DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Claim Objections
Claims 1, 11, and 14 are objected to because of the following informalities:  
Claims 1, 11, and 14 contain the following: “one or more argument”.  This should be “one or more arguments”.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-6, 8, 10-15, 17-18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh et al (PGPUB 2020/0404007), and further in view of Pickhardt (PGPUB 2021/0012021).

Regarding Claim 1: 
Singh teaches a method, comprising: 
receiving input data for an operating system command of an automation process (paragraph 213, operating system (OS) command injection is an exploitation technique in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application; paragraph 215, process includes receiving an executable code); 
generating the operating system command based on the received input data, including by determining one or more argument of the operating system command using the received input data (paragraph 220-221, input code is analyzed to determine statements, predicates, OS events, and system calls; dynamic call graph captures control and data flow when code is executed; paragraph 207, arguments of the function can be extracted and normalized; paragraph 262, arguments passed to the stored procedures are extracted; tokens are created from the extracted arguments of the stored procedure); 
parsing the generated operating system command to identify one or more metrics (paragraph 216, execution model is generated of expected execution of received command; paragraph 43, models include abstract syntax tree, program dependency graph, and/or SQL parse tree (i.e. “execution trees”); paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised); and 
automatically evaluating the identified one or more metrics to determine a security risk associated with the generated operating system command (paragraph 328-329, in case of positive verification, alert for injection exploitation can be raised; paragraph 346-353, system generates indicator of compromise; anomaly score assigned to every critical incident detected in system).
Singh does not explicitly teach wherein the identified one or more metrics include a number count of the one or more arguments determined using the received input data; and
automatically evaluating, including by determining whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition.
However, Pickhardt teaches the concept wherein identified one or more metrics include a number count of one or more arguments determined using received input data (abstract, function call includes argument payload which is evaluate for safety and security; paragraph 25, an interposed function may send information to the Security Service 110 about an interposed function; interposition code may send information for event tracking about interposed function calls, such as the argument payload and the number of arguments of the original function call; the Security Service 110 may then use this information to determine patterns of suspicious activities by an event type; additionally, the Machine Learning Module 118, discussed below, may learn that certain events are unsafe to be performed, and identify the type of event as unsafe or insecure); and
automatically evaluating, including by determining whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition (paragraph 70, the system 100 may determine the safety or security to perform a received function call by comparing the number of parameters of the argument payload to a threshold acceptable number of parameters for an argument payload; the system 100 may determine that the received function call is not safe or secure to be performed based at least in part on determining that the number of parameters of the argument payload exceeds the acceptable number of parameters for an argument payload; paragraph 62, the security checks can be implemented using machine learning models of the Security Service 110, or can based on a combination of the preceding security checks; the system 100 when using a machine learning model can train the machine learning model on ground truth data about which function calls were malicious and should have been stopped, versus which function calls were safe to be performed; the system 100 then can learn which function calls to stop based on the function characteristics).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the threshold number of arguments teachings of Pickhardt with the security risk determination system of Singh, in order to increase the accuracy of a security risk determination by incorporating metrics based on additional characteristics of a command or function call, such as whether the number of arguments of the call exceeds a certain threshold determined based on known good/bad samples of previous function calls, thereby improving security, detecting possible malware attacks, and reducing false positives.

Regarding Claim 2:
Singh in view of Pickhardt teaches the method of claim 1.  In addition, Singh teaches wherein determining the security risk includes determining whether to allow execution of the generated operating system command (paragraph 159, if the exploit detection framework classifies the anomaly as malicious by using any of the algorithms mentioned above, the agent can stop the thread, or if the exploit detection framework will classify the anomaly as benign the agent can allow the execution of query).

Regarding Claim 4:
Singh in view of Pickhardt teaches the method of claim 1.  In addition, Singh teaches the method, further comprising: 
comparing the generated operating system command with one or more approved operating system commands (paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised). 

Regarding Claim 5:
Singh in view of Pickhardt teaches the method of claim 1.  In addition, Singh teaches wherein automatically evaluating the identified one or more metrics includes comparing the identified one or more metrics with one or more historical reference metrics (paragraph 141, combining all the possible stack traces of an application can be stored in the connection and application execution database as a comparison data set for later reference in detection; paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised).

Regarding Claim 6:
Singh in view of Pickhardt teaches the method of claim 5.  In addition, Singh teaches the method further comprising: 
approving the generated operating system command (paragraph 159, If the exploit detection framework classifies the anomaly as malicious by using any of the algorithms mentioned above, the agent can stop the thread, or if the exploit detection framework will classify the anomaly as benign the agent can allow the execution of query); and 
updating a behavior definitions dataset using the approved generated operating system command in association with the identified one or more metrics (paragraph 143, once a mismatched stack trace is analyzed to be a legitimate call sequence of the software, this new sample can be added to existing set of unique stack traces, so that future encounter of the same stack trace will not be considered as mis-matched; this procedure can be used in cases where part of the application software is being upgraded, such as loading a new version of dynamic linked library, for the training set to migrate as well without re-learning the application from scratch).

Regarding Claim 8:
Singh in view of Pickhardt teaches the method of claim 1.  In addition, Singh teaches wherein parsing the generated operating system command to identify the one or more metrics includes creating an abstract syntax tree representing the generated operating system command (paragraph 216, execution model is generated of expected execution of received command; paragraph 43, models include abstract syntax tree, program dependency graph, and/or SQL parse tree).

Regarding Claim 10:
Singh in view of Pickhardt teaches the method of claim 1.  In addition, Singh teaches wherein the one or more arguments include user specified data included in the received input data and the operating system command is automatically generated to include the one or more arguments (paragraph 266-270, the following process is performed: 1. The functions which execute SQL injection exploits are instrumented; 2. Once the function triggers for the first time, through the stack it is validated if the function can get arguments from the functions which accept user inputs such as GET, POST, Lambda functions; 3. If yes, the arguments from the function which accepts the user input are extracted and the second algorithm discussed above is used to validate if these user inputs contains any injected SQL injection exploit; 4. If the input is found to be benign, the SQL query which is going to be executed is marked as benign if the input the malicious, the SQL query which is going to be executed is marked as malicious). 

Regarding Claim 11:
Singh teaches a method, comprising: 
receiving input data for one or more operating system commands of an automation script (paragraph 213, operating system (OS) command injection is an exploitation technique in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application; paragraph 215, process includes receiving an executable code); 
generating the one or more operating system commands based on the received input data, including by determining one or more argument of the operating system command using the received input data (paragraph 220-221, input code is analyzed to determine statements, predicates, OS events, and system calls; dynamic call graph captures control and data flow when code is executed; paragraph 207, arguments of the function can be extracted and normalized; paragraph 262, arguments passed to the stored procedures are extracted; tokens are created from the extracted arguments of the stored procedure); 
parsing the automation script to create an execution tree, wherein the execution tree includes the one or more generated operating system commands (paragraph 216, execution model is generated of expected execution of received command; paragraph 43, models include abstract syntax tree, program dependency graph, and/or SQL parse tree (i.e. “execution trees”)); 
for each of the one or more generated operating system commands:
identifying one or more metrics for each of the one or more generated operating system commands (paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised); and 
automatically evaluating the identified one or more metrics to determine a security risk associated with the automation script (paragraph 328-329, in case of positive verification, alert for injection exploitation can be raised; paragraph 346-353, system generates indicator of compromise; anomaly score assigned to every critical incident detected in system); and 
identifying the security risk associated with the automation script (paragraph 348-353, ultimate aggregated risk score for an entity provided by function of entity involved incidents and total incidents).
Singh does not explicitly teach wherein the identified one or more metrics include a number count of the one or more arguments determined using the received input data; and
automatically evaluating, including by determining whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition.
However, Pickhardt teaches the concept wherein identified one or more metrics include a number count of one or more arguments determined using received input data (abstract, function call includes argument payload which is evaluate for safety and security; paragraph 25, an interposed function may send information to the Security Service 110 about an interposed function; interposition code may send information for event tracking about interposed function calls, such as the argument payload and the number of arguments of the original function call; the Security Service 110 may then use this information to determine patterns of suspicious activities by an event type; additionally, the Machine Learning Module 118, discussed below, may learn that certain events are unsafe to be performed, and identify the type of event as unsafe or insecure); and
automatically evaluating, including by determining whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition (paragraph 70, the system 100 may determine the safety or security to perform a received function call by comparing the number of parameters of the argument payload to a threshold acceptable number of parameters for an argument payload; the system 100 may determine that the received function call is not safe or secure to be performed based at least in part on determining that the number of parameters of the argument payload exceeds the acceptable number of parameters for an argument payload; paragraph 62, the security checks can be implemented using machine learning models of the Security Service 110, or can based on a combination of the preceding security checks; the system 100 when using a machine learning model can train the machine learning model on ground truth data about which function calls were malicious and should have been stopped, versus which function calls were safe to be performed; the system 100 then can learn which function calls to stop based on the function characteristics).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the threshold number of arguments teachings of Pickhardt with the security risk determination system of Singh, in order to increase the accuracy of a security risk determination by incorporating metrics based on additional characteristics of a command or function call, such as whether the number of arguments of the call exceeds a certain threshold determined based on known good/bad samples of previous function calls, thereby improving security, detecting possible malware attacks, and reducing false positives.

Regarding Claim 12:
Singh in view of Pickhardt teaches the method of claim 11.  In addition, Singh teaches the method, further comprising: 
generating a security notification (paragraph 328, in case of a positive verification, an alert for injection exploitation can be raised); and 
quarantining the automation script (paragraph 44, threat detection and response system responds to detected threats by performing enforcement against application execution events, e.g. automated quarantining).

Regarding Claim 13: 
Singh in view of Pickhardt teaches the method of claim 11.  In addition, Singh teaches the method, further comprising: 
blocking an IP address, disabling an account, blocking an email address, or invalidating a session associated with a client requesting an execution of the automation script (paragraph 160, once the exploit detection algorithm has determined that the web application has a vulnerability, the following remedial actions are taken: the IP address of the client is extracted and is blocked).

Regarding Claim 14: 
Singh teaches a system, comprising: 
one or more processors (paragraph 55, processor); and 
a memory coupled to the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to (paragraph 55, memory including software): 
generate operating system command based on received input data, including by determining one or more argument of the operating system command using the received input data (paragraph 213, operating system (OS) command injection is an exploitation technique in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application; paragraph 215, process includes receiving an executable code; paragraph 220-221, input code is analyzed to determine statements, predicates, OS events, and system calls; dynamic call graph captures control and data flow when code is executed; paragraph 207, arguments of the function can be extracted and normalized; paragraph 262, arguments passed to the stored procedures are extracted; tokens are created from the extracted arguments of the stored procedure); 
parse the generated operating system command to identify one or more metrics (paragraph 216, execution model is generated of expected execution of received command; paragraph 43, models include abstract syntax tree, program dependency graph, and/or SQL parse tree (i.e. “execution trees”); paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised); and 
automatically evaluate the identified one or more metrics to determine a security risk associated with the generated operating system command (paragraph 328-329, in case of positive verification, alert for injection exploitation can be raised; paragraph 346-353, system generates indicator of compromise; anomaly score assigned to every critical incident detected in system).
Singh does not explicitly teach wherein the identified one or more metrics include a number count of the one or more arguments determined using the received input data; and
automatically evaluating, including by causing the one or more processors to determine whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition.
However, Pickhardt teaches the concept wherein identified one or more metrics include a number count of one or more arguments determined using received input data (abstract, function call includes argument payload which is evaluate for safety and security; paragraph 25, an interposed function may send information to the Security Service 110 about an interposed function; interposition code may send information for event tracking about interposed function calls, such as the argument payload and the number of arguments of the original function call; the Security Service 110 may then use this information to determine patterns of suspicious activities by an event type; additionally, the Machine Learning Module 118, discussed below, may learn that certain events are unsafe to be performed, and identify the type of event as unsafe or insecure); and
automatically evaluating, including by causing one or more processors to determine whether the number count of the one or more arguments deviates from a comparison number of arguments specified in a dynamically updated behavior definition (paragraph 70, the system 100 may determine the safety or security to perform a received function call by comparing the number of parameters of the argument payload to a threshold acceptable number of parameters for an argument payload; the system 100 may determine that the received function call is not safe or secure to be performed based at least in part on determining that the number of parameters of the argument payload exceeds the acceptable number of parameters for an argument payload; paragraph 62, the security checks can be implemented using machine learning models of the Security Service 110, or can based on a combination of the preceding security checks; the system 100 when using a machine learning model can train the machine learning model on ground truth data about which function calls were malicious and should have been stopped, versus which function calls were safe to be performed; the system 100 then can learn which function calls to stop based on the function characteristics).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the threshold number of arguments teachings of Pickhardt with the security risk determination system of Singh, in order to increase the accuracy of a security risk determination by incorporating metrics based on additional characteristics of a command or function call, such as whether the number of arguments of the call exceeds a certain threshold determined based on known good/bad samples of previous function calls, thereby improving security, detecting possible malware attacks, and reducing false positives.

Regarding Claim 15: 
Singh in view of Pickhardt teaches the system of claim 14.  In addition, Singh teaches wherein determining the security risk includes determining whether to allow execution of the generated operating system command (paragraph 159, if the exploit detection framework classifies the anomaly as malicious by using any of the algorithms mentioned above, the agent can stop the thread, or if the exploit detection framework will classify the anomaly as benign the agent can allow the execution of query). 

Regarding Claim 17: 
Singh in view of Pickhardt teaches the system of claim 14.  In addition, Singh teaches wherein automatically evaluating the identified one or more metrics includes comparing the identified one or more metrics with one or more historical reference metrics (paragraph 141, combining all the possible stack traces of an application can be stored in the connection and application execution database as a comparison data set for later reference in detection; paragraph 328-329, computation of changes to original code due to injection-based exploits; deviation from original code (e.g. addition) identified by changes in abstract syntax tree, program dependency graph, and/or SQL parse tree; in case of positive verification, alert for injection exploitation can be raised).

Regarding Claim 18: 
Singh in view of Pickhardt teaches the system of claim 14.  In addition, Singh teaches wherein parsing the generated operating system command to identify the one or more metrics includes creating an abstract syntax tree representing the generated operating system command (paragraph 216, execution model is generated of expected execution of received command; paragraph 43, models include abstract syntax tree, program dependency graph, and/or SQL parse tree). 

Regarding Claim 20: 
Singh in view of Pickhardt teaches the system of claim 14.  In addition, Singh teaches wherein the one or more arguments include user specified data included in the received input data and the operating system command is automatically generated to include the one or more arguments (paragraph 266-270, the following process is performed: 1. The functions which execute SQL injection exploits are instrumented; 2. Once the function triggers for the first time, through the stack it is validated if the function can get arguments from the functions which accept user inputs such as GET, POST, Lambda functions; 3. If yes, the arguments from the function which accepts the user input are extracted and the second algorithm discussed above is used to validate if these user inputs contains any injected SQL injection exploit; 4. If the input is found to be benign, the SQL query which is going to be executed is marked as benign if the input the malicious, the SQL query which is going to be executed is marked as malicious).

Claims 3, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh in view of Pickhardt, and further in view of Yang (US 9,479,526).

Regarding Claim 3:
Singh in view of Pickhardt teaches the method of claim 2.
Neither Singh nor Pickhardt explicitly teaches the method, further comprising: 
forwarding the generated operating system command for execution on a remote client.
However, Yang teaches the concept of forwarding a generated operating system command for execution on a remote client (abstract, security appliance monitors runtime behavior to determine whether client requests are legitimate or illegitimate; security appliance outputs determination and forwards client requests deemed legitimate; col 7 line 3-14, Fig. 2, request forwarded to remote web services).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the remote command forwarding teachings of Yang with the security risk determination system of Singh in view of Pickhardt, in order to provide hardware isolation between the security apparatus and vulnerable target services, thereby ensuring that a command could be fully evaluated to determine whether an attack was occurring without allowing the possibility of the vulnerable system interacting in some way with the command, as well as to provide a separate security system which could fulfill the necessary security functions without requiring the upgrade or modification of one or more protected systems.

Regarding Claim 16: 
Singh in view of Pickhardt teaches the system of claim 14.
Neither Singh nor Pickhardt explicitly teaches wherein the memory is further configured to provide the one or more processors with additional instructions which when executed cause the one or more processors to: 
forward the generated operating system command for execution on a remote client.
However, Yang teaches the concept wherein a memory is further configured to provide one or more processors with additional instructions which when executed cause the one or more processors to (paragraph 139, processor and memory storing instructions): 
forward a generated operating system command for execution on a remote client (abstract, security appliance monitors runtime behavior to determine whether client requests are legitimate or illegitimate; security appliance outputs determination and forwards client requests deemed legitimate; col 7 line 3-14, Fig. 2, request forwarded to remote web services).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the remote command forwarding teachings of Yang with the security risk determination system of Singh in view of Pickhardt, in order to provide hardware isolation between the security apparatus and vulnerable target services, thereby ensuring that a command could be fully evaluated to determine whether an attack was occurring without allowing the possibility of the vulnerable system interacting in some way with the command, as well as to provide a separate security system which could fulfill the necessary security functions without requiring the upgrade or modification of one or more protected systems.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh in view of Pickhardt, and further in view of Kyromytis et al (PGPUB 2010/0153785).

Regarding Claim 7:
Singh in view of Pickhardt teaches the method of claim 5.
Neither Singh nor Pickhardt explicitly teaches wherein a reference metric of the one or more historical reference metrics is expired after the reference metric exceeds an aging threshold.
However, Keromytis teaches the concept wherein a reference metric of one or more historical reference metrics is expired after the reference metric exceeds an aging threshold (abstract, systems for detecting an anomalous sequence of function calls; paragraph 46, a first approach to solving (or at least reducing the effects of) the "concept drift" issue involves the use of "incremental learning algorithms," which are algorithms that piecemeal update their models with new data, and that may also "expire" parts of the computed model created by older data; this piecemeal incremental approach is intended to result in continuous updating using relatively small amounts of data seen by the learning system).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the model expiration teachings of Keromytis with the security risk determination system of Singh in view of Pickhardt, in order to solve or reduce the effects of “concept drift”, thereby correcting models which no longer accurately reflect the application characteristics of monitored software, and reducing false positives/negatives.

Claims 9, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh in view of Pickhardt, and further in view of Vinod et al (PGPUB 2021/0158147).

Regarding Claim 9:
Singh in view of Pickhardt teaches the method of claim 1.
Neither Singh nor Pickhardt explicitly teaches wherein the identified one or more metrics include a number of predicted spawned processes by the generated operating system command.
However, Vinod teaches the concept wherein identified one or more metrics include a number of predicted spawned processes by a generated operating system command (abstract, approach to determining optimal training approach for learning model including identifying one or more model characteristics; paragraph 13, model prediction table contains data including predicted number of spawned CPU processes).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine with the security risk determination system of Singh in view of Pickhardt, in order to use an increased number of metrics or characteristics to determine a learned behavior model, thus improving the accuracy of any determination of vulnerability or maliciousness of code executed by a device by using the improved model as a frame of reference.

Regarding Claim 19: 
Singh in view of Pickhardt teaches the system of claim 14.
Neither Singh nor Pickhardt explicitly teaches wherein the identified one or more metrics include a number of predicted spawned processes by the generated operating system command.
However, Vinod teaches the concept wherein identified one or more metrics include a number of predicted spawned processes by a generated operating system command (abstract, approach to determining optimal training approach for learning model including identifying one or more model characteristics; paragraph 13, model prediction table contains data including predicted number of spawned CPU processes).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine with the security risk determination system of Singh in view of Pickhardt, in order to use an increased number of metrics or characteristics to determine a learned behavior model, thus improving the accuracy of any determination of vulnerability or maliciousness of code executed by a device by using the improved model as a frame of reference.

Response to Arguments
Applicant's arguments filed 7/14/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 102 and/or 103:
Applicant’s arguments consist of the mere assertion that the references do not teach the newly amended subject matter.  However, a new ground(s) for rejection is provided above which does teach this additional amended subject matter.
Applicant makes no further arguments.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         
/Kevin Bechtel/Primary Examiner, Art Unit 2491