DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1, 4-9 are pending.  Claims 2-3 are cancelled.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1, 5-6, 9 is/are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Strom et al (PGPUB 2017/0006055).

Regarding Claim 1:
Strom teaches a control apparatus with automated test suites comprising (abstract, network attack simulation method; paragraph 67, simulation server module installed on host computer; client modules installed on additional host computers): 
capability information storage that stores therein a plurality of capabilities defining actions indicating attack methods (paragraph 99, action storage module stores actions that comprise known cyber attack techniques used by adversaries to operate within a production enterprise network); and 
at least one hardware processor coupled to a memory and configured to function as (paragraph 10, server includes memory and processor): 
an analyzer that parses at least one of network structure information of a system under test and vulnerability information of the system under test to extract the actions from the capabilities (paragraph 88-89, server node detects all client computers connected to the network; at start-up of attack simulation, server communicates with one or more client nodes to gather information such as node location; paragraph 121, the execution of an attack simulation may be preceded by an initialization process whereby the server determined the configuration of the network, including the host computers on the network; according to some embodiments, the configuration is determined by communications between the server and the client computers; in this way, the detection of the configuration of the network is automatic and does not require an operator to define a configuration; paragraph 119, server instructs first computer to execute standard information gathering actions to generate information about processes and services being run on the target computer, the versions for these processes and services; based on this information the server determines which of these services is vulnerable in order to use the vulnerability; paragraph 120, once the server has identified a potential vulnerability, the server can instruct the client computer to send an exploit targeting the vulnerability to the target computer; paragraph 98, selection module 202 selects one or more actions for one or more client computers to execute during a simulated cyber attack; selection module 202 can make the selection based on a simulation goal and/or on data received from client computers during the simulation); 
an organizer that generates an attack path through which an achieved state of an attack goal is reached by combining the actions extracted by the analyzer (paragraph 98, selection module 202 selects one or more actions for one or more client computers to execute during a simulated cyber attack; selection module 202 can make the selection based on a simulation goal and/or on data received from client computers during the simulation; paragraph 41, a computer network attack simulation server method comprises generating an attack simulation path, wherein the attack simulation path comprises a plurality of actions for operating on one or more computers of a plurality of computers, and in response to receiving an update from the one or more computers of the plurality of computers after execution of one or more actions of the plurality of actions, updating the attack simulation path based, at least in part, on the received update); and 
an executor that executes the actions included in the attack path (paragraph 144, based on this determined path or chain of actions, the attack simulation server can transmit instructions to one or more host computers to execute one or more actions),
wherein
each of the actions is defined by being associated with a pre-condition and a post-condition (paragraph 144, logic engine determines chain of actions that can be executed by hosts to get from current state to goal state; logic engine determines that to get from current state <P,Q,S> to goal state <T,U>, the following actions should be performed in the following order: act1->act3->act2->act3; paragraph 147, actions represented as set of preconditions and set of postconditions),
the pre-condition includes one or more conditions for executing the action normally (paragraph 150, in the above example, the action executable lateral(X, A) means execute the lateral movement to computer X using account A; this action can be successfully executed if the following preconditions are met: the adversary knows its credentials for account A; the adversary has a foothold on computer Y; the adversary knows computers X and Y are connected; the adversary knows account A can remotely log into computer X; the adversary is escalated on computer Y; and the adversary does not have a foothold on computer X),
the post-condition includes one or more conditions that are satisfied when the action is normally executed (paragraph 144, each time the host computer executes an act, the host computer sends back to the attack server the results of the act; the logic engine may then update its internal model and check whether the predicted postconditions of the executed act are true; if so, the logic engine may select the next act from the chain of actions; if the postconditions of the act are not as predicted, the logic engine may update its internal model accordingly and develop a new chain of actions to get from the updated state to the goal state),
the analyzer extracts the action satisfying the pre-condition from the capabilities (paragraph 128, simulation language can describe the specific actions that may be executed by nodes (e.g., client computers) in a network, the preconditions for the actions, the results of the actions, and the relationship among the actions (e.g., the ordering of actions)),
the organizer generates the attack path based on the pre-condition and the post-condition (paragraph 151, Fig. 13 illustrates relationships between states, actions that can be executed based on the states, and how the actions modify the states; connecting arrows and boxes are three types of lines which indicate the states that are preconditions for actions and those that are postconditions for actions; paragraph 153, the logic engine can use the relationships graphically illustrated in FIG. 13 to chain together actions to move from a current state to a goal state),
the capabilities include a base capability and a derived capability (paragraph 144, once current state and goal state are formulated, logic engine determines chain of actions to get from current state to goal state (i.e. base capability); each time host computer executes act, host computer sends back to attack server results of act; logic engine updates internal model and checks whether predicted postconditions of the executed act are true; if not, logic engine develops new chain of actions to get from updated state to goal state (i.e. derived capability)),
the pre-condition, the action, and the post-condition included in the base capability are inherited by the derived capability (paragraph 144, updated state, goal state, and prior actions are used to update the model and develop new chain of actions), and
the derived capability describes the pre-condition, the action, and the post-condition that are added to or overwrite contents inherited from the base capability (EXAMINER’S NOTE: Examiner interprets the claimed “capability” as a set of pre-conditions, actions, and post-conditions; this corresponds to a set of pre-conditions, chain of actions, and post-conditions as per Strom (e.g. paragraph 138-144); paragraph 144, current state, goal state, and chain of actions, i.e. “base capability”; each time the host computer executes an act, the host computer sends back to the attack server the results of the attack; logic engine updates its internal model and may develop a new chain of actions, i.e. “derived capability”; paragraph 42, in any of these embodiments, updating the attack simulation path based, at least in part, on the received update may include changing an action in the plurality of actions from a first action to a second action, different from the first action, i.e. “overwrite contents inherited from the base capability”; paragraph 99, actions may be based on the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) model and framework developed by The MITRE Corporation, which describes the actions an adversary may take while operating within an enterprise network; paragraph 127-128, selection process may also utilize one or more attack graphs that describe a series of actions an adversary may take for a given computing platform; simulation language can describe the specific actions that may be executed by nodes (e.g., client computers) in a network, the preconditions for the actions, the results of the actions, and the relationship among the actions (e.g., the ordering of actions)).

Regarding Claim 5:
Strom teaches the control apparatus with automated test suites according to claim 1.  In addition, Strom teaches wherein the organizer comprises: 
an attack path generator that determines a plurality of attack paths, given an initial set of conditions and a final goal condition (paragraph 135, logic engine can take as inputs the network state, host state, and adversary knowledge, and output one or more possible paths of movement through a network in the form of chains of adversary actions that can be performed during an attack simulation in a forward chaining fashion; paragraph 143, for the logic engine to select from among various actions that may be available to the logic engine, the logic engine may encode a goal for the simulated attack of the target network; the goal may be encoded by the logic engine as a state of the network that the attack simulation system would like to reach), and 
an attack path selector that selects, when a plurality of attack paths are generated, an attack path with a high priority from the plurality of attack paths (paragraph 135, some embodiments can prioritize one or more paths based on an adversary profile; for example, where the logic engine generates a path that includes a chain of actions that an adversary is known to take, that path can be prioritized over other paths during a simulated attack).

Regarding Claim 6:
Strom teaches the control apparatus with automated test suites according to claim 5.  In addition, Strom teaches wherein the organizer further comprises: 
an attack step iterator that selects, as an attack step, an action included in the attack path selected by the attack path selector in order (paragraph 144, the server can successively send instructions to a host to execute act 1, act3, act2, and then act3 again; in some embodiments, each time the host computer executes an act, the host computer sends back to the attack server the results of the act; the logic engine may then update its internal model and check whether the predicted postconditions of the executed act are true; if so, the logic engine may select the next act from the chain of actions), and 
an attack step information updater that sets a priority of an attack path including an action corresponding to an attack step for which execution fails to be lower than a priority of an attack path not including the action corresponding to the attack step for which the execution fails (paragraph 144, the server can successively send instructions to a host to execute act 1, act3, act2, and then act3 again; in some embodiments, each time the host computer executes an act, the host computer sends back to the attack server the results of the act; the logic engine may then update its internal model and check whether the predicted postconditions of the executed act are true; if the postconditions of the act are not as predicted, the logic engine may update its internal model accordingly and develop a new chain of actions to get from the updated state to the goal state; this can be seen as setting higher priority to a new chain of actions over the attack path which resulted in failure).

Regarding Claim 9:
Strom teaches a computer program product comprising a non-transitory computer-readable medium containing a program executed by a computer storing a plurality of capabilities defining actions indicating attack methods, the program causing the computer to function as (abstract, network attack simulation method; paragraph 67, simulation server module installed on host computer; client modules installed on additional host computers; paragraph 10, server includes memory and processor; one or more programs stored in memory and executed by processor): 
an analyzer that parses at least one of network structure information of a system under test and vulnerability information of the system under test to extract the actions from the capabilities (paragraph 88-89, server node detects all client computers connected to the network; at start-up of attack simulation, server communicates with one or more client nodes to gather information such as node location; paragraph 121, the execution of an attack simulation may be preceded by an initialization process whereby the server determined the configuration of the network, including the host computers on the network; according to some embodiments, the configuration is determined by communications between the server and the client computers; in this way, the detection of the configuration of the network is automatic and does not require an operator to define a configuration; paragraph 119, server instructs first computer to execute standard information gathering actions to generate information about processes and services being run on the target computer, the versions for these processes and services; based on this information the server determines which of these services is vulnerable in order to use the vulnerability; paragraph 120, once the server has identified a potential vulnerability, the server can instruct the client computer to send an exploit targeting the vulnerability to the target computer; paragraph 98, selection module 202 selects one or more actions for one or more client computers to execute during a simulated cyber attack; selection module 202 can make the selection based on a simulation goal and/or on data received from client computers during the simulation); 
an organizer that generates an attack path through which an achieved state of an attack goal is reached by combining the actions extracted by the analyzer (paragraph 98, selection module 202 selects one or more actions for one or more client computers to execute during a simulated cyber attack; selection module 202 can make the selection based on a simulation goal and/or on data received from client computers during the simulation; paragraph 41, a computer network attack simulation server method comprises generating an attack simulation path, wherein the attack simulation path comprises a plurality of actions for operating on one or more computers of a plurality of computers, and in response to receiving an update from the one or more computers of the plurality of computers after execution of one or more actions of the plurality of actions, updating the attack simulation path based, at least in part, on the received update); and 
an executor that executes the actions included in the attack path (paragraph 144, based on this determined path or chain of actions, the attack simulation server can transmit instructions to one or more host computers to execute one or more actions).
wherein
each of the actions is defined by being associated with a pre-condition and a post-condition (paragraph 144, logic engine determines chain of actions that can be executed by hosts to get from current state to goal state; logic engine determines that to get from current state <P,Q,S> to goal state <T,U>, the following actions should be performed in the following order: act1->act3->act2->act3; paragraph 147, actions represented as set of preconditions and set of postconditions),
the pre-condition includes one or more conditions for executing the action normally (paragraph 150, in the above example, the action executable lateral(X, A) means execute the lateral movement to computer X using account A; this action can be successfully executed if the following preconditions are met: the adversary knows its credentials for account A; the adversary has a foothold on computer Y; the adversary knows computers X and Y are connected; the adversary knows account A can remotely log into computer X; the adversary is escalated on computer Y; and the adversary does not have a foothold on computer X),
the post-condition includes one or more conditions that are satisfied when the action is normally executed (paragraph 144, each time the host computer executes an act, the host computer sends back to the attack server the results of the act; the logic engine may then update its internal model and check whether the predicted postconditions of the executed act are true; if so, the logic engine may select the next act from the chain of actions; if the postconditions of the act are not as predicted, the logic engine may update its internal model accordingly and develop a new chain of actions to get from the updated state to the goal state),
the analyzer extracts the action satisfying the pre-condition from the capabilities (paragraph 128, simulation language can describe the specific actions that may be executed by nodes (e.g., client computers) in a network, the preconditions for the actions, the results of the actions, and the relationship among the actions (e.g., the ordering of actions)),
the organizer generates the attack path based on the pre-condition and the post-condition (paragraph 151, Fig. 13 illustrates relationships between states, actions that can be executed based on the states, and how the actions modify the states; connecting arrows and boxes are three types of lines which indicate the states that are preconditions for actions and those that are postconditions for actions; paragraph 153, the logic engine can use the relationships graphically illustrated in FIG. 13 to chain together actions to move from a current state to a goal state),
the capabilities include a base capability and a derived capability (paragraph 144, once current state and goal state are formulated, logic engine determines chain of actions to get from current state to goal state (i.e. base capability); each time host computer executes act, host computer sends back to attack server results of act; logic engine updates internal model and checks whether predicted postconditions of the executed act are true; if not, logic engine develops new chain of actions to get from updated state to goal state (i.e. derived capability)),
the pre-condition, the action, and the post-condition included in the base capability are inherited by the derived capability (paragraph 144, updated state, goal state, and prior actions are used to update the model and develop new chain of actions), and
the derived capability describes the pre-condition, the action, and the post-condition that are added to or overwrite contents inherited from the base capability (EXAMINER’S NOTE: Examiner interprets the claimed “capability” as a set of pre-conditions, actions, and post-conditions; this corresponds to a set of pre-conditions, chain of actions, and post-conditions as per Strom (e.g. paragraph 138-144); paragraph 144, current state, goal state, and chain of actions, i.e. “base capability”; each time the host computer executes an act, the host computer sends back to the attack server the results of the attack; logic engine updates its internal model and may develop a new chain of actions, i.e. “derived capability”; paragraph 42, in any of these embodiments, updating the attack simulation path based, at least in part, on the received update may include changing an action in the plurality of actions from a first action to a second action, different from the first action, i.e. “overwrite contents inherited from the base capability”; paragraph 99, actions may be based on the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) model and framework developed by The MITRE Corporation, which describes the actions an adversary may take while operating within an enterprise network; paragraph 127-128, selection process may also utilize one or more attack graphs that describe a series of actions an adversary may take for a given computing platform; simulation language can describe the specific actions that may be executed by nodes (e.g., client computers) in a network, the preconditions for the actions, the results of the actions, and the relationship among the actions (e.g., the ordering of actions)).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Strom, and further in view of Deardorff et al (PGPUB 2020/0145446).

Regarding Claim 4:
Strom teaches the control apparatus with automated test suites according to claim 1.  In addition, Strom teaches wherein the analyzer comprises:
a capability obtainer that extracts a capability including the action satisfying the pre-condition from the capabilities (paragraph 128, simulation language can describe the specific actions that may be executed by nodes (e.g., client computers) in a network, the preconditions for the actions, the results of the actions, and the relationship among the actions (e.g., the ordering of actions); paragraph 142, given the three above defined actions, the logic engine could select act1 for a host computer to execute, since the preconditions for act1 (P and Q) are both currently true based on the current state <P,Q,S>).
Strom does not explicitly teach a capability parameter obtainer that obtains a value to be set to a parameter included in the capability extracted by the capability parameter obtainer from at least one of the network structure information and the vulnerability information and sets the value to the parameter.
However, Deardorff teaches the concept of a capability parameter obtainer that obtains a value to be set to a parameter included in the capability extracted by the capability parameter obtainer from at least one of the network structure information and the vulnerability information and sets the value to the parameter (abstract, method to facilitate best path determination for penetration testing; paragraph 54, penetration testing server utilizes catalog of known vulnerabilities and exploits; paragraph 42, once vulnerabilities are identified, the most promising of the identified vulnerabilities that expose the highest level of privileged access would be targeted for exploitation to gain access into the (target) internal network; best path manager 125 can learn from this manual process and can replicate the process with programmatic steps and phases, analyzing the risk and reward of taking (or not taking) further action (e.g., one or more next steps or hops) at each step (or hop); paragraph 45, penetration testing server 305 performs a scan action to determine a topology of a network environment and stores the topology of the network environment that includes metadata associated with one or more nodes operating in the network environment; paragraph 46, generating the next action path includes adjusting (or modifying) the penetration parameter, the detection parameter, and/or the time parameter based on the metadata and the designation of the action path (e.g., the previous designation)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the parameter update based on network structure and vulnerability information teachings of Deardorff with the automated test suite teachings of Strom, in order to increase the overall accuracy and efficiency of the penetration testing system by incorporating up-to-date information regarding the network topology and exploitable vulnerabilities, thereby testing the most severe weaknesses of the system and allowing an administrator/programmer to determine the highest priority threats to a security environment, for possible remediation.

Regarding Claim 7:
Strom teaches the control apparatus with automated test suites according to claim 1.  In addition, Strom teaches wherein the organizer comprises: 
a reconnaissancer that executes reconnaissance by acquiring at least one of the network structure information and the vulnerability information (paragraph 121, the execution of an attack simulation may be preceded by an initialization process whereby the server determined the configuration of the network, including the host computers on the network; according to some embodiments, the configuration is determined by communications between the server and the client computers; in this way, the detection of the configuration of the network is automatic and does not require an operator to define a configuration; paragraph 119, server instructs first computer to execute standard information gathering actions to generate information about processes and services being run on the target computer, the versions for these processes and services; based on this information the server determines which of these services is vulnerable in order to use the vulnerability).
Strom does not explicitly teach a reconnaissance information updater that updates a parameter included in any of the capabilities based on at least one of the network structure information and the vulnerability information acquired by the reconnaissance.
However, Deardorff teaches the concept of a reconnaissance information updater that updates a parameter included in any of capabilities based on at least one of a network structure information and vulnerability information acquired by reconnaissance (abstract, method to facilitate best path determination for penetration testing; paragraph 54, penetration testing server utilizes catalog of known vulnerabilities and exploits; paragraph 42, once vulnerabilities are identified, the most promising of the identified vulnerabilities that expose the highest level of privileged access would be targeted for exploitation to gain access into the (target) internal network; best path manager 125 can learn from this manual process and can replicate the process with programmatic steps and phases, analyzing the risk and reward of taking (or not taking) further action (e.g., one or more next steps or hops) at each step (or hop); paragraph 45, penetration testing server 305 performs a scan action to determine a topology of a network environment and stores the topology of the network environment that includes metadata associated with one or more nodes operating in the network environment; paragraph 46, generating the next action path includes adjusting (or modifying) the penetration parameter, the detection parameter, and/or the time parameter based on the metadata and the designation of the action path (e.g., the previous designation)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the parameter update based on network structure and vulnerability information teachings of Deardorff with the automated test suite teachings of Strom, in order to increase the overall accuracy and efficiency of the penetration testing system by incorporating up-to-date information regarding the network topology and exploitable vulnerabilities, thereby testing the most severe weaknesses of the system and allowing an administrator/programmer to determine the highest priority threats to a security environment, for possible remediation.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Strom, and further in view of Picard (PGPUB 2021/0029154).

Regarding Claim 8:
Strom teaches the control apparatus with automated test suites according to claim 1.  In addition, Strom teaches wherein the organizer comprises a report creator that generates a report including success or failure of the executed action, and an attack path including the executed action (paragraph 186, graphical user interface showing circles representing network nodes, with the size of the circle being proportional to the number of attack paths that passed through or depended on the node; arrows between nodes indicate access routes; according to some embodiments, a user may select an arrow to display details about the actions that led to access of one node from another; adversaries menu provides a list of executed simulations). 
Strom does not explicitly teach the report including a security countermeasure plan based on an execution result of the action.
However, Picard teaches the concept of a report including a security countermeasure plan based on an execution result of an action (abstract, system and method for network security testing of target computer networks; paragraph 41-42, after execution, any data generated by the module's execution is added to the data hive and may be used for later iterations of the prediction process outlined above; data added to the data hive can change the hive state and, in doing so, may allow for other attacks and/or exploits to be available to the system. Of course, any successful penetrations of the target system can be included in a suitable report to the client; such a report would include the vulnerabilities, the methods used to gain access to those vulnerabilities, and an indication as to how such vulnerabilities can be exploited to gain further unauthorized access to the target system; depending on the tests executed as well as the configuration of the system, the report may include a vulnerability analysis report, a remediation plan based on vulnerabilities detected in the target system, a penetration test report, an application test report, and a social engineering test report (i.e., whether and how spoofing/phishing attacks were successful/unsuccessful), as well as remediation plans based on any of the above tests; it is preferable that the report include statistical data and graphs to visualize the number of vulnerabilities discovered (the vulnerabilities being organized by their risk rating), the vulnerabilities themselves, the methods used to gain access to those vulnerabilities, an indication as to how such vulnerabilities can be exploited to gain further unauthorized access to the target system, and a mitigation plan for such vulnerabilities).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the remediation plan teachings of Picard with the automated test suite teachings of Strom, in order to provide instructions for administrators or system maintainers to use the results of penetration testing to address discovered vulnerabilities in the system proactively, thereby preventing future attacks and improving the overall security environment.

Response to Arguments
Applicant's arguments filed 8/24/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 102:
Regarding Applicant’s arguments, page 8 paragraph 3-page 9 paragraph 3, the Examiner responds: The Examiner disagrees.  Claim 1 defines “capabilities” as defining actions indicating attack methods, wherein each action is defined by being associated with a pre-condition and a post-condition.  Strom clearly discloses at least the capabilities as defined (e.g. paragraph 138-144, actions encoded with preconditions and postconditions; logic engine determines chain of actions, i.e. “capabilities”).  Therefore, each chain of actions, comprising preconditions and postconditions, can be seen as one or more capabilities as claimed.  Claim 1 goes on to recite a “base capability” and a “derived capability”.  The only distinguishing feature of the “base capability” is that it serves as a source of information for the “derived capability”: 
the capabilities include a base capability and a derived capability,
the pre-condition, the action, and the post-condition included in the base capability are inherited by the derived capability, and
the derived capability describes the pre-condition, the action, and the post-condition that are added to or overwrite contents inherited from the base capability.
	Strom teaches that the logic engine determines a first chain of actions (paragraph 144).  As the chain of actions is executed, results are obtained and used to update the chain of actions (paragraph 144).  Strom further discloses that updating the attack simulation path (i.e. chain of actions) includes changing an action in the plurality of actions from a first action to a second action, different from the first action (paragraph 42).  Therefore, an original chain of actions as determined by the logic engine of Strom can be seen as a “base capability”, the updated chain of actions can be seen as a “derived capability”, and the derived capability comprises the actions of the base capability with at least one action overwritten by the logic engine.  Strom therefore anticipates claim 1 as amended.
	Applicant’s arguments with regard to independent claim 9 are similar to those regarding claim 1 and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491