DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 05/17/2021.
Claims 1-18 are submitted for examination.
Claims 1-18 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on May 17, 2021  claims priority of parent application 16/267,024 filed on February 04, 2019, which claims priority of parent application 14/213,893 filed on March 03, 2014 which claims priority of provisional application 61/798,491 filed on March 15,, 2013.
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 17 May 2021.

Claim Objection
Claims 1 and 7 are objected to because of the following informalities: Claim 1 recites a limitation, “… cause the processor to: authenticate credentials of the guest device, and determine, based on: (a) the authenticated credentials of the guest device, (b) an identification of the guess device…..”.  Claim 7 recites a limitation, “…authenticate credentials of the guest device, and determine, based on (a) the authenticated credentials of the guest device, (b) an identification of the guess device,..”. Examiner suggest replacing “guess device” with “guest device”. Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to
www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-18 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 8-14 of U.S. Patent No. 11025605. 
Claims 1-5, 7-13 and 15-16 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 8-13 of U.S. Patent No. 10200352.
Although the claims at issue are not identical, they are not patentably distinct from each other.




 
Instant Application 17/322,423
 
US PAT. # US 11025605 (App. # 16/267,024) 
 
US PAT. # US 10200352 (App. # 14/213,893) 
 
 
SYSTEM AND METHOD FOR SECURE APPLICATION COMMUNICATION BETWEEN NETWORKED PROCESSORS
 
SYSTEM AND METHOD FOR SECURE APPLICATION COMMUNICATION BETWEEN NETWORKED PROCESSORS
 
SYSTEM AND METHOD FOR SECURE APPLICATION COMMUNICATION BETWEEN NETWORKED PROCESSORS
 
 
 
 
 
 
 
 
1
A security server associated with a host device, the security server comprising: a processor; and a memory device that stores a plurality of instructions that, when executed by the processor following a connection request from a guest device that identifies the host device, cause the processor to: authenticate credentials of the guest device, and determine, based on: (a) the authenticated credentials of the guest device, (b) an identification of the guess device, and (c) at least one of: a date, a time, a connection type between the guest device and a connection facilitation server, and an authentication type, a plurality of remote communication ports of the host device available to the guest device, and a plurality of applications available to the guest device, wherein: each of the plurality of remote communication ports of the host device is initially closed, and following a selection of one of the plurality of remote communication ports of the host device and an independent selection of one of the plurality of applications, the selected remote communication port is opened by the host device and, for an established session, data is exchangeable from the selected application through an established peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port.
1
 A method for transporting data between a host device and a guest device remote from the host device, the method comprising: receiving, at a connection facilitation server, an initial handshake from the host device that includes a unique identifier for the host device, wherein all of remote communication ports of the host device available to the guest device are initially closed; receiving, at the connection facilitation server, an initial handshake from the guest device; sending, by the connection facilitation server, a list of host devices available to the guest device, the list including the unique identifier; receiving, by the connection facilitation server, a connection request from the guest device identifying one of the host devices; in response to authenticating credentials of the guest device, by a security server associated with the host device via the connection facilitation server, determining a role of the guest device based on (a) the credentials, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type between the guest device and the connection facilitation server, and an authentication type, the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device,
1
A method for transporting data between a host device and a guest device remote from the host device through a communications tunnel, wherein the communications tunnel is through a connection facilitation server in communication with the host device and the guest device over a network, and the data transported between the host device and the guest device is through at least one port of the host device, the communications tunnel, and at least one port of the guest device, the method comprising: (A) receiving, at the connection facilitation server, a connection request from the guest device to establish the communications tunnel with the host device; (B) receiving, at the connection facilitation server, an identification of the host device for indicating to the connection facilitation server that the host device is available for connection to the guest device, wherein the identification of the host device is a unique identifier associated with the host device; (C) establishing a session and the communications tunnel between the guest device and the host device via the connection facilitation server, in response to receiving the connection request and the identification of the host device; D) receiving logon credentials from the guest device at the host device through the communications tunnel; (E) authenticating the guest device based on the logon credentials and the identification of the host device, using a security server in communication with the host device; (F) when the guest device is authenticated, using the security server, determining a role of the guest device based on the
 
 

1
wherein the eligible remote communications ports are selectable independently from the applications; receiving, by the connection facilitation server, a selection of one of the eligible remote communications ports and one of the applications; opening, by the host device, the selected remote communication port; establishing a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port; and exchanging data from the selected application through the peer-to-peer communication tunnel.
1
(i) logon credentials and (ii) one or more of a date, a time, an identification of the guest device, an identification of the host device, a connection type between the guest device and the connection facilitation server, or an authentication type, wherein the role comprises a plurality of allowed host ports that the guest device is authorized to access and plurality of allowed host applications associated with the plurality of allowed host ports, the plurality of allowed host applications capable of executing on the host device; (G) transmitting a list of the plurality of allowed host ports and the plurality of allowed host applications from the security server to the host device; (H) transmitting the list of the plurality of allowed host ports and the plurality allowed host applications from the host device to the guest device through the communications tunnel; (I) receiving a selection of one of the plurality of allowed host ports and the plurality of allowed host applications from the guest device at the host device through the communications tunnel; and (J) forwarding the data from the selected allowed host application through the selected allowed host port, the communications tunnel, and one of a plurality of available ports of the guest device, while the session is active, wherein the selected one of the plurality of available ports of the guest device is dynamically selected by the guest device independently of the selected allowed host application and the selected one of the plurality of allowed host port.
 
2
The security server of claim 1, wherein when executed by the processor, the instructions cause the processor to authenticate credentials of the guest device by: determining, based on predefined settings associated with the guest device, the authentication type for the guest device, and responsive to logon credentials corresponding to the authentication type for the guest device being valid, denoting that the guest device is authenticated.
2
The method of claim 1, wherein authenticating credentials of the guest device comprises: determining an authentication type for the guest device, using the security server, based on predefined settings associated with the guest device on the security server; transmitting the authentication type to the guest device through the connection facilitation server; receiving logon credentials corresponding to the authentication type from the guest device through the connection facilitation server; and denoting that the guest device is authenticated, using the security server, when the received logon credentials are valid.
2
The method of claim 1, wherein: receiving the logon credentials comprises: determining an authentication type for the guest device, using the security server, based on predefined settings associated with the guest device on the security server; transmitting the authentication type from the host device to the guest device through the communications tunnel; and receiving the logon credentials corresponding to the authentication type from the guest device at the host device through the communications tunnel; and authenticating the guest device comprises denoting that the guest device is authenticated, using the security server, when the logon credentials are valid.
 
3
The security server of claim 1, wherein when executed by the processor, the instructions cause the processor to authenticate credentials of the guest device by: determining, based on predefined settings associated with the guest device, an expected authentication type for the guest device, transmitting the expected authentication type for the guest device to the host device and the guest device, and responsive to the authentication type being validated: receiving a first factor authentication from a first factor authentication authority, and responsive to the first factor authentication being successful: receiving a second factor authentication from a second factor authentication authority, and responsive to the second factor authentication being successful, denoting that the guest device is authenticated.
3
The method of claim 1, wherein authenticating credentials of the guest device comprises: determining an expected authentication type for the guest device based on predefined settings associated with the guest device on the security server, using the security server; transmitting the expected authentication type for the guest device from the security server to the host device and the guest device; receiving a first factor authentication at the security server from a first factor authentication authority, when the authentication type is validated; receiving a second factor authentication at the security server from a second factor authentication authority, when the first factor authentication is successful; and denoting that the guest device is authenticated, using the security server, when the first factor authentication and the second factor authentication are successful.
3
The method of claim 1, wherein authenticating the guest device comprises: determining an expected authentication type for the guest device based on predefined settings associated with the guest device on the security server, using the security server; transmitting the expected authentication type for the guest device from the security server to the host device and the guest device; receiving a first factor authentication at the security server from a first factor authentication authority, when the authentication type is validated; receiving a second factor authentication at the security server from a second factor authentication authority, when the first factor authentication is successful; and denoting that the guest device is authenticated, using the security server, when the first factor authentication and the second factor authentication are successful.
 
4
The security server of claim 1, wherein when executed by the processor, the instructions cause the processor to log events and corresponding timestamps to a database while the established session is active, wherein the events occur between the host device and the guest device through the established peer-to-peer communication tunnel.
4
The method of claim 1, further comprising logging events and corresponding timestamps to a database while the session is active, using the security server, wherein the events occur between the host device and the guest device through the peer-to-peer communication tunnel.
4
The method of claim 1, further comprising logging events and corresponding timestamps to a database while the session is active, using the security server, wherein the events occur between the host device and the guest device through the communications tunnel.
 
5
The security server of claim 4, wherein the events comprise at least one of: the establishment of the session, the authentication of the guest device, a forwarding of data through the selected remote communication port from the selected application, and an ending of the established session.
5
The method of claim 4, wherein the events comprise one or more of the establishment of the session, the authentication of the guest device, forwarding of the data through the selected remote communication port from the selected application, or an ending of the session.
5
The method of claim 4, wherein the events comprise one or more of the establishment of the session, the authentication of the guest device, the forwarding of the data through the selected allowed host port from the allowed host application, or an ending of the session.
 
6
The security server of claim 1, wherein the determined plurality of remote communication ports of the host device available to the guest device, and the determined plurality of applications available to the guest device comprise part of a role of the guest device.
1
...the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device..
1
..wherein the role comprises a plurality of allowed host ports that the guest device is authorized to access and plurality of allowed host applications associated with the plurality of allowed host ports, the plurality of allowed host applications capable of executing on the host device
 
7
A security server associated with a host device, the security server comprising: a processor; and a memory device that stores a plurality of instructions that, when executed by the processor following a connection request from a guest device that identifies the host device and that originates from a local device in communication with the guest device, cause the processor to: authenticate credentials of the guest device, and determine, based on (a) the authenticated credentials of the guest device, (b) an identification of the guess device, and (c) at least one of a date, a time, a connection type between the guest device and a connection facilitation server, and an authentication type, a plurality of remote communication ports of the host device available to the guest device, and a plurality of applications available to the guest device, wherein: each of the plurality of remote communication ports of the host device is initially closed, and following a selection of one of the plurality of remote communication ports of the host device and an independent selection of one of the plurality of applications, the selected remote communication port is opened by the host device and, for an established session, data to be forwarded from the guest device to the local device is exchangeable from the selected application through an established peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port.
8
A method for transporting data between a host device and a local device at a remote location from the host device, the method comprising: receiving, at a connection facilitation server, an initial handshake from the host device that includes a unique identifier for the host device, wherein all of remote communication ports of the host device available to the local device are initially closed; receiving, at the connection facilitation server, an initial handshake from a guest device at the remote location, the guest device in communication with the local device; sending, by the connection facilitation server, a list of host devices available to the guest device, the list including the unique identifier of the host device; receiving, by the connection facilitation server, a connection request from the guest device identifying one of the host devices, the connection request originating from the local device; in response to authenticating credentials of the guest device, by a security server associated with the host device via the connection facilitation server, determining a role of the guest device based on (a) the credentials, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type between the guest device and the connection facilitation server, and an authentication type,
8
A method for transporting data between a remote device and a guest device remote from the remote device through a communications tunnel, wherein the communications tunnel is through a host device and a connection facilitation server in communication with the host device and the guest device over a network, the host device is in communication with the remote device, and the data transported between the remote device and the guest device is through at least one port of the remote device, the host device, the communications tunnel, and at least one port of the guest device, the method comprising: (A) receiving, at the connection facilitation server, a connection request from the guest device to establish the communications tunnel with the remote device; (B) receiving, at the connection facilitation server, an identification of the host device for indicating to the connection facilitation server that the host device is available for connection to the guest device, wherein the identification of the host device is a unique identifier associated with the host device; (C) establishing a session and the communications tunnel between the guest device and the remote device via the connection facilitation server, in response to receiving the connection request and the identification of the host device; (D) receiving logon credentials from the guest device at the host device through the communications tunnel; (E) authenticating the guest device based on the logon credentials and the identification of the host device, using a security server in communication with the host device; (F) determining an identification of the remote device, using the host device; 
 
 

8
the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device, wherein the eligible remote communications ports are selectable independently from the applications; receiving, by the connection facilitation server, a selection of one of the eligible remote communications ports and one of the applications; opening, by the host device, the selected remote communication port; establishing a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port; and exchanging data from the selected application through the peer-to-peer communication tunnel for the guest device to forward to the local device.
8
(G) when the guest device is authenticated, using the security server, determining a role of the guest device based on (i) the logon credentials (ii) the identification of the remote device and (iii) one or more of a date, a time, an identification of the guest device, an identification of the host device, a connection type between the guest device and the connection facilitation server, or an authentication type, wherein the role comprises a plurality of allowed remote ports that the guest device is authorized to access and a plurality of allowed remote applications associated with plurality of allowed remote ports, the plurality of allowed remote applications capable of executing on the remote device; (H) transmitting a list of the plurality of allowed host ports and the plurality of allowed host applications from the security server to the host device; (I) transmitting the list of the plurality of allowed host ports and the plurality of allowed host applications from the host device to the guest device through the communications tunnel; (J) receiving a selection of one of the plurality of allowed remote ports and the plurality of allowed remote applications from the guest device at the host device through the communications tunnel; and (K) forwarding the data from the selected allowed remote application through the selected one of the plurality of allowed remote ports, the host device, the communications tunnel, and a selected one of a plurality of ports of the guest device, while the session is active, wherein the selected one of the plurality of ports of the guest device is dynamically selected by the guest device independently of the selected allowed remote application and the selected one of the plurality of allowed remote ports.
 
8
The security server of claim 7, wherein when executed by the processor, the instructions cause the processor to authenticate credentials of the guest device by: determining, based on predefined settings associated with the guest device, the authentication type for the guest device, and responsive to logon credentials corresponding to the authentication type for the guest device being valid, denoting that the guest device is authenticated.
11
The method of claim 8, wherein authenticating credentials of the guest device comprises: determining an authentication type for the guest device, using the security server, based on predefined settings associated with the guest device on the security server; transmitting the authentication type to the guest device through the connection facilitation server; receiving logon credentials corresponding to the authentication type from the guest device through the connection facilitation server; and denoting that the guest device is authenticated, using the security server, when the received logon credentials are valid.
9
The method of claim 8, wherein: the connection request comprises an identification of the guest device; receiving the logon credentials comprises: determining an authentication type for the guest device, using the security server, based on predefined settings associated with the guest device on the security server; transmitting the authentication type from the host device to the guest device through the communications tunnel; and receiving the logon credentials corresponding to the authentication type from the guest device at the host device through the communications tunnel; and authenticating the guest device comprises denoting that the guest device is authenticated, using the security server, when the logon credentials are valid.
 
9
The security server of claim 7, wherein when executed by the processor, the instructions cause the processor to authenticate credentials of the guest device by: determining, based on predefined settings associated with the guest device, an expected authentication type for the guest device, transmitting the expected authentication type for the guest device to the host device and the guest device, and responsive to the authentication type being validated: receiving a first factor authentication from a first factor authentication authority, and responsive to the first factor authentication being successful: receiving a second factor authentication from a second factor authentication authority, and responsive to the second factor authentication being successful, denoting that the guest device is authenticated.
12
The method of claim 8, wherein authenticating credentials of the guest device comprises: determining an expected authentication type for the guest device based on predefined settings associated with the guest device on the security server, using the security server; transmitting the expected authentication type for the guest device from the security server to the host device and the guest device; receiving a first factor authentication at the security server from a first factor authentication authority, when the authentication type is validated; receiving a second factor authentication at the security server from a second factor authentication authority, when the first factor authentication is successful; and denoting that the guest device is authenticated, using the security server, when the first factor authentication and the second factor authentication are successful.
10
The method of claim 8, wherein authenticating the guest device comprises: determining an expected authentication type for the guest device based on predefined settings associated with the guest device on the security server, using the security server; transmitting the expected authentication type for the guest device from the security server to the host device and the guest device; receiving a first factor authentication at the security server from a first factor authentication authority, when the authentication type is valid; receiving a second factor authentication at the security server from a second factor authentication authority, when the first factor authentication is successful; and denoting that the guest device is authenticated, using the security server, when the first factor authentication and the second factor authentication are successful.
 
10
The security server of claim 7, wherein when executed by the processor, the instructions cause the processor to log events and corresponding timestamps to a database while the established session is active, wherein the events occur between the host device and the guest device through the established peer-to-peer communication tunnel.
13
The method of claim 8, further comprising logging events and corresponding timestamps to a database while the session is active, using the security server, wherein the events occur between the host device and the guest device through the peer-to-peer communication tunnel.
11
The method of claim 8, further comprising logging events and corresponding timestamps to a database while the session is active, using the security server, wherein the events occur between the remote device and the guest device through the communications tunnel.
 
11
 The security server of claim 10, wherein the events comprise at least one of: the establishment of the session, the authentication of the guest device, a forwarding of data through the selected remote communication port from the selected application, and an ending of the established session.
14
The method of claim 13, wherein the events comprise one or more of the establishment of the session, the authentication of the guest device, forwarding of the data through the selected remote communication port from the selected application, or an ending of the session.
12
The method of claim 11, wherein the events comprise one or more of the establishment of the session, the authentication of the guest device, the forwarding of the data through the selected allowed remote port from the allowed remote application, or an ending of the session.
 
12
The security server of claim 7, wherein the guest device comprises a server and the local device comprises a control system.
9
The method of claim 8, wherein the guest device is a server and the local device is a control system.
13
The method of claim 8, wherein the remote device comprises one or more of a building control system, an industrial control system, a printer, a copier, or a device with networking capability.
 
13
The security server of claim 12, wherein the local device is incapable of being in direct connection with the host device.
10
The method of claim 9, wherein the local device is incapable of establishing the direct peer-to-peer connection with the host device.
 
 
 
14
The security server of claim 7, wherein the determined plurality of remote communication ports of the host device available to the guest device, and the determined plurality of applications available to the guest device comprise part of a role of the guest device.
1
...the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device..
1
..wherein the role comprises a plurality of allowed host ports that the guest device is authorized to access and plurality of allowed host applications associated with the plurality of allowed host ports, the plurality of allowed host applications capable of executing on the host device
 
15
A connection facilitation server comprising: a processor; and a memory device that stores a plurality of instructions that, when executed by the processor, cause the processor to: receive a connection request from a guest device identifying a host device, following an authentication of credentials of the guest device and a determination, based on: (a) the credentials of the guest device, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type, and an authentication type, of a plurality of remote communication ports of the host device available to the guest device and a plurality of applications available to the guest device, receive independent selections of: (i) one of the plurality of eligible remote communication ports, and (ii) one of the plurality of applications, wherein each remote communication port of the host device available to the guest device is initially closed, and following an opening by the host device of the selected remote communication port, cause an establishment of a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port, wherein data from the selected application is exchangeable through the direct peer-to-peer communication tunnel.
1
 A method for transporting data between a host device and a guest device remote from the host device, the method comprising: receiving, at a connection facilitation server, an initial handshake from the host device that includes a unique identifier for the host device, wherein all of remote communication ports of the host device available to the guest device are initially closed; receiving, at the connection facilitation server, an initial handshake from the guest device; sending, by the connection facilitation server, a list of host devices available to the guest device, the list including the unique identifier; receiving, by the connection facilitation server, a connection request from the guest device identifying one of the host devices; in response to authenticating credentials of the guest device, by a security server associated with the host device via the connection facilitation server, determining a role of the guest device based on (a) the credentials, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type between the guest device and the connection facilitation server, and an authentication type, the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device,
1
A method for transporting data between a host device and a guest device remote from the host device through a communications tunnel, wherein the communications tunnel is through a connection facilitation server in communication with the host device and the guest device over a network, and the data transported between the host device and the guest device is through at least one port of the host device, the communications tunnel, and at least one port of the guest device, the method comprising: (A) receiving, at the connection facilitation server, a connection request from the guest device to establish the communications tunnel with the host device; (B) receiving, at the connection facilitation server, an identification of the host device for indicating to the connection facilitation server that the host device is available for connection to the guest device, wherein the identification of the host device is a unique identifier associated with the host device; (C) establishing a session and the communications tunnel between the guest device and the host device via the connection facilitation server, in response to receiving the connection request and the identification of the host device; D) receiving logon credentials from the guest device at the host device through the communications tunnel; (E) authenticating the guest device based on the logon credentials and the identification of the host device, using a security server in communication with the host device; (F) when the guest device is authenticated, using the security server, determining a role of the guest device based on the
 
 

1
wherein the eligible remote communications ports are selectable independently from the applications; receiving, by the connection facilitation server, a selection of one of the eligible remote communications ports and one of the applications; opening, by the host device, the selected remote communication port; establishing a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port; and exchanging data from the selected application through the peer-to-peer communication tunnel.
1
(i) logon credentials and (ii) one or more of a date, a time, an identification of the guest device, an identification of the host device, a connection type between the guest device and the connection facilitation server, or an authentication type, wherein the role comprises a plurality of allowed host ports that the guest device is authorized to access and plurality of allowed host applications associated with the plurality of allowed host ports, the plurality of allowed host applications capable of executing on the host device; (G) transmitting a list of the plurality of allowed host ports and the plurality of allowed host applications from the security server to the host device; (H) transmitting the list of the plurality of allowed host ports and the plurality allowed host applications from the host device to the guest device through the communications tunnel; (I) receiving a selection of one of the plurality of allowed host ports and the plurality of allowed host applications from the guest device at the host device through the communications tunnel; and (J) forwarding the data from the selected allowed host application through the selected allowed host port, the communications tunnel, and one of a plurality of available ports of the guest device, while the session is active, wherein the selected one of the plurality of available ports of the guest device is dynamically selected by the guest device independently of the selected allowed host application and the selected one of the plurality of allowed host port.
 
16
A connection facilitation server comprising: a processor; and a memory device that stores a plurality of instructions that, when executed by the processor, cause the processor to: receive a connection request from a guest device that originates from a local device in communication with the guest device and that identifies a host device, following an authentication of credentials of the guest device and a determination, based on: (a) the credentials of the guest device, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type, and an authentication type, of a plurality of remote communication ports of the host device and a plurality of applications, receive independent selections of: (i) one of the plurality of remote communication ports, and (ii) one of the plurality of applications, wherein each remote communication port of the host device is initially closed, and following an opening by the host device of the selected remote communication port, cause an establishment of a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port, wherein data from the selected application is exchangeable through the direct peer-to-peer communication tunnel for the guest device to forward to the local device.
1
 A method for transporting data between a host device and a guest device remote from the host device, the method comprising: receiving, at a connection facilitation server, an initial handshake from the host device that includes a unique identifier for the host device, wherein all of remote communication ports of the host device available to the guest device are initially closed; receiving, at the connection facilitation server, an initial handshake from the guest device; sending, by the connection facilitation server, a list of host devices available to the guest device, the list including the unique identifier; receiving, by the connection facilitation server, a connection request from the guest device identifying one of the host devices; in response to authenticating credentials of the guest device, by a security server associated with the host device via the connection facilitation server, determining a role of the guest device based on (a) the credentials, (b) an identification of the guest device, and (c) at least one of a date, a time, a connection type between the guest device and the connection facilitation server, and an authentication type, the role comprising (i) a list of at least two eligible remote communication ports and (ii) a list of applications available to the guest device,
1
A method for transporting data between a host device and a guest device remote from the host device through a communications tunnel, wherein the communications tunnel is through a connection facilitation server in communication with the host device and the guest device over a network, and the data transported between the host device and the guest device is through at least one port of the host device, the communications tunnel, and at least one port of the guest device, the method comprising: (A) receiving, at the connection facilitation server, a connection request from the guest device to establish the communications tunnel with the host device; (B) receiving, at the connection facilitation server, an identification of the host device for indicating to the connection facilitation server that the host device is available for connection to the guest device, wherein the identification of the host device is a unique identifier associated with the host device; (C) establishing a session and the communications tunnel between the guest device and the host device via the connection facilitation server, in response to receiving the connection request and the identification of the host device; D) receiving logon credentials from the guest device at the host device through the communications tunnel; (E) authenticating the guest device based on the logon credentials and the identification of the host device, using a security server in communication with the host device; (F) when the guest device is authenticated, using the security server, determining a role of the guest device based on the
 
 

1
wherein the eligible remote communications ports are selectable independently from the applications; receiving, by the connection facilitation server, a selection of one of the eligible remote communications ports and one of the applications; opening, by the host device, the selected remote communication port; establishing a session and a direct peer-to-peer communication tunnel between the guest device and the host device using the selected remote communication port; and exchanging data from the selected application through the peer-to-peer communication tunnel.
1
(i) logon credentials and (ii) one or more of a date, a time, an identification of the guest device, an identification of the host device, a connection type between the guest device and the connection facilitation server, or an authentication type, wherein the role comprises a plurality of allowed host ports that the guest device is authorized to access and plurality of allowed host applications associated with the plurality of allowed host ports, the plurality of allowed host applications capable of executing on the host device; (G) transmitting a list of the plurality of allowed host ports and the plurality of allowed host applications from the security server to the host device; (H) transmitting the list of the plurality of allowed host ports and the plurality allowed host applications from the host device to the guest device through the communications tunnel; (I) receiving a selection of one of the plurality of allowed host ports and the plurality of allowed host applications from the guest device at the host device through the communications tunnel; and (J) forwarding the data from the selected allowed host application through the selected allowed host port, the communications tunnel, and one of a plurality of available ports of the guest device, while the session is active, wherein the selected one of the plurality of available ports of the guest device is dynamically selected by the guest device independently of the selected allowed host application and the selected one of the plurality of allowed host port.
 
17
The connection facilitation server of claim 16, wherein the guest device comprises a server and the local device comprises a control system.
9
The method of claim 8, wherein the guest device is a server and the local device is a control system.
 

 
18
The connection facilitation server of claim 17, wherein the local device is incapable of establishing any direct peer-to-peer connection with the host device.
10
The method of claim 9, wherein the local device is incapable of establishing the direct peer-to-peer connection with the host device.
 
 
 


Conclusion
Neumann et al. (US PGPUB. # US 2006/0041761) discloses, a secure computing system is provided which utilizes a unique combination of Public Key Infrastructure (PKI), Virtual Private Networking (VPN), and server-based computing on thin client devices. The combination of technology and components provide secure computing through Defense-in-Depth using commercial off-the-shelf components. 
	Suhonen et al. (US PGPUB. # US 2005/0060328) discloses, a method and a virtual private network (VPN) gateway server 10 providing rules for wireless access over a secure tunnel connection to a corporate network 20. The corporate network 20 is protected by firewall functionality, with different access configurations for different remote users. The VPN gateway server 10 includes a user database 15 which provides rules specific for each user for the access to the corporate network 20 using the secure tunnel. The rules include specific sets of TCP ports associated with respective specific users. The gateway server 10 limits an authenticated user's access to the corporate network 20, which access is performed by means of the tunnel connection provided by the gateway server 10, to the associated allowed TCP server ports.
Fujita et al. (US PGPUB. # US 2008/0037557) discloses, a VPN gateway includes a WAN interface for exchanging packets with client nodes via IPsec tunnels set on the WAN side, a LAN interface for exchanging packets with server nodes
connected to the LAN side, a session relay unit for temporarily terminating a first communication session to be set for a sever node from a client node, and setting a second communication session that relays the first communication session to the server node, and an SSL processor for making the second communication session into an SSL.  This arrangement makes it possible to dynamically allocate the servers in a data center to a VPN, permit only an authenticated server to communicate with another node in the VPN, and prevent wiretapping and tampering of communication performed by the server. 
	Jiang et al. (US PGPUB. # US 2012/0278492) discloses, a network device connects between a client and a server. The network device is configured to store information regarding a capability of the server; receive a first message, from the client, intended for the server; obtain the stored information regarding the capability of the server; generate a second message that includes the information regarding the capability of the server; send the second message to the client; receive a third message from the client; and establish, based on the third message, a connection between the client and the server. 
	Katoh et al. (US PGPUB. # US 2007/0050850) discloses, identifying an abnormal level according to abnormal level reference data stored in advance in an abnormal level reference data storage, from context relating to abnormalities, which has been collected in advance and stored in a context storage; and converting the identified abnormal level to an authentication strength level according to a predetermined authentication strength level setting rule, and causing an authentication server to carry out an authentication processing according to the authentication strength level. By carrying out such a processing, it becomes possible to cause the authentication server to carry out an authentication having an authentication strength level corresponding to an abnormal state. 
	Omar Hassan (US PGPUB. # US 2014/0123222) discloses, enabling controlled access to a limited set of remote services associated with a device is described. A controlled access platform determines one or more network access descriptors to associate with a calling application of a device configured to access a remote service via a communication network. The controlled access platform initiates a limiting of the calling application to one or more allowed network interaction types with a remote service or a network access component associated with the device based on a profile for defining one or more allowed network interaction types between the calling application and the remote service.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498