DETAILED ACTION

Currently pending claims are 1 – 14 and 16 – 34 (newly added claims 30 – 34).

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/17/2022 has been entered.


Response to Arguments

Applicant's arguments with respect to the subject matter of the instant claims have been fully considered but are not persuasive.
As per claim 1, Applicant asserts prior-art(s) does not teach the newly amended claim element such as “a time-based exit condition that resets the state machine after a predetermined amount of time selected according to a type of computing object” (Remarks: Page 12 / 2nd).  Examiner respectfully disagrees with the following rationale.  
(a) Telesco (Col. 12 Line 30 – 43) teaches a particular type of computing object such as a computer I/O device input from an unauthorized user constitutes a type of computing object (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible and thus being construed as a timing-sensitive malware event w.r.t. one type of time-based exit conditions especially when in view of monitoring the health of the computing system, which is also qualified as one type of watchdog time-out events by ordinary skills in the art (Telesco: FIG. 17 / E-68) to allow dynamically adapt to varying levels of security threats (Telco: Col. 12 Line 40 – 43 & FIG. 17 / E-68) as needed; and  
(b) On the other hand, Examiner notes nowhere in the disclosure of the instant specification does exactly and specifically indicate to reset the state machine after a predetermined amount of time according to a type of computing object  because 
(b-1) Applicant points out the support on the newly amended claim element can be found in SPEC [0172], [0102] – [0103] and [0174] (Remarks: Page 10); however, Examiner notes the respective disclosure merely indicates that a predetermined time window can be determined (adjusted) based on a type of computing object to preserve a particular computing object (e.g. a data file or a network address) in a rolling buffer (i.e. a data recorder) when presented in a sequence of events and would be overwritten (removed) after exceeding (or older) than a predetermined time window such as one week or three months, and etc., (SPEC [0103] / [0102]) – such a data backup policy has nothing to do with the amended claim lanugage such as to reset the state machine after a predetermined amount of time according to a type of computing object and 
(b-2) in view of that, Examiner notes the disclosure of SPEC, at most, just disclose to reset the state machine after a predetermined amount of time in a particular state (SPEC: Para [0179] Last sentence) while nowhere in the SPEC does indicate what kind of (qualified) particular state would do so (how, when and what) to reset the state machine after a predetermined amount of time.  
(c) As such Applicant's arguments are respectfully traversed.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 4, 23 & 24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea.

Step 1: 
With regard to claims 1, 4, 23 and 24, the claims are recited as being directed to a computer program product, a method and an endpoint respectively.  

Step 2A Prong One:
These claim limitations appear to recite “Mental Processes” to monitor the transition in a state machine with a sequence of events / states that are merely abstract – i.e. the claims are merely done by human mental analysis using well-understood and conventional functional descriptive material of a state machine previously known to the pertinent industry to monitor for an occurrence of a sequence of events / states. The claims appears to recite the concepts in a high level of generality capturing concepts which may be performed within a human mind.

Step 2B Prong Two:
With regard to claims 1, 4, 23 and 24, The claims recite additional elements as follow.
deploying the event handler as an event-based state machine for use by a local security agent executing on the endpoint in detection of malware; 
            monitoring events on the endpoint with the event handler; 
            detecting the instance of the malware on the endpoint based upon an occurrence of the the terminal event during the terminal states; and 
            in response to detecting the instance of the malware, initiating remediation of  the instance of the malware on the endpoint.  

These claim limitations appear to merely add the use of generic computer components which are merely executing the abstract idea within a computer device (terminal). (See MPEP 2106.05(b))   

As such, when viewed as an ordered combination, the claim appears to recite a series of mental processes which are being executed by generic computing devices and do not appear to amount to significantly more than the abstract idea itself to subtly incorporates specific details of patentable features into an implementation.

Based on the above analysis the claims 1, 4, 23 and 24 have been determined to not be eligible subject matter under 35 USC 101.  Any other claims not addressed are rejected by virtue of their dependency.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 4, 23 & 24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  Examiner notes a new matter of resetting the state machine after a predetermined amount of time according to a type of computing object was amended and added into the claim limitation in the RCE application filed on 2/17/2022, which is rejected under 35 U.S.C. 112, first paragraph as failing to comply with the written description requirement because: 
(a) Applicant points out the support on the newly amended claim element can be found in SPEC [0172], [0102] – [0103] and [0174]; however, Examiner notes the respective disclosure merely indicates that a predetermined time window can be determined (adjusted) based on a type of computing object to preserve a particular computing object (e.g. a data file or a network address) in a rolling buffer (i.e. a data recorder) when presented in a sequence of events and would be overwritten (removed) after exceeding (or older) than a predetermined time window such as one week or three months, and etc., (SPEC [0103] / [0102]) – such a data backup policy has nothing to do with the amended claim lanugage such as to reset the state machine after a predetermined amount of time according to a type of computing object and 
(b) in view of that, Examiner notes the disclosure of SPEC, at most, just disclose to reset the state machine after a predetermined amount of time in a particular state (SPEC: Para [0179] Last sentence) while nowhere in the SPEC does indicate what kind of (qualified) particular state would do so (how, when and what) to reset the state machine after a predetermined amount of time.  Any other claims not addressed are rejected by virtue of their dependency.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 – 11, 16 – 20, 22 – 24, 27 & & 29 – 34  (PART – I / 2) are rejected under 35 U.S.C. 103 as being unpatentable over Telesco et al. (U.S. Patent 7,249,381). 

As per claim 1, 4, 23 and 24 (PART – I / 2), Telesco teaches a computer program product comprising computer executable code embodied in a non- transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:

identifying a sequence of events associated with malware on an endpoint (Telesco: Figure 15 / E-66, E-19(a) & Figure 17, Col. 20 Line 21 – 44, Col. 12 Line 31 – 33 and Col. 11 Line 63 – 67, Col. 18 Line 60 – Col. 19 Line 48 and Col. 2 Line 41 – 48: 
(a) providing a simple version of state machine with an event handler (Telesco: Col. 20 Line 21 – 26) to (b) detect an unauthorized access to a computing system (i.e. endpoint) when it is triggered (invoked) by a new received message (i.e. event data) from a malicious entity to filter (i.e. capture / analyze) for determining an unauthorized access and to generate a security alarm as needed (Telesco: Col. 20 Line 33 – 37, Col. 12 Line 31 – 33 and Col. 11 Line 63 – 67) – i.e. (c) monitoring (tracing) and analyzing a sequence of events associated with a malicious (anomaly) activity (i.e. a malware attack as an action by an instance of the malware, as recited) on a target terminal (endpoint) device));
configuring an event handler for use with the endpoint as a state machine, the state machine comprising a plurality of states arranged sequentially from an initial state to a terminal state, each one of the plurality of states corresponding to a monitoring state for one of the sequence of events associated with the malware, and each one of the plurality of states configured to monitor for an occurrence of the one of the sequence of events (Telesco: see above & Col. 12 Line 35 – 43, Col. 20 Line 21 – 44 and Col. 18 Line 60 – Col. 19 Line 48: 
(1) Telesco implementing a simple state machine with a simple event handler to establish an improved security (or security protection) resource management system (Telesco: Col. 4 Line 39 – 47 and Col. 20 Line 21 – 26) to detect an unauthorized access to a computing device (as one type of malwares) when it is triggered (invoked) by a new received message (i.e. new event data) from a malicious entity to filter (i.e. capture / analyze) for determining an unauthorized access so as to generate a security alarm as needed (Telesco: Col. 20 Line 33 – 37, Col. 12 Line 31 – 33 and Col. 11 Line 63 – 67) – As such, Telesco’s state machine is qualified as a malware detection state machine – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0178] – [0180]: using a state machine during a process of detecting a potential malware (i.e. reaching a compromised security state)); and besides,
(2) With respect to improved security (or security protection: see above), Telesco teaches designating a first event as an initial event to invoke (trigger) the use of a particular device configuration (when rebooting the system) to dynamically adapt to varying levels of security threats (e.g. unauthorized access to different type of data) (Telesco: Col. 12 Line 35 – 43), wherein the device configurations are depending on the current or expected security threat level for the computing system (w.r.t. unauthorized access to different type of data) (Telesco: Col. 12 Line 37 – 39) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0180] Line 5 – 8: a first (initial) event is triggered for detecting a particular malware instance); and 
(3) Telesco also teaches using a second event as a terminal event (e.g. any event other than the initial event) for checking (detecting) the access authorization) associated with filtering (i.e. capturing / analyzing) a new message (access request) to trigger a simple version of state machine for security protection (e.g. determining unauthorized access) (Telesco: FIG. 17 / E-72 & Col. 20 Line 21 – 26 / Line 33 – 37 and Col. 11 Line 63 – 67) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0180] Line 3 – 4: a second event is a terminal event);
wherein each one of the plurality of states is further configured to respond to the occurrence of the one of the sequence of events by transitioning to a next sequential one of the plurality of states where the event handler monitors for a next sequential one of the sequence of events associated with the malware and to respond to an exit condition by returning to the initial state, wherein the exit condition for at least one of the plurality of states includes a time-based exit condition that resets the state machine after a predetermined amount of time selected according to a type of computing object (Telesco: see above & FIG. 17 / E-68 & Col. 12 Line 31 – 34, Col. 20 Line 21 – 23 / Line 27 – 28 and Col. 2 Line 30 – 34: 
(4) Telesco provides a malware detection with effective exit condition rule – for example, to enable checking (i.e. monitoring) computer system incoming events for unauthorized access before the data can make its way too deep into the computer where it can cause more serious problems to the entire computer system – i.e. effectively managing and terminating the current unauthorized access request as needed (Telesco: Col. 12 Line 31 – 34) and as such, upon exiting from the detection of an unauthorized access (i.e. the compromised security state), the system can continue the simple version of state machine to continuously monitoring new access requests for security protection (Telesco: Col. 20 Line 21 – 23); and   
(5) Besides, Telesco also teaches providing a time-base event as another type of exit conditions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of the computing system and resource management (e.g. a process insufficency to freeze the computing system and resource management or to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33)) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state to continuously monitoring the incoming system events by the simple version of state machine with an improved security (or security protection: see above) (Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 27 – 28 and Col. 2 Line 30 – 34)); besides,
(6) Furthermore, Telesco (Col. 12 Line 30 – 43) teaches a particular type of computing object such as a computer I/O device input from an unauthorized user constitutes a type of computing object (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible and thus being construed as a timing-sensitive malware event w.r.t. one type of time-based exit conditions especially when in view of monitoring the health of the computing system, which is also qualified as one type of watchdog time-out events by ordinary skills in the art (Telesco: FIG. 17 / E-68) to allow dynamically adapt to varying levels of security threats (Telco: Col. 12 Line 40 – 43 & FIG. 17 / E-68) as needed; 
(7) On the other hand, Examiner notes nowhere in the disclosure of the instant specification does exactly and specifically indicate to reset the state machine after a predetermined amount of time according to a type of computing object because the disclosure of SPEC, at most, just disclose to reset the state machine after a predetermined amount of time in a particular state (SPEC: Para [0179] Last sentence) while nowhere in the SPEC does indicate what kind of (qualified) particular state would do so (how, when and what) to reset the state machine after a predetermined amount of time; and  
(8) As such, Examiner notes It would have been obvious to a person of ordinary skill in the art to recognize to reset the state machine after a predetermined amount of time according to a type of computing object such as a computer I/O device input from an unauthorized user as one type of computing objects (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33). 
           and further wherein the event handler is configured to respond to a terminal event in the sequence of events during the terminal state by identifying an instance of the malware on the endpoint (Telesco: see above);
        deploying the event handler as an event-based state machine for use by a local security agent executing on the endpoint in detection of malware (Telesco: see above & Col. 20 Line 30 – 37); 
        monitoring events on the endpoint with the event handler (Telesco: see above); 
        detecting the instance of the malware on the endpoint based upon an occurrence of the the terminal event during the terminal states (Telesco: see above); and 
        in response to detecting the instance of the malware, initiating remediation of  the instance of the malware on the endpoint (Telesco: see above & Figure 20 / E-6 and Col. 20 Line 40 – 44: sending an alert message (security alarm) to the system and users).  

As per claim 2 – 3, Telesco teaches wherein the one or more computing devices includes the endpoint (Telesco: see above & Col. 2 Line 41 – 48: using a finite state machine automata to monitor and trace a sequence of events associated with (anomaly) malware on a target terminal (endpoint) device in a local or remote networking environment).  

As per claim 5, Telesco teaches monitoring events on the endpoint with the event handler (Telesco: see above and Col. 17 Line 66 – 67).  

As per claim 6, Telesco teaches wherein the second one of the sequence of events is the terminal event (Telesco: see above).  

As per claim(s) 7 – 8, 11 and 22, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.   

As per claim 9, Telesco teaches wherein at least one of the sequence of events includes a multi-parameter event (Telesco: see above and Col. 20 Line 30 – 44: receiving a new message that may include a protocol type, source, destination, IP / MAC addresses, payload data and etc. in a local or remote networking environment).  

As per claim 10, Telesco teaches wherein the first one of the sequence of events is an initial one of the sequence of events (Telesco: see above and Figure 17 / E-69 & E-70 and Col. 12 Line 35 – 43: designating a first event as an initial event to invoke (trigger) the use of a particular device configuration (when rebooting the system) to dynamically adapt to varying levels of security threats (e.g. unauthorized access to different type of data) (Telesco: Col. 12 Line 35 – 43), wherein the device configurations are depending on the current or expected security threat level for the computing system (w.r.t. unauthorized access to different type of data) (Telesco: Col. 12 Line 37 – 39) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0180] Line 5 – 8: a first (initial) event is triggered for detecting a particular malware instance).  

As per claim 16, Telesco teaches wherein the exit condition includes a time limit for detection of the malware (Telesco: see above and Col. 18 Line 44 – 48: a TIMEOUT event).  

As per claim 17, Telesco teaches wherein the event handler includes a plurality of exit conditions that return the event handler to the first state (Telesco: see above & FIG. 17 / E-68 & Col. 12 Line 31 – 34, Col. 20 Line 21 – 23 / Line 27 – 28 and Col. 2 Line 30 – 34: 
(a) Telesco teaches providing a malware detection with effective exit condition rule – for example, to enable checking (i.e. monitoring) computer system incoming events for unauthorized access before the data can make its way too deep into the computer where it can cause more serious problems to the entire computer system – i.e. effectively managing and terminating the current unauthorized access request as needed (Telesco: Col. 12 Line 31 – 34) and as such, upon exiting from the detection of an unauthorized access (i.e. the compromised security state), the system can continue the simple version of state machine to effectively enable continuous monitoring of new access requests for security protection (Telesco: Col. 20 Line 21 – 23) and 
(b) Telesco teaches providing a time-base event as one type of exit contions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of controller and resource management (e.g. a process insufficency to freeze the control and resource management) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state so as to continue monitoring the incoming system events (Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 27 – 28 and Col. 2 Line 30 – 34) and (b) returning back to an INIT / IDLE state designated as a new started instance waiting for a new incoming security event is a cyclic nature of an usage of a state machine so as to continue monitoring the incoming system events).  

As per claim 18, Telesco teaches wherein the sequence of events includes at least one event from a computing object selected from a group consisting of a data file, a process, an application, a registry entry, a network address, and a peripheral device (Telesco: see above & Col. 20 Line 30 – 44: receiving a new message that may include a protocol type, source, destination, IP / MAC addresses, payload data and etc. in a local or remote networking environment).  

As per claim 19, Telesco teaches wherein the sequence of events includes at least one event from a network address selected from a group consisting of a uniform resource locator (URL), an internet protocol (IP) address, and a domain name (Telesco: see above & Col. 12 Line 15 – 20 and Col. 2 Line 41 – 48: at least validating the network source address and checking unauthorized data access).  

As per claim 20, Telesco teaches wherein the sequence of events includes at least one event from a peripheral device selected from a group including at least one of a universal serial bus (USB) memory, a network interface card, a camera, a printer, a mouse and a keyboard (Telesco: see above & Col. 12 Line 15 – 20 and Col. 2 Line 41 – 48: (e.g.) a network interface card). 

As per claim 27, Telesco teaches wherein the state machine is implemented as a thread that is woken up to update a current state in response to an event and applies a local rule to determine whether to transition to another state in response to the event (Telesco: see above & Figure 17 / E-86, E-72 & E-73: a thread (FIG. 17 / E-86) of multi-tasking is implemented to update a state (FIG. 17 / E-73) of secure communications based upon a system security event (FIG> 17 / E-72) – e.g. an unauthorized event). 

As per claim 29 & 34, the claims contain(s) similar limitations to claim 1 and thus is rejected with the same rationale.

As per claim 30, Telesco teaches wherein the initial state has a shared scope to prevent multiple threads from launching in response to multiple occurrences of the initial event (Telesco: see above & Col. 20 Line 27 – 37: (e.g.) in response to an initial state after a computer system boot and receiving multiple occurrences of the initial event such as an interrupt (event) along with a new incoming message (event), the system can immediately invoke an integral thread (“NOT” separate or mutiple threads) so as to launch a system security function to filter and analyze for unauthorized access to the system simply based on the received data).  

As per claim 31, Telesco teaches wherein the predetermined amount of time is further selected according to a likelihood of a security event originating from the type of computing object (Telesco: see above & Col. 12 Line 30 – 43, Col. 12 Line 31 – 33 & FIG. 17 / E-68: (a) allowing dynamically adapt to varying levels of security threats (i.e. based on a likelihood of a security event as recited) (Telco: Col. 12 Line 40 – 43 & FIG. 17 / E-68), (b) a particular type of computing object such as a computer I/O device input from an unauthorized user constitutes a type of computing object (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible and thus being construed as a timing-sensitive malware event w.r.t. one type of time-based exit conditions especially when in view of monitoring the health of the computing system, which is also qualified as one type of watchdog time-out events by ordinary skills in the art – as such, (c) Examiner notes It would have been obvious to a person of ordinary skill in the art to recognize to select a predetermined amount of time according to a likelihood of a security event (as recited) before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible in view of the severity of the unauthorized attacks).

As per claim 32 & 33, Telesco teaches wherein the predetermined amount of time is further selected based on a reputation of the computing object (Telesco: see above & claim 31: the severity of the unauthorized attacks associated with the computing object (i.e. (e.g.) associated I/O controller (peripheral devie) input data) constitutes a reputation of the computing object). 

Claims 13 (& 12), 14 and 21 (PART – I / 2) are rejected under 35 U.S.C. 103 as being unpatentable over Telesco et al. (U.S. Patent 7,249,381), in view of Brenzinski et al. (U.S. Patent 9,225,730).  

As per claim 13, Brenzinski (& Telesco) teaches identifying the sequence of events includes traversing an event graph among a sequence of causal events in reverse chronological order to a root cause of the malware (Brenzinski: Co. 4 Line 52 – 67 and Col. 11 Line 57 – 64: (a) a sequence of state graph can be traversed to identify anomalous activity included in the state gragh starting from a start vertex and the graph can be traversed either by a depth-first or a breadth-first manner and (b) the traversed can be performed based on a time-stamp attribute such that the traversal is in accordance with a desired timly chronological order).  
            It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Brenzinski within the system of Telesco because (a) Telesco teaches providing a malware (e.g. network intrusion) management system that designates a sequence of events (w.r.t. a target device) which includes malicius activities monitored and analyzed by a sequence of states / events (see above), and (b) Brenzinski teaches effectively providing a sequence of state graph which can be traversed to identify anomalous activity included in the state gragh starting from a start vertex (a root acuse) and the graph can be traversed either by a depth-first or a breadth-first manner for analysis (see above). 

As per claim 12, Brenzinski (& Telesco) teaches providing a scripting language for configuring the event handler (Brenzinski: Col. 8 Line 1 – 4: using a Java-script). See the same rationale of combination applied herein as above in rejecting the claim 13.

As per claim 14, Brenzinski (& Telesco) teaches providing the event handler includes creating the sequence of events based on a forward traversal of the event graph (Brenzinski: see above & Col. 11 Line 57 – 60: forward traversing the state graph). 

As per claim 21, Brenzinski (& Telesco) teaches wherein the sequence of events includes at least one file operation selected from a group consisting of a read, a write, an open, a move, a copy and a delete (Brenzinski: Col. 3 Line 15 – 16: (e.g.) accessing (reading) a password file). See the same rationale of combination applied herein as above in rejecting the claim 13.

---------------------------------------------------------------------------------------------------------------------

Claims 1 – 11, 16 – 20, 22 – 24, 27 & 29 – 34 are rejected under 35 U.S.C. 103 as being unpatentable over Lei et al. (NPL - MeadDroid: Detecting Monetary Theft Attacks in Android by DVM Monitoring), in view of Telesco et al. (U.S. Patent 7,249,381).  

As per claim 1, 4, 23 and 24 (PART – II / 2), Lei teaches a computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
identifying a sequence of events associated with malware on an endpoint (Lei: Abstract, Figure 2 & Sec. 1 / 4th Para, Sec. 2.2 and Sec. 2.3: Lei teaches constructing and deploying a light-weight finite state machine (FSM) (Sec. 1 / 4th Para / Line 24 – 28) on a smart-phone device for real-time detection on malware attacks (e.g. monetary theft attacks) using information obtained from event data such as monitoring the API calls and tracking the user inputs); 
configuring an event handler for use with the endpoint as a state machine, the state machine comprising a plurality of states arranged sequentially from an initial state to a terminal state, each one of the plurality of states corresponding to a monitoring state for one of the sequence of events associated with the malware, and each one of the plurality of states configured to monitor for an occurrence of the one of the sequence of events (Lei: Abstract, Figure 2 & Sec. 1 / 4th Para, Sec. 2.2 and Sec. 2.3: the FSM (Figure 2) includes an initial state “1” along with a plurality of states arranged sequentially from an initial state to a terminal state (i.e. transitioning between states of the FSM) corresponding to a monitoring state for monetary theft attacks w.r.t. the event data such as sending APIs (application interface call) or calling SMS (short message service)), 
wherein each one of the plurality of states is further configured to respond to the occurrence of the one of the sequence of events by transitioning to a next sequential one of the plurality of states where the event handler monitors for a next sequential one of the sequence of events associated with the malware and to respond to an exit condition by returning to the initial state (Lei: see above & Figure 2: by the nature of finite state machine (FSM), the exit condition is defaut to the initial state such that the system can continue the light-weight state machine to continuously monitoring new incoming API call (or SMS servcice) for security protection after reaching a conclusive state).
However, Lei does not disclose expressly wherein the exit condition for at least one of the plurality of states includes a time-based exit condition that resets the state machine after a predetermined amount of time selected according to a type of computing object.
Telesco (& Lei) teaches wherein the exit condition for at least one of the plurality of states includes a time-based exit condition that resets the state machine after a predetermined amount of time selected according to a type of computing object (Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 21 – 44, Col. 2 Line 30 – 34, Col. 20 Line 21 – 44, Col. 12 Line 31 – 33 and Col. 11 Line 63 – 67, Col. 18 Line 60 – Col. 19 Line 48 and Col. 2 Line 41 – 48: (a) providing a simple version of state machine with an event handler (Telesco: Col. 20 Line 21 – 26) for detecting a malware attack (unauthorized access) to a computing system (i.e. endpoint) when it is triggered (invoked) by a new received message (i.e. event data) from a malicious entity and (b) furthe utilizing a time-base event as another type of exit conditions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of the computing system and resource management (e.g. a process insufficency to freeze the computing system and resource management) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state to continuously monitoring the incoming system events; and besides,
(a) Telesco provides a malware detection with effective exit condition rule – for example, to enable checking (i.e. monitoring) computer system incoming events for unauthorized access before the data can make its way too deep into the computer where it can cause more serious problems to the entire computer system – i.e. effectively managing and terminating the current unauthorized access request as needed (Telesco: Col. 12 Line 31 – 34) and as such, upon exiting from the detection of an unauthorized access (i.e. the compromised security state), the system can continue the simple version of state machine to continuously monitoring new access requests for security protection (Telesco: Col. 20 Line 21 – 23); and   
(b) Telesco also teaches providing a time-base event as another type of exit conditions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of the computing system and resource management (e.g. a process insufficency to freeze the computing system and resource management or to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33)) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state to continuously monitoring the incoming system events by the simple version of state machine with an improved security (or security protection: see above) (Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 27 – 28 and Col. 2 Line 30 – 34)); and
(c) Furthermore, Telesco (Col. 12 Line 30 – 43) teaches a particular type of computing object such as a computer I/O device input from an unauthorized user constitutes a type of computing object (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible and thus being construed as a timing-sensitive malware event w.r.t. one type of time-based exit conditions especially when in view of monitoring the health of the computing system, which is also qualified as one type of watchdog time-out events by ordinary skills in the art (Telesco: FIG. 17 / E-68) to allow dynamically adapt to varying levels of security threats (Telco: Col. 12 Line 40 – 43 & FIG. 17 / E-68) as needed; 
(d) On the other hand, Examiner notes nowhere in the disclosure of the instant specification does exactly and specifically indicate to reset the state machine after a predetermined amount of time according to a type of computing object because the SPEC, at most, just disclose to reset the state machine after a predetermined amount of time in a particular state (SPEC: Para [0179] Last sentence) and nowhere in the SPEC does indicate what kind of (qualified) particular state to do so such as to reset the state machine after a predetermined amount of time; and  
(e) As such, Examiner notes It would have been obvious to a person of ordinary skill in the art to recognize to reset the state machine after a predetermined amount of time according to a type of computing object such as a computer I/O device input from an unauthorized user as one type of computing objects (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33); besides, 
            It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Telesco within the system of Lei because (a) Lei teaches constructing and deploying a light-weight finite state machine (FSM) on a smart-phone computing device for real-time detection on malware attacks (e.g. monetary theft attacks) using information from event data such as monitoring the API calls and tracking the user inputs (see above) and (b) Telesco provides implementing a simple version of state machine with an event handler to establish an improved security for detecting a malware attack (unauthorized access) and further utilizing a time-base event as another type of exit conditions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of controller and resource management (e.g. a process insufficency to freeze the computing system and resource management) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state to continuously monitoring the incoming system events by the simple version of state machine with an improved security (or security protection (see above). 
and further wherein the event handler is configured to respond to a terminal event in the sequence of events during the terminal state by identifying an instance of the malware on the endpoint (Lei: see above); 
deploying the event handler as an event-based state machine for use by a local security agent executing on the endpoint in detection of malware (Lei: see above); 
monitoring events on the endpoint with the event handler (Lei: see above); 
detecting the instance of the malware on the endpoint based upon an occurrence of the the terminal event during the terminal states (Lei: see above & Sec. 2.3: (e.g.) a detection of the sending frequency of API calls (or SMS services) too high); and 
in response to detecting the instance of the malware, initiating remediation of  the instance of the malware on the endpoint (Lei: see above & Sec. 2.3: sending an alert message (security alarm) to the user).  

As per claim 2 – 3, Lei as modified teaches wherein the one or more computing devices includes the endpoint (Lei: see above & Sec. 2.1) || (Telesco: see above & Col. 2 Line 41 – 48: using a finite state machine automata to monitor and trace a sequence of events associated with (anomaly) malware on a target terminal (endpoint) device in a local or remote networking environment).  

As per claim 5, Lei as modified teaches monitoring events on the endpoint with the event handler (Lei: see above) || (Telesco: see above and Col. 17 Line 66 – 67).  

As per claim 6, Lei as modified teaches wherein the second one of the sequence of events is the terminal event (Lei: see above) || (Telesco: see above).  

As per claim(s) 7 – 8, 11 and 22, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.   

As per claim 9, Lei as modified teaches wherein at least one of the sequence of events includes a multi-parameter event (Lei: see above: e.g. APPI call parameters) || (Telesco: see above and Col. 20 Line 30 – 44: receiving a new message that may include a protocol type, source, destination, IP / MAC addresses, payload data and etc. in a local or remote networking environment).  

As per claim 10, Lei as modified teaches wherein the first one of the sequence of events is an initial one of the sequence of events (Lei: see above) || (Telesco: see above and Figure 17 / E-69 & E-70 and Col. 12 Line 35 – 43: designating a first event as an initial event to invoke (trigger) the use of a particular device configuration (when rebooting the system) to dynamically adapt to varying levels of security threats (e.g. unauthorized access to different type of data) (Telesco: Col. 12 Line 35 – 43), wherein the device configurations are depending on the current or expected security threat level for the computing system (w.r.t. unauthorized access to different type of data) (Telesco: Col. 12 Line 37 – 39) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0180] Line 5 – 8: a first (initial) event is triggered for detecting a particular malware instance).  

As per claim 16, Lei as modified teaches wherein the exit condition includes a time limit for detection of the malware (Telesco: see above and Col. 18 Line 44 – 48: a TIMEOUT event).  

As per claim 17, Lei as modified teaches wherein the event handler includes a plurality of exit conditions that return the event handler to the first state (Lei: see above) || (Telesco: see above: (a) Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 27 – 28 and Col. 2 Line 30 – 34: Telesco teaches providing a time-base event as one type of exit contions w.r.t. the state machine such as a watchdog time-out event for monitoring the operation, especially, of the health of controller and resource management (e.g. a process insufficency to freeze the control and resource management) that would initiate a system re-boot and re-configure all system devices for returning the system back to the initial state so as to continue monitoring the incoming system events (Telesco: see above & FIG. 17 / E-68 & Col. 20 Line 27 – 28 and Col. 2 Line 30 – 34) and (b) returning back to an INIT / IDLE state designated as a new started instance waiting for a new incoming security event is a cyclic nature of an usage of a state machine so as to continue monitoring the incoming system events).  

As per claim 18, Lei as modified teaches wherein the sequence of events includes at least one event from a computing object selected from a group consisting of a data file, a process, an application, a registry entry, a network address, and a peripheral device (Lei: see above) || (Telesco: see above & Col. 20 Line 30 – 44: receiving a new message that may include a protocol type, source, destination, IP / MAC addresses, payload data and etc. in a local or remote networking environment).  

As per claim 19, Lei as modified teaches wherein the sequence of events includes at least one event from a network address selected from a group consisting of a uniform resource locator (URL), an internet protocol (IP) address, and a domain name (Lei: see above: e.g. a SMS message received over a network) || (Telesco: see above & Col. 12 Line 15 – 20 and Col. 2 Line 41 – 48: at least validating the network source address and checking unauthorized data access).  

As per claim 20, Lei as modified teaches wherein the sequence of events includes at least one event from a peripheral device selected from a group including at least one of a universal serial bus (USB) memory, a network interface card, a camera, a printer, a mouse and a keyboard (Lei: see above) || (Telesco: see above & Col. 12 Line 15 – 20 and Col. 2 Line 41 – 48: (e.g.) a network interface card). 

As per claim 27, Lei as modified teaches wherein the state machine is implemented as a thread that is woken up to update a current state in response to an event and applies a local rule to determine whether to transition to another state in response to the event (Lei: Figure 2 & Page 83 / 2nd Para / Line 1 – 6: the FSM of figure 2 is implemented as a part of thread manegement of a multi-tasking system) || (Telesco: see above & Figure 17 / E-86, E-72 & E-73: a thread (FIG. 17 / E-86) of multi-tasking is implemented to update a state (FIG. 17 / E-73) of secure communications based upon a system security event (FIG> 17 / E-72) – e.g. an unauthorized event). 

As per claim 29 & 34, the claims contain(s) similar limitations to claim 1 and thus is rejected with the same rationale.

As per claim 30, Lei as modified teaches wherein the initial state has a shared scope to prevent multiple threads from launching in response to multiple occurrences of the initial event (Telesco: see above & Col. 20 Line 27 – 37: (e.g.) in response to an initial state after a computer system boot and receiving multiple occurrences of the initial event such as an interrupt (event) along with a new incoming message (event), the system can immediately invoke an integral thread (“NOT” separate or mutiple threads) so as to launch a system security function to filter and analyze for unauthorized access to the system simply based on the received data) || (Lei: see above).  

As per claim 31, Lei as modified teaches wherein the predetermined amount of time is further selected according to a likelihood of a security event originating from the type of computing object (Telesco: see above & Col. 12 Line 30 – 43, Col. 12 Line 31 – 33 & FIG. 17 / E-68: (a) allowing dynamically adapt to varying levels of security threats (i.e. based on a likelihood of a security event as recited) (Telco: Col. 12 Line 40 – 43 & FIG. 17 / E-68), (b) a particular type of computing object such as a computer I/O device input from an unauthorized user constitutes a type of computing object (Note: this is consistent with the disclosure of the instant specification SPEC [0184]: a computing object as a process or a peripheral (I/O) device such as a mouse, a keyboard or a USB device), which can be associated with a security threat event (a malware event) so as to activate the BIOS in the booting of the computer device and device configuration before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible and thus being construed as a timing-sensitive malware event w.r.t. one type of time-based exit conditions especially when in view of monitoring the health of the computing system, which is also qualified as one type of watchdog time-out events by ordinary skills in the art – as such, (c) Examiner notes It would have been obvious to a person of ordinary skill in the art to recognize to select a predetermined amount of time according to a likelihood of a security event (as recited) before the unauthorized data can make its way too deep into the computer device (i.e. completely exiting and terminating the current process) (Telco: Col. 12 Line 31 – 33) in order to stop malware attacks immediately as soon as possible in view of the severity of the unauthorized attacks) || (Lei: see above).

As per claim 32 & 33, Lei as modified teaches wherein the predetermined amount of time is further selected based on a reputation of the computing object (Telesco: see above & claim 31: the severity of the unauthorized attacks associated with the computing object (i.e. (e.g.) associated I/O controller (peripheral devie) input data) constitutes a reputation of the computing object) || (Lei: see above). 

Claims 13 (& 12), 14 & 21 (PART – II / 2) are rejected under 35 U.S.C. 103 as being unpatentable over Lei et al. (NPL - MeadDroid: Detecting Monetary Theft Attacks in Android by DVM Monitoring), in view of Telesco et al. (U.S. Patent 7,249,381), and in view of Brenzinski et al. (U.S. Patent 9,225,730).  

As per claim 13, Brenzinski (& Lei as modified) teaches identifying the sequence of events includes traversing an event graph among a sequence of causal events in reverse chronological order to a root cause of the malware (Brenzinski: Co. 4 Line 52 – 67 and Col. 11 Line 57 – 64: (a) a sequence of state graph can be traversed to identify anomalous activity included in the state gragh starting from a start vertex and the graph can be traversed either by a depth-first or a breadth-first manner and (b) the traversed can be performed based on a time-stamp attribute such that the traversal is in accordance with a desired timly chronological order).  
            It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Brenzinski within the system of Lei because (a) Lei teaches constructing and deploying a light-weight finite state machine (FSM) on a smart-phone computing device for real-time detection on malware attacks (e.g. monetary theft attacks) using information from event data such as monitoring the API calls and tracking the user inputs (see above), and (b) Brenzinski teaches effectively providing a sequence of state graph which can be traversed to identify anomalous activity included in the state gragh starting from a start vertex (a root acuse) and the graph can be traversed either by a depth-first or a breadth-first manner for analysis (see above). 

As per claim 12, Brenzinski (& Lei as modified) teaches providing a scripting language for configuring the event handler (Brenzinski: Col. 8 Line 1 – 4: using a Java-script). See the same rationale of combination applied herein as above in rejecting the claim 13.

As per claim 14, Brenzinski (& Lei as modified) teaches providing the event handler includes creating the sequence of events based on a forward traversal of the event graph (Brenzinski: see above & Col. 11 Line 57 – 60: forward traversing the state graph). 

As per claim 21, Brenzinski (& Lei as modified) teaches wherein the sequence of events includes at least one file operation selected from a group consisting of a read, a write, an open, a move, a copy and a delete (Brenzinski: Col. 3 Line 15 – 16: (e.g.) accessing (reading) a password file). See the same rationale of combination applied herein as above in rejecting the claim 13.


Claims 25 – 26 & 28 (PART – I / 2) are rejected under 35 U.S.C. 103 as being unpatentable over Telesco et al. (U.S. Patent 7,249,381), in view of Ogg et al. (U.S. Patent 7,490,065).  

As per claim 25, Ogg (& Telesco) teaches wherein state information for the state machine is retained across a restart of the computing device (Ogg: Figure 6 & Col. 25 Line 9 – 12 Line 18 – 25 and Col. 7 Line 60 – 62: utilizes a finite state machine to manage, monitor and prevent access to secure resource by unathorized malware (or malicious users) – e.g. authentication (logon/logoff), session management, access control and etc. and allowing for atomic state transitions to retain state information across rebooting w/o losing the crucial securiy information (Ogg: Col. 25 Line 18 – 25)) || (Telesco: see above).
            It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Ogg within the system of Telesco because (a) Telesco teaches providing a malware (e.g. network intrusion) management system that designates a sequence of events (w.r.t. a target device) which includes malicius activities monitored and analyzed by a sequence of states / events (see above), and (b) Ogg teaches effectively utilizes a finite state machine to manage, monitor and prevent access to secure resource by unathorized malware (or malicious users) – e.g. authentication (logon/logoff), session management, access control and etc. and allowing for atomic state transitions to retain state information across rebooting w/o losing the crucial securiy information (see above). 

As per claim 26, Ogg (& Telesco) teaches wherein the endpoint provides event sequence information to a remote threat management facility and receives state updates from the remote threat management facility (Ogg: see above (finite state machine) & Col. 4 Line 66 – Col. 5 Line 4, Col. 25 Line 9 – 12 and Col. 34 Line 38 – 61: (a) an authentication server constitutes a remote threat management facility, as recited (b) a client device sends logon credential information such as a set of user ID / password to the server that constitutes event sequence information and (c) the authentication server (as a remote threat management facility) validate the submitted information from the active client device and determine whether the active user has an appropriate role as an authorized user to access the secure information and enable the client device to update, at least, the state information (e.g. an authetication state of either authentication pass or failure) that constitutes associated state update information) || (Telesco: see above).  See the same rationale of combination applied herein as above in rejecting the claim 25.

As per claim 28, Ogg (& Telesco) teaches wherein the event handler incrementally performs event analysis by transitioning to a next state without storing a corresponding state event (Ogg: see above (finite state machine) & Col. 25 Line 18 – 25: there are two types of state information being managed by the security system: a persistent state that utilized a non-volatile memory to staore the state information into a NVRAM that can be retained during the restart or rebooting (see Claim 25); otherwise, a current state information is managed w/o using the NVRAM to store and maintain the corresponding state / event information persistently). 

Claims 25 – 26 & 28 (PART – II / 2) are rejected under 35 U.S.C. 103 as being unpatentable over Lei et al. (NPL - MeadDroid: Detecting Monetary Theft Attacks in Android by DVM Monitoring), in view of Telesco et al. (U.S. Patent 7,249,381), and in view of Ogg et al. (U.S. Patent 7,490,065).  

As per claim 25, Ogg (& Lei as modified) teaches wherein state information for the state machine is retained across a restart of the computing device (Ogg: Figure 6 & Col. 25 Line 9 – 12 Line 18 – 25 and Col. 7 Line 60 – 62: utilizes a finite state machine to manage, monitor and prevent access to secure resource by unathorized malware (or malicious users) – e.g. authentication (logon/logoff), session management, access control and etc. and allowing for atomic state transitions to retain state information across rebooting w/o losing the crucial securiy information (Ogg: Col. 25 Line 18 – 25)) || (Telesco: see above).
            It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teaching of Ogg within the system of Lei because (a) Lei teaches constructing and deploying a light-weight finite state machine (FSM) on a smart-phone computing device for real-time detection on malware attacks (e.g. monetary theft attacks) using information from event data such as monitoring the API calls and tracking the user inputs (see above), and (b) Ogg teaches effectively utilizes a finite state machine to manage, monitor and prevent access to secure resource by unathorized malware (or malicious users) – e.g. authentication (logon/logoff), session management, access control and etc. and allowing for atomic state transitions to retain state information across rebooting w/o losing the crucial securiy information (see above). 

As per claim 26, Ogg (& Lei as modified) teaches wherein the endpoint provides event sequence information to a remote threat management facility and receives state updates from the remote threat management facility (Ogg: see above (finite state machine) & Col. 4 Line 66 – Col. 5 Line 4, Col. 25 Line 9 – 12 and Col. 34 Line 38 – 61: (a) an authentication server constitutes a remote threat management facility, as recited (b) a client device sends logon credential information such as a set of user ID / password to the server that constitutes event sequence information and (c) the authentication server (as a remote threat management facility) validate the submitted information from the active client device and determine whether the active user has an appropriate role as an authorized user to access the secure information and enable the client device to update, at least, the state information (e.g. an authetication state of either authentication pass or failure) that constitutes associated state update information) || (Telesco: see above).  See the same rationale of combination applied herein as above in rejecting the claim 25.

As per claim 28, Ogg (& Lei as modified) teaches wherein the event handler incrementally performs event analysis by transitioning to a next state without storing a corresponding state event (Ogg: see above (finite state machine) & Col. 25 Line 18 – 25: there are two types of state information being managed by the security system: a persistent state that utilized a non-volatile memory to staore the state information into a NVRAM that can be retained during the restart or rebooting (see Claim 25); otherwise, a current state information is managed w/o using the NVRAM to store and maintain the corresponding state / event information persistently). 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2209 – 2022
---------------------------------------------------