DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/05/2021, 03/11/2011, 09/14/2011 and 12/27/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner. 

   Claim Objections
Claims 16 and 20 are objected to because of the following informalities: 
Claim 16  in line 1,  replace ” The network visibility appliance, further comprising” with “The network visibility appliance of claim 10” ;
Claim 20  in line 3,  replace ” which the cloud computing platform is accessible” with “which a cloud computing platform is accessible” ;
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. 
For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.


Claims are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5 of U.S. Patent No. US 10917285 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 

Application No. 17/142,145 (Instant)
US 10917285 B2
1. A method comprising: obtaining information that specifies how to route traffic processed by a cloud computing platform through a service chain that represents a sequence of network tools; populating a data structure with entries for the sequence of network tools, wherein each entry includes information that indicates where a data packet processed by a corresponding network tool should be next routed; receiving input that specifies a modification to the sequence of network tools; and modifying, in response to said receiving, the data structure so that the traffic is routed through the modified sequence of network tools.
2. The method of claim 1, wherein each network tool included in the sequence of network tools provides a different service.
3. The method of claim 1, further comprising: identifying a map that is implemented by a network visibility appliance to which each network tool in the sequence of network tools is communicatively connected; and creating a secondary data structure for the map by populating the secondary data structure with an entry for each rule associated with the map, and associating each entry with an action that specifies how data packets that satisfy the corresponding rule should be handled.
4. The method of claim 3, wherein the map is one of a plurality of maps implemented by the network visibility appliance, and wherein a separate secondary data - 37 -Attorney Docket No. 118026-8062.USO2 PATENT structure is created for each map of the plurality of maps so as to create a plurality of secondary data structures.
5. The method of claim 3, further comprising: routing the traffic through the modified sequence of network tools based on the data structure and the secondary data structure.
7. The method of claim 1, further comprising: constructing a graph to visually represent the network visibility appliance by creating a node for each network tool in the sequence of network tools, and creating a connection between a pair of nodes for each traffic flow between a pair of network tools in the sequence of network tools; and transmitting the graph to a computing device for display to a user who is able to specify the modification to the sequence of network tools by modifying the graph.


1. A computer-implemented method comprising: receiving information indicative to a network visibility appliance of how to route data packets indicative of traffic processed by a cloud computing platform through a service chain of a plurality of service chains implemented by the network visibility appliance, wherein the service chain represents a sequence of network tools that provide different network services; populating a data structure with an entry for each network tool of the sequence of network tools, wherein each entry includes a routing instruction that specifies where a data packet processed by a corresponding network tool should be next routed; routing the data packets through the sequence of network tools using the data structure; receiving input specifying a modification to the sequence of network tools; and dynamically modifying, based on the input, the data structure so that the data packets are routed through the modified sequence of network tools.
2. The computer-implemented method of claim 1, further comprising: identifying a plurality of maps associated with the network visibility appliance; and creating, for each map of the plurality of maps, a separate secondary data structure to generate a plurality of secondary data structures, wherein, for each map, creating the secondary data structure includes populating the secondary data structure with an entry for a rule associated with the corresponding map, and associating the entry for the rule with an action that specifies how data packets satisfying the rule should be handled.
3. The computer-implemented method of claim 2, wherein said routing is based on the data structure and the plurality of secondary data structures.
4. The computer-implemented method of claim 1, wherein the different network services include masking, slicing, sampling, replicating, deep packet inspection, net flow generation, access control, intrusion protection, network address translation (NAT), or a combination thereof.
5. The computer-implemented method of claim 1, further comprising: constructing a graph to visually represent a network fabric of the network visibility appliance by creating a node in the graph for each network object of a plurality of network objects associated with the network visibility appliance, wherein the plurality of network objects includes the sequence of network tools, and creating a connection between a pair of nodes in the graph for each traffic flow between a pair of network objects of the plurality of network objects; transmitting the graph to a display device for display to a user, wherein the user specifies the modification to the sequence of network tools by modifying the graph.



Claims are rejected on the ground of nonstatutory double patenting as being unpatentable over claims  10-11 & 13-16 of U.S. Patent No. US 10917285 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claims
Application No. 17/142,145 (Instant)
US 10917285 B2
10. A network visibility appliance comprising: an ingress port through which to receive traffic; and a processor configured to: obtain information that specifies how to guide the traffic through a service chain that represents a sequence of network objects, populate a data structure with respective entries for the ingress port and each network object in the sequence of network objects, wherein each entry includes information that indicates where data packets received at a corresponding network object should be next routed, and modify, in real time, the data structure responsive to a determination that input specifying a modification of the sequence of network objects has been received, such that the traffic is guided through a modified sequence of network objects.
11. The network visibility appliance of claim 10, further comprising: an egress port through which to route the traffic toward a destination.
13. The network visibility appliance of claim 11, wherein the ingress port is a raw endpoint, a tunnel endpoint, or an application endpoint, and wherein the egress port is a tunnel endpoint or an application endpoint.
14. The network visibility appliance of claim 10, wherein the sequence of network objects includes at least one of a tunnel endpoint, an application endpoint, or a map.
15. The network visibility appliance of claim 14, wherein each tunnel endpoint, if any, receives data packets from, or sends data packets to, an environment outside of the network visibility appliance, - 39 -Attorney Docket No. 118026-8062.USO2 PATENT each application endpoint, if any, receives data packets from, or sends data packets to, an application program, and each map, if any, includes a rule for managing data packets.
16. The network visibility appliance, further comprising: a data store that includes (i) the data structure and (ii) a plurality of service chain arrangements, wherein each service chain arrangement of the plurality of service chain arrangements is associated with a particular traffic characteristic.

10. A network visibility appliance comprising: an ingress port through which to receive a traffic flow; an egress port through which to route the traffic flow away from the network visibility appliance; and a processor configured to: receive information indicative to the processor of how to guide the traffic flow through a service chain, wherein the service chain represents a sequence of network objects that provide network services; populate a data structure with respective entries for the ingress port, the egress port, and each network object in the sequence of network objects; include, in each entry in the data structure, a routing instruction that specifies where data packets received at a corresponding network object should be next routed; route the traffic flow from the ingress port to the egress port through the sequence of network objects using the data structure; receive input specifying a modification to the sequence of network objects that is provided through an interface that includes a graphical representation of the service chain in which each of the sequence of network objects is shown as a separate node, wherein the modification corresponds to an alteration of a node in the graphical representation; and dynamically modify, based on the input, the data structure so that the traffic flow is routed through the modified sequence of network objects.
12. The network visibility appliance of claim 10, wherein the egress port is a tunnel endpoint or an application endpoint.
13. The network visibility appliance of claim 10, wherein the sequence of network objects includes at least one of a tunnel endpoint, an application endpoint, or a map.
14. The network visibility appliance of claim 13, wherein each tunnel endpoint, if any, receives data packets from, or sends data packets to, an environment outside of the network visibility appliance, each application endpoint, if any, receives data packets from, or sends data packets to, an application program, and each map, if any, includes a rule for managing data packets.



Claims  are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 19-21 of U.S. Patent No. US 10917285 B2 Although the claims at issue are not identical, they are not patentably distinct from each other because claims 

Application No. 17/142,145 (Instant)
US 10917285 B2
17. A method comprising: receiving first input indicative of a selection of a map that includes a rule for filtering data packets from amongst a plurality of maps that were not bound to network objects during construction of the plurality of maps; receiving second input indicative of a selection of (i) a source network object of a network visibility appliance and (ii) a destination network object of the network visibility appliance; and binding the map the network visibility appliance prior to runtime by associating the map with the source network object and the destination network object in a data structure upon deployment of the map within the network visibility appliance.
19. The method of claim 17, wherein said binding further comprises editing an action set that is associated with a programmable data structure corresponding to the map.
20. The method of claim 17, wherein the network visibility appliance is configured to receive traffic from an agent hosted on a virtual machine belonging to one of a plurality of tenants to which the cloud computing platform is accessible.

19. A computer-implemented method comprising: identifying a plurality of network objects of a network visibility appliance coupled to a cloud computing platform; receiving user input specifying (i) a source network object, (ii) a map that includes a rule for filtering data packets received by the source network object, wherein the map is selected from a map library including a plurality of unbound maps, and (iii) a destination network object that is to receive filtered data packets; and binding the map to the network visibility appliance prior to runtime by associating the map with the source network object and the destination network object upon deployment of the map within the network visibility appliance.
20. The computer-implemented method of claim 19, wherein the network visibility appliance is communicatively coupled to a controller, and wherein said binding is implemented by the controller that dynamically edits an action set associated with a programmable data structure corresponding to the map.
21. The computer-implemented method of claim 19, wherein the cloud computing platform is accessible to multiple tenants, and wherein the network visibility appliance is configured to receive traffic from an agent hosted on a virtual machine belonging to a given tenant of the multiple tenants.


Claims  are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 22-24 of U.S. Patent No. US 10917285 B2 Although the claims at issue are not identical, they are not patentably distinct from each other because claims 

Application No. 17/142,145 (Instant)
US 10917285 B2
17. A method comprising: receiving first input indicative of a selection of a map that includes a rule for filtering data packets from amongst a plurality of maps that were not bound to network objects during construction of the plurality of maps; receiving second input indicative of a selection of (i) a source network object of a network visibility appliance and (ii) a destination network object of the network visibility appliance; and binding the map the network visibility appliance prior to runtime by associating the map with the source network object and the destination network object in a data structure upon deployment of the map within the network visibility appliance.
19. The method of claim 17, wherein said binding further comprises editing an action set that is associated with a programmable data structure corresponding to the map.
20. The method of claim 17, wherein the network visibility appliance is configured to receive traffic from an agent hosted on a virtual machine belonging to one of a plurality of tenants to which the cloud computing platform is accessible.

22. A computer-implemented method comprising: identifying a plurality of network objects of a network visibility appliance coupled to a cloud computing platform; receiving user input specifying (i) a source network object, (ii) a map that includes a rule for filtering data packets received by the source network object, wherein the map was not bound to any network objects during construction of the map, and (iii) a destination network object that is to receive filtered data packets; and binding the map to the network visibility appliance prior to runtime by associating the map with the source network object and the destination network object upon deployment of the map within the network visibility appliance.
23. The computer-implemented method of claim 22, wherein the network visibility appliance is communicatively coupled to a controller, and wherein said binding is implemented by the controller that dynamically edits an action set associated with a programmable data structure corresponding to the map.
24. The computer-implemented method of claim 22, wherein the cloud computing platform is accessible to multiple tenants, and wherein the network visibility appliance is configured to receive traffic from an agent hosted on a virtual machine belonging to a given tenant of the multiple tenants.



Similarly all other dependent claims of the instant application (Application No. 17/142,145) are  rejected on the ground of nonstatutory double patenting as being unpatentable over combinations of dependent claims (similar to combinations of independent/dependent claims as shown above)  of U.S. Patent No. US 10917285 B2. Although those claims at issue are not identical, they are not patentably distinct from each other because combination of those dependent claims  are “anticipated by” the combination of dependent claims of U.S. Patent No. US 10917285 B2.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee et al. (2018/0089278), Bhattacharjee hereinafter, in view of Muddu et al. (2017/0063886), Muddu hereinafter.

Re. claim 1,  Bhattacharjee teaches a method (Abstract & Fig.1A – 4,5A-B, 6A-B,7A,8A-15, Fig. 18-49) comprising: obtaining information that specifies how to route traffic processed by a cloud computing platform through a service chain that represents a sequence of network tools (Fig.1A-B, 2 & ¶0145  - external data system 12-2 may be a server of cloud computing services such as Amazon web services (AWS). ¶0172 - Host devices 106 may broadly include any number of computers, virtual machine instances ….A collection of host devices 106 may be configured to implement a network-based service. .. a provider of a network-based service may configure one or more host devices 106 and host applications 114 … to collectively implement the network-based application. ¶0174 - a host device 106 comprising a router may generate one or more router logs that record information related to network traffic managed by the router. ... ¶0177 .. monitoring component 112 comprises a software component or other logic that facilitates generating performance data related to a client device's operating state, including monitoring network traffic sent and received from the client device and collecting other device and/or application-specific information. ¶0555- FIG. 27 is a cloud-based system ..); populating a data structure with entries for the sequence of network tools (Fig.33-35 & ¶0697 - the query coordinator 3304 can generate task instructions for the nodes 3306 to interact with the dataset sources such that the dataset sources receive any task instructions from the nodes 3306 as opposed to the query coordinator 3304. ..., the query coordinator 3304 can assign one or more nodes 3306 to communicate task instructions to the external data sources 3318, indexers 206, or query acceleration data store 3308. ¶0726 - The query coordinator 3304 can maintain a mapping between generated unique identifiers and datasets, partitions.. that are associated with information stored by the query acceleration data store 3308), wherein each entry includes information that indicates where a data packet processed by a corresponding network tool should be next routed (Fig.33-35 & ¶0623 - if the query also includes a request for datasets that are not in the query acceleration data store 3308, the worker nodes 3306 can begin working on the dataset obtained from the query acceleration data store 3308, while also obtaining the other dataset(s) from the other dataset source(s). In this way, a client device 414a-404n can rapidly receive a response to a provided query, while the worker nodes 3306 obtain datasets from the other dataset sources. Fig.33-35 & ¶0682 - DAG 2000 can correspond to a topological ordering of search phases, or layers, performed by the nodes 3306. As such, a sequence of the vertices can represent a sequence of search phases such that each edge is directed from earlier to later in the sequence of search phases. Fig.33-35 & ¶0684 - Each vertex 3502, 3504, 3506, 3508, 3510, 3512, 3514 can correspond to a search phase performed by one or more partitions or processors 3406 of one or more nodes 3306 on a particular set of data.  Fig.33-35 & ¶0726 - The query coordinator 3304 may optionally provide a unique identifier to the requesting client, such that a user of the requesting client can re-use the unique identifier. … the user's client can present a list of all such identifiers along with respective queries that are associated with the identifier. The user can select an identifier, and generate a new query that is based on an associated query. That is, as shown in fig. 33-35, data stores having indexers in reference to a list of client devices receives responses to a new query (BRI: routing instruction for next routing) by corresponding network tools (8A-15, Fig.30-34). ¶0780 - The query coordinator 3304 .. execute the individual tasks, route the results of each task to the next location, and route the results of the query to the proper destination.  ); and modifying, in response to said receiving, the data structure so that the traffic is routed through the modified sequence of network tools (¶0023 - FIG. 8B is an interface diagram of an example user interface for a data summary dialog that enables a user to select various data sources. ¶0334 - a user may be able to dynamically create custom fields by highlighting portions of a sample event that should be extracted as fields using a graphical user interface. That is, as shown in Fig.7A-8B, User are enabled by using graphical interface in order to dynamically create/modify custom fields which are dynamically linked to different datasets. Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 33-37 & Abstract - a query coordinator can dynamically allocate partitions operating on worker nodes to retrieve data for processing, .. communicate the data to the dataset sources. .. the query coordinator can dynamically allocate partitions based on an identification of the dataset destination. ¶0167 - the user can continue to refine the late-binding schema by adding new fields, deleting fields, or modifying the field extraction rules. ¶0242 - data store 501 that includes a directory for each index (or partition) that contains a portion of data managed by an indexer. ¶0311 - the set of result data can be in the form of a dynamically created table. ¶0698 - .. allocate partitions from the same node 3306 to different tasks so that data routed between the partitions to reduce network traffic between nodes 3306 or machines 3402. ¶0780 - The query coordinator 3304 .. execute the individual tasks, route the results of each task to the next location, and route the results of the query to the proper destination. That is, as shown in Fig.5B,33-35, data structures having late-binding schema dynamically (See, instant application’s disclosures in ¶0148, “late/dynamic binding”) modify data structures by adding new fields, deleting fields, dynamic creation of tables, dynamic creation of partition  or modifying field extraction rules so that data packets are routed to proper destination through the modified sequence of network tools (Fig. 5B,8A-15, Fig.30-35).Also, user input to dynamic modification to data structure is also taken as also disclosed in ¶0023/¶0334 along with Fig. 7A-8B).

    PNG
    media_image2.png
    512
    940
    media_image2.png
    Greyscale


Yet, Bhattacharjee does not explicitly teach receiving input that specifies a modification to the sequence of network tools; 
However, in the analogous art, Muddu discloses receiving input that specifies a modification to the sequence of network tools (Fig.1-6,35-36,39-51 & ¶0439 -  The GUI module also receives user inputs and modifies the display data based on those inputs to provide an interactive display); 

    PNG
    media_image3.png
    514
    777
    media_image3.png
    Greyscale

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to combine Bhattacharjee’s invention of facilitating searching and analyzing large sets of data to locate data of interest to include Muddu’s invention of security platform employing various techniques and mechanisms in detecting  security related anomalies and threats in a computer network environment, because the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.  (Abstract, Muddu)

Re. claim 2,  Bhattacharjee  and Muddu teach claim 1.
Bhattacharjee also teaches wherein each network tool included in the sequence of network tools provides a different service. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 &¶0228 - masking a portion of an event..¶0294 - indexer can perform a targeted search or sampling of the events that satisfy the filter criteria..¶0299 - replicate search results..¶0451 - search service provider 216 can include providing data isolation across different searches based on role /access control). That is, different network services (e.g., masking, sampling, access control) are provided as disclosed in the aforesaid section, similar to instant application as mentioned in ¶0134. ¶0681 - query coordinator 3304 can generate a logical directed acyclic graph (DAG) based on the query. ¶0682 - DAG 2000 can correspond to a topological ordering of search phases, or layers, performed by the nodes 3306. As such, a sequence of the vertices can represent a sequence of search phases such that each edge is directed from earlier to later in the sequence of search phases. That is, topological sequence of nodes can be generated based on logical directed acyclic graph (DAG) as disclosed in the aforesaid section, similar to instant application as mentioned in ¶0098).

Re. claim 3,  Bhattacharjee  and Muddu teach claim 1.
Bhattacharjee also teaches further comprising: identifying a map that is implemented by a network visibility appliance to which each network tool in the sequence of network tools is communicatively connected (Fig. 9-15  & ¶0362 - selection graphical user interface 1000 that displays available data objects 1001 for the selected data object model 902. The user may select one of the displayed data model objects 1002 for use in driving the report generation process.¶0367 - The reporting application allows the user to select a visualization of the statistics in a graph (e.g., bar chart, scatter plot, area chart, line chart, pie chart, radial gauge, marker gauge, filler gauge, etc.), . ) ; and creating a secondary data structure for the map by populating the secondary data structure with an entry for each rule associated with the map, and associating each entry with an action that specifies how data packets that satisfy the corresponding rule should be handled. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 & ¶0344 - a query coordinator or node can request events from the indexers or other dataset source, apply extraction rules. ¶0621 -  query coordinator 3304 can determine the amount of resources available for a query, allocate resources for the query, determine how the query is to be broken up between dataset sources, generate commands for the dataset sources to execute. ¶0681 - query coordinator 3304 can generate a logical directed acyclic graph (DAG) based on the query. ¶0682 - DAG 2000 can correspond to a topological ordering of search phases, or layers, performed by the nodes 3306. As such, a sequence of the vertices can represent a sequence of search phases such that each edge is directed from earlier to later in the sequence of search phases .¶0685 - the intake and collect vertices 3508, 3510 can correspond to data search phases performed by one or more partitions or processors 3406 on data received from a second dataset source. .. the intake phase 3508 can correspond to one or more partitions that receive data from the second dataset source ..¶0692 - the query coordinator 3304 can generate instructions on how to access a particular dataset source, .. .. relevant fields or keywords that are to be identified in the data, what to do with the identified field. ¶0726 - The query coordinator 3304 can maintain a mapping between generated unique identifiers and datasets, partitions. Fig. 33 / Fig. 41 &¶0800  - system 3301 can process and execute query on any two or more dataset sources, and that the system 3301 can generate subqueries or instructions for the dataset sources or allocate partitions for the dataset sources based on information about the dataset sources. ¶0801 - the system 3301 can generate a subquery for the indexers (4106), allocate partitions for the second dataset (4108), and allocate partitions to combine partial results from the indexers and second dataset (4110) concurrently, or in any order.)


Re. claim 4,  Bhattacharjee  and Muddu teach claim 3.
Bhattacharjee also teaches wherein the map is one of a plurality of maps implemented by the network visibility appliance, and wherein a separate secondary data - 37 -Attorney Docket No. 118026-8062.USO2 PATENT structure is created for each map of the plurality of maps so as to create a plurality of secondary data structures. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 &. ¶0045 - FIG. 33 is a system diagram illustrating an environment for ingesting and indexing data, and performing queries on one or more datasets from one or more dataset sources; ¶0190 - detecting timestamps in the data, parsing data, indexing data, routing data based on criteria relating to the data being routed, and/or performing other data transformations. ¶0681 - query coordinator 3304 can generate a logical directed acyclic graph (DAG) based on the query. ¶0682 - DAG 2000 can correspond to a topological ordering of search phases, or layers, performed by the nodes 3306. As such, a sequence of the vertices can represent a sequence of search phases such that each edge is directed from earlier to later in the sequence of search phases. ¶0685 - the intake and collect vertices 3508, 3510 can correspond to data search phases performed by one or more partitions or processors 3406 on data received from a second dataset source. .. the intake phase 3508 can correspond to one or more partitions that receive data from the second dataset source ..)

Re. claim 5,  Bhattacharjee  and Muddu teach claim 3.
Bhattacharjee also teaches further comprising: routing the traffic through the modified sequence of network tools based on the data structure and the secondary data structure (¶0334 - a user may be able to dynamically create custom fields by highlighting portions of a sample event that should be extracted as fields using a graphical user interface. That is, as shown in Fig.7A-8B, User are enabled by using graphical interface in order to dynamically create/modify custom fields which are dynamically linked to different datasets. Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 33-37 & Abstract - a query coordinator can dynamically allocate partitions operating on worker nodes to retrieve data for processing, .. communicate the data to the dataset sources. .. the query coordinator can dynamically allocate partitions based on an identification of the dataset destination. ¶0167 - the user can continue to refine the late-binding schema by adding new fields, deleting fields, or modifying the field extraction rules. ¶0242 - data store 501 that includes a directory for each index (or partition) that contains a portion of data managed by an indexer. ¶0311 - the set of result data can be in the form of a dynamically created table. ¶0698 - .. allocate partitions from the same node 3306 to different tasks so that data routed between the partitions to reduce network traffic between nodes 3306 or machines 3402. ¶0780 - The query coordinator 3304 .. execute the individual tasks, route the results of each task to the next location, and route the results of the query to the proper destination. That is, as shown in Fig.5B,33-35, data structures having late-binding schema dynamically (See, instant application’s disclosures in ¶0148, “late/dynamic binding”) modify data structures by adding new fields, deleting fields, dynamic creation of tables, dynamic creation of partition  or modifying field extraction rules so that data packets are routed to proper destination through the modified sequence of network tools (Fig. 5B,8A-15, Fig.30-35).
Re. claim 6,  Bhattacharjee  and Muddu teach claim 5.
Bhattacharjee further teaches wherein the data structure is used to initially routing all incoming data packets received at an ingress port of the network visibility appliance to a tunnel endpoint, an application endpoint, or the map.( Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49  & ¶0220 -  A forwarder initially may receive the data as a raw data stream generated by the input source. ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields. ¶0235 - At blocks 514 and 516, an indexer can optionally generate a keyword index to facilitate fast keyword searching for events. ¶0237 -At block 518, the indexer stores the events with an associated timestamp in a data store 208. ¶0622 - the worker nodes 3306 can intake data from the various dataset sources, process the data according to the query, collect results from the processing, combine results from various operations, route the results to various destinations. ¶0672- the system 3301 can interact with an external data source 3318 to identify the endpoint that will handle any subqueries and its location. The endpoint and endpoint location may change depending on the subquery that is to be run on the external data source.¶0574 -client device can run a dedicated application that grants a user access to the data intake and query system).

Re. claim 7,  Bhattacharjee  and Muddu teach claim 1.
Bhattacharjee also teaches further comprising: constructing a graph to visually represent the network visibility appliance by creating a node for each network tool in the sequence of network tools, and creating a connection between a pair of nodes for each traffic flow between a pair of network tools in the sequence of network tools; and transmitting the graph to a computing device for display to a user who is able to specify the modification to the sequence of network tools by modifying the graph. (¶0028 - FIG. 17C is a tree diagram of an example a proactive monitoring tree. Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49  & ¶0367 - The reporting application allows the user to create graphical visualizations of the statistics generated for a report. Fig.17A-C & ¶0424 - The virtual machine monitoring application additionally provides various visualizations to facilitate detecting and diagnosing the root cause of performance problems. … one such visualization is a "proactive monitoring tree" that enables a user to easily view and understand relationships among various factors that affect the performance of a hierarchically structured computing system. This proactive monitoring tree enables a user to easily navigate the hierarchy by selectively expanding nodes representing various entities (e.g., virtual centers or computing clusters) to view performance information for lower-level nodes associated with lower-level entities (e.g., virtual machines or host systems). …wherein nodes 1733 and 1734 are selectively expanded. Note that nodes 1731-1739 can be displayed using different patterns or colors to represent different performance states, such as a critical state, a warning state, a normal state or an unknown/offline state. The ease of navigation provided by selective expansion in combination with the associated performance-state information enables a user to quickly diagnose the root cause of a performance problem).

    PNG
    media_image4.png
    754
    642
    media_image4.png
    Greyscale

Re. claim 8,  Bhattacharjee  and Muddu teach claim 1.
Bhattacharjee also teaches wherein the data structure further includes entries for another sequence of network tools that is representative of another service chain such that the network visibility appliance is able to route traffic through a plurality of service chains (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 & ¶0170 - various data repositories ..for storing data structures utilized and manipulated by the various components. ¶0172 - Host devices 106 may broadly include any number of computers, virtual machine instances ….A collection of host devices 106 may be configured to implement a network-based service. .. a provider of a network-based service may configure one or more host devices 106 and host applications 114 … to collectively implement the network-based application. ¶0173 - The communication between a client device 102 and a host application 114 may, be based on the Hypertext Transfer Protocol (HTTP) or any other network protocol. ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields. … the metadata fields may include separate fields specifying each of a host, a source, and a source type related to the data block. A host field may contain a value identifying a host name or IP address of a device that generated the data…. A source type field may contain a value specifying a particular source type label for the data).

Re. claim 9,  Bhattacharjee  and Muddu teach claim 8.
Bhattacharjee also teaches wherein each service chain of the plurality of service chains is associated with a different traffic protocol, origination source, destination source, data packet type, data packet header content, or data packet payload content. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 & ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields. These metadata fields may, ..provide information related to the data block as a whole and may apply to each event that is subsequently derived from the data in the data block. the metadata fields may include separate fields specifying each of a host, a source, and a source type related to the data block. A host field may contain a value identifying a host name or IP address of a device that generated the data…. A source field may contain a value identifying a source of the data, such as a pathname of a file or a protocol and port related to received network data. A source type field may contain a value specifying a particular source type label for the data. ¶0250 - field-value pair entries for the fields host, source, sourcetype can be included in the inverted indexes 507A . . . 507B, and 509A . . . 509B as a default. As such, all of the inverted indexes 507A . . . 507B, and 509A . . . 509B can include field-value pair entries for the fields host, source, sourcetype)

Re. claim 10,  Bhattacharjee teaches a network visibility appliance (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49) comprising: an ingress port through which to receive a traffic flow (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49, (Fig. 50 , 80) &  ¶0221 - A source field may contain a .. port related to received network data); an egress port through which to route the traffic flow away from the network visibility appliance (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49, (Fig. 50 , 80)  & ¶0774 -  query coordinator 3304 to … send data to a dataset destination. ¶0808 - The query coordinator .. send (or have nodes send) a subquery for each set to the external data source); and a processor (Fig. 50 ,74) configured to: receive information indicative to the processor of how to guide the traffic flow through a service chain (Fig.1A-B, 2 & ¶0172 - Host devices 106 may broadly include any number of computers, virtual machine instances ….A collection of host devices 106 may be configured to implement a network-based service. .. a provider of a network-based service may configure one or more host devices 106 and host applications 114 … to collectively implement the network-based application. ¶0174 - a host device 106 comprising a router may generate one or more router logs that record information related to network traffic managed by the router. ... ¶0177 .. monitoring component 112 comprises a software component or other logic that facilitates generating performance data related to a client device's operating state, including monitoring network traffic sent and received from the client device and collecting other device and/or application-specific information), wherein the service chain represents a sequence of network objects that provide network services (See Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49); populate a data structure with respective entries for the ingress port, the egress port (Fig. 50 (80), Fig.33-35 & ¶0697 - the query coordinator 3304 can generate task instructions for the nodes 3306 to interact with the dataset sources such that the dataset sources receive any task instructions from the nodes 3306 as opposed to the query coordinator 3304. ..., the query coordinator 3304 can assign one or more nodes 3306 to communicate task instructions to the external data sources 3318, indexers 206, or query acceleration data store 3308. ¶0726 - The query coordinator 3304 can maintain a mapping between generated unique identifiers and datasets, partitions.. that are associated with information stored by the query acceleration data store 3308), and each network object in the sequence of network objects; include, in each entry in the data structure, a routing instruction that specifies where data packets received at the corresponding network object should be next routed (Fig.33-35 & ¶0623 - if the query also includes a request for datasets that are not in the query acceleration data store 3308, the worker nodes 3306 can begin working on the dataset obtained from the query acceleration data store 3308, while also obtaining the other dataset(s) from the other dataset source(s). In this way, a client device 414a-404n can rapidly receive a response to a provided query, while the worker nodes 3306 obtain datasets from the other dataset sources. Fig.33-35 & ¶0682 - DAG 2000 can correspond to a topological ordering of search phases, or layers, performed by the nodes 3306. As such, a sequence of the vertices can represent a sequence of search phases such that each edge is directed from earlier to later in the sequence of search phases. Fig.33-35 & ¶0684 - Each vertex 3502, 3504, 3506, 3508, 3510, 3512, 3514 can correspond to a search phase performed by one or more partitions or processors 3406 of one or more nodes 3306 on a particular set of data.  Fig.33-35 & ¶0726 - The query coordinator 3304 may optionally provide a unique identifier to the requesting client, such that a user of the requesting client can re-use the unique identifier. … the user's client can present a list of all such identifiers along with respective queries that are associated with the identifier. The user can select an identifier, and generate a new query that is based on an associated query. That is, as shown in fig. 33-35, data stores having indexers in reference to a list of client devices receives responses to a new query (BRI: routing instruction for next routing) by corresponding network tools (8A-15, Fig.30-34). ¶0780 - The query coordinator 3304 .. execute the individual tasks, route the results of each task to the next location, and route the results of the query to the proper destination.); route the traffic flow from the ingress port to the egress port through the sequence of network objects using the data structure (Fig.33-35 , (Fig. 50 , 80) & ¶0680 - query coordinator 3304 can generate …instructions to route all results from the indexers 206 to the nodes 3306.¶0681 - the query coordinator 3304 can generate a logical directed acyclic graph (DAG) based on the query); and dynamically modify, based on the input, the data structure so that the traffic flow is routed through the modified sequence of network objects (¶0023 - FIG. 8B is an interface diagram of an example user interface for a data summary dialog that enables a user to select various data sources. ¶0334 - a user may be able to dynamically create custom fields by highlighting portions of a sample event that should be extracted as fields using a graphical user interface. That is, as shown in Fig.7A-8B, User are enabled by using graphical interface in order to dynamically create/modify custom fields which are dynamically linked to different datasets. Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 33-37 & Abstract - a query coordinator can dynamically allocate partitions operating on worker nodes to retrieve data for processing, .. communicate the data to the dataset sources. .. the query coordinator can dynamically allocate partitions based on an identification of the dataset destination. ¶0167 - the user can continue to refine the late-binding schema by adding new fields, deleting fields, or modifying the field extraction rules.  ¶0311 - the set of result data can be in the form of a dynamically created table. ¶0698 - .. allocate partitions from the same node 3306 to different tasks so that data routed between the partitions to reduce network traffic between nodes 3306 or machines 3402. ¶0780 - The query coordinator 3304 .. execute the individual tasks, route the results of each task to the next location, and route the results of the query to the proper destination. That is, as shown in fig. Fig.5B,33-35, data structures having late-binding schema dynamically (See, instant application’s disclosures in ¶0148, “late/dynamic binding”)modify data structures by adding new fields, deleting fields, dynamic creation of tables, dynamic creation of partition  or modifying field extraction rules so that data packets are routed to proper destination through the modified sequence of network tools (Fig. 5B,8A-15, Fig.30-35)). 

    PNG
    media_image2.png
    512
    940
    media_image2.png
    Greyscale

Yet, Bhattacharjee does not expressly teach receive input specifying a modification to the sequence of network objects that is provided through an interface that includes a graphical representation of the service chain in which each of the sequence of network objects is shown as a separate node, wherein the modification corresponds to an alteration of a node in the graphical representation;
However, in the analogous art, Muddu explicitly discloses receive input specifying a modification to the sequence of network objects that is provided through an interface that includes a graphical representation of the service chain in which each of the sequence of network objects is shown as a separate node, wherein the modification corresponds to an alteration of a node in the graphical representation (Fig.1-6,35-36,39-51 & ¶0439 -  The GUI module also receives user inputs and modifies the display data based on those inputs to provide an interactive display. ¶0440 -    GUI, graphs, timelines, maps, charts, lists and other visualization features are generated to illustrate trends, recent activity, and relationships between different data. The GUI can provide views that are automatically configured via default settings, or the GUI can enable a user to customize a view, .. to filter out data points that are less critical, distracting, or unnecessary, to zoom in and out, or re-format the view …To easily navigate between different views, and to better understand the relationships between different data associated with a security-related threat or anomaly, the GUI can include links in the data to generate different views that provide additional detail about information of interest. ¶0312 - The topology-based assignments maintain a directed acyclical graph ( DAG) structure that allows for dynamic execution of model-specific process threads and management of the input data dependencies of these model-specific process threads.¶0512 - "Threats Table" view 4500 in FIG. 45A, upon selection, generates the display of a geographical representation of the identified threats…by selecting the globe icon 5010, the GUI generates a "Threats Geo Map" 5020, as shown in FIG. 50B.);

    PNG
    media_image5.png
    536
    1487
    media_image5.png
    Greyscale

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to combine Bhattacharjee’s invention of facilitating searching and analyzing large sets of data to locate data of interest to include Muddu’s invention of security platform employing various techniques and mechanisms in detecting  security related anomalies and threats in a computer network environment, because the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.  (Abstract, Muddu)

Re. claim 11,  Bhattacharjee  and Muddu teach claim 10.
Bhattacharjee also teaches  further comprising: an egress port through which to route the traffic toward a destination. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49, (Fig. 50 , 80)  & ¶0774 -  query coordinator 3304 to … send data to a dataset destination. ¶0808 - The query coordinator .. send (or have nodes send) a subquery for each set to the external data source. Fig.33-35 , (Fig. 50 , 80) & ¶0680 - query coordinator 3304 can generate …instructions to route all results from the indexers 206 to the nodes 3306.¶0681 - the query coordinator 3304 can generate a logical directed acyclic graph (DAG) based on the query).



Re. claim 12,  Bhattacharjee  and Muddu teach claim 11.
Bhattacharjee  further teaches wherein the destination is a cloud computing platform from which the traffic originates. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49  & ¶0172 - a system 100 includes .. virtual machine instances . monitoring component 112 comprises a software component or other logic that facilitates generating performance data related to a client device's operating state, including monitoring network traffic sent and received from the client device and collecting other device and/or application-specific information. ¶0420 - One such application is a virtual machine monitoring application, such as SPLUNK.RTM. APP FOR VMWARE.RTM. that provides operational visibility into granular performance metrics.¶0555- FIG. 27 is a cloud-based system diagram illustrating a cloud deployment of a DFS system.¶0556 - a cloud computing platform can share processing resources and data in a multi-tenant network).

Re. claim 13,  Bhattacharjee  and Muddu teach claim 11.
Bhattacharjee further teaches wherein the ingress port is a raw endpoint, a tunnel endpoint, or an application endpoint (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49  (Fig. 50 , 80)  & ¶0220 -  A forwarder initially may receive the data as a raw data stream generated by the input source. ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields…. source field may contain a .. port related to received network data . ¶0235 - At blocks 514 and 516, an indexer can optionally generate a keyword index to facilitate fast keyword searching for events. ¶0237 -At block 518, the indexer stores the events with an associated timestamp in a data store 208. ¶0622 - the worker nodes 3306 can intake data from the various dataset sources, process the data according to the query, collect results from the processing, combine results from various operations, route the results to various destinations. ¶0672- the system 3301 can interact with an external data source 3318 to identify the endpoint that will handle any subqueries and its location. The endpoint and endpoint location may change depending on the subquery that is to be run on the external data source.¶0574- client device can run a dedicated application that grants a user access to the data intake and query system.), and wherein the egress port is a tunnel endpoint or an application endpoint (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49, (Fig. 50 , 80)  & ¶0774 -  query coordinator 3304 to … send data to a dataset destination. ¶0808 - The query coordinator .. send (or have nodes send) a subquery for each set to the external data source. ¶0672- the system 3301 can interact with an external data source 3318 to identify the endpoint that will handle any subqueries and its location. The endpoint and endpoint location may change depending on the subquery that is to be run on the external data source.¶0574-client device can run a dedicated application that grants a user access to the data intake and query system).

Re. claim 14,  Bhattacharjee  and Muddu teach claim 10.
Bhattacharjee further teaches wherein the sequence of network objects includes at least one of a tunnel endpoint, an application endpoint, or a map (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49, (Fig. 50 , 80)  & ¶0524 - a worker node may collect partial search results including data having data structures specified by the search query. .. the worker node may query an external data source for partial search results based on specific keywords included in a reporting search query, and collect the partial search results. The worker node may also collect partial search results from indexers, which were returned in response to application of the reporting search query by the search head to the indexers. The partial search results may be communicated from each data source to the worker nodes. ¶0672- the system 3301 can interact with an external data source 3318 to identify the endpoint).



Re. claim 16,  Bhattacharjee  and Muddu teach claim 10. (see objection – minor issue)
Bhattacharjee also teaches  further comprising: a data store that includes (i) the data structure and (ii) a plurality of service chain arrangements, wherein each service chain arrangement of the plurality of service chain arrangements is associated with a particular traffic characteristic. (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49 & ¶0170 - various data repositories ..for storing data structures utilized and manipulated by the various components. ¶0172 - Host devices 106 may broadly include any number of computers, virtual machine instances ….A collection of host devices 106 may be configured to implement a network-based service. .. a provider of a network-based service may configure one or more host devices 106 and host applications 114 … to collectively implement the network-based application. ¶0173 - The communication between a client device 102 and a host application 114 may, be based on the Hypertext Transfer Protocol (HTTP) or any other network protocol. ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields. … the metadata fields may include separate fields specifying each of a host, a source, and a source type related to the data block. A host field may contain a value identifying a host name or IP address of a device that generated the data…. A source type field may contain a value specifying a particular source type label for the data).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee, in view of Muddu,  further in view of Alkhatib et al. (2011/0310899), Alkhatib hereinafter.

Re. claim 15,  Bhattacharjee  and Muddu teach claim 14.
Bhattacharjee further teaches an environment outside of the network visibility appliance (¶0139 - new search capabilities, visualization tools, and other services that are seamlessly integrated into the DFS system. … new search services performed on internal data stores, external data stores,¶0142 - The environment 10 includes distributed external data systems 12-1 and 12-2 .. The external data systems 12 are communicatively coupled (e.g., via a LAN, WAN, etc.)), - 39 -Attorney Docket No. 118026-8062.USO2 PATENT each application endpoint, if any, receives data packets from, or sends data packets to, an application program (Fig.1A – 4,5B, 6B,7A,8A-15, Fig. 18-49  (Fig. 50 , 80)  & ¶0220 -  A forwarder initially may receive the data as a raw data stream generated by the input source. ¶0221 - At block 504, a forwarder or other system component annotates each block generated from the raw data with one or more metadata fields…. source field may contain a .. port related to received network data. ..¶0574-client device can run a dedicated application that grants a user access to the data intake and query system. ¶0774 -  query coordinator 3304 to … send data to a dataset destination. ¶0808 - The query coordinator .. send (or have nodes send) a subquery for each set to the external data source. ¶0672- the system 3301 can interact with an external data source 3318 to identify the endpoint that will handle any subqueries and its location. The endpoint and endpoint location may change depending on the subquery that is to be run on the external data source.¶0574-client device can run a dedicated application that grants a user access to the data intake and query system)), and each map, if any, includes a rule for managing data packets (ig.1A – 4,5B, 6B,7A,8A-15, Fig. 33-37 &¶0167 - user can continue to refine the late-binding schema by adding new fields, deleting fields, or modifying the field extraction rules.  ¶0311 - the set of result data can be in the form of a dynamically created table. ¶0726-The query coordinator 3304 can maintain a mapping between generated unique identifiers and datasets, partitions, and so on, that are associated with information stored by the query acceleration data store 3308).
Yet, Bhattacharjee  and Muddu do not explicitly teach wherein each tunnel endpoint, if any, receives data packets from, or sends data packets to,
However, in the same field of endeavor, Alkhatib discloses wherein each tunnel endpoint, if any, receives data packets from, or sends data packets to (Fig.2-3 & ¶0039 - the endpoints 201, 202, and 230 communicate externally through a physical network topology to resources of a remote network (e.g., resource 375 of the enterprise private network 325 of FIG. 3). Fig.2-3 & ¶0042 - The fabric controller 232 may also build up and take down network pathways and tunnels to connect the endpoints 201, 202, and 230. ¶0049 - a routing decision might determine to apply a highly-protective transformation action to data packets that employs secure tunnels linking endpoints spanning remote data centers ).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to combine Bhattacharjee’s invention of facilitating searching and analyzing large sets of data to locate data of interest and Muddu’s invention of security platform employing various techniques and mechanisms in detecting  security related anomalies and threats in a computer network environment to include Alkhatib’s invention of distributing virtualized gateway functionality to multiple nodes within a physical network, because it enhances transmission of data packets by utilizing optimal network pathways, in turn, reducing network congestion by distributing gateway functionalities. (abstract, ¶0003, Alkhatib)

Allowable Subject Matter

Claims 17-20 are allowed.
Claim 17 is allowed because of the limitation, “receiving first input indicative of a selection of a map that includes a rule for filtering data packets from amongst a plurality of maps that were not bound to network objects during construction of the plurality of maps “, in combination with all other limitations of the independent claim 17;
Claim 18-20 depends on claim 17.





Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 Shcherbakov et al. (2019/0245950); See ¶0010-¶0012, ¶0052, ¶0135-¶0140,¶0159-¶0160 claim 3-4, 13-14 along with Fig. 1-19.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED SHAMSUL CHOWDHURY whose telephone number is (571)272-0485.  The examiner can normally be reached on Monday-Thursday 9 AM- 6 PM EST (Friday Var.).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hassan Phillips can be reached on 571-272-3940.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MOHAMMED S CHOWDHURY/Examiner, Art Unit 2467