Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is in response to Applicant’s amendment submitted on March 30, 2021.
Claims 1-11, 13-20 are pending in the application.

Information Disclosure Statement

	The information disclosure statement (IDS) submitted on October 13, 2020 and March 30, 2021 are in compliance with the provisions of 37 CFR 1.97, and accordingly, the IDS have been considered by the examiner.  

Response to Arguments/Remarks
Claim Objections
Claims 11-13 were objected to because the acronym “SSH” should be written in its entirety at least once to clearly indicate claimed subject matter without adding new matter.  Applicant has not addressed the objection, and therefore, the objection has been maintained.

Claim Rejections - 35 USC § 103
Claims 1, 6-7, 14, 19-20 were rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy et al. US Patent Publication No. 2019/0268381 in view of Burch et al. US Patent Publication No. 2015/0200928.
Applicant amended the independent claims to include the subject matter of claim 12, and changed the subject matter from “internal private network of the standalone e-discovery machine” to “internal private network associated with the standalone e-discovery machine.”  Applicant’s amendment does not place the independent claims in allowable form because the subject matter incorporated into the independent claim differs in scope from prior claim 12.  The meaning of the standalone e-discovery machine” differs from “internal private network associated with the standalone e-discovery machine” and the amendment changes scope.  Prior claim 12 also expressly recited that the connection to the SSH server permits the client-based client access to an internal private network of the standalone e-discovery machine.  Furthermore, the amendment did not incorporate intervening claim 11.

Claim Objections
Claims 1 and 11 are objected to because of the following:
Regarding claim 1, the acronym “SSH” should be written in its entirety, without adding new matter, at least once to clearly indicate claimed subject matter.
Regarding claim 11, the claim does not comply with 37 CFR 1.121, which requires text of removed subject matter to be shown by strike-through and text of added subject matter to be shown by underlining.  The claim has been amended to change “an SSH server” to “the SSH server” in the step of receiving a port configuration without any markings.  In the interest of compact prosecution and avoid an issue of the notice of non-compliance, “the SSH server” has been interpreted as “an SSH server” because the claim has not been properly amended by markings.  Applicant is required to revert the language back to “an SSH server.”  Failure to do so may result in the issuance of a notice of non-compliance.
Applicant should also amend the claim with markings to change “an SSH server” to “the SSH server” to provide clear antecedent basis for “the SSH server” in “initiating the connection to the SSH” because claim 1 has been amended to recite “an SSH server.”  

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 6-7, 14, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy et al. US Patent Publication No. 2019/0268381 (“Narayanaswamy”) in view of Burch et .

Regarding claim 1, Narayanaswamy teaches a computer-implemented method to initiate an external connection from a standalone e-discovery machine comprising: 
presenting a user with an interface page generated by the standalone e-discovery machine (para. [0153] network security system 120.  para. [0157] web-delivered interface provided by the network security system 120.  para. [0296] analyzer 194 performing e-discovery 400B on a cloud service 142.  para. [0343]); 
establishing an outbound connection from the standalone e-discovery machine to a cloud network (para. [0154] provide secure interfacing with cloud services); 
accessing, at the standalone e-discovery machine, a virtual private network (VPN) component within the standalone e-discovery machine to communicate with a cloud-based client (para. [0154] communications can occur, e.g. VPN); and 
interfacing with the cloud-based client from the standalone e-discovery machine via the VPN component (para. [0154] communications can occur, e.g. VPN.  para. [0296] analyzer 194 performing e-discovery 400B on a cloud service 142).
Narayanaswamy does not expressly teach the cloud network being configured to dynamically provision a cloud-based client in response to the outbound connection.
Narayanaswamy discloses establishing a VPN connection with the cloud network but does not expressly teach accessing, at the standalone e-discovery machine, a virtual private network (VPN) server.
Narayanaswamy does not expressly teach wherein the outbound connection initiates a connection to an SSH server and permits the cloud-based client access to an internal private network associated with the standalone e-discovery machine.
Burch teaches a cloud network being configured to dynamically provision a cloud-based client in response to an outbound connection (para. [0021] cloud service receives a VM request from a portal 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Burch’s disclosure such that the cloud network of Narayanaswamy is configured to dynamically provision a cloud-based client in response to an outbound connection and the security system of Narayanaswamy is configured with a VPN server that communicates with the cloud-based client.  One of ordinary skill in the art would have been motivated to do so in order to have provided VMs on demand for servicing client requests and providing SSL VPN communication session with the VMs.
Schrecker teaches an outbound connection that initiates a connection to an SSH server and permits a cloud-based client access to an internal private network associated with a machine (para. [0019] cloud-based scanners.  para. [0035] permits the SSH server to accept connections using the SSH protocol from remote computers.  para. [0039] secure tunnel 36 may be created from within private network 12 to public network 26… e.g., from SSH client 42 to SSH server 40.   scan engine 32… initiate and maintain communication over connection 46b).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Schrecker’s disclosure such that a connection to the SSH server is initiated and the cloud service includes a cloud-based client of Schrecker that is permitted access to a private network associated with the machine, i.e. system of Narayanaswamy.  One of ordinary skill in the art would have been motivated to do so because Narayanaswamy describes providing use of available cloud services and maintaining security.  It would have been beneficial to have provided a cloud service of scanning in order to have discovered vulnerabilities in the system.



a memory storing executable instructions confirmed to perform operations; and 
a processor configured to execute the instructions to initiate an external virtual private network (VPN) connection to a remote cloud network, wherein the processor is further configured to execute the instructions to: 
present a user with an interface page generated by the standalone e-discovery apparatus (para. [0153] network security system 120.  para. [0157] web-delivered interface provided by the network security system 120.  para. [0296] analyzer 194 performing e-discovery 400B on a cloud service 142.  para. [0343]), 
establish an outbound connection from the standalone e-discovery apparatus to the cloud network (para. [0154] communications can occur, e.g. VPN), 
access, at the standalone e-discovery apparatus, a virtual private network (VPN) component within the standalone e-discovery apparatus to communicate with a cloud-based client, and interfaces with the cloud-based client from the standalone e-discovery apparatus (para. [0154] communications can occur, e.g. VPN.  para. [0296] analyzer 194 performing e-discovery 400B on a cloud service 142).
Narayanaswamy does not expressly teach the cloud network being configured to dynamically provision a cloud-based client in response to the outbound connection.
Narayanaswamy discloses establishing a VPN connection with the cloud network but does not expressly teach accessing, at the standalone e-discovery machine, a virtual private network (VPN) server.
Narayanaswamy does not expressly teach wherein the outbound connection initiates a connection to an SSH server and permits the cloud-based client access to an internal private network associated with the standalone e-discovery machine.
Burch teaches a cloud network being configured to dynamically provision a cloud-based client in response to an outbound connection (para. [0021] cloud service receives a VM request from a portal server.  para. [0025] cloud service instantiates an instance of a VM.  Para. [0036] VM’s dynamically instantiated by cloud service) and accessing, at a machine, a VPN server within the machine to 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Burch’s disclosure such that the cloud network of Narayanaswamy is configured to dynamically provision a cloud-based client in response to an outbound connection and the security system of Narayanaswamy is configured with a VPN server that communicates with the cloud-based client.  One of ordinary skill in the art would have been motivated to do so in order to have provided VMs on demand for servicing client requests and providing SSL VPN communication session with the VMs.
Schrecker teaches an outbound connection that initiates a connection to an SSH server and permits the cloud-based client access to an internal private network associated with a machine (para. [0019] cloud-based scanners.  para. [0035] permits the SSH server to accept connections using the SSH protocol from remote computers.  para. [0039] secure tunnel 36 may be created from within private network 12 to public network 26… e.g., from SSH client 42 to SSH server 40.   scan engine 32… initiate and maintain communication over connection 46b).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Schrecker’s disclosure such that a connection to the SSH server is initiated and the cloud service includes a cloud-based client of Schrecker that is permitted access to a private network associated with the machine, i.e. system of Narayanaswamy.  One of ordinary skill in the art would have been motivated to do so because Narayanaswamy describes providing use of available cloud services and maintaining security.  It would have been beneficial to have provided a cloud service of scanning in order to have discovered vulnerabilities in the system.

Regarding claim 6, Narayanaswamy in view of Burch and Schrecker teach the computer-implemented method of claim 1, wherein the standalone e-discovery machine is integrated into a local network of an enterprise using a physical network connection (Narayanaswamy: para. [0154] private 

Regarding claim 7, Narayanaswamy in view of Burch and Schrecker teach the computer-implemented method of claim 1, wherein the standalone e-discovery machine is integrated into a local network of an enterprise using a wireless network connection (Narayanaswamy: para. [0154] private network, LAN.  connections between components (e.g., for data communication) can be wired and/or wireless).

Regarding claim 19, Narayanaswamy in view of Burch and Schrecker teach the apparatus of claim 14, wherein the standalone e-discovery apparatus is integrated into a local network of an enterprise using a physical network connection (Narayanaswamy:  para. [0154] private network, LAN.  connections between components (e.g., for data communication) can be wired and/or wireless).

Regarding claim 20, Narayanaswamy in view of Burch and Schrecker teach the apparatus of claim 14, wherein the standalone e-discovery apparatus is integrated into a local network of an enterprise using a wireless network connection (Narayanaswamy:  para. [0154] private network, LAN.  connections between components (e.g., for data communication) can be wired and/or wireless).

Claim 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Burch, Schrecker, and Fan et al. US Patent Publication No. 2013/0117218 (“Fan”).

Regarding claim 2, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein presenting the interface page comprises generating an HTML-based page or Java-based page that allows the user to indicate that the user wants the e-discovery machine to initiate the outbound connection.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Fan’s disclosure of generating an HTML-based page that allows a user to indicate that the user wants an e-discovery machine to initiate the outbound connection.  One of ordinary skill in the art would have been motivated to do so for benefits of providing an interface to assist users in initiating and managing an eDiscovery process.

Regarding claim 15, the claim is an apparatus claim corresponding to claim 2 and comprising similar subject matter.  Therefore, claim 15 is rejected under a similar rationale as claim 2.	

Claims 3-5, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Burch, Schrecker, and Ardolino US Patent Publication No. 2009/0064279 (“Ardolino”).

Regarding claim 3, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein accessing the VPN server comprises not changing network firewall configurations of the local network to which the e-discovery machine is connected.
Ardolino teaches not changing firewall configurations of a local network to which a machine is connected (para. [0012] dynamic VPN is initiated.  para. [0028] local network… through a router/firewall.  to use any other port would require changes to the firewall and/or router.  port 80 is used exclusively).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Ardolino’s disclosure of establishing a VPN 

Regarding claim 4, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein accessing the VPN server comprises not changing port configurations of the local network to which the e-discovery machine is connected.
Ardolino teaches not changing port configurations of a local network to which a machine is connected (para. [0012] dynamic VPN is initiated.  para. [0028] local network… through a router/firewall.  to use any other port would require changes to the firewall and/or router.  port 80 is used exclusively).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Ardolino’s disclosure of establishing a VPN connection without changing network port configurations of a local network.  One of ordinary skill in the art would have been motivated to do so for similar benefits of simplifying establishing a VPN connection and reducing possible security breaches.

Regarding claim 5, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein accessing the VPN server comprises not changing network firewall or port configurations of the local network to which the e-discovery machine is connected.
Ardolino teaches not changing network firewall or port configurations of a local network to which a machine is connected (para. [0012] dynamic VPN is initiated.  para. [0028] local network… through a router/firewall.  to use any other port would require changes to the firewall and/or router.  port 80 is used exclusively).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Ardolino’s disclosure of establishing a VPN 

Regarding claims 16-18, the claims are apparatus claims corresponding to claims 3-5, and comprising similar subject matter.  Therefore, claims 16-18 are rejected under a similar rationale as claims 3-5.	

Claim 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Burch, Schrecker, and Crews US Patent Publication No. 2017/0068682 (“Crews”).

Regarding claim 8, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein the standalone e-discovery machine includes archival data storage. 
Crews teaches a standalone e-discovery machine that includes archival data storage (para. [0021] server system 108 may include or access online storage 110 and nearline storage 112.  para. [0023] documents… may be stored in of the online storage and nearline storage 112.  para. [0050] persistently stored).  Crews comes from a similar field of endeavor of performing eDiscovery.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Crews’ disclosure such that the machine of Narayanaswamy includes archival data storage.  One of ordinary skill in the art would have been motivated to do so in order to have provided storage of relevant documents and quick retrieval of the documents.

Regarding claim 9, Narayanaswamy does not teach the computer-implemented method of claim 8, wherein the archival data storage includes local storage of litigation-related data and documents.
Crews teaches archival data storage that includes local storage of litigation-related data and documents (para. [0018],[0023] documents… may be stored in of the online storage and nearline storage 112.  documents to produce in the contest of litigation).  It would have been 

Regarding claim 10, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein the standalone e-discovery machine has an integrated e-discovery software application configured to perform e-discovery processes locally within the standalone e-discovery machine.
Crews teaches a standalone e-discovery machine that has an integrated e-discovery software application configured to perform e-discovery processes locally within the standalone e-discovery machine (fig. 1.  Ediscovery engine 114.  para. [0024] indexing module 120 that analyzes each document and extracts relevant information).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy by implementing Crews’ disclosure of an integrated e-discovery software application configured to perform e-discovery processes locally within the standalone e-discovery machine.  One of ordinary skill in the art would have been motivated to do so for a similar benefit of identifying relevant information and other metadata within documents.  

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Burch, Schrecker, and Govardhan US Patent No. 10,754,678 (“Govardhan”).

Regarding claim 11, Narayanaswamy does not teach the computer-implemented method of claim 1, wherein establishing the outbound connection includes operations of:  sending an external HTTP request that creates a support ticket and provisions a support virtual machine; obtaining information about the support virtual machine relating to the support ticket; receiving an IP address of the support virtual 
Burch teaches: sending an external HTTP request that creates a support ticket and provisions a support virtual machine (para. [0021] VM request, HTTP.  para. [0025] instantiates an instance of a VM.  para. [0032] IP address, port number, and the secure token); obtaining information about the support virtual machine relating to the support ticket (para. [0025] VM is to be accessed… IP address and communication port number); receiving an IP address of the support virtual machine (para. [0025] VM is to be accessed… IP address and communication port number).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Burch’s disclosure of provisioning a virtual machine.  One of ordinary skill in the art would have been motivated to do so in order to have provided VMs on demand for servicing client requests and providing SSL VPN communication session with the VMs.
Govardhan teaches receiving a port configuration of an SSH server related to a virtual machine; and initiating a connection to the SSH server (col. 4, lines 29-31.  create a tunnel (e.g., secure shell (SSH) tunnel) with the virtual instance host 170.  col. 5, lines 29-30.  establishes 315 an SSH tunnel connection with a virtual machine instance, and establish a forward port to cast the virtual machine instance).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Narayanaswamy, Schrecker, and Burch with Govardhan’s disclosure of establishing an SSH tunnel.  One of ordinary skill in the art would have been motivated to further implement Govardhan because Schrecker discloses providing a connection to the SSH server, and Govardhan would have provided configuration information to establish a secure communication with the virtual machine.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Burch, Schrecker, Govardhan, and Claes US Patent No. 10,313,305 (“Claes”).


Schrecker teaches a connection to the SSH server capable of supporting a tunnel connection to allow the cloud-based client to perform activities on the machine (para. [0018] scan assets. para. [0019] cloud-based scanners.  para. [0035] permits the SSH server to accept connections using the SSH protocol from remote computers.  para. [0039] secure tunnel 36 may be created from within private network 12 to public network 26… e.g., from SSH client 42 to SSH server 40.   scan engine 32… initiate and maintain communication over connection 46b).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy with Schrecker’s disclosure such that the connection supports a tunnel connection to perform scanning activities on the system of Narayanaswamy.  One of ordinary skill in the art would have been motivated to do so because Narayanaswamy describes providing use of available cloud services and maintaining security.  It would have been beneficial to have implemented Schrecker’s cloud based scanning in order to have discovered vulnerabilities in the system.
Schrecker does not expressly teach that the connection is a VPN tunnel connection.  Claes teaches a connection to a SSH server capable of supporting a VPN tunnel connection (col. 11, lines 8-11.  VPN connection can be generated, i.e. established, in the SSH tunnel).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Narayanaswamy, Burch, and Schrecker with Clae’s disclosure of utilizing a VPN tunnel connection in a SSH tunnel.  One of ordinary skill in the art would have been motivated to do so because Burch describes establishing a VPN session with a VPN, and it would have been beneficial to establish a VPN connection in a SSH tunnel for secure communications (Schrecker: para. [0016] reverse Secure Shell (SSH) tunnel.  SSH is a network protocol for secure communication).


Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Joshua Joo whose telephone number is 571 272-3966.  The examiner can normally be reached on Monday-Friday 7am-3pm EST.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).




/JOSHUA JOO/Primary Examiner, Art Unit 2445