Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .





DETAILED ACTION

Response to Arguments
	Applicant’s arguments filed March 15, 2022 have been fully considered. A new ground(s) of rejection is presented due to Applicant’s amendment. 


Allowable Subject Matter
Claims 6 – 8 and 16 – 18 are objected to as being dependent upon a rejected based claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefore, subject to the conditions and requirements of this title.

1. 	Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is not supported by a process, machine, manufactures or composition of matter asserted utility or a well-established utility.
Independent claim 20 recites a “computer-readable medium storing instructions…”; however, Applicant’s claim language does not put the claims into one of the statutory categories because a computer-readable medium is not a statutory category and Applicant’s claimed computer-readable medium is not clearly limited to statutory embodiments (see Applicant’s para 0006, 0034 and 0076 disclosure). 
Applicant’s specification, further does not exclude a “computer-readable medium” from other forms of propagated signals that a computer-readable medium may be formatted in. 
The Examiner suggests Applicant review the memorandum entitled “Subject matter Eligibility of Computer readable media” issued on January 26, 2010 from the Under Secretary of Commerce for Intellectual Property and Director of the United State Patent and Trademark Office , David J. Kappos (http://www.uspto.gov/patents/law/notices/101_crm_20100127.pdf) and amend the claim to clearly limit the computer program product to be embodied on a memory/disk and include either limitation “non-transitory” or  the disclosed tangible computer readable media, while at the same time excluding all intangible media such as signals, carrier waves, etc… 
Any amendment to the claim should be commensurate with its corresponding disclosure.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  



Claims 1, 3 – 5, 9 – 11, 13 – 15 and 19 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine (US Patent No. 9398121 B1) in view of Heck (US Pub. No. 2012/0287922 A1) in view of Meng (US Pub. No. 2021/0036887 A1).

Per claim 11, Brandwine (US Patent No. 9398121 B1) suggests a computer device (reads on any combination of software and hardware that interacts and performs the described functionality, see Brandwine col. 21 lines 1 – 30), comprising: at least one memory to store data and instructions (see Brandwine col. 21 lines 1 – 30); and at least one processor in communication with the at least one memory (see Brandwine col. 21 lines 1 – 30), wherein the at least one processor is operable to (see Brandwine col. 21 lines 1 – 30): establish a first trusted internet protocol (IP) address (The Examiner construes this to be an obvious limitation of the overlay address of instance A, see Brandwine Figure 1 block 102A) for a first host computer device (reads on physical host A, see Brandwine Figure 1 block 106A) of a plurality of host computer devices on a network rack  (see Brandwine Figure 1 and col. 15 lines 36 – 53 and col. 17 lines 4 – 7) in communication with a trusted network (reads on in communication with the overlay network, see Brandwine col. 3 lines 9 – 11 and 20 – 22), wherein the first trusted IP address is associated with a physical IP address of the first host computer device (reads on the overlay address is associated with the physical address of host A, see Brandwine Figure 1 block 106A); use the first trusted IP address to establish a first VPN tunnel directly between (reads on a virtual cloud may built on top of overlay network and addresses in the physical network, see Brandwine col. 3 lines 9 – 28) the first host computer device (reads on physical host A, see Brandwine Figure 1 block 106A) and a VPN server (reads on physical host B, see Brandwine Figure 1 block 106B)  over the physical IP address of the first host computer (reads on a virtual cloud may built on top of overlay network and addresses in the physical network, see Brandwine col. 3 lines 9 – 28); and securely transmit data packets between the first host computer device and the VPN server using the first VPN tunnel (reads on physical host B receives the packet from physical host A across the VPN and overlay, see Brandwine col. 3 lines 1 – 28 and col. 4 line 61 – col. 6 line 15). Brandwine does not explicitly establish a VPN tunnel and establishing a second trusted IP address for a second host computer device of the plurality of host computer devices on the network rack in communication with the trusted network, wherein the second trusted IP address is associated with the physical IP address of the second host computer device, wherein establishing the first trusted IP address and the second trusted IP address further comprises providing a common key to the first host computer device and the second host computer device. 
Heck suggests establish (reads on the LIS establishes security associations between a first and second end-point with the LIS, see Heck para 0037, 0039 and 0067) a first VPN tunnel (reads on the LIS using known principles of VPN tunnel creation and implementation, see Heck para 0058) directly between the first host computer device (reads on a first end-point, see Heck para 0037, 0039 and 0067) and a VPN server (reads on a second end-point, see Heck para 0037, 0039 and 0067).
Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the network teachings of the prior art of record by integrating the explicit VPN tunnel teachings of Heck to realize the instant limitation. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself- that is in the substitution of the explicit VPN tunnel creation teachings of Heck for the VPN generation teachings of the primary reference. Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious.
Meng suggests 
establish a VPN tunnel (reads on establishing a VPN tunnel between the spoke and the controller/hub combination based on the public IP addresses, see Meng para 0015, 0025, 0040 and 0066) and establishing a second trusted IP address (reads on the controller/hub combination assigns an IP address from the address pool to the spoke, see Meng para 0015, 0017 and 0066) for a second host computer device (reads on the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106) of the plurality of host computer devices on the network rack (reads on the plurality of spokes 103, 105 and 106, see Meng Figure 1) in communication with the trusted network (reads on the public network 112, see Meng para 0026 and Figure 1), wherein the second trusted IP address is associated with the physical IP address (reads on the spokes have public IP addresses and VIP address, see Meng para 0018) of the second host computer device (reads on the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106), wherein establishing the first trusted IP address and the second trusted IP address further comprises providing a common key (reads on generate shared secret keys for secure communication/VPN tunnel between the spokes, see Meng para 0015 and 0025) to the first host computer device and the second host computer device (reads on two of the exemplary plurality of spokes 103, 105 and 106, see Meng Figure 1 and para 0025 – 0026).

[0015] FIG. 1 depicts an example conceptual diagram of dynamic establishment of spoke-to-spoke VPN tunnels in a hub-and-spoke network. Hub-and-spoke networks comprise at least one hub network device (hereinafter a “hub”) and spoke network devices (hereinafter “spokes”) arranged such that data communicated between spokes can flow through the hub. FIG. 1 depicts a hub-and-spoke network comprising a spoke 103, a spoke 105, a spoke 106, and a hub 104 which correspond to separate autonomous systems, though the hub 104 and spokes 103, 105, 106 may belong to one autonomous system. While depicted as routers in FIG. 1, each of the spoke 103, spoke 105, spoke 106, and hub 104 can be any network device with at least layer 3 (i.e., network layer) networking capabilities. For example, the spokes 103, 105, 106 and hub 104 can be routers, switches, and/or firewalls. The spokes 103, 105, 106 and the hub 104 communicate with a central spoke-to-spoke dynamic tunnel controller (“central controller”) 101. The central controller 101 generates BGP configuration information and communicates with the hub 104 and spokes 103, 105, 106. The central controller 101 is depicted as one entity (e.g., a server, a cloud service, or firewall), although the functionality of the central controller 101 can be allocated across multiple entities. For example, generation of BGP information and communication with the spokes 103, 105, 106 and the hub 104 can be performed by one entity (i.e., the central controller 101) or different coupled entities (e.g., two firewalls, one server and one firewall, etc.). The spokes 103, 106, 105 manage incoming and outgoing network traffic for private networks 114A, 114B, 114C, respectively. The hub 104 manages incoming and outgoing network traffic for a private network 114D. A VPN tunnel 110A is established between the spoke 103 and the hub 104. A VPN tunnel 110B is established between the spoke 106 and the hub 104. A VPN tunnel 110C is established between the spoke 105 and the hub 104. The VPN tunnels 110A-C are static VPN tunnels for secure communication of data between the hub 104 and spokes 103, 105, 106 over a public network 112. The VPN tunnels 110A-C may use any VPN protocol providing for encryption, such as Internet Protocol Security (IPsec).


[0017] At stage A, the spoke 106 registers with the central controller 101. The spokes 103, 105 are already registered with the central controller 101 and have installed a BGP configuration generated by a configuration generator 117 of the central controller 101. The spoke 103 and spoke 105 are BGP peers of the hub 104 as indicated by the BGP configuration. Once the spoke 106 is activated, a spoke dynamic tunnel manager 121 of the spoke 106 establishes a secure connection with the central controller 101 and communicates a request or command to the central controller 101 for retrieval of a BGP configuration over the secure connection. The spoke dynamic tunnel manager 121 may be, for example, a process, daemon, etc. which executes at the spoke 106. The dynamic tunnel manager 121 additionally indicates the public IP address of the spoke 106 to the central controller 101. The configuration generator 117 pushes a BGP configuration to the spoke 106 via a communication manager 107 and allocates a VIP address from an address pool 111 to be assigned to the spoke 106. In this example, the communication manager 107 assigns a VIP address 192.0.2.2 from the address pool 111 to the spoke 106. The BGP configuration at least indicates configuration of the hub 104 and spoke 106 as BGP peers. The configuration generator 117 also can generate a dynamic tunnel configuration which indicates a dynamic VPN tunnel inactivity timeout period. The configuration generator 117 can push the dynamic tunnel configuration to the spoke 106 via the communication manager 107 in addition to the BGP configuration. Following registration of the spoke 106 with the central controller 101, the dynamic tunnel manager 121 may periodically “refresh” the secure connection which was initially established with the central controller 101, such as by updating a Secure Sockets Layer (SSL) certificate. The configuration generator 117 may push the dynamic tunnel configuration to the spoke 106 via the communication manager 107 again after these periodic refreshments of the secure connection.

[0018] After the spoke 106 has registered with the central controller 101, the communication manager 107 sends the VIP address and public IP address of the spoke 106 to the hub 104 and the spokes 103, 105. The communication manager 107 also sends the VIP addresses and public IP addresses of the spokes 103, 105 and the hub 104 to the spoke 106. A spoke dynamic tunnel manager 120 of the spoke 105 and a hub tunnel manager 124 of the hub 104 can add the VIP and public IP addresses of the spoke 106 to a record of VIP and public IP addresses of network devices registered with the central controller 101 which is maintained by each of the spoke 105 and the hub 104. Each of the spoke dynamic tunnel manager 120 and the hub tunnel manager 124 may be, for example, a process, daemon, etc. which executes at the spoke 105 and the hub 104, respectively. The hub tunnel manager 124 replaces a placeholder peer address for the spoke 106 established in a BGP configuration installed to the hub 104 with the VIP address of the spoke 106. Similarly, the spoke dynamic tunnel manager 121 can add the VIP and public IP addresses of the spokes 103, 105 and the hub 104 to a record of VIP and public IP addresses of network devices registered with the central controller which is maintained by the spoke 106. Routing engines of the spokes 103, 105 also install a static route to reach the spoke 106 to an entry in a respective routing table maintained for the spokes 103, 105. The entry may indicate the static route, the VIP address of the spoke 106, and an outgoing tunnel interface (e.g., an interface for transmission of outgoing network traffic via a VPN tunnel). The static route can be a host route or an aggregate route. Adding the static route to the routing tables of the spokes 103, 105 allows the spokes 103, 105 to install routes advertised by the spoke 106 and resolve the next hop for the routes to the spoke 106 using BGP.


[0025] To establish secure communication between the spoke 105 and the spoke 106, the spoke 105 and the spoke 106 authenticate with an Internet Key Exchange (IKE) process. To establish a security association with IKE, the spoke 105 authenticates with the spoke 106 (e.g., with certificate- or password-based authentication). In this example, the spoke 105 and spoke 106 have been issued a Public Key Infrastructure (PKI) certificate 118 and PKI certificate 109, respectively. The central controller 101 may act as a certificate authority which generates and issues the PKI certificate 118, to the spoke 105 and the PKI certificate 109 to the spoke 106. The spokes 105, 106 also have respective public keys 115, 113. The spoke 105 and the spoke 106 authenticate with the PKI certificates 118, 109. The spoke dynamic tunnel manager 120 of the spoke 105 and spoke dynamic tunnel manager 121 of the spoke 106 each generate a private key and complete a key exchange to exchange public keys 113, 115 between the spokes 105, 106. After exchanging the public keys 113, 115, the spoke dynamic tunnel managers 120, 121 can generate shared secret keys and establish a secure channel between the spokes 105, 106. The spoke dynamic tunnel managers 120, 121 can then negotiate a dynamic tunnel (e.g., an IPsec VPN tunnel) for secure communication between the spokes 105, 106. For instance, the spoke dynamic tunnel managers 120, 121 can negotiate a dynamic tunnel by leveraging the shared secret keys.
 
[0026] At stage F, upon completion of the dynamic tunnel negotiation, a dynamic tunnel 116 is established between the spoke 105 and the spoke 106. The dynamic tunnel 116 is a VPN tunnel which facilitates secure transmission of data over the public network 112 and may leverage encryption. Once the dynamic tunnel 116 has been established, the spoke dynamic tunnel managers 120, 121 redirect data flow between the spoke 105 and the spoke 106 through the dynamic tunnel 116 such that data no longer flows through the static tunnels 110B and 110C via the hub 104.

[0040] At block 309, the spoke dynamic tunnel manager initiates establishment of a VPN tunnel with the hub. The spoke dynamic tunnel manager can replace a placeholder peer address corresponding to the hub with the VIP address of the hub which the central controller communicated to the spoke dynamic tunnel manager. A VPN tunnel can then be negotiated between the instant spoke and the hub based on leveraging the public IP addresses which have been shared with the instant spoke and the hub. For instance, the spoke dynamic tunnel manager can authenticate with the hub and negotiate an IPsec VPN tunnel with the hub. The resulting VPN tunnel which is established is a static VPN tunnel that is not associated with a tunnel timeout period.

[0066] Plural instances may be provided for components, operations or structures described herein as a single instance. Finally, boundaries between various components, operations and data stores are somewhat arbitrary, and particular operations are illustrated in the context of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within the scope of the disclosure. In general, structures and functionality presented as separate components in the example configurations may be implemented as a combined structure or component. Similarly, structures and functionality presented as a single component may be implemented as separate components. These and other variations, modifications, additions, and improvements may fall within the scope of the disclosure.

Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the network teachings of the prior art of record by integrating the explicit VPN tunnel teachings of Meng to realize the instant limitation. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the network system of Brandwine in view of Heck the ability to include a common key as taught by Meng since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized the results of the combination were predictable. The motivation to combine the references applies to all claims under this heading.

Per claim 13, The prior art of record further suggests wherein the at least one processor is further operable to: use the second trusted IP address to (reads on the spokes have public IP addresses and VIP address, see Meng para 0018 and see Brandwine Figure 1 block 106B) generate a second VPN tunnel directly between (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 using the VIP/trusted addresses, see Heck para 0058, Meng para 0026 – 0027) the second host computer device (reads on the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106) and the VPN server (reads on the controller/hub combination, see Meng para 0015, 0025, 0040 and 0066 and see Heck para 0037, 0039 and 0067) over the physical IP address (reads on negotiating a VPN tunnel between the instant spoke and the hub/controller combination based on the public IP addresses, see Meng para 0040) of the second host computer device  (reads on the combination of the LIS establishes security associations between a first and second end-point with the LIS and the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106 and see Heck para 0037, 0039 and 0067); and securely transmit the data packets between the second host computer device (reads on physical host B receives the packet from physical host A across the VPN and overlay, see Brandwine col. 3 lines 1 – 28 and col. 4 line 61 – col. 6 line 15) and the VPN server (reads on the controller/hub combination, see Meng para 0015, 0025, 0040 and 0066 and see Heck para 0037, 0039 and 0067) using the second VPN tunnel (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 and the hub/controller, see Heck para 0058 and Meng para 0040).
Per claim 14, The prior art of record further suggests use the first trusted IP address (reads on the spokes have public IP addresses and VIP address, see Meng para 0018 and see Brandwine Figure 1 block 106B) and the second trusted IP address (reads on the overlay address is associated with the physical address of host B and the spokes have public IP addresses and VIP address, see Meng para 0018 and see Brandwine Figure 1 block 106B) to communicate the first VPN tunnel (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 using the VIP/trusted addresses, see Heck para 0058, Meng para 0026 – 0027) between the first host computer device (reads on the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106) and the second host computer device (reads on the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106) over the physical IP address of the first host computer and the physical IP address of the second host computer device (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 using the VIP/trusted addresses, see Heck para 0058, Meng para 0026 – 0027); securely transmit the data packets between (reads on the VPN tunnel facilitates secure transmission of data between spokes, see Meng para 0026 – 0027) the first host computer device (reads on the combination of the exemplary spoke 106 that can be any network device with at least layer 3 network capabilities, see Meng para 0015 and Figure 1 block 106 and the physical host B receives the packet from physical host A across the VPN and overlay, see Brandwine col. 3 lines 1 – 28 and col. 4 line 61 – col. 6 line 15) and the VPN server (reads on the controller/hub combination, see Meng para 0015, 0025, 0040 and 0066 and see Heck para 0037, 0039 and 0067) using the first VPN tunnel (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 and the hub/controller, see Heck para 0058 and Meng para 0040); and securely transmit the data packets between (reads on the VPN tunnel facilitates secure transmission of data between spokes and the hub, see Meng para 0026 – 0027) the second host computer device (reads on physical host B receives the packet from physical host A across the VPN and overlay, see Brandwine col. 3 lines 1 – 28 and col. 4 line 61 – col. 6 line 15) and the VPN server (reads on the controller/hub combination, see Meng para 0015, 0025, 0040 and 0066 and see Heck para 0037, 0039 and 0067) using the first VPN tunnel (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate a VPN tunnel between the exemplary spokes 105 and 106 and the hub/controller, see Heck para 0058 and Meng para 0040).
Per claim 15, The prior art of record further suggests establish an encrypted communication channel between (reads on the LIS using known principles of VPN tunnel creation and implementation to negotiate an encrypted VPN tunnel between the exemplary spokes 105 and 106 using the VIP/trusted addresses, see Heck para 0058, Meng para 0026 – 0027) a first network interface card (NIC) of the first host computer device and a second network interface card (NIC) of the second host computer device (see Brandwine col. 10 lines 26 – 29 and col. 12 line 49 col. 14 line 4) using the first trusted IP address and the second trusted IP address  (reads on the spokes have public IP addresses and VIP address, see Meng para 0018 and see Brandwine Figure 1 block 106B); and securely transmit the data packets between the first host computer device and the second host computer device using the encrypted communication channel (reads on securely transmitting encrypted traffic between spokes using the VPN tunnel, see Brandwine col. 10 lines 26 – 29 and col. 12 line 49 col. 14 line 4 and Meng para 0026 – 0027 ).
Per claim 19, The prior art of record further suggests receive a request from a customer to access one of the plurality of host computer devices on the network rack (see Brandwine col. 10 lines 26 – 29 and col. 12 line 49 col. 14 line 4); and use a nonencrypted or an encrypted communication channel to communicate between one host computer device of the plurality of host computer devices and the customer (see Brandwine col. 10 lines 26 – 29 and col. 12 line 49 col. 14 line 4).
Claim 20 the computer-readable medium (see Brandwine col. 21 lines 20 – 33) is analyzed with respect to claim 11.
Claim 1 is analyzed with respect to claim 11.
Claim 2 is analyzed with respect to claim 12.
Claim 3 is analyzed with respect to claim 13.
Claim 4 is analyzed with respect to claim 14.
Claim 5 is analyzed with respect to claim 15.
Claim 9 is analyzed with respect to claim 19.
Claim 10 is analyzed with respect to claim 19.


Conclusion
Applicant’s amendment necessitates the new ground(s) of rejection presented in this action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Contact
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Brian Shaw whose telephone number is ((571)270-5191.  The examiner can normally be reached on Mon-Thurs from 6:00 AM-3:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's Supervisor, Jorge Criado can be reached on (571) 272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/BRIAN F SHAW/Primary Examiner, Art Unit 2496