DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/04/2020 has been entered.
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


Claims 1-6, 8-10, 14-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 20090327903 A1), in view of Hassell et al. (US 20150295948), in view of Kay (US 20150244594 A1), and in view of Lippmann et al. (US 20050138413 A1).
Regarding claim 1, Smith teaches a computer-implemented method comprising: collecting, by a computer system, network flow data from a plurality of different types of sources on a network ([0071] a system for visualizing a network topology and network flows over the network topology, [0073] The system acquires device configuration data from various devices within a network, [0079] The system also acquires network flow records from each device within the network); 
identifying, by the computer system based on the collected network flow data, a plurality of network assets and connections between the plurality of network assets ([0075] The network visualization module analyzes acquired device configuration data to identify connections of each device and displaying graphical presentation of the devices and their connections.  Also [0085-0086]); 
generating, by the computer system, a first aggregation of the collected data that includes a subset of the collected network flow data over a first predetermined period of time ([0082]-[0083] Based on the acquired network flow records from different network devices the correlation module correlates network flow records and generates common network flow record that is stored in a global flow table.  [0096] Historical network flows for a particular time of interest can be generated);
and presenting, by the computer system based on the aggregations of the collected network flow data, a graphical representation that includes the plurality of network assets and the connections between the plurality of network assets, wherein the graphical representation is presented via a display of a user interface in communication with the computer system (Fig. 9 User interface 901, 13, ; 
wherein the plurality of network assets includes a host network asset and a client network asset (Smith: Fig. 16A, [0087] The network flows are visualized by showing the source and destination address as the endpoints (host and client assets) and by drawing a number of arrows 1601 extending through the network between the source and destination addresses., Fig. 16A), 
wherein presenting the graphical representation includes presenting a flow information graph that depicts the host network asset, the client network asset, connections between the host network asset and the client network asset (Smith: Fig. 16A, [0087] The network flows are visualized by showing the source and destination address as the endpoints (host and client assets) and by drawing a number of arrows 1601 (connections) extending through the network between the source and destination addresses),
wherein the flow information graph visually indicates an attribute of the host network asset, an attribute of the client network asset, and one or more attributes of a connection between the host network asset and the client network asset ([0086-0087] The network flows are visualized by showing the source and destination address as the endpoints (attributes of host and client assets) and by drawing a number of arrows 1601 extending through the network between the source and destination addresses. [0091] The GUI 1300 and underlying network visualization module 1109 is defined to enable visual exploration and analysis of the acquired and processed network flow data. Fig. 16D, [0092] An isolated view of the selected device 1609 is rendered in the first display region 1303 showing the device 1609 along with its interfaces and arrows representing the various network flows associated with the device 1609. The device level view also provides a tabular listing of data  for the network flows (displaying attributes of connections) associated with the device 1609 within a display region 1611.  [0081], Fig. 14 shows various collected data of the network flows that could be shown in the tabular listing of Fig. 16D that includes ToS byte value, bytes, duration of a network flow (these are attributes of a connection),
wherein the attributes of the connection between the host network asset and the client network asset include sizes of data communicated, times when the data is communicated, and rates at which the data is communicated ([0093-0094] The user can filter network flow parameters (attributes of a connection) for displaying the network flows or applying selected colors to flow parameters.  The flow parameters includes bit rate range (Fig. 17F) (data rate) and byte range (Fig. 17E) (size of data).  [0096] historical network flows for a particular time of interest can be rendered over the network topology view within the GUI 1300 by way of a slider control that allows selection of a particular time period.  As such, each network flow record also has to have a time associated with when the parameters of the network flow are captured in order for displaying flow records of a particular time period).  
	However, Smith does not explicitly teach displaying detected vulnerable service communications and detected attack signature;
	Hassell, in the same field of endeavor, teaches displaying network flow information graph including vulnerable service communications ([0003] Tools which monitor and check routing and firewall policies and show vulnerability paths, such as Skybox.RTM., NetSpa and Cauldron cyber security tools help to identify potential attack paths.  (Fig. 4, [0041]) The network visualization component of the system toolset shows IP addresses 410, operating system and hardware icons 420, and interconnections 430 between them, and an "x" 450 indicates a vulnerability) and detected attack signature (Fig. 7, [0048-0049] Information regarding the threat characteristics 730 (attack signature) and the current target 750 may be presented proximate to the network visualization 712), and

The combination of Smith and Hassell does not explicitly teach presenting services that are permitted to be accessed between the host network asset and the client network asset; 
Lippman, in the same field of endeavor, teaches presenting services that are permitted to be accessed between the host network asset and the client network asset (Lippman: Fig. 29D, [0221], Display a firewall rule set for end to end connectivity showing source and destination addresses, services, and actions of blocking or allowing). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith and Hassell to incorporate the teachings of Lippman to display services that are allowed or blocked for each connection.  One would be motivated to do so to determining connectivity for a network using connectivity data (Lippmann: [0011]).
The combination of Smith, Hassell, and Lippman does not explicitly teach generating, by the computer system, a second aggregation of the collected network flow data that includes a subset of the collected network flow data over a second predetermined period of time; storing, by the computer system, the aggregations in a first database during at least one of the first predetermined period of time or the second predetermined period of time; loading, by the computer system, the aggregations from the first database to a second database after the first and second predetermined periods of time;
generating, by the computer system, a first aggregation of the collected network flow data that includes a subset of the collected network flow data over a first predetermined period of time (Kay: [0054] first data (such as first, unreduced statistical data that may include first, unreduced network performance data) measured over time intervals of a first time); 
generating, by the computer system, a second aggregation of the collected network flow data that includes a subset of the collected network flow data over a second predetermined period of time (Kay: [0033-0035], [0054] the network devices 602 to process first data (such as first, unreduced statistical data that may include first, unreduced network performance data) measured over time intervals of a first time granularity (first period) to obtain second data (such as second, reduced statistical data that may include second, reduced network performance data) associated with time intervals of a second time granularity (second period). The first time granularity may be finer than the second time granularity); 
storing, by the computer system, the aggregations in a first database during at least one of the first predetermined period of time or the second predetermined period of time (Kay: [0154] the network devices 1702 (first database) is configured to store a first portion and a second portion of the network data received, analyze the intercepted network data and to provide the resulting network analysis data to the management station 1704.  Alternatively or in addition, the network devices 1702 can be configured to provide the intercepted network data to the management station 1704); 
loading, by the computer system, the aggregations from the first database to a second database after the first and second predetermined periods of time (Kay: [0054] the second data may be included in the network traffic analysis data provided to the management station 604 by the one or more network devices 602, [0154] the network devices 1702 is configured to provide the intercepted network data and the resulting network analysis data (aggregations from the first database network 
	analyzing the aggregations of the collected network flow data based on a security policy and generating an alert in response to the analysis (Kay: [0041] a network device 602 may apply one or more rules to select a data flow such as based on a packet header field such as an IP address or a higher-layer identifier such as a Transmission Control Protocol (TCP) port.  The network device 602 may collect statistics associated with the network traffic, such as for data flows.  The network devices 602 can process statistics and/or rule-based (security policy) information collected by the network devices 602, and based on this processing can generate an alert indication to the management station 604.  [0071] The alert generation logic 704 may be configured to generate an alert indication associated with at least one of the plurality of data flows by processing statistical data to determine whether the statistical data implicates a characteristic associated with the alert), wherein the security policy is a collection of security technical control configuration policies that specify a specific operation of a security technical control (Kay: [0090-0102] Example of the rules (security policy) are: drop inbound eth:ip:tcp ip.src=1.2.3.4, tcp.dport=80 Meaning: drop TCP packets that are coming inbound (from the external network toward the protected segment), which have an IP source address of 1.2.3.4 and a destination port 80 (http); count all inbound eth:ip:icmp icmp.type=PING_REPLY; [0098] Meaning: count Internet Control Message Protocol (ICMP) ping-reply packets sent via the IP and Ethernet protocol layers  (collection of security technical control configuration policies)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, and Lippman to incorporate the teachings of Kay for the system in Smith to collect network flow data over different time intervals, analyzed the collected network flows data against a set of rules, and generating an alert if the analysis of 
Regarding claim 2, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1 and Smith further teaches wherein each of the aggregations includes a unique identifier associated with a network asset from the plurality of network assets ([0087], [0091] IP addresses is unique identifier associated with network asset).
Regarding claim 3, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 2 and Smith further teaches wherein each of the aggregations includes a unique identifier associated with a source asset from the plurality of network assets from which network traffic originates and a unique identifier associated with a destination asset from the plurality of network assets to which network traffic is directed ([0087], [0091] Source and destination IP addresses are unique identifiers).
Regarding claim 4, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1 and Smith further teaches receiving a selection, via the user interface, of a flow policy associated with a particular type of network flow ([0093] The network visualization module GUI can receive network flow parameter filter (flow policy) such as IP address), wherein the flow policy is one of: a policy to track network flow based on at least one of the aggregations ([0093], [0088] Source and destination IP addresses are selected as a network flow parameter filter (flow policy)); and a policy to track network flow based on both the at least one of the aggregations and the collected network flow data in its entirety; and generating the aggregations of the collected data based on the received flow policy ([0088] the network visualization module aggregates network flow records that share common source and destination IP addresses based on the selected filter parameters.  Essentially any type of network flow aggregation or parsing can be done through particular selections of key fields in the network flow records of the global flow table).
Regarding claim 5, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 4 and Smith further teaches receiving a selection, via the user interface, to configure at least one of the predetermined periods ([0096] Network flows for a particular time of interest can be rendered over the network topology view within the GUI 1300 by way of a slider control that allows selection of a particular time period).
Regarding claim 6, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 5 and Kay further teaches wherein the second period of time is longer than the first period of time and the second aggregation of collected data includes a subset of the first aggregation of collected data ([0054] The first time granularity may be finer than the second time granularity.  Characteristic of the first data is maintained in the second data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Kay, and Lippman to further incorporate the teachings of Kay to include characteristic of the first aggregation of data in the second aggregation of data.  One would be motivated to do so to enhance scalable reporting of network traffic analysis data across the network by partitioning data analysis and processing functions between the network devices and the management server and to reduce the volume of the network traffic analysis data to be reported to the management server (Kay [0045]).
Regarding claim 8, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 6 and Kay further teaches wherein generating the second aggregation of collected network flow data includes a subset of collected network flow data from each of a plurality of aggregations of collected network flow data for a respective plurality of time periods, and wherein each of the respective plurality of time periods is shorter than the second period of time ([0057] the reduced network performance data 660A is the maximum, over 1 second time intervals (second period), of the 1 millisecond (plurality of time periods) granularity samples of the unreduced network performance data 650 within each of the 1 second time intervals).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Kay, and Lippman to further incorporate the teachings of Kay to set the first time granularity to be smaller than the second time granularity.  One would be motivated to do so to enhance scalable reporting of network traffic analysis data across the network by partitioning data analysis and processing functions between the network devices and the management server and to reduce the volume of the network traffic analysis data to be reported to the management server (Kay [0045]).
Regarding claim 9, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 8 and Kay further teaches wherein each of the plurality of time periods is of equal length ([0057] 1 millisecond granularity samples within each of the 1 second time intervals).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Kay, and Lippman to further incorporate the teachings of Kay to set all of the first time granularity to be equal.  One would be motivated to do so to enhance scalable reporting of network traffic analysis data across the network by partitioning data analysis and processing functions between the network devices and the management server and to reduce the volume of the network traffic analysis data to be reported to the management server (Kay [0045]). 
Regarding claim 10, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 8 and Kay further teaches wherein at least two of the plurality of time periods are of different length ([0050] The time granularity could be set to different length such as 1 millisecond or 10 milliseconds depending the type of packet flows).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, and Kay to further incorporate the teachings of Kay to set different first time granularity for different type of packet flows.  One would be motivated to do so to detect phenomena that can significantly impact quality of service of a flow that can be visible at finer time granularities, but that are not visible at a one second time granularity (Kay [0050]). 
Regarding claim 14, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1.  Smith further teaches wherein the flow lines indicate a type of the source of the collected network flow data used to identify the connection ([0088], [0091], Fig. 16B The darker arrows corresponding to the selected network communication flow that originated at source IP address 10.0.1.1), and/or the flow information graph depicts connections between the host network asset and the client network asset using selectable directional flow lines (Smith [0091], Fig. 16B). 
Regarding claim 15, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1 and teaches identifying a security vulnerability associated with one or more of the host network asset and the client network asset and visually indicating the identified security vulnerability in the flow information graph (Hassell: [0003] Tools which monitor and check routing and firewall policies and show vulnerability paths, such as Skybox.RTM., NetSpa and Cauldron cyber security tools help to identify potential attack paths.  (Fig. 4, [0041]) The network visualization component of the system toolset shows IP addresses 410, operating system and hardware icons 420, and interconnections 430 between them, and an "x" 450 indicates a vulnerability).
	Regarding claim 16, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1 and Smith further teaches wherein the collected network flow data is obtained from a source selected from the group consisting of: a network tap, a router, a switch, a firewall, an intrusion detection system, an intrusion protection system, and combinations thereof ([0073] Configuration data acquired from network device 1104 including routers, switches, network appliances (that are network flow capable), security appliances, and any other network device that can allow applications to read or receive network flow information).
Claim 17 is rejected for the same reason as claim 1. 
Claim 19 is a computer readable media claim of the method in claim 1 and rejected under the same basis as claim 1.  Smith additionally discloses a computer readable medium in [0112].
Claim 20 is a system claim of the method in claim 1 and rejected under the same basis as claim 1.  Smith additionally discloses a computer system with memory and processor in [0110]-[0111]. 

Claims 7 is rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 20090327903 A1), in view of Hassell et al. (US 20150295948), in view of Kay (US 20150244594 A1), in view of Lippmann et al. (US 20050138413 A1), and further in view of Wolf et al. (US 6278694 B1).
Regarding claim 7, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 6, however it does not teach wherein generating the second aggregation of collected data includes updating one or more of the following in the second aggregation of network flows based on the first aggregation of collected data: a count of network flows between assets on the network, and a number of bytes transmitted between assets on the network.
Wolf, in the same field of endeavor, teaches wherein generating the second aggregation of collected data includes updating one or more of the following in the second aggregation of network flows based on the first aggregation of collected data: a count of network flows between assets on the network, and a number of bytes transmitted between assets on the network (Wolf: Fig. 6, col. 3 lines 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, and Kay to further incorporate the teachings of Wolf to include a count of services and a count of bytes for the two time intervals.  One would be motivated to do so for collecting and reporting monitored data for network traffic (Wolf: col.2 lines 19-29).

Claims 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 20090327903 A1), in view of Hassell et al. (US 20150295948), in view of Kay (US 20150244594 A1), in view of Lippmann et al. (US 20050138413 A1),  in view of StackExchange (“Bulk loading to partition table”), and further in view of PostgresSQL (“PostgreSQL 8.4.22 Documentation”).
Regarding claim 21, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1.  However it does not explicitly teach loading the aggregations to a new version of the second database, wherein the new version of the second database is associated with at least one of the first and second predetermined periods of time; and replacing a previous version of the second database entirely.
StackExchange, in the same field of endeavor, teaches loading the aggregations to a new version of the second database (p. 1, paragraphs 1-3 bulk loading a CSV file containing record for every minute in a day to a PostgreSQL database using partitioned table that uses range partitioning on the date field, section 3. Create another table (new version of second database) which contains only the current month’s data and update this table each day and when the month is over alter this table so it becomes a child of the master table with all the other past month’s data), wherein the new version of the second database is associated with at least one of the first and second predetermined periods of time (the new table containing the current month data (second predetermined period)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, and Kay to incorporate the teachings of StackExchange to create a new table partition for each month of data on the management station for storing data uploaded from the network device.  One would be motivated to do so to increase performance using table partitioning when large amount of data is needed to be uploaded to a database (StackExchange p. 1).
The combination of Smith, Hassell, Lippman, Kay, and StackExchange does not explicitly teach replacing a previous version of the second database entirely.
PostgreSQL, in the same field of endeavor, teaches replacing a previous version of the second database entirely (p. 73 and 75, using a partition for each month of data and removing the oldest month of data by removing the oldest partition.  Adding a new partition and removing the oldest partition is essentially replacing a previous version).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, Kay, and StackExchange to incorporate the teachings of PostgreSQL to remove the partition for the oldest month when a new partition is created for the current month.  One would be motivated to do so to reduce the amount of old data that needs to be stored (PostgreSQL p. 73).
Regarding claim 22, the combination of Smith, Hassell, Lippman, Kay, StackExchange, and PostgreSQL teaches all the limitations of claim 21 and StackExchange further teaches creating a new database partition for the new version of the second database (p. 1 paragraph 3 and section 3. Creating a new table partition for a current month).
.

Claims 23-24 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 20090327903 A1), in view of Hassell et al. (US 20150295948), in view of Kay (US 20150244594 A1), in view of Lippmann et al. (US 20050138413 A1), and further in view of StackExchange (“Bulk loading to partition table”).
Regarding claim 23, the combination of Smith, Hassell, Lippman, and Kay teaches all the limitations of claim 1.  However it does not explicitly teach the first database is a non-relational database and the second database is a relational database.
StackExchange, in the same field of endeavor, teaches the first database is a non-relational database and the second database is a relational database (p. 1 paragraph 1 bulk loading a CSV file (non-relational database) to a partitioned table of a PostgreSQL database (relational database)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, and Kay to incorporate the teachings of StackExchange to store data collected at the network device in a non-relational database such as a CSV file and bulk upload the file to a relational database such as PosgreSQL after a predetermined period of time.  One would be motivated to do so to increase performance using table partitioning when large amount of data is needed to be uploaded to a database (StackExchange p. 1).
the first database is a key-value database and the second database is an object-relational database (p. 1 paragraph 1 bulk loading a CSV file (key-value database) to a partitioned table of a PostgreSQL database (object-relational database)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Smith, Hassell, Lippman, and Kay to incorporate the teachings of StackExchange to store data collected at the network device in a key-value database such as a CSV file and bulk upload the file to an object-relational database such as PosgreSQL after a predetermined period of time.  One would be motivated to do so to increase performance using table partitioning when large amount of data is needed to be uploaded to a database (StackExchange p. 1).

Response to Arguments
Applicant’s arguments, filed 11/04/2020, have been fully considered but they are not persuasive.  Applicant argued that the combination of Smith, Hassell, Kay, and Lipman fails to disclose analyzing the aggregations of the collected network flow data based on a security policy, wherein the security policy is a collection of security technical control configuration policies that specify a specific operation of a security technical (p. 9).  However, upon further consideration in view of the claim’s amendment, Kay discloses ([0041]) a network device 602 may apply one or more rules to select a data flow such as based on a packet header field such as an IP address or a higher-layer identifier such as a Transmission Control Protocol (TCP) port.  The network device 602 may collect statistics associated with the network traffic, such as for data flows.  The network devices 602 can process statistics and/or rule-based information collected by the network devices 602, and based on this processing can generate an alert indication to the management station 604. ([0090-0102]) Some examples of rules in a high level rule definition language include: drop inbound eth:ip:tcp ip.src=1.2.3.4, tcp.dport=80 Meaning: drop TCP packets that are coming inbound (from the external network toward the protected segment), which have an IP source address of 1.2.3.4 and a destination port 80 (http); count all inbound eth:ip:icmp icmp.type=PING_REPLY; Meaning: count Internet Control Message Protocol (ICMP) ping-reply packets sent via the IP and Ethernet protocol layers.  Thus, the network device 602 collects network data flows, processes the data flows, and can generate an alert according to a set of rules (network policy).  The rules  are collection of security technical control configuration policies as in the example described above.  Therefore, the combination of Smith, Hassell, Lippman, and Kay teaches analyzing the aggregations of the collected network flow data based on a security policy, wherein the security policy is a collection of security technical control configuration policies that specify a specific operation of a security technical, and generate an alert in response to the analysis of the aggregations of the collected network flow data.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAM H DUONG whose telephone number is (571)270-3145.  The examiner can normally be reached on M-F 7:00AM-3:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 5712726967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/L.H.D./Examiner, Art Unit 2452

/THU V NGUYEN/Supervisory Patent Examiner, Art Unit 2452