Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Applicant's submission filed on  05/17/2022  has been entered. Claims 15-19,21-27,29- 35,37-38 have been examined.  Claims 1-14,20,28,36 are cancelled. 

Response to Arguments
Applicant’s arguments with respect to claims 15, 23, 31 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Priority
Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date of the provisional application No. 61/431,270 filed on 01/10/2011 as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original non-provisional application or provisional application); the disclosure of the invention in the parent application and in the later-  filed application must be sufficient to comply with the requirements of the first paragraph of 35' U.S.C. 112. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994).
In the present application, support for the following limitations is lacking in the provisional application 61/431,270 dated 01/10/2011:

For example: the limitation of “ wherein the first connection comprises a secure and persistent channel directly between the local network and the at least one external server;.” is not supported by provisional application. Therefore, examiner will consider the priority date back to continuation application 13/347,352 filed on 01/10/2012.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


Claims 15-19, 21,23-27,29, 31-35,37 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Klitscher et al. Publication No. WO 2010/043234 A1 (Klitscher hereinafter) in view of  Graham et al. Patent No. US 8,843,622 B1 ( Graham hereinafter).

Regarding claim 15,

Klitscher teaches a method, comprising:

initiating, by a hardware resource executing a cloud extension agent on a local network, a first connection to at least one external server, over a wide area network external from the local network and separated by at least one firewall, using a standard internet protocol, (Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive); 

wherein the first connection comprises a[..] and persistent channel directly between the local network and the at least one external server ( Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive – Page 22 - the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Page 9 - once the connection has been opened, the web application 30 service 115 may optionally include a mechanism to maintain the connection according to the proprietary protocol). 



 receiving, via the first connection, a first set of instructions to manage a configuration of each of a first set of[..] devices by one or more local servers on the local network( Page 22  – the computing device 140 sends the user interaction to the web application service 115. For example, an HTTP-GET or HTTP-POST may be sent to the internet portal 340 provided by web application server 110. The user interaction received is then processed by the web application service 115 and a request is generated at step 460. This request for a particular action or functionality is then sent at step 465 to the storage manager 240. Again, this request may be implemented as HTTP commands or any other suitable 20 protocol command. Thus, using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310 – Page 4 - when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive).



changing a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmitting, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490).

Klitscher does not explicitly teach that the device of a set of devices  is a mobile device of set of mobile devices and that the channel is a secure channel.
 However, Graham teaches 

a device of set of device is a mobile device of a set of mobile devices Col.8,40-55  CPEs 12a:f can be associated with clients, customers, or end users wishing to initiate a communication in communication system 10 via some network. The term 'CPE' is inclusive of devices used to initiate a communication, such as a receiver, a computer, a set-top box, an Internet radio device (IRD), a cell phone, a smart phone, a tablet, a personal digital assistant (PDA), or any other device) CPEs 12a:f may also be any device that seeks to initiate a communication on behalf of another entity or element, such as a program, a database, or any other component, device, element, or object capable of initiating an exchange within
communication system 10).

wherein the first  connection comprises a secure channel (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).


changing a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmitting, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Col. 12, lines 40-50 – each status server that contains the CPE summary data sends the CPE summary data to the user interface. At 208, the user interface compiles the CPE summary data and communicates the CPE summary data to the entity that requested the CPE summary data. For example if an administrator requested the CPE summary data, then user interface may send, display, or otherwise make available the summary data to the administrator – Col.13, lines 15-25 - the connection between the CPE and the server is authenticated and new streams are opened. At 228, the connection between the CPE and the server is fully established. At 230, the CPE sends a status update to the server. At 20 232, the system can determine if the status of the CPE bas changed. If the status of the CPE bas changed, then the CPE can send a status update to the server. If the status of the CPE has not changed, then the system determines if there has been any traffic during a predetermined about of time – Col.13, lines 55-60 - a status update, including the script results, is sent from the CPE to the status server. Once the status update and the script results are stored in status server 14a, then user 60 interface 16 and/or network device 28 may access the status and script results - The status server can also send a message that contains a script configuration for a specific CPE. The script configuration data defines scripts that the CPE is to execute (including if they are one time, on demand, etc.) at CPE startup (single user mode), or periodically).


It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to  provide status of different type of devices to the remote server for troubleshooting purposes in a secure manner (Graham - Col.5,lines 45-50,  Col.8,40-55). 
Regarding claim 16,

Klitscher in view of Graham further teaches
gathering status and configuration  information from the one or more local servers on the local network (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).

 
Regarding claim 17,

Klitscher in view of Graham further teaches 
wherein gathering status and configuration information is performed after initiation of the first connection (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).

 


Regarding claim 18,

Klitscher in view of  Graham further teaches
Wherein the first local network is a customer premise network (Klitscher – Fig. 1, Page 14, -  Graham - Col.8,40-55 ).



Regarding claim 19,

Klitscher does not explicitly teach that the first  connection is a secure connection. 
However, Graham teaches
wherein the first  connection is a secure connection (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to efficiently  provide status of different type of devices to the remote server for troubleshooting purposes in a secure manner (Graham - Col.5,lines 45-50,  Col.8,40-55). 


Regarding claim 21,

Klitscher further teaches wherein the set of instructions are received by  the cloud extension agent using [...] a protocol over the  network connection (Page 22). However, Klitscher does not explicitly teach a set of instructions are received using an XMPP protocol over a secure connection 

Graham  teaches 
a set of instructions are received using an XMPP protocol over a secure connection (Claim 1; Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP  stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened  - Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).



It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to encode messages communicated on the persistent connections using an extensible messaging and presence protocol (XMPP)  for secure communication (Abstract – Graham) . 
Regarding claim 23,

Klitscher teaches an apparatus, comprising:
 a hardware resource to execute a cloud extension agent on a local network to: Initiating a first connection to at least one external server, over a wide area network external from the local network and separated by at least one firewall, using a standard internet protocol  (Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive); 

wherein the first connection comprises a[..] and persistent channel directly between the local network and the at least one external server Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive – Page 22 - the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Page 9 - once the connection has been opened, the web application 30 service 115 may optionally include a mechanism to maintain the connection according to the proprietary protocol). 



 receive, via the first connection, a first set of instructions to manage a configuration of each of a first set of[..] devices by one or more local servers on the local network( Page 22  – the computing device 140 sends the user interaction to the web application service 115. For example, an HTTP-GET or HTTP-POST may be sent to the internet portal 340 provided by web application server 110. The user interaction received is then processed by the web application service 115 and a request is generated at step 460. This request for a particular action or functionality is then sent at step 465 to the storage manager 240. Again, this request may be implemented as HTTP commands or any other suitable 20 protocol command. Thus, using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310 – Page 4 - when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive).



change a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmit, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490).

Klitscher does not explicitly teach that the device of a set of devices  is a mobile device of set of mobile devices and that the channel is a secure channel.
 However, Graham teaches 

a device of set of device is a mobile device of a set of mobile devices Col.8,40-55  CPEs 12a:f can be associated with clients, customers, or end users wishing to initiate a communication in communication system 10 via some network. The term 'CPE' is inclusive of devices used to initiate a communication, such as a receiver, a computer, a set-top box, an Internet radio device (IRD), a cell phone, a smart phone, a tablet, a personal digital assistant (PDA), or any other device) CPEs 12a:f may also be any device that seeks to initiate a communication on behalf of another entity or element, such as a program, a database, or any other component, device, element, or object capable of initiating an exchange within
communication system 10).

wherein the first  connection comprises a secure channel (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).


changing a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmitting, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Col. 12, lines 40-50 – each status server that contains the CPE summary data sends the CPE summary data to the user interface. At 208, the user interface compiles the CPE summary data and communicates the CPE summary data to the entity that requested the CPE summary data. For example if an administrator requested the CPE summary data, then user interface may send, display, or otherwise make available the summary data to the administrator – Col.13, lines 15-25 - the connection between the CPE and the server is authenticated and new streams are opened. At 228, the connection between the CPE and the server is fully established. At 230, the CPE sends a status update to the server. At 20 232, the system can determine if the status of the CPE bas changed. If the status of the CPE bas changed, then the CPE can send a status update to the server. If the status of the CPE has not changed, then the system determines if there has been any traffic during a predetermined about of time – Col.13, lines 55-60 - a status update, including the script results, is sent from the CPE to the status server. Once the status update and the script results are stored in status server 14a, then user 60 interface 16 and/or network device 28 may access the status and script results - The status server can also send a message that contains a script configuration for a specific CPE. The script configuration data defines scripts that the CPE is to execute (including if they are one time, on demand, etc.) at CPE startup (single user mode), or periodically).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to  provide status of different type of devices to the remote server for troubleshooting purposes (Graham - Col.5,lines 45-50,  Col.8,40-55). 
Regarding claim 24

Klitscher in view of Graham further teaches
wherein the hardware resource is further to: gather the status and configuration information from the one or more local servers on the local network (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).






Regarding claim 25,

Klitscher in view of Graham further teaches 
wherein to gather the status and configuration information after initiation of the first connection (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).

Regarding claim 26,

Klitscher in view of  Graham further teaches
Wherein the first local network is a customer premise network (Klitscher – Fig. 1, Page 14, -  Graham - Col.8,40-55 ).


Regarding claim 27,

Klitscher does not explicitly teach that the first  connection is a secure connection. However, Graham teaches

wherein the first  connection is a secure connection (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to efficiently  provide status of different type of devices to the remote server for troubleshooting purposes in a secure manner (Graham - Col.5,lines 45-50,  Col.8,40-55). 
Regarding claim 29,


Klitscher further teaches wherein the set of instructions are received by  the cloud extension agent using [...] a protocol over the  network connection (Page 22). However, Klitscher does not explicitly teach a set of instructions are received using an XMPP protocol over a secure connection 

Graham  teaches 
a set of instructions are received using an XMPP protocol over a secure connection (Claim 1; Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP  stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened  - Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to encode messages communicated on the persistent connections using an extensible messaging and presence protocol (XMPP)  for secure communication (Abstract – Graham) . 
Regarding claim 31,

Klitscher teaches a non-transitory computer readable storage media having program instructions to be executed by a hardware resource to:

initiating, by a hardware resource executing a cloud extension agent on a local network, a first connection to at least one external server, over a wide area network external from the local network and separated by at least one firewall, using a standard internet protocol, (Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive); 

wherein the first connection comprises a[..] and persistent channel directly between the local network and the at least one external server Fig.1, Abstract - Each storage device is equipped with a software storage manager adapted to establish a permanent connection to the web application server. The web application server can then identify the storage device within the network and can access and retrieve data from said storage device on request by a user of the computing device through the device management service. The web application server and the software storage manager may have a keep-alive mechanism to avoid disconnections – Page 4 - the installed software implements a service, referred to herein as a storage manager or storage manager service, that initially establishes the connection to the web application server. The typical configuration of routers, firewalls or other intermediate network nodes can therefore be avoided and the user is not required to make any modifications to the router and/or firewall. For example,  when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive – Page 22 - the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Page 9 - once the connection has been opened, the web application 30 service 115 may optionally include a mechanism to maintain the connection according to the proprietary protocol). 



 receiving, via the first connection, a first set of instructions to manage a configuration of each of a first set of[..] devices by one or more local servers on the local network( Page 22  – the computing device 140 sends the user interaction to the web application service 115. For example, an HTTP-GET or HTTP-POST may be sent to the internet portal 340 provided by web application server 110. The user interaction received is then processed by the web application service 115 and a request is generated at step 460. This request for a particular action or functionality is then sent at step 465 to the storage manager 240. Again, this request may be implemented as HTTP commands or any other suitable 20 protocol command. Thus, using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310 – Page 4 - when the storage manager service initiates a connection to the web application server from inside a firewall local to the storage device, the firewall need not be configured for the reception of external requests as long as this connection is kept alive).



changing a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmitting, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490).

Klitscher does not explicitly teach that the device of a set of devices  is a mobile device of set of mobile devices and that the channel is a secure channel.
 However, Graham teaches 

a device of set of device is a mobile device of a set of mobile devices Col.8,40-55  CPEs 12a:f can be associated with clients, customers, or end users wishing to initiate a communication in communication system 10 via some network. The term 'CPE' is inclusive of devices used to initiate a communication, such as a receiver, a computer, a set-top box, an Internet radio device (IRD), a cell phone, a smart phone, a tablet, a personal digital assistant (PDA), or any other device) CPEs 12a:f may also be any device that seeks to initiate a communication on behalf of another entity or element, such as a program, a database, or any other component, device, element, or object capable of initiating an exchange within
communication system 10).

wherein the first  connection comprises a secure channel (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).


changing a configuration of one or more of the first set of [..] devices in response to the first set of instructions; and  transmitting, via the first connection, status and configuration information comprising data indicative of changes to the configuration of the one or more of the first set of [..] devices to the external server made in response to the first set of instructions ( Col. 12, lines 40-50 – each status server that contains the CPE summary data sends the CPE summary data to the user interface. At 208, the user interface compiles the CPE summary data and communicates the CPE summary data to the entity that requested the CPE summary data. For example if an administrator requested the CPE summary data, then user interface may send, display, or otherwise make available the summary data to the administrator – Col.13, lines 15-25 - the connection between the CPE and the server is authenticated and new streams are opened. At 228, the connection between the CPE and the server is fully established. At 230, the CPE sends a status update to the server. At 20 232, the system can determine if the status of the CPE bas changed. If the status of the CPE bas changed, then the CPE can send a status update to the server. If the status of the CPE has not changed, then the system determines if there has been any traffic during a predetermined about of time – Col.13, lines 55-60 - a status update, including the script results, is sent from the CPE to the status server. Once the status update and the script results are stored in status server 14a, then user 60 interface 16 and/or network device 28 may access the status and script results - The status server can also send a message that contains a script configuration for a specific CPE. The script configuration data defines scripts that the CPE is to execute (including if they are one time, on demand, etc.) at CPE startup (single user mode), or periodically).


It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to  provide status of different type of devices to the remote server for troubleshooting purposes (Graham - Col.5,lines 45-50,  Col.8,40-55).
Regarding claim 32
Klitscher in view of Graham further teaches
wherein the hardware resource is further to: gather the status and configuration information from the one or more local servers on the local network (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).


Regarding claim 33,

Klitscher in view of Graham further teaches 
wherein to gather the status and configuration information after initiation of the first connection (Klitscher -  Page 22 - using the permanent connection to the storage manager 240 the service 140 will be able to forward in step 465 the user request to the intended storage device at storage manager 240. Further, the storage manager 240 performs the requested action on storage device 150, see step 470. Any result of this performed action is sent back to web application service 115 at step 4Further, the response data, i.e. the result, may then be internally forwarded (not shown) to internet portal 340 and to device management service 310. At step 480, the method continues with processing the result received from step 475 and by updating the user interface. The updated user interface is then provided to the computing device 140 at step 485. It is noted that steps 455 to 485 may be repeated until the user session is terminated at step 490 – Graham - Col. 12, lines 40-50, Col.13, lines 15-25,55-60).

Regarding claim 34,

Klitscher in view of  Graham further teaches
Wherein the first local network is a customer premise network (Klitscher – Fig. 1, Page 14, -  Graham - Col.8,40-55 ).


Regarding claim 35,

Klitscher does not explicitly teach that the first  connection is a secure connection.

 However, Graham teaches

wherein the first  connection is a secure connection (Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to efficiently  provide status of different type of devices to the remote server for troubleshooting purposes in a secure manner (Graham - Col.5,lines 45-50,  Col.8,40-55). 
Regarding claim 37,

Klitscher further teaches wherein the set of instructions are received by  the cloud extension agent using [...] a protocol over the  network connection (Page 22). However, Klitscher does not explicitly teach a set of instructions are received using an XMPP protocol over a secure connection 
Graham  teaches 
a set of instructions are transmitted using an XMPP protocol over a secure connection (Claim 1; Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP  stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened  - Col. 13, lines 7-20 - Turning to FIG. 2C, FIG. 2C is a simplified flowchart 203 illustrating one potential operation associated with the present disclosure. In an embodiment, at 220, a transport 10 layer security (TLS) is established and server authentication is performed. For example, TLS and server authentication (i.e., mutual authentication) may be performed with respect to CPE 12a and status server 14a. At 222, an XMPP stream is opened between a CPE and a server. For example, an XMPP 15 stream may be created between status server 14a and CPE 12a. At 226, the connection between the CPE and the server is authenticated and new streams are opened ).

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings of Graham.  The motivation for doing so is to allow a system to encode messages communicated on the persistent connections using an extensible messaging and presence protocol (XMPP)  for secure communication (Abstract – Graham) . 

Claims 22,30,38 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Klitscher in view of Graham further in view of Staveley et al. Patent No. US 6,973,491 B1 (Staveley hereinafter)


Regarding claim 22,

Klitscher does not explicitly teach

determining, by the cloud extension agent, whether any updates from the at least one external server are waiting to be sent

However, Staveley teaches
determining, by the cloud extension agent, whether any updates from the at least one external server are waiting to be sent (Col.8, lines 10-25 Main module 30 also performs other operations. For example, if the parameter "auto upgrade" is specified in the configuration file, main module 30 will invoke the automation15 upgrade component, as described above. Also, if a URL is given for the location a test configuration file, the main module 30 will download the test configuration file from the specified URL).  

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings Staveley.  The motivation for doing so is to allow a system to always be aware of new configuration for the target devices (Col.8, lines 10-25 – Staveley).
Regarding claim 30,

Klitscher does not explicitly teach

Wherein the hardware resource is further to determine whether any updates from the at least one external server are waiting to be sent

However, Staveley teaches
Wherein the hardware resource is further to determine whether any updates from the at least one external server are waiting to be sent (Col.8, lines 10-25 Main module 30 also performs other operations. For example, if the parameter "auto upgrade" is specified in the configuration file, main module 30 will invoke the automation15 upgrade component, as described above. Also, if a URL is given for the location a test configuration file, the main module 30 will download the test configuration file from the specified URL).  

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings Staveley.  The motivation for doing so is to allow a system to always be aware of new configuration for the target devices (Col.8, lines 10-25 – Staveley).

Regarding claim 38,

Klitscher does not explicitly teach

Wherein the hardware resource is further to determine whether any updates from the at least one external server are waiting to be sent

However, Staveley teaches
Wherein the hardware resource is further to determine whether any updates from the at least one external server are waiting to be sent (Col.8, lines 10-25 Main module 30 also performs other operations. For example, if the parameter "auto upgrade" is specified in the configuration file, main module 30 will invoke the automation15 upgrade component, as described above. Also, if a URL is given for the location a test configuration file, the main module 30 will download the test configuration file from the specified URL).  

It would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to modify the teachings of Klitscher to include the teachings Staveley.  The motivation for doing so is to allow a system to always be aware of new configuration for the target devices (Col.8, lines 10-25 – Staveley).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659.  The examiner can normally be reached on Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/Primary Examiner, Art Unit 2445