DETAILED ACTION 
This communication is in response to Applicant’s Request for Continued Examination (RCE) filed on March 07, 2022. Claims 1, 18 and 20 have been amended. Claim 1-20 are pending and directed toward METHOD FOR ESTABLISHING A SECURE PRIVATE INTERCONNECTION OVER A MULTIPATH NETWORK. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/07/2022 has been entered.

Allowable Subject Matter
Claims 4-6 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
                4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 

Claims 1-3, 9, 12, 14, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”)

As per claims 1 and 20, Shimokuni teaches a method of establishing secured interconnection between a source and a destination over a data network having at least a portion of a public infrastructure (the present invention includes using an SSS (Secret Sharing Scheme) coding method for transmitting and receiving communication information. Shimokuni, para [0036]), comprising: 
a) at said source, creating n shares of a source data, wherein reconstructing the source data requires at least K shares out of the created n shares, and associating each share with a flow (the coding means may use an SSS (Secret Sharing Scheme) coding method. Shimokuni, para [0018]) (The SSS coding method is that one packet or a plurality of packets (communication information) is or are coded in a way that divides the packet(s) into n-pieces of information blocks. In the case, a packet binding count "S", a dividing count "n" of dividing into the information blocks and a decoding threshold value "m" (<n) are set as coding parameters used for coding. Then, if there are an arbitrary number of information blocks equal to or larger than the threshold value "m", the information blocks can be decoded into the communication information. Shimokuni, para [0036]); 
d) creating paths using a maximum flow algorithm under the capacity constraint (a maximum transfer unit (MTU), i.e., "S" taking a maximum data size into consideration, which is transmissible at one time when transmitting the data. Shimokuni, para [0059]) (Next, it is judged whether or not t(i) exceeds the maximum information block count "m-1" transmissible to one communication route. Shimokuni, para [0073]).
Shimokuni does not explicitly teach the steps b) defining, for at least one node vi, a directed edge (vi1, vi2) wherein all outgoing links of vi are connected to vi2, and c) setting a capacity constraint of the directed edge (vi1, vi2) to be k-1 flows.
However, Lou teaches b) defining, for at least one node vi, a directed edge (vi1, vi2) wherein all outgoing links of vi are connected to vi2 (A network is modeled as an undirected graph, G=(V,E), with a finite set of nodes, V, and a finite set of links, E. A link in E, connecting a pair of nodes, x and y, in V, is denoted by (x,y). Lou, Section A.1 and Fig. 2);
c) setting a capacity constraint of the directed edge (vi1, vi2) to be k-1 flows (The distributed multipath routing algorithm described here is able to find for each node x a set of disjoint path to destination node t. Lou, Section A.2 and Fig. 2) (However, any intermediate node does not intercept T shares [capacity constraint T-1] necessary for the message recovery. Lou, Page 1 Abstract).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni in view of Lou’s teaching. One would be motivated to do so, to enhance the confidentiality service and communication in public networks by delivering message shares in multipath with specific capacity. (Lou, Section I.)

As per claim 2, Shimokuni and Lou teach a method according to claim 1, wherein the data network includes a plurality of intermediating nodes creating a plurality of fully and/or partially independent paths in different directions on the path from said source to said destination (the apparatus on the receiving side receives the information blocks from the plurality of communication routes. Shimokuni, para [0017] and Fig. 1), the method comprising: 
forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares (the distribution unit 4 receives a designation of a distribution parameter from the multi-route communication management unit 5A. The designation of the distribution parameter contains information about the partner communication device to which the information blocks are sent, a designation of the communication route to be employed, a designation of a distribution quantity of the information blocks to the respective communication routes, and a sequence of the communication routes to which the information blocks are sent. Shimokuni, para [0046]).
wherein the intermediating nodes include one or more of the following: 
- Points of Presence (PoPs); 
(The distributor 1 receives the data transmitted from the terminal connected to the distributor 1. Then, the distributor 1 divides the received communication information into the information blocks and codes the information blocks. In the embodiment, the coding includes using the SSS coding method. Then, the distributor 1 sends the SSS-coded information blocks to the integrator 2 via communication routes in the plurality of networks. Shimokuni, para [0042]); 
- Backup channels and paths.

As per claim 3, Shimokuni and Lou teach a method according to claim 1, wherein the portion of the public infrastructure includes alternative paths supplied by one or more network service providers (the distributor 1 sends the SSS-coded information blocks to the integrator 2 via communication routes in the plurality of networks such as the mobile network, Hop spot and the Internet. Shimokuni, para [0042]).

As per claim 9, Shimokuni and Lou teach a method according to claim 1, wherein when the data network has a known topology, the flow is tested offline, to obtain a distribution of data through different nodes and deploy the dedicated agents accordingly, to create optimal routing paths (The distribution unit 4 receives the SSS-coded data, i.e., the information blocks from the SSS-coding unit 3. Then, the distribution unit 4 receives a designation of a distribution parameter from the multi-route communication management unit 5A. The designation of the distribution parameter contains information about the partner communication device to which the information blocks are sent, a designation of the communication route to be employed, a designation of a distribution quantity of the information blocks to the respective communication routes, and a sequence of the communication routes to which the information blocks are sent. Then, the distribution unit 4 sends, based on the designation of the distribution parameter given from the multi-route communication management unit 5A, the information blocks to the integrator 2 via the plurality of communication routes. Shimokuni, para [0046]).
Shimokuni does not explicitly teach the flow is tested offline. However, Lou teaches the flow is tested offline (conduct simulation on the algorithm. Lou, Section IV)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni to test the flow offline. One would be motivated to do so, to check the efficiency of the system.

As per claim 12, Shimokuni and Lou teach a method according to claim 1, wherein sufficient data separation is obtained by dynamically allocating nodes, through which the share carrying packets will pass (The original data (communication information) is divided into n-pieces of data by the SSS-coding. If one packet is simply is divided into n-pieces of packets, it follows that the plurality of short packets (having a small packet size) are to be generated, and hence a packet processing efficiency and a packet transmission efficient decrease. Accordingly, in the case of the SSS-coding, the packets may be coded in a way that binds some packets in consideration of the packet processing efficiency and the packet transmission efficiency. Shimokuni, para [0056]).

As per claim 14, Shimokuni and Lou teach a method according to claim 1, further comprising encrypting the destination IP address, along with the payload data (the multi-route communication management unit 5A transmits and receives pieces of information necessary for the communications, such as an IP address and a MAC (Media Access Control) address to and from the multi-route communication management unit 5B via the plurality of communication routes. Shimokuni, para [0047]), by: 
creating n shares from the IP address of the destination (using an SSS (Secret Sharing Scheme) coding method for transmitting and receiving communication information. The SSS coding method is that one packet or a plurality of packets (communication information) is or are coded in a way that divides the packet(s) into n-pieces of information blocks. Shimokuni, para [0036]); and
sending said shares via several different paths between pairs of neighboring intermediate nodes, such that the header data is decrypted at each intermediate nodes only by having at least k shares, and any subset of less than k shares cannot be used to decrypt the header data (if there are an arbitrary number of information blocks equal to or larger than the threshold value "m", the information blocks can be decoded into the communication information. Further, whereas if there are not the arbitrary number of information blocks equal to or larger than the threshold value "m", the information blocks cannot be decoded into the communication information. Shimokuni, para [0036]).

As per claim 16, Shimokuni and Lou teach a method according to claim 1, further comprising delaying some of the secret shared packets to avoid time correlation ("S" may also be determined by judging from the port number whether the communication uses the real-time application or not. The real-time application needs to restrain a buffering delay caused due to the binding of the packets. Accordingly, when decreasing the data binding count "S", the suitable communications can be performed by the real-time application. Shimokuni, para [0060]).

As per claim 18, Shimokuni teaches a method for establishing a secured interconnection between a source and a destination over a managed data network having at least a portion of a public infrastructure (the present invention includes using an SSS (Secret Sharing Scheme) coding method for transmitting and receiving communication information. Shimokuni, para [0036]), comprising: 
a) at said source, creating n shares of a source data, wherein reconstructing the source data requires at least k shares out of the created n shares and sending said shares to said data network, and associating each share with a flow (the coding means may use an SSS (Secret Sharing Scheme) coding method. Shimokuni, para [0018]) (The SSS coding method is that one packet or a plurality of packets (communication information) is or are coded in a way that divides the packet(s) into n-pieces of information blocks. In the case, a packet binding count "S", a dividing count "n" of dividing into the information blocks and a decoding threshold value "m" (<n) are set as coding parameters used for coding. Then, if there are an arbitrary number of information blocks equal to or larger than the threshold value "m", the information blocks can be decoded into the communication information. Shimokuni, para [0036]); and 
b) using at least one of: a known topology of the network, a centralized network controller and a network management tool at the source (central processing unit and the memory that are built in the multi-route communication management unit 5A, and designates these values as coding parameters in the SSS-coding unit 3. Shimokuni, para [0049]), to: 
(a maximum transfer unit (MTU), i.e., "S" taking a maximum data size into consideration, which is transmissible at one time when transmitting the data. Shimokuni, para [0059])(sending the information blocks to a partner communication apparatus, the information blocks to each of the communication routes in such a way that the number of information blocks to be sent per communication route is set less than the threshold value required for decoding the information blocks. Shimokuni, para [0016]), 
Shimokuni does not explicitly teach according to a result of applying a maximum flow algorithm over a graph with at least one directed edge having a capacity constraint to intercept k-1 flows defined for at least one node, dynamically forward each share from said source to said destination, such that the number of shares that pass the router at each node does not exceed a threshold of k-1 shares, and wherein an optimal routing of the shares is dynamically determined by said network controller, according to said threshold and according to a load or current-eavesdropping-coalition- risks on each router in said data network.
However, Lou teaches according to a result of applying a maximum flow algorithm over a graph with at least one directed edge having a capacity constraint to intercept k-1 flows defined for at least one node, dynamically forward each share from said source to said destination, such that the number of shares that pass the router at each node does not exceed a threshold of k-1 shares (A network is modeled as an undirected graph, G=(V,E), with a finite set of nodes, V, and a finite set of links, E. A link in E, connecting a pair of nodes, x and y, in V, is denoted by (x,y). Lou, Section A.1 and Fig. 2) (The distributed multipath routing algorithm described here is able to find for each node x a set of disjoint path to destination node t. Lou, Section A.2 and Fig. 2) (However, any intermediate node does not intercept T shares [capacity constraint T-1] necessary for the message recovery. Lou, Page 1 Abstract)
an optimal routing of the shares is dynamically determined by said network controller, according to said threshold and according to a load or current-eavesdropping-coalition- risks on each router in said data network (In order to distribute shares to multiple paths, we need to design efficient algorithms for finding multiple paths with minimum overlaps. Lou, Section III) (a distributed multipath routing algorithm to find node disjoint paths in a network. Lou, Section A. and Fig. 2) (However, any intermediate node does not intercept T shares necessary for the message recovery. Lou, Page 1 Abstract).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni in view of Lou’s teachings. One would be motivated to do so, to minimize overlapping by finding many optimal paths for communication. (Lou, Abstract)

Claims 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”) and further in view of Ku et al. U.S. Patent Pub. No. 2002/0085565 A1 (hereinafter “Ku”)

As per claim 7, Shimokuni and Lou teach a method according to claim 1. Shimokuni does not explicitly teach the method further comprising using public clouds deployed over the network as nodes, by embedding a dedicated agent into a plurality of them, such that the modified header will determine the next intermediate destination which will be the node that has been elected while creating each modified header.
However, Ku teaches using public clouds deployed over the network as nodes, by embedding a dedicated agent into a plurality of them (a network domain (also referred to as a network "cloud") 100 in accordance with the present invention. The network 100 includes edge equipment (also referred to as provider equipment or, simply, "PE") 102, 104, 106, 108, 110 located at the periphery of the domain. Ku, para [0042] and Fig. 1 element 100), such that the modified header will determine the next intermediate destination which will be the node that has been elected while creating each modified header (a packet label header 300 that can be appended to data packets for label switching in the network of FIG. 1. […] the header 300 includes a label 302 that may identify a next hop along an LSP. […] the header 300 may include a last label stack flag 306 (also known as an "S" bit) to indicate whether the header 300 is the last label in a layered stack of labels appended to a packet or whether one or more other headers are beneath the header 300 in the stack. Ku, para [0053]).


As per claim 8, Ku in view of Shimokuni teaches the method according to claim 7. Shimokuni does not explicitly teach wherein the modified header is a part of the payload. 
However, Ku teaches the modified header is a part of the payload (the header 300 may include a last label stack flag 306 (also known as an "S" bit) to indicate whether the header 300 is the last label in a layered stack of labels appended to a packet or whether one or more other headers are beneath the header 300 in the stack. Ku, para [0053]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni so that the modified header is a part of the payload. One would be motivated to do so, to enhance the efficiency and the security of the system.

Claims 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”) and further in view of Sandstrom et al. U.S. Patent No. 8,918,537 B1 (hereinafter “Sandstrom”)

As per claim 10, Shimokuni and Lou teach a method according to claim 1.  Shimokuni does not explicitly teach wherein whenever the data network has unknown topology a path/topology recovery tools are used to obtain the expected distribution of data through different nodes and verify, before sending the share carrying packets. 
However, Sandstrom teaches whenever the data network has unknown topology a path/topology recovery tools are used to obtain the expected distribution of data through different nodes and verify, before sending the share carrying packets (a process for selecting a path through which to send data based on a topology of a network, an analysis of paths in a network, and a path quality index. Sandstrom, Col. 7 lines 11-14 and Fig. 2).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni so that whenever the data network has unknown topology a path/topology recovery tools are used to obtain the expected distribution of data through different nodes and verify, before sending the share carrying packets. One would be motivated to do so, to discover the topology of the network and enhance the path selection in a mulit-path system. (Sandstrom. Col. 1 lines 10-11)

As per claim 11, Sandstrom in view of Shimokuni teaches the method according to claim 10. Shimokuni does not explicitly teach wherein the path/topology recovery tools are selected from the group of: HP-OpenView; Freenats; Traceroute; TraceMAC; Batctl. 
(management server 110 may automatically discover the topology of the network using, for example, ping queries, domain name server queries, SNMP, traceroute tools, and any other suitable method for determining a network topology. Sandstrom, Col. 7 Lines. 31-34).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni so that the path/topology recovery tools are selected from the group of: HP-OpenView; Freenats; Traceroute; TraceMAC; Batctl. One would be motivated to do so, to discover the topology of the network and enhance the path selection in a mulit-path system. (Sandstrom. Col. 1 lines 10-11)

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”) and further in view of Blanchet et al. U.S. Patent Pub. No. 2004/0013130 A1 (hereinafter “Blanchet”)

As per claim 13, Shimokuni and Lou teach a method according to claim 1. Shimokuni does not explicitly teach wherein an inherent additional header of IPv6 is used for creating tunnels between IPv6 nodes, where data between nodes is sent over IPv4 protocol links.
However, Blanchet teaches wherein an inherent additional header of IPv6 is used for creating tunnels between IPv6 nodes, where data between nodes is sent over IPv4 protocol links (A method for connecting IPv6 devices through an IPv4 network to an IPv6 node in an IPv6 network using a tunnel setup protocol. Blanchet, claim 1)
. 

Claims 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”) and further in view of Gleichauf et al. U.S. Patent Pub. No. 2003/0149869 A1 (hereinafter “Gleichauf”)

As per claim 15, Shimokuni and Lou teach a method according to claim 1. Shimokuni does not explicitly teach the method further comprising creating secret shared packets of different length by padding the after secret shared packets with random string of varying lengths, to avoid correlation of packets by a coalition of eavesdroppers.
However, Gleichauf teaches creating secret shared packets of different length by padding the after secret shared packets with random string of varying lengths, to avoid correlation of packets by a coalition of eavesdroppers (A sending host generates a truly random sequence of characters as a keystream that may serve as a one-time pad. The keystream is bitwise combined with plaintext using an exclusive-OR operation to result in creating ciphertext. The keystream and ciphertext are routed over physically separate communication paths to a receiving host. Gleichauf, para [0027])
(Gleichauf, para [0061]) 

As per claim 17, Shimokuni and Lou teach a method according to claim 1. Shimokuni does not explicitly teach the method further comprising encrypting data packets with long payloads by creating a one-time-pad in the background at the sender side; sending the created a one-time-pad to the destination over several paths; performing a bitwise XOR operation between the payload data and the bit string of said common one-time-pad; and sending the resulting bits of encrypted payload data over possibly a single channel.
However, Gleichauf teaches encrypting data packets with long payloads by creating a one-time-pad in the background at the sender side (Sending host 100 comprises plaintext data 102 and one-time pad data 104 that are communicatively coupled to an encryption engine 106. Gleichauf, para [0044]); 
sending the created a one-time-pad to the destination over several paths (Sending host 100 is communicatively coupled through network 110 to receiving host 120 on first and second separately routed data paths 108A, 108B. First data path 108A carries ciphertext from output 106A of sending host 100, and second data path 108B carries a one-time pad key stream from output 106B of the sending host. Gleichauf, para [0045]); 
 (encryption engine 106 can receive a continuous first data stream of plaintext data 102 and a continuous second data stream of one-time pad data 104, combine the plaintext data and one-time pad data in an XOR operation, and present the resulting ciphertext on ciphertext output 106A. Gleichauf, para [0044]); and 
sending the resulting bits of encrypted payload data over possibly a single channel (Sending host 100 is communicatively coupled through network 110 to receiving host 120 on first and second separately routed data paths 108A, 108B. First data path 108A carries ciphertext from output 106A of sending host 100, and second data path 108B carries a one-time pad key stream from output 106B of the sending host. Gleichauf, para [0045]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni encrypting data packets with long payloads by creating a one-time-pad in the background at the sender side; sending the created a one-time-pad to the destination over several paths; performing a bitwise XOR operation between the payload data and the bit string of said common one-time-pad; and sending the resulting bits of encrypted payload data over possibly a single channel. One would be motivated to do so, to enhance the security of communications between entities. (Gleichauf, para [0001]).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Shimokuni et al. U.S. Patent Pub. No. 2006/0280203 A1 (hereinafter “Shimokuni”) in view of Lou et al. Non-Patent Literature NPL Published by IEEE in 2001 (hereinafter “Lou”) and further in view of Hardjono et al. U.S. Patent No. 6,182,214 B1 (hereinafter “Hardjono”)

As per claim 19, Shimokuni and Lou teach the method of claim 18. Shimokuni does not explicitly teach wherein the secure interconnection is used to establish a key for authenticating the communicating parties, thus replacing and/or enhancing usage of passwords and further replacing and/or enhancing trust derived from a certification authority.
However, Hardjono teaches the secure interconnection is used to establish a key for authenticating the communicating parties, thus replacing and/or enhancing usage of passwords and further replacing and/or enhancing trust derived from a certification authority (threshold cryptography (secret sharing) is used for encryption key exchange between a server and a client over an unreliable communication network. Specifically, a secret encryption key K is computationally divided into N shares using a threshold encryption scheme such that any M of the shares (M less than or equal to N) can be used to reconstruct the secret encryption key K. Hardjono, Col. 2 lines 23-29)( Threshold cryptography (secret sharing) has traditionally been used to prevent any one entity from reconstructing a secret (for example, a missile launch code, a bank vault combination, or a computer password) without the cooperation of other entities. Hardjono, Col. 3 lines 29-33).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Shimokuni so that the secure interconnection is used to establish a key for authenticating the communicating parties, thus replacing and/or enhancing usage of passwords and further replacing and/or enhancing trust derived from a certification authority. One would be motivated to do so, to securely exchanging a secret over an unreliable network. (Hardjono, Col. 1 lines 5-7).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/            Examiner, Art Unit 2492