DETAILED ACTION
This Office action is in response to the application filed on 04/07/2025.
Claims 1-20 are cancelled.
Claims 21-40 are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/16/2025 and 04/06/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
19171447
US 12,316,636 B2
21. A method comprising: receiving, at a processing resource of a storage system, credentials of a management controller for each host device of a plurality of candidate host devices, the storage system comprising a management interface and a data interface, the management interface to receive a management command that configures a storage volume of the storage system, and the data interface to receive a data-access command that accesses data in the storage system; selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system, wherein the management interface is to allow management operations on the storage system and is separate from the data interface; for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validating, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate; and configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface.
1. A method comprising:receiving, at a processing resource of a storage system, credentials of a management controller for each host device of a plurality of candidate host devices, the storage system comprising a management interface and a data interface, the management interface to receive a management command that configures a storage volume of the storage system, and the data interface to receive a data-access command that accesses data in the storage system;selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system, wherein the management interface is to allow management operations on the storage system and is separate from the data interface;for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validate, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate; configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface;selecting, by the processing resource, a second set of host devices from the plurality of candidate host devices, wherein each host device of the second set of host devices is to be denied access to the management interface of the storage system, and wherein the second set of host devices is different from the first set of host devices;for each corresponding host device of the second set of host devices, obtaining, by the processing resource, network adapter information for the corresponding host device from the management controller of the corresponding host device; andconfiguring, by the processing resource, the management interface with the network adapter information for each corresponding host device of the second set of host devices to deny connections from the corresponding host device to the management interface.
22.The method of claim 21, further comprising: preventing, by the processing resource, a host device from the first set of host devices from accessing the management interface in response to determining that the host device has access to the data interface of the storage system.
2. The method of claim 1, further comprising:preventing, by the processing resource, a host device from the first set of host devices from accessing the management interface in response to determining that the host device has access to the data interface of the storage system.
23. The method of claim 21, wherein the configuring of the management interface comprises: creating, by the processing resource, an allow-list containing the network adapter information for each host device of the first set of host devices.
3. The method of claim 1, wherein the configuring of the management interface with the network adapter information for each respective host device of the first set of host devices comprises:creating, by the processing resource, an allow-list containing the network adapter information for each respective host device of the first set of host devices.
24. The method of claim 23, further comprising: receiving, by the processing resource, a request to access the management interface from a first host device; and allowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
4. The method of claim 3, further comprising:receiving, by the processing resource, a request to access the management interface from a first host device; andallowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
25. The method of claim 23, further comprising: receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and updating, by the processing resource, the allow-list based on the change.
17.The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
26. The method of claim 21, further comprising: receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and verifying, by the processing resource, an integrity of the change in the network adapter information of the first host device.
17.The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
27. The method of claim 21, wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
15. The non-transitory machine-readable storage medium of claim 9, wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
28. The method of claim 21, wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device.
16.The non-transitory machine-readable storage medium of claim 9, wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device.
29. A non-transitory machine-readable storage medium comprising instructions executable by a processing resource of a storage system to: select, from a plurality of candidate host devices, a first set of host devices to be allowed access to a management interface of the storage system, wherein the management interface is to receive a management command that configures a storage volume of the storage system, and the management interface is separate from a data interface of the storage system, the data interface to receive a data-access command that accesses data in the storage system; for each respective host device of the first set of host devices, obtain network adapter information comprising a respective digital certificate of the respective host device; validate each respective host device of the first set of host devices using a digital signature in the respective digital certificate; and configure the management interface with the network adapter information of each respective host device of the first set of host devices to allow connections from the respective host device to the management interface.
9. A non-transitory machine-readable storage medium comprising instructions executable by a processing resource of a storage system to:select, from a plurality of candidate host devices, a first set of host devices to be allowed access to a management interface of the storage system, wherein the management interface is to receive a management command that configures a storage volume of the storage system, and the management interface is separate from a data interface of the storage system, the data interface to receive a data-access command that accesses data in the storage system ;for each respective host device of the first set of host devices, obtain network adapter information comprising a respective digital certificate of the respective host device; validate each respective host device of the first set of host devices using a digital signature in the respective digital certificate; configure the management interface with the network adapter information of each respective host device of the first set of host devices to allow connections from the respective host device to the management interface;select, from the plurality of candidate host devices, a second set of host devices to be denied access to the management interface of the storage system, wherein each host device of the second set of host devices is different from each host device of the first set of host devices;for each corresponding host device of the second set of host devices, obtain network adapter information of the corresponding host device; andconfigure the management interface with the network adapter information of each corresponding host device of the second set of host devices to deny connections from the corresponding host device to the management interface.
30. The non-transitory machine-readable storage medium of claim 29, wherein the configuring of the management interface comprises: creating an allow-list containing the network adapter information of each host device of the first set of host devices.
10. The non-transitory machine-readable storage medium of claim 9, wherein the configuring of the management interface with the network adapter information of each respective host device of the first set of host devices comprises:creating an allow-list containing the network adapter information of each respective host device of the first set of host devices.
31. The non-transitory machine-readable storage medium of claim 30, wherein the instructions are executable by the processing resource: receive, from a first host device, a notification indicating a change in the network adapter information of the first host device; and update the allow-list based on the change.
17. The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
32. The non-transitory machine-readable storage medium of The non-transitory machine-readable storage medium of comprising instructions executable by the processing resource to: receive, from a host device, a request to access the management interface; and in response to determining that the network adapter information of the host device is indicated in the allow-list, allow the host device to access the management interface.
11. The non-transitory machine-readable storage medium of claim 10, comprising instructions executable by the processing resource to:receive, from a first host device, a request to access the management interface; andin response to determining that the network adapter information of the first host device is indicated in the allow-list, allow the first host device to access the management interface.
32a. The non-transitory machine-readable storage medium of claim 29, wherein the instructions are executable by the processing resource: receive, from a first host device, a notification indicating a change in the network adapter information of the first host device; and verify an integrity of the change in the network adapter information of the first host device.
17. The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
33. The non-transitory machine-readable storage medium of claim 29, wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
15. The non-transitory machine-readable storage medium of claim 9, wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
34. The non-transitory machine-readable storage medium of claim 29, wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device.
16. The non-transitory machine-readable storage medium of claim 9, wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device.
35. A storage system comprising: a management interface to receive a management command that configures a storage volume of the storage system; a data interface to receive a data-access command that accesses data in the storage system, wherein the management interface is separate from the data interface; a processing resource; and a machine-readable storage medium comprising instructions executable by the processing resource to: select a first set of host devices from a plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface; for each respective host device of the first set of host devices, obtain network adapter information comprising a respective digital certificate of the respective host device from a management controller of the respective host device; validate each respective host device of the first set of host devices using a digital signature in the respective digital certificate; and configure the management interface with the network adapter information of each respective host device of the first set of host devices to allow connections from the respective host device to the management interface.
1. A method comprising:receiving, at a processing resource of a storage system, credentials of a management controller for each host device of a plurality of candidate host devices, the storage system comprising a management interface and a data interface, the management interface to receive a management command that configures a storage volume of the storage system, and the data interface to receive a data-access command that accesses data in the storage system;selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system, wherein the management interface is to allow management operations on the storage system and is separate from the data interface;for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validate, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate;configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface;selecting, by the processing resource, a second set of host devices from the plurality of candidate host devices, wherein each host device of the second set of host devices is to be denied access to the management interface of the storage system, and wherein the second set of host devices is different from the first set of host devices;for each corresponding host device of the second set of host devices, obtaining, by the processing resource, network adapter information for the corresponding host device from the management controller of the corresponding host device; andconfiguring, by the processing resource, the management interface with the network adapter information for each corresponding host device of the second set of host devices to deny connections from the corresponding host device to the management interface.
36. The storage system of claim 35, wherein the network adapter information further includes one or more of vendor information, model information, hardware information, or firmware information.
20. The storage system of claim 19, wherein the network adapter information further includes one or more of vendor information, model information, hardware information, or firmware information.
37. The storage system of claim 35, wherein the configuring of the management interface comprises:creating an allow-list containing the network adapter information of each host device of the first set of host devices.
3. The method of claim 1, wherein the configuring of the management interface with the network adapter information for each respective host device of the first set of host devices comprises:creating, by the processing resource, an allow-list containing the network adapter information for each respective host device of the first set of host devices.
38. The storage system of claim 37, wherein the instructions are executable by the processing resource to: receive a request to access the management interface from a first host device; and allow the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
4. The method of claim 3, further comprising:receiving, by the processing resource, a request to access the management interface from a first host device; andallowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
39. The storage system of claim 37, wherein the instructions are executable by the processing resource to: receive, from a first host device, a notification indicating a change in the network adapter information of the first host device; and update the allow-list based on the change.
17. The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
40. The storage system of claim 35, wherein the instructions are executable by the processing resource to: receive, from a first host device, a notification indicating a change in the network adapter information of the first host device; and verify an integrity of the change in the network adapter information of the first host device.
17. The non-transitory machine-readable storage medium of claim 9, comprising instructions executable by the processing resource to:receive, from a first host device, a notification indicating a change in the network adapter information of the first host device.
Claims 21-24, 27-30, 32, 33-38 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 9-11 16-17 and 20 of U.S. Patent No. US 12,316,636 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are taught by patent ‘636 as set forth above.
Claims 25, 31, 39 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 17 of U.S. Patent No. US 12,316,636 B2 in view of Tseitlin et al. (hereinafter Tseitlin, US 2013/0276089 A1).
Regarding Claim 25, claim 17 of U.S. Patent No. US 12,316,636 B2 claim 21 as set forth above.
Claim 17 of U.S. Patent No. US 12,316,636 B2 disclose receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device as set forth above.
However claim 17 of U.S. Patent No. US 12,316,636 B2 does not explicitly disclose updating, by the processing resource, the allow-list based on the change.
Tseitlin discloses receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device (Tseitlin: para.0054 “As shown, a method begins at step 602, where the security application 164 discovers a new security certificate within the distributed computing architecture 110. The new security certificate typically includes an identifying label and an expiration date. At step 604, the security application 164 searches the database 255 or other storage repository for a corresponding security certificate with an earlier expiration date. At step 606, the security application 164 determines whether the existing certificate resides within the database 255.” It can be determined that a new security certificate is obtained from a host, i.e. one of nodes in network 110, and corresponding to a previous certificate, i.e. a notification indicating a change in network adapter information.); and
updating, by the processing resource, the allow-list based on the change (Tseitlin: para.0055 “However, if, in step 606, the certificate resides within the database 255, then the method 600 proceeds to step 608, where the security application 164 deletes the existing security certificate. At step 610, the security application 164 stores the new certificate in the database 255.” The allow-list, i.e. the set of valid certificates for nodes in network 110, are updated with the new certificate.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine claim 17 of U.S. Patent No. US 12,316,636 B2 with that of Tseitlin in order to incorporate updating, by the processing resource, the allow-list based on the change.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security from maintaining valid certificates (Tseitlin: para.0006).
Regarding Claim 39, it does not teach nor further define over the limitations of claim 25, therefore the supporting rationale for the rejection to claim 25 applies equally as well to that of claim 39.
Claims 26, 32a, 40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 17 of U.S. Patent No. US 12,316,636 B2 in view of Comay et al. (hereinafter Comay, US 2018/0176210 A1).
Regarding Claim 26, claim 17 of U.S. Patent No. US 12,316,636 B2 claim 21 as set forth above.
Claim 17 of U.S. Patent No. US 12,316,636 B2 disclose receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device as set forth above.
However claim 17 of U.S. Patent No. US 12,316,636 B2 does not explicitly disclose verifying, by the processing resource, an integrity of the change in the network adapter information of the first host device.
Comay discloses receiving, by the processing resource from a first host device, a notification indicating the network adapter information of the first host device (Comay: para.0032 “ method 400 receives the client certificate from the endpoint device 110, the client certificate comprising a subject name, a client public key and a digital signature of the client public key, signed by a certificate authority 160.” Certificate is obtained by the processing resource); and
verifying, by the processing resource, an integrity of the network adapter information of the first host device (Comay: para.0032 “ At block 430, method 400 verifies the digital signature of the client public key using the certificate authority public key. At block 440, method 400 verifies the client subject name using the client public key” processing resource verifies the integrity of the certificate in step 440).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine claim 17 of U.S. Patent No. US 12,316,636 B2 with Comay in order to incorporate receiving, by the processing resource from a first host device, a notification indicating the network adapter information of the first host device, verifying, by the processing resource, an integrity of the network adapter information of the first host device such that the integrity of the received change in network adapter information is verified.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security (Comay: para.0002).
Regarding Claim 32a, it does not teach nor further define over the limitations of claim 26, therefore the supporting rationale for the rejection to claim 26 applies equally as well to that of claim 32a.
Regarding Claim 40, it does not teach nor further define over the limitations of claim 26, therefore the supporting rationale for the rejection to claim 26 applies equally as well to that of claim 40.
Claim Objections
Claim 32 is objected to because of the following informalities:
There are 2 claim 32s in the claim set as seen below:
32. (New) The non-transitory machine-readable storage medium of The non-transitory machine-readable storage medium of comprising instructions executable by the processing resource to: receive, from a host device, a request to access the management interface; and in response to determining that the network adapter information of the host device is indicated in the allow-list, allow the host device to access the management interface.
32. (New) The non-transitory machine-readable storage medium of claim 29, wherein the instructions are executable by the processing resource: receive, from a first host device, a notification indicating a change in the network adapter information of the first host device; and verify an integrity of the change in the network adapter information of the first host device.
Therefore in order to examine the claims, the second claim 32 will be referred to as claim 32a.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 21-24, 28-32, 34-38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sandler et al. (hereinafter Sandler, US 2013/0179993 A1) in view of Talmor et al. (hereinafter Talmor, US 20230136843 A1) in view of Comay et al. (hereinafter Comay, US 2018/0176210 A1)
Regarding Claim 21, Sandler discloses A method comprising: receiving, at a processing resource of a storage system (Sandler: para.0060 “ Method 400 is executed by a storage device, such as storage system 200.” Para.0034 “In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the presently disclosed subject matter.”, Via the processor of storage system 200),
credentials of a management controller for each host device of a plurality of candidate host devices (Sandler: para.0061 “Method 400 begins with a step 410 of receiving from a host, via a data communication interface, a request for accessing the storage management layer. The data communication interface may be a SCSI port or any other port configured to communicate I/O and data access related commands. The request may include the identity of the host and the management functionality or service, requested to be accessed.” Para.0045 “Access of hosts via management communication path 232 is restricted and should be controlled, so as to limit access to trusted hosts. According to embodiments of the presently disclosed subject matter, management layer 240 is configured to manage hosts' access to the management layer, which can include: receiving requests to access the management layer, deny the access requests or provide authentication information required to access the management layer, to authenticate hosts that access the management layer using the provided information and to limit the validity of the authentication parameters in terms of time and number of accesses. Management control layer 240 can manage an access table that includes accounts for the authorized hosts and their associated authentication information.” Credentials of a plurality of hosts, such as its identity is obtained from each host, the management controller under broadest reasonable interpretation is the software that requests the management operations, therefore the credentials of the host are also the credentials of the management controller.),
the storage system comprising a management interface and a data interface (Sandler: Fig. 2, para.0038 “Storage system 200 includes two communication interfaces: a data communication interface 221 and a management communication interface 222, wherein unlike system 100 of FIG. 1, both communication interfaces are accessible to host 250.” Management interface 222 with the management layer is the management interface, and data interface 221 with the data control layer is the data interface),
the management interface to receive a management command that configures a storage volume of the storage system (Sandler: para.0067 “Step 430 is followed by step 440 of receiving a management command, from the host via the management communication interface. The management command may be related to controlling a storage resource related to the host. The storage resource may be a volume, a snapshot, a snapshot/volume family, a consistency group, etc. The controlling may include: creating a volume/snapshot, changing a volume/snapshot, deleting a volume/snapshot, etc.” Management interface 222 receives management commands), and
the data interface to receive a data-access command that accesses data in the storage system (Sandler: para.0044 “Data control layer 160 is coupled to data communication interface 221 and to a storage array 280 and includes all the modules (not shown) required to serve commands received via data communication interface 221 and to read and write data stored in storage array 280.” Data interface 221 receives read and write commands);
wherein the management interface is to allow management operations on the storage system and is separate from the data interface (Sandler: para.0044 “Data control layer 160 is coupled to data communication interface 221 and to a storage array 280 and includes all the modules (not shown) required to serve commands received via data communication interface 221 and to read and write data stored in storage array 280. Management layer 240 is coupled to management communication interface 222 and includes all the modules (not shown) required to serve commands received via management communication interface 222.” Fig. 2 shows management interface and data interface serving the management layer and data control layer separately, the management commands received via the management interface in para.0067.);
configuring, by the processing resource, the management interface with the classification information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface (Sandler: para.0063 “The generation of access information that is indicative of the management functionality may be done in accordance with the identity of the host and/or with a classification of the host, as predefined in the management layer. According to an embodiment, the hosts may be classified into several levels of privileges that can be provided to these hosts (e.g. high level of privileges for highly trusted hosts, medium level for average trusted hosts, low level, manager level, etc.).” para.0069 “Step 440 is followed by step 450 of validating the management command, using the access information (and particularly, authentication parameters). The command is considered valid if it conforms to the access parameters, as described above. The validation may further include checking if the command meets the usage restriction of the access information or if the command violates the usage restrictions, e.g. if the time limitation of the access information has expired, or if the number of times these parameters have been used in a management command is exhausted. If the command does not conform to the access parameters and/or if it violates the usage restrictions, then step 450 includes denying access.” Para.0045 “ Management control layer 240 can manage an access table that includes accounts for the authorized hosts and their associated authentication information.” the management interface/layer is configured to allow certain hosts to access management operations based on classification of the host.).
However, while Sandler maintains a list of devices with access to management functionalities, Sandler does not explicitly disclose how the list is created, therefore Sandler does not explicitly disclose receiving, at a processing resource of a storage system credentials of a management controller for each host device of a plurality of candidate host devices; selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system, for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validating, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate; and configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface.
Talmor discloses selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system (Talmor: para.0032 "rules module 212 can display, on the client via a graphical user interface (GUI), a list of the clients of a cloud-computing environment, a list of the execution environments of the cloud-computing environment, a list of the hosts (e.g., host 110, 120) of the cloud-computing environment, or any combination thereof... Responsive to user input (e.g., user selection), the rules module 212 may add one or more of the entities to one or more first level access lists (e.g., the whitelist, the blacklist, the flag based list indicative of access permissions)." Using the obtained host data, the uscr adds devices to blacklists and whitelists via the access manager 210. Examiner notes that para.0037 of specification allows for this selection process to be done by human along side the processing resource "In some examples, the system 100 may receive user inputs to select the first set of host devices from the candidate host devices. For example, a storage administrator may provide the user inputs (e.g., via GUI or from a host device over a network) to select one or more host device(s) from the candidate host devices. "),
for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information for the respective host device from the management controller of the respective host device (Talmor: para.0032 "To generate these list(s), rules module 212 may query to retrieve, from a data structure stored in memory 201 (not shown) or from cloud provider system 104, a list of execution environments and/or hosts currently running on the cloud-computing environment, a list of the clients currently connected to the cloud-computing environment, etc The data structure may include metadata that indicates an Internet Protocol (IP) address or Media Access Control (MAC) address of each client" the addresses of each of the hosts is obtained from a cloud provider system.);
configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface (Talmor: Fig. 2 para.0033 "In some embodiments, the rules may include a second level access list that includes which type of memory access command each entity on the first level access list is allowed to perform. A memory access command is a command to perform a data related operation at an address range of the block device. For example, the types of memory access commands may include read commands, write commands, erase commands, modify commands, etc. The rules module 212 may set which entities are allowed to perform which types of memory access commands. For example, rules module 212 may maintain, in the rules data structure, which entities are allowed access to the block device. For each entity allowed access, rules module 212 may include a bit or metadata indicative of the type of memory commands the entity is allowed to perform on the block device. The second level access list may be maintained by rules module 212 and stored on rules data structure 202.” The second level access module is configured with a second level access list, such as the table in fig. 3, para.0034.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler with Talmor in order to incorporate selecting, by the processing resource, a first set of host devices from the plurality of candidate host devices, wherein each host device of the first set of host devices is to be allowed access to the management interface of the storage system; for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information for the respective host device from the management controller of the respective host device; configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the management interface.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improving security in data access system (Talmor: para.0015-0017, para.0002).
However Sandler-Talmor does not explicitly disclose for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validating, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate.
Comay discloses for each respective host device of the first set of host devices (Comay: para.0021 “In one embodiment, access control list manager 210 creates, manages and applies an access control list (ACL) 242 to switch 130 to control what network resources 140 a particular device (e.g., endpoint device 110) or group of devices has access to over network 150.” The system determines authorizations for a plurality of host devices via ACL.),
obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device (Comay: para.0031 “The method 400 can be used to authenticate an endpoint device 110 connected to network 150 and determine a level of access to grant endpoint device 110 to network resources 140. In one embodiment, method 400 may be performed by NA controller 125, as shown in FIGS. 1 and 2.” Para.0029 “ At block 340, method 300 validates a client certificate corresponding to the endpoint device 110 to authenticate the endpoint device 110 as a corporate device. In one embodiment, client certificate manager 225 receives the client certificate (e.g., an X.509 certificate) and uses the certificate to authenticate endpoint device 110. Additional details of the authentication process are described below with respect to FIG. 4.”Para.0032 “ Referring to FIG. 4, at block 410, method 400 receives the client certificate from the endpoint device 110, the client certificate comprising a subject name, a client public key and a digital signature of the client public key, signed by a certificate authority 160. In one embodiment, the client certificate includes a digital signature of some unique item. For example, in HTTPS, there could be a digital signature of a DNS name of the server. Verifying the digital signature ensures the client that the web server is authentic. Depending on the embodiment, the unique item could be the username of a user logged in to the endpoint device 110, or the hostname of the endpoint device 110.” A certificate is obtained from network device)
validating, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate (para.0030 “At block 350, method 300 grants the endpoint device 110 access to the resources 140 of the network. Once verified, client certificate manager 225 can determine that the corresponding endpoint device 110 is authenticated and can notify access control list manager 210 to update the access permissions for endpoint device 110.” Para.0032 “At block 420, method 400 retrieves a certificate authority certificate from the certificate authority 160, the certificate authority certificate comprising a certificate authority (CA) public key. At block 430, method 400 verifies the digital signature of the client public key using the certificate authority public key. At block 440, method 400 verifies the client subject name using the client public key." For each of a plurality of client devices, they are authenticated via a signature in their certificates.);
configuring, by the processing resource, the management interface with the network adapter information for each respective host device of the first set of host devices to allow connections from the respective host device to the network resources (Comay: para.0021 “Initially, upon connection, the access control list 242 may grant endpoint device 110 access only to network access control device 120 until endpoint device 110 can be authenticated. Once endpoint device 110 is authenticated, access control list manager 210 may update the access control list 242 applied to switch 130 or apply a new access control list to switch 130 to grant endpoint device 110 access to more or all of network resources 140.” The access control list of the switch is either updated or a new ACL is applied in view of the certificate authentication for the client, para.0030.)
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler-Talmor with Comay in order to incorporate for each respective host device of the first set of host devices, obtaining, by the processing resource, network adapter information comprising a respective digital certificate for the respective host device from the management controller of the respective host device; validating, by the processing resource, each respective host device of the first set of host devices using a digital signature in the respective digital certificate.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security (Comay: para.0002).
Regarding Claim 22, Sandler-Talmor-Comay discloses claim 21 as set forth above.
Sandler further discloses preventing, by the processing resource, a host device from the first set of host devices from accessing the management interface in response to determining that the host device has access to the data interface of the storage system (Sandler: para.0068 “The management command must conform to the access information provided to the host in step 430. The command conforms to the access information, for example, by including the authentication information (e.g. password) within the command, by being encrypted by a key included in the authentication information or by including a signature that was produced using the key. Optionally, if the access information is indicative of a management functionality, then the management functionality implied by the command should match the management functionality indicated in the access information. Optionally, if usage restrictions were defined, the command should not violate the usage restrictions associated with the access information (i.e. the authentication parameters have not expired or are over-used).” Para.0069 “Step 440 is followed by step 450 of validating the management command, using the access information (and particularly, authentication parameters). The command is considered valid if it conforms to the access parameters, as described above. The validation may further include checking if the command meets the usage restriction of the access information or if the command violates the usage restrictions, e.g. if the time limitation of the access information has expired, or if the number of times these parameters have been used in a management command is exhausted. If the command does not conform to the access parameters and/or if it violates the usage restrictions, then step 450 includes denying access.” Para.0063 “The generation of access information that is indicative of the management functionality may be done in accordance with the identity of the host and/or with a classification of the host, as predefined in the management layer. According to an embodiment, the hosts may be classified into several levels of privileges that can be provided to these hosts (e.g. high level of privileges for highly trusted hosts, medium level for average trusted hosts, low level, manager level, etc.). “ the access level of the user may be determined, and based on what class the user is corresponds to what management functions they have access to. In this case, management functions may be denied if the user does not conform to management access parameters, i.e. only having access to the data interface if they do not have access to the management interface as the initial request for management access is received via the data interface in para.0061.).
Regarding Claim 23, Sandler-Talmor-Comay discloses claim 21 as set forth above.
However while Sandler uses an allow-list for the host devices, it does not explicitly disclose wherein the configuring of the management interface comprises: creating, by the processing resource, an allow-list containing the network adapter information for each host device of the first set of host devices.
Talmor discloses wherein the configuring of the management interface comprises: creating, by the processing resource, an allow-list containing the network adapter information for each host device of the first set of host devices (Talmor: para.0032 "To generate these list(s), rules module 212 may query to retrieve, from a data structure stored in memory 201 (not shown) or from cloud provider system 104, a list of execution environments and/or hosts currently running on the cloud-computing environment, a list of the clients currently connected to the cloud-computing environment, etc The data structure may include metadata that indicates an Internet Protocol (IP) address or Media Access Control (MAC) address of each client" the addresses of each of the hosts is obtained and included into an access control list)
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler with Talmor in order to incorporate wherein the configuring of the management interface comprises: creating, by the processing resource, an allow-list containing the network adapter information for each host device of the first set of host devices.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improving security in data access system (Talmor: para.0015-0017, para.0002).
Regarding Claim 24, Sandler-Talmor-Comay discloses claim 23 as set forth above.
Sandler further discloses receiving, by the processing resource, a request to access the management interface from a first host device (Sandler: parta.0061 “Method 400 begins with a step 410 of receiving from a host, via a data communication interface, a request for accessing the storage management layer.” para.0067 “Step 430 is followed by step 440 of receiving a management command, from the host via the management communication interface. The management command may be related to controlling a storage resource related to the host. The storage resource may be a volume, a snapshot, a snapshot/volume family, a consistency group, etc. The controlling may include: creating a volume/snapshot, changing a volume/snapshot, deleting a volume/snapshot, etc.” a request can be received in either step 440 or 410 in Fig. 4, to access the management interface).
However Sandler does not explicitly disclose allowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
Talmor discloses allowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list (Talmor: para.0036 “ Responsive to determining that the address range is associated with the block device, first level access module 214 may determine, using the first level access list, whether the entity that issued the memory access command has access to the block device. If the entity has access to the block device, first level access module 214 may allow the memory access command to process by, for example, not interfering with the memory access command” para.0037 "Second level access module 216 may then determine, using the second level access list, whether the entity that issued the memory access command is allowed to access the block device using the type of memory access command. para.0046 "At operation 408, responsive to determining that the entity is allowed access to the block device by memory access command, the server or client device may execute the memory access command. " para.0015-0016 “ The rules may include a first level access list that identifies entities (e.g., execution environments, hosts, client device) of a cloud-computing environment that are allowed to access the block device (e.g., a whitelist) or which entities are restricted from accessing the block device (e.g., a blacklist)…. The rules may further include a second level access list that includes which type of memory access commands each entity on the first level access list is allowed to perform. Types of memory access commands may include read commands, write commands, erase commands, modify commands, etc.” the device is allowed access to perform its operation based on the access lists).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler with Talmor in order to incorporate allowing, by the processing resource, the first host device to access the management interface in response to determining that the network adapter information for the first host device is indicated in the allow-list.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improving security in data access system (Talmor: para.0015-0017, para.0002).
Regarding Claim 28, Sandler-Talmor-Comay discloses claim 21 as set forth above.
However Sandler does not explicitly disclose further discloses wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device
Talmor further discloses wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device (Talmor: para.0032 "To generate these list(s), rules module 212 may query to retrieve, from a data structure stored in memory 201 (not shown) or from cloud provider system 104, a list of execution environments and/or hosts currently running on the cloud-computing environment, a list of the clients currently connected to the cloud-computing environment, etc The data structure may include metadata that indicates an Internet Protocol (IP) address or Media Access Control (MAC) address of each client" the addresses of each of the hosts is obtained from a cloud provider system. The addresses of each client correspond to their network adaptors as the network adaptors are used to communicate over the network using the addresses.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler with Talmor in order to incorporate wherein the network adapter information of the respective host device comprises information of a network adapter of the respective host device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improving security in data access system (Talmor: para.0015-0017, para.0002).
Regarding Claim 29-32, 34 it teaches all of the same elements as claim 21, 23-25, 28 but in A non-transitory machine-readable storage medium comprising instructions executable by a processing resource of a storage system to (Sandler: para.0027), therefore the supporting rationale for the rejection to claim 21, 23-25, 28 applies equally as well to that of claim 29-32, 34.
Regarding Claim 35, 37, 38 it teaches all of the same elements as claim 21, 23, 24 but including a machine-readable storage medium comprising instructions executable by the processing resource to: (Sandler: para.0027) , therefore the supporting rationale for the rejection to claim 21, 23, 24 applies equally as well to that of claim 35, 37, 38.
Regarding Claim 36, Sandler-Talmor-Comay discloses claim 21 as set forth above.
However Sandler does not explicitly disclose wherein the network adapter information further includes one or more of vendor information, model information, hardware information, or firmware information.
Talmor further discloses wherein the network adapter information further includes one or more of vendor information, model information, hardware information (Talmor: para.0032 "The data structure may include metadata that indicates an Internet Protocol (IP) address or Media Access Control (MAC) address of each client, an identification number of each execution environment, etc. Responsive to user input (e.g., user selection), the rules module 212 may add one or more of the entities to one or more first level access lists (e.g., the whitelist, the blacklist, the flag based list indicative of access permissions). Ip and mac address of the devices.), or firmware information.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler with Talmor in order to incorporate wherein the network adapter information further includes one or more of vendor information, model information, hardware information.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improving security in data access system (Talmor: para.0015-0017, para.0002).
Claim(s) 25-26, 32a, 39-40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sandler et al. (hereinafter Sandler, US 2013/0179993 A1) in view of Talmor et al. (hereinafter Talmor, US 20230136843 A1) in view of Comay et al. (hereinafter Comay, US 2018/0176210 A1) in view of Tseitlin et al. (hereinafter Tseitlin, US 2013/0276089 A1)
Regarding Claim 25, Sandler-Talmor-Comay discloses claim 21 as set forth above.
However Sandler-Talmor-Comay does not explicitly disclose receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and updating, by the processing resource, the allow-list based on the change.
Tseitlin discloses receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device (Tseitlin: para.0054 “As shown, a method begins at step 602, where the security application 164 discovers a new security certificate within the distributed computing architecture 110. The new security certificate typically includes an identifying label and an expiration date. At step 604, the security application 164 searches the database 255 or other storage repository for a corresponding security certificate with an earlier expiration date. At step 606, the security application 164 determines whether the existing certificate resides within the database 255.” It can be determined that a new security certificate is obtained from a host, i.e. one of nodes in network 110, and corresponding to a previous certificate, i.e. a notification indicating a change in network adapter information.); and
updating, by the processing resource, the allow-list based on the change (Tseitlin: para.0055 “However, if, in step 606, the certificate resides within the database 255, then the method 600 proceeds to step 608, where the security application 164 deletes the existing security certificate. At step 610, the security application 164 stores the new certificate in the database 255.” The allow-list, i.e. the set of valid certificates for nodes in network 110, are updated with the new certificate.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler-Talmor-Comay with that of Tseitlin in order to incorporate receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and updating, by the processing resource, the allow-list based on the change.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security from maintaining valid certificates (Tseitlin: para.0006).
Regarding Claim 26, Sandler-Talmor-Comay discloses claim 21 as set forth above.
Sandler-Talmor does not explicitly disclose receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and verifying, by the processing resource, an integrity of the change in the network adapter information of the first host device.
Comay discloses receiving, by the processing resource from a first host device, a notification indicating the network adapter information of the first host device (Comay: para.0032 “ method 400 receives the client certificate from the endpoint device 110, the client certificate comprising a subject name, a client public key and a digital signature of the client public key, signed by a certificate authority 160.” Certificate is obtained by the processing resource); and
verifying, by the processing resource, an integrity of the network adapter information of the first host device (Comay: para.0032 “ At block 430, method 400 verifies the digital signature of the client public key using the certificate authority public key. At block 440, method 400 verifies the client subject name using the client public key” processing resource verifies the integrity of the certificate in step 440).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler-Talmor with Comay in order to incorporate receiving, by the processing resource from a first host device, a notification indicating the network adapter information of the first host device, verifying, by the processing resource, an integrity of the network adapter information of the first host device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security (Comay: para.0002).
However Sandler-Talmor-Comay does not explicitly disclose receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device; and verifying, by the processing resource, an integrity of the change in the network adapter information of the first host device.
Tseitlin discloses receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device (Tseitlin: para.0054 “As shown, a method begins at step 602, where the security application 164 discovers a new security certificate within the distributed computing architecture 110. The new security certificate typically includes an identifying label and an expiration date. At step 604, the security application 164 searches the database 255 or other storage repository for a corresponding security certificate with an earlier expiration date. At step 606, the security application 164 determines whether the existing certificate resides within the database 255.” para.0055 “However, if, in step 606, the certificate resides within the database 255, then the method 600 proceeds to step 608, where the security application 164 deletes the existing security certificate. At step 610, the security application 164 stores the new certificate in the database 255.” It can be determined that a new security certificate is obtained from a host, i.e. one of nodes in network 110, and corresponding to a previous certificate, i.e. a notification indicating a change in network adapter information.); and
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler-Talmor-Comay with that of Tseitlin in order to incorporate receiving, by the processing resource from a first host device, a notification indicating a change in the network adapter information of the first host device, such that the verification of comay also applies to the updated certificate received in Tseitlin.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security from maintaining valid certificates (Tseitlin: para.0006).
Regarding Claim 32a, it does not teach nor further define over the limitations of claim 26, therefore the supporting rationale for the rejection to claim 26 applies equally as well to that of claim 32a.
Regarding Claim 39-40, it does not teach nor further define over the limitations of claim 25-26, therefore the supporting rationale for the rejection to claim 25-26 applies equally as well to that of claim 39-40.
Claim(s) 27, 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sandler et al. (hereinafter Sandler, US 2013/0179993 A1) in view of Talmor et al. (hereinafter Talmor, US 20230136843 A1) in view of Comay et al. (hereinafter Comay, US 2018/0176210 A1) in view of Lee et al. (hereinafter Lee, US 2022/0116228 A1)
Regarding Claim 27, Sandler-Talmor-Comay discloses claim 21 as set forth above.
However Sandler-Talmor-Comay does not explicitly disclose wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
Lee discloses wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device (Lee: Fig. 5, para.0161 “Further, the certificate authority server 220 may be configured to convert the address value received from the app server 210 to a hash value of the address value by using the hash function. The certificate authority server 220 may be configured to obtain the hash value of the address value (S1020). Further, the certificate authority server 220 may be configured to obtain the third electronic signature by encrypting the hash value of the address value with the private key of the certificate authority server 220 (S1025). Further, the certificate authority server 220 may be configured to transmit the third electronic signature to the app server 210 (S1030.)” the signature is based on the address hash encrypted with a private key in the certificate as seen in Fig. 5.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Sandler-Talmor-Comay with Lee in order to incorporate wherein the digital signature in the respective digital certificate is based on encrypting, using a private key, a hash value of information comprising a network address of the respective host device.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security by using such a certificate (Lee: para.0002-0003).
Regarding Claim 33, it does not teach nor further define over the limitations of claim 27, therefore the supporting rationale for the rejection to claim 27 applies equally as well to that of claim 33.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Patel et al. US 2015/0363590 A1 see para.0057-49 showing authorizing management operations using a trusted device list.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EUI H KIM whose telephone number is (571)272-8133. The examiner can normally be reached 7:30-5 M-R, M-F alternating.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached at 5712725863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EUI H KIM/ Examiner, Art Unit 2453
/KAMAL B DIVECHA/ Supervisory Patent Examiner, Art Unit 2453