Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .




    PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/343,139
Filing Date: 3rd November 20016
Appellant(s): PETROV, Andrey Todorov; VALKANOV, Martin
__________________
Gene Su, Registration No: 45140
For Appellant




EXAMINER’S ANSWER

This is in response to the appeal brief filed on 1st December 2020 appealing from the Office action mailed on 13th July 2020.
31 January 2014 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.” 

Response to Argument
To facilitate the review Examiner would like to provide his summary of the essence of the claimed invention:	A method to provide communication between a first computer in a first computer network and a second computer in a second computer network, the first computer network corresponding to at least part of a public cloud, comprising: aliasing the second computer’s address in the second computer network to a loopback interface of a third computer in the first computer network, wherein the second computer network corresponds to a private cloud protected by a firewall; establishing a tunnel between the third computer and a fourth computer in the second computer network, wherein establishing the tunnel includes configuring the fourth computer to forward traffic received from the tunnel to the second computer; configuring routing in the first computer network to direct traffic destined for the second computer network to the third computer; and configuring the first computer to transmit packets destined for the second computer with the second computer’s address in the second computer network.

Appellants’ Argument 1: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “establishing a tunnel between the third computer and a fourth computer” with a claimed arrangement that the third computer has a loopback interface “aliasing the second computer’s address in a second computer network” as recited in independent claim 1, Claim 8, and Claim 15. 

Examiner’s Response to Argument 1:
The Examiner also would like to point out the citation location of Schrecker in view of Fausak that explicitly teaches all “establishing a tunnel between the third computer and a fourth computer” and aliasing the second computer’s address in the second computer network to a loopback interface of a third computer” in the Claim 1, Claim 8 and Claim 15.  
In the Appeal brief Argument the applicant agreed in Page 11, 4th Paragraph that Fig. 1 of Schrecker cited in the Office Action appears similar to the Appellant’s Fig. 1.
The Applicant’s Fig.1 and Schrecker’s Fig.1 are reproduced bellow”

    PNG
    media_image2.png
    430
    652
    media_image2.png
    Greyscale

Applicant’s Fig.1

    PNG
    media_image3.png
    375
    650
    media_image3.png
    Greyscale

Schrecker’s Fig.1
in Para.39, “secure tunnel 36 may be created from within private network 12 to public network 26 over connection 44a (e.g., from SSH client 42 to SSH server 40), and configuration agent 34 may subsequently initiate and maintain communication over connection 44b (e.g., from SSH server 40 to SSH client 42) via secure tunnel 36.  Secure tunnel 38 may be created from within private network 12 to public network 26 over connection 46a (e.g., from SSH client 42 to SSH server 40), and scan engine 32 may subsequently initiate and maintain communication over connection 46b (e.g., from SSH server 40 to SSH client 42) via secure tunnel 38.”  And in Para 15, “Embodiments of system 10 provide for establishing a secure tunnel 36 between configuration manager 24 and scanner 30.  Embodiments of system 10 also provide for establishing a secure tunnel 38 between scan controller 22 and scanner 30.  In some instances, a single secure tunnel, rather than two distinct tunnels 36, 38, can be established for communication between a public network-based scanner's 30 scan engine 32 and configuration agent 34 and a private network-based scan controller 22 and configuration manager 24”. 
The reference Schrecker teaches 
1. the establishment of secure tunnel between the SSH server and SSH client in Para.39. 
2. the establishment of secure tunnel between the configuration manager and the scanner in Para.15. 
3. the establishment of secure tunnel between the scanner controller and the scanner in Para.15.

In the instant application the Applicant described “aliasing the second computer’s address” as in Para.12, “the second computer's address 112 (FIG. 1) in second computer network 104 is aliased to a loopback interface 114 (FIG. 1) of a third computer 116 (FIG. 1) in first computer network 102.  The second computer's address 112 includes a private Internet Protocol (IP) address and a transmission control protocol (TCP) port for accessing second computer 110 over second computer network 104.” 

The reference Schrecker teaches “loopback interface” in Para.52, “scanner 30 may be pre-configured before deployment in public network 26 to listen on port 50 on its loopback network interface (e.g., localhost, 127.0.0.1, etc.)” and in Para., “”. 
 in Para.42, “configuration manager 24, at example IP address 1.1.1.1 may be configured to communicate scanner configuration information through port number "3801," and scan controller 22, also at example IP address 1.1.1.1 may be configured to communicate scan information through port number "3803." Inside private network 12, configuration agent 18 typically checks for updates through port number "3801" at 1.1.1.1, and scan engine 16 typically checks for scan instructions through port "3803" at 1.1.1.1.”
The scanner is interpreted as the third computer and the configuration manager is interpreted as forth computer. The secure tunnel is established between the scanner and the configuration manager which is disclosed in the reference Schrecker in Para.15.


Appellants’ Argument 2: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “configuring the first computer to transmit packets destined for the second computer with the second computer's address in the second computer network” as recited in independent claim 1, Claim 8, and Claim 15. 

The reference Schrecker discloses in Para.23, “The network environment illustrated in FIG. 1 may be generally configured or arranged to represent any communication architecture capable of electronically exchanging packets.  In addition, private network 12 and public network 26 may also be configured to exchange packets with other networks such as, for example, other LANs.” And in Para.35, “An SSH server running an SSH server program can connect across an SSH tunnel to an SSH client running an SSH client program.  The SSH server program (also called SSH daemon) permits the SSH server to accept connections using the SSH protocol from remote computers.  The SSH client program permits the SSH client to connect to a remote computer using the SSH protocol.” And in Para.36, “SSH tunnel may be established from the server in the private network to the server in the public network.  From the SSH client (located in the private network), an origination port on the SSH server (located in the public network) may be opened for listening, and all connections to the origination port may be forwarded to a destination port on the SSH client… a command such as the following on the SSH client may set a reverse SSH port forwarding from example origination port 10002 on SSH server remotehost at IP address 1.1.1.1 to example destination port 22 on SSH client: ssh -R remotehost:10002 localhost:22 1.1.1.1.  All connections to origination port 10002 at 1.1.1.1 are forwarded to destination port 22 on the protected SSH client in the private network.”. 
The SSH server could be interpreted as first computer and the first computer network could be interpreted as the public network. The SSH server (first computer) is located in the first computer network (public network). The SSH client could be interpreted as second computer and the second computer network could be interpreted as private network. The SSH client (second computer) is located in the second computer network (private network). The private network and public network is configured to exchange packets. The secure SSH tunnel is established to transmit the packets between the private network and the public network. 
However the Examiner relied on the second reference Fausak for the “the second computer's address” to make the office action more clear. The reference Fausak teaches in Para.137, “When a client computing device 602 and a server computing device 604 are remote with respect to each other, a client computing device 602 may connect to a server computing device 604 over a network 606… A remote device (e.g., a computing device) on a network may be addressed by a corresponding network address, such as, but not limited to, an Internet protocol (IP) address, an Internet name, a Windows Internet name service (WINS) name, a domain name or other system name”.

Appellants’ Argument 3: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “configuring routing in the first computer network to direct traffic destined for the second computer network to the third computer” as recited in independent claim 1, Claim 8, and Claim 15. 

The Examiner would like to point out that the reference Schrecker discloses in Para.23, “The network environment illustrated in FIG. 1 may be generally configured or arranged to represent any communication architecture capable of electronically exchanging packets.  In addition, private network 12 and public network 26 may also be configured to exchange packets with other networks such as, for example, other LANs.” And in Para.35, “An SSH server running an SSH server program can connect across an SSH tunnel to an SSH client running an SSH client program.  The SSH server program (also called SSH daemon) permits the SSH server to accept connections using the SSH protocol from remote computers.  The SSH client program permits the SSH client to connect to a remote computer using the SSH protocol.” And in Para.48, “scanner 30 can be a physical machine that includes scan engine 32 and configuration agent 34, as well as its own instance of SSH Server 40.  For example, scanner 30 may be implemented on a server or virtual machine that also runs an SSH server program.  In another example embodiment, scanner 30 may include an SSH server program.  In yet other embodiments, scanner 30 may be implemented on a device separate from SSH server 40.  For example, scanner 30 may be a separate network appliance that is connected to a server running an SSH server program. ” and in Para.65, “scanner configuration information may be communicated between configuration manager 24 and configuration agent 34 in scanner 30 over the first secure tunnel.  For example, configuration agent 34 may authenticate itself to configuration manager 24 or poll configuration manager 24 through port 50 (e.g., localhost:38010).  Configuration manager 24 may communicate scanner configuration information through port 62 (e.g., port number 3801).  The scanner configuration information provided by configuration manager 24 through port 62 is tunneled through the first secure tunnel (e.g., secure tunnel 36) and picked up by configuration agent 34.  In some embodiments, configuration manager 24 may recognize that scanner 30 is located outside private network 12, and may instruct scanner 30 to communicate scan information through the second port (e.g., port 52).”.  
The first computer network could be interpreted as public network and the second computer network could be interpreted as private network. As per claim of the instant application the third computer is located in the first computer network. The reference Schrecker teaches the Scanner which could be interpreted as third computer and located in the public network (the first computer network). The private network and public network is configured to exchange packets. The secure SSH tunnel is established to transmit the packets between the private network and the public network. The Scanner performs external scan of assets according to scan instructions and other scan information provided by scan controller.  Scan engine may communicate scan results and other scan information to scan controller over the 

Appellants’ Argument 4: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach the first computer, the second computer, the third computer and the forth computer as recited in independent claim 2. 

The Examiner would like to point out that the reference Schrecker teaches the first computer, the second computer, the third computer and the forth computer. The Examiner explains that in the Argument 1 and Argument 2. Also in the Fig.1, the SSH server could be interpreted as first computer, the Scanner could be interpreted as the third computer, the Configuration manager could be interpreted as the forth computer and the SSH client could be interpreted as the second computer.

    PNG
    media_image3.png
    375
    650
    media_image3.png
    Greyscale







Appellants’ Argument 5: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “providing the second machine's address in the second computer network to the first computer” as recited in independent claim 3. 
The Examiner would like to point out that the reference Schrecker teaches in Para.36, “a command such as the following on the SSH client may set a reverse SSH port forwarding from example origination port 10002 on SSH server remotehost at IP address 1.1.1.1 to example destination port 22 on SSH client: ssh -R remotehost:10002 localhost:22 1.1.1.1.  All connections to origination port 10002 at 1.1.1.1 are forwarded to destination port 22 on the protected SSH client in the private network.”
The SSH server could be interpreted as the first computer and the second computer network could be interpreted as private network and the second computer could be interpreted as SSH client. From the SH client (located in the private network), an origination port on the SSH server (located in the public network) may be opened for listening, and all connections to the origination port may be forwarded to a destination port on the SSH client.

Appellants’ Argument 6: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “wherein the tunnel comprises a secure shell (SSH) tunnel, the third computer comprises a SSH server, the fourth computer comprises a SSH client” as recited in independent claim 4. 

The Examiner would like to point out that the reference Schrecker teaches in Para.39, “secure tunnel 36 may be created from within private network 12 to public network 26 over connection 44a (e.g., from SSH client 42 to SSH server 40… Secure tunnel 38 may be created from within private network 12 to public network 26 over connection 46a (e.g., from SSH client 42 to SSH server 40))”. 




Appellants’ Argument 7: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “the first computer network comprises a virtual private cloud in a public cloud and the second computer network comprises a private network.” as recited in independent claim 5. 

The Examiner would like to point out that the reference Schrecker teaches in Para.11, “the scanner is located in a public network and the configuration manager and the scan controller are located in a private network” and in Para.27, “Public networks may encompass fully public networks, such as the Internet, and semi-private (or community) networks where multiple, disparate enterprises share a cloud infrastructure, and at least some assets within the cloud infrastructure are easily accessible to users from within and outside the cloud, and other networks not explicitly part of the private network.  In public networks generally, a substantial number of assets are typically accessible (and viewable) by any user.  For example, in the Internet network, all assets in the Internet are typically accessible by all users.  Thus, assets within private cloud 12 may access assets in public cloud 26; however, assets in public cloud 26 may not access (or even see) assets in private cloud 12, unless the assets in private cloud 12 are specifically configured to be accessible or visible externally.”. 
The second computer network could be interpreted as the private network. The Public networks may encompass fully public networks, such as the Internet, and semi-private (or community) networks where multiple, disparate enterprises share a cloud infrastructure and also a virtual private cloud in a public cloud.


Appellants’ Argument 8: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “the first computer, the second computer, the third computer, and the fourth computer are physical computers, virtual machines on physical host computers, or a combination of physical computers and virtual machines” as recited in independent claim 6. 

Para.48, “scanner 30 can be a physical machine that includes scan engine 32 and configuration agent 34, as well as its own instance of SSH Server 40” and in Para.44, “client software (e.g., SSH Client) may be installed on devices within private network 12 to facilitate creation of secure tunnels 36 and 38” and in Para.51, “a server including scan controller 22 and configuration manager 24 performs functions of SSH client 42 (e.g., connects to remote computers using the SSH protocol)”. 
The SSH server, the SSH client, the Scanner and the Configuration manager are obviously physical computers, virtual machines on physical host computers, or a combination of physical computers and virtual machines.
 


Appellants’ Argument 9: 
The Applicant stated that the reference Schrecker in view of Fausak failed to teach “configuring routing in the first computer network comprising configuring a routing table of a router in the first computer network” as recited in independent claim 7. 

The Examiner would like to point out that the reference Schrecker teaches in Para.23, “private network 12 and public network 26 may also be configured to exchange packets with other networks such as, for example, other LANs.  Other common network elements (e.g., email gateways, web gateways, routers, switches, loadbalancers, firewalls, etc.), may also be provisioned in the networks where appropriate and based on particular needs” and in Para.46, “gateways, routers, switches, and any other suitable network elements may be used to facilitate electronic communication between the various nodes… configuration capable of transmission control protocol/internet protocol (TCP/IP) communications for the transmission and/or reception of packets in the network.  The network could also operate in conjunction with a user datagram protocol/IP (UDP/IP) or any other suitable protocol, where appropriate and based on particular needs”. 



Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.

/NORMIN ABEDIN/Primary Examiner, Art Unit 2449                                                                                                                                                                                                        

Conferees: 
/HERMON ASRES/             Primary Examiner, Art Unit 2449                                                                                                                                                                                           
/ATTA KHAN/             Primary Examiner, Art Unit 2449