Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on  03/02/2022 has been entered. Claims 1-21 have been examined. 

Response to Arguments
Applicant’s arguments, see Remarks pages 7-9  filed on 03/02/2022  with respect to the rejection(s) of claims 1,8,15 under 102  have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Vandevelde
Note: 

The prior art made of record and not relied upon is considered pertinent to applicant's amendments 
Torrent – Patent No. US 7,313,619 A  - Fig.4, Col,5,lines 55-70 ,Co. 6,lines 5-50,
Priority
Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date of the provisional application No. 61/431,270 filed on 01/10/2011 as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original non-provisional application or provisional application); the disclosure of the invention in the parent application and in the later-  filed application must be sufficient to comply with the requirements of the first paragraph of 35' U.S.C. 112. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994).

In the present application, support for the following limitations is lacking in the provisional application 61/431,270 dated 01/10/2011:

For example: the limitation of “wherein the connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions.” is not supported by provisional application. Therefore, examiner will consider the priority date back to continuation application 13/347,352 filed on 01/10/2012.





Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


Claims 1,4,6,8,11,13,15,18,20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Khan et al. Publication No. WO 2008/063360 A2 (Khan hereinafter) in view of Vandevelde et al. Publication No. US 20120158200 A1 (Vandevelde hereinafter) 

Regarding claim 1,

Khan teaches a method, comprising: 
establishing a connection to a hardware resource executing a cloud extension agent on a local network, over a wide area network external from the local network and separated by at least one firewall ( Page 28 - allow for publicly available temporary secure remote access to a private network 720 using a publicly accessible connection manager 734 and an internal node 722 within the private network 720 that is capable of sending outbound requests to the connection manager 734 to establish an encrypted connection between the internal node 722 and the connection manager 734 from 30 inside the private network 720 through a firewall of the private network – Page 33 - processor 826 of internal node 822 (monitoring node) to open the encrypted connection, e.g., SSH tunnel 855, to the connection manager 834-1 through the firewall 825 from within the private network 820. As described herein, in various embodiments, the encrypted connection 855 is 15 established via outbound only requests to the connection manager 834-1 and communications from an access hub, e.g., access hub 802- Fi.g1 – Page 5 - Figure 1 is an embodiment of a network 100 as may exist within a given company. As shown in Figure 1, a number of devices, e.g., PCs, servers, peripherals, etc., can be networked together via a local area network (LAN) (e.g., an Ethernet network), a wide area network (WAN), a wireless local area network (WLAN) the public switched telephone network (PSTN), and/or the Internet 10 using transmission 


 sending, over the connection and through the at least one firewall, to one or more local servers on the local network, a set of instructions to manage a configuration of each mobile device of a set of mobile devices over the wide area network external from the local network without requiring a reconfiguration of the at least one firewall to allow cloud-based network management (Page 19 - the embodiments described herein provide a unified view of a company's network, both from inside and outside the network firewall, without requiring any changes to the CPE (customer premise equipment), firewall rules, etc. The program instruction embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company –page 0035 - For example, the audit log can allow an organization's network administrator to determine how long a particular remote computing device 808 had access to the organization's private network 820, which commands were sent to a particular host device 828 of the network, e.g., which tasks were and/or were not performed by the remote computing device 808, among other information – Page 26 - the internal node 722 can direct the execution of instructions to establish an encrypted connection (5), e.g., open a secure tunnel, to the connection manager 734. One of ordinary skill in the art will appreciate upon reading this disclosure, the manner in which computer executable instructions can be executed in association with an internal node 722 to establish a secure connection, e.g., a SSH tunnel, to the connection manager 734 from inside the private network 720 through the firewall of private network – Page 12 - The internal monitoring device 3 16 thus get their instructions and updates from the one or more data centers 304-1, ... , 304-N on what to monitor Thus, a company using these embodiments will not need to purchase any additional hardware, train any staff, or configure any software and costly upgrades are avoided. According to various embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates
10 if something is needed or has changed - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, PC tablets, cellphones, pagers, and the like - See Also Page 35 –lines 30-35, page 36, lines 1-5 );


 receiving, from the one or more local servers on the local network over the connection, status and configuration information associated with the set of mobile devices that access the one or more local servers (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data "internal" to the LAN location 301-1 regarding the various network devices, e.g., web server, mail server 312, etc. 15 The internal monitoring device can be reporting this information up to the one or more data centers 304-1, ... , 304-N, through one interface or another (as discussed more in Figure 4), reflecting that the network is up and functioning properly Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed  - See Also Page 35 –lines 30-35, page 36, lines 1-5); and


 receiving subsequent status and configuration information over the connection, wherein the subsequent status information comprises incremental data indicative of changes to the status and configuration information associated with one or more of the set of mobile devices (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. The internal monitoring device can record this data and update the remote data center on a periodic basis – Page -13 - The internal monitoring device 316 will record all of this data and update the one or more data centers 304-1, .. . , 304-N on a periodic basis via the web requests or other backup interface - Screens showing the status of the network will be instantly available once the internal monitoring device 316 is connected to the network and begins sending data and/or alerts to the one or more data centers 304-1, ... , 304-N - Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify 

However, Khan does not explicitly teach 

wherein the connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions.


Vandevelde teaches 

connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions (¶ 0056 -0058 - The central backend management system 250 may send configuration information to the SCP 310 and monitor the SCP 310 and its associated CPV array. The central backend management system 250 may send auto-configuration files over the Internet to two-axis tracking mechanisms installed at the solar site based on the GPS coordinates of that two-axis tracker mechanisms – ¶  0058 - From behind a firewall, the SCP 310 communicates with the central backend management system 250 over the Internet (as illustrated in FIG. 2). The SCP 310 may keep this communication (i.e., the socket connection) open until the protocol specific end tag is received. This creates a persistently open outbound connection coming from the SCP 310 out to the central backend management system 250 to work around the firewall at the SCP 310. From a high level, the SCP command architecture is a HTTPS client/server that exchanges XML messages constrained by a specific schema. The central backend management system 250 sends XML commands through a TLS encrypted channel and expects XML responses from the SCP 310. Both the central backend management system 250 and the SCP 310 follow the HTTPS protocol requiring the appropriate headers – See ¶  0072, ¶  0005, ¶  0029, ¶  0042, ¶  0046). 

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Vandevelde.  The motivation for doing so is to allow a system to create a persistent connection in order to provide secure remote access to the set of components through their respective firewalls (¶  0060 – Vandevelde). 

 Regarding claim 4,

Khan further teaches 

wherein the connection is a secure connection (Page 52- the access hub then executes instructions to send a request ( 4) to the internal node 1222 instructing internal node 1222 to establish a secure connection, e.g., an encrypted 10 connection such as a SSH tunnel, to the connection manager 1234. - The internal node 1222 can direct the execution of instructions to establish an encrypted connection (5), e.g., open a secure tunnel, to the connection manager 1234. One of ordinary skill in the art 20 will appreciate upon reading this disclosure, the manner in which computer executable instructions can be executed in association with an internal node 1222 to establish a secure connection, e.g., a SSH tunnel, to the connection manager 1234 – See Claim 8 , Page 21 ).


Regarding claim 6,
Khan further teaches 
 
wherein the status and configuration information is received by a cloud-based service Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data "internal" to the LAN location 301-1 regarding the various network devices, e.g., web server, mail server 312, etc. 15 The internal monitoring device can be reporting this information up to the one or more data centers 304-1, ... , 304-N, through one interface or another (as discussed more in Figure 4), reflecting that the network is up and functioning properly -Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only 




Regarding claim 8,

Khan teaches an apparatus, comprising: a first hardware resource to:

 establish a connection to a hardware resource executing a cloud extension agent on a local network, over a wide area network external from the local network and separated by at least one firewall ( Page 28 - allow for publicly available temporary secure remote access to a private network 720 using a publicly accessible connection manager 734 and an internal node 722 within the private network 720 that is capable of sending outbound requests to the connection manager 734 to establish an encrypted connection between the internal node 722 and the connection manager 734 from 30 inside the private network 720 through a firewall of the private network – Page 33 - processor 826 of internal node 822 (monitoring node) to open the encrypted connection, e.g., SSH tunnel 855, to the connection manager 834-1 through the firewall 825 from within the private network 820. As described herein, in various embodiments, the encrypted connection 855 is 15 established via outbound only requests to the connection manager 834-1 and communications from an access hub, e.g., access hub 802- Fi.g1 – Page 5 - Figure 1 is an embodiment of a network 100 as may exist within a given company. As shown in Figure 1, a number of devices, e.g., PCs, servers, peripherals, etc., can be networked together via a local area network (LAN) (e.g., an Ethernet network), a wide area network (WAN), a wireless local area network (WLAN) the public switched telephone network (PSTN), and/or the Internet 10 using transmission control protocol/Internet protocol (TCP/IP) via routers, hubs, switches and the like (referred to herein as "network devices );


 send, over the connection and through the at least one firewall, to one or more local servers on the local network, a set of instructions to manage a configuration of each mobile device of a set of mobile devices over the wide area network external from the local network without requiring a reconfiguration of the at least one firewall to allow cloud-based network management (Page 19 - the embodiments described herein provide a unified view of a company's network, both from inside and outside the network firewall, without requiring any changes to the CPE (customer premise equipment), firewall rules, etc. The program instruction embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company – page 0035 - For example, the audit log can allow an organization's Page 12 - The internal monitoring device 3 16 thus get their instructions and updates from the one or more data centers 304-1, ... , 304-N on what to monitor Thus, a company using these embodiments will not need to purchase any additional hardware, train any staff, or configure any software and costly upgrades are avoided. According to various embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates
10 if something is needed or has changed - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, PC tablets, cellphones, pagers, and the like);


 receive, from the one or more local servers on the local network over the connection, status and configuration information associated with the set of mobile devices that access the one or more local servers (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data "internal" to the LAN location 301-1 regarding the various network devices, e.g., web server, mail server 312, Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed See Also Page 35 –lines 30-35, page 36, lines 1-5); and


 receive subsequent status and configuration information over the connection, wherein the subsequent status information comprises incremental data indicative of changes to the status and configuration information associated with one or more of the set of mobile devices (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. The internal monitoring device can record this data and update the remote data center on a periodic basis – Page -13 - The internal monitoring device 316 will record all of this data and update the one or more data centers 304-1, .. . , 304-N on a periodic basis via the web requests or other backup interface - Screens showing the status of the network will be instantly available once the internal monitoring device 316 is connected to the network and begins sending data and/or alerts to the one or more data centers 304-1, ... , 304-N - Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed See Also Page 35 –lines 30-35, page 36, lines 1-5 ). 

However, Khan does not explicitly teach 

wherein the connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions.


Vandevelde teaches 

connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions(¶  0056 -0058 -  the SCP 310 and its associated CPV array. The central backend management system 250 may send auto-configuration files over the Internet to two-axis tracking mechanisms installed at the solar site based on the GPS coordinates of that two-axis tracker mechanisms – ¶  0058 - From behind a firewall, the SCP 310 communicates with the central backend management system 250 over the Internet (as illustrated in FIG. 2). The SCP 310 may keep this communication (i.e., the socket connection) open until the protocol specific end tag is received. This creates a persistently open outbound connection coming from the SCP 310 out to the central backend management system 250 to work around the firewall at the SCP 310. From a high level, the SCP command architecture is a HTTPS client/server that exchanges XML messages constrained by a specific schema. The central backend management system 250 sends XML commands through a TLS encrypted channel and expects XML responses from the SCP 310. Both the central backend management system 250 and the SCP 310 follow the HTTPS protocol requiring the appropriate headers – See ¶  0072, ¶  0005, ¶  0029, ¶  0042, ¶  0046). 

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Vandevelde.  The motivation for doing so is to allow a system to create a persistent connection in order to provide secure remote access to the set of components through their respective firewalls (¶  0060 – Vandevelde). 

 Regarding claim 11,
Khan further teaches 

wherein the connection is a secure connection (Page 52- the access hub then executes instructions to send a request ( 4) to the internal node 1222 instructing internal node 1222 to establish a secure connection, e.g., an encrypted 10 connection such as a SSH tunnel, to the connection manager 1234. - The internal node 1222 can direct the execution of instructions to establish an encrypted connection (5), e.g., open a secure tunnel, to the connection manager 1234. One of ordinary skill in the art 20 will appreciate upon reading this disclosure, the manner in which computer executable instructions can be executed in association with an internal node 1222 to establish a secure connection, e.g., a SSH tunnel, to the connection manager 1234 – See Claim 8 , Page 21 ).


Regarding claim 13,

Khan further teaches 
 
wherein the apparatus is part of a cloud-based service (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data "internal" to the LAN location 301-1 regarding the various network devices, e.g., web server, mail server 312, etc. 15 The internal monitoring device can be reporting this information up to the one or more data centers 304-1, ... , 304-N, through one interface or another (as discussed more in Figure 4), reflecting that the network is up and functioning properly. ); 




Regarding claim 15,

Khan teaches a non-transitory computer readable storage media having program instructions to be executed by a first hardware resource to:
 establish a connection to a hardware resource executing a cloud extension agent on a local network, over a wide area network external from the local network and separated by at least one firewall ( Page 28 - allow for publicly available temporary secure remote access to a private network 720 using a publicly accessible connection manager 734 and an internal node 722 within the private network 720 that is capable of sending outbound requests to the connection manager 734 to establish an encrypted connection between the internal node 722 and the connection manager 734 from 30 inside the private network 720 through a firewall of the private network – Page 33 - processor 826 of internal node 822 (monitoring node) to open the encrypted connection, e.g., SSH tunnel 855, to the connection manager 834-1 through the firewall 825 from within the private network Page 5 - Figure 1 is an embodiment of a network 100 as may exist within a given company. As shown in Figure 1, a number of devices, e.g., PCs, servers, peripherals, etc., can be networked together via a local area network (LAN) (e.g., an Ethernet network), a wide area network (WAN), a wireless local area network (WLAN) the public switched telephone network (PSTN), and/or the Internet 10 using transmission control protocol/Internet protocol (TCP/IP) via routers, hubs, switches and the like (referred to herein as "network devices );


 send, over the connection and through the at least one firewall, to one or more local servers on the local network, a set of instructions to manage a configuration of each mobile device of a set of mobile devices over the wide area network external from the local network without requiring a reconfiguration of the at least one firewall to allow cloud-based network management (Page 19 - the embodiments described herein provide a unified view of a company's network, both from inside and outside the network firewall, without requiring any changes to the CPE (customer premise equipment), firewall rules, etc. The program instruction embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company – ¶  0035 - For example, the audit log can allow an organization's network administrator to determine how long a particular remote computing device 808 had access to the organization's private network 820, which commands were sent to a particular host device 828 of the network, e.g., which tasks were and/or were not performed by the remote computing device 808, among other information – Page 26 - the internal node 722 can direct the execution of instructions to establish an encrypted connection (5), e.g., open a secure tunnel, to the connection manager 734. One of ordinary skill in the art will appreciate upon reading this disclosure, the manner in which computer executable instructions can be executed in association with an internal node 722 to establish a secure connection, e.g., a SSH tunnel, to the connection manager 734 from inside the private network 720 through the firewall of private network – Page 12 - The internal monitoring device 3 16 thus get their instructions and updates from the one or more data centers 304-1, ... , 304-N on what to monitor Thus, a company using these embodiments will not need to purchase any additional hardware, train any staff, or configure any software and costly upgrades are avoided. According to various embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1... 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations 


 receive, from the one or more local servers on the local network over the connection, status and configuration information associated with the set of mobile devices that access the one or more local servers (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data "internal" to the LAN location 301-1 regarding the various network devices, e.g., web server, mail server 312, etc. 15 The internal monitoring device can be reporting this information up to the one or more data centers 304-1, ... , 304-N, through one interface or another (as discussed more in Figure 4), reflecting that the network is up and functioning properly. Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1... 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed - See Also Page 35 –lines 30-35, page 36, lines 1-5); and


 receive subsequent status and configuration information over the connection, wherein the subsequent status information comprises incremental data indicative of changes to the status and configuration information associated with one or more of the set of mobile devices (Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. The internal monitoring device can record this data and update the remote data center on a periodic basis – Page -13 - The internal monitoring device 316 will record all of this data and update the one or more data centers 304-1, , 304-N on a periodic basis via the web requests or other backup interface - Screens showing the status Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed -  See Also Page 35 –lines 30-35, page 36, lines 1-5)

However, Khan does not explicitly teach 

wherein the connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions.


Vandevelde teaches 

connection is a persistent connection that remains open for the one or more local servers on the local network to receive, over the connection and through the at least one firewall, a second set of instructions(¶  0056 -0058 - The central backend management system 250 may send configuration information to the SCP 310 and monitor the SCP 310 and its associated CPV array. The central backend management system 250 may send auto-configuration files over the Internet to two-axis tracking mechanisms installed at the solar site based on the GPS coordinates of that two-axis tracker mechanisms – ¶  0058 - From behind a firewall, the SCP 310 communicates with the central backend management system 250 over the Internet (as illustrated in FIG. 2). The SCP 310 may keep this communication (i.e., the socket connection) open until the protocol specific end tag is received. This creates a persistently open outbound connection coming from the SCP 310 out to the central backend management system 250 to work around the firewall at the SCP 310. From a high level, the SCP command architecture is a HTTPS client/server that exchanges XML messages constrained by a specific schema. The central backend management system 250 sends XML commands through a TLS encrypted channel and expects XML responses from the SCP 310. Both the central backend management system 250 and the SCP 310 follow the HTTPS protocol requiring the appropriate headers – See ¶  0072, ¶  0005, Para 0029, ¶  0042, ¶  0046). 

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Vandevelde.  


 Regarding claim 18,

Khan further teaches 

wherein the connection is a secure connection (Page 52- the access hub then executes instructions to send a request ( 4) to the internal node 1222 instructing internal node 1222 to establish a secure connection, e.g., an encrypted 10 connection such as a SSH tunnel, to the connection manager 1234. - The internal node 1222 can direct the execution of instructions to establish an encrypted connection (5), e.g., open a secure tunnel, to the connection manager 1234. One of ordinary skill in the art 20 will appreciate upon reading this disclosure, the manner in which computer executable instructions can be executed in association with an internal node 1222 to establish a secure connection, e.g., a SSH tunnel, to the connection manager 1234 – See Claim 8 , Page 21 ).


Regarding claim 20,

Khan further teaches 
 
wherein the status and configuration information is received by a cloud-based service Page 3 - The internal monitoring device is capable of monitoring the company's internal network/systems, e.g., using SNMP (simple network management protocol) to get statistics such as disk usage, processor usage, memory allocation, etc. - The internal monitoring device can record this data and update the remote data center on a periodic basis. According to embodiments, the device can compress and encrypt the data and send it to the remote data center via the Internet - Page 5 – The 20 example company network of Figure 1 further illustrates a network management station 112, e.g., a PC or workstation, a number of "fat" clients 114-1, ... , 114- N which can also include PCs and work.. stations and/or laptops, and a number of "thin" clients 115-1, ... , 115-M which can include terminals and/or peripherals such as scanners, facsimile devices, handheld multifunction devices, e.g., PDAs, 25 PC tablets, cellphones, pagers, and the like – Page 14 - an internal monitoring device 316 may be receiving network data Page 26 - embodiments 5 program instructions on the system 300 execute to download and receive instructions and updates from the one or more data centers 304-1, ... , 304-N only when instructions and/or updates are needed. That is, the program instructions can execute to verify if a most recent version is available on a given internal monitoring device and only transmit information and/or perform updates 10 if something is needed or has changed - See Also Page 35 –lines 30-35, page 36, lines 1-5).


Claims 2,3,7,9,10,14,16,17,21 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Khan in view of Vandevelde  further in view of Singleton et al. Publication No. US 2008/0005780 (Singleton hereinafter) 
Regarding claim 2,

Khan teaches the instructions (pages 19, 12, 35). However, Khan does not explicitly teach  
initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions

Singleton teaches 

initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions (Abstract - master policy server manages security polices for client computers through a network of local policy servers. Each local policy server is responsible for the security policies on a group of clients and maintains a data store containing the security policies and security information pertaining to the clients – ¶ 0018 - the master policy server 101 maintains global level security policy configurations and the local policy servers 103, 105, 107 derive their local level configuration and set-up policies for their clients from the global level configurations).
It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  

 Regarding claim 3,

Khan further teaches 
wherein the status and configuration data associated with the configuration of each mobile device of the set of mobile devices (Pages 3, 5, 12,26).

 However, Khan does not explicitly teach that the status and configuration data comprises one or more policies associated with the configuration of each device of the set of the devices. 
Singleton teaches 

wherein the status and configuration data comprise one or more policies associated with the configuration of each  device of the set of devices(0017 - the master policy server 101 and the local policy servers 103, 105, 107 synchronize security policies and statistics at times when less data traffic is generally experienced on the network 129 – ¶  0005 - the master policy server and the local policy server synchronize, at which time the master policy server replicates updated policies to the local policy servers and the local policy servers upload client security statistics to the master policy server for consolidation into a global status – ¶  0016 The local policy servers also periodically, or upon request, send client security statistics derived from the security information on local data stores 109, 111, 113 to the master policy server 101, which acts as a consolidation point for status information regarding the overall security of the system- ¶  0015 - Each local policy server has a local data store 109, 111, 113 that contains the security policies and security  information collected from the client computers it manages. Each type of hardware and software platform acting as a client computer may be associated with exemplary security policy or may share exemplary security policies with other platforms. The security policy may contain configuration parameters for anti-virus programs, firewalls, and other security software that protect a client computer from compromise by a third-party). 


Regarding claim 7,

Khan teaches 

presenting the status information to an administrator using a web-based interface (Fig.6; Page 13 - Screens showing the status of the network will be instantly available once 30 the internal monitoring device 316 is connect to the network and begins sending data and/or alerts to the one or more data centers 304-1 – Page 19 - The program instruction 15 embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company. Information is displayed on a screen, such as illustrated in Figure 6),


However, Khan does not explicitly teach 

presenting the configuration information to an administrator using a web-based interface

Singleton teaches 
presenting the configuration information to an administrator using a web-based interface (¶ 0018). 


It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  The motivation for doing so is to allow a system to set-up policies for their clients from global level configurations (Singleton - ¶ 0018). 
Regarding claim 9,

Khan teaches the instructions (pages 19, 12, 35). However, Khan does not explicitly teach  
initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions

Singleton teaches 

initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions (Abstract - master policy server manages security polices for client computers through a network of local policy servers. Each local policy server is responsible for the security policies on a group of clients and maintains a data store containing the security policies and security information pertaining to the clients – ¶ 0018 - the master policy server 101 maintains global level security policy configurations and the local policy servers 103, 105, 107 derive their local level configuration and set-up policies for their clients from the global level configurations).
It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  The motivation for doing so is to allow a system to set-up policies for their clients from global level configurations (Singleton - ¶ 0018). 
 Regarding claim 10,

Khan teaches wherein the status and configuration data associated with the configuration of each mobile device of the set of mobile devices (Page 3, 5, 12). However, Khan does not explicitly teach that the status and configuration data comprises one or more policies associated with the configuration of each device of the set of the devices. 
Singleton teaches 

status and configuration data comprise one or more policies associated with the configuration of each  device of the set of devices(0017 - the master policy server 101 and the local policy servers 103, 105, 107 synchronize security policies and statistics at times when less data traffic is generally experienced on the network 129 – ¶  0005 - the master policy server and the local policy server synchronize, at which time the master policy server replicates updated policies to the local policy servers and the local policy servers upload client security statistics to the master policy server for consolidation into a global status – ¶  0016 The local policy servers also periodically, or upon request, send client security statistics derived from the security information on local data stores 109, 111, 113 to the master policy server 101, which acts as a consolidation point for status information regarding the overall security of the system- ¶  0015 - Each local policy server has a local data store 109, 111, 113 that contains the security policies and security  information collected from the client computers it manages. Each type of hardware and software platform acting as a client computer may be associated with exemplary security policy or may share exemplary security policies with other platforms. The security policy may contain configuration parameters for anti-virus programs, firewalls, and other security software that protect a client computer from compromise by a third-party). 

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  The motivation for doing so is to allow a system to set-up policies for their clients from global level configurations (Singleton - ¶ 0018). 
Regarding claim 14,

Khan teaches 

presenting the status information to an administrator using a web-based interface (Fig.6; Page 13 - Screens showing the status of the network will be instantly available once 30 the internal monitoring device 316 is connect to the network and begins sending data and/or alerts to the one or more data centers 304-1 – Page 19 - The program instruction 15 embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company. Information is displayed on a screen, such as illustrated in Figure 6),




presenting the configuration information to an administrator using a web-based interface

Singleton teaches 
presenting the configuration information to an administrator using a web-based interface (¶ 0018). 

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  The motivation for doing so is to allow a system to set-up policies for their clients from global level configurations (Singleton - ¶ 0018). 

Regarding claim 16,

Khan teaches the instructions (pages 19, 12, 35). However, Khan does not explicitly teach  
initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions

Singleton teaches 

initiating a change in a policy configuration of at least one of the one or more local servers in response to the set of instructions (Abstract - master policy server manages security polices for client computers through a network of local policy servers. Each local policy server is responsible for the security policies on a group of clients and maintains a data store containing the security policies and security information pertaining to the clients – ¶ 0018 - the master policy server 101 maintains global level security policy configurations and the local policy servers 103, 105, 107 derive their local level configuration and set-up policies for their clients from the global level configurations).

 Regarding claim 17,

Khan teaches wherein the status and configuration data associated with the configuration of each mobile device of the set of mobile devices (Pages 3, 5, 12). However, Khan does not explicitly teach that the status and configuration data comprises one or more policies associated with the configuration of each device of the set of the devices. 
Singleton teaches 

wherein the status and configuration data comprise one or more policies associated with the configuration of each  device of the set of devices(0017 - the master policy server 101 and the local policy servers 103, 105, 107 synchronize security policies and statistics at times when less data traffic is generally experienced on the network 129 – ¶  0005 - the master policy server and the local policy server synchronize, at which time the master policy server replicates updated policies to the local policy servers and the local policy servers upload client security statistics to the master policy server for consolidation into a global status – ¶  0016 The local policy servers also periodically, or upon request, send client security statistics derived from the security information on local data stores 109, 111, 113 to the master policy server 101, which acts as a consolidation point for status information regarding the overall security of the system- ¶  0015 - Each local policy server has a local data store 109, 111, 113 that contains the security policies and security  information collected from the client computers it manages. Each type of hardware and software platform acting as a client computer may be associated with exemplary security policy or may share exemplary security policies with other platforms. The security policy may contain configuration parameters for anti-virus programs, firewalls, and other security software that protect a client computer from compromise by a third-party). 



Regarding claim 21,

Khan teaches 

presenting the status information to an administrator using a web-based interface (Fig.6; Page 13 - Screens showing the status of the network will be instantly available once 30 the internal monitoring device 316 is connect to the network and begins sending data and/or alerts to the one or more data centers 304-1 – Page 19 - The program instruction 15 embodiments execute to monitor in real time the status of each system and network component indicated by a customer/client company. Information is displayed on a screen, such as illustrated in Figure 6),


However, Khan does not explicitly teach 

presenting the configuration information to an administrator using a web-based interface

Singleton teaches 
presenting the configuration information to an administrator using a web-based interface (¶ 0018). 
It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Singleton.  The motivation for doing so is to allow a system to set-up policies for their clients from global level configurations (Singleton - ¶ 0018). 

	
Claims 5,12,19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Khan in view of Vandevelde further in view of Dixon et al. Publication No. US 2012/0011233 A1 (Dixon hereinafter) 

Regarding claim 5,
Khan further teaches wherein the set of instructions are transmitted to the cloud extension agent using [...] a protocol over the secure network connection (Pages 12, 19, 35). However, Khan does not explicitly teach that the protocol is XMPP protocol. 
Dixon teaches 
XMPP protocol (¶ 0021 – XMPP protocol).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Dixon.  The motivation for doing so is to allow a system to utilize the XMPP protocol for secure and fast communication between user devices and servers. 
Regarding claim 12,

Khan further teaches wherein the set of instructions are transmitted to the cloud extension agent using [...] a protocol over the secure network connection (Pages 12, 19, 35). However, Khan does not explicitly teach that the protocol is XMPP protocol. 
Dixon teaches 
XMPP protocol (¶ 0021 – XMPP protocol).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Dixon.  The motivation for doing so is to allow a system to utilize the XMPP protocol for secure and fast communication between user devices and servers. 
Regarding claim 19,
Khan further teaches wherein the set of instructions are transmitted to the cloud extension agent using [...] a protocol over the secure network connection (Pages 12, 19, 35). However, Khan does not explicitly teach that the protocol is XMPP protocol. 
Dixon teaches 
XMPP protocol (¶ 0021 – XMPP protocol).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Khan to include the teachings of Dixon.  The motivation for doing so is to allow a system to utilize the XMPP protocol for secure and fast communication between user devices and servers. 




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659.  The examiner can normally be reached on Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/Primary Examiner, Art Unit 2445