DETAILED ACTION
This communication is responsive to the application # 16/412,340 filed on May 14, 2019. Claims 1-10 are pending and are directed toward SYSTEM AND METHOD FOR MIDSERVER FACILITATION OF LONG-HAUL TRANSPORT OF TELEMETRY FOR CLOUD-BASED SERVICES.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
  Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement.  See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994)
The disclosure of the prior-filed applications No. 14/095919 and/or 12/963411, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application.  Specifically, independent claims recite terms “midserver”, “Ansible server”, and “Kerberos” as limitations, however no such terms were disclosed in parent applications. Therefore Claims 1-10 do not receive benefit of an earlier filing date.
Claim Objections
Claims 5 and 6 are objected to because of the following informalities:  claimed “system of claim 4” should be the “method of claim 4”.
Claim 10 is objected because of missing space in “steps of:receiving”.
   Appropriate correction is required.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


 Claim 40 is rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Bonomi et al. (US 2018/0115519, Pub. Date: Apr. 26, 2018,  priority Oct. 21, 2016.), hereinafter referred to as Bonomi.
As per claim 1, Bonomi teaches a system for ingestion of data into a cloud-based service from an external network (The system architecture 100 supports security technology methods and algorithms that enable co-location of the IT /OT devices and other infrastructure components on the fognode 124 that enable operation of the IT and OT software components without interfering with other software components. It also enables a secure middleware infrastructure and communication bus for secure data exchange, as well as prevents inadvertent interference and Denial of Service (DOS) effects on the system components due to failures and defects in one set of software components that are co-located. In some embodiments the system architecture 100 prevents malicious Denial of Service (DOS) effects in the system architecture 100 components if vulnerabilities are present in a set of software components that are co-located with one another. Bonomi, [0056] ), comprising:
a midserver configured to function as an interface between an external network and a cloud-based service comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor (the present disclosure is directed to a system, comprising: (a) a forwarder that provides one-way data publishing connectivity to a cloud; and (b) a data bus that provides domain-to-domain secure messaging between a plurality of domains, Bonomi, [0004]):
receive data from a plurality of computing devices on the external network (The system architecture 100 enables different monitoring and auditing components that support various logging and alarm collection and forwarding to cloud controller (NSM 128). Bonomi, [0057]);
run one or more containerized services to process the received data (The system architecture 100 enables container/isolation technology at the foglet 122 that enables rapid integration of IT/OT device management software without compromising security. This feature is advantageous as the IT/OT device types are large across varied vendors, each type requiring different software components across different
operating systems. Bonomi, [0054]); and
securely transmit the processed data to a cloud-based service (The system architecture 100 also implements mechanisms for secure application hosting. Rich application deployment at the edge of a network/domain is an important premise in fog computing. Application hosting is primarily implemented for performing real time computation on critical data at locations closer to its source, protect the data from theft and associated loss of intellectual property, reduce the data movement to cloud, and provide for rapid deployment of richer applications from the cloud and in edge analytics applications that refine analytics models in the cloud and on the foglet 122. Application hosting performed from the cloud 106 supports various security constructs. Bonomi, [0058]).
As per claim 2, Bonomi teaches the system of claim 1, wherein the containerized services include one or more of the following types of containerized services: traffic processors, sensors, management services, and utilities (The system architecture 100 also provides for robust application isolation security. In some embodiments, the fognode 124 and its foglet 122 implement mechanisms for isolating applications from each other for variety of reason like OT network security, application protection, multi-tenancy, and data protection-just to name a few. Strict isolation of OT applications and services, such as applications executed within the OT virtual machines 110A-B, is also advantageous to prevent inadvertent interference, Denial of Service (DOS), and malicious DOS from a compromised application. Bonomi, [0055]).
As per claim 3, Bonomi teaches the system of claim 1, wherein the midserver is installed at the same location from which some part of the external network is operated (Typically, the IT infrastructure is co-located in an operations center along with the OT infrastructure (for example in the same manufacturing facility location). Bonomi, [0011]).
Method claims 4-6 are drawn to the method of using the corresponding apparatus claimed in claims 1-3. Therefore method claims 4-6 correspond to apparatus claims 1-3 and are rejected for the same reasons of anticipation as used above.
Claims 8 and 9 has limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above. For “establishing a virtual machine within the virtual network” see “Initiating virtual machines for a plurality of domains” (Bonomi, FIG. 3).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Bonomi et al. (US 2018/0115519, Pub. Date: Apr. 26, 2018,  priority Oct. 21, 2016.), in view of Himes (Using Ansible to generate complex configs, May 31, 2018, 5 pages), in view of MatthiasLohr (Provide a method Peer.close(), Mar 27, 2013, 5 pages), hereinafter referred to as Bonomi, Himes, and MatthiasLohr.
As per claim 7, Bonomi teaches a method for deployment of a midserver for ingestion of data into a cloud-based service from an external network (The system architecture 100 supports security technology methods and algorithms that enable co-location of the IT /OT devices and other infrastructure components on the fognode 124 that enable operation of the IT and OT software components without interfering with other software components. It also enables a secure middleware infrastructure and communication bus for secure data exchange, as well as prevents inadvertent interference and Denial of Service (DOS) effects on the system components due to failures and defects in one set of software components that are co-located. In some embodiments the system architecture 100 prevents malicious Denial of Service (DOS) effects in the system architecture 100 components if vulnerabilities are present in a set of software components that are co-located with one another. Bonomi, [0056] ), comprising the steps of:
installing a midserver on an external network (FIG. 4 is a diagrammatic representation of an example machine in the form of a computer system 1, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In various example embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. Bonomi, [0085]);
establishing a secure peer-to-peer connection from the midserver (In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. Bonomi, [0085]) to an A forwarder 108 present in the forwarder VM 142 represents a set of docker containers that is used for forwarding messages received from the data bus 109 to appropriate cloud layer in a secure manner. Bonomi, [0076]);
Although Bonomi teaches a peer-to-peer network environment, as cited above, he does not teach Ansible server, Himes however teaches an Ansible server (Using Ansible to generate complex configs. Himes, page 1).
Bonomi in view of Himes are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Bonomi in view of Himes. This would have been desirable for a good way to generate router/switch configs easily and quickly. Most of the tools I have seen are either not flexible enough or homebrew and difficult to maintain. Ansible gives something I can use to build configs for secure areas, non-secure areas, different geographical locations, different purposes, etc without storing the same data (ACLs, IOSs etc) in many different locations. (Himes, page 1).

initiating an Ansible playbook, which downloads a configuration template (We are going to start by calling the playbook with “ansible playbook templates.yaml“. Himes, page 1), retrieves security information for the external network at which the midserver is installed (to build configs for secure areas, non-secure areas, Himes, page 1), and configures the midserver to establish a primary backhaul virtual private network between the midserver and the cloud-based service (if you wanted to you could easily have it build smaller config sections: Build a new VRF section for each of your backhaul routers. VXLAN for your data-center routers, etc. Himes, page 1); 
Bonomi in view of Himes does not teach closing the peer-to-peer connection, MatthiasLohr however teaches closing the peer-to-peer connection (it would be nice if the connection to the key servercan be closed after a p2p connection has been established. MatthiasLohr, page 1).
Bonomi in view of Himes in view of MatthiasLohr are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Bonomi in view of Himes in view of MatthiasLohr. This would have been useful if there is Peer.close() method (MatthiasLohr, page 1).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Microsoft (What's New in Kerberos Authentication, 08/31/2016, 22 pages), in view of Bonomi et al. (US 2018/0115519, Pub. Date: Apr. 26, 2018,  priority Oct. 21, 2016.), hereinafter referred to as Bonomi, Himes, and MatthiasLohr.
As per claim 10, Bonomi teaches a method for preventing Kerberos-based cyberattacks (any front-end service that can delegate to a resource service represents a potential attack point. Microsoft, page 14) 
receiving Kerberos-based messaging between user computers, domain controllers, and Kerberos-based services (Kerberos authentication can be leveraged to address lack of connectivity to the domain controller from outside the corporate firewall. To do so, it proxies Kerberos authentication and password change messages for users who are requesting domain access through Direct Access or Remote Desktop Services, Microsoft, page 2);
maintaining a ledger of the monitored messages (The new KDC operational log is located in Application andServices/Microsoft/Windows/Kerberos-Key-Distribution-Center/Operational. It provides information that can help you determine the cause of a certificate logon failure or when the KDC service was stopped or started... The new Kerberos operational log is located in Application and Services/Microsoft/Windows/Security-Kerberos/Operational . It provides information that can help you determine the cause of a failure without collecting a trace and contacting Microsoft Product Support. Microsoft, page 18);
comparing the ledger against expected messages for Kerberos authentications to confirm the validity of the Kerberos authentication traffic (102: Error: Certificate based authentication failure due to KDC certificate validation failure; 103: Error: Certificate based authentication failure due to client certificate validation failure; 106: Error: Certificate based authentication failure due to KDC certificate validation failure due to KDC EKU missing; 107: Error: Certificate based authentication failure due to KDC certificate validation failure due to wrong domain name. Microsoft, page 19).
Microsoft does not teach using a midserver for ingestion of data into a cloud-based service from an external network, Bonomi however teaches using a midserver for ingestion of data into a cloud-based service from an external network (Bonomi, FIG.2)
Microsoft in view of Bonomi are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Microsoft in view of Bonomi. This would have been desirable because the system architecture 100 supports security technology methods and algorithms that enable co-location of the IT /OT devices and other infrastructure components on the fognode 124 that enable operation of the IT and OT software components without interfering with other software components. It also enables a secure middleware infrastructure and communication bus for secure data exchange, as well as prevents inadvertent interference and Denial of Service (DOS) effects on the system components due to failures and defects in one set of software components that are co-located. In some embodiments the system architecture 100 prevents malicious Denial of Service (DOS) effects in the system architecture 100 components if vulnerabilities are present in a set of software components that are co-located with one another. (Bonomi, [0056]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on Monday-Friday 7:30am - 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/OLEG KORSAK/
Primary Examiner, Art Unit 2492