DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 01/15/2021.
In the instant Amendment, claims 1, 10, and 16 have been amended; and claims 1, 10, and 16 are independent claims.  Claims 1-20 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
The objection to the claims 1, 10, and 16 is withdrawn as the claims have been amended.
Applicants’ arguments in the instant Amendment, filed on 01/15/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “[T]he Applicant submits that Peterson et al. fails to disclose the VPN intercepting traffic from the first native SaaS application to the identity provider.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Peterson does disclose the VPN application to intercept traffic from the first native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form). More specifically, Peterson discloses VPN appliance 106 can provide a portal to access secure applications. For example, VPN appliance 106 can host a web-based portal. A user agent 104 can log into VPN appliance 106 and be presented with available applications. An application (or other resource) may be selected via the web-based portal, and VPN appliance 106 can facilitate authenticating the user and establishing an application session with the user. Exemplary applications include an instant messenger application, a word processor application, a document viewer application, a web browser application (e.g., for viewing intranet sites), a file browser application, etc. [SaaS Applications] [¶0016]; First identity provider 108 and second identity provider 110 can be identity providers that authenticate user credentials. For example, user agent 104 can supply user credentials to VPN appliance 106, and VPN appliance 106 can supply the user credentials to first identity provider 108. First identity provider 108 can then authenticate the user credentials and indicate to VPN appliance 106 that user agent 104 is authenticated [¶0017]; VPN appliance 106 can then intercept the authentication form (step 236) [...] this can be accomplished by analyzing the address of the authentication form and, if it matches user agent 104, then VPN appliance 106 can intercept the authentication form by preventing it from continuing to user agent 104 [¶0032]. Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

A substantially similar rejection to the previous non-final rejection follows below.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 5, 7-8, 10-12, 14, 16-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Innes et al. (“Innes,” US 2016/0094546) in view of Peterson et al. (“Peterson,” US 2018/0115547).

Regarding claim 1: Innes discloses a mobile computing device comprising:
a memory and a processor cooperating with said memory (Innes: fig. 1 item; ¶0034 a processor and memory 121) to perform the following:
launch a first native software as a service (SaaS) application based on user input (Innes: ¶0194 in step 1284, a resource launch request may be made after logon by the gateway server 1223 and/or the application store 1225; ¶0074 the data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 522, ¶0072 the secure applications may be [...] software-as-a-service (SaaS) access applications [...] the secure applications may be secure native applications 514 [...] executed by a secure application launcher 518), 
launch a virtual private network (VPN) application in response to the first native SaaS application being launched (Innes: ¶0075 each of the wrapped applications in the secured area of the phone may access enterprise resources through an application specific VPN; ¶0072 the secure native applications 514 may be wrapped by a secure application wrapper 520),
operate the VPN application to authenticate with an identity provider (IDP), with the identity provider providing an IDP authentication token to the VPN application upon authentication (Innes: ¶0158 a user may authenticate to an external component/service/device, such as an Identity Provider (IdP), using any type of credential and/or authentication protocol that is appropriate; ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token)),
operate the first native SaaS application to access a first SaaS service (Innes: ¶0075 the authentication service 558 may then grant to the user access to multiple enterprise resources 504), with the first SaaS service redirecting the first native SaaS application to the identity provider for authentication (Innes: ¶0161 cloud services may include enterprise controlled user authentication to access software as a service (SaaS) products and/or data as a service (DaaS) where cloud desktop is used to access enterprise resources. A next generation enterprise security model may include an identity provider (IdP) as a central point for user authentication, for SaaS and on-prem resources), with the VPN application modifying the traffic by inserting the IDP authentication token to be presented to the identity provider without requiring the user to login for authentication (Innes: ¶0075 the virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, without requiring the user to provide authentication credentials to each individual enterprise resource 504), with the identity provider providing a first native SaaS application access token to the VPN application upon authentication (Innes: ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) [...] which may be used to process a service access request from the user).
Innes does not explicitly disclose operate the VPN application to intercept traffic from the first native SaaS application to the identity provider, with the VPN application then providing the first SaaS application access token to the first native SaaS application and operate the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication.
However Peterson discloses operate the VPN application to intercept traffic from the first native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form), and with the VPN application then providing the first SaaS application access token to the first native SaaS application (Peterson: ¶0025 VPN appliance 106 can store the user credentials in memory. VPN appliance 106 can then generate a user access token associated with the user credentials (step 214)), and
operate the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication (Peterson: ¶0035 user agent 104 can then retrieve the target resource based on the authentication response (step 250) [...] service provider 102 can provide the target resource based on the authentication response (step 252)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Peterson with the system and method of Innes to include operate the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication to provide users with a means for using of a virtual private network appliance to provide external access to an identity provider located within a secure network (Peterson: ¶0001).

Regarding claim 2: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes further discloses launch a second native SaaS application based on user input (Innes: ¶0194 in step 1284, a resource launch request may be made after logon by the gateway server 1223 and/or the application store 1225; ¶0074 the data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 522, ¶0072 the secure applications may be [...] software-as-a-service (SaaS) access applications [...] the secure applications may be secure native applications 514 [...] executed by a secure application launcher 518);
operate the second native SaaS application to access a second SaaS service, with the second SaaS service redirecting the second native SaaS application to the identity provider for authentication (Innes: ¶0161 cloud services may include enterprise controlled user authentication to access software as a service (SaaS) products and/or data as a service (DaaS) where cloud desktop is used to access enterprise resources. A next generation enterprise security model may include an identity provider (IdP) as a central point for user authentication, for SaaS and on-prem resources), with the VPN application modifying the traffic by inserting the IDP authentication token to be presented to the identity provider without requiring the user to login for authentication (Innes: ¶0075 the virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, without requiring the user to provide authentication credentials to each individual enterprise resource 504), with the identity provider providing a second SaaS application access token to the VPN upon authentication (Innes: ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) [...] which may be used to process a service access request from the user).
Peterson further discloses operate the VPN application to intercept traffic from the second native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form), with the VPN application then providing the second SaaS application access token to the second native SaaS application (Peterson: ¶0025 VPN appliance 106 can store the user credentials in memory. VPN appliance 106 can then generate a user access token associated with the user credentials (step 214)), and
Peterson: ¶0035 user agent 104 can then retrieve the target resource based on the authentication response (step 250) [...] service provider 102 can provide the target resource based on the authentication response (step 252)).
The motivation is the same that of claim 1 above.

Regarding claim 3: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes further discloses wherein a session for the first native SaaS application has expired, and wherein said processor is further configured to perform the following: re-launch the first native SaaS application based on user input (Innes: ¶0097 an inactivity timeout may be implemented, wherein after a policy-defined period of inactivity, a user session is terminated; ¶0194 the user session may already exist if this is a reconnection event, or may be about to be created if this is a first time launch event; ¶0235 a user may reconnect to a remote session);
operate the first native SaaS application to access the first SaaS service (Innes: ¶0158 a user may authenticate to an external component/service/device, such as an Identity Provider (IdP), using any type of credential and/or authentication protocol that is appropriate; ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) to a named Relying Party (RP) or Service Provider, which may be used to process a service access request from the user), with the first SaaS service redirecting the first native SaaS application to the identity provider for authentication Innes: ¶0161 cloud services may include enterprise controlled user authentication to access software as a service (SaaS) products and/or data as a service (DaaS) where cloud desktop is used to access enterprise resources. A next generation enterprise security model may include an identity provider (IdP) as a central point for user authentication, for SaaS and on-prem resources), with the VPN application modifying the traffic by inserting the IDP authentication token to be presented to the identity provider without requiring the user to login for authentication (Innes: ¶0075 the virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, without requiring the user to provide authentication credentials to each individual enterprise resource 504), with the identity provider providing a new first SaaS application access token to the VPN upon authentication (Innes: ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) [...] which may be used to process a service access request from the user).
Peterson further discloses operate the VPN application to intercept traffic from the first native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form), , and with the VPN application then providing the new Peterson: ¶0025 VPN appliance 106 can store the user credentials in memory. VPN appliance 106 can then generate a user access token associated with the user credentials (step 214)); and
operate the first native SaaS application to provide the new first SaaS application access token to the first SaaS service to complete re-authentication (Peterson: ¶0035 user agent 104 can then retrieve the target resource based on the authentication response (step 250) [...] service provider 102 can provide the target resource based on the authentication response (step 252)).
The motivation is the same that of claim 1 above.

Regarding claim 5: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Peterson further discloses wherein the VPN application uses the user's login information to authenticate with the identity provider so as to receive the IDP authentication token (Peterson: ¶0023 VPN appliance 106 can then send user credentials to first identity provider (step 206). This can be for the purposes of authorizing the VPN session request; ¶0024 first identity provider 108 can then validate the user credentials (step 210) [...] first identity provider 108 can send a response to VPN appliance 106 including an authorization token allowing user agent 104 to connect to VPN appliance 106; ¶0021 user credentials can include a username, password, email address, phone number, account identifier, biometric data [...] etc.).
The motivation is the same that of claim 1 above.

Regarding claim 7: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes further discloses wherein the VPN application presents a server certificate when intercepting traffic from the first SaaS service (Innes: ¶0095 SSL certificate validation may be operable so the application specifically validates the server SSL certificate).

Regarding claim 8: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes further discloses wherein the traffic is based on a secure sockets layer (SSL) protocol (Innes: ¶0049 a Secure Sockets Layer (SSL) VPN server).

Regarding claim 10: Innes discloses a method for operating a mobile computing device comprising:
launching a first native software as a service (SaaS) application based on user input (Innes: ¶0194 in step 1284, a resource launch request may be made after logon by the gateway server 1223 and/or the application store 1225; ¶0074 the data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 522, ¶0072 the secure applications may be [...] software-as-a-service (SaaS) access applications [...] the secure applications may be secure native applications 514 [...] executed by a secure application launcher 518);
launching a virtual private network (VPN) application in response to the first native SaaS application being launched (Innes: ¶0075 each of the wrapped applications in the secured area of the phone may access enterprise resources through an application specific VPN; ¶0072 the secure native applications 514 may be wrapped by a secure application wrapper 520);
operating the VPN application to authenticate with an identity provider (IDP), with the identity provider providing an IDP authentication token to the VPN application upon authentication (Innes: ¶0158 a user may authenticate to an external component/service/device, such as an Identity Provider (IdP), using any type of credential and/or authentication protocol that is appropriate; ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token));
operating the first native SaaS application to access a first SaaS service (Innes: ¶0075 the authentication service 558 may then grant to the user access to multiple enterprise resources 504), with the first SaaS service redirecting the first native SaaS application to the identity provider for authentication (Innes: ¶0161 cloud services may include enterprise controlled user authentication to access software as a service (SaaS) products and/or data as a service (DaaS) where cloud desktop is used to access enterprise resources. A next generation enterprise security model may include an identity provider (IdP) as a central point for user authentication, for SaaS and on-prem resources), with the VPN application modifying the traffic by inserting the IDP authentication token to be presented to the identity provider without requiring the user to login for authentication (Innes: ¶0075 the virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, without requiring the user to provide authentication credentials to each individual enterprise resource 504), with the identity provider providing a first native SaaS application access token to the VPN application upon authentication (Innes: ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) [...] which may be used to process a service access request from the user).
Innes does not explicitly disclose operating the VPN application to intercept traffic from the first native SaaS application to the identity provider, with the VPN application then providing the first SaaS application access token to the first native SaaS application and operating the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication.
However Peterson discloses operating the VPN application to intercept traffic from the first native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form), and with the VPN application then providing the first SaaS application access token to the first native SaaS application (Peterson: ¶0025 VPN appliance 106 can store the user credentials in memory. VPN appliance 106 can then generate a user access token associated with the user credentials (step 214)); and
operating the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication (Peterson: ¶0035 user agent 104 can then retrieve the target resource based on the authentication response (step 250) [...] service provider 102 can provide the target resource based on the authentication response (step 252)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Peterson with the system and method of Innes to include operate the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication to provide users with a means for using of a virtual private network appliance to provide external access to an identity provider located within a secure network (Peterson: ¶0001).

Regarding claims 11-12: Claims 11-12 are similar in scope to claims 2-3, respectively, and are therefore rejected under similar rationale.
Regarding claim 14: Claim 14 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Regarding claim 17: Claim 17 is similar in scope to claim 2, and is therefore rejected under similar rationale.

Regarding claim 16: Innes discloses a non-transitory computer readable medium for operating a mobile computing device, and with the non-transitory computer readable medium having a plurality of computer executable instructions for causing the mobile computing device to perform steps comprising:
launching a first native software as a service (SaaS) application based on user input (Innes: ¶0194 in step 1284, a resource launch request may be made after logon by the gateway server 1223 and/or the application store 1225; ¶0074 the data secured in the secure data container may be accessed by the secure wrapped applications 514, applications executed by a secure application launcher 522, ¶0072 the secure applications may be [...] software-as-a-service (SaaS) access applications [...] the secure applications may be secure native applications 514 [...] executed by a secure application launcher 518);
launching a virtual private network (VPN) application in response to the first native SaaS application being launched (Innes: ¶0075 each of the wrapped applications in the secured area of the phone may access enterprise resources through an application specific VPN; ¶0072 the secure native applications 514 may be wrapped by a secure application wrapper 520);
operating the VPN application to authenticate with an identity provider (IDP), with the identity provider providing an IDP authentication token to the VPN application upon authentication (Innes: ¶0158 a user may authenticate to an external component/service/device, such as an Identity Provider (IdP), using any type of credential and/or authentication protocol that is appropriate; ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token));
operating the first native SaaS application to access a first SaaS service (Innes: ¶0075 the authentication service 558 may then grant to the user access to multiple enterprise resources 504), with the first SaaS service redirecting the first native SaaS application to the identity provider for authentication (Innes: ¶0161 cloud services may include enterprise controlled user authentication to access software as a service (SaaS) products and/or data as a service (DaaS) where cloud desktop is used to access enterprise resources. A next generation enterprise security model may include an identity provider (IdP) as a central point for user authentication, for SaaS and on-prem resources), with the Innes: ¶0075 the virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, without requiring the user to provide authentication credentials to each individual enterprise resource 504), with the identity provider providing a first native SaaS application access token to the VPN application upon authentication (Innes: ¶0159 after the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) [...] which may be used to process a service access request from the user).
Innes does not explicitly disclose operating the VPN application to intercept traffic from the first native SaaS application to the identity provider, with the VPN application then providing the first SaaS application access token to the first native SaaS application and operating the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication.
However Peterson discloses operating the VPN application to intercept traffic from the first native SaaS application to the identity provider (Peterson: ¶0032 VPN appliance 106 can then intercept the authentication form (step 236). For example, second identity provider 110 can send the authentication form to user agent 104 via VPN appliance 106 (e.g., the authentication form can be addressed to user agent 104). VPN appliance can analyze traffic coming from second identity provider 110 and determine that the traffic includes the authentication form), and with the VPN application then providing Peterson: ¶0025 VPN appliance 106 can store the user credentials in memory. VPN appliance 106 can then generate a user access token associated with the user credentials (step 214)); and
operating the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication (Peterson: ¶0035 user agent 104 can then retrieve the target resource based on the authentication response (step 250) [...] service provider 102 can provide the target resource based on the authentication response (step 252)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Peterson with the system and method of Innes to include operate the first native SaaS application to provide the first SaaS application access token to the first SaaS service to complete authentication to provide users with a means for using of a virtual private network appliance to provide external access to an identity provider located within a secure network (Peterson: ¶0001).

Regarding claim 19: Claim 19 is similar in scope to claim 5, and is therefore rejected under similar rationale.


Claims 4, 6, 9, 13, 15, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Innes et al. (“Innes,” US 2016/0094546) in view of Peterson et al. (“Peterson,” US 2018/0115547) and Kesari et al. (“Kesari,” US 2018/0262484).

Regarding claim 4: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes in view of Peterson does not explicitly disclose wherein the VPN application uses a client certificate to authenticate with the identity provider so as to receive the IDP authentication token.
However Kesari discloses wherein the VPN application uses a client certificate to authenticate with the identity provider so as to receive the IDP authentication token (Kesari: ¶0061 the identity provider 206 can communicate with the device management service 204 to obtain a copy of the device certificate 225 issued to the client device 203 or a signature of the device certificate 225. In this way, the identity provider 206 can validate not only the credentials of the user but also the client device 203 on which the email client 224 is installed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Kesari with the system and method of Innes and Peterson to include the VPN application uses a client certificate to authenticate with the identity provider so as to receive the IDP authentication token to provide users with a means for providing a single sign-on experience for users on mobile devices (Peterson: par. 0008).

Regarding claim 6: Innes in view of Peterson discloses the mobile computing device according to Claim 1.

However Kesari discloses wherein said processor operates the VPN application so that the VPN application only intercepts traffic directed to the identity provider while passing traffic for other destinations as is (Kesari: ¶0056 the per-app VPN profile, in some examples, can cause only network traffic destined for certain network addresses, such as a network address corresponding to the identity provider 206, to be routed through a VPN tunnel established by the VPN client 229 to the identity provider 206).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Kesari with the system and method of Innes and Peterson to include the VPN application only intercepts traffic directed to the identity provider to provide users with a means for providing a single sign-on experience for users on mobile devices (Peterson: par. 0008).

Regarding claim 9: Innes in view of Peterson discloses the mobile computing device according to Claim 1.
Innes in view of Peterson does not explicitly disclose wherein the mobile computing device is enrolled with a mobile device management (MDM) service.
However Kesari discloses wherein the mobile computing device is enrolled with a mobile device management (MDM) service (Kesari: ¶0021 the device management service 204 can establish a secure communications channel with the client devices 203 (e.g., a mobile device management channel, or MDM channel)).
Peterson: par. 0008).

Regarding claim 13: Claim 13 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 15: Claim 15 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 18: Claim 18 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 20: Claim 20 is similar in scope to claim 6, and is therefore rejected under similar rationale.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FAHIMEH MOHAMMADI/    Examiner, Art Unit 2439                                                                                                                                                                                                        

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439