DETAILED ACTION
This Action is in consideration of the Applicant’s response on November 10, 2022.  Claims 1, 11 – 19, and 21 are amended by the Applicant.  Claims 1 – 21, where Claims 1, 11, and 21 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
	The objection to the abstract is withdrawn due to the amendments.
Claim Rejections - 35 USC § 112
	The claim interpretation of Claims 11 – 20 to include means for functional language and invoking 112(f) limitations have been reconsidered in light of the amendments.  The claims are no longer interpreted under 112(f) and, therefore, the 112(b) rejection is withdrawn.
Response to Arguments
	Applicant’s arguments filed November 10, 2022 have been fully considered but they are not persuasive.  Applicant argued:
a)	Regarding Claim 1, Brinskelle does not disclose or suggest of “sending to the client device, by the computing system of the VPNAP, a reply to the request, with the surrogate certificate.”
b)	Regarding Claim 1, Brinskelle does not disclose or suggest of “controlling, by the computing system of the VPNAP, communications between the client device and the server according to the surrogate certificate.”
c)	Regarding Claim 1, Brinskelle does not disclose or suggest of “the computing system uses the surrogate certificate to impersonate a website or app provided by the server.”
The Office respectfully disagrees with Applicant’s assertions.
1.	With regards to a), Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
	The Applicant appears to opine that the security agent credentials are not analogous to the claimed surrogate certificate that is sent to the client device as a reply to the intercepted request [See Remarks, Pg. 11, 2nd Para.].
	Brinskelle discloses that the security agent acting as a MITM makes use of certificates that look like or mimic a destination [Col. 33, lines 8-15; Col. 34, lines 38-43].  Because the security agent can man-in-the-middle SSL traffic between the client and destination, the security agent can manipulate or control data communicated between them [See Brinskelle, Col. 33, lines 16-23].  Brinskelle discloses of finishing the SSL handshake with the client application by mimicking the server in an SSL handshake initiated by the client application [Fig. 9; Col. 36, lines 28-47].  Therefore, Brinskelle discloses the claimed limitation of “sending to the client device, by the computing system of the VPNAP, a reply to the request, with the surrogate certificate” as claimed.
2.	With regards to b), Brinskelle discloses that the security agent acting as a MITM makes use of certificates that look like or mimic a destination [Col. 33, lines 8-15; Col. 34, lines 38-43].  Because the security agent can man-in-the-middle SSL traffic between the client and destination, the security agent can manipulate or control data communicated between them [See Brinskelle, Col. 33, lines 16-23].  Brinskelle discloses of finishing the SSL handshake with the client application by mimicking the server in an SSL handshake initiated by the client application [Fig. 9; Col. 36, lines 28-47].  Therefore, Brinskelle discloses the claimed limitation of “controlling, by the computing system of the VPNAP, communications between the client device and the server according to the surrogate certificate” as claimed.
3.	With regards to c), Brinskelle discloses that the security agent acting as a MITM makes use of certificates that look like or mimic a destination [Col. 33, lines 8-15; Col. 34, lines 38-43].  Because the security agent can man-in-the-middle SSL traffic between the client and destination, the security agent can manipulate or control data communicated between them [See Brinskelle, Col. 33, lines 16-23].  Brinskelle discloses of finishing the SSL handshake with the client application by mimicking the server in an SSL handshake initiated by the client application [Fig. 9; Col. 36, lines 28-47].  Brinskelle further discloses that the destination can by an application server or a website hosted by the application server [Fig. 1; Col. 5, lines 48-49; Col. 6, lines 35-39].  Therefore, Brinskelle discloses the claimed limitation of “wherein the computing system uses the surrogate certificate to impersonate a website or app provided by the server.”
Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Brinskelle (U.S. Patent No. 8856869 B1), hereinafter Brinskelle.
4.	Regarding claim 1, Brinskelle  discloses A method (Col. 37, lines 4-9, FIG. 10 is an illustration of an embodiment of a method in an online web browsing environment where the security agent implemented as a web proxy is able to process encrypted data between the client application and destination server after the two separate SSL/TLS handshakes of FIG. 9 have been performed), comprising: 
Intercepting, by a computing system of a virtual private network application platform (VPNAP) (Fig. 9, security agent,  Col. 51, lines 50-53, Another example, a security agent operates on a peer within a peer-to-peer network. Another example, a security agent operates within a VPN server to protect clients connecting to the VPN.), a request to change a transmission control protocol (TCP) connection to a secure sockets layer or transport layer security (SSL/TLS) connection between a client device and an application or website server (Col. 36, lines 29-31, The security agent receives (i.e. intercepting) the request for SSL handshaking 960 and proceeds to initiate a separate SSL handshaking with the destination server 960.), subsequent to the TCP connection being established between the client device and the server (Col. 36, lines 20-25, The security agent receives this HTTP CONNECT and proceeds to establish a connection to the server 910. The server accepts the connection 920 at which point the security agent responds to the client application with an HTTP connection established message 930); 
establishing, by the computing system of the VPNAP, an SSL/TLS connection with the server between the computing system and the server according to the request (Col. 36, lines 31-34,  The destination server receives the SSL handshaking and communicates the various messages with the security agent 970 (see FIG. 8 for details on SSL handshaking messages) (i.e. establishing));
validating, by the computing system of the VPNAP, an original digital certificate sent from the server after the SSL/TLS connection between the computing system and the server has been established (Col. 36, lines 56-62, In some embodiments, a security agent may use the certificate obtained from the server application and/or the certificate contents to identify the server as further discussed herein, e.g., with reference to the other figures. The certificate, certificate contents, or a derivation of the certificate such as subjectKeyIdentifier, public key, hash, fingerprint may be used in this identification); 
generating, by the computing system of the VPNAP, a surrogate digital certificate according to the original certificate (Col. 36, lines 34-38, After the completion of SSL handshaking with the destination server, the security agent extracts the servers certificate 975 and proceeds to create its own certificate (i.e. surrogate digital certificate) possibly using some of the details of the servers certificate 977), wherein the computing system uses the surrogate certificate to impersonate a website or app provided by the server [Fig. 1; Col. 5, lines 48-49; Col. 6, lines 35-39; Col. 33, lines 8-15; Col. 34, lines 38-43]; 
sending to the client device, by the computing system of the VPNAP, a reply to the request, with the surrogate certificate, wherein the reply imitates the server replying to the request of the client device (Col. 36, lines 43-46, After the proxy certificate has been created 977 the security agent finishes the SSL handshaking with the client application using the previously created security agent credentials 980.), and 
wherein the client device comprises a pre-installed trusted certificate authority certificate from the VPNAP (Col. 36, lines 38-42, The certificate that the security agent creates may be signed with a trusted root certificate the client application has in its trusted root certificate store which the security agent may have been involved in creating and inserting into the trusted root certificate store); and 
controlling, by the computing system of the VPNAP, communications between the client device and the server according to the surrogate certificate (Col. 36, lines 50-55, The client application and/or user may not be aware that the security agent exists. The client application and/or user may not be aware that the security agent is operating as a transparent man-in-the-middle. The security agent uses at least two separate keys in communicating with client application and destination server.).  
5.	Regarding claim 2, Brinskelle discloses the method of claim 1, 
Brinskelle further disclose comprising establishing, by the computing system, the TCP connection between the client device and the server prior to the interception by the computing system (Col. 36, lines 20-25, The security agent receives this HTTP CONNECT (i.e. TCP connection request) and proceeds to establish a connection to the server 910. The server accepts the connection 920 at which point the security agent responds to the client application with an HTTP connection established message 930.).  

6.	Regarding claim 3, Brinskelle discloses the method of claim 1,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises: 
receiving an encrypted first communication sent from the client device, wherein the encrypted first communication is encrypted according to the surrogate certificate; decrypting the encrypted first communication sent from the client device according to the surrogate certificate (Col. 37, lines 9-12, The client application encrypts a request 1000 and transmits it 1010 which the security agent accesses and decrypts using the session key with the client 1015 (i.e. surrogate certificate)); 
re-encrypting the decrypted first communication according to the original certificate (Col. 37, lines 12-14, the security agent ensures the request to ensure it is proper 1020 before encrypting the request with the session key with the server 1025 (i.e. original certificate)); and 
sending the re-encrypted first communication to the server ( Col. 37, lines 14-15, … and transmits the request to the destination server 1030).  

7.	Regarding claim 4, Brinskelle discloses the method of claim 1,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises: 
receiving an encrypted first communication sent from the client device, wherein the encrypted first communication is encrypted according to the surrogate certificate; decrypting the encrypted first communication sent from the client device according to the surrogate certificate (Col. 37, lines 9-12, The client application encrypts a request 1000 and transmits it 1010 which the security agent accesses and decrypts using the session key with the client 1015 (i.e. surrogate certificate)); 
inspecting the decrypted first communication (Col. 37, lines 12-14, the security agent ensures the request to ensure it is proper 1020 before encrypting the request with the session key); and 
blocking the decrypted first communication from being re-encrypted and sent to the server, according to the inspection (Col. 38, lines 17-25, If at 1020B there are more sensitive data to process then sensitive data meta-data is retrieved (such as from a repository) 1020C and a determination is made whether the request destination is an authorized destination for the sensitive data 1020D. If at 1020D it is determined that the request destination is not an authorized destination for the sensitive data then commensurate action is taken to block the sensitive data 1020F which finishes processing of this request 1020I.).  

8.	Regarding claim 5, Brinskelle discloses the method of claim 3,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises inspecting and validating the decrypted first communication (Col. 37, lines 12-16, the security agent ensures the request to ensure it is proper 1020 (i.e. validating) before encrypting the request with the session key with the server 1025 (i.e. original certificate) and transmits the request to the destination server 1030).  

9.	Regarding claim 6, Brinskelle discloses the method of claim 3,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises modifying the decrypted first communication (Col. 38, lines 33-39, If at 1020E it was determined that all previously accessed content were from authorized triggers for the sensitive data then the sensitive data is authorized to be released 1020G and the acting sensitive data is removed from the message and the original sensitive data is inserted 1020H (i.e. modifying). If there are no more sensitive data left to process 1020B then processing the request is finished 1020I).  

10.	Regarding claim 7, Brinskelle discloses the method of claim 3,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises: 
receiving an encrypted second communication sent from the server, wherein the encrypted second communication is encrypted according to the original certificate (Col. 37, lines 16-20, Upon receiving the request, the server decrypts it using its session key with the security agent 1035 and constructs a response that it encrypts with the session key with the security agent 1040 (i.e. original certificate) and transmits the response 1042); 
decrypting the encrypted second communication sent from the server according to the original certificate (Col. 37, lines 20-21, The security agent receives and decrypts the response using the session key with the server 1045 (i.e. original certificate)); 
re-encrypting the decrypted second communication according to the surrogate certificate; and sending the re-encrypted second communication to the client device (Col. 37, lines 22-24, …ensures the response is proper 1050 and encrypts the response with the client session key 1060 (i.e. surrogate certificate) before transmitting it to the client 1070).  

11.	Regarding claim 8, Brinskelle discloses the method of claim 3,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises:
 receiving an encrypted second communication sent from the server, wherein the encrypted second communication is encrypted according to the original certificate (Col. 37, lines 16-20, Upon receiving the request, the server decrypts it using its session key with the security agent 1035) and constructs a response that it encrypts with the session key with the security agent 1040 (i.e. original certificate and transmits the response 1042); 
decrypting the encrypted second communication sent from the server according to the original certificate (Col. 37, lines 20-21, The security agent receives and decrypts the response using the session key with the server 1045 (i.e. original certificate)); 
inspecting the decrypted second communication (Col. 38, lines 41-47, The origin identifier is determined (such as for example the origin identifier of the response, or the destination identifier where the corresponding request was transmitted to, or the like) 1050A. Next the response is examined whether it contains any yet unprocessed sensitive data (such as for example HTTP cookies, session cookies, session data, authorization information, or other data)); and 
blocking the decrypted second communication from being re-encrypted and sent to the client device, according to the inspection (Col. 39, lines 1-7, By ensuring sensitive data is only released to authorized destinations, a security agent (such as shown in FIGS. 9 and 10) may help prevent attacks (such as XSS) that attempt to steal HTTP cookies, session cookies, session data, or the like. The security agent may alert a user, block, or otherwise prevent release of the sensitive data to a destination not deemed authorized.).  

12.	Regarding claim 9, Brinskelle discloses the method of claim 7,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises inspecting (Col. 38, lines 41-47) and validating the decrypted second communication (Col. 38, lines 54-56, If at operation 1050B there are no more sensitive data to process then the response is finished 1050G.).  

13.	Regarding claim 10, Brinskelle discloses the method of claim 7,
Brinskelle further disclose wherein the controlling, by the computing system of the VPNAP, the communications between the client device and the server, comprises modifying the decrypted second communication (Col. 38, lines 44-54, Next the response is examined whether it contains any yet unprocessed sensitive data (such as for example HTTP cookies, session cookies, session data, authorization information, or other data) 1050B and if so then the sensitive data is obfuscated 1050C and the origin identifier is added to the authorized destinations and authorized release triggers for the sensitive data 1050E and then the details of the accessed content (such as for example the URL, origin identifier, or other detail) are added to the list of previously accessed content 1050F and then continue to check if any more unprocessed sensitive data still exist 1050B).

14.	Regarding claim 11, Brinskelle  disclose A system of a virtual private network application platform (VPNAP) (Col. 88, lines 30-32, FIG. 22 illustrates an embodiment of a system of multiple security agents deployed in an environment with a SSL virtual private network (VPN).), comprising: 
a virtual private network (VNP) (Col. 88, lines 35-38, Additionally, the client application (such as a web browser) 100-1 may access a company intranet 112 through the network 110 and using a VPN 127 to a VPN gateway server 128), configured to establish a transmission control protocol (TCP) connection between a client device and an application or website server (Par. [0291],The security agent may be a configured web proxy for the client. The client application sends an HTTP CONNECT message 900 to the security agent proxy. The security a3gent receives this HTTP CONNECT and proceeds to establish a connection to the server 910); and 
a computing system (Col. 51, lines 50-53, Another example, a security agent operates on a peer within a peer-to-peer network. Another example, a security agent operates within a VPN server to protect clients connecting to the VPN.), configured to: 
intercept a request to change the TCP connection to a secure sockets layer or transport layer security (SSL/TLS) connection between the client device and the server (Col. 36, lines 29-31, The security agent receives (i.e. intercepting) the request for SSL handshaking 960 and proceeds to initiate a separate SSL handshaking with the destination server 960.); 
establish an SSL/TLS connection with the server according to the request (Col. 36, lines 31-34, The destination server receives the SSL handshaking and communicates the various messages with the security agent 970 (see FIG. 8 for details on SSL handshaking messages).);
validate an original digital certificate sent from the server (Col. 36, lines 56-62, In some embodiments, a security agent may use the certificate obtained from the server application and/or the certificate contents to identify the server as further discussed herein, e.g., with reference to the other figures. The certificate, certificate contents, or a derivation of the certificate such as subjectKeyIdentifier, public key, hash, fingerprint may be used in this identification);
generate a surrogate digital certificate according to the original certificate (Col. 36, lines 34-38, After the completion of SSL handshaking with the destination server, the security agent extracts the servers certificate 975 and proceeds to create its own certificate (i.e. surrogate digital certificate) possibly using some of the details of the servers certificate 977) wherein the computing system uses the surrogate certificate to impersonate a website or app provided by the server [Fig. 1; Col. 5, lines 48-49; Col. 6, lines 35-39; Col. 33, lines 8-15; Col. 34, lines 38-43];
send, to the client device, a reply to the request with the surrogate certificate, wherein the reply imitates the server replying to the request of the client device (Col. 36, lines 43-46, After the proxy certificate has been created 977 the security agent finishes the SSL handshaking with the client application using the previously created security agent credentials 980.), and 
wherein the client device comprises a pre-installed trusted certificate authority certificate from the VPNAP (Col. 36, lines 38-42, The certificate that the security agent creates may be signed with a trusted root certificate the client application has in its trusted root certificate store which the security agent may have been involved in creating and inserting into the trusted root certificate store); and
 control communications between the client device and the server according to the surrogate certificate (Col. 36, lines 50-55, The client application and/or user may not be aware that the security agent exists. The client application and/or user may not be aware that the security agent is operating as a transparent man-in-the-middle. The security agent uses at least two separate keys in communicating with client application and destination server.).  
15.	Regarding claim 20, Brinskelle discloses the method of claim 11,
Brinskelle further discloses further comprising instructions, stored in memory of a computing system (Col. 91, lines 32-44, Also, in various embodiments of the invention, the operations discussed herein, e.g., with reference to FIGS. 1-22, may be implemented as hardware (e.g., logic circuitry), software (including, for example, micro-code that controls the operations of a processor such as the processors discussed herein, firmware, or combinations thereof, which may be provided as a computer program product, e.g., including a tangible machine-readable or computer-readable medium having stored thereon instructions (or software procedures) used to program a computer (e.g., a processor or other logic of a computing device) to perform an operation discussed herein.), comprising: 
a set of operations (Fig. 10A, Fig. 10B ), including functions configured to allow (Fig. 10A, 1020I and Fig. 10B, 1050G), block (Fig. 10A, 1020F), or modify a communication (Fig. 10A; 1020H and Fig. 10B; 1050C, 1050E, 1050F)), wherein the set of operations is grouped into a VPN application (Fig.5, modules 105A-105H) with an associated set of metadata describing the VPN application (Fig. 5, External communications module, HTTP Parsing module etc.…); 
a set of rules configured to determine when to perform the functions (Col. 27, lines 11-16, Another example, a user might switch to a "Safe Browsing" mode at which point a specific set of checks or rules are checked before allowing release of any HTTP cookies (e.g. a request to a domain not present in the HTML of an HTTP response may be treated suspiciously or even blocked altogether).); and 
configuration information describing customizations to the functions, wherein the customizations are configurable on a per-end-user or per-end-user-device basis (Col. 27, lines 17-23, Another example, a user may indicate "Online Banking" mode (i.e. configuration information) which a security agent uses to ensure online communications only with an online bank occur during which the mode is active. Another example, a user specifies a "Social Networking" mode which a security agent uses to limit which HTTP cookies or the type of HTTP cookies that are released during engagement of the mode.).
16.	Regarding claim 21, Brinskelle discloses A non-transitory computer readable medium tangibly encoded with computer- executable instructions, that when executed by a processor associated with a computing device, performs a method comprising (Col. 91, lines 32-44,, Also, in various embodiments of the invention, the operations discussed herein, e.g., with reference to FIGS. 1-22, may be implemented as hardware (e.g., logic circuitry), software (including, for example, micro-code that controls the operations of a processor such as the processors discussed herein, firmware, or combinations thereof, which may be provided as a computer program product, e.g., including a tangible machine-readable or computer-readable medium having stored thereon instructions (or software procedures) used to program a computer (e.g., a processor or other logic of a computing device) to perform an operation discussed herein.): 
Intercepting, by a computing system of a virtual private network application platform (VPNAP) (Fig. 9, security agent, Col. 51, lines 50-53, Another example, a security agent operates on a peer within a peer-to-peer network. Another example, a security agent operates within a VPN server to protect clients connecting to the VPN.), a request to change a transmission control protocol (TCP) connection to a secure sockets layer or transport layer security (SSL/TLS) connection between a client device and an application or website server (Col. 36, lines 29-31, The security agent receives (i.e. intercepting) the request for SSL handshaking 960 and proceeds to initiate a separate SSL handshaking with the destination server 960.), subsequent to the TCP connection being established between the client device and the server (Col. 36, lines 20-25, The security agent receives this HTTP CONNECT and proceeds to establish a connection to the server 910. The server accepts the connection 920 at which point the security agent responds to the client application with an HTTP connection established message 930); 
establishing, by the computing system of the VPNAP, an SSL/TLS connection with the server between the computing system and the server according to the request (Col. 36, lines 31-34, The destination server receives the SSL handshaking and communicates the various messages with the security agent 970 (see FIG. 8 for details on SSL handshaking messages) (i.e. establishing));
validating, by the computing system of the VPNAP, an original digital certificate sent from the server after the SSL/TLS connection between the computing system and the server has been established (Col. 36, lines 56-62, In some embodiments, a security agent may use the certificate obtained from the server application and/or the certificate contents to identify the server as further discussed herein, e.g., with reference to the other figures. The certificate, certificate contents, or a derivation of the certificate such as subjectKeyIdentifier, public key, hash, fingerprint may be used in this identification); 
generating, by the computing system of the VPNAP, a surrogate digital certificate according to the original certificate (Col. 36, lines 34-38, After the completion of SSL handshaking with the destination server, the security agent extracts the servers certificate 975 and proceeds to create its own certificate (i.e. surrogate digital certificate) possibly using some of the details of the servers certificate 977) wherein the computing system uses the surrogate certificate to impersonate a website or app provided by the server [Fig. 1; Col. 5, lines 48-49; Col. 6, lines 35-39; Col. 33, lines 8-15; Col. 34, lines 38-43]; 
sending to the client device, by the computing system of the VPNAP, a reply to the request, with the surrogate certificate, wherein the reply imitates the server replying to the request of the client device (Col. 36, lines 43-46, After the proxy certificate has been created 977 the security agent finishes the SSL handshaking with the client application using the previously created security agent credentials 980.), and 
wherein the client device comprises a pre-installed trusted certificate authority certificate from the VPNAP (Col. 36, lines 38-42, The certificate that the security agent creates may be signed with a trusted root certificate the client application has in its trusted root certificate store which the security agent may have been involved in creating and inserting into the trusted root certificate store); and 
controlling, by the computing system of the VPNAP, communications between the client device and the server according to the surrogate certificate (Col. 36, lines 50-55, The client application and/or user may not be aware that the security agent exists. The client application and/or user may not be aware that the security agent is operating as a transparent man-in-the-middle. The security agent uses at least two separate keys in communicating with client application and destination server.).  
 17.	System claim 12 relates to the system using the method as claimed in method claim 3. Therefore, system claim 12 is rejected for the same reason of obviousness as used for claim 3.
18.	System claim 13 relates to the system using the method as claimed in method claim 4. Therefore, system claim 13 is rejected for the same reason of obviousness as used for claim 4.
19.	System claim 14 relates to the system using the method as claimed in method claim 5. Therefore, system claim 14 is rejected for the same reason of obviousness as used for claim 5.
20.	System claim 15 relates to the system using the method as claimed in method claim 6. Therefore, system claim 15 is rejected for the same reason of obviousness as used for claim 6.
21.	System claim 16 relates to the system using the method as claimed in method claim 7. Therefore, system claim 16 is rejected for the same reason of obviousness as used for claim 7.
22.	System claim 17 relates to the system using the method as claimed in method claim 8. Therefore, system claim 17 is rejected for the same reason of obviousness as used for claim 8.
23.	System claim 18 relates to the system using the method as claimed in method claim 9. Therefore, system claim 18 is rejected for the same reason of obviousness as used for claim 9.
24.	System claim 19 relates to the system using the method as claimed in method claim 10. Therefore, system claim 19 is rejected for the same reason of obviousness as used for claim 10.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496