DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This Office Action is in response to the Amendment filed on 12/22/2020.
In the instant Amendment, claims 2-21 have been added; claims 2 and 14 have been amended; and claims 2 and 14 are independent claims.  Claims 2-21 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
The Double Patenting (DP) will be held in abeyance until the claims are otherwise found to be allowable.
Applicants’ arguments in the instant Amendment, filed on 03/01/2017, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Anantharaju and Carroll does not teach or make obvious "retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key", as recited in claim 2.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Anantharaju does disclose retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key (Anantharaju: ¶0040 the custom kernel can request that the host machine 202 create a cipher (e.g., enciphered text) using the HOSTNAME (private key) 322; ¶0044 any messages sent by the custom kernel cryptographic infrastructure after that may be encrypted (or signed) with the VM (private key) 328). More specifically, Anantharaju discloses the hypervisor 110 receives the request for a cipher from the custom kernel and requests the cipher from the programmable memory 212. Within the programmable memory 212, there is cryptographic executable code that receives the request, creates the encrypted cipher 332 and then returns that cipher 332 to the hypervisor 110 which, in turn, returns the cipher 332 to the custom kernel, in step 344 [¶0041] and in step 346, the custom kernel decrypts the cipher 332 using the public key 330B associated with "GOOD HOST". If, in step 348, the decrypted cipher matches what the custom kernel was expecting, then the custom kernel knows that it was encrypted with the private key of "GOOD HOST [...] as a result, the custom kernel can determine, in step 348A, that the identity of the host machine 202, as defined by the predetermined data encrypted to create the cipher, on which it is executing does, in fact, match a predetermined value "GOOD HOST' [...] based on this determination, the custom kernel then proceeds to a routine boot up (step 310 of FIG. 3A) if the custom kernel determines it is executing on "GOOD HOST" or starts deleting sensitive data (step 312, FIG. 3A) if the custom kernel determines, in step 348B, it is NOT executing on "GOOD HOST' [¶0042]. Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.
The new reference Marr et al. (US 9565207) used to address newly added limitations.
The amended claims 2 and 14 have been addressed in rejection below.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No. 10063380. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 2 and 14 of the instant application are encompassed all limitations recited in claims 1 and 12 of the patent ‘380, respectively (please refer to comparison table below for details).

Instant Application 16113471


Patent No. 10063380


Claim 2:  A computer implemented method comprising:
generating a key pair comprising a private key and a public key;

storing the private key in a secure location on a network;
storing the public key on a host computing device;















retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key;



verifying the request using the public key stored on the host computing device; and








executing the privileged operation in the at least one of the hypervisor or the kernel of the host computing device.


Claim 1: A computer implemented method, comprising:
generating, during a boot operation of a host computing device, an asymmetric key pair including a public key and a private key;
storing the private key on a virtualization layer of the host computing device, the virtualization layer configured to run and manage virtual machine instances on the host computing device, wherein the private key is unique to the host computing device and unexportable from the host computing device;
publishing the public key by sending a certificate signing request to a certificate authority (CA) configured to embed the public key in a certificate, the certificate used to perform a privileged operation on at least one of a hypervisor and a kernel of the host computing device, wherein the CA is configured to provide the certificate to a requestor party that is authorized to perform the privileged operation, wherein the privileged operation includes applying a patch to at least one of the hypervisor or the kernel on the host computing device;
determining that the certificate signed by the CA is valid;
receiving, via an application programming interface (API) configured to receive requests submitted to the host computing device from the requestor party, a request to execute the privileged operation in at least one of the hypervisor and the kernel of the host computing device from the requestor party, the request secured by at least the public key from the certificate;
verifying the request by the at least one of the hypervisor and the kernel of the host computing device based at least in part on the use of the private key by decrypting the request using the private key stored on the virtualization layer of the host computing device, wherein verifying the request indicates that the requestor party is authorized to perform the privileged operation on the at least one of the hypervisor and the kernel of the host computing device; and
executing the privileged operation in the at least one of the hypervisor and the kernel of the host computing device.

Claim 14:  A computing system, comprising:
at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the computing system to:
generate a key pair comprising a private key and a public key;
store the private key in a secure location on a network;
store the public key on a host computing device;



retrieve, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key;




 verify the request using the public key stored on the host computing device; and






 execute the privileged operation in the at least one of the hypervisor or the kernel of the host computing device.




        
Claim 12:  A computing system, comprising:
at least one processor; and
memory including instructions that, when executed by the processor, cause the computing system to:
determine that a signed certificate from a certificate authority is valid, the certificate used by the requestor party to perform a privileged operation on a virtualization layer of the host computing device, the virtualization layer configured to run and manage virtual machine instances on the host computing device, wherein the privileged operation includes applying a patch to at least the virtualization layer or a kernel of the host computing device;
receive, via an application programming interface (API) configured to receive requests submitted to the host computing device from the requestor party, a request to execute the privileged operation on the virtualization layer of the host computing device, the request secured using at least one key of the certificate, wherein the key is unique to the host computing device and unexportable from the host computing device;
attempt to verify the request by the virtualization layer of the host computing device based at least in part on a key associated with the certificate by decrypting the request using the key associated with the certificate that is generated by and stored on the virtualization layer of the host computing device during a boot operation of the host computing device; and
execute the privileged operation in the virtualization layer of the host computing device if the request is successfully verified, wherein successfully verifying the request indicates that the requestor party is authorized to perform the privileged operation on the virtualization layer of the host computing device.



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject 


This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).

Claim 2, 4, 7-9, 13-14, 16-17 and 21 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Anantharaju (US 2014/0040997) in view of Marr et al.  (“Marr,” US 9565207).

Regarding claim 2: Anantharaju discloses a computer implemented method comprising:
generating a key pair comprising a private key and a public key (Anantharaju: ¶0039 the enterprise generates a HOSTNAME (public key) 320 and a HOSTNAME (private key) 322);
retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key (Anantharaju: ¶0040 the custom kernel can request that the host machine 202 create a cipher (e.g., enciphered text) using the HOSTNAME (private key) 322; ¶0044 any messages sent by the custom kernel cryptographic infrastructure after that may be encrypted (or signed) with the VM (private key) 328);
verifying the request using the public key stored on the host computing device (Anantharaju: ¶0044 the programmable hardware memory 212 can decrypt any received messages that were encrypted using the VM (public key) 326. Only those messages which were encrypted with the VM (private key) 326 would properly decrypt and this allows the hardware programmable memory 212 to determine if a message it receives is actually from the secure virtual machine 112); and 
executing the privileged operation in the at least one of the hypervisor or the kernel of the host computing device (Anantharaju: ¶0041 in step 342, in response to the custom kernel's request, the host machine 202 creates a cipher 332 using its private key 322).
Anantharaju does disclose generating key pairs but does not explicitly disclose storing the private key in a secure location of a distributed computing environment and storing the public key on a host computing device of the distributed computing environment.
However Marr discloses storing the private key in a secure location of a distributed computing environment (Marr: col. 2 lines 31-33 a private key is stored externally to the host, such as may only be available to a cloud manager or other authorized principal; col. 5 lines 35-39 the environment [...] is a distributed computing environment utilizing several computer systems and components that are interconnected via communication links, using one or more computer networks or direct connections);
Marr: col. 2 lines 34-35 a public key is embedded with the hardware device; col. 3  lines 44-45 a hardware device on the host).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Marr with the system and method of Anantharaju to include storing public/private key pairs to provide users with a means for preventing users from, or substantially minimize an ability of users to, modify firmware or other configuration information for the resource (Marr: col. 2 lines 20-22).

Regarding claim 4: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses wherein the privileged operation includes reading a location in memory of a guest hosted on the host computing device (Anantharaju: ¶0035 the custom kernel can include a list of file names or file locations where sensitive data and files are stored on the virtualized hard drive 216 [...] could include a pointer to a file location on the virtualized hard drive 216).

Regarding claim 7: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses verifying that an identifier included in the request is associated with the host computing device (Anantharaju: ¶0040 the custom kernel cryptographic infrastructure 324 includes a predetermined value for the name 330A, or identity, of one or more host machines on which the secure virtual machine 112 is allowed to execute).

Regarding claim 8: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses wherein the public key is compiled into the hypervisor of the host computing device (Anantharaju: fig. 3B; ¶0039 the enterprise also controls the generation and location of a VM (public key) 326 and a VM (private key) 328. Thus, the enterprise generates these two keys, 326 and 328, and places them within a cryptographic infrastructure 324 of the custom kernel on the virtualized hard drive 214).

Regarding claim 9: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses wherein the public key is compiled into the kernel of the host computing device (Anantharaju: ¶0039 the enterprise also controls the generation and location of a VM (public key) 326 and a VM (private key) 328. Thus, the enterprise generates these two keys, 326 and 328, and places them within a cryptographic infrastructure 324 of the custom kernel on the virtualized hard drive 214).

Regarding claim 13: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses receiving a certificate issued by a certificate authority, the certificate including the public key (Anantharaju: ¶0045 the host machine 202 and the secure virtual machine 112 rely on a trusted certificate authority to generate certificates associated with the public and private keys).

Regarding claim 14: Anantharaju discloses a computing system, comprising:
at least one processor (Anantharaju: fig. 4); and
memory including instructions (Anantharaju: fig. 4) that, when executed by the at least one processor, cause the computing system to:
generate a key pair comprising a private key and a public key (Anantharaju: ¶0039 the enterprise generates a HOSTNAME (public key) 320 and a HOSTNAME (private key) 322);
retrieve, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key (Anantharaju: ¶0040 the custom kernel can request that the host machine 202 create a cipher (e.g., enciphered text) using the HOSTNAME (private key) 322; ¶0044 any messages sent by the custom kernel cryptographic infrastructure after that may be encrypted (or signed) with the VM (private key) 328);
verify the request using the public key stored on the host computing device (Anantharaju: ¶0044 the programmable hardware memory 212 can decrypt any received messages that were encrypted using the VM (public key) 326. Only those messages which were encrypted with the VM (private key) 326 would properly decrypt and this allows the hardware programmable memory 212 to determine if a message it receives is actually from the secure virtual machine 112); and
Anantharaju: ¶0041 in step 342, in response to the custom kernel's request, the host machine 202 creates a cipher 332 using its private key 322).
Anantharaju does disclose generating key pairs but does not explicitly disclose store the private key in a secure location of a distributed computing environment and store the public key on a host computing device of the distributed computing environment.
However Marr discloses store the private key in a secure location of a distributed computing environment (Marr: col. 2 lines 31-33 a private key is stored externally to the host, such as may only be available to a cloud manager or other authorized principal; col. 5 lines 35-39 the environment [...] is a distributed computing environment utilizing several computer systems and components that are interconnected via communication links, using one or more computer networks or direct connections);
store the public key on a host computing device of the distributed computing environment (Marr: col. 2 lines 34-35 a public key is embedded with the hardware device; col. 3 lines 44-45 a hardware device on the host).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Marr with the system and method of Anantharaju to include storing public/private key pairs to provide users with a means for preventing users from, or substantially minimize an ability of users to, modify firmware or other configuration information for the resource (Marr: col. 2 lines 20-22).

Regarding claim 16: Claim 16 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Regarding claim 17: Claim 17 is similar in scope to claim 8, and is therefore rejected under similar rationale.
Regarding claim 21: Claim 21 is similar in scope to claim 13, and is therefore rejected under similar rationale.


Claim 3, 5 and 15 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Anantharaju (US 2014/0040997) in view of Marr et al.  (“Marr,” US 9565207) and Garrett et al (“Garret,” US 2011/0088032).

Regarding claim 3: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju in view of Marr does not explicitly disclose wherein the privileged operation includes applying a patch to at least one of: the hypervisor or the kernel of the host computing device.
However Garret discloses wherein the privileged operation includes applying a patch to at least one of: the hypervisor or the kernel of the host computing device (Garret: ¶0031 the hypervisor configuration modification request may prompt the persistent state module 160 to write the hypervisor configuration modifications to the persistent state data store 162 on the host machine at operation 315).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Garret with the system and method of Anantharaju and Marr to include applying a patch to the hypervisor or the kernel of the Garret: ¶0013).

Regarding claim 5: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju in view of Marr does not explicitly disclose wherein the privileged operation includes modifying one or more variables executing on the host computing device.
However Garret discloses wherein the privileged operation includes modifying one or more variables executing on the host computing device (Garret: ¶0018 modify configuration data for at least one hypervisor operating on the system 100).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Garret with the system and method of Anantharaju and Marr to include modifying one or more variables executing on the host computing device to provide users with a means for modifying hypervisor configuration settings in virtual computing systems (Garret: ¶0013).

Regarding claim 15: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju further discloses read a location in memory of a guest hosted on the host computing device (Anantharaju: ¶0035 the custom kernel can include a list of file names or file locations where sensitive data and files are stored on the virtualized hard drive 216 [...] could include a pointer to a file location on the virtualized hard drive 216).

However Garret discloses apply a patch to at least one of: the hypervisor or the kernel of the host computing device (Garret: ¶0031 the hypervisor configuration modification request may prompt the persistent state module 160 to write the hypervisor configuration modifications to the persistent state data store 162 on the host machine at operation 315);
modify one or more variables executing on the host computing device (Garret: ¶0018 modify configuration data for at least one hypervisor operating on the system 100); or shut down or reboot a guest executing on the host computing device.
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Garret with the system and method of Anantharaju and Marr to include applying a patch to the hypervisor or the kernel of the host computing device to provide users with a means for modifying hypervisor configuration settings in virtual computing systems (Garret: ¶0013).


Claim 6 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Anantharaju (US 2014/0040997) in view of Marr et al. (“Marr,” US 9565207) and Yamashita et al. (“Yamashita,” US 2013/0007439).

Regarding claim 6: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju in view of Marr does not explicitly disclose wherein the privileged operation includes shutting down or rebooting a guest executing on the host computing device.
However Yamashita discloses wherein the privileged operation includes shutting down or rebooting a guest executing on the host computing device (Yamashita: ¶0044 the privileged instruction of the hypervisor 121 includes a reboot instruction to the CPU #M or the CPU #N. For example, the reboot instruction issued by the hypervisor 121 is an instruction for the CPU #M or the CPU #N to jump to the start address of the old-boot-program area 109 described in the partition table).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Yamashita with the system and method of Anantharaju and Marr to include shutting down or rebooting a guest executing on the host computing device to provide users with a means for updating an operating system (Yamashita: ¶0002).


Claims 10-11 and 18-19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Anantharaju (US 2014/0040997) in view of Marr et al.  (“Marr,” US 9565207) and Gardner (US 2003/0101322).

Regarding claim 10: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju in view of Marr does not explicitly disclose determining a set of permissions associated with the public key and determining that the privileged operation is allowed according to the set of permissions.
However Gardner discloses determining a set of permissions associated with the public key (Gardner: ¶0024 SPA 30 preferably employs strong authentication using cryptographic methods, such as public key encryption; ¶0050 entries in TLE 128 include an access rights field (TEL.ar) and a privilege level field (TEL.pl) [...] memory page granular access controls employ four levels of privilege); and
determining that the privileged operation is allowed according to the set of permissions (Gardner: ¶0052 processor 32 verifies page level permissions to a given virtual page by verifying privilege levels, page level read and write permission, and protection key read and write permission).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Gardner with the system and method of Anantharaju and Marr to include the privileged operation is allowed according to the set of permissions to provide users with a means for providing secure and trustworthy computer systems to protection of user process data in a secure platform architecture (Gardner: ¶0001).

Regarding claim 11: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju: ¶0039 the enterprise generates a HOSTNAME (public key) 320 and a HOSTNAME (private key) 322).
Anantharaju in view of Marr does not explicitly disclose determining a set of permissions associated with the identity and determining that the privileged operation is allowed according to the set of permissions.
However Gardner discloses determining a set of permissions associated with the identity (Gardner: ¶0050 page access rights are defined in Table I [...] for an example embodiment of SP computer system 20 having eight levels of access rights defined for the virtual memory page by the TEL.ar field and four levels of privilege as defined for the virtual memory page by the TEL.pl field and four levels of privilege defined for processor 32 by the PSR.cpl field); and
determining that the privileged operation is allowed according to the set of permissions (Gardner: ¶0052 processor 32 verifies page level permissions to a given virtual page by verifying privilege levels, page level read and write permission, and protection key read and write permission).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Gardner with the system and method of Anantharaju and Marr to include the privileged operation is allowed according to the set of permissions to provide users with a means for providing secure and trustworthy computer systems to protection of user process data in a secure platform architecture (Gardner: ¶0001).

Regarding claim 18: Claim 18 is similar in scope to claim 10, and is therefore rejected under similar rationale.
Regarding claim 19: Claim 19 is similar in scope to claim 11, and is therefore rejected under similar rationale.


Claims 12 and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Anantharaju (US 2014/0040997) in view of Marr et al. (“Marr,” US 9565207) and Agrawal (US 8392709).

Regarding claim 12: Anantharaju in view of Marr discloses the computer implemented method of claim 2.
Anantharaju in view of Marr does not explicitly disclose determining a timestamp associated with the request and determining that the request is valid based at least in part on a current time, the timestamp, and a predetermined time window.
However Agrawal discloses determining a timestamp associated with the request (Agrawal: col. 6 lines 3-5 request generation component 104 may be configured to generate single request message 106 such that it includes a timestamp 112); and
determining that the request is valid based at least in part on a current time, the timestamp, and a predetermined time window (Agrawal: col. 7 lines 57-62 the request processing component 120 may also be configured to determine whether the timestamp of the single request message indicates a time within a valid period of time from the current time. In one example, a valid time period might include a range of time extending from particular time before the current time up to the current time).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate teaching of Agrawal with the system and method of Anantharaju and Marr to include a timestamp associated with the request to provide users with a means for providing secure and trustworthy computer systems to protection of user process data in a secure platform architecture (Gardner: ¶0001).

Regarding claim 20: Claim 20 is similar in scope to claim 12, and is therefore rejected under similar rationale.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FAHIMEH MOHAMMADI/     Examiner, Art Unit 2439                                                                                                                                                                                                        
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439