DETAILED ACTION
Reissue Applications
For reissue applications filed, before September 16, 2012, all references to 35 U.S.C. 251 and 37 CFR 1.172, 1.175, and 3.73 are to the law and rules in effect on September 15, 2012.  Where specifically designated, these are “pre-AIA ” provisions.  
For reissue applications filed on or after September 16, 2012, all references to 35 U.S.C. 251 and 37 CFR 1.172, 1.175, and 3.73 are to the current provisions.  
Applicant is reminded of the continuing obligation under 37 CFR 1.178(b), to timely apprise the Office of any prior or concurrent proceed-ing in which Patent No. 9,935,958 (the ‘958 patent) is or was involved. These proceedings would include interferences, reissues, reexaminations, and litigation. 
Applicant is further reminded of the continuing obligation under 37 CFR 1.56, to timely apprise the Office of any information, which is mate-rial to patentability of the claims under consideration in this reissue appli-cation.
These obligations rest with each individual associated with the filing and prosecution of this application for reissue. See also MPEP §§ 1404, 1442.01 and 1442.04.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/02/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the examiner is considering the information disclosure statement.


Reissue Declaration
The reissue oath/declaration filed with this application is defective because it fails to identify at least one error, which is relied upon to support the reissue application. See 37 CFR 1.175  and MPEP § 1414.  
The MPEP with respect to the error in the declarations in reissue applications states that “[I]n identifying the error, it is sufficient that the reissue oath/declaration identify a single word, phrase, or expression in the specification or in an original claim, and how it renders the original patent wholly or partly inoperative or invalid.” [Emphasis added] (Id., MPEP at 1414 (II.)(B.))
In the declaration filed on 07/01/2020, the error statement indicates the following:
“Inventor seeks reissue to amend claim 1 to recite a system for reverse access comprising, among others, a DMZ server configured to receive an established outbound connection from a LAN server, and to route said established outbound connection to requests. The amended claim language clarifies the use of “said requests” and “established outbound connection” to better describe the claimed invention. Inventor seeks reissue to amend claim 3 in a similar manner. Inventor seeks reissue to add new dependent claims 5-6. Inventor also seeks reissue to add new claims 7-28 to broaden the scope of the claim coverage and correct the error of claiming less than what the inventor is entitled for the invention.” (Id.)

MPEP states in part, “[I]n identifying the error, it is sufficient that the reissue oath/declaration identify a single word, phrase, or expression in the specification or in an original claim, and how it renders the original patent wholly or partly inoperative or invalid.” (MPEP 1414 (II.) (B.)) The MPEP also states in part, “[A]ny error in the claims must be identified by reference to the specific claim(s) and the specific claim language wherein lies the error.” (MPEP 1414 (II.) (B.)) The examiner notes that, while the statement in the present declaration identify how the claim is amended, nevertheless fails both requirement, i.e. fails to identify the error with reference to specific claim and specific claim language, and fails to explain how the error renders the original patent to be wholly or partly inoperative or invalid. 


Claims 1-28 are rejected as being based upon a defective reissue declaration under 35 U.S.C. 251 as set forth above.  See 37 CFR 1.175.
The nature of the defect(s) in the declaration is set forth in the discussion above in this Office action.  

Objection to the Specification
6.	Examiner notes that the specification include numbers that are not reference to anything within the specification. Example of such numbers are, “The DMZ (20) 5 which includes the DMZ Server (21),” (Id., at 1:67 – 2:1), “DMZ: De-5 Militarized Zone (20)” (Id., at 2:18), and/or “The LAN Controller (32) establishes outbound 15 TCP based connection (41) to the DMZ Stack Pool Service (22).” (Id., at 2:49-51) While the above examples are not to be exhaustive of such issue, Applicant is requested to review the specification and correct such issues.
	For purpose of examination, these numbers will be ignored.   

Objection to the Claims
7.	In all the independent claims 1, 3, 7, 9, and 13, the appearance of the acronym LAN is first displayed and then the abbreviation is used throughout the claim. Independent claim 20 

Objection to the Drawings
8.	The drawing is objected to under 37 CFR 1.83(a)  because they fail to show the feature of “roue[ing] an established outbound connection to said request.” in the claim. The specification with respect to this limitation states, “The DMZ Server (21) then creates a Connection Binder in the DMZ Server between the incoming Client 10 Request (that is stored in the DMZ Stack Pool Service (22)) and the outbound connection (42) arriving from the LAN Server (31), and by that completes the route of the Client Request.” (Id., at 2:65 – 3:3) However, the drawing does not show how the outbound connection 42 arriving from the LAN server is routed to client request 11, as described in the specification. Any structural detail that is essential for a proper understanding of the disclosed invention should be shown in the drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
Additionally, the drawing are objected to claims 5, 6, requires “plurality of established outbound connections”, but the drawing (Fig. 1) shows “outbound TCP/IP only”. Moreover, claims 9, 11 and 12 recite, “first”, “second”, “third”, and “fourth”  TCP connection, but the 
Furthermore, claims 13-19 recite “first processor”, and “second processor,” the drawing does not show any processor, first, second, or otherwise.
  
Claim Interpretation
9.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification, as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:


(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed functions, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Re: Claims 1, 2, 5 and 7-8
Claims 1, 7 and 27 recites, (1) “a local area network (LAN) Controller configured to check for existence in said DMZ Stack Pool Service of said requests, wherein said checking is performed at the TCP/IP level and said LAN Controller is located in a LAN; and (2) a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests [to said client].”  
The examiner determines that the above limitations uses a placeholder such as “a local area network (LAN) Controller configured to …; a DMZ server configured to”.  Therefore, this limitation meets prong A. In addition, each placeholder is followed by some function as recited in the claim. Therefore, the limitation meets prong B. The examiner further determines that in each case, the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, in each case the limitations meet prong C. 
In view of the above analysis, the examiner considers that the above claimed phrases to invoke 112 6th paragraph. In accordance with MPEP § 2181.II, after a claimed phrase has been shown to invoke 35 U.S.C. § 112, sixth paragraph, the next step is to determine the corresponding structure, material, or act as described in the specification. 
As to the “a local area network (LAN) Controller”, that perform the functions in claim 1, the examiner notes that the specification discloses: 
“One of the innovative aspects of the System is that the LAN Controller (32) constantly, and/or on a predefined set of time basis, checks for Client Requests stored in the DMZ Stack Pool Service (22).” (Id., at 2:51-54) 

Later the specification states:

“The LAN Controller (32) permanently or periodically queries the DMZ Stack Pool Service (22) for incoming Client Requests. The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31), without changing the data that the Client Requests contains.” (Id., at 3:14-18)
As seen from the above portion, the specification, using language similar to the claim language in describing the functions performed by the “LAN controller” and the DMZ server in 
Dependent claims 2 and 5 adds more functionality to the functions in claim 1, that the computer programs and sensitive data of the LAN server of claim 1 and that the established outbound connections are a plurality of established outbound connections. 
It is for that reason claims 1, 7 and 27, and dependent claims 2, 5, and 8 are rejected under 35 U.S.C. § 112 second paragraph as being indefinite and under 35 USC 112 first paragraph for failing to comply with written description requirement, as will be discussed further infra. 

Re: Claims 13, 15, 17, 18, 19, 22, 24, 25 and 26
Claim 13 recites, “a first processor residing within the LAN programmed to create at least one TCP/IP connection to a second processor external to said LAN through an outbound port, wherein said first processor is configured to receive via the second processor a request from a client for access to the resources within the LAN at the TCP/IP level; and wherein said first processor enables said client to access said resources via the second processor at the TCP/IP level through the at least one TCP/IP connection.” 
Applying the three prong analysis, the examiner determines that the above limitations uses a placeholder such as “said first processor is configured to …;” in claims 13, and 18 “the second processor configured to …;” in claims 15, 17 and 19. These limitation do not meet prong A because a [the] “processor” is a well know structure for performing many functions and does not invoke 112 (f). However, as to the functions performed by these processors, as will be shown infra in the rejection of claims under 35 USC 112 first ¶, there is no insufficient written description support for the functions performed by those processors, because claim 13 is directed to “a first processor residing within the LAN programmed” to do functions recited in the claim, and there is insufficient written description support for the detail of the program (algorithm or step/procedure) for performing the functions recited in claims 13, 15, 17, 18 and 19.    

Re: Claims 22, 24, 25 and 26
As to claims method claims 22, 24, 25 and 26 the examiner determines that the above limitations uses a placeholder such as “the server configured to ….  Therefore, this limitation meets prong A. In addition, each placeholder is followed by some function as recited in the claim. Therefore, the limitation meets prong B. The examiner further determines that in each case, the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, in each case the limitations meet prong C. 
In view of the above analysis, the examiner considers that the above claimed phrases to invoke 112 6th paragraph. In accordance with MPEP § 2181.II, after a claimed phrase has been shown to invoke 35 U.S.C. § 112, sixth paragraph, the next step is to determine the corresponding structure, material, or act as described in the specification. 
However as stated in the analysis of claims 15, 17, 18 and 19, the specification does not adequately describe the structure and/or algorithm (or flow chart and step procedure) associated with the functions recited in those claims. The specification uses similar wording used in the claims.  
Applicant may argues that the structure of  “a server” is well known in that art and a person of ordinary skill in the art would recognize that the claimed invention is programmed in 
“[F]or a computer-implemented 35 U.S.C. 112(f)  claim limitation, the specification must disclose an algorithm for performing the claimed specific computer function, or else the claim is indefinite under 35 U.S.C. 112(b) (b). See Net MoneyIN, Inc. v. Verisign. Inc., 545 F.3d 1359, 1367 (Fed. Cir. 2008). See also In re Aoyama, 656 F.3d 1293, 1297, 99 USPQ2d 1936, 1939 (Fed. Cir. 2011) ("[W]hen the disclosed structure is a computer programmed to carry out an algorithm, ‘the disclosed structure is not the general purpose computer, but rather that special purpose computer programmed to perform the disclosed algorithm.’") (quoting WMS Gaming, Inc. v. Int’l Game Tech., 184 F.3d 1339, 1349, 51 USPQ2d 1385, 1391 (Fed. Cir. 1999)).” 

Indeed if any general-purpose “server” is capable of performing the claimed function, then this would entail that the function is well known in the art, since any conventional “server”, can perform the claimed function. 
Additionally, for computer-implemented means-plus-function claim limitation invoking 35 U.S.C. 112(f) the Federal Circuit has stated that, “a microprocessor can serve as structure for a computer-implemented function only where the claimed function is ‘coextensive’ with a microprocessor itself." EON Corp. IP Holdings LLC v. AT&T Mobility LLC, 785 F.3d 616, 622, citing In re Katz Interactive Call Processing Patent Litigation, 639 F.3d 1303, 1316 (Fed. Cir. 2011). "‘It is only in the rare circumstances where any general-purpose computer without any special programming can perform the function that an algorithm need not be disclosed.’" EON Corp., 785 F.3d at 621, quoting Ergo Licensing, LLC v. CareFusion 303, Inc., 673 F.3d 1361, 1365 (Fed. Cir. 2012). "‘[S]pecial programming’ includes any functionality that is not ‘coextensive’ with a microprocessor or general purpose computer." EON Corp., 785 F.3d at 623 (citations omitted). "Examples of such coextensive functions are ‘receiving’ data, ‘storing’ data, and ‘processing’ data—the only three functions on which the Katz court vacated the district court’s decision and remanded for the district court to determine whether disclosure of a Id. at 622. Thus, "[a] microprocessor or general purpose computer lends sufficient structure only to basic functions of a microprocessor. All other computer-implemented functions require disclosure of an algorithm." Id. In the present situation, the functions recited in the claims are special programming that are not ‘coextensive’ with a “server” or a general-purpose computer. 
For all the above reasons, the examiner believes that, claims 1-6, 7-8, 13-19, 22, 24, and  25-27 should be rejected under 112 second and first ¶ as will be discussed infra. 

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f)  or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f)  or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f)  or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
10.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


As set forth above with respect to the examiner’s claim interpretation of various limitations under 35 U.S.C. 112 6th paragraph, the examiner determined that the claims recite various phrases such as “LAN controller configured to”, and “DMZ server configured to” (in claims 1, 7 and 27), and “first processor configured to ”and “second processor configured to” (in claims 13, 15, 17, 18 19 ), and “server configured to” (in claims 22, 24, 25 and 26) for performing various claimed functions. 
	As to the structure corresponding to these elements, the specification of the ‘958 patent, although discussing the function related to these elements, does not appear to disclose the corresponding structure and/or algorithm (or step/procedure) corresponding to these claimed means. [Emphasis added] A review of the specification provides further details as to the claimed functions, however, the examiner cannot ascertain any physical structure and/or algorithm, which corresponds to these claimed elements. For all the reasons set forth above, the examiner determines that the specification does not clearly discloses the structure and/or algorithm (in the form of step/procedure or flow chart) to perform the corresponding functions in those claims. Therefore, the examiner finds that each of claims 1-4, and new claims 5-28 are indefinite. 

For purposes of prior art rejections, the examiner has interpreted each of the above claimed limitations invoking 112 (f) in accordance with the broadest reasonable interpretation. 

In addition to the above, claim 1 is rejected under 35 USC 112 second paragraph because the claim recites, “wherein said requests are stored at the TCP/IP level.” There is no antecedent basis for “the TCP/IP level.” 
The claim is additionally rejected because the claim recite, “the DMZ Stack Pool Service being arranged to store requests received from a client.” The claim later recite, “a local area network (LAN) Controller configured to check for existence in said DMZ Stack Pool Service of said requests.” The claim is indefinite because, it is unclear whether the “request” is part of the “DMZ stack pool service” or the “DMZ stack pool service” is part of the “request.”
Claim 1 is further rejected under 35 USC 112 second paragraph because “checking at TCP/IP level” is indefinite. 
Claim 1 is also rejected because the claim recite, “wherein said checking is performed at the TCP/IP level and said LAN Controller is located in a LAN.” The phrase is indefinite because, it is unclear whether the “[a] LAN” is the same or different from the LAN associated with the “LAN controller” recited earlier.
Claim 1 is rejected for the reason that the claim recite, “a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN.” It is unclear whether “[said] LAN” is referring to which of the LAN recited earlier. The LAN associated with the controller or the “[a] LAN” recited later in the claim. Additionally, it is 31).” Does not say that LAN has multiple servers.
Moreover, the claim recite that the “and to route said established outbound connection to said request.” It is unclear what routing outbound connection to a request meant to be or what it is to be interpreted. The request is stored at the DMZ (See the previous limitation “the DMZ stack pool protocol is arranged to store requests). It is unclear what does routing outbound connection to the request means. 
Claim 3 recite the same two limitations and is rejected for the same reasons.
  
Claim 1 is rejected under 35 USC 112 second paragraph because the claim recite, “a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests.” This limitation is confusing. The specification states, “The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31).” It appears that the DMZ accept the requests and route them [the requests] to the LAN server, not DMZ server “rout [said established outbound connection] to said requests.” This is totally the opposite of what is taught in the specification. 
Claim 1 is rejected because the claim refers to “TCP/IP” level, while there is no definition for this term in the specification. Therefore, it is unclear what the terms “TCP/IP level” (e.g., “stored at the TCP/IP level”, “performed at the TCP/IP level,” and “occurs at the TCP/IP level”) is to be interpreted.   


Claim 3 recites, “receiving an established outbound connection from a LAN server of said LAN and routing the established outbound connection to said requests [to said client].” This limitation is confusing. The specification states, “The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31).” It appears that the DMZ accept the requests and route them [request] to the LAN server, not DMZ server “rout [said established outbound connection] to said request.” This is totally the opposite of what is taught in the specification. 
Claim 3 is rejected under 35 USC 112 second paragraph because the claim refers to “TCP/IP” level, while there is no definition for this term in the specification. Therefore, it is unclear what the terms “TCP/IP level” (e.g., “stored …at the TCP/IP level”, “checking at the TCP/IP level,” and “occurs at the TCP/IP level”) is to be interpreted.  
Claim 7 recite, “the DMZ Stack Pool Service being arranged to store requests received from a client.” The claim is vague because, it is unclear who is arranging storing of the request received in the DMZ. Of the three elements, the “LAN controller”, the “DMZ server” and/or “DMZ service” who is responsible for arranging the storage of the TCP/IP connection. 
Claim 7 is rejected because the claim recite “said LAN Controller establishing an outbound TCP connection with said DMZ stack pool service.” It appears that the claim should read, “said LAN Controller establishing an outbound TCP/IP connection with said DMZ stack pool service.” The reason is because the DMZ stack pool protocol service store TCP/IP 
Claim 9 recite, “storing requests received from a client, wherein TCP/IP connection information of said requests are stored in a De-Militarized zone (DMZ) Stack Pool Service.” This limitation is vague, as to it is unclear whether the request is stored with the TCP/IP information of the request in the “DMZ stack pool protocol” or a separate location.
 Claim 11 uses “TCP outbound connection” and “TCP/IP outbound connection” interchangeably. It is unclear whether “a “TCP outbound connection” and “TCP/IP outbound connection” as the same or different. Applicant is advised to use same terminology throughout all the claims.
Claim 9 recite, “first outbound TCP connection” and “second outbound TCP connection”, while claim 11 (which by default include limitations in claim 9) recite “third TCP/IP connection”, and “fourth TCP/IP connection.” It is unclear whether the “TCP outbound connection” (appears as sequence of first and second in claim 9) is the same type of  “TCP/IP outbound connection” (appears as sequence of third and fourth)  or different.     
Claim 13 first recites “server”, later the claim is directed to “said LAN.” There is no antecedent basis for the “LAN server.” 
Claim 13 is rejected for the reason that the claim, in the preamble recite “A system for providing a secured connection between a server residing on a local area network (LAN) and resources connected to said LAN server, and clients on a wide area network (WAN) where a firewall protects the LAN server from unauthorized inbound connections,” however, the claim does not recite “server” in the body of the claim. It is unclear how any secure connection is   
Claim 13 is further rejected because; the preamble is directed to “connection between a server residing on a local area network (LAN) and resources connected to said LAN, and client on wide area network (WAN).” Later the claim recite “ a first processor residing within the LAN programmed to create at least one TCP/IP connection to a second processor external to said LAN through an outbound port”. The claim is indefinite because, the preamble is directed to providing connection between a server and client, while the body of the claim is providing connection between the first processor and a second processor. It is unclear whether the connection is provided between “servers” or “processors.”
Claim 13 is also rejected because, the claim recite, “a first processor residing within the LAN programmed to create at least one TCP/IP connection to a second processor external to said LAN through an outbound port.” The claim further recite, “and wherein said first processor enables said client to access said resources via the second processor at the TCP/IP level through the at least one TCP/IP connection.” It is unclear whether the “at least one TCP/IP connection” created in the first statement is the same or different as “the at least one TCP/IP connection” or a different one. It cannot be different, because if the first one is at least one, the second one cannot be a different one because only one TCP/IP is created. Claim 18 recite the same limitation, i.e., “at least one TCP/IP connection”, and is rejected for the same rational.
Claim 20 first recites, “receiving, by a server residing outside of said LAN, a request from a client for access to said service.” Later the claim recites, “relaying, by the server residing outside of said LAN, the request for access to said LAN at the TCP/IP level.” It is unclear access to said LAN” 
Claim 24 is rejected because the claim recite, “wherein the server is configured to receive the request from the client for access from the WAN.” However the request is from the client is for access from the “WAN”.  It is unclear when the request for access to service resided in the LAN, or the request is made for access to WAN.  
Claim 25 is rejected because the claim recite, “wherein the service is configured to send a response to the request to the server through the TCP/IP connection.” It appears that the claim should read as, ““wherein the server is configured to send a response to the request to the service through the TCP/IP connection.” [Emphasis added] If not, Applicant should provide explanation as to how “service” may send a response to the requests to a server. 


Claim Rejections - 35 USC § 112
12.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

13.	Original claims 1-4, and new claims 5-28, are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, for failing to comply with written description 
With respect to claims 1-2, and new claims 5, 7-8, 13-19, 22, 24, 25, 26 and 27, as described above, the specification of the ‘958 patent does not provide adequate structure and/or algorithm to perform the various claimed functions as recited in those claims [Emphasis added] (See the Claim Interpretation analysis, and 35 USC § 112 second paragraph analysis, supra). The specification does not demonstrate that applicant has made an invention that achieves the claimed function because the specification does not describe with sufficient detail such that one of the ordinary skill in the art can reasonably conclude that the inventors had possession of the claimed invention.  
When rendering patentability determinations, the Office may not disregard the structure disclosed in the specification corresponding to the means-plus-function language. In cases involving a special purpose computer-implemented means-plus-function limitation, the Federal Circuit has consistently required that the structure be more than simply a general-purpose computer or microprocessor and that the specification must disclose an algorithm for performing the claimed function. See, e.g., Noah Systems Inc. v. Intuit Inc., 675 F.3d 1302, 1312, 102 USPQ2d 1410, 1417 (Fed. Cir. 2012); Aristocrat, 521 F.3d at 1333, 86 USPQ2d at 1239. To claim a means for performing a specific computer-implemented function and then to disclose only a general-purpose computer as the structure designed to perform that function amounts to pure functional claiming. Aristocrat, 521 F.3d 1328 at 1333, 86 USPQ2d at 1239. In this instance, the structure corresponding to a 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth Aristocrat, 521 F.3d at 1333, 86 USPQ2d at 1239; Finisar Corp. v. DirecTV Group, Inc., 523 F.3d 1323, 1340, 86 USPQ2d 1609, 1623 (Fed. Cir. 2008); WMS Gaming, Inc. v. Int’l Game Tech., 184 F.3d 1339, 1349, 51 USPQ2d 1385, 1391 (Fed. Cir. 1999). The corresponding structure is not simply a general-purpose computer by itself but the special purpose computer as programmed to perform the disclosed algorithm. Aristocrat, 521 F.3d at 1333, 86 USPQ2d at 1239. (MPEP 2181 (B).

In addition to the rejection of claims under 35 U.S.C. 112 (pre-AIA ), first paragraph for failing to provide adequate structure and/or algorithm, original claims 1-4, and new claims 5-28 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement
. 
At the outset it must be pointed out that claims 1, 3, 13, 20, 27, and 28 are rejected for the reason that they recite “TCP/IP level” There is no “TCP/IP level” even mentioned in the specification, and there is no written description support for all the claim limitations that are related to the “TCP/IP level.” 
For example claim 1 recites, (i) “wherein said requests are stored at the TCP/IP level,” (ii) “wherein said checking is performed at the TCP/IP level,” and (iii) “wherein receiving and routing by said DMZ server occurs at the TCP/IP level.”
With respect to (i) and (ii) the specification states that, “[O]ne of the innovative aspects of the System is that the LAN Controller (32) constantly, and/or on a predefined set of time Id., at 2:51-54) The specification later states, “[T]he DMZ Server (21) then creates a Connection Binder in the DMZ Server between the incoming Client 10 Request (that is stored in the DMZ Stack Pool Service (22))” (Id., at 2:65 – 3:1) The specification however does not even mention level, let alone “requests are stored at TCP/IP level”, or checking is performed at TCP/IP level”.
With respect to (iii), the specification states, “[T]he DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31)”(Id., at 3:16-17) The specification however does not discloses that the “routing by said DMZ server occurs at the TCP/IP level.” 
As to the generation of the TCP/IP connection, the specification states, 
“The Fifth step: The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information. The second connection is an outbound connection (42) to the DMZ Server (21). In addition the LAN Server (31) creates a Connection Binder in the LAN Server between the Service (33) and the outbound connection (42).” (Id., at 2:58-65) 
As such, according to the specification, the “request are stored by using TCP/IP connection”, “checking is performed by using TCP/IP connection” or “routing by said server occurs by using TCP/IP connection.” The specification is silent with respect to any of the above functions being performed at “TCP/IP level.” 
For the purpose of examination and applying art the examiner interpreting “TCP/IP level” to mean “TCP/IP connection” according to the description of the term in the specification as noted above.  


Claim 13 recite, (i) “wherein said first processor is configured to receive via the second processor a request from a client for access to the resources within the LAN at the TCP/IP level;” and (ii) “wherein said first processor enables said client to access said resources via the second processor at the TCP/IP level through the at least one TCP/IP connection”
With respect to (i) in claim 13, the specification discloses, “The DMZ Server (21) then creates a Connection Binder in the DMZ Server between the incoming Client 10 Request (that is stored in the DMZ Stack Pool Service (22)) and the outbound connection (42) arriving from the LAN Server (31), and by that completes the route of the Client Request.” (Id., at 2:65 – 3:3) There is no “receiv[ing] via the second processor….within the LAN at the TCP/IP level.” With respect to (ii) in claim 13, the specification states, “[T]he Fifth step: The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information. The second connection is an outbound connection (42) to the DMZ Server (21). In addition the LAN Server (31) creates a Connection Binder in the LAN Server between the Service (33) and the outbound connection (42).” There is no ““enables[ing] said client to access said resources via the second processor at the TCP/IP level through the at least one TCP/IP connection.”
Claim 20 recite, (i) “relaying, by the server residing outside of said LAN, the request for access to said LAN at the TCP/IP level”, and (ii) “transferring data provided by the service in response to the request at the TCP/IP level on said TCP/IP connection.” 
With respect to (i) and (ii),  the specification states, “[T]he DMZ Server (21) then creates a Connection Binder in the DMZ Server between the incoming Client 10 Request (that is stored 31), and by that completes the route of the Client Request.” (Id, at 2:65 – 3:3) First, there is no “relay[ing]” even mentioned in the specification. Second if the claim is directed to a situation where the DMZ server (the server residing outside of the LAN) is forwarding (transferring) the request for access to the service to the LAN through an outbound connection, the specification never mention connection is a “TCP/IP level” connection.
As such, all claim limitations with reference to “TCP/IP level” do not have sufficient written description support in the specification. [Emphasis added]
In addition to the above, claim 1 recite, “wherein said DMZ Stack Pool Service, said LAN Controller, and said DMZ server do not change data of said request.” The specification recite that the “The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31), without changing the data that the Client Requests contains.” (Id., at 3:16-18) First, the specification says that the DMZ server does not change data that the client request contains. There is no teaching that the DMZ service, and LAN controller does not change data of said request. There is no sufficient written description support for this limitation as how it is accomplished, or what hardware in system claims 1, 7, 13, and 27, and/or what software in the method claims 3, 9, 20 and 28 are accomplishing the task of routing request by the DMZ service and/or LAN controller without changing the data of the request. There is absolutely no teaching of the DMZ stack pool service and the LAN controller do not change data of said request. There is insufficient written description support as to how the above functions are accomplished.     

 In addition, claim 1 as amended recites,  “a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests [to said client], wherein receiving and routing by said DMZ server occurs at the TCP/IP level.” The specification does not have sufficient support for this limitation because, First, according to the specification, the LAN controller establishes an outbound TCP based connection (41) to the DMZ stack pool service, without any action by the DMZ, here however, the DMZ acting to receive the outbound connection. Additionally, according to the specification, “the requests” is routed to the LAN server, and not the outbound connection is routed to the request. (See, 3:16-17, “The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31).”) This limitation is not according to the specification because, the request is routed and not the outbound connection. Routing the outbound connection to the request does not make sense. Applicant is advised to stick to the teaching in the specification and not create new phrases outside the teaching in the specification that may be interpreted otherwise.
Claim 3 does not recite DMZ server, however recite similar limitation as claim 1, addressed above. Claim 3 is rejected for the same rational. 
Claims 5 and 6, both recite, “wherein the established outbound connection includes a plurality of established outbound connections.” There is no sufficient written description support for this limitation in the specification. The specification teaches “two TCP/IP” connections, wherein one is to the Service (33), and the second connection is an [singular] outbound connection. (2:57-62) There is no sufficient teaching for a plurality of outbound connections. [Emphasis added]  
 Claim 7 recite, “the DMZ Stack Pool Service being arranged to store TCP/IP connection information from requests received from a client, the TCP/IP connection information for each request comprising an IP- address and an IP-port associated with a service in a local area Id., 2:21-22)  and later teaches, “Second step: The DMZ Server (21) stores the Client Request in the DMZ Stack Pool Service (22).” (Id, at 2:47-49) As understood, the DMZ server store the request and there is insufficient support for storing the TCP/IP connection information in the DMZ. The specification does not even recite “TCP/IP connection information.” There are “client connection information” (Id., Abs. and at 2:24-28, 2:55, and 2:60-61), but there is no recitation of TCP/IP connection information in the specification.
Claim 7 further recite, “a DMZ server configured to receive an outbound connection from a LAN server of said LAN, and to use said TCP/IP connection information to route said outbound connection to the corresponding client request.” There is insufficient written description for this limitation because according to the specification the “request” is routed by the DMZ and not the “outbound connection.” (See 2:65 - 3:3) 
Claims 7 and recite, “wherein TCP/IP connection information of said requests are stored in a De-Militarized zone (DMZ) Stack Pool Service.” The specification states, “The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information. The second connection is an outbound connection (42) to the DMZ Server (21).” (Id., at 2:58-62)  As understood, there are TCP/IP connection of the service (based on client connection information) and the second one is outbound TCP/IP connection. There is no TCP/IP connection information of the [said] request. There is insufficient written description support for this limitation in claim 7.
Claims 9 and 11 recite the same limitation, “(TCP/IP connection information” and are rejected for the same rational.    
Id., at 2:58-62)  As understood, there are TCP/IP connection information of the service (client connection information) and the second one is TCP/IP outbound connection. There is no TCP/IP connection information of the [said] request. 
Additionally, claim 9 recite, “first outbound TCP connection” and “second outbound TCP connection”, while claim 11 (which by default include limitations in claim 9) recite “third TCP/IP connection”, and “fourth TCP/IP connection.” With respect to claim 9 there is insufficient written description support for “TCP connection.” There is not even a recitation of “outbound TCP connection” in the specification, let alone “first outbound TCP connection” and “second outbound TCP connection.”  
Moreover, the specification teaches “two TCP/IP” connections, wherein one is to the Service (33), and the second connection is an [singular] outbound connection. (2:57-62) Assuming that the second connection taught at 2:57-62 is the “outbound TCP connection” and assuming that the “outbound TCP connection” is meant to be “outbound TCP/IP connection.” Similar to the rejection of claims 5 and 6, there is insufficient written description support for more than one “outbound TCP/IP connection” in the specification for claims 9 and 11. 
Therefore, claims 9 and 11 are rejected for lack of written description support for the plurality of outbound connections, including “first”, “second”, “third”, and “fourth” outbound connections.
 

Claim 13 is rejected for the reason that the claim recite, “a first processor residing within the LAN programmed to create at least one TCP/IP connection to a second processor external to said LAN through an outbound port.” The MPEP with respect to computer program and algorithm state, 
“Similarly, original claims may lack written description when the claims define the invention in functional language specifying a desired result but the specification does not sufficiently describe how the function is performed or the result is achieved. For software, this can occur when the algorithm or steps/procedure for performing the computer function are not explained at all or are not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. See MPEP §§ 2163.02 and 2181, subsection IV.”
(Id., at 2161.01 (I.))
There is insufficient written description support for the programming (in the form of a flow chart and/or algorithm) for performing the function of “creating an outbound connection” in the specification as required by the MPEP.
Claim 13 further recite, “wherein said first processor is configured to receive via the second processor a request from a client for access to the resources within the LAN at the TCP/IP level.” The specification does not have sufficient support for accessing resources within the LAN. The specification makes several references to client request, but never mention whether the request is for just establishing communication or access to any resource or no explanation as to the content of the request in the specification, whether it is for establishing communication or accessing to request in the LAN.    
Claim 13 further recite, “wherein said first processor enables said client to access said resources via the second processor at the TCP/IP level through the at least one TCP/IP connection.” There is no sufficient written description for this limitation in the specification. As stated earlier, the specification does not even mention “resource,” let alone the fort processor enable client to access the resource.
Claim 15 recite, “wherein the second processor is configured to relay communication between the LAN and the WAN.” There is no sufficient written description support for relaying between the LAN and the WAN in the specification.
Claim 18 recite, “wherein the first processor is configured to determine a response to the request from the client, and the first processor is configured to send the response to the second processor through the at least one TCP/IP connection.” There is no sufficient written description support for relaying between the LAN and the WAN in the specification. As stated above, there is just one outbound TCP/IP connection and not more. Additionally, the specification states, “Once the Connection Binder, in the DMZ Server, binds the Client Request and 15 the outbound connection (42) arriving from the LAN Server, the Client Request is then streamed through the DMZ Server and the LAN Server over the System, and then the client request data streams from the Service (33) to the Client (11).” (Id., at 3:4-9) There is no sufficient written description support for “first processor determining a response to the request 
Claim 19 recite, “wherein the second processor is configured to route the response provided by the first processor to the client.” There is no sufficient written description support for routing the response by the first processor to the client. Because there is no response even mentioned in the specification, let alone response by the first processor.

The specification states,
“The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information. The second connection is an outbound connection (42) to the DMZ Server (21).” (Id., at 2:58-62)

As to the “said first processor”, that perform the functions in claim 13, the examiner notes that the specification does not even mention a processor, let alone “a first processor”, or a “second processor”. The claim limitation appears to be like a wish list without any structure and/or algorithm in the form of a flow char (step procedure) that can perform the claimed functions. There is no detail of any structure and/or algorithm (see the claim limitation specifically recite, “a first processor residing within the LAN programmed to create “) for performing the functions recited in claim 13. 

Re: Claims 15, and 17 
Each of the claims 15 and 17, adds more functionality to the functions performed by the “second processor” in claim 13. For example, claim 15 recites that the “second processor” is “configured to relay communication between the LAN and the WAN.” As set forth above, the 
“In accordance with this invention as described above, no administrative management is required in the LAN Server (31) to establish or maintain communications after it is initially installed and configured on the LAN (30) and on the DMZ (20).”
(Id., at 3:10-13)
Therefore, according to the specification the communication is established initially between LAN and the WAN. The communication is initially installed and there is no indication as to what element rely the communication between the two.
As another example claim 17 recites that the “second processor” is “configured to receive the request from the client from the WAN.” The specification states, 
“Wherein the Client Request reaches the DMZ Server it stores it in the DMZ Stack Pool Service and the LAN Controller establishes outbound TCP based connection to the DMZ Stack Pool Service that passes the Client Connection Information to the LAN Server via the LAN Controller. Then the LAN Server then generates a connection between the Service and DMZ Server.” (Id., at Abs). 

Later the specification states,

“The Client Request (of the client (11)) reaches the DMZ Server (21).”
(Id., at 2:46-47)

The specification as set for above, does not even mention any “processor.” The client request reaches the DMZ server and there is no teaching as to who is performing this operation. Once it is stored in the DMZ, it is the LAN controller that establishes TCP based connection to the DMZ Stack Pool service that passes the client connection information to the LAN server. The specification is devoid of any teaching as to what algorithm (step/procedure) is performing the function recited in claim 17. For all the above reasons, dependent claims 15 and 17 are rejected under 35 USC 11 first paragraph as will be explained. 

Re: Claims 18 and 19
Claim 18 adds more functionality to the functions performed by the “first processor” in claim 13. The claim recites that the “first processor” is “configured to determine a response to the request from the client, and the first processor is configured to send the response to the second processor through the at least one TCP/IP connection.” 
The specification states, 

“Once the Connection Binder, in the DMZ Server, binds the Client Request and the outbound connection (42) arriving from the LAN Server, the Client Request is then streamed through the DMZ Server and the LAN Server over the System, and then the client request data streams from the Service (33) to the Client (11).”

(Id., at 3:4-9)
The specification further states, 
“In accordance with this invention as described above, no administrative management is required in the LAN Server (31) to establish or maintain 5 communications after it is initially installed and configured on the LAN (30) and on the DMZ (20). The LAN Controller (32) permanently or periodically queries the DMZ Stack Pool Service (22) for incoming Client Requests. The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31), without changing the data that the Client Requests contains. For 10 example, if a Client Request uses the HTTPS connection protocol, then the HTTPS connection protocol will be transmitted over the System, as with any other common protocols such as SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS/ or any other TCP/IP based protocols.” (Id., at 3:10-23). As understood, the LAN controller spool the DMZ service for client request, and the DMZ server route the requests to the LAN-server. 

(Id., at 3:10-23)
The specification however, does not describe an algorithm (flow chart or a step/ procedure) of a processor that perform the function recited in claim 18. No response even mentioned in the specification, let alone what structure is configured to send the response to the second processor. 


Claim 20 recite, “wherein the second processor is configured to route the response provided by the first processor to the client.” There is no sufficient written description support for routing the response by the first processor to the client. Because there is no response even mentioned in the specification, let alone response by the first processor.
Claim 20 is also rejected because the claim recite, “receiving, by a server residing outside of said LAN, a request from a client for access to said service.” While the specification makes several reference to a[the] request, there is no indication as to the content of the request, resource, service or otherwise. There is insufficient written description support for this limitation. The claim is also rejected for the reason that the claim recite, “establishing a TCP/IP connection between the server residing outside of said LAN and said service.” There is not written description support for this limitation because, the specification states that the, “[T]he Fifth step: The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information.” (Id., at 2:57-62) The LAN server (which is inside the LAN) establishes a TCP/IP connection to the service, and not the server outside the LAN establishes connection to the service. Claim 20 is further rejected because the claim recite, “transferring data provided by the service in response to the request at the TCP/IP level on said TCP/IP connection.” No transferring data is provided in Id., at 3:4-9)
Claim 22 is rejected for the reason that the claim recite, “wherein the server is configured to relay communication between the LAN and the WAN.” This limitation does not have sufficient written description support in the specification. 
Claim 25 recite, “wherein the service is configured to send a response to the request to the server through the TCP/IP connection.” There is insufficient written description support for this limitation. Claim 26 is rejected for the same reason because, there is no response to the request described in the specification.
Claim 28 recite, “wherein said method requires no administrative management of the LAN server after initial installation and configuration.” The specification does not have sufficient written description support for this limitation. The specification does not have any explanation as to how the method is performed without requiring any administrative management. There is no any detail of any software algorithm (or step procedure) as to how this task is accomplished.    

Claim Rejections -35 USC 251 (New Matter)
14.	Original claims 1-4 and new claims 5-28 are rejected under 35 U.S.C. 251 as being based upon new matter added to the patent for which reissue is sought. The added material, which are above (See the 35 USC § 112 1st paragraph analysis, supra). 

Impermissible Recapture
15.	Claims 1-28 are rejected under 35 U.S.C. § 251 as being an impermissible recapture of broadened claimed subject matter surrendered in the application for the patent upon which the present reissue is based. See Greenliant Systems, Inc. et al v. Xicor LLC, 692 F.3d 1261, 103 USPQ2d 1951 (Fed. Cir. 2012); In re Shahram Mostafazadeh and Joseph O. Smith, 643 F.3d 1353, 98 USPQ2d 1639 (Fed. Cir. 2011); North American Container, Inc. v. Plastipak Packaging, Inc., 415 F.3d 1335, 75 USPQ2d 1545 (Fed. Cir. 2005); Pannu v. Storz Instruments Inc., 258 F.3d 1366, 59 USPQ2d 1597 (Fed. Cir. 2001); Hester Industries, Inc. v. Stein, Inc., 142 F.3d 1472, 46 USPQ2d 1641 (Fed. Cir. 1998); In re Clement, 131 F.3d 1464, 45 USPQ2d 1161 (Fed. Cir. 1997); Ball Corp. v. United States, 729 F.2d 1429, 1436, 221 USPQ 289, 295 (Fed. Cir. 1984). The reissue application contains claim(s) that are broader than the issued patent claims. The record of the application for the patent shows that the broadening aspect (in the reissue) relates to claimed subject matter that applicant previously surrendered during the prosecution of the application. Accordingly, the narrow scope of the claims in the patent was not an error within the meaning of 35 U.S.C. 251, and the broader scope of claim subject matter surrendered in the application for the patent cannot be recaptured by the filing of the present reissue application.
	During prosecution of U.S. Patent Application No. 14/379,305 (“the ‘305 application”), on 06/27/2015, the examiner issued a non final Office action in which, rejected claims 1-2 under 35 USC 102(b) as being anticipated by Holar (USPGPUB 20090064307, herein after “Holar”). 
on 10/27/2015, filed a response in which cancelled claims 1-2 and added new claims with broader scope, but narrower by adding the limitation “wherein said routing being via TCP/IP layer only and without changing the data of said request.” (Id., amendment of 10/27/2015, at p. 2) Applicant in that response argued that Holar must change the data of the request it utilized HTTP functionality, which inherently has application and protocol signature. Applicant further argued that the data must be decrypted and interpreted and the use of various protocols to even interpret an Application layer 7 HTTP logic would inherently change the data of the request many times. (Id., Remarks of 10/27/2015 at p. 5)   

On 02/09/2016 the examiner issued a final Office action rejecting claims 3-6 under 35 USC 102(b) as being anticipated by Holar. 

On 07/31/2016 Applicant fled an amendment and response to the final Office action amended claim 3 by changing “request” to “TCP/IP request”, and amended the claim as follows; “wherein said routing does not does not change TCP/IP request and does not expose services in the De-Militarized zone.” 
Applicant in his remarks argued that, independent claims 3 and 5 now specify that it is a TCP/IP request from a client that is stored in a De Militarized Zone instead of an HTTP request as in Holar. Also, it is the data of the entire TCP/IP request that does not change as opposed to only the data of the HTTP request in Holar that does not change. For even these distinctions alone, Holar cannot anticipate the claims. Nonetheless, applicant provides an additional reason to withdraw the rejection:
Id., Remarks at p. 4)
On 09/20/2016, the examiner issued a non final Office action (after the RCE dated 08/07/2016) rejecting claims 3-6 under 35 USC 103(a) as being obvious over Holar in view of TCP/IP Networking An Example, pages 1-12. 
 
On 01/26/2017, Applicant filed an amendment and response, cancelling claims 4 and 6 and amending claim 3 as follows,
“Claim 3 (currently amended): A system for reverse access, said system comprising: a DMZ Stack Pool Service, configured forhandling -wherein said requests are handled at the TCP/IP level: 1-4
wherein said DMZ Stack Pool Service feeing is located in a wherein said checking of said request is performed at the TCP/IP level: said LAN Controller being in a LAN; and
a DMZ server configured for    receiving said requests 
server of said LAN and routing said requests to said client: wherein said receiving and routing occur at the TCP/IP level:
wherein said handling and routing does not change the data of said s and the system requires no administrative management after initial installation and configuration 
(Id. at p. 2) 
Independent method claim 5 amended by adding similar language to the amendment of claim 3. Applicant in his Remarks argued, the invention in the ‘305 application discloses a reverse invoke server that handles requests at the TCP/IP level (level ¾ of the OSI model). there is no need for administrative management of the LAN server after initial installation for it to establish or maintain communications, while Holar requiring administrative management of these servers in the DMZ. (Id., Remarks at pp. 5-6). 
On 05/23/2017, the examiner issued a final Office action rejecting claims ,5,7,8 under pre-AIA  35 U.S.C. 103(a) as being obvious over Holar et al. USPGPUB 20090064307 in view of TCP/IP Networking An Example, pages 1-12. (hereinafter, TCP/IP Networking) 
On 09/20/2017, Applicant filed response to the outstanding Office action, amending independent claim 3 as follows:
“Claim 3 (currently amended): A system for reverse access, said system comprising: a De-Militarized Zone (DMZ) Stack Pool Service located in a De-Militarized Zone, the DMZ Stack Pool Service being arranged to store stored a level no higher than the TCP/IP level;
local area network (LAN) Controller configured to check for existence in a level no higher than the TCP/IP level [[;]] arid said LAN Controller is located 
a DMZ server configured to receive to route by said DMZ server occurs a level no higher than 
said DMZ Stack Pool Service, said LAN Controller, and said DMZ server do installation and configuration.”
In his remarks, Applicant argued that, “[t]he claim now requires that the storing, checking, receiving, and routing to be performed at a level no higher than the TCP/IP level. Thus, the claim language means that no processing is performed at the Application level, i.e., layer 7. However, given, as conceded, that the “heart" of the invention of Holar et al. is not performed at the TCP/IP level but rather at the higher layers, by prohibiting operations at such higher layers the claim distinguishes over Holar in view of TCP/IP Networking, even according to the Office Action’s explanation.” (Id., at p. 10)
Similar changes were made to previously pending independent claim 5.
On 01/11/2018, the examiner issued a Notice of Allowance, including an amendment to the claim and replacing the claim language, “at a level no higher than the TCP/IP level” to “at TCP/IP level,” where the authorization for the examiner’s amendment was given in an interview with Attorney Ben-Shimon on 12/14/2017.      
	MPEP in 1412.02 states:
In Clement, 131 F.3d at 1468-70, 45 USPQ2d at 1164-65, the Court of Appeals for the Federal Circuit set forth a three-step test for recapture analysis. In North American Container, 415 F.3d at 1349, 75 USPQ2d at 1556, the court restated this test as follows:
We apply the recapture rule as a three-step process:
(1) first, we determine whether, and in what respect, the reissue claims are broader in scope than the original patent claims; 
(2) next, we determine whether the broader aspects of the reissue claims relate to subject matter surrendered in the original prosecution; and 


In North American Container, the court cited Pannu, 258 F.3d at 1371, 59 USPQ2d at 1600; Hester, 142 F.3d at 1482-83, 46 USPQ2d at 1649-50; and Clement, 131 F.3d at 1468, 45 USPQ2d at 1164-65 as cases that lead to, and explain the language in, the North American Container recapture test. 

The examiner will break down the application of the three-step process in two groups. Group (1), will cover the application of the three-step process for original claims 1-4, and Group (2) is the application of the three-step process for new claims 5-28.  

Group (1) Three Step-Process for Original Claims 1-4
With respect to step (1), the original claim 1 is broadened as following:
“a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests [to said client], wherein receiving and routing by said DMZ server occurs at the TCP/IP level;” (bracketing and underlining shows elements deleted and added respectively) claim 3 does not recite DMZ server but recite similar limitation and broadened similar to claim 1. As such, step (1) is satisfied. 
With respect to step (2) Applicant in the amendment of 01/26/2017 amended claim 3 (patent claim 1) as following:
“a DMZ server configured for receiving said requests and routing said requests to said client: wherein said receiving and routing occur at the TCP/IP level;”
Later in the amendment of 09/20/2017 amended claim 3 as following: 
to receive to route by said DMZ server occurs a level no higher than Id.)

The same limitation is broadened in this reissue application as following:
“a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests [to said client], wherein receiving and routing by said DMZ server occurs at the TCP/IP level;”
Claim 3 is amended similar to claim 1. Since the broader aspects of the reissue claims (receiving the request) relate to subject matter surrendered in the original prosecution, therefore, step (2) is satisfied.

With respect to step (3), the Surrendered Subject Limitation (the “SGL”) has not been entirely eliminated from claims in this reissue application. In such situations, the MPEP states that, “[I]t must be determined what portion of the amendment or argued limitation has been retained, and whether the retained portion materially narrows the original claims to avoid recapture.” 
See Youman, 679 F.3d at 1346 n.4, 102 USPQ2d at 1870 n.4 ("'original claims' are defined as 'the claims before surrender'"). "[I]f the patentee modifies the added [or argued] limitation such that it is broader than the patented claim yet still materially narrows relative to the original claim, the recapture rule does not bar reissue." Id. at 1347, 102 USPQ2d at 1870. On the other hand, if the retained portion of the modified limitation is "well known in the prior art," Mostafazadeh, 643 F.3d at 1361, 98 USPQ2d at 1644. It is to be noted that if the retained portion of the modified limitation is well known in the prior art, then impermissible recapture exists, even in a case where a further limitation which is not related to the surrendered subject matter (i.e., a limitation that does not materially narrow the claims) has been added to define the claims over the art. Id. [Emphasis added]
	In this case, the issue is whether “a DMZ server configured to receive an established outbound connection from the LAN server ….and to route …server occurs ate the TCP/IP level” was well known in the prior art. During prosecution of the ‘958 application, Holar was relied upon to disclose all the limitation of the claims which teaches this limitation as well. See Holar discloses the retained claim limitation, “[F]or reverse invoke to work, the internal firewall 108 must still allow a connection (e.g., an outbound connection) from the internal server 104 to the DMZ 110.” (Id., at [0030], [emphasis added]) Therefore the broadened limitation was well known in the prior art and thus is subject to recapture. Accordingly, step (3) is satisfied and the broadened limitations in claims 1 and 3 are subject to recapture. 

Group (2) Three Step-Process for New Claims 5-28
Examiner determine that each of the new independent new claims 7, 9, 13, 20, 27 and 28 are broader as compared to the scope of the original claims of the patent. In claims 7 and 9 the amended limitations related to “TCP/IP level” is entirely eliminated (See the amendment dated 01/26/2017 in the ‘305 Application). In claims 7, 13 and 20, the amended limitation related to “the DMZ Stack Pool Service being arranged to store requests received from a client” in entirely eliminated (See the amendment dated 09/20/2017 in the ‘305 Application). In claims 13, 20 and 28 the limitation [or similar limitation] related to “wherein said DMZ Stack Pool Service, said LAN Controller, and said DMZ server do not change the data of said requests,” is entirely eliminated (See the amendment of 09/20/2017 in the ‘305 Application). In claim 7, 9, 13 and 20 the limitation related to “the system requires no administrative management after initial installation and configuration” is entirely eliminated (See the amendment dated 01/26/2017 in the ‘305 Application). As such, the examiner determines that claims are broader in scope than the original claims and therefore, step (1) is satisfied.

	With respect to step (2), the broader aspects of the reissue claims relate to subject matter surrendered in the original prosecution. As set forth above in the prosecution history, the applicant specifically amended and/or argued about the broadened limitations boldfaced/underlined identified in step (1). As such, step (2) is satisfied. 

	With respect to step (3), the examiner notes that, many limitations that were surrendered during prosecution of the original patent claims are entirely eliminated. Those limitations are identified (boldface limitations) in the analysis of step (1) set forth above. With respect to step (3) according to MPEP at 1412.02 (2.) (C.) and modification of a SGL is broken down into two possibilities that will be addressed below.
Wirth respect to first possibility, the MPEP states in part:
“1) If a surrender generating limitation (SGL) has been entirely eliminated from a claim present in the reissue application, then a recapture rejection under 35 U.S.C. 251 may be proper. For example, if a claim limitation present in the original patent that was added to overcome a rejection or that was argued by applicant to distinguish over the prior art is entirely eliminated 
Such an omission in a reissue claim, even if it is accompanied by other limitations making the reissue claim narrower than the patent claim in other unrelated aspects, is impermissible recapture. Pannu, 258 F.3d at 1371-72, 59 USPQ2d at 1600.” (Id.) 
	In the present situation, many limitations that was added to overcome the rejection over Holar in view of TCP/IP Networking are entirely eliminated in the new claims 7, 9, 13, 20, 27 and 28. Those limitations are the broadened limitations boldfaced/underlined identified in step (1) above.  
Wirth respect to second possibility, the MPEP states in part:

2) If the SGL has not been entirely eliminated from a claim in the reissue application (i.e., the amendment narrowing the claim or the argued limitation has not been entirely eliminated from the claim in the reissue application), but rather it has been made less restrictive in the reissue application claim (such that the claim is broadened), the analysis (based on In re Mostafazadeh, 643 F.3d 1353, 98 USPQ2d 1639 (Fed. Cir. 2011) and In re Youman, 679 F.3d 1335, 102 USPQ2d 1862 (Fed. Cir. 2012)) is as follows:
It must be determined what portion of the amendment or argued limitation has been retained, and whether the retained portion materially narrows the original claims to avoid recapture.” (Id.) 
In the present situation the claims 7 and 9, similar to the amended claims 1 and 3, are broadened to recite “and a DMZ server configured to receive an outbound connection from a LAN server of said LAN, and to use said TCP/IP connection information to route said outbound connection to the corresponding client request” instead of  ““a DMZ server configured to receive 
See Youman, 679 F.3d at 1346 n.4, 102 USPQ2d at 1870 n.4 ("'original claims' are defined as 'the claims before surrender'"). "[I]f the patentee modifies the added [or argued] limitation such that it is broader than the patented claim yet still materially narrows relative to the original claim, the recapture rule does not bar reissue." Id. at 1347, 102 USPQ2d at 1870. On the other hand, if the retained portion of the modified limitation is "well known in the prior art," impermissible recapture has not been avoided. See Mostafazadeh, 643 F.3d at 1361, 98 USPQ2d at 1644. It is to be noted that if the retained portion of the modified limitation is well known in the prior art, then impermissible recapture exists, even in a case where a further limitation which is not related to the surrendered subject matter (i.e., a limitation that does not materially narrow the claims) has been added to define the claims over the art. Id. [Emphasis added]
	In this case, the issue is whether “a DMZ server configured to receive an established outbound connection from the LAN server ….and to route …server occurs ate the TCP/IP level” was well known in the prior art. During prosecution of the ‘958 application, Holar was relied upon to disclose all the limitation of the claims which teaches this limitation as well. See Holar discloses the retained claim limitation, “[F]or reverse invoke to work, the internal firewall 108 must still allow a connection (e.g., an outbound connection) from the internal server 104 to the DMZ 110.” (Id., at [0030], [emphasis added]) Therefore the broadened limitation was In re Mostafazadeh analysis, it is determined that the outbound port is well known in the art as evidenced by Holar at ¶¶ [0035] and [0036].
	For all the above reasons, all claims 1-28 are rejected under 35 U.S.C. § 251 as being an impermissible recapture of broadened claimed subject matter surrendered in the application for the patent upon which the present reissue is based.   

Double Patenting Rejection
16.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

17.	Claims 1-28 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3 of U.S. Patent No. 10,110,606. Although the claims at issue are not identical, they are not patentably distinct from each other because claims in the instant application are broader than those in the ‘819 application that matured into ‘606 patents. The examiner also notes that the instant application has some narrowing aspects as will be discussed below. 
16/838,401
10,110,606
1. (Amended) A system for reverse access, said system comprising:


1. A method for providing a secured connection between servers on a local area network (LAN) and clients on a wide area network (WAN) via a de-militarized zone 




storing a client request reaching the DMZ Server in the DMZ Stack Pool Service;
a local area network (LAN) Controller configured to check for existence in said DMZ Stack Pool Service of said requests, wherein said checking is performed at the TCP/IP level and said LAN Controller is located in a LAN; and 


passing Client Connection Information by the DMZ Stack Pool Service to the LAN Server via the LAN Controller;
a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN, and to route said established outbound connection to said requests [to said client],


establishing, by the LAN Controller, an outbound TCP based connection to the DMZ Stack Pool Service;


generating, by the LAN Server, two TCP/IP connections, a first TCP/IP connection being to the Service and a second TCP/IP being an outbound connection to the DMZ Server, and wherein the LAN server creates a Connection Binder in the LAN Server between the Service and the outbound connections;

creating, by the DMZ Server, a Connection Binder in the DMZ Server that binds the incoming Client Request and the outbound connection arriving from the LAN Server to complete the route of the Client Request;



wherein receiving and routing by said DMZ server occurs at the TCP/IP level;


streaming the Client Request through the DMZ Server and the LAN Server; and streaming the client request data from the Service to the Client.




The examiner notes that each of the above claims are directed to a method for reverse access. The examiner notes that both recites limitation directed to reverse access establishing an outbound connection between a LAN server and a DMZ server and forwarding request from a client to the LAN through the DMZ. Although the underlying patent recites in its preamble that it is a method for reverse access, but the reverse access in the context of the invention in the ‘401 application is for providing security. 
The ‘606 patent is generally narrower in that it requires two TCP/IP connections, a Connection Binder in the LAN Server, and a Connection Binder in the DMZ Server, as opposed to just an outbound connection” in the ‘401 application. The ‘606 patent is also narrower in that requires streaming the Client Request through the DMZ Server and the LAN Server; and streaming the client request data from the Service to the Client, as opposed to receiving and routing by the DMZ server occurs at the TCP/IP level in the ‘401 application. Additionally in light of the interpretation - according to the specification - that “TCP/IP level” being “TCP/IP connection”, the receiving and routing in the ‘401 application is performed through the TCP/IP connection.
The ‘401 application is narrower in that it requires that the DMZ Stack Pool Service, said LAN Controller, and said DMZ server do not change the data of said requests and the system requires no administrative management after initial installation and configuration. However, as 
The examiner also notes that the instant ‘401 application has claim that is much broader than claims in the ‘606 patent as follows.

16/838,401
10,110,606
20. (New) A method for providing client access to a service that resides within a LAN protected by a firewall, comprising:
1. A method for providing a secured connection between servers on a local area network (LAN) and clients on a wide area network (WAN) via a de-militarized zone (DMZ), wherein the LAN includes a Service, a LAN Server, and a LAN Controller and the DMZ includes a DMZ Server and a DMZ Stack Pool Service, the method comprising:

receiving, by a server residing outside of said LAN, a request from a client for access to said service;
storing a client request reaching the DMZ Server in the DMZ Stack Pool Service;
relaying, by the server residing outside of said LAN, the request for access to said LAN at the TCP/IP level;
passing Client Connection Information by the DMZ Stack Pool Service to the LAN Server via the LAN Controller;
relaying, by the server residing outside of said LAN, the request for access to said LAN at the TCP/IP level;
establishing, by the LAN Controller, an outbound TCP based connection to the DMZ Stack Pool Service;


generating, by the LAN Server, two TCP/IP connections, a first TCP/IP connection being to the Service and a second TCP/IP being an outbound connection to the DMZ Server, and wherein the LAN server creates a Connection Binder in the LAN Server between the Service and the outbound connections;

creating, by the DMZ Server, a Connection Binder in the DMZ Server that binds the incoming Client Request and the outbound connection arriving from the LAN Server to complete the route of the Client Request;



and transferring data provided by the service in response to the request at the TCP/IP level on said TCP/IP connection.
streaming the Client Request through the DMZ Server and the LAN Server; and streaming the client request data from the Service to the Client.


As seen from the above claim chart, it is clear that claim 20 in the ‘401 application is much broader than claim 1 in the ‘606 patent in every aspect, as shown in the claim chart above and there no need to analyze or compare each claim limitation separately.   

Claim Rejections – 35 USC § 103
18.	 The following is a quotation of 35 U.S.C. 103, which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


19.	Claims 1-28 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over
Holar et al. USPGPUB 20090064307 in view of TCP/IP Networking An Example, pages 1-12. (hereinafter TCP/IP Networking).
As noted above, based on the analysis of the 35 U.S.C. 112, sixth paragraph, claims 25-28 are rejected under 35 USC 112 second paragraph as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as his invention and, under 35 USC 112 first paragraph for failing to comply with written description requirement. However, for the purpose of examination and for the purpose of prior art rejections, the examiner considers any processor and/or any hardware and/or combination of 
	In the rejection of claims over Holar in view of TCP/IP Networking, the processor 310 in client device 110 is considered as the processor that perform the functions similar to the functions in claim 17.    

Examiner’s Note
The examiner is aware that Holar and TCP/IP Networking was used in the rejection of claims during original prosecution of the patent claims 1-4, However, in view of  interpreting the term  “TCP/IP level” to mean “TCP/IP connection” according to the specification (see the rejection of claims under 35 USC 112 first ¶, above), examiner determines that the same prior art is applicable in rejection of claims 1-28 in this Office action.  
	
Re: Claim 1
A system for reverse access (See Holar, Abs., Fig. 2, and ¶ [0001] describing a network including a reverse gateway), said system comprising:

a De-Militarized Zone (DMZ) Stack Pool Service located in a De-Militarized Zone, the DMZ Stack Pool Service being arranged to store requests received from a client, wherein said requests are stored at the TCP/IP level (Holar Fig. 2, DMZ 112. Holar teaches that “[t]he entire input message has to be stored at least temporarily (e.g., in memory) in the DMZ Server, e.g., pending protocol and/or data conversion.” See also Holar teaches a DMZ 

a local area network (LAN) Controller configured to check for existence in said DMZ Stack Pool Service of said requests, wherein said checking is performed at the TCP/IP level and said LAN Controller is located in a LAN (Holar Fig. 2, DMZ 112. See Holar at [0005] and [0006], the analogy for reverse invoke server, “The reverse invoke solution in this analogy is to have the second person who lives in the house occasionally look out the window. If the second person sees someone standing there, that person is let in.” See also Holar at [0040] teaches how an external client request is handles in a reverse invoke scenario, where the DMZ reverse invoke server forwards the client connection information to the internal server via the internal server controller. Holar et al. [0040] see also [0038-0039] & [0049-0050], and where the reverse invoke server may directly route HTTP 1.1 requests [0058-0061], eliminating the need for ancillary services.
	
a DMZ server configured to receive [said requests] an established outbound connection from a LAN server of said LAN (See Holar at ¶ [0030] teaches; “For reverse invoke to work, the internal firewall 108 must still allow a connection (e.g., an outbound connection) from the internal server 104 to the DMZ 110.” See also ¶ [0036], and ¶ [0037]), and to route said established outbound connection to said requests [to said client], wherein receiving and routing by said DMZ server occurs at the TCP/IP level;
 (This limitation is rejected under 35 USC 112 second ¶, however for the purpose applying prior art the examiner interpreting this limitation as associating (connecting or binding) the outbound connection to the stored request. Holar teaches this limitation. See Holar at ¶ [0028] teaches that, external clients send requests to the reverse invoke server 112, which, in turn, passes the requests to the internal server 104. After processing the requests, the internal server 104 sends the response to the reverse invoke server 112, which in turn, passes them back to the external client. This is done through the outbound connection established by the Internal Network 104 (see ¶ [0030]) and the binding of the outbound connection with the request is address at ¶, [0066]) See also ¶¶ [0039] [0040] and ¶¶ [0049] [0050]);

Holar et al. teaches a system for reverse access and teaches all the limitations in claim 1. Holar however, does not explicitly teach that the embodiment wherein said requests are stored at the TCP/IP level,  wherein said checking is performed at the TCP/IP level , and/or wherein receiving and routing by said DMZ server occurs at the TCP/IP level. 
Nevertheless, TCP/IP Networking: An Example delineates that HTTP web requests invoke TCP/IP requests and that such HTTP requests are transferred over TCP connections.

For example, page 3 illustrates "to send the [HTTP] request, HTTP client program establishes a TCP connection to the HTTP server. Those of ordinary skill in the art understand that HTTP is implemented on TCP/IP. HTTP requests ordinarily entail TCP/IP requests as the lower level datagram and transmission over which the HTTP formatted data will be generated. So prevalent is this usage, HTTP requests are normally ascribed to be performed over TCP port 80. Pages 4-7 
	It would have been obvious to one of ordinary skill in the art at the time of invention to run HTTP over TCP/IP, thereby having each HTTP request entail a TCP/IP request. Performing HTTP requests over the TCP/IP was well known in the art at the time the invention was made. Thus, one of ordinary skill in the art would be so motivated to implement the HTTP requests in Holar over TCP/IP in order to take advantage of the benefits associated with the use of TCP/IP protocol. The benefits associated with the use of TCP/IP protocol is, for example; (i) It is an industry–standard model that can be effectively deployed in practical networking problems (ii),
It is interoperable, i.e., it allows cross-platform communications among heterogeneous networks, (iii) It is an open protocol suite. ...(iv) It is a scalable, client-server architecture. 
	As to the limitation, wherein said DMZ Stack Pool Service, said LAN Controller, and said DMZ server do not change the data of said requests and the system requires no administrative management after initial installation and configuration, first, the above limitation does not have sufficient written description support in the specification. There is no written support for the above limitations in the specification. The examiner acknowledges that the specification with reference to this claim limitation states, 
“The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31), without changing the data that the Client Requests contains.” (Id., at 3:16-18)

“In accordance with this invention as described above, no administrative management is required in the LAN Server (31) to establish or maintain 5 communications after it is initially installed and configured on the LAN (30) and on the DMZ (20).” 

(Id., at 3:10-14)

Id., at 2163.03) In the present situation, does not teach how the above two functional languages are  functional languages are accomplished. 
	In other words, if the use of TCP/IP in a reverse access system causes the servers in the system (DMZ service, LAN controller, and DMZ server) do not change data, then the servers in Holar in view of TCP/IP Networking would not change the data in operation, and there would not be a need for administrative management after initial installation and configuration.

	Re: Claim 2 
	 The system of claim 1, wherein computer programs and sensitive data of said LAN server reside only in the LAN (where the sensitive information of the LAN server reside on the internal set of servers. Holar et al. Fig. 2 & 7, See ¶¶ [0136-01381] see also ¶¶ [0038-0040] & [0049-0050] teach of the area between the outer firewall 106 and inner firewall 108). 
	Re: Claim 3 
	Claim 3 is a method claim wherein the steps and functions of the method claim are performed by the elements in the system claim 1. Identified in the rejection of claim 1 are the DMZ, which perform the function of storing. The function of checking is performed by the LAN 

  Re: Claim 4
	The method of claim 3, wherein computer programs and sensitive data of said LAN server, reside only in the LAN. 
See the rejection of claim 2 above.

Re: Claim 5 
	 The system of claim 1, wherein the established outbound connection includes a plurality of established outbound connections. As set forth above, there is no sufficient written description support for this limitation. However, Holar teaches plurality of outbound connections at ¶¶ [0036] [0037]).

  Re: Claim 6
The system of claim 3, wherein the established outbound connection includes a plurality of established outbound connections.	
See the rejection of claim 5 above.

  Re: Claim 7
A system for reverse access (See Holar, Abs., Fig. 2, and ¶ [0001] describing a network including a reverse gateway), said system comprising:
a De-Militarized Zone (DMZ) Stack Pool Service located in a De-Militarized Zone, the DMZ Stack Pool Service being arranged to store TCP/IP connection information from requests received from a client the TCP/IP connection information for each request comprising an IP-address and an IP-port associated with a service in a local area network (LAN);
(Holar Fig. 2, DMZ 112. Holar teaches that “[t]he entire input message has to be stored at least temporarily (e.g., in memory) in the DMZ Server, e.g., pending protocol and/or data conversion.” See also Holar teaches a DMZ Stack Pool, located in a DeMilitarized Zone being arranged to store (see above explanation) from a client; wherein said DMZ Stack Pool Service is located in a DeMilitarized Zone, where the DMZ includes a reverse invoke server [00351, Figures 1, 2, & where client requests may be placed in a ''pool'' Holar et al. [00061 see also [00071, [0091-00981 for HTTP client requests.);
As to the connection information, Holar teaches that about the source address and destination address which are stored in the reverse invoke server 112 from any proxy port 204. (Holar Fig. 2 and ¶ [0036]) 
Examiner notates that the specification with respect to “storing” states that the DMZ request is sored but never say that the “client connection information is stored.”(2:46-3:3) assuming that, it is well known in the art that when request is stored, the connection information is stored as well. As such “storing request” is accompanied by “storing connection information”, and “”checking for the request” also include “obtaining the corresponding TCP/IP connection information.” Claim 9 is evidenced that when the “request is stored” the connection information of the request is stored as well. See the limitation, “storing requests received from a client, wherein TCP/IP connection information of said requests are stored in a De-Militarized zone (DMZ) Stack Pool Service,” As such, whenever the request is stored, the “connection information” of the request is stored too.

With that interpretation according to the specification, for the rejection of the limitation, 
a local area network (LAN) Controller located in the LAN, configured to check for existence of one of said requests in said DMZ Stack Pool Service, said LAN Controller establishing an outbound TCP connection with said DMZ stack pool service to check for said request and obtain the corresponding TCP/IP connection information from the DMZ stack pool service; see the rejection of claim 1 for the same limitation; 
a DMZ server configured to receive an outbound connection from a LAN server of said LAN, and to use said TCP/IP connection information to route said outbound connection to the corresponding client request; See the rejection of claim 1 for the same limitation. 
wherein said DMZ Stack Pool Service, said LAN Controller, and said DMZ server do not change data of said request. See the rejection of claim 1 for the same limitation.

 	 Re: Claim 8
The system of claim 7, wherein computer programs and sensitive data of said LAN server reside only in the LAN. See the rejection of claim 4 above. 

Re: Claim 9
Claim 9 is drafted to similar to claim 1, except uses plurality of established outbound connections instead of a single “established outbound connections.” As set forth above, with above.   
 
Re: Claim 10
The method of claim 9, wherein computer programs and sensitive data of said LAN server reside only in the LAN. See the rejection of claim 4 above.

Re: Claims 11 and 12
	Claim 11 is dependent claim 9 and claim 12 is dependent on claim 11 and are rejected for lack of written description support for the “plurality of” outbound connections. As to the limitation that “hand shake between” the client request and the[an] “outbound connection”, Holar in view of TCP/IP Networking teaches this limitations. As to the “handshake” between the client request and the “outbound connection”, it is well established that, a handshake is an automated process of negotiation between two participants through the exchange of information that establishes the protocols of a communication link at the start of the communication, before full communication begins. Holar establishes a handshake between the a client on a public network and at least one internal server directly which constitute a “handshake”. (Id., Holar at ¶¶ [0013], [0014], and Fig. 2 and 4).
     Re: Claim 13
 	As set forth in the rejection of claim under 35 USAC 112 first paragraph, “the first processor”, and the “second processor” do not have sufficient written description support in the 
    
     Re: Claim 14
	The system of claim 13, wherein the second processor is positioned between the LAN and the WAN. Holar, teaches that the DMZ server is between the internal network 104 and the External Client 202. (Id., at Fig. 2)

Re: Claim 15
The system of claim 13, wherein the second processor is configured to relay communication between the LAN and the WAN. Holar teaches. “A common communication protocol is implemented on both sides of the DMZ.”  (Id., claim 1)

Re: Claim 16
The system of claim 13, wherein the second processor is separated from the LAN by a firewall (See Holar Fig. 2).

Re: Claim 17
The system of claim 13, wherein the second processor is configured to receive the request from the client from the WAN. (See Holar at Fig. 2, and description at ¶ [0054] teaching that “When the reverse invoke server receives a request from the outside, it forwards it 

Re: Claims 18 and 19
The system of claim 13, wherein the first processor is configured to determine a response to the request from the client, and the first processor is configured to send the response to the second processor through the at least one TCP/IP connection. And 
The system of claim 18, wherein the second processor is configured to route the response provided by the first processor to the client.
As set forth above, there is no written description support for any “response” in the specification. As to the establishing any communication between the LAN server and the DMZ server through the TCP/IP connection, see the rejection of claims 1 and 3 above. As to the routing the response to the LAN server, Holar teaches this limitation. (See Holar at ¶¶ [0040], [0044] and the teaching of reverse invoke architecture and reverse invoke server)

Re: Claim 20
A method for providing client access to a service that resides within a LAN protected by a firewall, comprising: receiving, by a server residing outside of said LAN, a request from a client for access to said service; relaying, by the server residing outside of said LAN, the request for access to said LAN at the TCP/IP level; establishing a TCP/IP connection between the server residing outside of said LAN and said service; and transferring data provided by the service in response to the request at the TCP/IP level on said TCP/IP connection. Interpreting the server residing outside of a LAN to be the DMZ 
 
Re: Claim 21
The method of claim 20, wherein the server is positioned between the LAN and a wide area network (WAN).  See Fig. 2 in Holar. See also the rejection of claim 3 above.

Re: Claim 21
The method of claim 20, wherein the server is configured to relay communication between the LAN and the WAN. See the rejection of claim 15 above.  

Re: Claim 22
The method of claim 21, wherein the server is configured to relay communication between the LAN and the WAN. See the rejection of claim 14 above.  

Re: Claim 23
The method of claim 20, wherein the server is separated from the LAN by the firewall. See Horal Fig. 2.

Re: Claim 24
The method of claim 21, wherein the server is configured to receive the request from the client for access from the WAN. See the rejection of claim 13 regarding this limitation.

Re: Claim 25
The method of claim 20, wherein the service is configured to send a response to the request to the server through the TCP/IP connection. See the rejection of claims 18 and 19 regarding “response” recited in the claims.  

Re: Claim 26
The method of claim 25, wherein the server is configured to route the response to the client. See the rejection of claims 18 and 19 regarding “response” recited in the claims.  

Re: Claim 27
Claim 27 is similar to system claim 1, and is rejected as explained in the rejection of claim 1, additionally reciting a “a connection binder” in the limitation related to, “and a DMZ server configured to receive an established outbound connection from a LAN server of said LAN, and create a connection binder between the requests received from the client and the established outbound connection.” However, Holar teaches a connection binder that “(2) specify a bind address (e.g., providing the ability to bind to a specific IP address on a machine).” (Holar at ¶ [0066])

Re: Claim 27
Claim 28 is similar to method claim 3, and is rejected as explained in the rejection of claim 3, additionally reciting a “a connection binder” in the limitation related to, “and a DMZ server configured to receive an established outbound connection from a LAN server of said LAN, and create a connection binder between the requests received from the client and the established outbound connection.” However, Holar teaches a connection binder that “(2) specify a bind address (e.g., providing the ability to bind to a specific IP address on a machine).” (Holar at ¶ [0066])
 
Conclusion
20. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Majid Banankhah whose telephone number is (571)272-3770. The examiner can normally be reached on Monday to Friday - 7:30 AM to 4:30 PM, Pacific Time. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Hetul Patel can be reached on (571) 272-4184 The fax phone number for the organization where this application or proceeding is assigned is 571-273-9000.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.
Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.  


(571) 272-7537

Conferee:

/Ovidio Escalante/
Reexamination Specialist

/H.B.P/Supervisory Patent Examiner, Art Unit 3992