DETAILED ACTION
This office action is in response to the correspondence filed on 06/21/2020. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: the edge client and the server client are configured to communicate where an edge client is running on one or more customer devices and a server client is running on one or more network devices in claims 13-19.
Because this/these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 13-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim limitations: the edge client and the server client are configured to communicate in claims where an edge client is running on one or more customer devices and a server client is running on one or more network devices 13-19 invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
The specification is devoid of adequate structure to perform the claimed function. The specification [0024] states that “the edge client 202 can comprise a program running on the edge device 103c and configured to enable direct connections with a server of the management service 102. The edge client 202 can be embodied as a set of non-transitory machine-readable instructions executable by a processor or other processing circuitry of the edge device 103c.” Although it describes the edge devices can be some hardware circuitry, the term used in claim 13 is for “the customer devices” not “edge devices”. 
The specification [0028] states that the network device can be physical or virtual (hardware of software). It also does not describe a server client running on them.
There is no disclosure of any particular structure, either explicitly or inherently, to perform the communicating function. The use of the terms customer devices and network devices are not adequate structure for performing the communicating function because they do not describe a particular structure for performing the functions. As would be recognized by those of ordinary skill in the art, the term communicating refer sending packages between components and can be performed in any number of ways in hardware, software or a combination of the two. The specification does not provide sufficient details such that one of ordinary skill in the art would understand which structure or structures perform(s) the claimed functions. 
Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.


The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 19 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The term “server shim” was not found in the specification and the search for the concept of “a server client configured to address one or more data packets from the server client to identify an intended edge client recipient” was also not found. According to the specification [0038], the proxy component can identify the intended edge device, but the examiner was not able to find the relevant paragraph describing the server client (instead of the proxy component) performing the identifying. In addition, the ordinary definition of a “shim’ is a library that transparently intercepts API calls and changes the arguments passed, handles the operation itself or redirects the operation elsewhere. The examiner was not able to find any description in the specification about a library that intercepts, API calls or intercepting a request or the like.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-11, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Fallows et al. (US Patent No. 9,100,369 B1, referred to as Fallows), in view of Slovetskiy (US Pub No. 2021/0392079 A1, referred to as Slovetskiy).
Regarding claim 1, Fallows discloses,
1. A method comprising:
receiving, by a proxy component, a server connection request from an edge client to connect to a requested server client configured to provide a service, the server connection request sent to the proxy component through a firewall; (Fallows: Fig. 1A; Coln. 2, ls. 34-56; a reverse proxy service receives requests from a requester (edge client) located external to the private network with internal servers (requested server client). A perimeter gateway (proxy component) server behind a perimeter network firewall services network communications with respect to an external network and/or a perimeter network (the request is sent to a gateway/proxy through a firewall). Coln. 3, ls. 30-34; requestor 102 and/or requestor 110 desires to access data and/or services that require access to internal server 118. Coln. 5, ls. 5-7; perimeter gateway 112 hosts a reverse proxy server as a service accessible (e.g., exclusively) by a requestor.)
identifying, by the proxy component, the requested server client based on the server connection request; (Fallows: Coln. 3, ls. 13-27; a reverse SOCKS proxy is conventionally provided with local configuration data that identifies the services and corresponding server systems capable of handling the requested communications (the proxy identifies the requested server client based on request).)
establishing, by the proxy component, a proxy connection with the requested server client; (Fallows: Coln. 3, ls. 13-27; the reverse SOCKS proxy may select and establish a connection to a corresponding service. Generally, a service is an application executed on a server to provide a defined function, such as a database service or an e-mail delivery service.)
Fallows does not explicitly disclose, however Slovetskiy teaches,
receiving, by the proxy component, one or more data packets from the requested server client; and (Slovetskiy: [0025]; for packet traffic from the servers to the client, a server (requested server client) uses a "server-side" address of the middle box to send packets to the middlebox 104 (proxy component).)
routing, by the proxy component, the one or more data packets to the edge client, wherein communication between the edge client and the server client is performed using a server management protocol. (Slovetskiy: [0025]; for packet traffic from the servers to the client, a server uses a "server-side" address of the middle box to send packets to the middlebox 104 (and thereby to the client), and the middlebox in turn performs reverse NAT to replace the server-side address of the middlebox with the client-side address of the client (server management protocol).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Slovetskiy of into the teachings of Fallows with a motivation to ensure load balancing and device addressability and maintain source IP by using the middlebox system (Slovetskiy: [0016]).



Regarding claim 3, the combination of Fallows and Slovetskiy discloses, 
3. The method of claim 1, 
Fallows further discloses,
the proxy component co-located with the server client. (Fallows: Fig. 1A; Coln. 2, ls. 47-51; the internal gateway server operates autonomously to initiate and maintain a network communications link with the private internal server and the perimeter gateway server to enable reverse proxy access to the data/service of internal server(s) (the reverse proxy server in the perimeter gateway links to the internal servers).)


Regarding claim 4, the combination of Fallows and Slovetskiy discloses, 
4. The method of claim 3, 
Fallows further discloses,
wherein the proxy component and the server client are disposed in a data center. (Fallows: Coln. 4, ls. 53-57; an enterprise network includes a perimeter gateway server and internal servers (a data center is ordinarily defined as a dedicated space within a building used to house computer systems and associated components which an enterprise network would normally be located).)


Regarding claim 5, the combination of Fallows and Slovetskiy discloses, 
5. The method of claim 1, 
Fallows further discloses,
further comprising sending, by the proxy component, the server connection request to the server client over the proxy connection. (Fallows: Coln. 4, ls. 33-36; perimeter gateway 112 is connected to perimeter network 108 and enables a requester to initiate a communication with internal server 118 without directly initiating a connection to private network firewall 114 (the perimeter gateway/proxy allows the requester to communicate with the internal server through the request).)


Regarding claim 6, the combination of Fallows and Slovetskiy discloses, 
6. The method of claim 1, 
Fallows further discloses,
further comprising establishing a secure communication connection between the edge client and the proxy component. (Fallows: Fig. 1A; Coln. 2, ls. 34-55; enabling secure communications between public and private networks. The internal gateway server may also autonomously direct operation of the reverse proxy service to enable listening for and binding to connection requests received by the perimeter gateway server from a requester located external to the private network.)


Regarding claim 7, the combination of Fallows and Slovetskiy discloses, 
7. The method of claim 6, 
Fallows further discloses,
wherein the firewall is configured to enable the secure communication  connection between the proxy component and the edge client. (Fallows: Fig. 1A; Coln. 2, ls. 34-55; enabling secure communications between public and private networks. In some embodiments, a
perimeter gateway server behind a perimeter network firewall services network communications with respect to an external network and/or a perimeter network (a firewall is used between external and internal networks). This perimeter gateway server may host a reverse proxy service. The internal gateway server may also autonomously direct operation of the reverse proxy service to enable listening for and binding to connection requests received by the perimeter gateway server from a requester located external to the private network.)


Regarding claim 8, the combination of Fallows and Slovetskiy discloses, 
8. The method of claim 1, 
Fallows further discloses,
further comprising receiving, by the proxy component, a data request from the edge client identifying the one or more data packets. (Fallows: Coln. 3, ls. 30-34; requestor 102 and/or requestor 110 (edge client) desires to access data (data packets) and/or services that require access to internal server 118. Coln. 2, ls. 34-56; a reverse proxy service receives requests from a requester (edge client) located external to the private network with internal servers (the request is sent to a gateway/proxy).)


Regarding claim 9, the combination of Fallows and Slovetskiy discloses, 
9. The method of claim 1, 
Fallows does not explicitly disclose, however Slovetskiy teaches,
further comprising:
receiving, by the proxy component, one or more transmitted data packets from the edge client, the one or more transmitted data packets addressed to the server client; and (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server.)
routing, by the proxy component, the one or more transmitted data packets from the edge client to the server client over a secure communication connection. (Slovetskiy: [0051]; the middlebox 104 implements security policies (secure communication), where traffic is only accepted from a pre-configured pool of originating or source IP addresses, and outgoing packets are received on the pre-configured NAT IP address destination pool.)
The same motivation that was utilized for combining Fallows and Slovetskiy as set forth in claim 1 is equally applicable to claim 9.


Regarding claim 10, the combination of Fallows and Slovetskiy discloses, 
10. The method of claim 9, 
Fallows does not explicitly disclose, however Slovetskiy teaches,
wherein routing the one or more transmitted data packets comprises routing the one or more transmitted data packets received at an edge-facing port of the proxy component to a server-facing port of the proxy component. (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox (edge-facing port) to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server (for server-facing port). [0030] the binding 110 allows traffic flow between a source tuple clx_IP:port (client-side IP of ClientX) with a destination tuple srv2_IP:port (server-side IP of Server2).)
The same motivation that was utilized for combining Fallows and Slovetskiy as set forth in claim 1 is equally applicable to claim 10.


Regarding claim 11, the combination of Fallows and Slovetskiy discloses, 
11. The method of claim 1, 
Fallows further discloses,
wherein the server client is configured to communicate with a plurality of edge clients over a same proxy connection through a server-facing port of the proxy component. (Fallows: Fig. 1A; Coln. 2, l. 64 – Coln. 3, l. 2; security may be preserved while allowing an existing perimeter network to remain substantially unchanged. In some embodiments, no additional network port is required to be opened in the private network firewall. For example, a known network port is used in combination with protocol conversion to establish a connection from the internal gateway server to the perimeter gateway server through the private network firewall. Coln. 6, ls. 51-53; multiple requestors may make simultaneous multiple requests for services/content of multiple internal servers via
perimeter gateway 112 and internal gateway 120 (gateway/proxy can communicate to multiple requestor/edge clients using the same port).)


Regarding claim 20, Fallows discloses,
20. A non-transitory machine-readable storage medium storing instructions that, when executed by a processor, cause the processor to: (Fallows: Coln. 2, ls. 15-33)
receive a server connection request from an edge client to connect to a requested server client configured to provide a service, the server connection request sent to the proxy component through a firewall; (Fallows: Fig. 1A; Coln. 2, ls. 34-56; a reverse proxy service receives requests from a requester (edge client) located external to the private network with internal servers (requested server client). A perimeter gateway server behind a perimeter network firewall services network communications with respect to an external network and/or a perimeter network (the request is sent to a gateway/proxy through a firewall). Coln. 3, ls. 30-34; requestor 102 and/or requestor 110 desires to access data and/or services that require access to internal server 118. Coln. 5, ls. 5-7; perimeter gateway 112 hosts a reverse proxy server as a service accessible (e.g., exclusively) by a requestor.)
establish a secure communication connection between the edge client and the proxy component; (Fallows: Coln. 3, ls. 5-9; a reverse proxy includes a reverse SOCKS proxy. In the typical, forward configuration, a SOCKS proxy is implemented on a firewall system (secure communication) to allow a client to establish outgoing connections through the firewall to an Internet server computer system.)
identify the requested server client based on the server connection request; (Fallows: Coln. 3, ls. 13-27; a reverse SOCKS proxy is conventionally provided with local configuration data that identifies the services and corresponding server systems capable of handling the requested communications (the proxy identifies the requested server client based on request).)
establish a proxy connection with the requested server client; (Fallows: Coln. 3, ls. 13-27; the reverse SOCKS proxy may select and establish a connection to a corresponding service. Generally, a service is an application executed on a server to provide a defined function, such as a database service or an e-mail delivery service.)
Fallows does not explicitly disclose, however Slovetskiy teaches,
receive one or more data packets from the requested server client; (Slovetskiy: [0025]; for packet traffic from the servers to the client, a server (requested server client) uses a "server-side" address of the middle box to send packets to the middlebox 104 (proxy component).)
route the one or more data packets from the server client to the edge client; (Slovetskiy: [0025]; for packet traffic from the servers to the client, a server uses a "server-side" address of the middle box to send packets to the middlebox 104 (and thereby to the client), and the middlebox in turn performs reverse NAT to replace the server-side address of the middlebox with the client-side address of the client.)
receive one or more transmitted data packets from the edge client, the one or more transmitted data packets addressed to the server client; and (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server.)
route the one or more transmitted data packets from the edge client to the server client over a secure communication connection, (Slovetskiy: [0051]; the middlebox 104 implements security policies (secure communication), where traffic is only accepted from a pre-configured pool of originating or source IP addresses, and outgoing packets are received on the pre-configured NAT IP address destination pool.) wherein communication between the edge client and the server client is performed using a server management protocol. (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server (server management protocol).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Slovetskiy of into the teachings of Fallows with a motivation to ensure load balancing and device addressability and maintain source IP by using the middlebox system (Slovetskiy: [0016]).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Fallows, in view of Slovetskiy, further in view of Mirza et al. (US Pub No. 2004/0044909 A1, referred to as Mirza).
Regarding claim 2, the combination of Fallows and Slovetskiy discloses, 
2. The method of claim 1, 
The combination of Fallows and Slovetskiy does not explicitly disclose, however Mirza teaches,
wherein the firewall comprises a network address translation (NAT) firewall configured to enable outgoing connections and disable incoming connections. (Mirza: Fig. 3; [0027]; firewall 30 allows outgoing connections to be established by client 10 while prohibiting incoming connections originating from external computers. In conjunction with firewall 30, proxy 35 preferably facilitates delegation of the requests between a server object residing on an external remote server 20 and a callback object 15. Proxy 35, in turn, utilizes callback registry 40, which preferably stores callback registration and proxification information (the firewall and proxy combination provides address translation service).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Mirza into the combination of Fallows and Slovetskiy with a motivation to securely supporting a connection between a first object residing behind a firewall and a second object residing on an remote server by restricting incoming connections. The method facilitates callback interactions between a client object and a server. More particularly, the server object makes a callback on the client object that is protected by a firewall using a callback reference that does not compromise the firewall. (Mirza: [0026]).


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Fallows, in view of Slovetskiy, further in view of Wiese (US Patent No. 8,230,484 B1, referred to as Wiese).
Regarding claim 12, the combination of Fallows and Slovetskiy discloses, 
12. The method of claim 1,
The combination of Fallows and Slovetskiy does not explicitly disclose, however Wiese teaches,
wherein the edge client comprises an out-of-band management system. (Wiese: Coln. 8, ls. 1-5; when an agent is installed on a client computer, an out-of-band communication (such as Out-of-Band Agent Communication 231 of FIG. 2) with the resource firewall proxy server authenticates the client computer and/or a user.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Wiese into the combination of Fallows and Slovetskiy with a motivation to control user resource access privileges via agent authentication by using an out-of-band communication from an agent (Wiese abstract).


Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Bakshi et al. (US Patent No. 6,345,300 B1, referred to as Bakshi), in view of Slovetskiy.
Regarding claim 13, Fallows discloses,
13. A system comprising:
an edge client running on one or more customer devices of an edge network, the edge network connecting to a public network through a firewall; (Bakshi: Fig. 1; Coln. 2; ls. 45-47; a plurality of client devices 12 (edge client customer devices in an internal/edge network) are configured to communicate with external network (public network) resources, such as content servers 4, through a firewall proxy 2. (client devices are behind the firewall which connects to the public network).)
a server client running on one or more network devices at a service hub and connected to the public network; and (Bakshi: Fig. 1; Coln. 2; ls. 45-47; content server 4 (content/server application/client runs on a server/network device can form a service hub) in an external network (public network).)
a proxy component operatively coupled to the server client, and (Bakshi: Fig. 1; Coln. 2, ls. 48-49; network proxy 10 (proxy component) is configured to intercept requests from firewall proxy 2 to content servers 4 (server client).)
Bakshi does not explicitly disclose, however Slovetskiy teaches,
wherein the edge client and the server client are configured to communicate through the proxy component using a server management protocol configured on both an edge device running the edge client and a server device running the server client. (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server (server management protocol on clients). [0025] for packet traffic from the servers to the client, a server uses a "server-side" address of the middle box (proxy component) to send packets (communicate) to the middlebox 104 (and thereby to the client), and the middlebox in turn performs reverse NAT to replace the server-side address of the middlebox with the client-side address of the client (server management protocol on server). [0020]; the multiple clients 106 include devices that are labeled as "ClientA", "ClientB", ... "ClientX". The clients 106 may include one or more user devices (edge device using the middlebox addressing/server management protocol). [0021]; the multiple servers 108 include devices that are labeled as "Server1", "Server2", "Server3", and "Server4" (server device using the middlebox addressing/server management protocol).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Slovetskiy of into the teachings of Bakshi with a motivation to ensure load balancing and device addressability and maintain source IP by using the middlebox system (Slovetskiy: [0016]).


Regarding claim 14, the combination of Bakshi and Slovetskiy discloses, 
14. The system of claim 13, 
Bakshi further discloses,
wherein the proxy component comprises an intermediate network device communicatively coupled to the one or more customer devices and the one or more network devices over the public network. (Bakshi: Fig. 1; Coln. 2, ls. 36-49; a network device (intermediate network device), such as a network proxy (proxy component) communicates with client devices 12 (customer devices) and content servers 4 (network devices) in an external network (public network).)


Regarding claim 15, the combination of Bakshi and Slovetskiy discloses, 
15. The system of claim 14, 
Bakshi does not explicitly disclose, however Slovetskiy teaches,
the proxy component communicatively coupled to the server client through a server-facing port of the proxy component over the public network, and the proxy component communicatively coupled to the edge client through an edge-facing port of the proxy component over the public network. (Slovetskiy: [0024]; for packet traffic from the client to the servers, the clients use a "client-side" address of the middlebox (edge-facing port) to send packets to the middlebox 104 (and thereby to the servers), and the middlebox in turn performs NAT to replace the client-side address of the middlebox with the "server-side" address of a server (for server-facing port). [0030] the binding 110 allows traffic flow between a source tuple clx_IP:port (client-side IP of ClientX) with a destination tuple srv2_IP:port (server-side IP of Server2).)
The same motivation that was utilized for combining Bakshi and Slovetskiy as set forth in claim 13 is equally applicable to claim 15.


Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Bakshi, in view of Slovetskiy, further in view of Mirza.
Regarding claim 17, the combination of Bakshi and Slovetskiy discloses, 
17. The system of claim 13,
The combination of Bakshi and Slovetskiy does not explicitly disclose, however Mirza teaches,
wherein the firewall comprises a network address translation (NAT) firewall configured to enable outgoing connections from the customer device and disable incoming connections to the customer device. (Mirza: Fig. 3; [0027]; firewall 30 allows outgoing connections to be established by client 10 while prohibiting incoming connections originating from external computers. In conjunction with firewall 30, proxy 35 preferably facilitates delegation of the requests between a server object residing on an external remote server 20 and a callback object 15. Proxy 35, in turn, utilizes callback registry 40, which preferably stores callback registration and proxification information (the firewall and proxy combination provides address translation service).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Mirza into the combination of Bakshi and Slovetskiy with a motivation to securely supporting a connection between a first object residing behind a firewall and a second object residing on an remote server by restricting incoming connections. The method facilitates callback interactions between a client object and a server. More particularly, the server object makes a callback on the client object that is protected by a firewall using a callback reference that does not compromise the firewall. (Mirza: [0026]).


Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Bakshi, in view of Slovetskiy, further in view of Owens et al. (US Pub No. 2021/0036991 A1, referred to as Owens).
Regarding claim 18, the combination of Bakshi and Slovetskiy discloses, 
18. The system of claim 13, 
The combination of Bakshi and Slovetskiy does not explicitly disclose, however Owens teaches,
wherein the edge client is configured to run on a baseboard management controller (BMC) on the one or more customer devices. (Owens: [0017]; BMC in a consumer-level device.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Owens into the combination of Bakshi and Slovetskiy with a motivation to provide out of band monitoring, maintenance, and control of the elements of the information handling system by using a BMC (Owens abstract).


Allowable Subject Matter
Claims 16 and 19 contains allowable subject matter but remain rejected under 112 rejections. It is also objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and the stated rejection(s) are resolved.
The following is an examiner’s statement of reasons for allowance:
Although prior arts Fallows, Slovetskiy, Mirza, Wiese, Bakshi, and Owens above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses the proxy component comprises a virtual component running on a same network device as the server client, the proxy component communicatively coupled to the server client through a virtual server-facing port and the proxy component communicatively coupled to the edge client through a physical edge-facing port of the network device over the public network; or the server client further comprises a server shim configured to address one or more data packets from the server client to identify an intended edge client recipient through a proxy connection between the server client and the proxy component as described in the claims.
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Lee, Sang-Woo	US-PGPUB	US 20010056550 A1	Protective device for internal resource protection in network
Das; Sudeep et al.	US-PGPUB	US 20130283377 A1	Detection and prevention of installation of malicious mobile applications (shim)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435