DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/26/2022. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Amendment 
     The amendments to Claims 1 and 11, in the submission filed 02/15/2022 are acknowledged and accepted. Claims 1-20 have been presented for examination and are rejected.
Response to Arguments
Applicant's argument, filed on February 15th , 2022 have been entered and carefully considered. 
Applicant argues in substance that: on pages 6-7 of the remarks that "  The proxy 210 of Stickle is not "in an isolated region of the cloud computing environment" as recited in claim 1. As seen in Fig. 2 of Stickle, reproduced below, the proxy 210 is in the control plane nodes 205. The isolated virtual network (IVN) 221, which is mapped by the Action to the isolated region, is separate.”
In response, the Examiner respectfully disagrees and finds this argument unpersuasive. After further review of the prior art applied, the Examiner contends that the reference still qualify as prior arts. 
Stickle discloses in FIG. 2 which includes data plane of the provider network resource separately from control plane of the provider network, and proxy is part of the control plane, paragraphs  [0044-0045] discloses different controllers for accessing different services in the data plane. Paragraph [0046] further discloses  a secure control flow path 268 may be established between the control plane nodes 205 located within the provider network 101 and the control-plane modules installed at the registered resources within the client data center 240 in the depicted embodiment. Encryption-based protocols such as TLS, SSL or IPSec may be used to secure the connections between the client-side control-plane modules and the provider network. The control flow path may include a secure proxy 210, such as an IPSec proxy. As shown, at least some of the network links that are used for data flow path 266 (e.g., links 234, 236A, 236B and 236C) may also be shared by the control flow path 268. At least in some embodiments, the control traffic may be kept isolated from the data traffic using any of various network isolation techniques, such as various kinds of VPN protocols.
Applicant argues the amended claim in substance that: on pages 6-7 of the remarks that “ Stickle does not appear to teach that the proxy 210 receives configuration commands from a third party "defining one or more boundary parameters for accessing the isolated region."
In response, the Examiner respectfully disagrees and finds this argument unpersuasive. Stickle discloses paragraph [0044-0045] an IVN may be logically isolated from other resources (including other IVNs) of the provider network 101. Client C1 may perform various types of networking-related configuration operations within IVN 221, such as selecting IP address ranges, creating subnets, configuring routing tables and gateways, security settings, and the like, with a similar level of flexibility as would be possible on a network within the client's own facilities such as data center 240. A data flow path 266 between the IVN 221 and the client C1's data center 240 may have been established. The data flow path 266 may include a virtual private gateway 230 set up for C1's traffic, as well as a router 232 associated with the client data center 240. Data flow path 266 may include network links 231A between IVN 221 and the virtual private gateway 230, links 234 between the virtual private gateway 230 and router 232, and links 236A, 236B and 236C within client data center 240. 
Furthermore, paragraphs [0021-0024] discloses  the control traffic may comprise network transfers associated with administrative tasks, such as configuration change commands transmitted from a controller device to a virtualization compute server, and the like. For security, performance, and other reasons, the data traffic and the control traffic may be kept logically isolated from each other as much as possible in at least some implementations. A provider network (third party) may implement a private network service, enabling clients to establish isolated virtual networks (IVNs) within the provider network. Such IVNs may be referred to in some embodiments as "Virtual Private Clouds" or VPCs. At least some of the network addresses configured for devices within an IVN may not be exposed or advertised outside the IVN. Clients may therefore be granted substantial flexibility regarding network configuration settings within an IVN, giving them similar levels of network-related administrative control with respect to the IVN as they would have over networks set up entirely within client-owned data centers. In at least some embodiments, a client may be able to set up a private gateway between a client network and an IVN, and/or may be able to establish connectivity between client premises and their IVNs using various types of secure network protocols such as Virtual Private Network (VPN) protocols and the like.
Applicants are interpreting the claims very narrow without considering the broad teaching of the reference to meet the claimed language. During patent examination, the pending claims must be "given their broadest reasonable interpretation consistent with the specification." > The Federal Circuit's en banc decision in Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005) expressly recognized that the USPTO employs the "broadest reasonable interpretation" standard: 
The Patent and Trademark Office ("PTO") determines the scope of claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction "in light of the specification as it would be interpreted by one of ordinary skill in the art." In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364[, 70 USPQ2d 1827] (Fed. Cir. 2004).
 In view of such, the rejection is maintained as follows:

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 9-11 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stickle et al.  (US 20150089034 hereinafter Stickle) in view of Knjazihhin et al.  (US 20140237560 hereinafter Knjazihhin).
 
With respect to claims 1 and 11, Stickle teaches a cloud computing system, comprising: 
a proxy in an isolated region of the cloud computing system (Stickle, see FIG. 2 and paragraphs [0022-0023, 0027, 0044-0046] enabling clients to establish isolated virtual networks (IVNs) within the provider network, data centers. Private network service, enabling clients to establish isolated virtual networks (IVNs) within the provider network. Such IVNs may be referred to in some embodiments as "Virtual Private Clouds" or VPCs. At least some of the network addresses configured for devices within an IVN may not be exposed or advertised outside the IVN. A proxy server at the provider network may be used for the secure connections, e.g., traffic between client-side resources and service administrative nodes of one or more provider network services may be routed through an intermediary proxy), 
wherein the proxy is configured to:
receive configuration commands from a third party, the configuration commands defining one or more boundary parameters for accessing the isolated region (Stickle, see paragraphs [0021-0026, 0044-0046] the control traffic may comprise network transfers associated with administrative tasks, such as configuration change commands transmitted from a controller device to a virtualization compute server, and the like. For security, performance, and other reasons, the data traffic and the control traffic may be kept logically isolated from each other as much as possible in at least some implementations. Clients may therefore be granted substantial flexibility regarding network configuration settings within an IVN, giving them similar levels of network-related administrative control with respect to the IVN as they would have over networks set up entirely within client-owned data centers. A client may lease resources located at a third party's premises outside the provider network, and such leased resources may also be considered part of the client network. Paragraphs [0039-0040, 0044] further discloses an IVN may be logically isolated from other resources (including other IVNs) of the provider network 101);
Stickle yet fails to explicitly disclose receive all requests to access administrative capabilities in the isolated region; and 
determine whether to forward or block the requests based on one or more of the boundary parameters.
However, Knjazihhin discloses receive all requests to access administrative capabilities in the isolated region(Knjazihhin, see FIG. 3 and paragraphs [0027, 0030-0032] the "Security Administrator" role may be responsible for defining which users have access to the management systems, what roles these users are allowed to assume, what actions a given role is authorized to perform, etc. The configuration management system receives an action request, from a user, to access a managed system. A user is provided with an interface to interact with the configuration management system. When a user requests to act on a target node, the request is sent to the configuration management system. Once the management system receives the request action from the user, the authorization module of the management software determines whether the requested user action is authorized, block 320. In one implementation, an access control system such as role based access control (RBAC) is used to manage the authorization process); and
determine whether to forward or block the requests based on one or more of the boundary parameters (Knjazihhin, see FIGS. 3, 4 and paragraphs [0031-0032] the access control system allows access to be restricted to certain managed systems for certain roles. Roles of the configuration management system are authorized to enact a restricted set of actions on these managed systems. If the requested action falls outside the allowed privilege of the user's current active role, the management system terminates the request and sends an error message to the user informing the user that the requested action is not authorized, block 320. For example, a user assumes an active role of "LinuxAdmin", and requests to access a Windows host, the access control system will determine that the user does not have privilege to access the target Windows host. If the user's request action is authorized, the impersonation module of the management system looks for an automation principal for the managed system, block 330).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine the teaching Stickle with the teaching of Knjazihhin provide the method for passing security context for stateless system management in an information technology data center. The node is connected using the obtained credential, the node is browsed, and the result is displayed to the user, thus allowing to centrally manage connections to managed systems, allowing to pass security context that is native to the managed systems to an agent, and providing the user with the ability to define arbitrary associations with the managed system and browse the managed system in the security context native to the managed system, where the combination of elements according to known methods would yield a predictable result (Knjazihhin, paragraph [0006]).

With respect to claims 9 and 19, Stickle-Knjazihhin teaches the system, wherein the proxy maintains a log of all requests for access and details in connection with accesses granted by the proxy (Stickle, see   paragraphs [0023, 0027 0039, 0046] a proxy server at the provider network may be used for the secure connections, e.g., traffic between client-side resources and service administrative nodes of one or more provider network services may be routed through an intermediary proxy. The secure network connection may utilize one or more network links and/or devices that are already configured for data traffic flow between the provider network and the client network. A set of common control-plane interfaces 150 associated with one or more network-accessible services of the provider network may be used by clients 170 to submit control operation requests 190 (e.g., configuration/administration requests of various kinds) directed at resources of the provider network. Various clients 170 may be granted administrative access to respective sets of logical and/or physical resources (e.g., resource sets 110A, 110B, 110F or 110G) within the PDACs of the provide network. Depending on the specific services being implemented at a resource on behalf of a client, and the client's administrative permissions, each such client may issue certain categories of control operation requests 190 directed to the resource via the common control-plane interfaces 150. Within the provider network, the control operation requests may be translated into control commands 192, such as commands 192A and 192B).


With respect to claims 10 and 20, Stickle-Knjazihhin teaches the system, wherein the boundary parameters include national origin of the requester, country of location of the requester, requested action, attached justification, and particular policies set forth by the owner or data-custodian of the region (Stickle, see   paragraphs [0032, 0036-0037, 0070] Clients may also indicate various parameters for the resource pools using programmatic interfaces in various embodiments, such as the minimum and maximum number of pool members that can be activated or that can be made members, identification information (e.g., network addresses) of the members, and so on. A hybrid approach may be supported, in which some of the client-side pool members may have the control modules associated with one or more provider network services installed, while others may not. In some implementations, control modules associated with more than one service (e.g., a load balancing service and a virtualized computing service, or a database service, a caching service and a storage service) may be installed on the same client-side resource. A pool of resources to be managed using the control plane extension techniques may include both client-side resources and provider network resources, and the resource pools may thus cross data center boundaries or availability container).

Claims 2, 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Stickle et al.  (US 20150089034 hereinafter Stickle) in view of Knjazihhin et al.  (US 20140237560 hereinafter Knjazihhin) further in view of Appiah et al. (US 2018/0359242 hereinafter Appiah).
 
With respect to claims 2 and 12, Stickle-Knjazihhin teaches the cloud computing system, further comprising:
a cloud administrating computing device connected via a network to the isolated region (Stickle, FIG. 2 and paragraphs [0044-0045] FIG. 2 an isolated virtual network (IVN) 221 has been set up using a subset of provider network 101's resources on behalf of a client C1 in the depicted embodiment. The provider network 101 may also include other clients' resources 225, some of which may not be included within other IVNs. As described earlier, an IVN may be logically isolated from other resources (including other IVNs) of the provider network 101) and 
each region linked to the network through a gateway and comprising computing processing hardware and storage (Stickle, FIG. 2 and paragraphs [0044-0046] the data flow path 266 may include a virtual private gateway 230 set up for C1's traffic, as well as a router 232 associated with the client data center 240. Data flow path 266 may include network links 231A between IVN 221 and the virtual private gateway 230, links 234 between the virtual private gateway 230 and router 232, and links 236A, 236B and 236C within client data center 240. A virtualized computing host 252, a storage appliance 256, and a pooled-resource appliance 260 may each have been registered in the depicted example for control via the interfaces used for corresponding services implemented within the provider network). 
 Stickle-Knjazihhin yet fails to explicitly disclose at least one non-isolated region in a common authorization domain,
However, Appiah discloses at least one non-isolated region in a common authorization domain (Appiah, see FIG. 4 and paragraphs [0008, 0046-0053] the plurality of computing environments includes the non-isolated computing environment and a plurality of isolated computing environments. The method includes, subsequent to querying the directory service, receiving, from the directory service, an indication of a first computing environment of the plurality of computing environments to which the user belongs. In FIG. 4, a public cloud 200 and sovereign clouds 204-1 and 204-2 are shown. The sovereign clouds 204-1 and 204-2 are referred to collectively as sovereign clouds 204, and in practical implementations, there may be one or more sovereign clouds 204. Each cloud of the public cloud 200 (i.e. non-isolated region) and the sovereign clouds 204(i.e. isolated region) is composed of computing, storage, and communication resources. These resources may be managed and allocated to various tenants of the respective cloud by a management fabric).  
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine the teaching Stickle-Knjazihhin with the teaching of Appiah provide the method for providing public security endpoint of non-isolated computing environment. The method enables allowing a developer to deploy sovereign editions of the public application that accesses data stored within the respective sovereign clouds when the developer deploys the public application, so that the public application is technologically prevented from accessing data within the sovereign cloud, regardless of permissions established by sovereign cloud tenants or users, where the combination of elements according to known methods would yield a predictable result (Appiah, paragraphs [0008, 0118]).

With respect to claim 4, Stickle-Knjazihhin-Appiah teaches the system, where the isolated and non-isolated regions comprise datacenters (Stickle, see FIG. 3 and paragraphs [0021, 0044-0045] Client C1 may perform various types of networking-related configuration operations within IVN 221, such as selecting IP address ranges, creating subnets, configuring routing tables and gateways, security settings, and the like, with a similar level of flexibility as would be possible on a network within the client's own facilities such as data center 240. A data flow path 266 between the IVN 221 and the client C1's data center 240 may have been established. The data flow path 266 may include a virtual private gateway 230 set up for C1's traffic, as well as a router 232 associated with the client data center 240. Data flow path 266 may include network links 231A between IVN 221 and the virtual private gateway 230, links 234 between the virtual private gateway 230 and router 232, and links 236A, 236B and 236C within client data center 240 in the depicted).

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Stickle et al.  (US 20150089034 hereinafter Stickle) in view of Knjazihhin et al.  (US 20140237560 hereinafter Knjazihhin) in view of Appiah et al. (US 2018/0359242 hereinafter Appiah) further in view of Chandrasekaran et al. (US 10909010 hereinafter Chandrasekaran).
 
With respect to claims 3 and 13, Stickle-Knjazihhin-Appiah teaches the system, yet fails to explicitly disclose wherein the computing processing hardware and storage of the isolated and non-isolated regions is configured to respond to a common set of remote procedure calls (RPCs) from the cloud administrating computing device. 
However, Chandrasekaran discloses wherein the computing processing hardware and storage of the isolated and non-isolated regions is configured to respond to a common set of remote procedure calls (RPCs) from the cloud administrating computing device (Chandrasekaran, see FIG. 4A and Col. 3, lines 54-67, Col. 4, lines 1-6, Col. 12, The reverse connection resource setup protocol 4A00 can commence with the RPC client 322.sub.1 at the on-premises cluster 312 establishing an RPC socket with the RPC server 324.sub.2 at the remote cluster 316 (message 402). Remote procedure calls that transmit DR data are issued from DR agent 326 through RPC client 322.sub.1 to RPC server 324.sub.2 (message 404)).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine the teaching Stickle-Knjazihhin-Appiah with the teaching of Chandrasekaran provide the method for efficient system restoration from a remote computing system, the data center initiates messages (e.g., remote procedure calls or RPCs) to the remote computing system at will, with the expectation that the remote computing system will respond (receive and process the calls) to such messages in accordance with the content. Thus, provide an efficient way to perform failback operations that restore data to the data center from the remote computing system, where the combination of elements according to known methods would yield a predictable result (Chandrasekaran, Col. 1, lines 25-41).

Claims 5-6 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Stickle et al.  (US 20150089034 hereinafter Stickle) in view of Knjazihhin et al.  (US 20140237560 hereinafter Knjazihhin) in view of Appiah et al. (US 2018/0359242 hereinafter Appiah) further in view of Mehr (US 10623186) Mehr hereinafter Mehr).

With respect to claims 5 and 14-15, Stickle-Knjazihhin-Appiah teaches the system, yet fails to explicitly disclose wherein: the storage of each of a plurality of the non-isolated datacenters comprises information encrypted by a root master key of the cloud computing system and accessible by the administrating computing device, and 
the storage of the isolated data center comprises isolated data encrypted by a regional master key not accessible by the administrating computing device.
However, Mehr discloses wherein: the storage of each of a plurality of the non-isolated datacenters comprises information encrypted by a root master key of the cloud computing system and accessible by the administrating computing device (Mehr (US 10623186) Mehr, see  Col. 3, lines 9-38, specific data encryption key (e.g., an envelope key) can be generated, using the customer master key, for each authorized user or each workspace, service, or type of resource corresponding to a customer account. In at least some embodiments, unique data encryption keys can be generated for each storage volume 130 or instance), and
the storage of the isolated data center comprises isolated data encrypted by a regional master key not accessible by the administrating computing device (Mehr, see  Col. 9, lines 17-25, utilize multiple master keys to encrypt the data. If, for example, a first set of resources is unavailable then a second set of resources might be needed to access the data, and that second set of resources might have a different master key, such as for being located in a different physical facility or geographical location. A similar approach can be used with the envelope keys, but those keys can be encrypted using multiple master keys as appropriate).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine the teaching Stickle-Knjazihhin-Appiah with the teaching of Mehr provide the method for multi-context authenticated encryption that used to secure various data objects, such as remote resource sharing and cloud computing. Thus, method for improve performance by avoiding the need to brute force all the keys attached to the envelope, where the combination of elements according to known methods would yield a predictable result (Mehr, see Col. 6, lines 50-58).

With respect to claims 6 and 16, Stickle-Knjazihhin-Appiah-Mehr teaches the system, where the isolated datacenter comprises a plurality of isolated datacenters, each of the isolated datacenters having a different regional master key (Mehr, see  Col. 9, lines 17-25, 56-63, Col. 10, 1-50, utilize multiple master keys to encrypt the data. If, for example, a first set of resources is unavailable then a second set of resources might be needed to access the data, and that second set of resources might have a different master key, such as for being located in a different physical facility or geographical location. A similar approach can be used with the envelope keys, but those keys can be encrypted using multiple master keys as appropriate).

Claims 7-8 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Stickle et al.  (US 20150089034 hereinafter Stickle) in view of Knjazihhin et al.  (US 20140237560 hereinafter Knjazihhin) further in view of Schoen et al. (US 20150281225 hereinafter Schoen).

With respect to claims 7 and 17, Stickle-Knjazihhin teaches the system, yet fails to explicitly disclose further comprising a region encryption service storing cryptographic keys designated for the region, wherein all requests forwarded by the proxy are protected by the regional encryption service.
However, Schoen discloses further comprising a region encryption service storing cryptographic keys designated for the region, wherein all requests forwarded by the proxy are protected by the regional encryption service (Schoen, see paragraphs [0013, 0054-0055, 0083] To further protect the trusted connection from being comprised or tampered with by an attacker, the authentication token management component 174 may also utilize one or more secure communications protocols to establish an encrypted connection. In this manner, a secure connection (e.g., a trusted and encrypted connection) may be established between the authentication token management application 172 and one or more client devices 104-b for the managing one or more authentication tokens of one or more service accounts. The requested lifetime information may include, but is not limited to, a specific time or elapse of time of when the service account expires and becomes disabled and/or a specific time or elapse of time when the service account is removed. Optionally, the admin management application 114 may limit the requested lifetime information for a service account to a ceiling value of 96 hours or 4 days so that any request for a service account …).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine the teaching Stickle-Knjazihhin with the teaching of Schoen to provide the apparatus for managing authentication tokens such as passwords, passcodes, passphrases, personal identification numbers (PIN), cryptographic tokens of service accounts. By utilizing the authentication token management system to generate authentication tokens, this replaces all human created authentication tokens for some or all accounts of an electronic system, hence the security and privacy of the electronic system is improved. The ability of an attacker to compromise service accounts using authentication token based attacks is reduced by enabling clients to securely request and generate new authentication tokens associated with service accounts, where the combination of elements according to known methods would yield a predictable result (Schoen, see paragraphs [0013, 0021]).

With respect to claims 8 and 18, Stickle-Knjazihhin-Schoen teaches the system, wherein the region encryption service issues credentials that are time-bound and cryptographically signed (Schoen, see paragraphs [0032-0033, 0052, 0055, 0065] client devices 104-b, such as, for example, client device 104-1 may be communicatively coupled to a cryptographic module (e.g., a TPM) configured to read and authenticate or assist in the authentication of virtual identity tokens associated with a client. Additionally or alternatively, at least some of the client devices 104-b, such as, for example, client device 104-2 may also be communicatively coupled to an authentication token data store 166 (e.g., Password Safe) for securely storing at least the service account identifiers and their associated authentication tokens in an encrypted format utilizing one or more encryption algorithms (e.g., Twofish symmetric key block cipher). Thus, in various embodiments, the client device 104-2 may be configured to automatically encrypt and store any authentication tokens provided to the client 102-2 in the authentication token data store 166 which may enable the client 102-2 to later retrieve, via client device 104-2, the previously stored service account identifiers and their associated authentication tokens for accessing one or more resources and/or assets in the datacenter 142).


 Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH KASSA whose telephone number is (571)270-0567.  The examiner can normally be reached on Monday -Friday 9 AM -6 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 517-272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

05/27/2022



/ELIZABETH KASSA/Examiner, Art Unit 2457

/YVES DALENCOURT/Primary Examiner, Art Unit 2457