DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 5/13/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendment

The preliminary amendment filed on 6/29/2020 has been fully considered.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 2, 4, 5, 10, 12, 13, 18, 19 and 21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Teverovsky et al. (US 2019/0281010), hereinafter Teverovsky.

As for claim 1, Teverovsky teaches a method for monitoring a directory environment of a computer network to detect vulnerabilities (paragraph [0013] describes methods include technology that enables a computer system to perform intrusion detection), the method comprising: 
at a first computer on the computer network changing a configuration of the directory environment (Fig. 1, Domain Controller 112; paragraphs [0011] and [0018]-[0019] describe computing devices (i.e. domain controllers (DC)) executed computer functionality to implement directory service, the DC transmits directory changes events to other DC and the events indicate modifications that have occurred to a directory service, the modifications originates on any one of the DCs, the modification involves 
with a replication service, replicating the change at a second computer on the computer network (paragraph [0012], [0020] and [0036] describe data source includes synchronization data corresponds to changes to the directory service of one or more domain controllers that provide the directory service, directory change events are synchronization events that include the synchronization data, the synchronization is performed by a synchronization mechanism); and 
extracting information relating to the change from the replication service and using the extracted information to detect a vulnerability in the directory environment (paragraphs [0025]-[0027] and [0043]-[0044] describe parsing functions involve executable code that enables a computing device to analyze and track changes to the directory service, a first parsing function parses synchronization events, a change analysis component receives the change events from different sources, a current state of the directory service  is compared to the prior state of the directory service to determine what directory objects have been modified, inconsistencies between modification data between sources e.g. modifications that are represented by a first source data but not by a second source data indicate that a malicious activity has occurred).  

As for claim 2, Teverovsky teaches wherein the first computer is a first domain controller and wherein the second computer is a second domain controller (Fig. 1, Domain Controllers 112; paragraph [0018] describes computing devices are domain controllers).  

As for claim 4, Teverovsky teaches generating a representation of the directory environment (paragraph [0027]/[0064] describes the determination of states of directory service at different points in time, the states are determined by detecting  inconsistencies between modification data between sources), and wherein the step of detecting a vulnerability comprises updating the representation using the extracted information relating to the change (paragraphs [0063]-[0064] describe the process of enriching a modification data which involves updating the modification data of the directory service, a prior state of the directory service is determined based on the enriched modification data, a current state of the directory service is compared with the prior state and an inconsistency of the directory service is discovered in response to correlating the modification data of the directory server with the plurality of the change events of the computing device; paragraph [0053] describes inconsistencies are referred to as anomalies, intrusions, discrepancies etc.,).  

As for claim 5, Teverovsky teaches wherein the step of generating the representation of the directory environment comprises sending instructions to the more computers to extract information relating to all directory objects in the directory environment at a first time before said step of changing a configuration is performed (paragraphs [0051]-[0053] describe a domain state analysis component enables the computing device to determine a prior state of the directory service, the prior state determination module has access to a historical state of the directory service and when the historical state is either before or after the prior state and when the prior state is before the historical state the modification data is reverted from the historical state (i.e. there is no medication data), a state comparison module compares one or more states of directory service to detect changes that occurred between the different states and inconsistency module analyzes data of a data store to discover inconsistencies i.e. representation. Note: the steps of accessing and comparing historical state and detecting changes are interpreted as extracting and returning information related to all directory objects).  

As for claim 10, Teverovsky teaches a system for monitoring a directory environment of a computer network to detect vulnerabilities (Fig. 1, system 100; paragraph [0013] describes a computer system performs intrusion detection), the system comprising: 
one or more processors (paragraph [0068] describes processors); and one or more computer-readable memories storing computer program code (paragraph [0070] describes computer readable storage medium storing instructions), the one or more processors being configured to execute the computer program code to cause the one or more processors at least to (paragraph [0073] describes set of executable instructions is executed by a computer that causes the computer to perform operations): -3-
send instructions to one or more computers on the computer network to extract and return from a replication service information relating to a change of a configuration of the directory environment (paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraph [0044] describes parsing functions include multiple parsing functions to interpret different types of change events, e.g. a first parsing function is used to parse directory synchronization events, the parsing function determine the portion of the active directory affected by the change event, translates data values of the change event to domain attributes names/identifiers which are used to determine the directory change type for the change event), and use the extracted information to detect a vulnerability in the directory environment (paragraph [0045] describes a data store that stores data in the form of change events, data values, translate data, other data;  paragraph [0053] describes data stored in the data store are analyzed to discover inconsistencies which are referred to as anomalies, discrepancies, intrusions etc.).  

As for claim 12, Teverovsky teaches wherein the computer program code further causes the one or more processors to perform a step of generating a representation of the directory environment (paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraph [0064] describes the determination of states of directory service at different points in time, the states are determined by detecting  inconsistencies between modification data between sources), and wherein the step of detecting a vulnerability comprises updating the representation using the extracted information relating to the change (paragraphs [0063]-[0064] describe the process of enriching a modification data which involves updating the modification data of the directory service, a prior state of the directory service is determined based on the enriched modification data, a current state of the directory service is compared with the prior state and an inconsistency of the directory service is discovered in response to correlating the modification data of the directory server with the plurality of the change events of the computing device; paragraph [0053] describes inconsistencies are referred to as anomalies, intrusions, discrepancies etc.,).  

As for claim 13, Teverovsky teaches wherein the step of generating the representation of the directory environment comprises sending instructions to the one or more computers to extract and return information relating to all directory objects in the directory environment at a first time before said step of changing a configuration (paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraphs [0051]-[0053] describe a domain state analysis component enables the computing device to determine a prior state of the directory service, the prior state determination module has access to a historical state of the directory service and when the historical state is either before or after the prior state and when the prior state is before the historical state the modification data is reverted from the historical state (i.e. there is no medication data), a state comparison module compares one or more states of directory service to detect changes that occurred between the different states and inconsistency module analyzes data of a data store to discover inconsistencies i.e. representation. Note: the steps of accessing and comparing historical state and detecting changes are interpreted as extracting and returning information related to all directory objects).  

As for claim 18, Teverovsky teaches a system for extracting and returning information from a replication service (Fig. 2, computing device 120; paragraph [0024] and [0043] describe a computing device and its functions, one of the functions includes a parsing function), the system comprising: 
one or more processors (paragraph [0068] describes processors); and 
one or more computer-readable memories storing computer program code (paragraph [0070] describes computer-readable storage medium storing instructions), the one or more processors being configured to execute the computer program code to cause the one or more processors at least to (paragraphs [0070]-[0071] describe instructions stored in the storage medium are executed by the computing device to perform methods): 
extract from the replication service information relating to a change of a configuration of a directory environment, and -5-send the information to a system for monitoring a directory environment of a computer network (paragraph [0034] describes modification data is derived from directory change events, an active access mechanism acts as a domain controller to receive synchronization data from the directory service, a passive access mechanism is used by the computing device to monitor synchronization data sent from or received by the domain controllers, an agent on the domain controller monitors network traffic between domain controllers; paragraph [0044] describes a parsing function parses directory change events, such as, directory synchronization events, the parsing identifies an event provider identifier and an event identifier within each of the change events, determines a portion of the active directory affected by the change event, translates data values of the change event to domain attribute names or identifiers, the data are used to determine the directory change type for the change event).  

As for claim 19, Teverovsky teaches wherein: 
the one or more processors (paragraph [0068] describes processors); and 
the one or more computer-readable memories are provided as a client-side system of a security service provider (Fig. 1, client device 130; paragraph [0029] describes client devices include server computers, desktop, laptop computers i.e. these devices are referred to as computer devices; paragraph [0066] and [0070] describe the computing devices comprise non-transitory computer-readable storage medium).  

As for claim 21, Teverovsky teaches wherein the directory environment is an active directory environment (paragraph [0032] describes the directory service includes active directory domains).

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Teverovsky (US 2019/0281010) in view of Choi (US 2018/0046631).

As for claim 3, Teverovsky teaches wherein the step of extracting the information from a replication service is performed at preset intervals (paragraph [0037] describes an access module utilizes a set of native synchronization operations to submit a request including change values to the directory service and receive change events of the directory service, the request identifies change events, times, objects, the communication from the access module involves polling other computing devices based on preset intervals).
Teverovsky fails to teach wherein preset intervals include 1-60 seconds, preferably at intervals of 1-5 seconds.  
However, it is well known in the art, to extract data at a predetermined time interval, as evidenced by Choi.
Choi discloses
wherein preset intervals include 1-60 seconds, preferably at intervals of 1-5 seconds (paragraph [0029] describes image of an object is extracted at a specific interval in time at 5 second period or 1 minute).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Choi for extracting data in predetermined intervals. The teachings of Choi, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to collect sample data. One of ordinary skill in the art would be motivated to utilize the teachings of Choi in the Teverovsky system in order to capture enough data samples that represent special characteristics or patterns. 

As for claim 11, Teverovsky teaches wherein the instructions cause the one or more computers to extract and return the information from the replication service at intervals (paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraph [0037] describes an access module utilizes a set of native synchronization operations to submit a request including change values to the directory service and receive change events of the directory service, the request identifies change events, times, objects, the communication from the access module involves polling other computing devices based on preset intervals).
Teverovsky fails to teach wherein preset intervals include 1-60 seconds, preferably at intervals of 1-5 seconds.  
However, it is well known in the art, to extract data at a predetermined time interval, as evidenced by Choi.
Choi discloses
wherein preset intervals include 1-60 seconds, preferably at intervals of 1-5 seconds (paragraph [0029] describes image of an object is extracted at a specific interval in time at 5 second period or 1 minute).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Choi for extracting data in predetermined intervals. The teachings of Choi, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to collect sample data. One of ordinary skill in the art would be motivated to utilize the teachings of Choi in the Teverovsky system in order to capture enough data samples that represent special characteristics or patterns. 

Claims 6, 7, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Teverovsky (US 2019/0281010) in view of Thrower et al. (US 7,530,104 B1), hereinafter Thrower.

As for claim 6, Teverovsky teaches wherein detecting network vulnerability procedure includes changing the configuration (paragraph [0019] describes the computing devices performs modifications to the directory service), replicating the change with the replication service (paragraphs [0035]-[0036] describe the computing devices perform synchronizations for tracking the changes of different directory service instances), extracting the information relating to the change from the replication service (paragraphs [0025]-[0027] and [0043]-[0044] describe parsing functions involve executable code that enables a computing device to analyze and track changes to the directory service, a first parsing function parses synchronization events, a change analysis component receives the change events from different sources, a current state of the directory service  is compared to the prior state of the directory service to determine what directory objects have been modified).
Teverovsky fails to teach repeating steps for detecting network vulnerability procedure until the vulnerability is eliminated.
However, it is well known in the art, to repeat steps for detecting an attack, as evidenced by Thrower.
Thrower discloses repeating the steps of detecting network vulnerability procedure until the vulnerability is eliminated (Fig. 7; steps 704-714; col. 11, lines 15-44 describe a process of determining vulnerabilities associated with an asset, the process goes through multiple steps (704-712),  after determining an attack path or chain reaction for one asset, it is determined whether additional assets are also vulnerable, if so, a next asset is selected for analysis, and the steps are repeated for the next asset. If no further assets are subject to compromise, then the process ends). 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Thrower for implementing a network attack detection to a selected set of assets. The teachings of Thrower, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to determine whether or not an attack is detected. One of ordinary skill in the art would be motivated to utilize the teachings of Thrower in the Teverovsky system in order to trigger the activation of another, more detailed analysis of assets when a determination is made that vulnerabilities associated with an asset is present.

As for claim 7, Teverovsky teaches all the limitations set forth above except wherein: a vulnerability is a control path in a directory environment; and the vulnerability is eliminated when a change closes the control path.  
However, it is well known in the art, to apply updates based on results of analyzing attack paths, as evidenced by Thrower.
Thrower discloses 
wherein a vulnerability is a control path in a directory environment  (col. 9, lines 40-44 describe existing access of the threat agent based on the resulting access that has been or would be attained as determined in a prior iteration of the attack path/chain reactions analysis controls or other settings based on results of analyzing attack paths); and the vulnerability is eliminated when a change closes the control path (col. 9, lines 4-17 and describe updates are applied based on results of analyzing attack paths/chain reactions between a threat/threat agent and asset, the updates include editing, adding, deleting, or modifying controls or other settings, and the updates prevent an attacker from gaining access to an asset).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Thrower for implementing updates to attack paths/chain reactions between a threat and an asset. The teachings of Thrower, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to eliminate an attack. One of ordinary skill in the art would be motivated to utilize the teachings of Thrower in the Teverovsky system in order to prevent an attacker from gaining access to an asset (Thrower: col. 9, lines 10-11).

As for claim 14, Teverovsky teaches wherein the instructions further cause the one or more computers to perform procedures include extracting and returning the information relating to the change from the replication service (paragraph [0072] describes executable instructions executed by a computer to perform methods ; paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraph [0044] describes parsing functions include multiple parsing functions to interpret different types of change events, e.g. a first parsing function is used to parse directory synchronization events, the parsing function determine the portion of the active directory affected by the change event, translates data values of the change event to domain attributes names/identifiers which are used to determine the directory change type for the change event) and wherein the computer program code further cause the one or more processors to perform the step of detecting the vulnerability (paragraph [0072] describes executable instructions executed by a computer to perform methods; paragraph [0053] describes data stored in the data store are analyzed to discover inconsistencies which are referred to as anomalies, discrepancies, intrusions etc.).
Teverovsky fails to teach wherein perform procedures include repeating steps and wherein perform step includes repeating the step.
However, it is well known in the art, to repeat steps for detecting an attack, as evidenced by Thrower.
Thrower discloses wherein perform procedures include repeating steps and wherein perform step includes repeating the step (Fig. 7; steps 704-714; col. 11, lines 15-44 describe a process of determining vulnerabilities associated with an asset, the process goes through multiple steps (704-712),  after determining an attack path or chain reaction for one asset (710), it is determined whether additional assets are also vulnerable, if so, a next asset is selected for analysis, and the steps are repeated for the next asset). 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Thrower for implementing a network attack detection to a selected set of assets. The teachings of Thrower, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to determine whether or not an attack is detected. One of ordinary skill in the art would be motivated to utilize the teachings of Thrower in the Teverovsky system in order to trigger the activation of another, more detailed analysis of assets when a determination is made that vulnerabilities associated with an asset is present.

As for claim 15, Teverovsky teaches all the limitations set forth above except wherein: a vulnerability is a control path in a directory environment; and the vulnerability is eliminated when a change closes the control path.  
However, it is well known in the art, to apply updates based on results of analyzing attack paths, as evidenced by Thrower.
Thrower discloses 
wherein a vulnerability is a control path in a directory environment  (col. 9, lines 40-44 describe existing access of the threat agent based on the resulting access that has been or would be attained as determined in a prior iteration of the attack path/chain reactions analysis controls or other settings based on results of analyzing attack paths); and the vulnerability is eliminated when a change closes the control path (col. 9, lines 4-17 and describe updates are applied based on results of analyzing attack paths/chain reactions between a threat/threat agent and asset, the updates include editing, adding, deleting, or modifying controls or other settings, and the updates prevent an attacker from gaining access to an asset).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Thrower for implementing updates to attack paths/chain reactions between a threat and an asset. The teachings of Thrower, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to eliminate an attack. One of ordinary skill in the art would be motivated to utilize the teachings of Thrower in the Teverovsky system in order to prevent an attacker from gaining access to an asset (Thrower: col. 9, lines 10-11).

Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Teverovsky (US 2019/0281010) in view of Pietrowicz et al. (US 2017/0299633), hereinafter Pietrowicz.

As for claim 8, Teverovsky teaches wherein the information is from a replication service (paragraphs [0035] and [0037] describe change events of the directory service is requested by a synchronization mechanism).
Teverovsky fails to teach wherein a step of extracting the information is initiated by a backend system of a security service provider, and wherein a step of detecting a vulnerability is performed by the backend system.  
However, it is well known in the art, to perform intrusion detection using a system, as evidenced by Pietrowicz.
Pietrowicz discloses
wherein a step of extracting the information is initiated by a backend system of a security service provider (paragraphs [0225]-[0228] describe an intrusion detection subsystem inspects network traffic for suspicious activity and generates alerts; functions detect packets that contain a FAN network layer, analyzes FAN network layer to detect CRC checksum, a MAC address and a FAN network ID, the acts of analyzing and detecting data are interpreted as extraction data), and wherein a step of detecting a vulnerability is performed by the backend system (paragraphs [0225] and [0229] describe the intrusion detection subsystem detects suspicious activity).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Pietrowicz for implementing an intrusion detection subsystem. The teachings of Pietrowicz, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to collect, analyze sample data and detects suspicious activities. One of ordinary skill in the art would be motivated to utilize the teachings of Pietrowicz in the Teverovsky system in order to prevent malicious activities which may causes great damages to a system.

As for claim 9, Teverovsky teaches all the limitations set forth above except displaying a warning at a backend system when a vulnerability is detected.
However, it is well known in the art, to issue alerts when suspicious network activities are detected, as evidenced by Pietrowicz.
Pietrowicz discloses displaying a warning at a backend system when a vulnerability is detected (paragraph [0225] describes when a rule detects suspicious activity the subsystem logs alerts in a database and sends the alerts to administrator via email, paragraph [0119] describes alerts are generated when anomalies and behavior satisfy a rule set and behavior analytics, the alerts are transmitted to security incident and event management systems).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Pietrowicz for transmitting alerts to management systems. The teachings of Pietrowicz, when implemented in the Teverovsky system, will allow one of ordinary skill in the art to manage suspicious activities. One of ordinary skill in the art would be motivated to utilize the teachings of Pietrowicz in the Teverovsky system in order to handle a suspicious event.

Claims 16, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Teverovsky (US 2019/0281010) in view of Gorodissky et al. (US 2019/0149572), hereinafter Gorodissky.

As for claim 16, Teverovsky teaches all the limitations set forth above except wherein: one or more processors; and one or more computer-readable memories are provided as a backend system of a security service provider.  
However, it is well known in the art, to implement a backend system to monitor a system behavior, as evidenced by Gorodissky.
Gorodissky discloses wherein: one or more processors; and one or more computer-readable memories are provided as a backend system of a security service provider (paragraph [0076] describes processors and computer readable storage medium of a remote computing device of a penetration testing system that performs security vulnerability detection).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Gorodissky for implementing a remote computing device of a testing system. The teachings of Gorodissky when implemented in the Teverovsky system, will allow one of ordinary skill in the art to manage suspicious and malicious activities. One of ordinary skill in the art would be motivated to utilize the teachings of Gorodissky in the Teverovsky system in order to provide a tester of penetration testing systems with greater flexibility in controlling a method of validation of potential vulnerabilities employed during a penetration testing process (Gorodissky: paragraph [0048]).

As for claim 17, Teverovsky teaches all the limitations set forth above except wherein a computer program code further causes the one or more processors to cause a warning to be displayed at the backend system when the vulnerability is detected.  
However, it is well known in the art, to display a report of a security vulnerability of a networked system, as evidenced by Gorodissky.
Gorodissky discloses wherein a computer program code further causes the one or more processors to cause a warning to be displayed at the backend system when a vulnerability is detected (paragraph [0076] describes a remote computer device (i.e. backend) comprises processors executing program instructions to perform a method including report at least one security vulnerability of the networked system, the reporting comprises causing a display device to display a report containing information about the security vulnerability of the networked system).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Gorodissky for providing a reporting regarding a security vulnerability. The teachings of Gorodissky when implemented in the Teverovsky system, will allow one of ordinary skill in the art to manage suspicious and malicious activities. One of ordinary skill in the art would be motivated to utilize the teachings of Gorodissky in the Teverovsky system in order to provide information about imminent security vulnerability so that a system will prepare to eliminate the security threat.

As for claim 20, Teverovsky teaches wherein the system monitors a directory environment (paragraphs [0033]-[0034] describe a monitoring agent executes code to monitor synchronization data sent from and receive by the domain controllers).
Teverovsky fails to teach wherein a computer program code further causes one or more processors to cause a warning to be displayed at a client-side system responsive to receiving an indication from a system that a vulnerability is detected.  
However, it is well known in the art, to display a report of a security vulnerability of a networked system, as evidenced by Gorodissky.
Gorodissky discloses wherein a computer program code further causes the one or more processors to cause a warning to be displayed at a client-side system when a vulnerability is detected (paragraph [0076] describes a remote computer device  comprises processors executing program instructions to perform a method including report at least one security vulnerability of the networked system, the reporting comprises causing a display device to display a report containing information about the security vulnerability of the networked system).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Gorodissky for providing a reporting regarding a security vulnerability. The teachings of Gorodissky when implemented in the Teverovsky system, will allow one of ordinary skill in the art to manage suspicious and malicious activities. One of ordinary skill in the art would be motivated to utilize the teachings of Gorodissky in the Teverovsky system in order to provide information about imminent security vulnerability so that a system will prepare to eliminate the security threat.

Conclusions

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Hacheri et al. (US 7,200,869 B1) teach method for protecting domain data against unauthorized modification
Hutchinson et al. (US 2017/0353453) teach principal access determination in an environment
Govindavajhala et al. (US 2009/0271863) teach identifying unauthorized privilege escalations

Any inquiry concerning this communication or earlier communications from the examiner should be directed to L. T N. whose telephone number is (571)272-1013.  The examiner can normally be reached on M & Th 5:30 am - 2:30 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on 571-272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/LINH T. NGUYEN/Examiner, Art Unit 2459