DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim 1 is been examined.
Priority
Applicant's claims domestic priority to U.S. Provisional Application No. 62/862,438 filled on June 17th, 2019 is acknowledged.

Information Disclosure Statement
The IDS received on 09/16/2020 has been entered and references cited within carefully considered.
Drawings
The drawings are filled on 06/17/2020 and 12/28/2020 are accepted. 

Claim Objections
Claim 1 objected to because of the following informalities:
the semicolon ";" is suggested in claim 1, line 14 .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Chaturvedi et al. (US Pub. No.: 2015/0026262 A1) in view of Eisenberg et al. (US Pub. No.: 2003/0188001 A1), in further view of Yoon et al. (US Pub. No.: 2012/0166593 A1).
Regarding claim 1, Chaturvedi discloses a method for TCP tunneling over a public wide area network [Figure’s 20, 23A and 23B, Paragraph’s 0170-0172], the method comprising: discovering, by a remote client, an undiscovered UDP endpoint for a gateway server (The tunneling server 2402 may provide access to other endpoints for an endpoint that does not have UDP access or access to another expected protocol. For example, if the endpoint 104 performs a STUN request and the request fails, the network within which the endpoint 104 is positioned may not support UDP (e.g., the network may be an Enterprise network that has disabled initiating, by the remote client, a handshake with the discovered endpoint for the gateway server (As the two endpoints 104 and 1901 are not logged in when the present example begins, they must both authenticate with the access server 102. In step 2010, the endpoint 104 sends an authentication request to the access server 102 with its private and public IP address/port pairs. In step 2012, the access server 102 responds to the authentication request and, as described previously, returns information that includes the private and public IP addresses of any buddy endpoints that are currently logged in. However, as the endpoint 1901 has not yet logged in, the information received by the endpoint 104 from the access server 102 will not include any address information for the endpoint 1901 [Para. 0142]) checking, by the remote client, whether the gateway server is trusted, based on the public key presented during handshaking via a datagram message (At this point, the endpoint 104 wants to establish a communication session with the endpoint 1901, but does not know which of the three routes (i.e., pr, pu, and rl) should be used. In the previously described rule-based system, the endpoint 1901 would publish its NAT information, which enables the endpoint 104 to determine how to establish a connection. However, in the present example, such information is not published and the endpoint 104 does not know whether the endpoint 1901 is in the same private network as the endpoint 104, whether the endpoint 1901 is only accessible via a public network, whether the endpoint 1901 is behind a NAT device, or, if the endpoint 1901 is behind a NAT device, the settings of the NAT device (full cone, port restricted, etc.). Accordingly, responsive to successful authentication of the remote client by the gateway server (Referring to FIG. 24, a sequence diagram illustrates one embodiment of a message sequence 2400 that may occur in the environment of FIGS. 23A and 23B to establish a connection between the endpoints 104 and 106. As with the previous discussion of FIG. 20, the endpoints 104 and 106 may each maintain a table, although this is not shown in the present example [Para. 0169]. (In steps 2420 and 2422, the endpoints 104 and 106 may establish a communication session as described previously with respect to FIGS. 20 and 21. However, the communications between the two endpoints 104 and 106 will use the tunnel between the endpoint 104 and the tunneling server 2302 and the corresponding shadow IP address and port for the endpoint 104 [Para. 0174]), opening, by the gateway server, a pipe port to the remote client; opening, by the remote client, a pipe connection to the pipe port establishing a control connection (In step 2402, the endpoint 104 sends a STUN request that fails. Based on the failure of the STUN request, the endpoint 104 determines that the network (e.g., the NAT device 1004) has disabled UDP. It is understood that other indicators may be used to determine that UDP is not available. In step 2404, based on the unavailability of UDP, the endpoint 104 opens a TCP /IP connection (i.e., a tunnel) with the tunneling server 2302. This connection may use a port such as port 443 of the NAT device 1004, which is the default TCP port for HTTP Secure (HTTPS) connections using the Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols. However, it is understood that port 443 is only an example and that other sending, by the remote client through the control connection to the gateway server, an authorization request for access to one or more tunnels (Communications between the endpoints 104 and 2304 as illustrated in FIG. 23B may follow a similar sequence of presence messages and responses as that described above with respect to FIG. 24. However, since the endpoints 104 and 2304 are in the same local network, the private route 1902 is available and the private presence messages may reach their destinations. The endpoint 2304 may not use a relay message to try to reach the endpoint 104, since its failed STUN request will inform the endpoint 2304 that UDP is not available. In order to use the public and relay routes, the endpoint 2304 will create a tunnel with the tunneling server 2303 as described above with respect to the endpoint 104. The public and relay messages may still work via the respective tunnels of the endpoints 104 and 2304 [Para. 0176]); confirming, by the gateway server, tunnel availability by ascertaining current session counts of tunnel access by an authenticated user (A SIP messaging model over UDP, and so accommodates the transaction-based SIP model within connection-less UDP messaging; the endpoints 104 and 1901, respectively, send STUN requests to obtain their corresponding public IP address/port pairs; the access server 102 responds to the authentication request and, as described previously, returns information that includes the private and public IP addresses of any buddy endpoint; 
Although Chaturvedi discloses everything as applied above, Chaturvedi does not explicitly discloses responsive to confirming tunnel availability, mapping for each authorized tunnel for the remote client to a pipe port; send, by the remote client to the gateway server, a tunnel confirmation request through the control connection; receive, by the remote client from the gateway server, a list of tunnels wherein the list includes for each tunnel, a tunnel name, a tunnel name pipe port, and a default TCP listener address for the tunnel name; and opening, by the remote client, local TCP listeners corresponding to a list of -33-default TCP listener addresses wherein each new connection opened to any of these TCP listeners results in a pipe connection to the associated pipe port assigned to the tunnel. However, these concepts are well known in the art as taught by Eisenberg.
In the same field of endeavor, Eisenberg discloses responsive to confirming tunnel availability, mapping for each authorized tunnel for the remote client to a pipe port (Server or Service-In reference to a tunnel, the end of the tunnel that receives a tunneled connection. TCP Stack Plug-in (TSP). The TSP is a component of the TP installed just below the socket level which on the client side, intercepts send, by the remote client to the gateway server, a tunnel confirmation request through the control connection (Tunneling Driver Plug-in (TDP). The TDP is a component of the TP installed at a driver level (e.g., NDIS Intermediate driver on Windows TM) that accepts commands from the TSP and manages the tunneling protocol (for example, managing the protocol includes bi-directional UDP emulation within a TCP tunnel). This component also snoops TCP/IP protocol for information required to reconstruct data Stream or datagrams on the receiving side of a tunneled Session. Tunnel Port-The TCP/IP port used to establish a tunnel between a client and Server [Para. 0056-0057]); receive, by the remote client from the gateway server [Para. 0134], a list of tunnels wherein the list includes for each tunnel, a tunnel name, a tunnel name pipe port, and a default TCP listener address for the tunnel name (In the present embodiment, the TDP is responsible for tunneling two types of data: TCP (Type I) and UDP (Type II) data streams. On the client side, the TDP accepts commands from the TSP, which intercepts socket calls using specific ports and  opening, by the remote client, local TCP listeners corresponding to a list of -33-default TCP listener addresses wherein each new connection opened to any of these TCP listeners results in a pipe connection to the associated pipe port assigned to the tunnel (In system 600 of FIG. 7, firewalls 605 and 610 are configured So that only outgoing TCP connections are allowed and the gatekeeper is set to gatekeeper-routed mode. Tunnel plug-ins (not shown) are installed on endpoints 625-640 as well as the gatekeeper 615 and Multipoint Control Unit (MCU) 620. The MCU 620 and the gatekeeper 615 may be on separate machines with different IP addresses, but in any case communicate over channel 685. Tunnels are created from the endpoints 625-640 to the gatekeeper 615 when the endpoints 625-640 register with the gatekeeper 615. In system 600, a client 625-640 registers with a gatekeeper 615. The registration does not necessarily require authentication but the client user provides some user name (e.g. Alf, Dave, Jay or Mike) and IP address (e.g. 10.0.0.1 and 10.0.0.2). When the tunnel listener or TSP on the gatekeeper's plug-in accepts a tunnel connection from the client, the listener will generate an alternate or “fake” IP 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Eisenberg method into Chaturvedi invention. One of ordinary skill in the art would have been motivated to allows the establishment of communication channels between computers protected by a firewall and outside third parties, but without compromising the firewall security measures Set up to protect against unauthorized or non-permitted data transfers [Eisenberg, Para. 0015].
Although Chaturvedi/Eisenberg disclose everything as applied above, Chaturvedi/Eisenberg does not explicitly DTLS handshake. However, these concepts are well known in the art as taught by Yoon.
In the same field of endeavor, Yoon discloses DTLS handshake [Para. 0047-0055].
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Shribman method into Chaturvedi/Eisenberg invention. One of ordinary skill in the art would have been motivated to solve the problem of securing communications between the servers [Yoon, Para. 0016].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. (1) Krieger et al. (US Pub. No: 2014/0359700 A1) teaches an approach for reutilizing transport layer security (TLS) connections among separate application is provided. In one aspect, a computing system establishes a transmission control program/Internet protocol (TCP/IP) connection between a first application of a first endpoint and a second application on a second endpoint. The computing system further performs a TLS handshake over the established TCP/IP connection. The computing system also transmits a request from a third application of the second endpoint to transfer a TLS context from the second application on the second endpoint. In response to the second application on the second endpoint accepting the transfer request, the second application utilizing via the one or more computer processors, a predetermined method of providing a TLS context to the third application, wherein the third application of the second endpoint and the first application of the first endpoint communicate securely. (2) Lee et al. (US Patent No.: 10,348,767 B1) teaches cloud endpoints are secured using agents and a controller connected to the agents. A whitelist identifies components and processes of an authorized multi-tiered application for the cloud. An application profile for the application specifies valid computing flows between components of a tier and components of another tier, where components of the tier are executed at an endpoint and the other components of the other tier are executed at another endpoint. Endpoints are provisioned with static routing tables identifying at least one subnet destination. A request is received at a first endpoint to connect to a second endpoint. If the second endpoint falls within the at least one subnet .
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DHARMESH J PATEL whose telephone number is (571)272-2690.  The examiner can normally be reached on Monday-Friday 8:00AM-5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Marsha D Banks-Harold can be reached on (571) 272-7905.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


DHARMESH J. PATEL
Examiner
Art Unit 2465


/DHARMESH PATEL/
Examiner, Art Unit 2465

	
/MARSHA D BANKS HAROLD/Supervisory Patent Examiner, Art Unit 2465