DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office correspondence is in response to the application number 17/510142 filed on October 25, 2021.
Preliminary Amendment
A preliminary amendment was filed and accepted on March 18, 2022.
Claims 1 – 28 are pending.
Priority
This application is a continuation of application 16/047755 (now U.S. Patent 11,190,614) which has a filing date of July 27, 2018.  As the applications were co-pending when the instant application was filed, the instant application is entitle to the priority date of 7/27/2018.
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 1/25/2022 and 2/1/2022 were filed after the mailing date of the application on 10/25/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 – 28 are rejected on the ground of non-provisional non-statutory anticipatory-type double patenting as being unpatentable over claims 1 – 27 of U.S. Patent 11,119,014.  Although the conflicting claims are not identical, they are not patently distinct from each other because both sets of claims are directed to the same invention.  This is a non- provisional non-statutory anticipatory-type double patenting rejection since the claims directed to the same invention have been patented.
In regard to claim 1:
Application 17/510142
U.S. Patent 11,190,614
1. A method for handling request-response command protocols using a unidirectional communication connection between a first gateway of a first computing environment and a second gateway of a second computing environment, the method comprising:
1. A method for handling request-response command protocols using a unidirectional communication connection configured to carry the command protocols from a cloud gateway of a cloud-services computing environment to a client gateway of a client computing environment, the method comprising:
at the first computing environment: establishing, in response to receiving one or more connection requests initiated by the second gateway, the unidirectional communication connection and a bidirectional communication connection between the first gateway and the second gateway that does not permit response messages to be returned from the first gateway to the second gateway;
at the cloud-services computing environment: establishing, in response to receiving one or more connection requests initiated by the client gateway, the unidirectional communication connection and a bidirectional communication connection between the cloud gateway and the client gateway, wherein the unidirectional communication connection carries all request messages initiated by the cloud gateway but does not permit response messages to be returned from the client gateway to the cloud gateway;
generating, by a first component of the first computing environment, a command request message directed to a second component of the second computing environment;
generating, by a service component of the cloud-services computing environment, a command request message directed to a client component of the client computing environment;
in accordance with determining that the unidirectional communication connection is open, pushing, from the first component to the second gateway, the command request message via the unidirectional communication connection, wherein a token indicating routing information to the first component 1s embedded in the pushed command request message and wherein the second gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection;
in accordance with determining that the unidirectional communication connection is open, pushing, from the service component to the client gateway, the command request message via the unidirectional communication connection, wherein a token indicating routing information to the service component is embedded in the pushed command request message, and wherein the client gateway does not accept request messages that are initiated by the cloud-services computing environment and received via the bidirectional communication connection;
receiving, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and
receiving, at the cloud gateway via the bidirectional communication connection, a command response message from the client gateway, wherein the command response message includes the token and data associated with executing the command request message at the client computing environment, wherein the data is log data or application data generated by the client computing environment; and
sending, based on the token, the command response message to the first component.
sending, based on the routing information of the token, the command response message to the service component.

It is clear that all of the elements of the instant application 17/510142 (herein ‘142) claim 1 are to be found in U.S. Patent 11,190,614 (herein ‘614) claim 1 (as the instant application ‘142 claim 1 fully encompasses  Patent ‘614 claim 1).  The difference between ‘142 claim 1 and ‘614 claim 1 lies in the fact that the ‘614 claim includes many more elements and is thus much more specific.  Thus the invention of claim 1 of the ‘614 patent is in effect a “species” of the “generic” invention of ‘142 claim 1.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘142 claim 1 is anticipated by claim 1 of ‘614, it is not patently distinct from ‘614 claim 1.
In regard to claim 2, see claim 8 of ‘614.
In regard to claim 3, see claim 8 of ‘614.
In regard to claim 4, see claim 7 of ‘614.
In regard to claim 5, see claim 2 of ‘614.
In regard to claim 6, see claim 3 of ‘614.
In regard to claim 7, see claim 4 of ‘614.
In regard to claim 8, see claim 5 of ‘614.
In regard to claim 9, see claim 6 of ‘614.
In regard to claim 10, see claim 9 of ‘614.
In regard to claim 11, see claim 10 of ‘614.
In regard to claim 12, see claim 11 of ‘614.
In regard to claim 13, see claim 12 of ‘614.
In regard to claim 14, see claim 13 of ‘614.
In regard to claim 15:
Application 17/510142
U.S. Patent 11,190.614
15. A non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors of a first computing environment, the first computing environment having a first gateway and a service component, wherein the one or more programs include instructions for:
14. A non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors of a cloud-services computing environment, the cloud-service computing environment having a cloud gateway and a service component, wherein the one or more programs include instructions for:
establishing, in response to receiving one or more connection requests initiated by the client gateway, the unidirectional communication connection and a bidirectional communication connection between the first gateway and a second gateway of a second computing environment, wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway;
establishing, in response to receiving one or more connection requests initiated by the client gateway, a unidirectional communication connection and a bidirectional communication connection between the cloud gateway and a client gateway of a client computing environment, the unidirectional communication connection being configured to carry command protocols from the cloud gateway to the client gateway, wherein the unidirectional communication connection carries all request messages initiated by the cloud gateway but does not permit response messages to be returned from the client gateway to the cloud gateway;
generating, by a service component of the first computing environment, a command request message directed to a second component of the second computing environment;
generating, by a service component of the cloud-services computing environment, a command request message directed to a client component of the client computing environment;
in accordance with determining that the unidirectional communication connection is open, pushing, from the service component to the second gateway, the command request message via the unidirectional communication connection, wherein a token indicating routing information to the service component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection;
in accordance with determining that the unidirectional communication connection is open, pushing, from the service component to the client gateway, the command request message via the unidirectional communication connection, wherein a token indicating routing information to the service component is embedded in the command request message, and wherein the client gateway does not accept request messages that are initiated by the cloud-services computing environment and received via the bidirectional communication connection;
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and
processing, at the cloud gateway via the bidirectional communication connection, a command response message from the client gateway, wherein the command response message includes the token and data associated with executing the command request message at the client computing environment, wherein the data is log data or application data generated by the client computing environment; and
sending, based on the token, the command response message to the service component.
sending, based on the routing information of the token, the command response message to the service component.

 It is clear that all of the elements of the instant application 17/510142 (herein ‘142) claim 15 are to be found in U.S. Patent 11,190,614 (herein ‘614) claim 14 (as the instant application ‘142 claim 15 fully encompasses  Patent ‘614 claim 14).  The difference between ‘142 claim 15 and ‘614 claim 14 lies in the fact that the ‘614 claim includes many more elements and is thus much more specific.  Thus the invention of claim 14 of the ‘614 patent is in effect a “species” of the “generic” invention of ‘142 claim 15.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘142 claim 15 is anticipated by claim 14 of ‘614, it is not patently distinct from ‘614 claim 14.
In regard to claim 16, see claim 15 of ‘614.
In regard to claim 17, see claim 16 of ‘614.
In regard to claim 18, see claim 17 of ‘614.
In regard to claim 19, see claim 18 of ‘614.
In regard to claim 20, see claim 19 of ‘614.
In regard to claim 21, see claim 20 of ‘614.
In regard to claim 22:
Application 17/510142
U.S. Patent 11,190,614
22. A first computing environment implementing a first gateway and a first component, the first computing environment comprising:
21. A cloud-services computing system implementing a cloud gateway and a service component, the system comprising:
one or more processors; and
memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:
one or more processors; and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:
establishing, in response to receiving one or more connection requests initiated by a second gateway of a second computing environment, a unidirectional communication connection and a bidirectional communication connection between the first gateway and the second gateway, the unidirectional communication connection being configured to carry command protocols from the first gateway to the second gateway, wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway;
establishing, in response to receiving one or more connection requests initiated by the client gateway, a unidirectional communication connection and a bidirectional communication connection between the cloud gateway and the client gateway, the unidirectional communication connection being configured to carry command protocols from the cloud gateway to the client gateway, wherein the unidirectional communication connection carries all request messages initiated by the cloud gateway but does not permit response messages to be returned from the client gateway to the cloud gateway:
generating, by the first component of the first computing environment, a command request message directed to a second component of the second computing environment;
generating, by a service component of the cloud-services computing environment, a command request message directed to a client component of the client computing environment;
in accordance with determining that the unidirectional communication connection is open, pushing, from the first component to the second gateway, the command request message via the unidirectional communication connection, 
wherein a token indicating routing information to the first component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection;
in accordance with determining that the unidirectional communication connection is open, pushing, from the service component to the client gateway, the command request message via the unidirectional communication connection, wherein a token indicating routing information to the service component is embedded in the command request message, and wherein the client gateway does not accept request messages that are initiated by the cloud-services computing environment and received via the bidirectional communication connection;
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and
processing, at the cloud gateway via the bidirectional communication connection, a command response message from the client gateway, wherein the command response message includes the token and data associated with executing the command request message at the client computing environment, wherein the data is log data or application data generated by the client computing environment; and
sending, based on the token, the command response message to the first component.
sending, based on the routing information of the token, the command response message to the service component.

It is clear that all of the elements of the instant application 17/510142 (herein ‘142) claim 22 are to be found in U.S. Patent 11,190,614 (herein ‘614) claim 21 (as the instant application ‘142 claim 22 fully encompasses  Patent ‘614 claim 21).  The difference between ‘142 claim 22 and ‘614 claim 21 lies in the fact that the ‘614 claim includes many more elements and is thus much more specific.  Thus the invention of claim 21 of the ‘614 patent is in effect a “species” of the “generic” invention of ‘142 claim 22.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘142 claim 22 is anticipated by claim 21 of ‘614, it is not patently distinct from ‘614 claim 21.
In regard to claim 23, see claim 22 of ‘614.
In regard to claim 24, see claim 23 of ‘614.
In regard to claim 25, see claim 24 of  ‘614.
In regard to claim 26, see claim 27 of ‘614.
In regard to claim 27, see claim 25 of ‘614.
In regard to claim 28, see claim 26 of ‘614.
Claim Analysis - 35 USC § 101 (Judicial Exception)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1– 20 are directed to statutory subject matter and no 35 USC 101 rejection is applied for the judicial exception.  The claims are directed to non-abstract improvements in computer related technology.  A claim is non-statutory when it is directed to a judicial exception (e.g. either one of mathematical concepts, mental processes, or certain methods of organizing human activity) without significantly more.  The claimed invention is not directed to a judicial exception.  Instead, the claimed invention is directed to a technological improvement for communications between a first computing environment and a second computing environment.  The claimed invention utilizes respective gateways in the first computing environment and the second computing environment.   In particular, the gateways enable secure communication connections to be established between the first computing environment and the second computing environment. The gateways also manage the reliable distribution of messages across the communication connections via the established communication connections. The ordered combination of the limitations recite that in response to receiving one or more connection requests initiated by a gateway of the second computing environment, a unidirectional communication connection and a bidirectional communication connection are established between the first gateway and the second gateway.   Therein, the unidirectional communication connection permits messages initiated at the first computing environment to be pushed from the first gateway to the second  gateway, but does not permit response messages to be returned from the second gateway to the first  gateway. Additionally, the bidirectional communication connection permits messages initiated at the first computing environment to be pushed from the second gateway to the first gateway and further permits responses to those messages to be returned from the first gateway to the second  gateway. However, the bidirectional communication connection does not permit messages initiated at the first  computing environment to be pushed from the first gateway to the second gateway. A command request message directed to a client component of the second computing environment is generated by a service component of the first  computing environment. In accordance with determining that the unidirectional communication connection is open, the command request message is pushed from the service component to the second gateway via the unidirectional communication connection. A token indicating routing information to the service component is embedded in the command request message. A command response message is received at the first  gateway from the second  gateway via the bidirectional communication connection. The command response message includes the token and data associated with executing the command request message at the second computing environment. The token in the command response message is, for example, the same token embedded in the command request message. The token provides routing information, which enables the command response message to be reliably routed back to the service component. Based on the token, the command response message is sent to the service component. The command response message completes the request-response protocol at the service component.  The ordered combination of the elements and limitations bound the claimed invention to a specific and useful improvement for enabling command request messages associated with executing the delivered command request messages to be returned to the appropriate service components in a similarly fast, reliable, and secure manner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims  1 – 10, 15 – 19, and 22 - 26 are rejected under 35 U.S.C. 103 as being unpatentable over Thummalapalli et al. (U.S. 2019/0306242 A1; herein referred to as Thummalapalli) in view of Kitchen et al. (U.S. 2017/0063968 A1; herein referred to as Kitchen) in further view of Joy et al. (U.S. 2013/0061046 A1; herein referred to as Joy) in further view of Thazhathethil (U.S. 2017/0111452 A1; herein referred to as Thazhatethil) .
In regard to claim 1, Thummalapalli teaches a method (see abstract “. . . Techniques for management of Internet of Things (IOT) devices are disclosed . . .”) for handling request-response command protocols(see¶ [0108] “. . . cloud service provider network 110 is illustrated as a remote network (e.g., a cloud network) that is able to communicate with client devices 104A-E via customer network 102 and network 108. The cloud service provider network 110 acts as a platform that provides additional computing resources to the client devices 104A-E and/or customer network 102 . . .”)  using a unidirectional communication connection (e.g. broadcast) between a first gateway of a first computing environment  (e.g. cloud service provider IOT Gateway)and a second gateway of a second computing environment(e.g. associated customer instance), the method comprising: at the first computing environment (see ¶  ¶ [0029 - 0033] “ . . . Connect the IOT device to a cloud service provider IOT proxy (from where it may be approved).  Hardware manufacturers may add the cloud service provider SDK, and implement "IOT Actions" as a part of the firmware/software for the IOT device.  IOT devices may utilize functionality of the SDK to connect to a cloud service provider IOT Gateway when they are installed and initially booted up and await approval.  Once approved (automatic/manual), the IOT devices may be "provisioned" into the system (e.g., integrated into enterprise level applications as a new "configuration item" (CI), and may be monitored/controlled remotely.  Broadcast a list of IOT actions to an associated customer instance provided by the cloud service provider for a customer determined to be associated with the IOT device . . .”): establishing, in response to receiving one or more connection requests initiated by the second gateway(see ¶ [0008] “ . . .an apparatus configured as an internet of things (IOT) endpoint device . .  execute the instructions to cause the apparatus to: establish an automatic connection to a cloud-based management server customer instance, the automatic connection established using the network interface and a first connection to a private network, a second connection from the private network to a public network, and a third connection from the public network to the cloud-based management server customer instance; transmit information regarding control and command capability of the IOT endpoint device using a communication mechanism facilitated by the SDK to the cloud-based management server customer instance, the transmitted information comprising a set of actions applicable to the IOT endpoint device . . . “), the unidirectional communication connection (see ¶ [0028] “ . . .Broadcast a list of IOT actions to an associated customer instance provided by the cloud service provider for a customer determined to be associated with the IOT device . . .”); 
generating, by a first component of the first computing environment  (see ¶ [0028] “ . . .Broadcast a list of IOT actions to an associated customer instance provided by the cloud service provider for a customer determined to be associated with the IOT device . . .”), a command request message directed to a second component of the second computing environment (see ¶ [0008] “ . . . receive a command request initiated by the cloud-based management server customer instance to initiate at least one of the set of actions . . .”); 
in accordance with determining that the unidirectional communication connection is open (e.g. successful connection) (see Fig. 3, ¶ [0117] “ . . . Block 335 indicates that a connection may be established with the service provider. Of course, it may take more than one attempt to make a successful connection and the SDK may be coded with proper retry logic to facilitate a successful connection. Block 340 indicates that after a successful connection . . .”), pushing, from the first component to the second gateway, the command request message via the unidirectional communication connection see Fig. 3, ¶ [0117] “ . . . where a new CI may be established for the IOT device and its incorporation into customer instance applications as provided by a cloud service provider. Again, a check may be made for an SDK update (block 360). Block 365 indicates that the service provider system may connect to the IOT device (presumably having the most current SDK) and perform standard operation with the IOT device properly represented as a CI within the CMDB of an enterprise. . . “),
Thummalapalli fails to explicitly teach and a bidirectional communication connection between the first gateway and the second gateway that does not permit response messages to be returned from the first gateway to the second gateway; wherein a token indicating routing information to the first component 1s embedded in the pushed command request message and wherein the second gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
receiving, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and 
sending, based on the token, the command response message to the first component.
However Kitchen teaches and a bidirectional communication connection (e.g. always on TCP/IP connection)  between the first gateway (see Fig. 1, LWGW instance) and the second gateway (see Fig. 1 , cloud hub, ¶ [0082]: “. . . The Cloud Hub of an embodiment is a broadband-connected device, and it attempts to maintain an always-on TCP/IP connection with the server. Therefore, there is no need for a shoulder-tap mechanism, as is provided via SMS on typical tier-1 systems. No "wake-up" message is used as the Cloud Hub is effectively always awake. With conventional Tier-1 systems, the server tears down the TCP connection after several minutes of inactivity; for Cloud Hub, the TCP connection should stay up for as long as possible, with periodic server-originated SMA heartbeat messages (SMA Request Type 0), so that the CPE can supervise the connection as being truly active . . .”) 
receiving, at the first gateway via the bidirectional communication connection, a command response message from the second gateway (¶ [0084]: “ . . .The LGW includes use of message tunneling over REST. The Cloud Hub, UDP and TCP messages coming from the CPE and received by the session server are sent to the correct LWG via two REST endpoints . . . “),
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method that uses a cloud hub at a client premise which acts as a gateway to communicate with a virtual gateway located in a cloud server environment and coupled to the cloud hub so that devices at the premise can receive and transmit command request and responses to applications running in the cloud  server environment, as taught by Kitchen, into a method and system to manage IoT devices through a cloud service computer system, where upon a request from an IoT device to provision services from the cloud, the cloud service provider, through an IoT gateway, initiates a broadcast (e.g. unidirectional connection) to transmit one or more IoT actions to an associated instance of an IoT device, as taught by Thummalapalli.  Such incorporation enables a system utilizing both unidirectional and bidirectional connectivity to efficiently manage services between a client system (e.g. IoT devices) and a cloud distributor of services.
The combination of Thummalapalli and Kitchen fails to explicitly teach that does not permit response messages to be returned from the first gateway to the second gateway; wherein a token indicating routing information to the first component is embedded in the pushed command request message and wherein the second gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection;
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and 
sending, based on the token, the command response message to the first component.
However Joy teaches wherein a token indicating routing information to the first component is embedded in the pushed command request message(see Fig. 1, ¶ [0029] “. . . Stateless Tokens" provides details regarding tokens that can be employed in some embodiments to carry routing data used for routing notifications to appropriate endpoints using the channels . . .”; see ¶ [0040] “. . . In operation, tokens 130 can be used to pass channel metadata 132 that is encrypted and digitally signed through the notification service 124. The tokens 130 can be considered stateless since the channel metadata 132 used to generate the tokens 130 can be "in process" data that is obtained by the notification service 124 from clients 102 as needed and may not actually be stored persistently by the service provider 114. . .”);
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment(see ¶ [0041] “. . . Tokens 130 can be configured in various ways. Generally, the token 130 includes routing data configured in a specific format that is interpretable by the notification service 124 and can be used to route notifications that use the tokens to corresponding endpoints. By way of example, a token 130 can be configured as BLOB (binary large object) that is packaged with select channel metadata 132 as a payload. A variety of other token configurations are also contemplated. A token 130 for example can be configured to include a URI or other suitable channel handle. Tokens 130 can also be configured to include security information such as versioning data, authentication data, expiration times, and/or other security information used to control and verify the validity of tokens. The security information enables the use of different secret keys and/or different formats for different token versions. Further, the token can be encrypted and/or digitally signed to prevent tampering. In some embodiments, the notification service 124 alone is able to decrypt and interpret the token 130 and route notifications accordingly to an endpoint specified by channel metadata 132 (e.g., the channel handle or other routing data) contained in the token . . .”); and 
sending, based on the token, the command response message to the first component(see ¶ [0042] “. . . channel metadata 132 encrypted within the token 130 can include routing data directly. The routing data enables the notification service 124 to statelessly process and route messages to endpoints using the self -contained information that is passed in a token 130. Routing data can include by way of example, version data, a channel handle, identifiers for a corresponding application 108, client 102, and/or machine, a digital certificate, a public key used for encryption, and so forth. Because the notification service 124 issues the tokens, the notification service 124 is able to interpret messages sent using the tokens, decrypt tokens 130 to obtain channel metadata 132 (e.g., using a private key), verify routing data contained in the token, and route notifications to appropriate channels . . .”).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for applying a notification service that uses a token embedded in a message to convey routing data for client – server delivery of services as taught by Joy, into a method and system to manage IoT devices through a cloud service computer system, where upon a request from an IoT client device to provision services from the cloud, the cloud service provider, through an IoT client gateway, initiates a broadcast (e.g. unidirectional connection) to transmit one or more IoT actions to an associated instance of an IoT client device and a bidirectional connection between the gateway at the client and a virtual gateway located in a cloud server environment and coupled to a cloud hub so that client devices at the premise can receive and transmit command request and responses to applications running in the cloud  server environment, as taught by the combination of Thummalapalli and Kitchen.    Such incorporation provides a means to access multi devices and resources within the system because the token indicates which resource is being accessed.
The combination of Thummalapalli, Kitchen, and Joy fails to expclitly teach that does not permit response messages to be returned from the first gateway to the second gateway; and wherein the second gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; wherein the data is log data or application data generated by the second computing environment;  However Thazhatethil teaches that does not permit response messages to be returned from the first gateway(see Fig, 1 communication server 18 (referred also as CommGrid server)  to the second gateway (CommGrid client (referred as client serv 16) (see  ¶ [0038] “ . . . Some of the notable features in the drive system described herein are that inbound connection to the drive or NETA are not allowed . . .”); and wherein the second gateway (CommGrid client 16) does not accept request messages that are initiated by the first computing environment (CommGrid server 18) and received via the bidirectional communication connection (see  ¶ [0038] “ . . . Only outbound communication is allowed. The client only communicates to the CommGrid Server via port 443 (443—SSL Enabled secure, proxy friendly port). This allows for secure device detection or device discovery. Use of WSMOAP Protocol is advantageous as it creates less traffic over communication network . . .”); wherein the data is log data or application data generated by the second computing environment (see   ¶ [0033] “ . . . A Datalogger provided herein is a log buffer for signals which are generated in drive itself. This datalogger downloads the request processed from RSP via CommGrid server to the client server. The request processing action in the client also writes a ‘trigger’ command to the node to trigger the datalogger. Then the datalogger receiver in the client shall be willed after few seconds. When the buffer is filled and notified, the client copies the data to a physical file and sends to the CommGrid server. CommGrid server updates the file or file content against the node in communication database. RSP shall be notified and updated, about the data received in the node . . .”);
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for establishing bidirectional remote communication between a Remote Service Portal and a plurality of drives, the communication comprising  a network adaptor for installing a client server connected to the drives and configured for bi-directional secure data exchange and handling the drive related action and data for each drive, a CommGrid server configured as a communication server configured to communicate with the client server and the RSP, and a web socket based communication protocol for the bidirectional remote communication between the RSP, the client server and the CommGrid server that uses request and response packets for handling request actions and response actions respectively, as taught by Thazhatethil, into a system and method, to manage IoT devices through a cloud service computer system, where upon a request from an IoT client device to provision services from the cloud, the cloud service provider, through an IoT client gateway, initiates a broadcast (e.g. unidirectional connection) to transmit one or more IoT actions to an associated instance of an IoT client device and a bidirectional connection between the gateway at the client and a virtual gateway located in a cloud server environment and coupled to a cloud hub so that client devices at the premise can receive and transmit command request and responses to applications running in the cloud  server environment, wherein the services and applications uses a token embedded in a message to convey routing data for client – server delivery of services as taught by the combination of Thummalapalli , Kitchen, and Joy.  Such incorporation provides additional safeguards to limit command traffic on the production data bidirectional connection.
In regard to claim 2, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches  wherein the first computing environment is a public computing environment and the second computing environment is a private computing environment (see Thummalapalli   ¶ [0008] “ . . . The one or more processing units execute the instructions to cause the apparatus to: establish an automatic connection to a cloud-based management server customer instance, the automatic connection established using the network interface and a first connection to a private network, a second connection from the private network to a public network, and a third connection from the public network to the cloud-based management server customer instance; transmit information regarding control and command capability of the IOT endpoint device using a communication mechanism facilitated by the SDK to the cloud-based management server customer instance, the transmitted information comprising a set of actions applicable to the IOT endpoint device . . .”).
In regard to claim 3, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the one or more connection requests are received via a public address of the first gateway  (see {Kitchen - ¶ [0547]: “. . . The cloud hub is configured to communicate with the registry gateway and receive a network address of the credential gateway . . . “;see {Kitchen - ¶ [0698]:” . . . computer networks suitable for use with the embodiments described herein include local area networks (LAN), wide area networks (WAN), Internet, or other connection services and network variations such as the world wide web, the public internet, a private internet, a private computer network, a public network, a mobile network, a cellular network, a value-added network, and the like . . .”).
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen discloses support of a public gateway address which enables access to services without special authentication.
In regard to claim 4, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the bidirectional communication connection is a persistent communication connection that is part of a data ingestion pipeline (see {Kitchen - ¶ [0082]: “. . . The Cloud Hub of an embodiment is a broadband-connected device, and it attempts to maintain an always-on TCP/IP connection with the server. Therefore, there is no need for a shoulder-tap mechanism, as is provided via SMS on typical tier-1 systems. No "wake-up" message is used as the Cloud Hub is effectively always awake. With conventional Tier-1 systems, the server tears down the TCP connection after several minutes of inactivity; for Cloud Hub, the TCP connection should stay up for as long as possible, with periodic server-originated SMA heartbeat messages (SMA Request Type 0), so that the CPE can supervise the connection as being truly active . . .”) configured to transfer streams of collected data from the second computing environment to the first computing environment(see {Kitchen - ¶ [0389]: “ . . . The video routing engine 322 is responsible for delivering seamless video streams to the user with zero-configuration. Through a multi-step, staged approach the video routing engine uses a combination of UPnP port-forwarding, relay server routing and STUN/TURN peer-to-peer routing . . .”).
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen further defines the bidirectional connection to be persistent and configured to deliver data streams which supports application streaming.
In regard to claim 5, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the first gateway (e.g. see Fig. 6 cloud based customer instance 651) comprises a plurality of gateway nodes (e.g. multiple customer instances see Thummalapalli ¶ [0125] “. . . Referring now to FIG. 6, a block diagram of an enterprise infrastructure 600 is illustrated, according to one or more disclosed embodiments. Enterprise infrastructure 600 includes a cloud-based customer instance 651 hosted by a cloud service provider 650. Cloud service provider 650 typically hosts multiple customer instances, but only a single customer instance 651 is shown  . . . “), wherein the unidirectional communication connection is established between the second gateway and a first gateway node of the plurality of gateway nodes (see  Thummalapalli ¶ [0125] “. . . Customer instance 651 is shown to be in communication with multiple physical IOT devices 615 and 620, along with supporting virtual IOT devices 616, 621, and 626 that may operate in different modes. . . “), and wherein the method further comprises: upon establishing the unidirectional communication connection(see Thummalapalli ¶ [0008], ¶ ¶ [0089 - 0033] as described for the rejection of claim 1 and incorporated herein), storing, at a resources manager (e.g.  Integration Hub)  of the first computing environment (see  Thummalapalli ¶ [0125] “ . . . Cloud service provide 650 may also provide a set of cloud based applications 660 that include cloud processing, data storage, support applications (e.g., service level management or help desk), and applications like a task flow scheduler referred to here as Integration Hub . . . “), connection information associated with the established unidirectional communication connection (e.g. mapping of CPE-unique IDs to site IDs), the connection information including identification information of the second gateway (e.g. CPE-unique ID) and second routing information to the first gateway node (e.g. associated LWG instance) (see {Kitchen - ¶ [0083]: “ . . . In a conventional current pre-CloudHub configuration, the session server uses the Gateway Registry, which is a one to one mapping of CPE-unique IDs to site IDs for this purpose. With the addition of the Cloud Hub, a second CPE-unique ID is introduced that is mapped to the same site ID (LWG instance) as the primary SMA client's CPE-unique ID. This is accomplished by leveraging the Device Registry service, which maintains a mapping of CPE ID and device type to site ID. The session server of an embodiment, upon receipt of a UDP packet, looks up or identifies the received packet's CPE-unique ID in the Gateway Registry and, if a corresponding site ID is found, routes the packet to the associated LWG instance. If a corresponding site ID is not found, the session server looks up the received CPE-unique ID with a general Cloud Hub device type ID and, if a corresponding site ID is found, routes the packet to the associated LWG instance . . . .”)
The motivation to combine Kitchen with Thummalapalli  is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen discloses the storing connection information which is used for maintaining multiple sessions over a connection.
In regard to claim 6, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches further comprising: at the resources manager  (see Fig. 6 (e.g.  Integration Hub):
in response to receiving the command request message from the service component, determining a state of the unidirectional communication connection (e.g. authenticating the device for communication) (see Thummalapalli ¶¶ [0050 -0052]: “ . . . The server side IOT cloud may also have an application layer to facilitate communication and configuration of client side IOT devices, including performance of the following tasks (see, for example, element 517 in FIG. 5):  Authentication/Device Registration -  A cloud service provider IOT device "proxy" may be configured to accept connection requests from all IOT devices and route those connect requests as appropriate . . .”);  
in accordance with determining, at a first time, that the state of the unidirectional communication connection is open  (see Thummalapalli ¶ [0053]” . . . Through a batch/manual process, an infrastructure administrator may approve these devices so that they can each be issued a unique device authentication token., . . .”), sending, based on the connection information, the command request message to the first gateway node, wherein the first gateway node routes the command request message to the second gateway via the unidirectional communication connection  (see Thummalapalli ¶ [0053]” . . . When using the disclosed SDK, certain provisions for Offline handling of an IOT device may be taken into consideration by the enterprise for both the server side (IOT cloud) and at the client side (IOT device). For example, messages from an IOT device to a server and server to an IOT device may be sent via the above mentioned SDK communication layer. . .”).
In regard to claim 7, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches further comprising: in accordance with determining, at the first time, that the state of the unidirectional communication connection is not open (e.g. the device is invalidated) (see Thummalapalli ¶ [0055]” . . . The authentication token may be invalidated to force the device to be re-configured and re-approved into the system. . .”): 
storing the command request message at the resources manager (e.g. integration hub) (see  Thummalapalli ¶ [0125] “ . . . Cloud service provide 650 may also provide a set of cloud based applications 660 that include cloud processing, data storage, support applications (e.g., service level management or help desk), and applications like a task flow scheduler referred to here as Integration Hub . . . “. . .”); and upon detecting, at a second time after the first time, a change in the state of the unidirectional communication connection from not open to open (e.g. from offline to online), 
sending, based on the connection information (e.g. from the device side file system), the stored command request message to the first gateway node (see Thummalapalli ¶ [0093] “ . . . When an IOT device is offline, a communication layer of the SDK may attempt to reconnect back to a pre-configured WiFi Router and may continue to try alternate paths in an attempt to synchronize data across to the server side. Messages sent from the IOT device to the server may be written in an IOT device side file system so that they are not lost when the IOT device is momentarily offline. The IOT device may then "transparently" sync back to the server once the IOT device has re-established a communication connection (e.g., back online).  . .”), 
wherein the first gateway node routes the stored command request message to the second gateway via the unidirectional communication connection  (see Thummalapalli ¶ [0093] “. . . Actions triggered by the server side for each IOT device may be stored in an IOT message table and these messages may be pulled down (or resent after the IOT device is back online) by the IOT device and actioned as necessary on the IOT device once provided by the IOT device communication layer. These actions may then be marked as complete on both the client side and server side through an acknowledgement loop once the action has been addressed at the IOT device . . . “). 
In regard to claim 8, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the resources manager receives the command request message from the service component via a communication connection established between the service component and the resources manager {Kitchen - ¶ [0086]: “ . . . Incoming UDP message to session server #1: session server #1 checks if LWG is running on session server #1 . . .”), and 
wherein the communication connection between the service component and the resources manager remains open at least until the resources manager sends the command response message to the service component (see {Kitchen - ¶  ¶ [0096-0097]: “ . . . The LGW includes use of message tunneling over REST. The Cloud Hub, UDP and TCP messages coming from the CPE and received by the session server are sent to the correct LWG via two REST endpoints. This enables the receiving LWGW instance to run on a session server other than the one at which the message was received . . .  when a UDP SMA message arrives at a session server, if the LWG corresponding to the CPE-unique ID message is not already running on the given session server, then the session server starts a new LWG instance there . . .”).  
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen provides for consistent connections and that stabilizes application sessions for the system..
In regard to claim 9, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the first gateway routes the command response message ({Kitchen - ¶ [0069]:“. . . The Session Server configuration uses a gateway registry service to route incoming UDP packets from the CPE to the proper lightweight gateway instance via a one-to-one mapping of CPE-unique IDs to site IDs. With the addition of the Cloud Hub, a second CPE-unique ID is mapped to the same LWG instance as the primary security, monitoring and automation (SMA) client's CPE-unique ID. This is accomplished by leveraging the Device Registry, which maintains a mapping of CPE ID and device type to site ID. Further, the session server is modified to use this Device Registry to properly route income packets . . .”) to a port of the resources manager ({Kitchen - ¶ [0069]: “. . . securely deliver the SMA communication configuration, including master key, SMA server address, and network ports . . .”) according to the second routing information in the token (see Joy - ¶ [0043] “. . . notification routing can occur "in process" using a channel handle and/or other suitable routing data that is contained within the token 130 itself. Additionally or alternatively, the notification service 124 can "look-up" an appropriate endpoint based on information contained in the token. For example, the notification service 124 can match a channel handle provided in a token to a channel ID and route the message to a corresponding endpoint. Thus, tokens 130 as just described provide one example mechanism by which a notification service 124 can statelessly deliver notifications to applications 108 on behalf of application services 128 . . . “).
The motivation to combine the references is described for the rejection of claim 1  and is incorporated herein.  Additionally, Kitchen provides routing to a server port providing identification for the connection.  Additionally, Joy provides multi-type information embedded in the token to aid in routing and matching the services to the clients.
In regard to claim 10, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil teaches wherein the command request message causes the second gateway to invoke an API call to the second component (see {Kitchen - ¶ ¶ [0355 -0359]}) “. . . The primary published APIs for the iConnect Business Components include, but are not limited to, the following:  A Registry Manager API 252 provides access to the Registry Manager Business Component's functionality, allowing management of networks and users.  A Network Manager API 254 provides access to the Network Manager Business Component's functionality, allowing management of devices on a network.  A Data Manager API 256 provides access to the Data Manager Business Component's functionality, such as setting and retrieving (current and historical) data about device states.  A Provisioning API 258 provides a simple way to create new networks and configure initial default properties . . .”), and wherein the data is obtained from the second component according to the API call. (see {Kitchen - ¶ [0360]: “. . . Each API of an embodiment includes two modes of access: Java API or XML API. The XML APIs are published as web services so that they can be easily accessed by applications or servers over a network. The Java APIs are a programmer-friendly wrapper for the XML APIs. Application components and integrations written in Java should generally use the Java APIs rather than the XML APIs directly . . .”).
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen provides for support of APIs which enables the system to be better accessed by applications software.
In regard to claim 15, Thummalapalli teaches a non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors of a first computing environment t (see ¶ [0113]: “. . FIG. 2 illustrates that memory 210 may be operatively and communicatively coupled to processor 205. Memory 210 may be a non-transitory medium configured to store various types of data. For example, memory 210 may include one or more storage devices 220 that comprise a non-volatile storage device and/or volatile memory. Volatile memory, such as random access memory (RAM), can be any suitable non-permanent storage device . . .”), the first computing environment having a first gateway  (e.g. cloud service provider IOT Gateway) and a service component(e.g. associated customer instance), wherein the one or more programs include instructions for: establishing, in response to receiving one or more connection requests initiated by the client gateway (see ¶ [0008] as described for the rejection of claim 1 and is incorporated herein), the unidirectional communication connection between the first gateway and a second gateway of a second computing environment  (see ¶ [0028] as described for the rejection of claim 1 and is incorporated herein), wherein the unidirectional communication connection carries all request messages (e.g. IoT actions) initiated by the first gateway(see ¶  ¶ [0029 - 0033] as described for the rejection of claim 1 and is incorporated herein) 
generating, by a service component of the first computing environment, a command request message directed to a second component of the second computing environment(see ¶ [0028] as described for the rejection of claim 1 and is incorporated herein);
in accordance with determining that the unidirectional communication connection is open (e.g. successful connection) (see Fig. 3, ¶ [0117] as described for the rejection of claim 1 and is incorporated herein), pushing, from the service component to the second gateway, the command request message via the unidirectional communication connection (see Fig. 3, ¶ [0117] as described for the rejection of claim 1 and is incorporated herein),
Thummalapalli fails to explicitly teach and a bidirectional communication connection between the first gateway and the second gateway, but does not permit response messages to be returned from the second gateway to the first gateway;
 wherein a token indicating routing information to the service component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and
sending, based on the token, the command response message to the service component.
However Kitchen teaches and a bidirectional communication connection  (e.g. always on TCP/IP connection) between the first gateway  (see Fig. 1, LWGW instance) and the second gateway (see Fig. 1 , cloud hub, ¶ [0082] as described for the rejection of claim 1 and is incorporated herein);
 wherein a token indicating routing information to the service component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway(see ¶ [0082] as described for the rejection of claim 1 and is incorporated herein).
The motivation to combine Kitchen with Thummalapalli  is described for the rejection of claim 1 and is incorporated herein.
The combination of Thummalapalli and Kitchen fails to explicitly teach, but does not permit response messages to be returned from the second gateway to the first gateway;
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and
sending, based on the token, the command response message to the service component.
However Joy teaches
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment (see ¶ [0041] as described for the rejection of claim 1 and is incorporated herein and
sending, based on the token, the command response message to the service component(see ¶ [0042] as described for the rejection of claim 1 and is incorporated herein).
The motivation to combine Joy with the combination of Thummalapalli and Kitchen is described for the rejection of claim 1 and is incorporated herein.
The combination of Thummalapalli, Kitchen, and Joy fails to expclitly teach but does not permit response messages to be returned from the second gateway to the first gateway;, wherein the data is log data or application data generated by the second computing environment;  However Thazhatethil teaches but does not permit response messages to be returned from the second gateway (CommGrid client (referred as client serv 16) to the first gateway(see Fig, 1 communication server 18 (referred also as CommGrid server) (see  ¶ [0038] “ . . . Some of the notable features in the drive system described herein are that inbound connection to the drive or NETA are not allowed.   Only outbound communication is allowed. The client only communicates to the CommGrid Server via port 443 (443—SSL Enabled secure, proxy friendly port). This allows for secure device detection or device discovery. Use of WSMOAP Protocol is advantageous as it creates less traffic over communication network . . .”), wherein the data is log data or application data generated by the second computing environment  (see   ¶ [0033] as described for the rejection of claim 1 and is incorporated herein);
The motivation to combine Thazhatethil with the combination of Thummalapalli, Kitchen, and Joy is described for the rejection of claim 1 and is incorporated herein..
In regard to claim 16, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil  teaches wherein the first gateway (e.g. see Fig. 6 cloud based customer instance 651)  comprises a plurality of gateway nodes(e.g. multiple customer instances see Thummalapalli ¶ [0125] as described for the rejection of claim 5 and is incorporated herein), wherein the unidirectional communication connection is established between the second gateway and a first gateway node of the plurality of gateway nodes(see Thummalapalli   - ¶ [0008], ¶ ¶ [0089 - 0033] as described for the rejection of claim 5 and is incorporated herein), and wherein the one or more programs further include instructions for: upon establishing the unidirectional communication connection (see  Thummalapalli   -¶ ¶ [0089 - 0033] as described for the rejection of claim 5 and is incorporated herein), storing, at a resources manager (e.g.  Integration Hub) of the first computing environment (see  Thummalapalli ¶ [0125] as described for the rejection of claim 5 and is incorporated herein), connection information associated with the established unidirectional communication connection (e.g. mapping of CPE-unique IDs to site IDs), the connection information including identification information of the second gateway  (e.g. CPE-unique ID)and second routing information to the first gateway node e.g. associated LWG instance) (see {Kitchen - ¶ [0083] as described for the rejection of claim 5 and is incorporated herein).
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen discloses the storing connection information which is used for maintaining multiple sessions over a connection.
In regard to claim 17, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil  teaches wherein the one or more programs further include instructions for: 
in response to receiving the command request message from the service component, determining a state of the unidirectional communication connection (e.g. authenticating the device for communication) (see Thummalapalli ¶¶ [0050 -0052] as described for the rejection of claim 6 and is incorporated herein); and 
in accordance with determining, at a first time, that the state of the unidirectional communication connection is open (see Thummalapalli ¶ [0053] as described for the rejection of claim 6 and is incorporated herein), sending, based on the connection information, the command request message to the first gateway node, wherein the first gateway node routes the command request message to the second gateway via the unidirectional communication connection  (see Thummalapalli ¶ [0053] as described for the rejection of claim 6 and is incorporated herein).
In regard to claim 18, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil  teaches wherein the one or more programs further include instructions for: 
in accordance with determining, at the first time, that the state of the unidirectional communication connection is not open (e.g. the device is invalidated) (see Thummalapalli ¶ [0055] as described for the rejection of claim 7 and is incorporated herein): 
storing the command request message at the resources manager (e.g. integration hub) (see  Thummalapalli ¶ [0125] as described for the rejection of claim 7 and is incorporated herein); and 
upon detecting, at a second time after the first time, a change in the state of the unidirectional communication connection from not open to open (e.g. from offline to online), sending, based on the connection information (e.g. from the device side file system), the stored command request message to the first gateway node(see Thummalapalli ¶ [0093] as described for the rejection of claim 7 and is incorporated herein), wherein the first gateway node routes the stored command request message to the second gateway via the unidirectional communication connection. (see Thummalapalli ¶ [0093] as described for the rejection of claim 7 and is incorporated herein)
In regard to claim 19. the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil  teaches wherein the first gateway routes the command response message ({Kitchen - ¶ [0069] as described for the rejection of claim 9 and is incorporated herein) to a port of the resources manager {Kitchen - ¶ [0069] as described for the rejection of claim 9 and is incorporated herein according to the second routing information in the token (see Joy - ¶ [0043] as described for the rejection of claim 9 and is incorporated herein).
The motivation to combine the references  is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen provides routing to a server port providing identification for the connection.   Additionally, Joy provides multi-type information embedded in the token to aid in routing and matching the services to the clients.
In regard to claim 22, Thummalapalli teaches a first computing environment  (see ¶ [0012]: “. . . a network infrastructure 100 that includes a cloud computing system and customer network (e.g., private network) where embodiments of the present disclosure may operate . . . “) implementing a first gateway (e.g. cloud service provider IOT Gateway) and a first component (e.g. associated customer instance), the first computing environment comprising: one or more processors (see Dig. 2, ¶ [0012] ” . . . As illustrated in FIG. 2, computing device 200 includes a processing element such as processor 205 that contains one or more hardware processors, where each hardware processor may have a single or multiple processor cores . . .”); and
memory storing one or more programs configured to be executed by the one or more processors(see ¶ [0113]: “. . FIG. 2 illustrates that memory 210 may be operatively and communicatively coupled to processor 205. Memory 210 may be a non-transitory medium configured to store various types of data. For example, memory 210 may include one or more storage devices 220 that comprise a non-volatile storage device and/or volatile memory. Volatile memory, such as random access memory (RAM), can be any suitable non-permanent storage device . . .”), the one or more programs including instructions for: establishing, in response to receiving one or more connection requests initiated by a second gateway of a second computing environment (see ¶ [0008] as described for the rejection of claim 1 and is incorporated herein), a unidirectional communication connection (see ¶ [0028] as described for the rejection of claim 1 and is incorporated herein), the unidirectional communication connection being configured to carry command protocols (e.g. IoT actions)  from the first gateway to the second gateway (see ¶  ¶ [0029 - 0033] as described for the rejection of claim 1 and is incorporated herein), 
generating, by the first component of the first computing environment, a command request message directed to a second component of the second computing environment (see ¶ [0028] as described for the rejection of claim 1 and is incorporated herein); 
in accordance with determining that the unidirectional communication connection is open(e.g. successful connection) (see Fig. 3, ¶ [0117] as described for the rejection of claim 1 and is incorporated herein), pushing, from the first component to the second gateway, the command request message via the unidirectional communication connection (see Fig. 3, ¶ [0117] as described for the rejection of claim 1 and is incorporated herein),
Thummalapalli fails to expclitly teach and a bidirectional communication connection between the first gateway and the second gateway, wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway;
wherein a token indicating routing information to the first component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway, wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and 
sending, based on the token, the command response message to the first component.
However Kitchen teaches and a bidirectional communication connection(e.g. always on TCP/IP connection)  between the first gateway(see Fig. 1, LWGW instance)  and the second gateway (see Fig. 1 , cloud hub, ¶ [0082] as described for the rejection of claim 1 and is incorporated herein); 
processing, at the first gateway via the bidirectional communication connection, a command response message from the second gateway(see ¶ [0082] as described for the rejection of claim 1 and is incorporated herein).
The motivation to combine Kitchen with Thummalapalli  is described for the rejection of claim 1 and is incorporated herein.
The combination of Thummalapalli  and Kitchen fails to explicitly teach wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway;
wherein a token indicating routing information to the first component is embedded in the command request message and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment, wherein the data is log data or application data generated by the second computing environment; and 
sending, based on the token, the command response message to the first component.  However Joy teaches wherein a token indicating routing information to the first component is embedded in the command request message (see Fig. 1, ¶ [0029], ¶ [0040] as described for the rejection of claim 1 and is incorporated herein) 
wherein the command response message includes the token and data associated with executing the command request message at the second computing environment  (see ¶ [0041] as described for the rejection of claim 1 and is incorporated herein),
sending, based on the token, the command response message to the first component(see ¶ [0042] as described for the rejection of claim 1 and is incorporated herein).
The motivation to combine Joy with the combination of Thummalapalli  and Kitchen is described for the rejection of claim 1 and is incorporated herein.
The combination of Thummalapalli, Kitchen, and Joy fails to expclitly teach
wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway; and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection; 
wherein the data is log data or application data generated by the second computing environment;  However Thazhatethil teaches wherein the unidirectional communication connection carries all request messages initiated by the first gateway but does not permit response messages to be returned from the second gateway to the first gateway (see ¶ [0038] as described for the rejection of claim 1 and is incorporated herein); and wherein the client gateway does not accept request messages that are initiated by the first computing environment and received via the bidirectional communication connection (see ¶ [0038] as described for the rejection of claim 1 and is incorporated herein); 
wherein the data is log data or application data generated by the second computing environment (see ¶ [0038] as described for the rejection of claim 1 and is incorporated herein);
The motivation to combine Thazhatethil with the combination of Thummalapalli, Kitchen, and Joy is described for the rejection of claim 1 and is incorporated herein.
In regard to claim 23, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil teaches wherein the first gateway(e.g. see Fig. 6 cloud based customer instance 651) comprises a plurality of gateway nodes (e.g. multiple customer instances see Thummalapalli ¶ [0125] as described for the rejection of claim 5 and is incorporated herein), wherein the unidirectional communication connection is established between the second gateway and a first gateway node of the plurality of gateway nodes(see Thummalapalli   - ¶ [0008], ¶ ¶ [0089 - 0033] as described for the rejection of claim 5 and is incorporated herein), and wherein the one or more programs further include instructions for: upon establishing the unidirectional communication connection (see  Thummalapalli   -¶ ¶ [0089 - 0033] as described for the rejection of claim 5 and is incorporated herein), storing, at a resources manager   (e.g.  Integration Hub)  of the first computing environment (see  Thummalapalli ¶ [0125] as described for the rejection of claim 5 and is incorporated herein), connection information associated with the established unidirectional communication connection (e.g. mapping of CPE-unique IDs to site IDs), the connection information including identification information of the second gateway (e.g. CPE-unique ID) and second routing information to the first gateway node  (e.g. associated LWG instance) (see {Kitchen - ¶ [0083] as described for the rejection of claim 5 and is incorporated herein).
The motivation to combine Kitchen with Thummalapalli is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen discloses the storing connection information which is used for maintaining multiple sessions over a connection.
In regard to claim 24, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil teaches wherein the one or more programs further include instructions for: 
in response to receiving the command request message from the first component, determining a state of the unidirectional communication connection  (e.g. authenticating the device for communication) (see Thummalapalli ¶¶ [0050 -0052] as described for the rejection of claim 6 and is incorporated herein); and 
in accordance with determining, at a first time, that the state of the unidirectional communication connection is open  (see Thummalapalli ¶ [0053] as described for the rejection of claim 6 and is incorporated herein), sending, based on the connection information, the command request message to the first gateway node, wherein the first gateway node routes the command request message to the second gateway via the unidirectional communication connection (see Thummalapalli ¶ [0053] as described for the rejection of claim 6 and is incorporated herein).
In regard to claim 25, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil teaches wherein the one or more programs further include instructions for: 
in accordance with determining, at the first time, that the state of the unidirectional communication connection is not open (e.g. the device is invalidated) (see Thummalapalli ¶ [0055] as described for the rejection of claim 7 and is incorporated herein): 
storing the command request message at the resources manager (e.g. integration hub) (see  Thummalapalli ¶ [0125] as described for the rejection of claim 7 and is incorporated herein); and 
upon detecting, at a second time after the first time, a change in the state of the unidirectional communication connection from not open to open (e.g. from offline to online), sending, based on the connection information (e.g. from the device side file system), the stored command request message to the first gateway node  (see Thummalapalli ¶ [0093] as described for the rejection of claim 7 and is incorporated herein), wherein the first gateway node routes the stored command request message to the second gateway via the unidirectional communication connection (see Thummalapalli ¶ [0093] as described for the rejection of claim 7 and is incorporated herein).
In regard to claim 26, the combination of Thummalapalli, Kitchen, Joy, and Thazhatethil teaches wherein the first gateway routes the command response message({see Kitchen - ¶ [0069] as described for the rejection of claim 9 and is incorporated herein)  to a port of the resources manager  ({Kitchen - ¶ [0069] as described for the rejection of claim 9 and is incorporated herein) according to the second routing information in the token (see Joy - ¶ [0043] as described for the rejection of claim 9 and is incorporated herein).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Kitchen provides routing to a server port providing identification for the connection. Additionally, Joy provides multi-type information embedded in the token to aid in routing and matching the services to the clients.
Claims 11 - 14, 20 – 21, and 27 – 28 xx are rejected under 35 U.S.C. 103 as being unpatentable over Thummalapalli  et al. (U.S. 10, 2019/0306242 A1; herein referred to as Thummalapalli ) in view of Kitchen et al. (U.S. 2017/0063968 A1; herein referred to as Kitchen) in further view of Joy  et al. (U.S. 2013/0061046 A1; herein referred to as Joy) n further view of Thazhathethil (U.S. 2017/0111452 A1; herein referred to as Thazhatethil) as applied to claims  1 – 10, 15 – 19, and 22 - 26 in further view of Mahaffey et al. (U.S. 2015/0188949 A1; herein referred to Mahaffey)
In regard to claim 11, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein prior to establishing the unidirectional communication connection, a resources manager of the first computing environment stores a plurality of pending command request messages generated by one or more additional service components of the first computing environment, and wherein the method further comprises:
upon establishing the unidirectional communication connection, pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection.  However Mahaffey teaches wherein prior to establishing the unidirectional communication connection (see ¶ [0009]: “. . . The managing component identifies a characteristic of the traffic. It accesses a database and retrieves a connection policy associated with the identified characteristic of the traffic  . . .”), a resources manager of the first computing environment(see ¶ [0040], Fig. 1: “ . . . Server 120 is responsible for receiving information requests from client systems 105, 110, and 115, performing processing required to satisfy the requests, and for forwarding the results corresponding to the requests back to the requesting client system. The processing required to satisfy the request may be performed by server system 120 or may alternatively be delegated to other servers connected to communication network 125 . . .”) stores (e.g. intercepts and uploads to server)  a plurality of pending command request messages generated by one or more additional service components of the first computing environment  (see ¶ [0128] “. . . the system provides a safe APK HTTP Proxy. The safe APK Proxy may intercept APKs as they are requested by a device and either a) ping the system server (e.g., Lookout) to see if the APK is known malware OR b) if the system server does not know of the APK, upload it to the server. . .”), and wherein the method further comprises: upon establishing the unidirectional communication connection  (see ¶ [0157], Fig. 6: “ . . . FIG. 6 illustrates an example of a block diagram of a system for automatically providing a secure network connection (SNC) to a computing device, implemented in accordance with some implementations. System 600 may be used to automatically establish a secure and safe network connection via a VPN or other secure network connection technique with a computing device . . .”), pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection  (see ¶ [0182], Fig. 10: “. . . There can be connections by different apps (application programs). There can be connections by two different web applications/destination websites within the same browser (application program), wherein each of the two different web apps could have different policy-driven requirements for security levels. . .”).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for managing the use of gateways on a network includes authenticating a user, determining and managing a path between a user computing device and a destination computing device, the path including at least one of the gateways, and managing user traffic on the path according to a policy associated with the user, as taught by Mahaffey, into a system and method, to manage IoT devices through a cloud service computer system, where upon a request from an IoT client device to provision services from the cloud, the cloud service provider, through an IoT client gateway, initiates a broadcast (e.g. unidirectional connection) to transmit one or more IoT actions to an associated instance of an IoT client device and a bidirectional connection between the gateway at the client and a virtual gateway located in a cloud server environment and coupled to a cloud hub so that client devices at the premise can receive and transmit command request and responses to applications running in the cloud  server environment, wherein the services and applications uses a token embedded in a message to convey routing data for client – server delivery of services, and processing the  request and response packets for handling request actions and response actions to be only initiated from one side, as taught by the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil.  Such incorporation provides additional security for setting up the connections between the client platforms and the cloud computing environment
In regard to claim 12, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach further comprising: determining, based on a priority policy stored on the resources manager, an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order,  However Mahaffey teaches further comprising: determining, based on a priority policy stored on the resources manager  (see ¶ [0008]: “. . . managing user traffic on the path according to a policy associated with the user . . . “;see ¶ [0252]:” . . .connection policies are user-configurable. In this specific implementation, the system allows users to create and edit their own network connection policies that reflect their own preferences and priorities  . . .”), an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order (see ¶ [0182], Fig. 10 as described for the rejection of claim 11 upon which this claim depends, the disclosure incorporated herein).
The motivation to combine the references is described in claim 11 and is incorporated herein.  Additionally, Mahaffey offers a prioritization policy to apply to the command messages which assures most important services are sent to the client.
In regard to claim 13, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein the resources manager forgoes pushing at least one of the plurality of pending command request messages to the second gateway in accordance with the priority policy.  However Mahaffey teaches wherein the resources manager forgoes pushing at least one of the plurality of pending command request messages to the second gateway in accordance with the priority policy (see ¶ [0260]: “. . . The assessment engine is responsible for evaluating or applying a connection policy based on the current context. Network connection policy evaluations can occur before a connection is established, after a connection has been established, or while a connection is established. For example, upon the connection interceptor intercepting a connection attempt, the assessment engine may be called to determine the type of connection that should be established. Determining the type of connection that should be established is based on the collected context data (e.g., location and user activity) . . .”).
The motivation to combine the references is described in claim 11 and is incorporated herein.  Additionally, Mahaffey offers a prioritization policy to apply to the command messages which assures that less important services are held and more important services are sent to the client..
In regard to claim 14, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein the command request message includes third routing information indicating a location of the second component in the client computing environment.  However Mahaffey teaches wherein the command request message includes third routing information indicating a location of the client component in the client computing environment (see ¶ [0430]: “ . . . gateway registry may be provided, which may contain attributes of gateways and support the management of gateway selection by clients and during routing. For example, initial remote terminal gateway selection may be destination-based, locality-based, or fixed. A destination-based selection may include a client-based PoP selection in which a client chooses a PoP locally and directly sends tunneled traffic to that PoP. This sending may be based on information about the location of the destination, which may be determined a number of ways, including: using a local database of IP countries; via a network request serviced by a pipe infrastructure. . .”).
The motivation to combine the references is described in claim 11 and is incorporated herein.  Additionally, Mahaffey provides additional routing information that the system can use for determining the client accessing a service.
In regard to claim 20. the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein prior to establishing the unidirectional communication connection, a resources manager of the first computing environment stores a plurality of pending command request messages generated by one or more additional service components of the first computing environment, and wherein the one or more programs further include instructions for:
upon establishing the unidirectional communication connection, pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection.  However Mahaffey teaches wherein prior to establishing the unidirectional communication connection  (see ¶ [0009] as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), a resources manager of the first computing environment (see ¶ [0040], Fig. 1 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein) stores  (e.g. intercepts and uploads to server)a plurality of pending command request messages generated by one or more additional service components of the first computing environment (see ¶ [0128] as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), and wherein the one or more programs further include instructions for: upon establishing the unidirectional communication connection (see ¶ [0157], Fig. 6 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection(see ¶ [0182], Fig. 10 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein).
The motivation to combine Mahaffey with the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil is described for the rejection of claim 11 and is incorporated herein.
In regard to claim 21, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein the one or more programs further include instructions for: 
determining, based on a priority policy stored on the resources manager, an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order.  However Mahaffey teaches wherein the one or more programs further include instructions for: determining, based on a priority policy stored on the resources manager (see ¶ [0008] ¶ [0252] as described for the rejection of claim 12 along with the motivation to combine the references as incorporated herein), an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order (see ¶ [0182], Fig. 10 as described for the rejection of claim 12 along with the motivation to combine the references as incorporated herein).
The motivation to combine Mahaffey with the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil is described for the rejection of claim 12 and is incorporated herein.
In regard to claim 27, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein prior to establishing the unidirectional communication connection, a resources manager of the first computing environment stores a plurality of pending command request messages generated by one or more additional service components of the first computing environment, and wherein the one or more programs further include instructions for:
upon establishing the unidirectional communication connection, pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection.
However Mahaffey teaches wherein prior to establishing the unidirectional communication connection  (see ¶ [0009] as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), a resources manager of the first computing environment (see ¶ [0040], Fig. 1 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein) stores  (e.g. intercepts and uploads to server)a plurality of pending command request messages generated by one or more additional service components of the first computing environment (see ¶ [0128] as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), and wherein the one or more programs further include instructions for: upon establishing the unidirectional communication connection (see ¶ [0157], Fig. 6 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein), pushing at least two pending command request messages of the plurality of pending command request messages to the second gateway via the unidirectional communication connection(see ¶ [0182], Fig. 10 as described for the rejection of claim 11 along with the motivation to combine the references as incorporated herein).
The motivation to combine Mahaffey with the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil is described for the rejection of claim 11 and is incorporated herein.
In regard to claim 28, the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil  fails to explicitly teach wherein the one or more programs further include instructions for:
determining, based on a priority policy stored on the resources manager, an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order.  However Mahaffey teaches wherein the one or more programs further include instructions for: determining, based on a priority policy stored on the resources manager (see ¶ [0008] ¶ [0252] as described for the rejection of claim 12 along with the motivation to combine the references as incorporated herein), an order to push the at least two pending command request messages, wherein the at least two pending command request messages are pushed to the second gateway according to the determined order (see ¶ [0182], Fig. 10 as described for the rejection of claim 12 along with the motivation to combine the references as incorporated herein).
The motivation to combine Mahaffey with the combination of Thummalapalli , Kitchen, Joy, and Thazhatethil is described for the rejection of claim 12 and is incorporated herein.
Conclusion
There are prior art made of record which are not relied upon but are considered pertinent to applicant’s disclosure.  They are listed on the PTO-892 accompanying this action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES N FIORILLO whose telephone number is (571)272-9909.  The examiner can normally be reached on 7:30 - 5 PM Mon - Fri..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John A. Follansbee can be reached on 571-272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES N FIORILLO/               Examiner, Art Unit 2444