-AIA ), second paragraph, if it does not reasonably apprise those skilled in the art of its scope. See MPEP 2173.05(p) and IPXL Holdings, 430 F.3d at 1384; See also In re Katz Interactive Call Processing Patent Litig., 639 F.3d 1303 (Fed. Cir. 2011) and Ex Parte Lyell, 17 USPQ2d 1548 (BPAI 1990) at 1550-51.") for details. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-15 are rejected under 35 USC 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more. Regarding claim 1, and representative claim(s) 11-15, the claim recites the limitations “control threat detection by assigning tasks and/or giving instructions to thread detection... and by following outputs of the threat detection” and “outputting data to a threat detection ... and/or when processing information received from a thread detection...” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind. Therefore, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application. It is noted that the claim recites the operations “threat detection system comprises at least one endpoint and/or at least one server”, “utilizing by the thread detection system at least two threat detection components...”,” wherein the thread detection component are connected to a threat detection controller”, “wherein the thread detection controller utilizes at least one large language model...” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality (i.e., as generic computer components that are connected performing generic computer functions when utilized) such that it amounts no more than mere instructions to apply the exception or abstract idea using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding claims 2-10; the dependent claims are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea without being integrated into a practical application or significantly more. Claims 13-15 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter Regarding claim 13, the claim calls for a system. However, the claimed system does not include any hardware embodiments. As recited in the body of the claim, the claimed system contains: “threat detection controller”, “server,” “a service,”, “a backend service”, and/or “cloud service,” and/or “an endpoint”. The specification does not explicitly define the claimed threat detection controller, server, a service, a backend service, cloud service and endpoint are implemented only in hardware. One of ordinary skill in the art would understand that “threat detection controller”, “server”, “a service”, “a backend service”, “cloud service” and “endpoint” could be implemented in software (see the Authoritative Dictionary of IEEE, Seventh Edition, published in Dec. 2000). The nominal recitation to a "system" in the preamble does not limit the body of the claim as it only states the invention' s purpose or intended use; see Catalina Marketing Int'l, Inc., v. Coolsavings.com Inc., 289 F.3d 801,808 (Fed. Cir. 2002). The Examiner respectfully suggests that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101. Regarding Claim 14; claim 14 is rejected under 35 U.S.C. 101 as being directed to non-statutory statutory subject matter. The claim is directed to a computer program, which is software per se and is not directed to eligible subject matter. See MPEP 2106.03. Regarding claim 15; claims 15 is rejected under 35 U.S.C. 101 because the claims is directed to non-statutory subject matter. Claim 15 recites “[a] computer-readable medium”. Under a recent precedential opinion, the scope of the recited “computer-readable medium” encompasses transitory media such as signals or carrier waves, where, as here the Specification does not limit the computer readable storage medium to non-transitory forms. See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 35 U.S.C. 101 since it encompassed transitory media). The Examiner respectfully suggests that the claim be amended to either “A non-transitory computer-readable medium” or “a computer-readable storage device” to make the claim statutory under 35 USC 101; (emphasis added). Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-15 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lee et al. (US 2023/0315856 A1). Regarding Claim 1; Lee discloses a method for threat detection in a threat detection system ([0029] - cybersecurity management systems, can often be configured to monitor, evaluate, manage, and/or maintain activity or security associated with communications, artifacts, compute devices, data storage devices, servers, and/or hosts of that are of interest and [0057]), which threat detection system comprises at least one endpoint (101, 205a-205h) ([0029] - ...compute devices, data storage devices, ... and/or hosts of that are of interest....) and/or at least one server (102, 202) ([0029] = ...servers...), wherein the method comprises: - utilizing by the threat detection system at least two threat detection components for detecting cyber threats ([0029] – For example, management systems can be configured to run regularly scheduled scans on compute devices, and/or receive predetermined, regularly scheduled check-in communications from one or more compute devices. In some instances, management systems can be configured to send data, information, signals, or messages to the devices (e.g., compute devices), sources, servers, etc. In some instances, for example, management systems can manage usage policies in a set of compute devices, and manage installation, in the set of compute devices, of security software such as firewalls or antivirus software. A management system can receive, for example, via firewalls installed in the compute devices, messages or data associated with the state of the compute devices related to activity, any deviations in activity profiles detected, security levels maintained or not maintained, threats detected, web threats blocked, any changes or breaches in policies, etc., and/or generate alerts or summary reports for further analysis and [0057]), - wherein the threat detection components are connected to a threat detection controller which controls the threat detection by assigning tasks ([0029] - For example, management systems can be configured to run regularly scheduled scans on compute devices, and/or receive predetermined, regularly scheduled check-in communications from one or more compute devices. In some instances, management systems can be configured to send data, information, signals, or messages to the devices (e.g., compute devices), sources, servers, etc. and [0057]) and/or giving instructions to the threat detection components and by following outputs of the threat detection components ([0029] - In some instances, for example, management systems can manage usage policies in a set of compute devices, and manage installation, in the set of compute devices, of security software such as firewalls or antivirus software. A management system can receive, for example, via firewalls installed in the compute devices, messages or data associated with the state of the compute devices related to activity, any deviations in activity profiles detected, security levels maintained or not maintained, threats detected, web threats blocked, any changes or breaches in policies, etc., and/or generate alerts or summary reports for further analysis and [0057]), - wherein the threat detection controller utilizes at least one large language model when outputting data to a threat detection component ([0024] and [0057] - The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system) and/or when processing information received from a threat detection component ([0024] and [0057] - The NL interface manager 211 can be configured to populate the NL interface, for example, NL interface 550, with information that can associated with performing system tasks via the management system. For example, the NL interface 550 can be used to display summary information that can be obtained as results from executing system commands by providing natural language requests. The example shown in FIG. 5 includes results displayed in the interface 550 related to security monitoring conducted by a cybersecurity management system) Regarding Claim 2; Lee discloses the method according to claim 1. Lee further discloses wherein the threat detection controller is arranged to a server (102, 202) or a service, such as a backend service (202) and/or a cloud service and/or to an endpoint (101, 205a-205h) ([0029] - Management systems, for example, cybersecurity management systems, can often be configured to monitor, evaluate, manage, and/or maintain activity or security associated with communications, artifacts, compute devices, data storage devices, servers, and/or hosts of that are of interest. In some instances, management systems can be configured to be in communication with compute devices, servers, data sources, data storage devices, hosts, and can maintain a schedule of scanning the various devices or sources and reporting the results for maintenance of security). Regarding Claim 3; Lee discloses the method according to claim 1. Lee further discloses wherein an input for the threat detection system and/or an input for a component of a threat detection system, such as decision-making logic, analysis of executables, updates and decision on incidents, assessed reputations and/or risk scores, is received in natural language, as structure, in numbers, as categories or their combination (FIG. 5 and [0029] and- [0056]-[0058] - The NL interface manager 211 can be configured to generate a user interface that can be used to receive natural language queries or phrases from a human user based on which the processor 210 can implement auto-completion, auto-correction, and/or intent inference, as described herein, to generate system commands compatible with a management system... The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system. .... For example, the NL interface 550 can be used to display summary information that can be obtained as results from executing system commands by providing natural language requests... category... count... ), and the threat detection controller converts the received information by the at least one large language model to the format required by the threat detection component or the threat detection system ([0056]-[0058] - Each of these summaries, reports, and/or the information used to generate the summaries/reports can be populated using natural language phrases via the NL interface 550 by a user input of a natural language request at the editable text space 572.) Regarding Claim 4; Lee discloses the method according to claim 1. Lee further discloses wherein the at least two threat detection components comprise at least one of the following: a service component, such as a parser, an antivirus engine, an EDR and/or a MDR engine, e.g. an EDR and/or a MDR rule based engine, an EDR and/or a MDR AI-based engine, an external data source, such as a domain search database, a virus database or information source, an internal data source, such as a threat intelligence information database, an incident information database, an asset information database ([0029] – antivirus and [0044] - Based on the summary, the NL analysis device 101 can receive instructions from a user and perform one or more actions such as send message to endpoints, block or permit communications between endpoints or servers, quarantine an endpoint, generate, and send an alert to a user regarding a status of one or more endpoints, and/or the like and [0060] - Example action parameters can include blocking a communication or a host, allowing a communication, filtering a set of data, sorting a set of data, displaying a set of data, applying a patch, rebooting an endpoint, executing a rule and/or the like.) As noted instructions/performing actions to an endpoint is an EDR rule based engine. Regarding Claim 5; Lee discloses the method according to claim 1. Lee further discloses wherein the threat detection component and/or the task given for the threat detection component relates to machine translation, sentiment analysis, grammar checking and/or identifying synonyms and semantically similar statements ([0032] - The template query can be finalized with user input, and then translated into a complex SQL query. For example, the ML model can be trained, using training data, to generate complex queries based on the natural language request or phrase provided by predicting the user's intent to perform the task and [0057] - The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system threat... category... blocked... and [0070] - The ML models 212 can include a fourth ML model configured to receive a natural language phrase as a reference and generate a set of similar natural language phrases (e.g., semantically similar, functionally similar, etc.). The fourth ML model can be configured to receive the reference NL phrase and generate synonyms of the words in the reference NL phrase, and then use a combinatorial approach in using the synonyms to generate semantically, syntactically, functionally and/or contextually similar phrases as output) Regarding Claim 6; Lee discloses the method according to claim 1. Lee further discloses wherein decision making logic related information, such as deep analysis of executables, updates on incidents and decision on incidents, assessed reputations and/or risk scores, is received as input to the threat detection controller (FIG. 5 and [0056]-[0058] - The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system... threat... category... blocked... For example, the NL interface 550 can be used to display summary information that can be obtained as results from executing system commands by providing natural language requests.) Regarding Claim 7; Lee discloses the method according to claim 1. Lee further discloses the method further comprises summarizing the output from the threat detection system and/or threat detection controller, e.g. the decision and/or reasons for the decision, by the at least one large language model (FIG. 5 and [0056]-[0058] - The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system... threat... category... blocked... For example, the NL interface 550 can be used to display summary information that can be obtained as results from executing system commands by providing natural language requests.) Regarding Claim 8; Lee discloses the method according to claim 1. Lee further discloses wherein the at least one large language model is a generative model and/or a model for natural language processing (NLP) tasks, such as text generation, language translation, sentiment analysis, text summarization and/or question-answering ([0056] - The NL interface manager 211 can be configured to generate a user interface that can be used to receive natural language queries or phrases from a human user based on which the processor 210 can implement auto-completion, auto-correction, and/or intent inference, as described herein, to generate system commands compatible with a management system and [0057] - Each of these summaries, reports, and/or the information used to generate the summaries/reports can be populated using natural language phrases via the NL interface 550 by a user input of a natural language request at the editable text space 572.) Regarding Claim 9; Lee discloses the method according to claim 1. Lee further discloses wherein the at least one endpoint (101, 205a-205h) collects threat detection related data from the endpoint by a security agent module installed at the endpoint (101, 205a-205h) and sends the collected threat detection related data to the threat detection system, e.g. a server (102, 202) of the threat detection system, for further analysis, wherein the threat detection controller controls analysis of the received threat detection related data ([0029] - For example, management systems can be configured to run regularly scheduled scans on compute devices, and/or receive predetermined, regularly scheduled check-in communications from one or more compute devices. In some instances, management systems can be configured to send data, information, signals, or messages to the devices (e.g., compute devices), sources, servers, etc. In some instances, for example, management systems can manage usage policies in a set of compute devices, and manage installation, in the set of compute devices, of security software such as firewalls or antivirus software. A management system can receive, for example, via firewalls installed in the compute devices, messages or data associated with the state of the compute devices related to activity, any deviations in activity profiles detected, security levels maintained or not maintained, threats detected, web threats blocked, any changes or breaches in policies, etc., and/or generate alerts or summary reports for further analysis. Management systems can be configured to set policies, for example, operational policies associated with permissions for specific users to access specified portions of a compute device, communication device, and/or a data storage. Management systems can be configured to set security policies associated with data transfer, communication of information, or day-to-day activity of one or more compute devices under the management of the management system. Management systems can be configured to send messages or data to the compute devices to permit or block activity at a compute device, for example, communications to or from the device. Management systems can be configured to permit or block activity of one or more users, entities, communications involving one or more hosts, and/or the like and [0057] - Each summary is associated with a control tool to invoke generation of a report for review and further analysis. Each of these summaries, reports, and/or the information used to generate the summaries/reports can be populated using natural language phrases via the NL interface 550 by a user input of a natural language request at the editable text space 572.). Regarding Claim 10; Lee discloses the method according to claim 1. Lee further discloses wherein the at least one threat detection component carries out actions relating to prioritizing potential treatments for an identified threat and/or security posture improvements ([0029] - Management systems can be configured to set policies, for example, operational policies associated with permissions for specific users to access specified portions of a compute device, communication device, and/or a data storage. Management systems can be configured to set security policies associated with data transfer, communication of information, or day-to-day activity of one or more compute devices under the management of the management system. Management systems can be configured to send messages or data to the compute devices to permit or block activity at a compute device, for example, communications to or from the device. Management systems can be configured to permit or block activity of one or more users, entities, communications involving one or more hosts, and/or the like and [0057] - The NL interface manager 211 can be configured to generate the NL interface 550 in FIG. 5, for example, to provide control tools to receive natural language phrases or queries from a user indicating an intent to perform a task via a management system.), and/or wherein an output of the threat detection component relates to at least one of the following: identified vulnerability, identified critical asset, priority of identified vulnerability, priority of critical asses, risk values for business of the identified asset and/or vulnerability, attack path mapping, visualization and reporting artifact (FIG. 5 and [0057] - Each summary is associated with a control tool to invoke generation of a report for review and further analysis. Each of these summaries, reports, and/or the information used to generate the summaries/reports can be populated using natural language phrases via the NL interface 550 by a user input of a natural language request at the editable text space 572). Regarding Claim(s) 11; claim(s) 11 is/are directed to a/an server associated with the method claimed in claim(s) 1. Claim(s) 11 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale. Regarding Claim 12; Lee further discloses a threat detection system comprising: at least one endpoint (101, 205a-205h) ([0029] and [0057]), and/or at least one server, wherein the server is a server (102, 202) according to claim 11 ([0029] - Management systems, for example, cybersecurity management systems, can often be configured to monitor, evaluate, manage, and/or maintain activity or security associated with communications, artifacts, compute devices, data storage devices, servers, and/or hosts of that are of interest. In some instances, management systems can be configured to be in communication with compute devices, servers, data sources, data storage devices, hosts, and can maintain a schedule of scanning the various devices or sources and reporting the results for maintenance of security and [0057]). Regarding Claim 13; Lee further discloses a threat detection system wherein the threat detection system is configured to carry out a method according to claim 2 ([0029] - Management systems, for example, cybersecurity management systems, can often be configured to monitor, evaluate, manage, and/or maintain activity or security associated with communications, artifacts, compute devices, data storage devices, servers, and/or hosts of that are of interest. In some instances, management systems can be configured to be in communication with compute devices, servers, data sources, data storage devices, hosts, and can maintain a schedule of scanning the various devices or sources and reporting the results for maintenance of security and [0057]). Regarding Claim 14; Lee further discloses a computer program comprising instructions which, when executed by a computer, cause the computer to carry out the method according to claim 1 ([0029] and [0057] and [0126] - Some embodiments described herein relate to a computer storage product with a non-transitory computer-readable medium (also can be referred to as a non-transitory processor-readable medium) having instructions or computer code thereon for performing various computer-implemented operations). Regarding Claim 15; Lee further discloses a computer-readable medium comprising the computer program according to claim 14 ([0029] and [0057] and [0126] - Some embodiments described herein relate to a computer storage product with a non-transitory computer-readable medium (also can be referred to as a non-transitory processor-readable medium) having instructions or computer code thereon for performing various computer-implemented operations). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KARI L SCHMIDT/ Primary Examiner, Art Unit 2439