Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 02/03/2021 have been received and entered. Applicant has cancelled claims 6, 7, 13, 14, and 20; added new claims 21-25; and amended claims 1-5, 8-12, and 15-19. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 14-18, with respect to the amendments traversing the rejection(s) of the independent claims claim(s) 1, 8, and 15 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Perlman (US 20020191797), hereinafter Perlman in view of Vishwanath et al. (US 20050149759), hereinafter Vishwanath.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 8, 11, 15, 18, 21, 23, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Singhi et al. (US 20190044737), hereinafter Singhi in view of Nix  (US 20190044737), hereinafter Nix in view of Nix (US 10169587), hereinafter Nix (2) in view of Perlman (US 20020191797), hereinafter Perlman.
	Regarding Claim 1, Singhi teaches
Para [0029] Upon receiving the beacons, the IoT device decrypts the WLAN profile and the NONCE2, and also verifies NONCE1 (activity 245). Using the decrypted WLAN profile, IoT Device may now connect to gateway (message 250). At the end of this phase, the device has all the credentials to start a regular WLAN connection and connect to the gateway core network. The IoT device, after the WLAN connection establishment, issues a simple Verify-Response message using NONCE2 as payload to complete mutual authentication between the IoT Device and the gateway (message 255)),
	providing the second wireless access device with access to a wide area network (WAN) based on successful completion of the mutual authentication procedure (Para [0042] The various systems and techniques for secure wireless association described above offer numerous advantages over previous attempts to solve this issue in the IoT context. These advantages may include single-click onboarding to the wireless network for headless devices via a protocol to transfer and verify the public key for IoT Devices used to provision and verify the device public key. Further, mutual authentication between IoT device and gateway is enabled along with secure transmission of security credentials for the WLAN. Thus, onboarded devices may access the WLAN to continue IoT provisioning).
	Singhi does not explicitly teach a method receiving, at the first wireless access device, a certificate associated with the second wireless access device, wherein the certificate includes a unique identifier associated with the second wireless access device; determining, at the first wireless access device, whether the second wireless access device is authorized to connect to the first wireless access device,  wherein the second wireless access device is authorized to connect to the first wireless access device if the certificate is signed by a certificate authority associated with the network service provider and the unique identifier associated with the second wireless access device appears in a whitelist stored at the first wireless access device. 

	receiving, at the first wireless access device, a certificate associated with the second wireless access device (Para [0122] … As part of the setup of secure session setup 214, mobile phone 108 can receive a certificate cert.AS 111c from authentication server 111, if mobile phone 108 had not already received cert.AS 111c from discovery server 110. Mobile phone 108 could verify cert.AS 111c after receiving the certificate, such as verifying a signature from a certificate authority and parent certificates of cert),
	wherein the certificate includes a unique identifier associated with the second wireless access device (Para [0039] Device 101 can include manufactured secure processing environment (not shown). The manufactured secure processing environment can also be referred to as a secure enclave or secure element. Device 101 can comprise functionality of a processor such as an ARM.RTM. or Intel.RTM. based processor to secure cryptographic key materials including private keys in public key infrastructure (PM) key pairs, secret shared keys, cryptographic parameters, cryptographic algorithms, a certificate 107a for the device 101 certificate authority, a root certificate 109a, etc. Para [0060] For a set of default credentials 103 in a device database 122x, ID.device 101b can correspond to a unique identifier for device 101, and the use of a ID.device 101b is depicted and described in connection with FIG. 1e below. In exemplary embodiments, ID.device 101b can comprise a MAC addresses used with a physical radio 101i interface. Or, ID.device 101b could comprise an international mobile equipment identifier (IEMI), and other possibilities exist as well for a unique device ID ID);
	determining, at the first wireless access device, whether the second wireless access device is authorized to connect to the first wireless access device (Para [0152] Signature verification 221 can comprise a step using the sub-steps of (i) obtaining a message to verify, (ii) calculating a message digest 230 for the message to sign, (iii) using a public key corresponding to the private key 226, (iv) using a signature verification algorithm corresponding to signature creation algorithm 227, (v) inputting parameters 111d' and received signature 223 into the signature verification algorithm, and (vi) determining a pass/fail),
	wherein the second wireless access device is authorized to connect to the first wireless access device if the certificate is signed by a certificate authority associated with the network service provider and the unique identifier associated with the second wireless access device appears in a whitelist stored at the first wireless access device (Para [0056] In addition, the values for Config.owner-AP 199c could specify an authentication and encryption scheme for AP 122b to utilize with an SSID, such as none, WPA2-PSK, WPA3-SAE, WPA2-Enterprise EAP-PSK, etc. Config.owner-AP 199c can also specify routing, authentication, and firewall rules, such as a whitelist of allowed devices based on MAC address, allowed IP addresses, allowed TCP and/or UDP port numbers, etc. …  Para [0081] …  In exemplary embodiments, the set of certificates certs 131i can be securely received and loaded by device 101 since the set of configuration packages 132 is authoritatively signed by configuration server 112, as depicted and described in connection with FIG. 4 and FIG. 5 below).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Singhi to incorporate the teachings of Nix such that the method of Singhi includes receiving, at the first wireless access device, a certificate associated with the second wireless access device, wherein the certificate includes a unique identifier associated with the second wireless access device; determining, at the first wireless access device, whether the second wireless access device is authorized to connect to the first wireless access device,  wherein the second wireless access device is authorized to connect to the first wireless access device if the certificate is signed by a certificate authority associated with the network service provider and the unique identifier associated with the second wireless access device appears in a whitelist stored at the first wireless access device. One would have been motivated to make such combination in order to 
	The combination of Singhi and Nix does not explicitly teach a method performing, by the first wireless access device, a mutual authentication procedure with the second wireless access device based on one or more ephemeral keys based on determining that the second wireless access device is authorized to connect to the first wireless access device, wherein performing the mutual authentication procedure with the second wireless access device comprises: deriving a keyset from one or more shared secrets that are calculated based on a private ephemeral key and a public key included in the certificate.
	In the same field of endeavor, Nix (2) teaches
	performing, by the first wireless access device, a mutual authentication procedure with the second wireless access device based on one or more ephemeral keys based on determining that the second wireless access device is authorized to connect to the first wireless access device (Col. 17, lines 25-41, FIG. 1c is a graphical illustration of a device provisioning protocol for (i) authentication and configuration of a responder and (ii) authentication of an initiator, in accordance with conventional technology. FIG. 1c depicts a summary of the WiFi Device Provisioning Protocol (DPP) specification, version 1.0 which was published on Apr. 9, 2018, supporting a mutual authentication 142 by both initiator 102* and responder 101x. The summary depicted in FIG. 1c highlights recorded bootstrap PKI keys, derived ephemeral PKI keys, and messages transmitted and received between an initiator 102* and a responder 101x. Many of (i) the PKI keys for initiator 102* and responder 101x, and (ii) the messages transmitted between the nodes are equivalent to those depicted and described in connection with FIG. 1b. This description of FIG. 1c herein focuses upon the differences from FIG. 1b in order for initiator 102* and responder 101x to mutually authenticate),
	wherein performing the mutual authentication procedure with the second wireless access device comprises: deriving a keyset from one or more shared secrets that are calculated based on a Col. 14, lines 53-57, Key pair generation algorithm 101y can derive ephemeral PKI keys for responder 101x comprising public key Pr 101e and private key pr 101f, which could also be derived using a compatible set of parameters 199a for Br 101a, br 101b, Pi 102a and pi 102b).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Singhi and Nix to incorporate the teachings of Nix (2) such that the method of the combination of Singhi and Nix includes performing, by the first wireless access device, a mutual authentication procedure with the second wireless access device based on one or more ephemeral keys based on determining that the second wireless access device is authorized to connect to the first wireless access device, wherein performing the mutual authentication procedure with the second wireless access device comprises: deriving a keyset from one or more shared secrets that are calculated based on a private ephemeral key and a public key included in the certificate.  One would have been motivated to make such combination in order to supports mutual authentication in order to securely authenticate a device and an initiator before transferring network access credentials to the device (Nix (2), Col. 2, lines 45-48).
	The combination of Singhi, Nix, and Nix (2) does not explicitly teach a method calculating a receipt based on the derived keyset; and determining whether the receipt is verified based on the derived keyset; maintaining the WLAN connection when the receipt is verified.
	In the same field of endeavor, Perlman teaches
	calculating a receipt based on the derived keyset (Para [0035] The operation of the system is illustrated by reference to FIGS. 2 and 4a-4c. It is assumed for purposes of illustration that Node A 160 desires to send an ephemeral message to Node B 162, that is, a message that will become undecipherable after some time. … Node B then decrypts [X,Eph-Public Key]B-Public Key with Node B's private key to obtain X and the ephemeral public key as illustrated in step 208. Node B 162 then generates or obtains a second secret key SK2 for use in communicating with the ephemerizer 164 as depicted in step 210. The second secret key SK2 comprises a temporary key); and
	determining whether the receipt is verified based on the derived keyset (Para [0037] Following receipt of the above-identified transmission from Node B 162, the ephemerizer 164 decrypts the second secret key (SK2) using the ephemeral private key assuming that the ephemeral key has not expired as depicted in step 214);
	maintaining the WLAN connection when the receipt is verified (Para [0032] Referring to FIG. 2, the system includes a first node identified as Node A 160, a second node that is identified as Node B 162, and an ephemerizer 164. Node A 160, Node B 162 and the ephemerizer 164 are communicably coupled via a network 166 to permit communication among the nodes and the ephemerizer).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Singhi, Nix, and Nix (2) to incorporate the teachings of Perlman such that the method of the combination of Singhi, Nix, and Nix (2) includes calculating a receipt based on the derived keyset; and determining whether the receipt is verified based on the derived keyset; maintaining the WLAN connection when the receipt is verified.  One would have been motivated to make such combination in order for providing ephemeral decryptability and ensures that the message cannot be decrypted after a finite period (Perlman, Para [0010]).
	Regarding Claim 4, the combination of Singhi, Nix, Nix (2), and Perlman teaches all the limitations of claim 1 above,
	wherein performing the mutual authentication procedure with the second wireless access device comprises: generating, at the first wireless access device, an ephemeral key pair including a private ephemeral key and a public ephemeral key (Nix (2), Col. 6, lines 21-27, In a first initiator mode, the DPP server can then conduct a series of steps in order to generate data for a Device Provisioning Protocol (DPP) authorization request. The DPP server can derive an initiator ephemeral PKI key pair. The DPP server can conduct a first initiator ECDH key exchange with the responder bootstrap public key and the derived initiator private key to derive a key k1);
	transmitting a mutual authentication request to the second wireless access device, wherein the mutual authentication request includes the public ephemeral key (Nix (2), Col.6, lines 39-45, The responder can receive and process with DPP authentication request. The responder can record a plurality of initiator bootstrap public keys, where the plurality of initiator bootstrap public keys could be recorded during manufacturing or distribution of the device with the responder before the device was placed in the physical proximity of the network access point);
	receiving, at the first wireless access device, a mutual authentication response from the second wireless access device, wherein the mutual authentication response includes a receipt calculated at the second wireless access device based on the public ephemeral key (Nix (2), Col.6, lines 45-48, … At least one of the recorded initiator bootstrap public keys can be selected based on the hash value for the initiator bootstrap public key received in the DPP authentication request); and
	calculating, at the first wireless access device, one or more shared secrets based on the private ephemeral key and the public key included in the certificate (Nix (2), Col.6, lines 48-56, … The responder can generate a responder ephemeral PKI key pair. The responder can conduct a first responder key exchange using the recorded responder bootstrap private key and the received initiator ephemeral public key in order to derive the key k1. The responder can conduct a second responder key exchange using the derived responder ephemeral private key and the received initiator ephemeral public key in order to derive a key k2),
	wherein the second wireless access device is to be provided with the access to the WAN based on verifying that the second wireless access device correctly calculated the receipt based on the one or more shared secrets (Nix (2), Col. 7, lines 4-18, The initiator can receive the DPP authentication response from the responder. The initiator can send the third ciphertext and the responder ephemeral public key to the DPP server, along with an identity for the device. The DPP server can conduct a second initiator key exchange using the responder ephemeral public key and the initiator ephemeral private key in order to derive the key k2. Col. 8, lines 14-18,  … The DPP server can send the device database the new initiator bootstrap PKI keys along with an identity for the new initiator bootstrap PKI keys comprising a sequence number. The DPP server and the device can record that the DPP session is successfully completed).
	The motivation/rationale to combine the references is similar to claim 1 above.
Regarding Claims 8 and 15,
Claims 8 and 15 are rejected for similar reasons as in claim 1.
	Regarding Claims 11 and 18,
Claims 11 and 18 are rejected for similar reasons as in claim 4.
	Regarding Claim 21, the combination of Singhi, Nix, Nix (2), and Perlman teaches all the limitations of claim 1 above,
	wherein determining whether the second wireless access device is authorized to connect to the first wireless access device further comprises: following a certificate chain and verifying signatures of certificates until a chain of trust is established from the certificate to a certificate associated with a root certificate authority operated by the network service provider, wherein the certificate chain is a sequence of certificates where each certificate is signed by a subsequent certificate (Nix, Para [0230] In other words, in a step 507, device 101 could verify the public key for cert.owner 122c using cert.CA3 123a and a signature verification step 221, and then the public key for cert.CA3 123a could be verified by device 101 using a cert.CA.root 109a. For a step 507, if device 101 does not record the full certificate chain linking cert.owner 122c with a recorded cert.CA.root 109a, then device 101 could send a query to configuration server 112 requesting for an alternative certificate chain that would link cert.owner 122c with a recorded cert.CA.root 109a in device 101. For exemplary embodiments where (i) a different wireless network 329 is used than owner WiFi access point 122b and (ii) the credentials 199 received in message 503 are from the owner of wireless network 329, then both (a) message 503 can include a signature for the credentials 199 from the owner of the selected wireless network 329, and (b) a certificate for the owner of the selected wireless network 329, and (c) a chain of certificates linking the certificate for the owner of the selected wireless network 329 to a recorded root certificate cert.CA.root 109a).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claims 23 and 25,
Claims 23 and 25 are rejected for similar reasons as in claim 21.
Claims 2, 3, 5, 9, 10, 12, 16, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Singhi et al. (US 20190044737), hereinafter Singhi in view of Nix (US 20190044737), hereinafter Nix in view of Nix (US 10169587), hereinafter Nix (2) in view of Perlman (US 20020191797), hereinafter Perlman in view of Getschmann (US 20180205722), hereinafter Getschmann.
	Regarding Claim 2, the combination of Singhi, Nix, Nix (2), and Perlman does not explicitly teach a method further comprising: dropping the WLAN connection based on the certificate not being signed by the certificate authority associated with the network service provider or the unique identifier associated with the second wireless access device not appearing in the whitelist stored at the first wireless access device.
	In the same field of endeavor, Getschmann teaches
	The method recited in claim 1, further comprising: dropping the WLAN connection based on the certificate not being signed by the certificate authority associated with the network service provider (Para [0045] The SeGW node utilized for access to the MPC may therefore provide IPsec termination points which can authenticate the Factory Digital Certificate as well as the Operational Digital Certificates to be utilized by remote Access Cells. The SeGW IPsec endpoint should therefore be able to authenticate Factory Digital Certificates issued to Access Nodes. Para [0070] In some embodiments, upon failure, the CertMgr may continue to attempt to update the OPERATIONAL certificate until the current certificate fails to be valid and communication with the operator's network is terminated) or
	the unique identifier associated with the second wireless access device not appearing in the whitelist stored at the first wireless access device (Nix, Para [0062], … Security could be obtained from other means, such as (i) operating a firewall within WiFi access point 108i to restrict connectivity to a "whitelist" of approved devices (possibly identified by MAC address), (ii) operating a firewall within WiFi access point 108i to limit connectivity to approved IP addresses and port numbers, and (iii) WiFi access point 108i or WiFi client 101i could operate at low transmit powers such that the two nodes have to be in close physical proximity, such as less than several meters).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Singhi, Nix, Nix (2), and Perlman to incorporate the teachings of Getschmann such that the method of the combination of Singhi, Nix, Nix (2), and Perlman includes dropping the WLAN connection based on the certificate not being signed by the certificate authority associated with the network service provider.  One would have been motivated to make such combination so that if the current certificate fails to be valid, communication with the operator's network is terminated (Getschmann, Paragraph [0070]).
	Regarding claim 3, the combination of Singhi, Nix, Nix (2), and Perlman teaches all the limitations of claim 1 above,
	The method recited in claim 1, further comprising: determining, at the first wireless access device, that the certificate has expired or been revoked (Getschmann, Para [0060] In some embodiments, an operator may require the use of Certificate Revocation Lists (CRL) and suitable functionality. Certificate revocation lists are static lists of certificates issued by a given CA which have been revoked. The CRL may be stored in the same location as the end entity certificates and keys. This may therefore vary depending upon the platform. The CertMgr UniTask may be responsible for downloading the CRL from the CA. The CertMgr may also be responsible for monitoring the lifetime of the CRL and creating alarms/events for invalid scenarios involving the CRL. A shortage of storage for a CRL may cause an alarm to be generated. The CertMgr UniTask may maintain the given node certificate as well a CRLs for the given operator domain. The CertMgr may be responsible for maintaining both the Factory Certificate and the Operational Certificate); and
	limiting the access that the second wireless access device has to the WAN to one or more destination addresses enabling the second wireless access device to renew the certificate with the network service provider (Getschmann, Para [0046] In some embodiments, in order for a field provisioning IPsec tunnel to be established as mentioned in above, both peers may authenticate the other utilizing the Factory Digital Certificates. Once established the Access Cell has a secure encrypted IPsec tunnel into the MPC. At this point the Access Cell is utilizing a restricted IPsec tunnel. The restricted IPsec tunnel which is based upon the Factory Digital Certificate is configured such that the IPsec defined Traffic Selectors within the Security Policy Database (SPD) may allow traffic from the Access Cell to the RA/CA nodes within the operator's MPC. RFC 7296 defines the negotiation of Traffic Selectors via Internet Key Exchange (IKE) version 2 (IKEv2) for IPsec/ESP tunnels. RFC 4301 and RFC 4303 define the SPD utilized for maintaining Traffic Selectors for individual IPsec ESP Security Associations. Para [0104] … The CertMgr may then enable CMP and OCSP timers in renewing the end entity certificate as well as verifying the certificates of any WiFi Backhaul peers and the security gateway or coordinating server),    
	wherein the mutual authentication procedure is to be performed after the second wireless access device has renewed the certificate with the network service provider (Getschmann, Para [0106] In some embodiments, when the CertMgr has determined that its end entity OPERATIONAL certificate is set to expire, it may re-authenticate. The configured window for expiration has been entered. The CertMgr initiates a CMP renewal operation with the CMS. Upon receiving the new certificate, the CertMgr communicates the availability of the new certificate to the DHCPMgr which initiates an IKE/IPsec tunnel re-authentication. The CertMgr raises an event to notify the coordinating server that the end entity certificate has been renewed/replaced. This may be achieved as described below).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding claim 5, the combination of Singhi, Nix, Nix (2), and Perlman teaches all the limitations of claim 1 above,
	The method recited in claim 1, further comprising dropping the WLAN connection when the receipt is not verified (Getschmann, Para [0049] ... The Access Cell may be configured to use a Shared Secret or a Factory Digital Certificate to authenticate with the RA/CA. Via the Factory supplied Digital Certificate, the Access Cell is able to establish a trust relationship. …  In order to obtain operational access to the MPC the Access Cell should now terminate the field provisioning IPsec Tunnel and establish an operational IPsec Tunnel ... Para [0070] In some embodiments, upon failure, the CertMgr may continue to attempt to update the OPERATIONAL certificate until the current certificate fails to be valid and communication with the operator's network is terminated).
	The motivation/rationale to combine the references is similar to claim 2 above.
Regarding Claims 9 and 16,
Claims 9 and 16 are rejected for similar reasons as in claim 2.
Regarding Claims 10 and 17,
Claims 10 and 17 are rejected for similar reasons as in claim 3.
Regarding Claims 12 and 19,
Claims 12 and 19 are rejected for similar reasons as in claim 5.	
Claims 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Singhi et al. (US 20190044737), hereinafter Singhi in view of Nix  (US 20190044737), hereinafter Nix in view of Nix (US 10169587), hereinafter Nix (2) in view of Perlman (US 20020191797), hereinafter Perlman in view of Vishwanath (US 20050149759), hereinafter Vishwanath.
	Regarding Claim 22, the combination of Singhi, Nix, Nix (2), and Perlman does not explicitly teach a method wherein the certificate authority updates a certificate revocation list (CRL) at the first wireless access device and the second wireless access device on a periodic or dynamic basis, and the CRL is a blacklist that identifies one or more certificates that the certificate authority no longer deems trustworthy.
	In the same field of endeavor, Vishwanath teaches
	wherein the certificate authority updates a certificate revocation list (CRL) at the first wireless access device and the second wireless access device on a periodic or dynamic basis, and the CRL is a blacklist that identifies one or more certificates that the certificate authority no longer deems trustworthy (Para [0734] Signature verification. For a digital signature to have meaning, the application establishes that the user's certificate was valid at the time of the action. This verification requires verifying the digital signature on the certificate, checking the certificate's validation period, and checking the certificate against the issuing certificate authority's Certificate Revocation List (CRL). Para [0752] Key revocation: If a key is exposed, it will be invalidated so that it can no longer be used. This can be as simple as refusing to accept the key, if the key is only used in pair-wise connections. Asymmetric keys would be reissued through the certificate authority. The certificate authority will revoke the public key certificate and include the certificate in the certificate revocation lists that it issues).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Singhi, Nix, Nix (2), and Perlman to incorporate the teachings of Vishwanath such that the method of the combination of Singhi, Nix, Nix (2), and Perlman includes wherein the certificate authority updates a certificate revocation list (CRL) at the first wireless access device and the second wireless access device on a 
Regarding Claim 24,
Claim 24 is rejected for similar reasons as in claim 22.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491