DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 02/01/2021.
Status of claims in the instant application:
Claims 17-36 are pending.
Claims 17, 28 and 31 have been amended.
Claims 1-16 remain canceled.
No new claim has been newly added.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/01/2021 has been entered.
Response to Arguments
Applicant’s arguments, see pages [12-15] of the remarks filed on 01/04/2021, with respect to claim(s) 17, 28 and 31 (and the dependent claims) that have been amended to include new limitation (i.e. wherein the production apparatus is not visible from the network such that a communication with the production apparatus must be effected exclusively via the connection apparatus), have been considered but are moot because the new ground of rejection does not rely any reference or part of reference 
Applicant’s arguments, see page [12] of the remarks filed on 01/04/2021, regarding the “ingress processor[s]” of Pham prior art is neither clear nor persuasive. 
Applicant states, see page [12] of the remarks filed on 01/04/2021,
“The Office Action cites to paragraph [0038] of Pham and relies on Pham's description of ingress processors 30, 34 as providing filtering and routing functions for network data packets received on their network connections 38, 18. (Office Action, p. 9). The Office Action thus appears to take the position that the ingress processors 30, 34 of Pham are between the first network interface and the second network interface of Pham, and thus it seems the Office Action has considered the ingress processors 30, 34 of Pham to be different than the first network interface. (Office Action, p. 9). 
To more clearly distinguish the features of claim 17 from the systems of Loo and Pham, independent claims 17 is amended to recite that the packet filter is applied by the processor.”
In response, Examiner notes that as described in Para [0038] of Pham prior art, there two networks, “local LAN 38” and “wide area network (WAN), such as the Internet 18”. As shown in FIG. 2 and described in Para [38] of Pham, data coming into the system (either from first network, 38 or 18) go through one “Ingress Processor” where it’s filtered, and then go through subsequent processing and then transmitted through the egress processor to the to the second network (18 or 38). So the filtering is applied by the processor. FIG. 2 and Para [0038] shows bidirectional data flow with two ingress Pham discloses that the same can be implemented using a single “Ingress Processor 80”.
Examiner also notes that Loo prior art discloses that “cloud infrastructure system 602 may have more or fewer components than shown in the figure, may combine two or more components, or may have a different configuration or arrangement of components (Loo Para [0131, 0161])”
Examiner also notes that the rejections are in combination of prior arts, and that Loo prior art discloses that “firewalls 104, 130, although shown as two distinct firewalls, may be implemented as a single firewall that encapsulates MCS 112, (Loo, Para [0047])”. Although, Loo does not explicitly disclose packet filtering, but firewall (in networking and security art) is known to include filtering (USPGPUB: 20080040788, (Steinkogler et al.), Para [0061-0064]; USPGPUB: 20020083344, (Vairavan), Para [0086-0088], Claim 1, Claim 31).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 17-28 and 30-35 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2015/0229638 A1 to Loo (hereinafter “Loo”) in view of Pub. No.: US 2003/0074473 A1 to Pham et al. (hereinafter “Pham”).
Regarding Claim 17. Loo discloses A connection apparatus for connecting a production apparatus with a network, the production apparatus being a data-processing production apparatus and/or a data-generating production apparatus (Loo, Abstract, FIG. 2: … a cloud computer system (connection apparatus) to facilitate communication between a computing device (e.g., a mobile computing device) (production apparatus) and enterprise computer systems …), the connection apparatus comprising:
a memory (Loo, Para [0011]: … The computer system may include one or more processors and one or more memory devices coupled with and readable by one or more processors …),
at least one processor with the memory, wherein the processor is configured to access the memory in reading and writing (Loo, Para [0011, 0060-0061]: … The computer system may include one or more processors and one or more memory devices coupled with and readable by one or more processors … The one or more memory devices may store a set of instructions … computer system 110 may provide an object store service that may provide a storage facility for BLOBs. The basic unit of storage can be text, with read and write operations … computer system 110 may provide a database service to allow for connectivity to hosted databases for performing queries or writes …),
a first network interface configured to be connected with the network (Loo, FIG. 2, Para [0071-0072, 0109]: … The high-speed communication connections (network) may afford cloud computer system 110 the ability to handle multiple communications with enterprise computer systems … communication module 230 may include an adaptor interface 122 configured to support communication with enterprise computer systems, some of which may support different protocols or techniques for communications. Adaptor interface 122 may include one or more adaptors, e.g., adaptor 242 or adaptor 244, each of which may be configured to communicate according to a communication protocol, a type of enterprise computer system …; Examiner’s interpretation: interface through adaptor 242 to enterprise computing system 282 is the first network interface),
a second network interface configured to be connected with the production apparatus (Loo, FIG. 2, Para [0073]: … computer system 110 may use communication module 230 to communicate with mobile computing devices, e.g., mobile computing devices 202 (production apparatus), 212 may be physically located beyond a firewall (e.g., firewall 104) of cloud computer system 110 at a different geographic location (e.g., remote geographic location) than cloud computer system 110 …; Examiner’s interpretation: the communication interface between the computing system 110 and the mobile device 202 is the second interface),
a computer program code stored in the memory for execution by the processor (Loo, Para [0011]: … The one or more memory devices may store a set of instructions which, when executed by the one or more processors, cause the one or more processors to perform the techniques disclosed …),
wherein the computer program code comprises instructions upon whose execution data [packets] received at the second network interface via a second protocol are forwarded to the first network interface and there are sent via a first protocol into the network (Loo, Para [0011-0012]: … The one or more memory devices may store a set of instructions which, when executed by the one or more processors, cause the one or more processors to perform the techniques disclosed … The cloud computer system may include: one or more processors; one or more memory devices coupled with and readable by the one or more processors; a communication module, a protocol translator, and security service. The communication module may receive, from a mobile computing device using a first communication protocol (second protocol), a request for a service, where the service is provided by an enterprise computer system (data processing apparatus/server), where the enterprise computer system is located at a first geographical location that is different from a second geographical location of the computer system, and where the computer system and the enterprise computer system communicate over a public communication network. The communication module may send, to the enterprise computer system (data processing apparatus/server), the request for the service using a second communication protocol (first protocol), where the second communication protocol is different from the first communication protocol …), and/or
upon whose execution data [packets] received at the first network interface via a first protocol are forwarded to the second network interface and are sent via a second protocol to the production apparatus (Loo, Para [0011-0012]: … The communication module may receive, from the enterprise computer system via the second communication protocol, a response (Examiner’s interpretation: data packets received from data processing apparatus after request execution) to the request for the service. The communication module may send the received response to the mobile computing device (production apparatus). The protocol translator may convert the request received from the mobile computing device, where the request is converted from a first format of the first communication protocol (second protocol) to a second format of the second communication protocol (first protocol). The protocol translator may convert the response received from the enterprise computer system, where the response is converted from the second format of the second communication protocol to the first format of the first communication protocol, and where the converted response is sent as the response to the mobile computing device …), and
However, Loo does not explicitly teach, but PhamAtty. Docket: 19838.4087/10 from same or similar field of endeavor teaches:
“wherein the computer program code further comprises instructions upon whose execution the processor applies a packet filter to the data packets,
wherein the packet filter is applied by the processor on the way of the data packets between the first network interface and the second network interfaceAtty. Docket: 19838.4087/10 (Pham, Para [0038, 0045-0049, 0069], FIG. 2, FIG. 4: … The system architecture includes network ingress and egress processors 30, 32, 34, 36 providing a bidirectional connection between a local LAN 38 and a wide area network (WAN), such as the Internet 18. These ingress and egress processors 30, 32, 34, 36 are interconnect through a switch fabric 40 to data packet processors 42, 44, each representing an array of such processors, and a control processor 46. In the preferred embodiments of the present invention, the ingress processors 30, 34 are tasked with filtering and routing functions for network data packets received on their network connections to the LAN 38 and Internet 18. The routing function includes internally directing individual data packets through a fast processing path to the arrays of data packet processors 42, 44 or through a control processing path to the control processor 46 … An ordinary network data packet, as received 242, includes a conventional IP header 244 and data packet payload 246. The IP header is examined 250 to discriminate and filter out 252 data packets that are not to be passed through the VPN gateway 72 …); Examiner’s Interpretation: the “ingress processor” perform filtering of the incoming data packets and that the filtered data is sent/forwarded to the recipients through the egress processors. The “ingress processor” is on the way between the first network interface and the second network interface, FIG. 4 shows implementation with a combined/single Ingress processor.”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pham into the teachings of Loo, because it discloses that “complex operations, such as the routing and filtering of network data packets present a substantial challenge to accomplish at wire-speeds. While conventional routers routinely operate at wire-speeds, protocol processing operations that are more compute intensive, typically involving data conversions and translations, cannot conventionally be achieved at significant wire-speeds, ranging from about one Gbps and higher, but rather are bandwidth limited typically to below 400 Mbps. The present invention, however, provides a system and methods for performing compute-intensive protocol processing operations with a total throughput readily matching the wire-speed of the attached network at speeds of about one Gbps and higher (Pham: Para [0036])” thus helping to improve network performance, and
Loo further discloses:
“wherein the production apparatus is not visible from the network such that a communication with the production apparatus must be effected exclusively via the connection apparatus (Loo, Para [0013, 0036, 0047, 0057]: … The cloud computer system may include a firewall connected with the cloud computer device, where an internal network and an external network are separated by the firewall, and where the firewall is configured to: permit communication of HTTP messages, conforming to the first architectural style, between the mobile computing device and the cloud computing device; and permit communication of HTTP messages, conforming to the second architectural style, between the cloud computer device and the agent … The computer environment 100 may include a mobile cloud service ("MCS") 112 implemented to operate as a secure intermediary computing environment that may facilitate communication between the computing device 102 and one or more enterprise computer systems because computing device 102 may not be configured to communicate with such enterprise computer systems … Communication with an enterprise computer system 140, 150 may pass through firewall 130 which ensures that communication with an external network is secure to prevent unauthorized access to MCS 112 via such communications …); Examiner’s Interpretation: the communication from/to the mobile computing device (i.e. the production apparatus) with enterprise system (external network) is only allowed through the mobile cloud service ("MCS") 112 (i.e. the connection apparatus) …).”
Regarding Claim 18. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further discloses, “wherein the first protocol and the second protocol are different (Loo, Para [0012]: … the second communication protocol is different from the first communication protocol …).”
Regarding Claim 19. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Pham further discloses, “wherein the first protocol is a protocol with encryption and the second protocol is without encryption (Pham, Para [0069-0074]: … FIG. 12 provides a flow diagram describing the network packet processing operation 240 of an ingress processor 80 for network data packets received from a clear text (unencrypted) network … An available crypto processor 86 of the encryption sub-array partition is then selected based on load-balance analysis 276 and the network data packet is dispatched 278 … The operation 280 of a crypto processor 86, operating to encrypt a network data packet, is shown in FIG. 13 … an egress processor 82 receives 302 the encrypted data packet from a crypto processor 86, the SA header 268 is removed 304 from the remaining IPsec compliant encrypted data packet. The resulting data packet 270, 271, 290, 273 is then forwarded 306 on to the external network attached to the egress processor 82 … The operational protocol conversion of encrypted network data packets to clear text data packets closely parallels that of the clear text to encrypted conversion operations 240, 280, 300 …)”
The motivation to combine Pham remains same as in claim 17.
Regarding Claim 20. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Pham further discloses, “wherein the computer program code comprises instructions upon whose execution the setting up of a data connection via the second network interface is monitored (Pham, Para [0059]: … An engine status monitoring loop 160, executed by the ingress processor 80 in connection with the main data packet receipt event loop 138, is shown in FIG. 9. Busy messages received 164 from the crypto processors 86 cause the ingress processor 80 to mark the corresponding crypto processor 86 as being busy 166 and records the time the message was received. Not busy messages 168 are handled by the ingress processor 80 as signaling that the crypto processor 86 is immediately available to accept new data packets for processing. The ingress processor 80 marks the crypto processor 86 as ready 170 and records the current time 172 as the current estimated time-to-complete value maintained for the crypto processor 86. The monitoring loop 160 then waits 174 for a next message from any of the crypto processors 86 …), and upon recognition of said setting up a data connection is set up via the first network interface (Pham, Para [0064]: … An alternate load balancing algorithm can be implemented by utilizing the capabilities of the switch fabric 78 to directly pass a busy status signal from the crypto processors 86 readable by the ingress processor 80. FIG. 11 provides a detailed view of the port interfaces 220 of the preferred switch fabric 78. An input port interface 222 includes a serial cell data register 224 that decodes the initial bytes of a provided data cell, which are prefixed to the cell data by any of the connected processors 80, 82, 84, 86, to provide an address for the desired destination output port for the cell data. Input port logic 226 provides a grant signal 228 to indicate the availability of the selected output port to accept the cell data. Since the switch fabric 78 is non-blocking, the grant signal 228 can be immediately returned to the connected processor 80, 82, 84, 86 …).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the teachings of Pham into the teachings of Loo, because it provides that “ingress processor 80 or control processor 84 may monitor the number of times and frequency that any crypto processor 86 fails to report not busy status and, as appropriate, permanently remove the failing crypto processor 86 from consideration by the request process 180 (Pham, Para [0063])”, thus ensuring that request is not routed to a faulty processor.
Regarding Claim 21. The combination of Loo-Pham discloses the connection apparatus according to claim 20, Loo further teaches, “wherein the computer program code comprises instructions upon whose execution the transfer of data, which are transferred in a file from the production apparatus to the connection apparatus, into the network, when the file has not yet been completely transferred to the apparatus (Loo, Para [0127, 0149]: … Server 512 may also run any of a variety of additional server applications and/or mid-tier applications, including HTTP servers, FTP servers … a number of internal shared services 632 may be provided that are shared by different components or modules of cloud infrastructure system 602 and by the services provided by cloud infrastructure system 602. These internal shared services may include, without limitation, a security and identity service, an integration service, an enterprise repository service, an enterprise manager service, a virus scanning and white list service, a high availability, backup and recovery service, service for enabling cloud support, an email service, a notification service, a file transfer service …).”
Regarding Claim 22. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further discloses, “further comprising a third network interface for connection with a further data-processing and/or data-generating production apparatus (Loo, FIG. 2, Para [0071-0072, 0109]: … The high-speed communication connections (network) may afford cloud computer system 110 the ability to handle multiple communications with enterprise computer systems … communication module 230 may include an adaptor interface 122 configured to support communication with enterprise computer systems, some of which may support different protocols or techniques for communications. Adaptor interface 122 may include one or more adaptors, e.g., adaptor 242 or adaptor 244, each of which may be configured to communicate according to a communication protocol, a type of enterprise computer system …; Examiner’s interpretation: interface through adaptor 244 to enterprise computing system 292 is the third network interface), which is connected via a signal connection with the processor (Loo, Para [0163, 0174]: … processing unit 704 may be implemented as one or more independent processing units 732 and/or 734 with single or multicore processors included in each processing unit … communications subsystem 724 can provide wired network connectivity (e.g., Ethernet) in addition to or instead of a wireless interface … software modules or instructions may be executed by processing unit 704 …), and
in which the computer program code comprises program code upon whose execution data packets received at the third network interface via a third protocol are forwarded to the first Atty. Docket: 19838.4088/10network interface and there are sent via a first protocol into the network (Loo, Para [0077]: … Protocol translator 252 may convert a request received from mobile computing devices 202, 212. The request may be converted from a format of a communication protocol supported by computing device 202, 212 to a format of a communication protocol supported by enterprise computer system 282, 292 … Protocol translator 252 may convert a response received from enterprise computer system 282, 292. A response may be converted from a format of a communication protocol supported by enterprise computer system (third protocol) 282, 292 to a format of a communication protocol supported by mobile computing device 202 (first protocol), 212 …), (Loo, Para [0031]: … enterprise computer system may include an agent computing system located on-premises of an enterprise. The agent computing system may be configured to communicate with the cloud computer system. The agent computing system may translate or convert and/or direct requests to back-end servers according to a protocol or standard supported by those back-end servers …), and/or
upon whose execution [data packets received at the first network interface via a first protocol are forwarded to the third network interface] and there are sent via the third protocol to the further production apparatus and/or upon whose execution data are transported between the second and the third network interface (Loo, Para [0077]: … Protocol translator 252 may process a message to determine a communication protocol for a message and/or to convert a message to a communication protocol for a destination. Protocol translator 252 may convert a request received from mobile computing devices 202, 212. The request may be converted from a format of a communication protocol supported by computing device 202 (second protocol), 212 to a format of a communication protocol supported by enterprise computer system 282 (first protocol), 292 (third protocol). Protocol translator 252 may convert a response received from enterprise computer system 282, 292. A response may be converted from a format of a communication protocol supported by enterprise computer system 282 (first protocol), 292 (third protocol) to a format of a communication protocol supported by mobile computing device 202, 212 (further production apparatus). In some embodiments, all or some of the operations performed by protocol translator 252 may be implemented in callable interface 250 and/or adaptor interface 222 …).”
Pham further discloses, “data packets received at the first network interface via a first protocol are forwarded to the third network interface (Pham, Para [0042]: … Multiple scalable arrays of data packet processors 58 can be directly connected to the switch fabrics 56 to provide various forms of protocol data processing, characterized as involving significant computation intensive operations. The individual data packet processors 58 may be configured to perform a single protocol conversion operation or multiple related operations … Single data processors 58 can be used to perform multiple compute intensive operations or the fast path processing of network data packets may be extended to include the transfer of data packets between multiple data packet processors 58 before finally being forwarded on to an egress processor 54 …)”; (Examiner’s interpretation: each data processor performing a single protocol conversion and that data between the data processors are exchanged with each other for compute intensive task, and hence data packet from first protocol (one data processor) is forwarded to the second data processor (third protocol) for them to be able to mutually work on the same task …)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the teachings of Pham into the teachings of Loo, because it provides that “separate data compression/decompression and encryption/decryption data processors can be employed for reasons of architectural flexibility and simplicity (Pham: Para [0042])”.
Regarding Claim 23. The combination of Loo-Pham discloses the connection apparatus according to claim 22, Loo further discloses, “wherein the computer program code comprises instructions upon whose execution data received via the second network interface are sent via the third network interface, and/or wherein the computer program code comprises program code upon whose execution data received via the third network interface are sent via the second network interface (Loo, FIG. 2, Para [0072-0073, 0077]: … … The high-speed communication connections (network) may afford cloud computer system 110 the ability to handle multiple communications with enterprise computer systems … communication module 230 may include an adaptor interface 122 configured to support communication with enterprise computer systems, some of which may support different protocols or techniques for communications. Adaptor interface 122 may include one or more adaptors, e.g., adaptor 242 or adaptor 244, each of which may be configured to communicate according to a communication protocol, a type of enterprise computer system …; Examiner’s interpretation: interface through adaptor 244 to enterprise computing system 292 is the third network interface); … computer system 110 may use communication module 230 to communicate with mobile computing devices, e.g., mobile computing devices 202 (production apparatus), 212 may be physically located beyond a firewall (e.g., firewall 104) of cloud computer system 110 at a different geographic location (e.g., remote geographic location) than cloud computer system 110 …; Examiner’s interpretation: the communication interface between the computing system 110 and the mobile device is the second interface); … Protocol translator 252 may convert a request received from mobile computing devices 202, 212. The request may be converted from a format of a communication protocol supported by computing device 202 (second protocol), 212 to a format of a communication protocol supported by enterprise computer system 282, 292 (third protocol)… Protocol translator 252 may convert a response received from enterprise computer system 282, 292. A response may be converted from a format of a communication protocol supported by enterprise computer system (third protocol) 282, 292 to a format of a communication protocol supported by mobile computing device 202 (second protocol), 212 …).”
Regarding Claim 24. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further teaches, “further comprising a Trusted Loo, Para [0088]: … Security service 132 (TPM) may initially process a request to determine authentication of a user before further processing is performed. Cloud computer system 110 may store enterprise data 310 in local storage, e.g., cache, of cloud computer system 110 … operation 320 may include determining whether the security authentication is being determined for the enterprise computer system identified by the request from the user. An operation 320 may include security service 132 (TPM) storing, in cloud computer system 110, information indicating the security authentication …).”
Regarding Claim 25. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further discloses, “wherein data relating to authentication and/or authorization and/or signing and/or details of the network are stored in the memory (Loo. Para [0067]: … computer system 110 may include one or more memory storage devices ("local storage"), such as cache 220. Cache 220 may be used to store enterprise data 224 and authentication information 222. Enterprise data 224 may be received from enterprise computer systems 282, 292 or from mobile computing devices 202, 212, or may include enterprise data converted by cloud computer system 110, or combinations thereof. Authentication information 222 may be received from an identity management system and/or generated by cloud computer system 110. In some embodiments, authentication information 222 may include information indicating security authentication of a user with regard to a request for a service …).”
Regarding Claim 26. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further discloses, “further comprising a maintenance network interface and wherein the computer program code comprises instructions upon whose execution by the processor configuration data of the connection apparatus can be changed (Loo. Para [0040-0041]: … Diagnostics store 126 may store diagnostics (maintenance) information about processing occurring in MCS 112. Diagnostics store 126 may store messages communicated via MCS 112 and log information. Analytics store 128 may store logging and analytics data captured during processing in the system … On behalf of MCS 112, cloud computer system 110 may utilize its computing resources to enable execution of custom code 116 (e.g., operations, applications, methods, functions, routines, or the like). Computing resources may be allocated for use with respect to a particular user associated as a subscriber or tenant to MCS 112. Resources may be allocated with respect to a user, a device, an application, or other criterion related to a subscriber. MCS 112 may be scaled in or out, depending on the demand of mobile computing devices seeking to communicate with enterprise computer systems. MCS 112 can be configured such that it is elastic to handle surges and temporary periods of higher than normal traffic between mobile computing devices and enterprise computer systems. In some embodiments, MCS 112 may include elements that support scalability such that components may be added or replaced to satisfy demand in communication …).”
Regarding Claim 27. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further teaches, “wherein the computer program Loo. Para [0011, 0067, 0044]: … one or more memory devices may store a set of instructions which, when executed by the one or more processors, cause the one or more processors to perform the techniques disclosed … The method may further include obtaining for a user of the mobile computing device associated with the request, a security authentication to obtain at least one service through the cloud computer system. The method may include sending a request to an identity management system to determine the security authentication of the user. The method may further include storing information indicating the security authentication. The method may further include identifying, based on the security authentication of the user, a plurality of enterprise computer systems accessible to the user through the cloud computer system … Computing device 102 may communicate with MCS 112 via one or more communication networks using wireless communication. Examples of communication networks may include a mobile network, a wireless network, a cellular network, a local area network (LAN), a wide area network (WAN), other wireless communication networks, or combinations thereof. In certain embodiments, computing device 102 may establish a communication connection 114 with MCS 112 using a custom communication protocol (e.g., a custom protocol). Connection 114 may be established with MCS 112 through cloud computer system 110. The custom protocol may be an HTTP-based protocol. By utilizing a custom communication protocol, computing device 102 may operate on any computing device platform to communicate with cloud computer system 110 … computer system 110 may include one or more memory storage devices ("local storage"), such as cache 220. Cache 220 may be used to store enterprise data 224 and authentication information 222. Enterprise data 224 may be received from enterprise computer systems 282, 292 or from mobile computing devices 202, 212, or may include enterprise data converted by cloud computer system 110, or combinations thereof. Authentication information 222 may be received from an identity management system and/or generated by cloud computer system 110. In some embodiments, authentication information 222 may include information indicating security authentication of a user with regard to a request for a service …); (Pham already discloses filtering as in claim 17).”
Regarding Claim 28. This is a system claim corresponding to the apparatus claim 17, and contains all the same or similar limitations as claim 17, and hence similarly rejected as claim 17.
Regarding Claim 30. This claim contains all the same or similar limitations as claim 22 and hence similarly rejected as claim 22.
Regarding Claim 31. This is a method claim corresponding to the apparatus claim 17, and contains all the same or similar limitations as claim 17, and hence similarly rejected as claim 17.
Regarding Claim 32. The combination of Loo-Pham discloses A method for updating a system according to claim 28, the method comprising: changing only configuration data and/or the computer program code of the connection apparatus upon an alteration in the network (Loo, Para [0039-0041, 0076]: … Metadata repository 124 may store metadata corresponding to one or more configurations of a callable interface. Metadata repository 124 may be configured to store metadata for implementing a callable interface. The callable interface may be implemented to translate between a one format, protocol, or architectural style for communication and another format, protocol, or architectural style for communication. Metadata repository 124 may be modifiable by an authenticated user via the external network … cloud computer system 110 may utilize its computing resources to enable execution of custom code 116 (e.g., operations, applications, methods, functions, routines, or the like) … Similar to application developers, those who manage enterprise computer systems can implement code (e.g., an agent system) that is configured to communicate with MCS 112 via callable interface 250. Callable interfaces 250 may be implemented based on a type of a computing device, a type of enterprise computer systems, an app, an agent system, a service, a protocol, or other criterion …).
Regarding Claim 33. The combination of Loo-Pham discloses A method for updating a system according to claim 28, Loo further teaches, “the method comprising: changing only the computer program code and/or the configuration data of the connection apparatus or only the connection apparatus is exchanged in reaction to a newly recognized possibility of attacking the system or the connection apparatus (Loo, Para [0057, 0041]: … Communication with an enterprise computer system 140, 150 may pass through firewall 130 which ensures that communication with an external network is secure to prevent unauthorized access to MCS 112 via such communications. … On behalf of MCS 112, cloud computer system 110 may utilize its computing resources to enable execution of custom code 116 (e.g., operations, applications, methods, functions, routines, or the like). Computing resources may be allocated for use with respect to a particular user associated as a subscriber or tenant to MCS 112. Resources may be allocated with respect to a user, a device, an application, or other criterion related to a subscriber. MCS 112 may be scaled in or out, depending on the demand of mobile computing devices seeking to communicate with enterprise computer systems. MCS 112 can be configured such that it is elastic to handle surges and temporary periods of higher than normal traffic between mobile computing devices and enterprise computer systems. In some embodiments, MCS 112 may include elements that support scalability such that components may be added or replaced to satisfy demand in communication …).”
Regarding Claim 34. The combination of Loo-Pham discloses the connection apparatus according to claim 17, Loo further teaches, “wherein the connection apparatus is configured to connect the production apparatus with a data processing device via the network (Loo, Para [0013]: … According to at least one example, a cloud computer system is provided to facilitate communication between a mobile computing device and an on-premises enterprise computer system. The cloud computer system may include a cloud computer device configured to: receive, through an application programming interface (API), from a mobile computing device, HTTP messages conforming to a first architectural style; and generate and send, to the agent, HTTP messages conforming to a second architectural style …).”
Regarding Claim 35. The combination of Loo-Pham discloses the connection apparatus according to claim 34, Loo further discloses, “wherein the program code comprises instructions upon whose execution the data packets received at the second network interface via the second protocol are forwarded to the first network interface and are sent via the first protocol to the data processing apparatus of the network (Loo, Para [0011-0012]: … The one or more memory devices may store a set of instructions which, when executed by the one or more processors, cause the one or more processors to perform the techniques disclosed … The cloud computer system may include: one or more processors; one or more memory devices coupled with and readable by the one or more processors; a communication module, a protocol translator, and security service. The communication module may receive, from a mobile computing device using a first communication protocol (second protocol), a request for a service, where the service is provided by an enterprise computer system (data processing apparatus/server), where the enterprise computer system is located at a first geographical location that is different from a second geographical location of the computer system, and where the computer system and the enterprise computer system communicate over a public communication network. The communication module may send, to the enterprise computer system (data processing apparatus/server), the request for the service using a second communication protocol (first protocol), where the second communication protocol is different from the first communication protocol …).”
Claim 29 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2015/0229638 A1 to Loo (hereinafter “Loo”) in view of Pub. No.: US 2003/0074473 A1 to Pham et al. (hereinafter “Pham”), as applied to claim 28 above, and further in view of Patent No. : US 8,454,440 B2 to Brosnan et al. (hereinafter “Brosnan”).
Regarding Claim 29. The combination of Loo-Pham discloses the system according to claim 28, however it does not explicitly teach, but Brosnan from same or similar field of endeavor teaches:
“wherein the production device comprises at least one housing and the signal connection between the connection apparatus and the production apparatus extends preferably completely within the housing and in which the connection apparatus is disposed in the housing (Brosnan; Figure 1B, 3; Column [14, 17], Lines [1-3, 14-16]: … Communication interface 52a (signal connection) is included in a main communication board 210a within a main cabinet (housing) of gaming machine 2a (production device) … Turning to FIG. 3, more details of gaming machine 2a are described. Machine 2a includes a main cabinet 4, which generally surrounds the machine interior …).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brosnan into the combined teachings of Loo-Pham with the motivation to reduce the possibility tampering of the information flow from the gaming machine controller by having the 
Regarding Claim 36. The combination of Loo-Pham discloses the apparatus according to claim 17, however it does not explicitly teach, but Brosnan from same or similar field of endeavor teaches:
“in which the computer program code comprises instructions upon whose execution the setting up of the data connection via the second network interface between the production apparatus and the connection apparatus, is monitored, and upon recognition of such a setting up a data connection is set up via the first network interface between the connection apparatus and the network and/or a data processing device connected with the network (Brosnan, Column [21], Lines [25-43]: … When the communications interface is implemented within a player tracking unit, the communications interface establishes communication with a master gaming controller on the gaming machine using an initial communication protocol of some type. To do so, the communications interface determines the gaming machine type and configures itself to communicate in a communication format used by a master gaming controller on the gaming machine such as USB or RS-232. The player tracking unit may determine which gaming machine functions and services are to be executed by the communications interface. The gaming machine functions and services may be distributed between logic devices located on the player tracking unit, located on the gaming machine, or other gaming peripheral devices. For example, the master gaming controller may send game usage information directly to the player tracking server. In this example, the player tracking unit may not poll the gaming machine for game usage information because this player tracking function is performed by the gaming machine …).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brosnan into the combined teachings of Loo-Pham because it allows “allows gaming manufactures and casino operators to add new extensions to protocols or new protocols that are able to share the common network communication protocol and hardware. This allows gaming manufactures and casino operators to add software and gaming machine functions that require new proprietary extensions and new proprietary protocols--without rewiring the entire network or adding a new hardware network (Brosnan: Column [12], Lines [15-25]).”
Pertinent Prior Arts: The following prior arts made of record, and provided in the attached PTO-892 (Notice of References Cited), are pertinent to Applicant’s disclosure, but are not relied upon for rejections in this Office Action:
US PGPUB:  20080040788, (Steinkogler et al.): This discloses an apparatus for interacting with a medical device (10) which is suitable for connection into a communication network (11) which comprises at least one insecure area (11b) and a secure area (11a) on the device side, wherein the apparatus comprises transmission means (12; 44, 45) for transmitting communication packets to and from the medical device (10) via the communication network (11), it comprises monitoring means (13; 42, 43) for monitoring the state of the connection of the device (10) to the network (11), and it comprises breaker means (14; 40, 41) for breaking an existing connection between the secure area (11a) and the insecure area (11b) of the network (11) if, during the 
The behaviour of the apparatus according to the invention at the stage of monitoring the network connections would in this case be similar to that of a hardware firewall; however, the rules for packet filtering could be specified much more accurately and adapted to the medical device to be protected. Unlike customary firewalls, however, here the connection to the insecure area 11b of the network 11 is cut when harmful communication packets are detected.
One particularly advantageous embodiment of the apparatus according to the invention with bidirectional packet filtering is obtained when a check that is carried out on the communication protocols used is also at the same time used to convert the data into communication protocols used by other medical devices and/or into a communication network 11 based on different physical principles, and thus to allow devices which are in fact incompatible to communicate with one another.
US PGPUB: 20020083344, (Vairavan): This discloses an integrated, easily upgradeable networking device capable of interfacing with different types of networks while still providing high performance networking functionalities such as protocol conversion, security maintenance, and inter/intra-network management within an enterprise environment is described. The device may perform various networking 
US PGPUB: 20070067458, (Chand): This discloses a proxy server comprises an interface component that receives data from a programmable logic controller, other factory controllers, or smart devices on the factory floor. A mapping component communicatively coupled to the interface component converts the data into data structured in accordance with a hierarchical data model. The proxy server can further be employed to convert data from a plurality of industrial automation devices and controllers connected over industrial automation communication networks as well as provide uniform security features to such devices.
The subject invention relates to industrial control systems and, more particularly, to enabling utilization of legacy devices when updating an industrial control system data model.
US PAT.: 6111893 A, (Volftsun et al.): This discloses a scalable, programmable software based application run on a programmed general purpose digital computer is used for interconnecting a plurality of heterogeneous network nodes. The application has the ability to convert between any two signaling protocols used, such as those used over a telecommunications network, by converting an originating protocol to a universal non-protocol specific representation, and then converting the universal non-protocol specific representation to a receiving protocol. A call context is used to store information elements created from the originating protocol so that a universal call model applies inter-working rules. The universal call model is also in communication with state machines associated with both the originating and the terminating sides in order to 
US PGPUB: 20030046404, (O'Neill et al.): The invention provides a method, data processing system and software for processing control messages constructed in accordance with a first communications protocol for use in a communications network. Each control message includes a first address identifier having a format defined by the first protocol. The method comprises the step of processing said control message to derive a second address identifier from said first identifier, said second identifier having a format defined by a second communications protocol; and, the step of re-formatting said control message for transmission, in accordance with said second protocol, to a network system associated with said second address identifier. The first communications protocol may be Session Initiation Protocol (SIP) and the second communication protocol Simple Mail Transfer Protocol (SMTP). The invention allows messages to be readily processed and diverted from a SIP defined destination URL address identifier to a corresponding SMTP defined destination URL address identifier for the same user or end system. In this way users may send SIP messages to SMTP address identifiers using the SMTP network protocol and infrastructure (416) and SMTP messages to SIP address identifiers using the SIP network protocol and infrastructure
US PAT:  6278697 B1, (Auerbach et al.): This discloses a method and apparatus for processing multi-protocol communications via a single system is accomplished by receiving a message from a first communications device wherein the message includes the identity of at least a first communications device and a second communications device. When the first communications device utilizes a different communications protocol than the second communication device, the messages transceived between the two communication devices are converted by an appropriate communication protocol. Such conversion is done by first converting an incoming message having a first communication protocol format into a message having a generic communication protocol format. The message having the generic communication protocol format is then converted into a message having a second communication protocol format, which message is subsequently routed to the second communication device.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434