DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment

2. 	This communication is in response to the amendment filed on 09/22/2022. The Examiner has acknowledged the amended Claims 1, 4, 10 and 13. No claims have been cancelled or added. Claims 1-18 are pending and Claims 1-18 are rejected.

Response to Arguments

3.	Applicant's Arguments (Remarks) filed on 09/22/2022 have been fully considered but they are not persuasive and/or moot in view of the new ground of rejection.

4. 	Rejection of Claim 4 and 13 under 35 USC 112 (b) has been withdrawn in view of the applicant’s amendment.

5.	With respect to the 35 U.S.C 103 rejection, Applicant's Arguments (Remarks Pages: 6-9) have been fully considered and they are not persuasive and/or are moot in view of the new ground of rejection. Applicant’s arguments are based on the amendment to Claims 1 and 10 and are moot in view of the new ground of rejection necessitated by the amendment. 

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



7.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

8.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

9.	Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Cho et al. (US 2017/0279609 A1, hereinafter Cho), in view of AL HAMAMI (US 2015/0052607 A1, hereinafter Al Hamami), in view of Aton et al. (US 2005/0138111 A1, hereinafter Aton), and further in view of  Bernoth (US 2006/0174337 A1, hereinafter Bernoth).
Regarding Claim 1,
Cho discloses a method for improving security of computer application logic that is configured to provide a network service (Cho: [Abstract] a data management method…, method is executed by a user client that is network-linked to a DB server and a security policy server, ¶¶ [0010, 0019, 0022, 0040]), the method comprising: 
receiving request data from the computer application logic at an agent of a server computer (Cho: ¶ [0010] a DB control application is executed; 3) determining whether the DB control application, of which the execution is detected, is allowed to be used for the user ID, determining that the DB control application is allowed to be used, ¶ [0019] a DB control application that is allowed to be used for each user ID of the user client…, performing a user authentication in response to a request of the user client for the user authentication…, access to the DB server from the user client is managed based on at least one of the first security information and the second security information, ¶ [0040] DB access control unit 2012 performing an access control function when the user client 3000 wants access through a DB application, ¶ [0070] embodiments of the present invention may be implemented in a form of program instructions, which are executable by various computer means, ¶ [Abstract, 0047]) wherein the request data represents a request to create a network connection in a session between the computer application logic and a remotely-located resource (Cho: ¶ [0010] recognizing a user ID through a user authentication; 2) detecting whether a DB control application is executed; 3) determining whether the DB control application, of which the execution is detected, is allowed to be used for the user ID…, the DB server, to which access is attempted, is allowed to be accessed by the user ID when determining that the DB control application is allowed to be used, ¶ [0015] a session connection between the user client and the DB server that is allowed to be accessed by the user ID may be performed based on the second security information, ¶ [0022] a user client, in which a security program having a user right policy management function is installed and which is network-linked to both a DB server…, See Fig. 1--DB server); 
determining, by the agent, that the requested network connection is not one of one or more predetermined authorized network connections associated with the computer application logic (Cho: ¶ [0010] allowing access to the DB server when determining that the DB server is allowed to be accessed, ¶ [0064] after the user authentication of step S1, a session connection between the user client and the DB server that is allowed to be accessed by the user ID is performed based on the second security information at step Sl00, ¶ [0054] second security information includes at least one of information of an IP address, a port address, a used protocol of the DB server that is allowed to be accessed by each user ID, also see ¶¶ [0013, 0070]).
However, it is noted that Cho does not explicitly disclose:
in response to the determining, generating and recording exception report data by the agent, wherein the exception report data includes: 
request origination data that identifies a component of the computer application logic from which the request data is received by specifying a first source code data file and a line number identifying a particular line of the first source code data file from which the request data originated; and 
user identification data that identifies a user.
However, Al Hamami from the same field of endeavor as the claimed invention discloses a method and system for protecting web applications against web attacks comprising a cloud service for generating rules and receiving reports, an agent manager in communication with the cloud service receiving rules from the cloud service and passing reports thereto (Al Hamami: [Abstract], also see ¶¶ [0019, 0044]), agent library is able to hook into various interfaces between the application and the different components in the environment…, Such interfaces include, but are not limited to datastores (SQL/NoSQL/XML as well as other types of databases), caching services, other services exposed via an API mechanism, the application runtime environment, included application libraries, as well as other services that are components of a web application, such as templating engines, and email service (Al Hamami: ¶¶ [0009-00010], also see ¶ [0041]), determining a malicious user or malicious session (Al Hamami: ¶ [0028]), a collection of detection logic (code), action logic (code) and associated data e.g., list of bad IPs, malicious users, vulnerable components, which are generated in the cloud service side of the system, and implemented by the agent library (Al Hamami: ¶ [0032]), provide information about important events such as malicious users, threat level of site, database misconfiguration (Al Hamami: ¶ [0012]), if there is an attempted SQL injection string, or a session modification attack, then extra logging for that user is performed and that user session is streamed to the cloud service for further inspection (Al Hamami: ¶ [0014]), detecting session- tampering attacks, SQL injection attacks, HTTP parameter pollution attacks, and HTTP splitting attacks (Al Hamami: ¶ [0042]), and an application stack having various hooks 24 (Al Hamami: ¶ [0043], See also Fig. 2).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).
However, it is noted that the combination of Cho and Al Hamami does not explicitly 
disclose: request origination data that identifies a component of the computer application 
logic from which the request data is received by specifying a first source code data file and a line number identifying a particular line of the first source code data file from which the request data originated.
However, Aton from the same field of endeavor as the claimed invention discloses an event monitoring and logging system, including apparatuses and methods, for instrumenting an on-line application program, or service, for generating and communicating events upon the occurrence of certain conditions during the execution thereof, for monitoring generated events in real and near-real time in accordance with configurable rules (Aton: [Abstract]), receive information, from an event tagging module 402 (described below) during execution thereof, which relates to events or transaction instances designated in a source code file(s) for a service 102 by calls to procedures 304 (Aton: ¶ [0044]), a source code filename corresponding to the source code file in which the call to the event procedure 304 or reference to a header file 314 having performance counter definitions 310 is found; a line number identifying the line number in the source code file at which the call to the event procedure 304 or reference to a header file 314 is found (Aton: ¶ [0045]), and the event generator API 302 include, in addition, a "ReportException" procedure 3041 and a "ReportExceptionTag" procedure 304K…, enabling a subsequent determination of what exception type was handled and where (i.e., the file name of a source code file for the service 102 and the line number therein) (Aton: ¶ [0067]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Aton in the teachings of Cho and Al Hamami. A person having ordinary skill in the art would have been motivated to do so for alerting appropriate personnel upon the occurrence of certain generated events, and for logging generated events for subsequent use in troubleshooting and debugging on-line service software code (Aton: ¶ [0008]), and for improving the quality of service and stability from failure thereof (Aton: ¶ [0009], also see [0032]).
However, it is noted that the combination of Cho, Al Hamami and Aton does not explicitly 
disclose: network connection data that identifies a host and port associated with the requested network connection that the agent used to determine that the requested network connection is not one of the one or more predetermined authorized network connections associated with the computer application logic.
However, Bernoth from the same field of endeavor as the claimed invention discloses 
system, method and program product for managing a security policy of a firewall (Bernoth: [Abstract]), Firewall 50 performs known functions of enforcing the rules within its security policy. The rules are maintained in a database 51 within or accessible to the firewall 50. The rules specify what combinations of source IP address, destination IP address, port on the destination IP address,
protocol, etc. are authorized (Bernoth: ¶ [0018]), logging server 11 logs source and destination
address, protocol and disposition information about message packets which the firewall 50 has blocked (Bernoth: ¶ [0019]), and if the addressing and protocol parameters of the message packet do not match a rule within the security policy of firewall 50 (decision 302, no branch), then firewall 50 does not forward the message packet to network 20 and instead discards the message packet (step 304). Then, firewall 50 identifies the source IP address, destination IP address, port of the destination device, protocol, etc.) of the discarded message packet to the logging server 11, and a management program 308 on the logging server logs these parameters of the discarded message packet (step 306) (Bernoth: ¶ [0024]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Bernoth in the teachings of Cho, Al Hamami and Aton. A person having ordinary skill in the art would have been motivated to do so to log (generate report data) parameters of a communication (including source and destination addresses) for future audits when the communication is unauthorized based on IP addresses and port associated with the communication (Bernoth: See ¶ [0024]). 

Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. Cho further discloses wherein the predetermined authorized network connections are specified by one or more selected from the group consisting essentially of: remote host identification data, port identification data, and network protocol identification data (Cho: ¶ [0012] the second security information may include at least one of information of an IP address, a port address, and a used protocol of the DB server that is allowed to be accessed by each user ID, ¶ [0064] a session connection between the user client and the DB server that is allowed to be accessed by the user ID is performed based on the second security information, See also ¶ [0054]).

Regarding Claim 3,
Claim 3 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. However, Cho does not explicitly wherein the agent is within the application logic as a plugin capable of intercepting application telemetry and sensitive outbound data types, wherein the application telemetry and sensitive outbound data types are used in the determination.
However, Al Hamami further discloses the in-app agent 150 receives rules 170 from the cloud service 110 via the agent manager 130. The rules 170 provide the detection and protection functionality. The in-app agent 150 also sends reports 180 to the agent manager 130. The agent manager 130 is responsible for the communications between the cloud service 110 and the protected
application 160 (Al Hamami: ¶ [0037]), hook into various interfaces between the application and the different components in the environment…, Such interfaces include, but are not limited to datastores (SQL/NoSQL/XML as well as other types of databases), caching services, other services exposed via an API mechanism, the application runtime environment, included application libraries, as well as other services that are components of a web application, such as templating engines, and email service (Al Hamami: ¶¶ [0009-00010]), and uses a middleware mechanism 230 to hook into various points of the application 160 and the web application…, hooks 240 allow the rules processor
220 to inject rules 170 that it received from the cloud service 110 via the link manager 130 into these points in the program (web application) being protected. In turn, these rules 170 allow reports 180 to be generated by the rules processor 220 and to be sent by the in-app agent (Al Hamami: ¶ [0041]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), and dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).

Regarding Claim 4,
Claim 4 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. However, Cho and Al Hamami do not explicitly disclose wherein the request origination data identifies the component of the computer application logic from which the request data is received by also specifying one or more source code data files and associated line numbers identifying particular lines of the one or more source code data files data lines whose execution caused the component identified by the first source code and the line number to send the request data.
However, Aton further discloses events or transaction instances designated in a source code file(s) for a service 102 by calls to procedures 304…, create and store unique entries in the tagged event database corresponding on a one-to-one basis with each call to a procedure 304…, provide tag entry information (i.e., detailed event information) to the web server 132 for use in reports generated by the web server 132 (Aton: ¶ [0044]), a line number identifying the line number in the source code file at which the call to the event procedure 304 or reference to a header file 314 is found (Aton: ¶ [0045]), and the event generator API 302 include, in addition, a "ReportException" procedure 3041 and a "ReportExceptionTag" procedure 304K…, enabling a subsequent determination of what exception type was handled and where (i.e., the file name of a source code file for the service 102 and the line number therein) (Aton: ¶ [0067]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Aton in the teachings of Cho and Al Hamami. A person having ordinary skill in the art would have been motivated to do so for alerting appropriate personnel upon the occurrence of certain generated events, and for logging generated events for subsequent use in troubleshooting and debugging on-line service software code (Aton: ¶ [0008]), and for improving the quality of service and stability from failure thereof (Aton: ¶ [0009], also see [0032]).



Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. Cho does not explicitly disclose wherein the user identification data identifies the user by specifying one or more selected from the group consisting essentially of: a user name associated with the user within the computer application logic, a role of the user, and data identifying the session.
However, Al Hamami further discloses determining a malicious user or malicious session (Al Hamami: ¶ [0028]), a collection of detection logic (code), action logic (code) and associated data e.g., list of bad IPs, malicious users, vulnerable components, which are generated in the cloud service side of the system, and implemented by the agent library (Al Hamami: ¶ [0032]), provide information about important events such as malicious users…, generic malicious-user/session detection function can be enhanced over time by utilizing advanced algorithms using key application/user specific metrics (number of server faults generated in a time period, number of web
requests in a time period, etc.) (Al Hamami: ¶ [0012], also see ¶ [0014]), and detecting session- tampering attacks, SQL injection attacks, HTTP parameter pollution attacks, and HTTP splitting attacks (Al Hamami: ¶ [0042]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).


Regarding Claim 6,
Claim 6 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. Cho further discloses wherein the remotely-located resource includes any of applications, APIs, rest services, micro services, databases and data stores (Cho: ¶ [0040] DB server 2000 is a server managing data, to which the user client 3000 wants to access…, performing an access control function when the user client 3000 wants access through a DB application, ¶ [0041] Data, which the user client 3000 wants to access, may be, for example, customer personal information data, and financial transaction information data, See Fig. 1).

Regarding Claim 7,
Claim 7 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. Cho further discloses wherein the one or more network connections are predetermined to be authorized or not by customer definition or IP reputation assessment (Cho: ¶ [0038] setting a user right for file or data is different depending on a user, ¶[0039] a user right identification process based on identification of a user ID; a process of allowing a user, of which a right is identified, to perform use actions).
Al Hamami further discloses a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs (Al Hamami: ¶ [0013]), and in-app agent 150 then applies the rules to protect the web application using the rules…, an improvement in the rule set, which could be a better algorithm, data external to the application (e.g., IP reputation, vulnerable library information). In this case, the flow is straight from the cloud service to the agent (step 460). Finally, the in-app agent applies the new rules to protect the web application (Al Hamami: ¶ [0045]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).

Regarding Claim 8,
Claim 8 is dependent on Claim 7, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. However, Cho does not explicitly disclose wherein the IP reputation assessment is performed by machine learning algorithms, publicly available information, specific flags, or a combination thereof.
Al Hamami further discloses a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs (Al Hamami: ¶ [0013]), receives the reports 180 from the various agent managers 130 (only one shown inFIG.1), as well as from other external sources, for example third party threat intelligence feeds and new algorithms developed by security researchers and generates new rules to be deployed to the in-app agents 150 (Al Hamami: ¶ [0039]), and in-app agent 150 then applies the rules to protect the web application using the rules…, an improvement in the rule set, which could be a better algorithm, data external to the application (e.g., IP reputation, vulnerable library information). (Al Hamami: ¶ [0045]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).

Regarding Claim 9,
Claim 9 is dependent on Claim 1, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 1. However, it is noted that Cho does not explicitly disclose in response to the determining: denying the request by declining to create the network connection; and 
sending exception data to the computer application logic to report the denial of the request.
However, Al Hamami further discloses determining a malicious user or malicious session (Al Hamami: ¶ [0028]), provide information about important events such as malicious users, threat level of site, database misconfiguration. This information can then be used for alerting the developer, or as factors into generating the detection or action functions dynamically (Al Hamami: ¶ [0012]), a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013], also see ¶ [0014]), and e.g., list of bad IPs, malicious users, vulnerable components, which are generated in the cloud service side of the system, and implemented by the agent library (Al Hamami: ¶ [0032], also see ¶¶ [0044, 0049]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Al Hamami in the teachings of Cho. A person having ordinary skill in the art would have been motivated to do so because a filter based on known-malicious-IP addresses or IP reputation, can be updated in real time as the cloud side learns about these malicious IPs and blocks application access to these IP addresses (Al Hamami: ¶ [0013]), dynamically update the rules based on the reports (See Al Hamami: ¶ [0039]).

Regarding Claim 10,
Cho discloses a system for improving security of computer application logic that is configured to provide a network service, the system comprising (Cho: [Abstract] a user client that is network-linked to a DB server and a security policy server, ¶ [0027] a systemic configuration view for executing a data management method, See Fig. 1, ¶ [0037]), a network monitor of a server computer (Cho: ¶ [0070] embodiments of the present invention may be implemented in a form of program instructions, which are executable by various computer means, and stored in a computer-readable storage medium, ¶ [0047]), an authorization determiner of the server computer (Cho: ¶ [0070] embodiments of the present invention may be implemented in a form of program instructions, which are executable by various computer means, and stored in a computer-readable storage medium, ¶ [0049] DB access management unit 3018 includes: a function for detecting whether the DB control application is executed; a function for determining whether the DB control application, of which the execution is detected, is allowed to be used for the user ID, ¶ [0047]). Al Hamami discloses a report generator of the server computer (Al Hamami  ¶ [0049] Any of the methods disclosed herein may be implemented in hardware, software, firmware or any combination thereof, ¶  [0044, 0048]), and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 10 as discussed in Claim 1. Therefore, Claim 10 is rejected using the same rationales as discussed in Claim 1.


Regarding Claims 11-16 and 18,
Claims 11-16 and 18 are dependent on Claim 10, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 10. The combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claims 11-16 and 18 as discussed in Claims 2-7 and 9. Therefore, Claims 11-16 and 18 are rejected using the same rationales as discussed in Claims 2-7 and 9.

Regarding Claim 17,
Claim 17 is dependent on Claim 16, and the combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 16. The combination of Cho, Al Hamami, Aton and Bernoth discloses all the limitations of Claim 17 as discussed in Claim 8. Therefore, Claim 17 is rejected using the same rationales as discussed in Claim 8.

Conclusion
10.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-20090199276-A1
US-20160164837-A1
US-20170316202-A1
US-20180107821-A1
US-20160119344-A1


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507.  The examiner can normally be reached on M-F 9:45am - 6:15pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494