DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office correspondence is in response to the Request For Continued Examination submitted on December 29, 2021 for application 16/578552.
Claims 14 – 33 are pending
Claims 14, 21, and 28 are amended.
 Claims 14 – 33 are rejected.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/29/2021 has been entered.
Response to Arguments
Applicant’s arguments filed on 12/29/2021 have been fully considered and are persuasive to the rejection of claims 14- 33 under 35 USC 102 (a) (2) and 35 USC 103, and the rejections from the prior office action are withdrawn.  However, the applicant’s amendments to claims 14, 21, and 28 necessitated a new search and consideration resulting in a new ground(s) of rejection to claims 14- 33 under 35 USC 103.  The examiner here now responds to each argument.  Underlined text indicates claim language that was amended since the last office action.
In regard to claims 14 – 16, 18 and 20, (which were rejected as being anticipated by prior art Sundermeyer), and in regard to claims 17, 19, and 21 – 23 (which were rejected as being un-patentable 
“requesting a tunnel from and through a video gateway device residing at a client site;
receiving an offer of the tunnel from and through the video gateway device; and offering the tunnel to the web service client container from and through the video gateway device to avoid one or more firewalls present at the client site.” (as recited in claim 14 and substantially replicated in claims 21 and 28).
The applicant states:
“ . . . The pending claims recite a computer system including a computer having non-transitory memory configured to store machine instructions when executed by the computer implement the following web service proxy protocol functions: upon receipt of a tunnel request from a web service client container, requesting a tunnel from and through a video gateway device residing at a client site; receiving an offer of the tunnel from and through the video gateway device; and offering the tunnel to the web service client container from and through the video gateway device to avoid one or more firewalls present at the client site. These limitations are supported by the originally-filed specification. See, e.g., [0013] (“The following variations may be drawn to a gateway for a networked video management system that may include a gateway client application that may be executed from a video gateway device, typically residing at a client site,
such as, a video surveillance site. The video client application may be configured to transmit video data from the video gateway device to a cloud instance. The video data may be transmitted to the cloud instance through a secure hypertext transfer protocol (HTTPS) connection to the cloud instance to avoid any firewall present at the client site.” [0015] (“Each video gateway device 22a and 22b may be hardware device that may be configured to act as a gate between client network 12 and server network 16 to enable network traffic, including streaming video data traffic, to flow in and out of each network 12 and 16.”), [0023] (“Upon receiving the video data request, recorder containers 36 a and/or 36 b request a tunnel from web service proxy container 30, as depicted by arrow 122. Upon the web service proxy container 30 receiving the tunnel request, the web service proxy container 30 requests the tunnel from the video gateway devices 22 a and/or 22 b, respectively, as depicted in arrow 124.”) and [0024] (“The tunnel may be then offered to web service proxy container 30 by video gateway devices 22 a and 22 b, depicted by arrow 130. In turn, as depicted by arrow 132, web service proxy container 30 offers the tunnel to web service client containers 32 a and/or 32 b.)

The pending claims are not disclosed or suggested by Sundermeyer and/or Doyon. Sundermeyer discloses a Live Video (Relay) feature. See [0570] through [0584]. Upon user login to portal, portal creates a media relay tunnel by calling relayAPImanager create. [0570]. RelayAPImanager creates relays and sends ip-config-relay variable (which instructs gateway to create media tunnel) to gateway. [0571]. Upon receiving media 
relat video server. On the other hand, the pending claims require offering a tunnel to a web service client container from and through a video gateway device. As shown in Figure 24 of Sundermeyer, the Premises Gateway exchanges commands and events with XMPP Server,which is connected with the Camera. Figure 24 of Sundermeyer also does not disclose offering a tunnel to a web service client container from and through a video gateway device as required by the pending claims.

Moreover, Sundermeyer does not “offer[] the tunnel to the web service client container
from and through the video gateway device to avoid one or more firewalls present at the client site.” Rather, the gateway disclosed in Sundermeyer is coupled to a router/firewall. See, e.g.,[0166] and [0167] (“The gateway 102 is coupled to the premise router/firewall 252[.]”). On the other hand, the pending claims set up a tunnel with the gateway that avoids client site firewalls.
See, e.g. [0026] (“No other network considerations (e.g., firewalls) may be necessary because video management system 10 only initiates Internet connections (e.g., HTTPS connection) to server network 16, e.g., web service proxy container 30.”)

Doyon does not remedy the deficiencies of Sundermeyer. Doyon discloses a duly
registered security device 105 transmitting securely security data to a security server. See [0100] (“Thus the duly registered security device 105 may now transmit security data to the security server without risk of the wrong device being used.”)

In light of the foregoing, Applicant urges that Sundermeyer and/or Doyon do not disclose or suggest the pending claims. Accordingly, Applicant respectfully requests withdrawal of the present rejections and allowance of the case. (Applicant’s Remarks pages 6 – 9).

In response to the applicant’s argument:
The applicant’s amendment to independent claims 14, 21, and 28 substantially changed the scope of the claims by requiring the video gateway device to reside at the client site and to have a tunnel requested and offered from and through the video gateway device.  Such a requirement narrows the claim to overcome the 35 U.S.C. 102(a) (2) rejections under Sundermeyer and the 35 U.S.C. 103 rejections under Sundermeyer and Doyon.  Thus, the applicant’s argument is persuasive, but therein the applicant’s amendment necessitated further search and consideration which discovered additional prior et al. (U.S. 2001/0043571 A1; herein referred to as Jang).  Jang is directed to videoconferencing wherein a videoconferencing switch is installed at an access point to an IP network, and a plurality of subscribers is registered for videoconferencing services, and each subscriber has a video gateway to accept video data through a tunnel from a video services switch.  Therein, Jang discloses that the video gateways support tunnels to and from the video services switch where firewalls present at a subscriber location are configured to pass the tunneled video conferencing data through the firewalls unexamined (see Jain ¶ ¶ [0030-0033], ¶ ¶ [0107-0114], Figs. 1 – 2).  As a result of applicant’s amendment the rejections to claims 14 – 16, 18, and 20 under 35 U.S.C. 102(a) (2) over Sundermeyer have been withdrawn, and the rejections to claims 17, 19, and 21 – 33 under 35 U.S.C. 103 over Sundermeyer and Doyon have been withdrawn, but because of the new grounds of rejection, claims 14 – 16, 18, 20 – 23, 25, 27 – 30, and 32 are rejected under 35 U.S.C. 103 over the combination of Sundermeyer and Jang, and claims  17, 19, 24, 26, 31, and 33 are rejected under 35 U.S.C. 103 over the combination of Sundermeyer, Jang, and Doyon.  The applicant is directed to the respective rejections below.
The examiner recommends that the applicant review the specification for disclosure that if integrated into the independent claims would distinguish the amended claims from the cited prior art.  The applicant is invited to contact the examiner for an interview to discuss how to move the prosecution forward.

Priority
Applicant’s claim for the benefit of a prior-filed provisional application 62/735631 under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged.  The Applicant has complied with the conditions for receiving the benefit of an earlier filing date of September 24, 2018 under 35 U.S.C. 119(e). 
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 09/17/2021 was filed after the mailing date of the final office action on 07/02/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Double Patenting Analysis
The applicant has filed applications 16/542693, and 16/576919 that are co-pending with the instant application and that claim benefit to U.S. Provisional Application No. 62/735631.   At this time of examination, the instant application appears to claim only subject matter directed to an invention that is independent and distinct from that claimed in the co-pending applications, and names the inventor or at least one joint inventor named in the co-pending applications.  Therein, no non-statutory Double Patenting rejections have been applied.  The applicant is required to maintain a clear line of demarcation between the applications during prosecution, as the Double Patenting analysis can be revisited if the claims of the instant application and the co-pending applications converge to claiming the same subject matter.  The applicant may wish to proactively file a terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) to overcome possible future Double Patenting rejections.
35 USC § 101 Analysis
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 14 – 33 are directed to statutory subject matter.  The claims are directed to non-abstract improvements in computer related technology.  A claim is non-statutory when it is directed to a judicial exception (e.g. either one of mathematical concepts, mental processes, or certain methods of organizing human activity) without significantly more.  The claimed invention is not directed to a judicial exception.  
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 14 – 16, 18, 20 – 23, 25, 27 – 30, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Sundermeyer et al. (U.S. 2017/0070361 A1; herein referred to as Sundermeyer) in view of Jang et al. (U.S. 2001/0043571 A1; herein referred to Jung).
In regard to claim 14, Sundermeyer teaches a product comprising (see ¶ [0070] “. . . : An integrated security system is described that integrates broadband and mobile access and control with conventional security systems and premise devices to provide a tri-mode security network (broadband, cellular/GSM, POTS access) that enables users to remotely stay connected to their premises. The integrated security system, while delivering remote premise monitoring and control functionality to conventional monitored premise protection, complements existing premise protection equipment. The integrated security system integrates into the premise network and couples wirelessly with the conventional security panel, enabling broadband access to premise security systems. Automation devices (cameras, lamp modules, thermostats, etc.) can be added, enabling users to remotely see live video and/or pictures and control home devices via their personal web portal or webpage, mobile phone, and/or other remote client device. . . “)
a computer system for networked video management, the computer system comprising at least one computer having non-transitory memory configured to store machine instructions that are to be executed by the computer ((see ¶ [0078] “ . . . any system, method, and/or other components disclosed herein may be described using computer aided design tools and expressed (or represented), as data and/or instructions embodied in various computer-readable media, in terms of their behavioral, register transfer, logic component, transistor, layout geometries, and/or other characteristics. Computer-readable media in which such formatted data and/or instructions may be embodied include, but are not limited to, non-volatile storage media in various forms (e.g., optical, magnetic or semiconductor storage media) and carrier waves that may be used to transfer such formatted data and/or instructions through wireless, optical, or wired signaling media or any combination thereof. , the machine instructions when executed by the computer implement the following web service proxy protocol functions (see Fig. 7, see ¶ [0180] “. . . The touchscreen 700 generally includes an application/presentation layer 702 with a resident application 704, and a core engine 706. The touchscreen 700 also includes one or more of the following, but is not so limited: applications of premium services 710, widgets 712, a caching proxy 714, network security 716, network interface 718, security object 720, applications supporting devices 722, PanelConnect API 724, a gateway interface 726, and one or more ports 728. . .” see ¶ ¶ [0186 - 0187] “. . . The application engine of the touchscreen provides the presentation and interactivity capabilities for all applications (widgets) that run on the touchscreen, including both core security function widgets and third party content widgets. FIG. 8 is an example screenshot 800 of a networked security touchscreen . . . A component of the application engine is the Presentation Engine, which includes a set of libraries that implement the standards-based widget content (e.g., XML, HTML, JavaScript, Flash) layout and interactivity. This engine provides the widget with interfaces to dynamically load both graphics and application logic from third parties, support high level data description language as well as standard graphic formats. The set of web content-based functionality available to a widget developer is extended by specific touchscreen functions implemented as local web services by the Core Engine . . .”)
receiving a tunnel request (see Fig 24, ¶ [0431]” . . . FIG. 24 is a block diagram showing camera tunneling . . .”)  from a web service client container (see ¶ [0191] “ . . . Video management is provided ;
 upon receipt of the tunnel request (e.g. secure connection) (see ¶ [0521] “ . . . Upon receiving a new connection request, session server performs authentication by making passthrough API request to gateway for given SiteId. [0520] b. Session xmpp server authenticates new session using DeviceKey received in above GET request against received xmpp client credential . . .”)  from the web service client container (see ¶ [0192]” . . . Both the high level application layer and the mid-level core engine of the touchscreen can make calls to the network. Any call to the network made by the application layer is automatically handed off to a local caching proxy, which determines whether the request should be handled locally. Many of the requests from the application layer are web services API requests, although such requests could be satisfied by the iControl servers, they are handled directly by the touchscreen and the gateway. Requests that get through the caching proxy are checked against a white list of acceptable sites, and, if they match, are sent off through the network interface to the gateway. Included in the Network Subsystem is a set of network services including HTTP, HTTPS, and server-level authentication functions to manage the secure client-server interface . . .”).
Sundermeyer fails to explicitly teach requesting a tunnel from and through a video gateway device residing at a client site; receiving an offer of the tunnel from and through the video gateway device, and offering the tunnel to the web service client container from and through the video gateway device to avoid one or more firewalls present at the client site.  However Jang teaches requesting a tunnel from and through a video gateway device (see Fig. 1 ¶ [0066] “. . . to connect videoconferencing calls includes configuring various components and modules as shown. At 602, step 510 includes configuring a tunneling module, which includes at 604, creating an IPSec tunnel between switch 12 and gateway 36. This step requires setting up IPSec authentication and encryption parameters  residing at a client site (e.g. subscriber network location) (see Fig. 1 ¶ [0030] “. . . Each enterprise subscriber network 18 also typically includes an enterprise video gateway 36 and enterprise edge router 38. Enterprise edge router 38 is configured to route data traffic between terminals 34 and service provider network 14, based on source and destination IP addresses . . . “); receiving an offer of the tunnel from and through the video gateway device (see ¶ [0107] “. . . Creation of IPSEC tunnels between Video Switch and Enterprise Video Gateways located in each subscriber network (optional). This requires setting up of IPSEC authentication and encryption parameters on Video Switch. The tunneling service unencapsulates traffic from Enterprise Video Gateways. It also maintains a dynamic mapping of IP address of each Enterprise Video Gateway and port numbers so that the Enterprise Video Gateway can correctly route call setup and video traffic back through to the appropriate Enterprise Video Gateway . . .”), and offering the tunnel to the web service client container from and through the video gateway device (see ¶ [0109-0112] “. . . A subscriber may have multiple virtual routers within a switch (e.g. for different physical locations supported by the same switch). The definition of a virtual router is based on the Enterprise Video Gateway IP address information (in case of video traffic traversing firewalls), enterprise edge router or DSI, IAD IP address information, the Video Switch physical network interface that is used (in case of a dedicated connection) or the POP edge/aggregation router (in case of a video traffic traversing firewalls) for traffic from/to subscriber enterprise. Virtual routers are at the heart of the services segmentation and layering architecture of the video services switch. . . . Configuring of routing services for each enterprise subscriber (required). This involves support of BGP and OSPF routing on a per-virtual router basis (i.e. separate routing tables are maintained for each subscriber to segment its traffic) . . .  Configuring of H.323 gatekeeper and/or SIP proxy services for each subscriber served by Video Switch  to avoid one or more firewalls present at the client site (see ¶ [0114] “. . . Configuring of H.323/SIP application proxy firewall services by each enterprise subscriber. The H.323/SIP parses the control flows to dynamically open/close ports for control traffic. It forwards this information to the network data plane hardware. The configuring step includes addition of firewall address information into the gatekeeper database for that zone, setting of ports or channels that are statically open (by default the firewall is an opaque system) and security logging . . . “).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a system, method, and device for use in videoconferencing wherein a videoconferencing switch is installed at an access point to an IP network, and a plurality of subscribers is registered for videoconferencing services, and each subscriber has a video gateway to accept video data through a tunnel, as taught by Jang, into a method and system that deploys a gateway to create secure video tunneled connections using video cameras in a security system that is controlled and managed via a web client service, as taught by Sundermeyer.  Such incorporation provides an mechanism to execute video applications through a gateway at the client site.
In regard to claim 15, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include opening a network connection from the video gateway device to a web service proxy protocol (e.g. APIs) (see Sundermeyer ¶ ¶ [0233-0234]” . . . the touchscreen core application 1410 accesses the remote service APIs 1412 which provide security system functionality (e.g. ARM/DISARM panel, sensor state, get/set panel configuration parameters, initiate or get alarm events, etc.) . . . Functions of the remote service APIs 1412 of an embodiment use a remote PanelConnect API 1424 which resides in memory on the gateway 1402. The touchscreen 1403 
In regard to claim 16, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include maintaining the opening of the network connection (see Sundermeyer ¶ ¶ [0534-0537]” . . .  When performing passthrough for LWGW, the API endpoint handles the LWGW failover case (e.g., when gateway is not currently running on any session server).  b. passthrough functions in the following way: current session server IP is maintained on the gateway object; server looks up gateway object to get session IP and then sends passthrough request to that session server; if that request returns gateway not found message, server error message, or a network level error (e.g., cannot route to host, etc.), if the gateway is a LWGW then server should lookup the primary/secondary LW Gateway group for this site; server should then send resume message to primary, followed by rest request; if that fails, then server send resume message to secondary followed by rest request c. alternatively, passthrough functions in the following way: rather than lookup session server IP on gateway object, passthrough requests should be posted to a passthrough queue that is monitored by all session servers; the session server with the Gateway on it should consume the message (and pass it to the appropriate gateway); the server should monitor for expiry of these messages, and if the gateway is a LWGW then server should lookup the primary/secondary LW Gateway group for this site; server should then send resume message to primary, followed by rest request; if that fails, then server send resume message to secondary followed by rest request . . .”)during implementation of the receiving the tunnel request function (see Sundermeyer ¶ [0521 as described for the rejection of claim 14 and is , the requesting the tunnel function see Sundermeyer ¶ [0084] as described for the rejection of claim 14 and is incorporated herein], the receiving the offer of the tunnel function (see Jang ¶ [0107] as described for the rejection of claim 14 and is incorporated herein], and the offering the tunnel function (see Jang ¶ ¶ [0109-0112] as described for the rejection of claim 14 and is incorporated herein].
In regard to claim 18, the combination of Sundermeyer and Jang teaches wherein the opening function includes checking a certificate (e.g. serial number and activation key) of the video gateway device (see Sundermeyer ¶ [0574] “. . . A gateway-enabled device is assigned a unique activation key for activation with an iConnect server. This ensures that only valid gateway-enabled devices can be activated for use with the specific instance of iConnect server in use. Attempts to activate gateway-enabled devices by brute force are detected by the Security Engine. Partners deploying gateway-enabled devices have the knowledge that only a gateway with the correct serial number and activation key can be activated for use with an iConnect server. Stolen devices, devices attempting to masquerade as gateway-enabled devices, and malicious outsiders (or insiders as knowledgeable but nefarious customers) cannot effect other customers' gateway-enabled devices. . . “)
In regard to claim 20, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol is included in a web server proxy container (see Sundermeyer ¶ ¶ [0180-0181], Fig. 7 “. . . FIG. 7 is a block diagram of a touchscreen 700 of the integrated security system, under an embodiment. The touchscreen 700 generally includes an application/presentation layer 702 with a resident application 704, and a core engine 706. The touchscreen 700 also includes one or more of the following, but is not so limited: applications of premium services 710, widgets 712, a caching proxy 714, network security 716, network interface 718, security object 720, applications supporting devices 722, PanelConnect API 724, a gateway interface 726, and one or more ports 728.  More specifically, the touchscreen, when configured as a home security device, includes but is not limited to the following 
In regard to claim 21 a product comprising (see ¶ [0070] as described for the rejection of claim 14 and is incorporated herein):
a computer system for networked video management, the computer system comprising at least one computer having non-transitory memory configured to store machine instructions that are to be executed by the computer (see ¶ [0078] as described for the rejection of claim 14 and is incorporated herein), the machine instructions when executed by the computer implement the following web service proxy protocol functions (see Fig. 7, ¶ [0180], ¶ ¶ [0186 - 0187] as described for the rejection of claim 14 and is incorporated herein):
receiving a list of connected network cameras from a video gateway device (see ¶ [0739] “ . . . Like one or more other objects, the camera object provides a list of cameras, camera names, and status . . .” see ¶ [0375] “ . . . FIG. 23 is a general flow diagram for IP video control, under an embodiment. The IP video control interfaces, manages, and provides WAN-based remote access to a plurality of IP cameras in conjunction with a home security or remote home monitoring system. The IP video control allows for monitoring and controlling of IP video cameras from a location remote to the customer premise, outside the customer premise firewall, and protected by another firewall. Operations begin when the system is powered on 2310, involving at a minimum the power-on of the gateway, as well as the power-on of at least one IP camera coupled or connected to the premise LAN. The gateway searches ; 
receiving a tunnel request (see Fig 24, ¶ [0431] as described for the rejection of claim 14 and is incorporated herein) from a web service client container (see ¶ [0191] as described for the rejection of claim 14 and is incorporated herein), the tunnel request configured to establish a tunnel between one or more connected network cameras on the list of connected network cameras (see ¶ ¶ [0739-0744] “ . . FIG. 45 is a flow diagram for playing live video, under an embodiment. The playing of live video uses a secure video module to ensure the integrity and security of each video stream. The prerequisites for client app initialization are as follows:  1. client application has system secure video module such as iOS, Android, or Web player 2. client application must have a partner-specific appKey to enable authentication 3. user authenticates with login, password, appKey etc. which returns an X-token (e.g., Authentication described herein) 4. with that X-token, client can request updates which contains the camera object listed above (e.g., Basic Client Workflow described herein) Once the app has a list of cameras and the user selects a camera, the app code selects a camera channel. This means searching through the getLiveVideoURL command options for a specific camera. For example, if the app supports H.264 in an RTSP stream and a large image is desired, it iterates through the options list to find a channel where codec contains "h264" and "rtsp", and maxWidth is the largest available. The value number is the channel to try first . . .”). 
upon receipt of the tunnel request (e.g. secure connection) (see ¶ [0521] as described for the rejection of claim 14 and is incorporated herein) from the web service client container (see ¶ [0192] as described for the rejection of claim 14 and is incorporated herein).
and a video recorder application; requesting a tunnel from and through the video gateway device residing at a client site; receiving an offer of the tunnel from and through the video gateway device; and offering the tunnel to the web service client container from and through the video gateway device to avoid one or more firewalls present at the client site.  However Jang teaches and a video recorder application (see ¶ [0029] “. . . Each of enterprise subscriber networks 18 typically includes a plurality of terminals 34. Terminals 34, along with video service switch 12 and the various other components of system 10, are typically H.323 or SIP compliant. Terminals 34 are typically videoconferencing devices configured to display and record both video and audio. Terminals 34 may be desktop computers, laptop computers, mainframes and/or workstation computers, or other videoconferencing devices . . .”); requesting a tunnel from and through the video gateway device (see Fig. 1 ¶ [0066] as described for the rejection of claim 14 and is incorporated herein)  residing at a client site (e.g. subscriber network location) (see Fig. 1 ¶ [0030] as described for the rejection of claim 14 and is incorporated herein); receiving an offer of the tunnel from and through the video gateway device (see ¶ [0107] as described for the rejection of claim 14 and is incorporated herein); and offering the tunnel to the web service client container from and through the video gateway device (see ¶ [0109-0112] as described for the rejection of claim 14 and is incorporated herein) to avoid one or more firewalls present at the client site (see ¶ [0114] as described for the rejection of claim 14 and is incorporated herein). 
The motivation to combine Jang with Sundermeyer is described for the rejection of claim 14 and is incorporated herein.
In regard to claim 22, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include opening a network connection from the video gateway device to a web service proxy protocol
In regard to claim 23, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include maintaining the opening of the network connection (see Sundermeyer ¶ ¶ [0534-0537] as described for the rejection of claim 16 and Is incorporated herein) during implementation of the receiving the tunnel request function (see Sundermeyer ¶ [0521]as described for the rejection of claim 14 and is incorporated herein), the requesting the tunnel function (see Sundermeyer ¶ [0084] as described for the rejection of claim 14 and is incorporated herein],, the receiving the offer of the tunnel function (see Jang ¶ [0107] as described for the rejection of claim 14 and is incorporated herein], and the offering the tunnel function (see Jang ¶ ¶ [0109-0112] as described for the rejection of claim 14 and is incorporated herein].
In regard to claim 25, the combination of Sundermeyer and Jang teaches wherein the opening function includes checking a certificate (e.g. serial number and activation key) of the video gateway device (see Sundermeyer ¶ [0574] as described for the rejection of claim 18 and is incorporated herein).
In regard to claim 27, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol is included in a web server proxy container (see Sundermeyer ¶ ¶ [0180-0181], Fig. 7 as described for the rejection of claim 20 and is incorporated herein).
In regard to claim 28, Sundermeyer teaches a product comprising (see ¶ [0070] as described for the rejection of claim 14 and is incorporated herein):
a computer system for networked video management, the computer system comprising at least one computer having non-transitory memory configured to store machine instructions that are to be executed by the computer (see ¶ [0078] as described for the rejection of claim 14 and is incorporated herein), the machine instructions when executed by the computer implement the following web service proxy protocol functions (see Fig. 7, ¶ [0180], ¶ ¶ [0186 - 0187] as described for the rejection of claim 14 and is incorporated herein):
receiving a list of connected network cameras from a video gateway device (see Fig. 23, ¶ [0375], ¶ [0739] as described for the rejection of claim 21 and is incorporated herein); adding the list of connected network cameras to a work queue (e.g. camera channel) (see ¶ [0737] “. . . FIG. 44 shows various example camera objects, under an embodiment. Each camera type has certain capabilities, a limited set of " channels" (e.g., 2, 3, 4, etc.), and a configuration. For example, channel 2 may be configured to stream H.264-encoded video over an RTSP stream, with a default size of VGA and a max bitrate of 1000 kb. The client is self-aware and as such knows what it can handle (e.g., rtsp or mjpeg, h.264 or mpeg, etc.), and a size to display (e.g., 4-up may be QVGA, 1-up may be VGA, etc.). So, for each camera, the client evaluates the capabilities for each channel, selects a configuration, then requests a URL for that channel. Additionally, the client device retains information about its requested configuration. For example, if the client devices requests channel 3, the client "remembers" it will be a stream intended for QVGA display . . .” see ¶ [0744] “. . . Once the app has a list of cameras and the user selects a camera, the app code selects a camera channel. This means searching through the getLiveVideoURL command options for a specific camera. For example, if the app supports H.264 in an RTSP stream and a large image is desired, it iterates through the options list to find a channel where codec contains "h264" and "rtsp", and maxWidth is the largest available. The value number is the channel to try first . . . “)  
receiving a tunnel request (see Fig 24, ¶ [0431] as described for the rejection of claim 14 and is incorporated herein) from a web service client container (see ¶ [0191] as described for the rejection of claim 14 and is incorporated herein), the tunnel request configured to establish a tunnel between one or more connected network cameras on the list of connected network cameras (see ¶ ¶ [0739-0744] as described for the rejection of claim 21 and is incorporated herein);
upon receipt of the tunnel request (e.g. secure connection) (see ¶ [0521] as described for the rejection of claim 14 and is incorporated herein) from the web service client container (see ¶ [0192] as described for the rejection of claim 14 and is incorporated herein).
Sundermeyer fails to explicitly teach and a video recorder application; requesting a tunnel from and through the video gateway device residing at a client site; receiving an offer of the tunnel from and through the video gateway device; and offering the tunnel to the web service client container from and through the video gateway device to avoid one or more firewalls present at the client site.  However Jang teaches and a video recorder application (see ¶ [0029] as described for the rejection of claim 21 and is incorporated herein); requesting a tunnel from and through the video gateway device (see Fig. 1 ¶ [0066] as described for the rejection of claim 14 and is incorporated herein)  residing at a client site (e.g. subscriber network location) (see Fig. 1 ¶ [0030] as described for the rejection of claim 14 and is incorporated herein); receiving an offer of the tunnel from and through the video gateway device (see ¶ [0107] as described for the rejection of claim 14 and is incorporated herein); and offering the tunnel to the web service client container from and through the video gateway device (see ¶ [0109-0112] as described for the rejection of claim 14 and is incorporated herein) to avoid one or more firewalls present at the client site (see ¶ [0114] as described for the rejection of claim 14 and is incorporated herein). 
The motivation to combine Jang with Sundermeyer is described for the rejection of claim 14 and is incorporated herein.
In regard to claim 29, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include opening a network connection from the video gateway device to a web service proxy protocol
In regard to claim 30, the combination of Sundermeyer and Jang teaches wherein the web service proxy protocol functions further include maintaining the opening of the network connection (see Sundermeyer ¶ ¶ [0534-0537] as described for the rejection of claim 16 and Is incorporated herein) during implementation of the receiving the tunnel request function (see Sundermeyer ¶ [0521] as described for the rejection of claim 14 and is incorporated herein), the requesting the tunnel function, the receiving the offer of the tunnel function (see Jang ¶ [0107] as described for the rejection of claim 14 and is incorporated herein], and the offering the tunnel function (see Jang ¶ ¶ [0109-0112] as described for the rejection of claim 14 and is incorporated herein].
In regard to claim 32, the combination of Sundermeyer and Jang teaches wherein the opening function includes checking a certificate (e.g. serial number and activation key) of the video gateway device (see Sundermeyer ¶ [0574] as described for the rejection of claim 18 and is incorporated herein).
Claims 17, 19, 24, 26, 31, and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Sundermeyer et al. (U.S. 2017/0070361 A1; herein referred to as Sundermeyer) in view of Jang et al. (U.S. 2001/0043571 A1; herein referred to Jung) as applied to claims 14 – 16, 18, 20 – 23, 25, 27 – 30, and 32 in further view of Doyon et al. (U.S. 2018/0270066 A1; herein referred to Doyon).
In regard to claim 17, the combination of Sundermeyer and Jang fails to explicitly teach wherein the web service proxy protocol includes a public key infrastructure.  However Doyon teaches wherein the web service proxy protocol (e.g. enrollment server) includes a public key infrastructure (see Doyon ¶ [0084] “ . . . Over the connection, between the security device 105 and the enrolment server 110, the security device transmits to the enrolment server the activation code 414 as wells as device data, such as identification data if not already done. In the communication exchange between the enrolment server 110 and the security device 105, device identification data (e.g. MAC address, serial number, public key) is exchanged that allows, once the security device 105 is authenticated, identification of the security device 105 as a device that has been authenticated. In the present example, the public key of 
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a system and method for establishing communications between servers and security video devices and more particularly to the communication between security servers and security video recording devices when such communications take place over a public network wherein an enrollment server authenticates the device, as taught by Doyon, into a method and system that deploys a gateway to create secure video tunneled connections using video cameras in a security system that is controlled and managed via a web client service, wherein each location has a video gateway to accept video data through a tunnel as taught by  the combination of Sundermeyer and Jang.  Such incorporation enables the system to integrate cloud available video recording applications accessible through the gateway and to implement security encryption to access the video streams.
In regard to claim 19, the combination of Sundermeyer and Jang fails to explicitly teach wherein the opening function includes establishing the network connection through a secure hyperlink transfer protocol connection.  However Doyon teaches wherein the opening function includes establishing the network connection through a secure hyperlink transfer protocol connection (e.g. HTTPS) (see Doyon ¶ [0083] “. . . Once the security device 105 has the activation code 414, it may then register itself without human intervention with the enrolment server 110. It may begin as it does in this example with certain formality communications, e.g. to configure NTP server settings 418. The security device 105 establishes communication, if not already done, with the enrolment server 110 and vice versa and communicates data, e.g. using REST API. The connection between the security device 105 and the enrolment server 110 may be a secure connection, e.g. encrypted using HTTPS . . .”).

In regard to claim 24, the combination of Sundermeyer, Jang and Doyon teaches wherein the web service proxy protocol (e.g. enrollment server) includes a public key infrastructure (see Doyon ¶ [0084] as described for the rejection of claim 17 along with the motivation to combine the references and is incorporated herein).
The motivation to combine Doyon with the combination of Sundermeyer and Jang is described for the rejection of claim 17 and is incorporated herein.
In regard to claim 26, the combination of Sundermeyer, Jang and Doyon teaches wherein the opening function includes establishing the network connection through a secure hyperlink transfer protocol connection (e.g. HTTPS) (see Doyon ¶ [0083] as described for the rejection of claim 19 along with the motivation to combine the references and is incorporated herein).
In regard to claim 31, the combination of Sundermeyer, Jang and Doyon teaches wherein the web service proxy protocol (e.g. enrollment server) includes a public key infrastructure (see Doyon ¶ [0084] as described for the rejection of claim 17 along with the motivation to combine the references and is incorporated herein).
In regard to claim 33, the combination of Sundermeyer, Jang and Doyon teaches wherein the opening function includes establishing the network connection through a secure hyperlink transfer protocol connection (e.g. HTTPS) (see Doyon ¶ [0083] as described for the rejection of claim 19 along with the motivation to combine the references and is incorporated herein).
Conclusion
There are prior art made of record which are not relied upon but are considered pertinent to applicant’s disclosure. These references are attached and cited in the accompanying PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES N FIORILLO whose telephone number is (571)272-9909.  The examiner can normally be reached on 7:30 - 5 PM Mon - Fri..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John A. Follansbee, can be reached on 571-272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES N FIORILLO/Examiner, Art Unit 2444