DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This communication is in response to claims 1-20 filed on 04/20/2020.


Claim Objections
Claims 3, 11 and 19 are objected to because of the following informality:  

2.	Claim 3, 11 and 19 recite “a network segmentation policy” in the preamble of the claims. Although these recitations are understood to refer to the network segmentation policy disclosed in claims 1, 9, and 17, from which claims 3, 11 and 19 respectively depend, Applicant is urged to amend “a network segmentation policy” to “the network segmentation policy” in order to provide clear and consistent antecedent basis.

Appropriate correction is requested.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

3.	Claims 1, 9, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Fainberg et al. (US 2020/0007395, referred to herein as Fainberg1) in view of Singh et al. (US 2020/0092704).

Regarding claim 1, Fainberg1 teaches a method comprising:  
2obtaining, by a service, one or more component tags (a printer can be tagged with a printer device tag. Similarly, a device that is classified, identified, or a 
5determining, by the service, an intent of the endpoint device, using the one or 6more component tags and the one or more activity tags that were assigned to the endpoint 7device (Based on the tags, network monitor device 280 is operable to determine a zone based on the tags determined for an entity. For example, if device 230 has an accounting department tag, a California office tag, a second floor tag, a wireless tag, a lab environment tag, the zone may be a wireless California office lab zone, [0058]; For example, an accounting server may be determined to be in a non-Internet zone meaning that it cannot access the Internet because of the sensitive data stored on the accounting server, [0070]);  

10configuring, by the service, a network overlay in the network that implements the 11network segmentation policy (Network monitor device 280, based on the enforcement points, can assign enforcement actions to enforcement points, [0060]; enforcement actions are assigned to the enforcement points based on the tags assigned to the entity, [0072]).  
However, Fainberg1 does not explicitly disclose deep packet inspection.
Singh teaches tags assigned to an endpoint device in a network based on deep packet inspection of traffic associated with the endpoint device (network IoT devices are profiled by monitoring and analyzing network data packets generated by each device, [0030]; some such embodiments include deep packet inspection of captured packets, [0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize deep packet inspection in the system/method of Fainberg1 as suggested by Singh when analyzing network traffic to determine attributes and tags of a particular device. One would be motivated to combine 

Regarding claim 9, Fainberg1 teaches an apparatus, comprising: 28PATENT 0141458.U CPOL 1028072-US.01 
2one or more network interfaces to communicate with a network (Network Interface Device 508 of FIG. 5);  
3a processor coupled to the one or more network interfaces and configured to 4execute one or more processes (Processing Device 502 of FIG. 5); and  
5a memory configured to store a process that is executable by the processor (Main Memory 504 of FIG. 5), the 6process when executed configured to:  
7obtain one or more component tags (a printer can be tagged with a printer device tag. Similarly, a device that is classified, identified, or a combination therefore as an IP camera can be tagged an IP camera device tag, [0022]) and one or more activity tags (assign tags based on a fingerprint, entity behavior, [0024]) that were 8assigned to an endpoint device in a network (a policy engine evaluates each of the properties or characteristics associated with an entity to determine one or more tags to be assigned to the entity. The policy may be used to determine one or more tags for an entity continuously and in real time, [0069]) based on inspection of 9traffic associated with the endpoint device (adaptively, continuously, and in real-time categorize and tag entities automatically based on communications sent by the entity and the entity receiving the communications, [0025]; The monitoring of entities by network monitor device 102 may be based 
10determine an intent of the endpoint device, using the one or more 11component tags and the one or more activity tags that were assigned to the 12endpoint device (Based on the tags, network monitor device 280 is operable to determine a zone based on the tags determined for an entity. For example, if device 230 has an accounting department tag, a California office tag, a second floor tag, a wireless tag, a lab environment tag, the zone may be a wireless California office lab zone, [0058]; For example, an accounting server may be determined to be in a non-Internet zone meaning that it cannot access the Internet because of the sensitive data stored on the accounting server, [0070]);  
13translate the intent of the endpoint device into a network segmentation 14policy (Based on the zone, network monitor device 280 is operable to determine enforcement points associated with the determined zone. For example, if device 230 is an accounting department device, switch 201 and firewalls 206 and 202 may be determined to be enforcement points associated with the zone determined for device 220, [0059]; one or more enforcement points associated with the entity is determined. The enforcement points may be determined based on the zone associated with the entity, [0071]); and  
15configure a network overlay in the network that implements the network 16segmentation policy (Network monitor device 280, based on the enforcement 
However, Fainberg1 does not explicitly disclose deep packet inspection.
Singh teaches tags assigned to an endpoint device in a network based on deep packet inspection of traffic associated with the endpoint device (network IoT devices are profiled by monitoring and analyzing network data packets generated by each device, [0030]; some such embodiments include deep packet inspection of captured packets, [0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize deep packet inspection in the system/method of Fainberg1 as suggested by Singh when analyzing network traffic to determine attributes and tags of a particular device. One would be motivated to combine these teachings in order for the contents of packets associated with a particular device to be evaluated more thoroughly and to examine information such as the protocols and applications operating on the device. 

Regarding claim 117, Fainberg1 teaches a tangible, non-transitory, computer-readable medium storing program instructions that cause a service to execute a process comprising:  30PATENT 0141458.U 
CPOL 1028072-US.01	3obtaining, by the service, one or more component tags (a printer can be tagged with a printer device tag. Similarly, a device that is classified, identified, or a combination therefore as an IP camera can be tagged an IP camera device tag, [0022]) 
6determining, by the service, an intent of the endpoint device, using the one or 7more component tags and the one or more activity tags that were assigned to the endpoint 8device (Based on the tags, network monitor device 280 is operable to determine a zone based on the tags determined for an entity. For example, if device 230 has an accounting department tag, a California office tag, a second floor tag, a wireless tag, a lab environment tag, the zone may be a wireless California office lab zone, [0058]; For example, an accounting server may be determined to be in a non-Internet zone meaning that it cannot access the Internet because of the sensitive data stored on the accounting server, [0070]);  

11configuring, by the service, a network overlay in the network that implements the 12network segmentation policy (Network monitor device 280, based on the enforcement points, can assign enforcement actions to enforcement points, [0060]; enforcement actions are assigned to the enforcement points based on the tags assigned to the entity, [0072]).  
However, Fainberg1 does not explicitly disclose deep packet inspection.
Singh teaches tags assigned to an endpoint device in a network based on deep packet inspection of traffic associated with the endpoint device (network IoT devices are profiled by monitoring and analyzing network data packets generated by each device, [0030]; some such embodiments include deep packet inspection of captured packets, [0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize deep packet inspection in the system/method of Fainberg1 as suggested by Singh when analyzing network traffic to determine attributes and tags of a particular device. One would be motivated to combine .


4.	Claims 2-7, 10-15, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fainberg1-Singh in view of Fainberg et al. (US 2020/0007396, referred to herein as Fainberg2).

Regarding claim 12, Fainberg1 teaches the method as in claim 1, wherein determining the intent of the endpoint device 2comprises: 
determining3determining , at the service, an indication of one or more scalable group tags for the 4endpoint device (if an entity is a WindowsTM device on a third floor, [0073]); and 
sassociating, by the service, the one or more scalable group tags with the endpoint 6device (the device will be tagged with a third floor tag, [0073]).  
However, Fainberg1-Singh do not explicitly disclose receiving the indication at the service.
Fainberg2 teaches receiving, at a service, an indication of one or more scalable group tags for an endpoint (specific policy rule sets may then be written or configured for those groups by selecting the intersection between the two groups on the matrix and the rules governing communication between the two groups configured, [0043]; The hierarchy may be displayed based on user selection or user configuration. A user may thus select how the hierarchy is created (e.g., by selecting a high level group such as 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a graphical user interface allowing an administrating user to provide and configure device groupings and associated policies in the system/method of Fainberg1-Singh as suggested by Fainberg2 in order to manage group segmentation of heterogeneous devices communicating over a network. One would be motivated to combine these teachings to enable the administrator to easily and intuitively control and manage rules applied to particular groups of the devices.

Regarding claim 13, Fainberg1 teaches the method as in claim 2, wherein translating the intent of the endpoint device into a network segmentation policy comprises:  27PATENT 0141458.U CPOL 1028072-US.01
3generating a security group access control list, based on the one or more scalable 4group tags associated with the endpoint device (the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor (e.g., servers, printers, peer devices, etc., on the third floor, [0073]); and wherein configuring the network 5overlay in the network comprises:  
6sending the security group access control list to networking equipment in the 7network (determining enforcement actions (e.g., rules, ACLs, etc.) for enforcement points (firewalls, routers, switches, etc.), and apply those enforcement actions to the enforcement points, [0030]; A next generation firewall can be updated with an ACL like policy regarding an entity accessing the Internet, [0039]; Firewall 202 and switch 210 

Regarding claim 14, Fainberg1-Singh do not explicitly disclose the method as in claim 2, wherein indication of the one or more scalable group tags is 2received via a user interface.  
	Fainberg2 teaches wherein indication of the one or more scalable group tags is received via a user interface (specific policy rule sets may then be written or configured for those groups by selecting the intersection between the two groups on the matrix and the rules governing communication between the two groups configured, [0043]; The hierarchy may be displayed based on user selection or user configuration. A user may thus select how the hierarchy is created (e.g., by selecting a high level group such as location or device type) and then drill down to other characteristics (e.g., compliance and risk) or subgroups, [0062]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a graphical user interface for visualizing segmentation policies in the system/method of Fainberg1-Singh as suggested by Fainberg2 in order to allow a user to configure and manage device groupings and associated rules. One would be motivated to combine these teachings because such a display would enable an administrator to easily and intuitively control and manage segmentation and communications among a large number of heterogeneous devices connected to a network.


Regarding claim 15, Fainberg1 teaches the method as in claim 1, wherein the network overlay restricts the endpoint device to 2communicating only with a subset of senders or receivers via the network (For example, the IP camera may be restricted from communicating with other entities (e.g., other IoT devices, or the Internet) as part of a segmentation based on the categorization of the IP camera, [0027]; Cloud infrastructure (e.g., AWS security groups) can be updated to drop packets from the IP of the entity that have a destination outside the cloud, [0039]; the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor, [0073]).
However, Fainberg1-Singh do not explicitly disclose wherein 3the network overlay further restricts the endpoint device to sending or receiving only a 4specific type of application traffic via the network.  
Fainberg2 teaches wherein a network overlay further restricts the endpoint device to sending or receiving only a specific type of application traffic via a network (the orange indicator helps a user understand that the rule just created is blocking certain traffic while allowing other traffic between a printers group and a cameras group, [0040]; at the intersection of the groups on the matrix of whether the two groups are able to communicate and the associated communication properties (e.g., whether the groups are able to communicate on certain ports or with certain protocols). Based on the GUI presented by network monitor device 280, a user can then configure one or more rules to limit or block communication between the two groups, [0098]).


Regarding claim 6, Fainberg1 teaches 1the method as in claim 5, wherein the one or more component tags are indicative of a 2physical location of the endpoint device (if an entity is a WindowsTM device on a third floor, the device will be tagged with a third floor tag, [0073]), and wherein one or more of the senders or 3receivers in the subset are also located in that physical location (the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor, [0073]).  

Regarding claim 17, Fainberg1-Singh do not explicitly disclose the method as in claim 1, wherein the endpoint device comprises a programmable 2logic controller (PLC) or variable-frequency drive (VFD).  
	Fainberg2 teaches wherein an endpoint device comprises a programmable 2logic controller (PLC) or variable-frequency drive (VFD) (For the OT environments, programmable logic controller (PLC), human interface machines (HMI), production floor centers, and other groups relevant to OT environments may be shown, [0043]).  


Regarding claim 110, Fainberg1 teaches the apparatus as in claim 9, wherein the apparatus determines the intent of the 2endpoint device by:  
3deterdetermining an indication of one or more scalable group tags for the endpoint 4device (if an entity is a WindowsTM device on a third floor, [0073]); and  
sassociating the one or more scalable group tags with the endpoint device (the device will be tagged with a third floor tag, [0073]).  
However, Fainberg1-Singh does not explicitly disclose receiving the indication.
Fainberg2 teaches receiving an indication of one or more scalable group tags for an endpoint device (specific policy rule sets may then be written or configured for those groups by selecting the intersection between the two groups on the matrix and the rules governing communication between the two groups configured, [0043]; The hierarchy may be displayed based on user selection or user configuration. A user may thus select how the hierarchy is created (e.g., by selecting a high level group such as location or device type) and then drill down to other characteristics (e.g., compliance and risk) or subgroups, [0062]).


Regarding claim 111, Fainberg1 teaches the apparatus as in claim 10, wherein the apparatus translates the intent of the endpoint device into a network segmentation policy by:  29PATENT 0141458.U CPOL 1028072-US.01 
3generating a security group access control list, based on the one or more scalable 4group tags associated with the endpoint device (the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor (e.g., servers, printers, peer devices, etc., on the third floor, [0073]); and wherein configuring the network 5overlay in the network comprises:  
6sending the security group access control list to networking equipment in the 7network (determining enforcement actions (e.g., rules, ACLs, etc.) for enforcement points (firewalls, routers, switches, etc.), and apply those enforcement actions to the enforcement points, [0030]; A next generation firewall can be updated with an ACL like policy regarding an entity accessing the Internet, [0039]; Firewall 202 and switch 210 

Regarding claim 112, Fainberg1-Singh do not explicitly disclose the apparatus as in claim 11, wherein indication of the one or more scalable group 2tags is received via a user interface.  
	Fainberg2 teaches wherein indication of the one or more scalable group tags is received via a user interface (specific policy rule sets may then be written or configured for those groups by selecting the intersection between the two groups on the matrix and the rules governing communication between the two groups configured, [0043]; The hierarchy may be displayed based on user selection or user configuration. A user may thus select how the hierarchy is created (e.g., by selecting a high level group such as location or device type) and then drill down to other characteristics (e.g., compliance and risk) or subgroups, [0062]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a graphical user interface for visualizing segmentation policies in the system/method of Fainberg1-Singh as suggested by Fainberg2 in order to allow a user to configure and manage device groupings and associated rules. One would be motivated to combine these teachings because such a display would enable an administrator to easily and intuitively control and manage segmentation and communications among a large number of heterogeneous devices connected to a network.


However, Fainberg1-Singh do not explicitly disclose 3wherein the network overlay further restricts the endpoint device to sending or receiving 4only a specific type of application traffic via the network.  
Fainberg2 teaches wherein a network overlay further restricts the endpoint device to sending or receiving only a specific type of application traffic via a network (the orange indicator helps a user understand that the rule just created is blocking certain traffic while allowing other traffic between a printers group and a cameras group, [0040]; at the intersection of the groups on the matrix of whether the two groups are able to communicate and the associated communication properties (e.g., whether the groups are able to communicate on certain ports or with certain protocols). Based on the GUI presented by network monitor device 280, a user can then configure one or more rules to limit or block communication between the two groups, [0098]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to limit the types of traffic allowed between devices in 

Regarding claim 114, Fainberg1 teaches the apparatus as in claim 13, wherein the one or more component tags are indicative 2of a physical location of the endpoint device (if an entity is a WindowsTM device on a third floor, the device will be tagged with a third floor tag, [0073]), and wherein one or more of the senders or 3receivers in the subset are also located in that physical location (the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor, [0073]).  

Regarding claim 115, Fainberg1-Singh do not explicitly disclose the apparatus as in claim 9, wherein the endpoint device comprises a programmable 2logic controller (PLC) or variable-frequency drive (VFD).  
Fainberg2 teaches wherein an endpoint device comprises a programmable 2logic controller (PLC) or variable-frequency drive (VFD) (For the OT environments, programmable logic controller (PLC), human interface machines (HMI), production floor centers, and other groups relevant to OT environments may be shown, [0043]).  
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to recognize a PLC in an IoT environment such as Fainberg1-Singh as suggested by Fainberg2 to enhance automation in production lines 

Regarding claim 118, Fainberg1 teaches the computer-readable medium as in claim 17, wherein determining the intent of the 2endpoint device comprises:  
3determiningddetermining, at the service, an indication of one or more scalable group tags for the 4endpoint device (if an entity is a WindowsTM device on a third floor, [0073]); and  
sassociating, by the service, the one or more scalable group tags with the endpoint 6device (the device will be tagged with a third floor tag, [0073]).  
However, Fainberg1-Singh do not explicitly disclose receiving the indication at the service.
Fainberg2 teaches receiving, at a service, an indication of one or more scalable group tags for an endpoint (specific policy rule sets may then be written or configured for those groups by selecting the intersection between the two groups on the matrix and the rules governing communication between the two groups configured, [0043]; The hierarchy may be displayed based on user selection or user configuration. A user may thus select how the hierarchy is created (e.g., by selecting a high level group such as location or device type) and then drill down to other characteristics (e.g., compliance and risk) or subgroups, [0062]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a graphical user interface allowing an administrating user to provide and configure device groupings and associated policies in 

Regarding claim 119, Fainberg1 teaches the computer-readable medium as in claim 18, wherein translating the intent of the 2endpoint device into a network segmentation policy comprises:  
3generating a security group access control list, based on the one or more scalable 4group tags associated with the endpoint device (the enforcement points on the third floor are configured (e.g., via ACLs) to allow the device to communicate with resources available to a device on the third floor (e.g., servers, printers, peer devices, etc., on the third floor, [0073]); and wherein configuring the network soverlay in the network comprises:  
6sending the security group access control list to networking equipment in the  network (determining enforcement actions (e.g., rules, ACLs, etc.) for enforcement points (firewalls, routers, switches, etc.), and apply those enforcement actions to the enforcement points, [0030]; A next generation firewall can be updated with an ACL like policy regarding an entity accessing the Internet, [0039]; Firewall 202 and switch 210 may be assigned enforcement actions (e.g., ACLs) to allow device 230 to access other accounting resources, [0060]).  


	However, Fainberg1-Singh do not explicitly disclose wherein the network overlay further restricts the endpoint device to sending or receiving only a specific type of application traffic via the network.
Fainberg2 teaches wherein a network overlay further restricts the endpoint device to sending or receiving only a specific type of application traffic via a network (the orange indicator helps a user understand that the rule just created is blocking certain traffic while allowing other traffic between a printers group and a cameras group, [0040]; at the intersection of the groups on the matrix of whether the two groups are able to communicate and the associated communication properties (e.g., whether the groups are able to communicate on certain ports or with certain protocols). Based on the GUI presented by network monitor device 280, a user can then configure one or more rules to limit or block communication between the two groups, [0098]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to limit the types of traffic allowed between devices in .


5.	Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Fainberg1-Singh in view of Nellen (US 2019/0141015).

Regarding claim 18, Fainberg1-Singh do not explicitly disclose the method as in claim 1, wherein the network overlay is implemented as a Virtual 2Extensible Local Area Network (VxLAN) overlay in the network.  
	Nellen teaches wherein a network overlay is implemented as a Virtual 2Extensible Local Area Network (VxLAN) overlay in a network (to create and simultaneously manage the plurality of private VNs on secure cloud 110, PVN managers 115A-D and 152A-B can implement Virtual Extensible LAN (VXLAN) protocols to overlay the private VN on top of the network in secure cloud 110, [0096]).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement VXLAN in the system/method of Fainberg1-Singh as suggested by Nellen to enhance scalability. One would be motivated to combine these teachings because utilizing VXLAN would allow for flexibility in managing the segmentation of a large number of endpoint devices on a network.


Nellen teaches wherein a network overlay is implemented as a Virtual 2Extensible Local Area Network (VxLAN) overlay in a network (to create and simultaneously manage the plurality of private VNs on secure cloud 110, PVN managers 115A-D and 152A-B can implement Virtual Extensible LAN (VXLAN) protocols to overlay the private VN on top of the network in secure cloud 110, [0096]).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement VXLAN in the system/method of Fainberg1-Singh as suggested by Nellen to enhance scalability. One would be motivated to combine these teachings because utilizing VXLAN would allow for flexibility in managing the segmentation of a large number of endpoint devices on a network.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Nandy et al. 		US 10/432,535 – performing DPI to identify devices and apply network policies

Smith et al.		US 2017/0149792 – grouping devices to apply security policies

Danait et al.		US 2017/0353355 – grouping endpoints in a network environment

Hutchinson et al.	US 2017/0353453 – access determination management for entities with different privileges on a network 

Thaler et al.		US 2018/0103039 – provisioning IoT devices based on groups with pre-existing roles and relationships

Rudolph et al.	US 2018/0234266 – classify IoT gateways based on analysis of attributes

Weingarten et al.	US 2019/0052659 – collecting real-time information to group endpoints in a network

Manor et al.		US 2019/0089748 – enforcing traffic policies based on DPI

Rahman et al.	US 2019/0132236 – creating IoT groups and processing messages accordingly

Wakid			US 2020/0128037 – monitoring and controlling traffic between devices based on  a device-specific connectivity restriction policy.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chris Parry can be reached on 571-272-8328.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHU WOOLCOCK
Examiner
Art Unit 2451