DETAILED ACTION
This Office Action is in response to the Application Ser. No. 16/293,362 filed on March 5, 2019. Claims 1-5 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Specification
The use of trademarks including “NETCLOUD” has been noted in this application.  They should be capitalized wherever they appear and be accompanied by the generic terminology.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

	

Claim Objections
Claim 4 is objected to because of the following informalities:
regarding Claim 4, the word “isolates” recited in line 10 should be “isolated”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.




Claims 3-5 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 3-5 recite the trademark/trade name “NetCloud” within the claim term “NetCloud Management (NCM) interface).  Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.  See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982).  The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product.  A trademark or trade name is used to identify a source of goods, and not the goods themselves.  Thus, a trademark or trade (see paragraph [0034] of the instant specification) and, accordingly, the identification/description is indefinite.
For examination purposes, the term “NetCloud Management (NCM) interface” is interpreted as “a software-as-a-service (SaaS) management console”.

Additionally, Claim 4 recites the limitation “creating with the NCM interface an isolated secure private session with the router by utilizing a stream session” in lines 6-7. The relationship between “a stream session” recited in line 7 and “a stream session” recited in line 3 of the claim is unclear, rendering the claim indefinite. Specifically, it is unclear whether the “stream session” recited in line 7 is the same stream session that is initiated between the router and the NCM interface or a different stream session.
Continuing, Claim 4
Additionally, Claim 5 recites the limitation “transmitting responses to the SOCKS requests through the SSH tunnel” in line 11. There is insufficient antecedent basis for the term “the SSH tunnel” in the claims.
For examination purposes, the term “the SSH tunnel” is interpreted as “the SOCKS tunnel”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-4 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al., Pub. No. US 2019/0020723 A1, hereby “Kumar”, in view of  Garg et al., Pat. No. US 7,010,608 B2, hereby “Garg”.

Regarding Claim 1, Kumar discloses “A system for in-band remote management of a network asset (Kumar fig. 1 and paragraphs 11-12: a system for remote data access (RDA)), the system comprising:
a router, configured to provide Network Address Translation (NAT) (Kumar figs. 1 and 4 and paragraphs 12, 14, 65 and 68: a gateway router of customer network 104 implementing network proxy 116 - while not explicitly stated, it is understood by one of ordinary skill in the art that network address translation is provided by the gateway router of customer network 104);
a private network, wherein communications originating outside the private network are controlled by the router (Kumar fig. 1 and paragraphs 12 and 14: customer network 104, i.e., a private network, that is behind firewall 120 - while not explicitly stated, it is understood by one of ordinary skill in the art that firewall 120 may be included within the gateway router implementing network proxy 116); and
at least one network... asset in communication with the private network and configured to run a Secure Socket Shell (SSH) protocol (Kumar figs. 1, 2C and 4 and paragraphs 11, 14, 24, 41-43 and 64: remote device 118 of customer network 104, which establishes an SSH channel - while not explicitly stated, remote device 118 is necessarily configured to run an SSH protocol), and
wherein the at least one network... asset and the router initiate an SSH tunnel... (Kumar figs. 1, 2C and 4 and paragraphs 24, 41-43 and 64: an SSH channel, i.e., an SSH tunnel, is established with remote device 118 through the gateway router implementing network proxy 116).”
However, while Kumar discloses creating of forwarding rules including IP address and port mapping for the network proxy implemented by the gateway router of the customer network (Kumar figs. 2B, 3 and 4 and paragraphs 31-32, 53-59 and 71: network proxy 116 stores forwarding rules 310 that include southbound address mappings 312 that translate between source IP address and ports and destination IP addresses and ports for forwarding southbound traffic), Kumar does not explicitly disclose “at least one network server asset in communication with the private network and configured to run a Secure Socket Shell (SSH) protocol, and
server asset and the router initiate an SSH tunnel with remote port mapping to another network asset (emphasis added).”
In the same field of endeavor, Garg discloses a system for remotely accessing a home server while preserving end-to-end security, wherein a remote client can establish a network connection with a device located behind a firewall in private network using an secure session, i.e., a tunnel, established with a server on the private network (Garg figs. 1A, column 1, lines 9-11, column 3, line 39 through column 5, line 7 and column 8, line 53 through column 9, line 56: home server 102 on private network 100 establishes a secure session with remote client 120 through home gateway 106, which allows remote client 120 to access applications, programs, and/or capabilities of devices 150 despite being outside of a firewall and network address translation provided by the home gateway).”
It would have been obvious to one of ordinary skill in the art to modify the method of Kumar to establish the SSH channel with a server in the customer network and forward the traffic received by the server over the SSH channel to another device in the customer network as taught by Garg. One of ordinary skill in the art would have been motivated to combine establishing the SSH channel with a server in the customer network and forwarding the traffic received by the server over the SSH channel to another device in the customer network to enable remote management of devices in the customer network that do not support SSH.

Regarding Claim 2, the combination of Kumar and Garg discloses all of the limitations of Claim 1.
Kumar discloses “wherein the communications originating outside the private network originate from an external actor (Kumar fig. 1 and paragraphs 11-14, 18 and 43: RDA requestor 106, i.e., a user device located outside of the customer network 104, originates traffic that is directed towards remote device 118 within the customer network).”

Regarding Claim 3, the combination of Kumar and Garg discloses all of the limitations of Claim 2.
Additionally, Kumar discloses “a NetCloud Management (NCM) interface configured to communicate with the router (Kumar figs. 1 and 2A-2C and paragraphs 13-15, 19, 31, 34 and 41-43: cloud proxy 112, which is provided as an RDA SaaS application, i.e., an NCM interface, that is configured to communicate with network proxy 116 implemented by the gateway router of customer network 104).”

Regarding Claim 4, Kumar discloses “A method for in-band remote management of a network asset (Kumar fig. 4 and paragraphs 11 and 67: a method for remote data access (RDA)), the method comprising:
initiating a stream session between a router communicating on a private network, and an NetCloud Management (NCM) interface (Kumar figs. 1 and 4 and paragraphs 13-15, 19 and 50: WebSocket 130, i.e., a stream session, is established between network proxy 116 hosted by the gateway router of customer network 104, i.e., a private network, and cloud proxy 112, which is provided as an RDA SaaS application, i.e., an NCM interface);
(Kumar figs. 1, 2A and 4 and paragraphs 13, 20-23 and 69: RDA requestor 106, i.e., a user device, sends the login request with user credentials to cloud proxy 112, which responds by providing a webpage listing available customer networks and remote devices);
creating with the NCM interface an isolated secure private session with the router by utilizing a stream session (Kumar figs. 1, 2B and 4 and paragraphs 14, 24, 29-32 and 70-71: cloud proxy 112 establishes parameters for creating a new RDA session, i.e., an isolated secure private session, with network proxy 116 hosted by the gateway router of customer network 104, wherein the new RDA session is established by communicating over WebSocket 130, i.e., utilizing the stream session);
receiving a target Uniform Resource Identifier (URI) at the NCM interface and initiating an isolated secure private session with the router (Kumar figs. 1, 2B and 4 and paragraphs 14, 18, 24, 29-32 and 70-71: cloud proxy 112 receives a device identifier of remote device 118 in the target customer network 104, i.e., a target URI, to which the end-to-end RDA session is established through network proxy 116);
initiating a Secure Socket Shell (SSH) tunnel within the isolates secure private session (Kumar figs. 1, 2C and 4 and paragraphs 24, 41-43, 64 and 72: an SSH channel, i.e., an SSH tunnel, is established for the RDA session);
receiving translated requests through the SSH tunnel and communicating the translated requests to a... device on the private network (Kumar figs. 1, 2C and 4 and paragraphs 11, 19, 45, 64 and 72: traffic is exchanged between RDA requestor 106 and remote device 118 on customer network 104 - while not explicitly stated, it is understood by one of ordinary skill in the art that network address translation is provided by the gateway router of customer network 104); and
(Kumar figs. 1, 2C and 4 and paragraphs 11, 19, 45, 64 and 72: traffic is exchanged between RDA requestor 106 and remote device 118 on customer network 104 - while not explicitly stated, it is understood by one of ordinary skill in the art that network address translation is provided by the gateway router of customer network 104).”
However, while Kumar discloses creating of forwarding rules including IP address and port mapping for the network proxy implemented by the gateway router of the customer network (Kumar figs. 2B, 3 and 4 and paragraphs 31-32, 53-59 and 71: network proxy 116 stores forwarding rules 310 that include southbound address mappings 312 that translate between source IP address and ports and destination IP addresses and ports for forwarding southbound traffic), Kumar does not explicitly disclose “receiving translated requests through the SSH tunnel and communicating the translated requests to a server device on the private network (emphasis added).”
In the same field of endeavor, Garg discloses a system for remotely accessing a home server while preserving end-to-end security, wherein a remote client can establish a network connection with a device located behind a firewall in private network using an secure session, i.e., a tunnel, established with a server on the private network (Garg figs. 1A, column 1, lines 9-11, column 3, line 39 through column 5, line 7 and column 8, line 53 through column 9, line 56: home server 102 on private network 100 establishes a secure session with remote client 120 through home gateway 106, which allows remote client 120 to access applications, programs, and/or capabilities of devices 150 despite being outside of a firewall and network address translation provided by the home gateway).”
Kumar to establish the SSH channel with a server in the customer network and forward the traffic received by the server over the SSH channel to another device in the customer network as taught by Garg for the reasons set forth in the rejection of Claim 1.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al., Pub. No. US 2019/0020723 A1, hereby “Kumar”, in view of Fausak et al., Pub. No. US 2014/0373098 A1, hereby “Fausak”.

Regarding Claim 5, Kumar discloses “A method for in-band remote management of a network asset (Kumar fig. 4 and paragraphs 11 and 67: a method for remote data access (RDA)), the method comprising:
initiating a stream session between a router communicating on a private network, and an NetCloud Management (NCM) interface (Kumar figs. 1 and 4 and paragraphs 13-15, 19 and 50: WebSocket 130, i.e., a stream session, is established between network proxy 116 hosted by the gateway router of customer network 104, i.e., a private network, and cloud proxy 112, which is provided as an RDA SaaS application, i.e., an NCM interface);
initiating a web session with the NCM interface (Kumar figs. 1, 2A and 4 and paragraphs 13, 20-23 and 69: RDA requestor 106, i.e., a user device, sends the login request with user credentials to cloud proxy 112, which responds by providing a webpage listing available customer networks and remote devices);
initiating a... proxy session between the NCM interface and the router (Kumar figs. 1, 2B and 4 and paragraphs 14, 24, 29-32 and 70-71: cloud proxy 112 establishes parameters for creating a new RDA session, i.e., a proxy session, with network proxy 116 hosted by the gateway router of customer network 104, wherein the new RDA session is established by communicating over WebSocket 130, i.e., utilizing the stream session);
receiving a target Uniform Resource Identifier (URI) at the NCM interface and initiating an isolated secure private session with the router (Kumar figs. 1, 2B and 4 and paragraphs 14, 18, 24, 29-32 and 70-71: cloud proxy 112 receives a device identifier of remote device 118 in the target customer network 104, i.e., a target URI, to which the end-to-end RDA session is established through network proxy 116);
initiating a... tunnel within the proxy session (Kumar figs. 1, 2C and 4 and paragraphs 24, 41-43, 64 and 72: an SSH channel, i.e., an SSH tunnel, is established for the RDA session);
receiving... requests through the... tunnel and communicating the... requests to a network asset on the private network (Kumar figs. 1, 2C and 4 and paragraphs 11, 19, 45, 64 and 72: traffic is exchanged between RDA requestor 106 and remote device 118 on customer network 104 - while not explicitly stated, it is understood by one of ordinary skill in the art that network address translation is provided by the gateway router of customer network 104); and
transmitting responses to the... requests through the SSH tunnel (Kumar figs. 1, 2C and 4 and paragraphs 11, 19, 45, 64 and 72: traffic is exchanged between RDA requestor 106 and remote device 118 on customer network 104 - while not explicitly stated, it is understood by one of ordinary skill in the art that network address translation is provided by the gateway router of customer network 104).”
Kumar discloses establishing an SSH tunnel with the remote device in the customer network (Kumar paragraphs 41-43 and 64), Kumar does not explicitly disclose “initiating a Socket Secure (SOCKS) proxy session between the NCM interface and the router;
initiating a SOCKS tunnel within the proxy session;
receiving SOCKS requests through the SOCKS tunnel and communicating the SOCKS requests to a network asset on the private network; and
transmitting responses to the SOCKS requests through the SSH tunnel.”
In the same field of endeavor, Fausak discloses using the SOCKS protocol to establish a tunnel with a remote server behind a firewall on a private network (Fausak fig. 2 and paragraphs 89, 94 and 100: tunnel 270 is established between proxy machine 220 and remote server computing device 160 located behind firewall 120 using the SOCKS protocol).”
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the method of Kumar to establish the tunnel with the remote device using the SOCKS protocol as taught by Fausak because doing so constitutes a simple substitution of one known element (a tunnel established using SOCKS) for another (a tunnel established using SSH) to obtain predictable and desirable results (establishment of the tunnel with the remote device on the customer network through the firewall). See KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007).


Conclusion
A shortened statutory period for reply to this action is set to expire THREE MONTHS from the mailing date of this action. An extension of time may be obtained under 37 CFR 1.136(a). However, in no event, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this action.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM C MCBETH whose telephone number is (571)270-0495.  The examiner can normally be reached on Monday - Friday, 8:00AM - 4:30PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

/WILLIAM C MCBETH/Examiner, Art Unit 2449                                                                                                                                                                                                         
/ATTA KHAN/Primary Examiner, Art Unit 2449