DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
Figure 1 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities: 
In [0054], line 6, the an identity, Application, Role-Aware Enrichment module 120 should read “the identity ~”;
In [0054], line 7, the an identity, Application, Role-Aware Enforcement module 230 should read “the identity ~”
In [0109], lines 2 and 3, “in the art witho” should be changed to --in the art.--.  
Appropriate correction is required.

CLAIM INTERPRETATION
12. The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “an Identity, Application and role-aware enrichment module” and “an Identity, Application and Role-Aware enforcement module” in claim 1.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 9, 11 and 12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Qureshi (US  2016/0099972, hereinafter “Qureshi”). 
Regarding claim 9, Qureshi discloses a system for identity and authorization management (a mobile device management system of the enterprise computer system, Figs. 1A-4), the system comprising: 
at least one application, accessible to a user via a computer network, wherein the at least one application is configured to use network services ([0176] Many mobile device software applications 318 are capable of issuing network communications (also referred to as "application-generated communications"), including requests to access and communicate with enterprise resources 130.) ;
a database configured to store network services authorization rules associated with each of the at least one applications ([0174] A tunneling mediator or enterprise agent 320 can use a tunnel definition to construct an application tunnel, in accordance with methods described below. The mobile device management system 126 illustrated in FIG. 2 includes a repository 228 of tunnel definitions. A tunnel definition can include information to implement an application tunnel between a mobile device application 318 and a remote resource (such as an enterprise resource 130). A tunnel definition can be specific to a particular application 318 or type thereof.); and 
a workload-aware firewall configured to receive a request from the at least one application to access network services and to control access between the at least one application and the network services ([0170] With reference to FIGS. 1A-3, a tunneling mediator, such as the tunneling mediator 224 of the mobile device management system 126, can be configured to receive access requests generated by software applications 318 installed on the mobile devices 120, for access to the enterprise resources 130 (especially enterprise resources 130 comprising software applications), and to generate application tunnels between the device applications 318 and the enterprise resources 130.).  

Regarding claim 11, Qureshi discloses all the limitation of claim 9 above. Qureshi further discloses that the workload-aware firewall is configured to control access to the at least one application and the network services based on a user identity and authorization data associated with the request from the at least one application ([0194] The content-filtering server acts as a tunneling mediator, and inspects each request to determine whether the requested site is authorized by the enterprise. … In certain embodiments, this determination may be based on the specific mobile device 120 and user 115 making the request (e.g., based on user role 206).).  

Regarding claim 12,  Qureshi discloses all the limitation of claim 9 above. Qureshi further discloses that the workload-aware firewall is configured to control access to the at least one application and the network services based on a user identity and the authorization rules associated with the at least one application ([0191]  In step 602, a tunneling mediator of or associated with the enterprise system 110 (e.g., the tunneling mediator 224) receives a request from the mobile device application 318, for access to the enterprise resource 130. …  In step 604, the enterprise system 110 can determine whether access to the enterprise resource 130 is authorized. For example, as described below, the mobile device manager 202 or tunneling mediator 224 can determine whether the request is permissible under one or more of the enterprise access policies 218 of the mobile device management system 126.).  

Claim Rejections - 35 USC § 103
20. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-8, 10, and 13-19 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi in view of Lander et al. (US 2017/0331832, hereinafter “Lander”).
Regarding claim 1, Qureshi discloses a system for identity and authorization management of users on a computer network (a mobile device management system of the enterprise computer system in Figs 1A-4), the system comprising: 
an Identity, Application and role-aware enrichment module configured to determine and authenticate an identity of a user ([0117] The secure mobile gateway 128 can obtain the DeviceId and DeviceType from the URL, the UserAgent parameter from the HTTP header, the authenticated User parameter from the HTTP session, and the Cmd parameter. The secure mobile gateway 128 can be configured to filter the requests 402 based on one or more of these properties. ) 
an Identity, Application and Role-Aware enforcement module configured to determine access to at least one application and provide access to the user ([0111] The secure mobile gateway 128 can monitor and log traffic between one or more enterprise resources 130 and a mobile device 120. The secure mobile gateway 128 can apply rules to implement enterprise policies applied to a selected mobile device 120.) 
a database configured to store authorization roles associated with the identity of the user and the at least one application (User Roles 206 in Fig. 2; [0100] A user's role 206 typically associates the user 115 with the enterprise-related duties or activities in which the user engages. Roles 206 can have names and, optionally, associated definitions.); and 
a database configured to store rules associated with the authorization roles (Enterprise Access Polies 218 in Fig. 2; [0102] The access policies 218 preferably define conditions under which mobile device access to enterprise resources 130 will be granted or denied. ... Policies 218 can depend on user roles 206, mobile device properties 208, the specific enterprise resources 130 requested to be accessed by the mobile devices 120, or any combination thereof.).  
Qureshi discloses a mobile device management system of the enterprise computer system allowing a user/application to access to enterprise resource based on user’s role and access policies, however, does not appear to explicitly discloses that a token/ticket is issued to the authorized user and an access is provided to the user based on the access token.
However, Lander discloses that after authenticating a user, an access token/ticket is issued ([0183] In one embodiment, for example, OAuth microservice 1004 may receive an authorization request from a native application 1011 to authenticate a user according to a 2-legged OAuth flow. In this case, an authentication manager 1034 in OAuth microservice 1004 performs the corresponding authentication (e.g., based on ID/password received from a client 1011) and a token manager 1036 issues a corresponding access token upon successful authentication.), and an access is provided to the user based on the access token ([0142] When client 708 (e.g., mobile, web apps, JavaScript, etc.) presents an access token (issued by IDCS) to use with a protected REST API 714, Cloud Gate 702 validates the access token before allowing access to the API (e.g., signature, expiration, audience, etc.).).
Qureshi and Lander are considered to be analogous to the claimed invention because they are in the same field of network security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Qureshi to incorporate the teachings of Lander since both systems allowing enterprise users to use their mobile devices to securely access enterprise resources based on user information including a role of user and application information including a role of application and provide a mobile device management system of the enterprise computer system. The motivation to do so is to provide an access token to the user after evaluating the user information and the application information requesting to access enterprise resource or service (obvious to one skilled in the art, Lander, Abstract).

Regarding claim 2, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Lander further discloses that the access token comprises the identity of the user and the authorization roles associated with the user ([0225] Embodiments bind users to groups and give users privileges. With embodiments, different persona are expressed as application roles, and privileges are assigned to application roles. Users are granted application roles. Privileges are represented as scopes in one embodiment, which is a collection of permitted endpoint operations having common semantics. Scopes are interpreted by an authorization server and embedded in access tokens that are used to access resource servers. Therefore, roles are granted scopes.).).  

Regarding claim 3, Qureshi, in view of Lander, discloses the limitation of claim 2 above.  Lander further discloses that the access token is a cryptographically confirmed access token ([0182] In one embodiment, tokens 1032 provided to browser 1002 include JW identity and access tokens signed by the IDCS OAuth2 server.).  

Regarding claim 4, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Lander further discloses a second factor authentication module configured to issue an authentication challenge based on the identity of the user ([0181] In one embodiment, interactions between OAuth microservice 1004 and SSO microservice 1008 are based on browser redirects so that SSO microservice 1008 challenges the user using an HTML form, validates credentials, and issues a session cookie.).  

Regarding claim 5, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Qureshi further discloses an application aware firewall, wherein the firewall comprises rules associated with one or more of HTTP method, path, parameters, Client Certificates, HTTP headers, and message body ([0119] A gateway rule 404 can include one or more values of properties of a mobile device request 402 formatted according to a protocol supported by the secure mobile gateway 128. Such properties can comprise URL parameters, header values, commands, etc. The gateway filter 401 can be configured to filter the requests 402 based at least partly on these properties. In the case of ActiveSync, the request properties can include DeviceID and DeviceType (taken from the request URL), the User and UserAgent parameters (taken from the HTTP headers), and one or more ActiveSync command parameters (ActiveSync defines numerous different commands, such as sync mailbox, send mail, get attachment, etc.)).  

Regarding claim 6, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Lander further discloses an application aware firewall, wherein the firewall comprises rules associated with remote procedure call applications and methods, parameters, and body associated with the remote procedure call applications ([0104] The Administration service also supports a set of remote procedure call-style ("RPC-style") REST interfaces that do not perform CRUDQ operations but instead provide a functional service, for example, "UserPasswordGenerator," "UserPasswordValidator," etc.).  

Regarding claim 7, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Qureshi further discloses an identity aware firewall, wherein the firewall is configured to provide a plurality of levels of access to the user based on the identity of the user and the user authorization roles ([0069] Embodiments of the invention can cooperate with one or both of the firewalls 122 and 124 or other devices of the enterprise system 110 to filter mobile devices' access requests based on a set of gateway rules, in order to protect the enterprise system 110 from unauthorized access while permitting legitimate communications to pass. As will be described in further detail below, such access rules can be used to regulate access based on, e.g., mobile device properties, user properties, the specific enterprise resources 130 for which access is requested, or any combination thereof.).  

Regarding claim 8, Qureshi, in view of Lander, discloses the limitation of claim 1 above. Qureshi discloses that the at least one application is configured to use network services ([0176] Many mobile device software applications 318 are capable of issuing network communications (also referred to as "application-generated communications"), including requests to access and communicate with enterprise resources 130.); and 
the system further comprises: 
a database configured to store network services authorization rules associated with each of the at least one applications ([0174] A tunneling mediator or enterprise agent 320 can use a tunnel definition to construct an application tunnel, in accordance with methods described below. The mobile device management system 126 illustrated in FIG. 2 includes a repository 228 of tunnel definitions. A tunnel definition can include information to implement an application tunnel between a mobile device application 318 and a remote resource (such as an enterprise resource 130). A tunnel definition can be specific to a particular application 318 or type thereof.); and 
a workload-aware firewall configured to receive a request from the at least one application to access network services and to control access between the at least one application and the network services based on the identity of the user and the user authorization roles ([0170] With reference to FIGS. 1A-3, a tunneling mediator, such as the tunneling mediator 224 of the mobile device management system 126, can be configured to receive access requests generated by software applications 318 installed on the mobile devices 120, for access to the enterprise resources 130 (especially enterprise resources 130 comprising software applications), and to generate application tunnels between the device applications 318 and the enterprise resources 130.).  

Regarding claim 10, Qureshi discloses the limitation of claim 9 above. However, Qureshi does not appear to explicitly discloses that the request is a cryptographically-confirmed token.
However, Lander discloses that the request is a cryptographically-confirmed token ([0098] Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (“JSON”) Web Tokens (“JWTs”) conveying the user's authenticated identity.).  
Qureshi and Lander are considered to be analogous to the claimed invention because they are in the same field of network security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Qureshi to incorporate the teachings of Lander since both systems allowing enterprise users to use their mobile devices to securely access enterprise resources based on user information including a role of user and application information including a role of application and provide a mobile device management system of the enterprise computer system. The motivation to do so is to provide an access token to the user after evaluating the user information and the application information requesting to access enterprise resource or service (obvious to one skilled in the art, Lander, Abstract).

Regarding claim 13, Qureshi discloses a method for identity and authorization management, the method comprising: 
receiving, via a user, a request to access at least one application ([0204] Accordingly, in step 702 of FIG. 7, the mobile device management system 126 receives an access request from one of the mobile devices 120.); 
determining an identity of the user ([0204] The tunneling mediator 224 can determine which user 115 is assigned to the mobile device 120 by, e.g., using the user-device assignment records 210.); 

determining at least one role associated with the authenticated identity of the user ([0204] On the other hand, if the mobile device properties are in compliance with the one or more associated access policies 218, then  the method proceeds to decision step 706, in which the tunneling mediator 224 determines whether one or more properties of the user 115 assigned to the mobile device 120 are in compliance with the one or more relevant access policies 218. The properties of the user 115 can be, e.g., the user's role 206 or other user-related information that may or may not be stored within the mobile device information 204.); 
determining whether any rules are associated with the access of the at least one application, based on the identity of the user and the associated role of the user ([0204]  Accordingly, in decision step 704, the tunneling mediator 224 determines whether one or more properties of the mobile device 120 comply with one or more relevant access policies 218 (e.g., general access policies, or access policies associated with the requested enterprise resource(s) 130).); and 
providing access to the at least one application based on the identity of the user and the associated roles and rules ([0204] If the one or more user properties comply with the one or more access policies 218, then the tunneling mediator 224 grants the mobile device 120 access to the requested enterprise resource(s) 30, in step 708 (through the connection 152 or 162).).  
Qureshi does not appear to explicitly discloses authenticating the identity of the user by providing an access token associated with the request.
However, Lander discloses authenticating the identity of the user by providing an access token associated with the request ([0183] In one embodiment, for example, OAuth microservice 1004 may receive an authorization request from a native application 1011 to authenticate a user according to a 2-legged OAuth flow. In this case, an authentication manager 1034 in OAuth microservice 1004 performs the corresponding authentication (e.g., based on ID/password received from a client 1011) and a token manager 1036 issues a corresponding access token upon successful authentication.).
Qureshi and Lander are considered to be analogous to the claimed invention because they are in the same field of network security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Qureshi to incorporate the teachings of Lander since both systems allowing enterprise users to use their mobile devices to securely access enterprise resources based on based on user information including a role of user and application information including a role of application and provide a mobile device management system of the enterprise computer system. The motivation to do so is to provide an access token to the user after evaluating the user information and the application information requesting to access enterprise resource or service (obvious to one skilled in the art, Lander, Abstract).

Regarding claim 14, Qureshi, in view of Lander, discloses the limitation of claim 13 above. Lander further discloses that the access token comprises the identity of the user and the authorization roles associated with the user ([0225] Embodiments bind users to groups and give users privileges. With embodiments, different persona are expressed as application roles, and privileges are assigned to application roles. Users are granted application roles. Privileges are represented as scopes in one embodiment, which is a collection of permitted endpoint operations having common semantics. Scopes are interpreted by an authorization server and embedded in access tokens that are used to access resource servers. Therefore, roles are granted scopes.).  

Regarding claim 15, Qureshi, in view of Lander, discloses the limitation of claim 14 above. Lander further discloses that the access token is a cryptographically confirmed access token ([0182] In one embodiment, tokens 1032 provided to browser 1002 include JW identity and access tokens signed by the IDCS OAuth2 server.).  

Regarding claim 16, Qureshi, in view of Lander, discloses the limitation of claim 13, above. Lander further discloses that authenticating the user comprises issuing an authentication challenge based on the identity of the user ([0181] In one embodiment, interactions between OAuth microservice 1004 and SSO microservice 1008 are based on browser redirects so that SSO microservice 1008 challenges the user using an HTML form, validates credentials, and issues a session cookie.).

Regarding claim 17, Qureshi, in view of Lander, discloses the limitation of claim 13 above. Qureshi further discloses: 
receiving a second request from the at least one application to access at least one network service ([0176] Many mobile device software applications 318 are capable of issuing network communications (also referred to as "application-generated communications"), including requests to access and communicate with enterprise resources 130.); 
determining whether there is further user identity information to be added to the second request ([0194] The content-filtering server acts as a tunneling mediator, and inspects each request to determine whether the requested site is authorized by the enterprise. … In certain embodiments, this determination may be based on the specific mobile device 120 and user 115 making the request (e.g., based on user role 206).); 
- 24 -determine whether there are any network service authorization rules associated with the request ([0191]  In step 602, a tunneling mediator of or associated with the enterprise system 110 (e.g., the tunneling mediator 224) receives a request from the mobile device application 318, for access to the enterprise resource 130. …  In step 604, the enterprise system 110 can determine whether access to the enterprise resource 130 is authorized. For example, as described below, the mobile device manager 202 or tunneling mediator 224 can determine whether the request is permissible under one or more of the enterprise access policies 218 of the mobile device management system 126.); and 
providing access to the at least one network service based on the application and associated authorization rules ([0191] In step 610, the tunneling mediator opens a resource network connection (e.g., connection 152 of FIGS. 1A and 1C, or connection 162 of FIG. 1B) between the tunneling mediator and a server port associated with the requested enterprise resource 130.).  

Regarding claim 18,  Qureshi, in view of Lander, discloses the limitation of claim 13 above. Lander further discloses that the second request comprises a cryptographically-confirmed token ([0098] Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (“JSON”) Web Tokens (“JWTs”) conveying the user's authenticated identity.).      

Regarding claim 19, Qureshi, in view of Lander, discloses the limitation of claim 13 above. Lander further discloses that the providing of access may be further based on the authorization data of the user ([0225] Embodiments bind users to groups and give users privileges. With embodiments, different persona are expressed as application roles, and privileges are assigned to application roles. Users are granted application roles. Privileges are represented as scopes in one embodiment, which is a collection of permitted endpoint operations having common semantics. Scopes are interpreted by an authorization server and embedded in access tokens that are used to access resource servers. Therefore, roles are granted scopes.).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEONGSOOK YI whose telephone number is (571) 272-9407. The examiner can normally be reached Monday-Friday 8:00 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/J.Y./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/       Supervisory Patent Examiner, Art Unit 2496