DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Applicant's amendment filed on 2/2/2021 has been entered. Claim 1 was originally canceled. Claims 2-7, 9, 11-15, 17, 19, 21 are currently amended claims. Claims 2-21 are pending in the application. 
The objection of claims 2-7, 9, 11-17, 19 and 21 due to informalities have been withdrawn in light of applicant’s amendment to the claims.
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Burns et al (US 9,077,692 B1). Blocking unidentified encrypted communication sessions by using encryption detection module to determine whether the packet is encrypted when the application identification module is unable to identify an application associated with the packet, and an attack detection module to determine whether the packet is associated with a network attack, to forward the packet when the packet is not associated with a network attack.
Lifliand et al (US 8,578,486 B2). Encrypted network traffic interception and inspection. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier.
Response to Arguments
The Applicant's Remarks and arguments filed on 2/2/2021 respect to Claims 2-21 have been fully considered. 
Applicant’s argument, see pages 9-12 of the Remarks regarding rejections under the 35 USC 103, on claims 2-21 as being unpatentable over the prior arts of record has been fully considered. Specifically regarding to independent claim 2 (similarly for claims 12 and 21), applicant has amended the claims reciting “correlating, by the packet-filtering system and based on determining that the encrypted data is associated with the stored at least the portion of the unencrypted data, the packets comprising the encrypted data with the packets comprising the unencrypted data;” (inter alia). In particular, applicant argued the references of records does not teach, disclose, or otherwise suggest the above limitation(s). The examiner acknowledges applicant’s perspective however respectively disagrees.
First, the claim recites, “correlating, … based on determining that the encrypted data is associated with … the portion of the unencrypted data, the packets comprising the encrypted data with the packets comprising the unencrypted data”. The term “correlating” is interpreted with its broadest reasonable interpretation, i.e. related to, associated to, in another words, correlating A with B can be interpreted as relating A with B or associating A with B. Correlating has been recited in the claim without specifically specifying how correlating is been done. The specification of the instant application suggests correlating may related: to correlate packets identified by packet-filtering system 200 (e.g., the packets comprising the reply to the DNS query) with packets previously identified by packet-filtering system 200 (e.g. the packets comprising the DNS query) (e.g. para. [22], [32], etc.); rules 212 may be configured to cause rule 
Martini teaches these features. Martini discloses selectively decrypting encrypted communication traffic depending on the address of the resource according to DNS request. In particular the IP address associated with DNS is interpreted as the unencrypted data and Martini specifically discloses that a modified use of the Domain Name System (DNS) maps specific spoofed IP addresses to correlated domain in order to determine which encrypted connections should by bypassed and sent directly to the Internet destination and which connections should be decrypted using a man in the middle technique (e.g. para. [19]), i.e. the determination of forwarding the encrypted data to destination is related to the IP addresses, or correlated to the IP addresses. Martini thus is able to base on the URL in the DNS request and rules to determine encrypted communication from the browser device 106 first passes through the MitM gateway 104, thereby allowing the gateway 104 to decrypt the communication and perform man in the middle data inspection before allowing the communication to pass out of the network 100 (see para. [24]). For the reason set forth above, examiner asserts applicant’s argument that “As such, the decision of whether to involve the man-in-the-middle device is ‘encrypted data.’ ” is not persuasive.
Applicant’s further argument regarding references Styslinger and Mahadik about teachings of the above features is moot since Martini is asserted to teach the features as discussed above.
Applicant’s argument regarding dependent claims 3-11, 13-20 is moot for the same reason set forth above and their independent claims relying upon are not patentable.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2, 4-6, 8, 10-12, 14-16, 18, 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Martini (US20140317397A1-IDS provided by applicant, hereinafter, "Martini"), in view of Styslinger (US20050138426A1, hereinafter, “Styslinger”), further in view of Mahadik et al (US20140089661A1, hereinafter, “Mahadik”).
Regarding claim 2, Martini teaches:
A method comprising: receiving, by a packet-filtering system comprising at least one processor and memory (Martini, see Fig. 1, and Fig. 5, [0009] A system comprises one or more processors configured to execute computer program instructions) and configured to filter packets in accordance with a plurality of packet-filtering rules (Martini, Fig.1 Rules 103, and [0024] the network gateway may intercept and examine a DNS request 108 (i.e. packets, traffic data) from the browser device 106 that is addressed to the DNS 110. Based on, for example, the URL or URI in the DNS request 108 and rules 103 (i.e. packet-filtering rules) indicating which destination should be decrypted and which should be passed directly to the Internet destination (i.e. filtering)), a plurality of packets comprising the unencrypted data (Martini, [0027] the network 100 may have a policy of inspecting incoming messages for computer viruses, malware, or other unwanted content.  The network gateway 102, handling plaintext messages (i.e. unencrypted data), can inspect the payloads of the messages …); 
(Martini, [0024] the network gateway may intercept and examine (i.e. inherently storing) a DNS request) DNS request and filtering communication traffic but does not explicitly teaches storing at least a portion of the unencrypted data based on determining a portion of the packets comprising the unencrypted data that correspond to one or more network-threat indicators, however in the same field of endeavor Styslinger teaches:
storing at least a portion of the unencrypted data based on determining, by the packet-filtering system, a portion of the packets comprising the unencrypted data that correspond to one or more network-threat indicators (Styslinger, [0060] the invention includes capture, and store data functionality that captures, stores, and logs (i.e. storing) all encrypted and unencrypted data flowing between the testing entity and the application system.  Thus, the invention stores and catalogs both deciphered raw unaltered and altered data (e.g., HTTP request (i.e. network-threat indicators) and response messages), and parsed data.  Also, the invention is able to store and/or log all data flowing between the testing entity and the application system, including connection and handshaking (e.g., web application requests and responses for content not requiring authorization and for content requiring authorization)); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Styslinger in the network traffic filtering system of Martini by capturing, storing and logging deciphered raw unaltered and altered data flow such as HTTP request and response message. This would have been obvious because the person having ordinary skill in the art would have been motivated to 
Martini further teaches: 
filtering, by the packet-filtering system and based on the plurality of packet-filtering rules, the determined portion of the packets comprising the unencrypted data that correspond to the one or more network-threat indicators (Martini, [0020] One common type of plaintext traffic that is routed through a network gateway is a DNS request, which is a request to the DNS to resolve a uniform resource locator (URL) or uniform resource indicated (URI) (i.e. network-threat indicator) to an associated Internet Protocol (IP) address. And [0027] inspection, alteration, and dropping (i.e. filtering) can allow the MitM gateway 104 to ensure that encrypted communication into and out of the network conforms to any number of policies)); 
receiving, after the filtering the determined portion of the packets comprising the unencrypted data, packets comprising encrypted data (Martini, [0034] To route traffic from the browser devices 212 and 214, the network gateway 202 may inspect received DNS requests (i.e. packets comprising unencrypted data) and determine which of the MitM gateways 204-210 should handle the encrypted traffic); 
correlating, by the packet-filtering system and based on determining that the encrypted data is associated with the stored at least the portion of the unencrypted data, the packets comprising the encrypted data with the packets comprising the unencrypted data (Martini, [0019] a use of man in the middle decryption based on rules indicating which destinations should be decrypted and which should be passed directly to the Internet destination.  A modified use of the Domain Name System (DNS) maps specific spoofed IP addresses (i.e. unencrypted data) to correlated domain in order to … determine which encrypted connections should by bypassed and sent directly to the Internet destination and which connections should be decrypted using a man in the middle technique). Examiner notes Martini discloses using IP addresses to correlate with (i.e. associated with) encrypted communication to decide which encrypted connection should be decrypted and which encrypted connection should be bypassed; 
and transmitting packets, of the plurality of packets, that do not correspond to the one or more network-threat indicators to their intended destinations (Martini, [0026] The MitM gateway 104 is thus able to receive an encrypted message from the browser device 106, decrypt the message, inspect the message, optionally alter or drop the message, … and pass (i.e. transmitting) the message to the server 118. And [0027] inspection, alteration, and dropping can allow the MitM gateway 104 to ensure that encrypted communication into and out of the network conforms to any number of policies).
	The combination of Martini-Styslinger does not explicitly teach the following limitations, however in the same field of endeavor Mahadik teaches:
determining, based on the correlating, a portion of the packets comprising the encrypted data that correspond to the one or more network-threat indicators (Mahadik, [0029] For SSL/HTTPS based website access, the network traffic is encrypted and thus cannot be monitored with the same tools used in unencrypted scenario. The method may additionally include detecting encryption handshake when web proxying. This preferably occurs when a site is being accessed over HTTPS using a SSL certificate of a server during a handshake (i.e. correlating is used to correlate with encrypted communication));
filtering, by the packet-filtering system, the determined portion of the packets comprising the encrypted data that correspond to the one or more network-threat indicators (Mahadik, [0029] … A domain (i.e. the one or more network-threat indicators) is preferably detected during the handshake through a server name attribute or through some alternative parameter. The web proxy server may subsequently determine if the domain is restricted, permitted (i.e. filtering)…); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Mahadik in the network traffic filtering system of Martini-Styslinger by using handshake message information to identify the encrypted connection for traffic data filtering action (i.e. permitted or restricted). This would have been obvious because the person having ordinary skill in the art would have been motivated to relate the encrypted network traffic with unencrypted network traffic data such as handshake message for the network traffic filtering control (Mahadik, [Abstract], [0020], [0029]).

As per claim 12, Martini-Styslinger-Mahadik combination discloses:
One or more non-transitory computer-readable media comprising instructions that when executed by at least one processor of a packet-filtering system (Martini, e.g. [0007] In one aspect, a computer storage media is encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations), 

As per claim 21, Martini-Styslinger-Mahadik combination discloses:
A packet-filtering apparatus comprising: at least one processor configured to filter packets in accordance with a plurality of packet-filtering rules; and memory storing instructions that when executed by the at least one hardware processor (Martini, [0009] A system comprises one or more processors configured to execute computer program instructions and computer storage media encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations. And [0019] Described in this document is a use of man in the middle decryption based on rules indicating which destinations should be decrypted and which should be passed directly to the Internet destination) cause the packet-filtering apparatus to: perform steps substantially similar to the method steps of claim 2, therefore is rejected with the same reason set forth as rejection of claim 2 above.

Regarding claim 4, similarly claim 14, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
the encrypted data comprises: forwarding, by the packet-filtering system, the determined portion of the packets comprising the encrypted data toward a proxy (Martini, [0019] A modified use of the Domain Name System (DNS) maps specific spoofed IP addresses to correlated domain in order to, among other uses, determine which encrypted connections should by bypassed and sent directly to the Internet destination and which connections should be decrypted using a man in the middle technique. And [0026] In this communication, the MitM gateway 104 may act as a proxy of the server 118 for the browser device 106 and as a proxy of the browser device 106 for the server 118.  The MitM gateway 104 is thus able to receive an encrypted message from the browser device 106, decrypt the message, inspect the message, optionally alter or drop the message).  

Regarding claim 5, similarly claim 15, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
Martini further teaches: wherein the filtering the determined portion of the packets comprising encrypted data comprises: filtering the determined portion of the packets comprising the encrypted data based on at least one network-threat indicator, of the one or more network-threat indicators, of the determined portion of the packets comprising the unencrypted data (Martini, [0027] the network 100 may have a policy of inspecting incoming messages for computer viruses, malware, or other unwanted content.  The network gateway 102, handling plaintext messages (i.e. unencrypted data), can inspect the payloads of the messages and drop any messages that match viral signatures, malware black-lists, etc. The MitM gateway 104 may apply the same policy, inspecting incoming messages in their decrypted state and drop any messages that fail the same tests as applied by the network gateway 102).  

Regarding claim 6, similarly claim 16, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
Martini further teaches: wherein the packets comprising the unencrypted data comprise one or more packets comprising at least one of a domain name system (DNS) query or a reply to the DNS query, the method further comprising: determining that the at least one of the DNS query or the reply to the DNS query comprises a domain name identified in the one or more network-threat indicators (Martini, [0028] The network gateway 202 can inspect the plaintext messages and, optionally, modify or drop a message. The network gateway 202 may also be configured to intercept and examine a DNS requests (i.e. DNS query) from browser devices 212 and 214 and respond directly with the address or addresses of one or more of the MitM gateways 204-210).  

Regarding claim 8, similarly claim 18, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
(Martini, Fig. 3, Browser 106 and Server 118, a first host and second host, MitM gateway 104, a proxy system. Steps 302 to 328 to establish encrypted communication session. And [0041] browser device 106 requests an encrypted connection with the device at the received address, which is the MitM gateway 104 (310). For example, the browser device 106 may send to the MitM gateway 104 an SSL Hello or other encryption handshake message indicating the URL of the server 118).  

Regarding claim 10, similarly claim 20, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
Martini further teaches: wherein the filtering, by the packet-filtering system and based on the plurality of packet-filtering rules, further comprises: filtering packets based on at least one of a uniform resource identifier (URI), domain name, or network address specified by the plurality of packet-filtering rules, data indicating a protocol version specified by the plurality of packet-filtering rules, data indicating a method specified by the plurality of packet-filtering rules, data indicating a request specified by the plurality of packet-filtering rules, or data indicating a command specified by the plurality of packet-filtering rules (Martini, [0024] For example, the network gateway may intercept and examine a DNS request 108 from the browser device 106 that is addressed to the DNS 110. Based on, for example, the URL or URI in the DNS request 108 and rules 103 indicating which destination should be decrypted and which should be passed directly to the Internet destination,).  

Regarding claim 11, Martini-Styslinger-Mahadik combination further teaches: The method of claim 2, 
Martini further teaches: wherein the packets comprising unencrypted data comprise one or more packets comprising one or more handshake messages configured to establish an encrypted communication session between a client and a server, the method further comprising: 4Application No. 15/877,608Docket No.: 007742.00109\USAmendment dated October 2, 2018First Preliminary Amendmentdetermining that the one or more handshake messages comprise a domain name identified as a network threat (Martini, [0004] To facilitate selective man in the middle decryption of encrypted communication, Domain Name Service (DNS) requests from browser devices that pass through the network gateway can be intercepted, and responded to, by the network gateway, with the address or addresses of one or more man in the middle (MitM) gateways within the network. And [0041] The browser device 106 requests an encrypted connection with the device at the received address, which is the MitM gateway 104 (310).  For example, the browser device 106 may send to the MitM gateway 104 an SSL Hello or other encryption handshake message indicating the URL of the server 118 (or a resource of the server 118 such as the data object to be requested)).  

Claims 3, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Martini-Styslinger-Mahadik as applied above to claims 2, 12 respectively, further in view of Hampel et al (US9258218B2, hereinafter, “Hampel”).
Regarding claim 3, similarly claim 13, Martini-Styslinger-Mahadik combination teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12,
While the combination of Martini-Styslinger-Mahadik does not explicitly teach the following limitation(s), in the similar field of endeavor Hampel teaches:
wherein the encrypted data is associated with first transport-layer information, wherein the unencrypted data is associated with second transport-layer information, and wherein correlating the packets comprising encrypted data with the packets comprising unencrypted data comprises: determining, by the packet-filtering system that the first transport-layer information corresponds to the second transport-layer information (Hampel, [Abstract] discloses method to control overlay networks with control functions and forwarding functions separated, And [Claim 12] a data flow definition for a data flow and a set of actions to be performed for the data flow at the forwarding element, wherein the data flow definition is based on one or more protocol header (i.e. unencrypted data) fields of one or more protocols, wherein the one or more protocols comprise one or more network layer protocols or one or more transport layer protocols (i.e. second transport-layer), wherein the set of actions comprises at least one tunneling action and at least one security action, wherein the at least one tunneling action comprises at least one of a set of multiple encapsulation actions (i.e. encrypted data) or a set of multiple decapsulation actions, wherein the at least one security action is associated with a security protocol (i.e. first transport-layer) and comprises at least one of an encryption action or a decryption action; wherein the set of multiple encapsulation actions comprises a tunneling encapsulation action, a transport layer encapsulation action, and a network layer encapsulation action;  … and processing a packet of the data flow based on the control information (i.e. corresponds to the second transport-layer information)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hampel in the network traffic filtering system of Martini-Styslinger-Mahadik by separating the control functions in network layer protocol and the forwarding functions in security protocol. This would have been obvious because the person having ordinary skill in the art would have been motivated to use the software-defined network overlay method vertically move packets across network layers to support tunneling via communication networks (Hampel, [Abstract], [0002], [Claim 12]).

Claims 7, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Martini-Styslinger-Mahadik combination as applied above to claims 6, 16 respectively, further in view of Moore (US20140283004A1-IDS provided by Applicant, hereinafter, “Moore”).
Regarding claim 7, similarly claim 17, Martini-Mahadik combination teaches: The method of claim 6, the one or more non-transitory computer-readable media of claim 16, 
Martini further teaches: wherein the portion of the unencrypted data comprises one or more network addresses included in the at least one of the DNS query or the reply to the DNS query, the method further comprising: determining that the packets comprising encrypted data comprise [one or more packet headers] comprising at least one of the one or more network addresses included in the at least one of the DNS query or the reply to the DNS query (Martini, [0034] To route traffic from the browser devices 212 and 214, the network gateway 202 may inspect received DNS requests and determine which of the MitM gateways 204-210 should handle the encrypted traffic (i.e. packets)… If the URL or URI is on the list, the network gateway 202 can respond to the requesting browser device 212 or 214 with the address of one of the MitM gateways 204-210 configured to handle traffic associated with the category that the URL or URI falls under),
While Martini-Styslinger-Mahadik does not explicitly teach packet header comprising the address, however in the same field of endeavor Moore teaches: 
one or more packet headers (Moore, [0025] packet header information, specifying a protocol type of the data section of an IP packet (e.g., TCP, User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), or one or more other protocols), one or more source IP addresses, one or more source port values, one or more destination IP addresses, and one or more destination ports). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Moore in the network traffic filtering system of Martini-Styslinger-Mahadik by specifying packet header information with associated addresses related to dynamic security policy. This would have been obvious because the person having ordinary skill in the art would have been motivated to specify the packet header information corresponding to packet filtering rule to determine the portion of the packet to be transferred (Moore, [Abstract]).

Claims 9, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Martini-Styslinger-Mahadik combination as applied above to claims 2, 12 respectively, further in view of Ross et al (US20140365372A1, hereinafter, “Ross”).
Regarding claim 9, similarly claim 19, Martini-Styslinger-Mahadik combination teaches: The method of claim 2, the one or more non-transitory computer-readable media of claim 12, 
While Martini-Styslinger-Mahadik does not explicitly teach the following limitations, however in the same field of endeavor Ross teaches: 
wherein the packets comprising unencrypted data comprise a certificate message for an encrypted communication session, the method further comprising: at least one of dropping or logging one or more of the packets comprising encrypted data based on a determination that the certificate message comprises data indicating at least one of: a serial number indicated by the plurality of packet-filtering rules, an issuer indicated by the plurality of packet-filtering rules, a validity time-range indicated by the plurality of packet-filtering rules, a key indicated by the plurality of packet-filtering rules, or a signing authority indicated by the plurality of packet filtering rules (Ross, [0011] establishing the communications link to the first computing device includes intercepting a connection request from the first computing device to the second computing device, using a set of one or more predefined communication rules.  The intermediary computing device can therefore function as a packet filter, passing each packet through a set of rules (i.e. packet-filtering rules), And [0108] a connection from the computer terminal 402 is established… to the proxy server 401 rather than the web server 406, using for example Hypertext Transfer Protocol Secure (HTTPS) so that communications are fully encrypted… the domain name "www.proxy.com" has a Secure Socket Layer (SSL) certificate generated using the domain name "www.acquirer.com".  This could be an X.509 self-signed SSL certificate (.crt file) in the name of "www.acquirer.com" for example (X.509 is a standard for a Public Key Infrastructure (PKI)).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Ross in the network traffic filtering system of Martini-Styslinger-Mahadik by using the certificate to determine the URL to match the certificate domain. This would have been obvious because the person having ordinary skill in the art would have been motivated to establish communication link between computing devices by intermediary device functioning as packet filter for personal, confidential or sensitive information communication in establishing the communication link between devices (Ross, [Abstract], [0001], [0011]).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Examiner, Art Unit 2436         
/KHOI V LE/Primary Examiner, Art Unit 2436