DETAILED ACTION
The final office action is responsive to the amendment filed on 10/04/2022. Claims 1-18 are pending; claims 1-18 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-6 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.

As to claim 1, the claimed controller comprising a first process, a second process, and a protocol demultiplexer. As people with ordinary skill in the art would know that a process is the instance of a computer program that is being executed by one or many threads and protocol demultiplexer is a software service (for example TCP services), the claimed controller is a software per se. Software comprising a series of executable steps does not fall in any statutory categories of invention (i.e., Machine, Manufacture, Composition of Matter, and Process). Thus, claim 1 is non-statutory.
Dependent claims 2-6 depends on claim 1 and do not remedy the deficiency. Claims 2-6 are rejected under same rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-6, 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application to 2016/0197933 A1 to Lapidous et al. (hereinafter Lapidous) in view of Unknown, "TCP UDP Port numbers and Well known ports, Multiplexing and Demultiplexing", 2/2021, omnisecu.com, web.archive.org/web/20210226102639/https://www.omnisecu.com/tcpip/tcp-port-numbers.php (hereinafter UnknownTCP) and Martin Sauter, "SSH Tunnels, TCP Port 443 and Socat", 4/2021, Wirelessmoves, blog.wirelessmoves.com/2021/04/ssh-tunnels-tcp-port-443-and-socat.html (hereinafter Sauter).

As to claim 1, Lapidous teaches a controller (VPN server + protocol conversion proxy, Lapidous, Abstract, Fig. 1) comprising:
a first process operating on the controller (A protocol conversion proxy 116 receives this request, converting it to a communication protocol of a second type and forwarding it the provider computer 102 through the encrypted reverse connection provided by the VPN server 104, Lapidous, [0094]-[0095]), the controller be deployed as a software component maintained within a non-transitory storage medium (computer-readable media, Lapidous, [0088]-[0090], Fig. 11);
a second process operating on the controller (the VPN server 104 may additionally or alternatively include a proxy or an application-level tunnel server (such as a SSH server), capable of providing reverse connection through an encrypted channel, Lapidous, [0101], [0037]);
Lapidous does not explicitly disclose a protocol demultiplexer configured to receive an incoming message over a first virtual port and conducts an analysis of information within the incoming message to determine a communication protocol associated with the incoming message, the protocol demultiplexer routing contents of the incoming message to the first process in response to the communication protocol being a first communication protocol type and routing contents of the incoming message to the second process in response to the communication protocol being a second communication protocol type.
UnknownTCP discloses a first process operating on a controller (note “a web browser to view news online” from UnknownTCP , the fourth paragraph and “port 80 for HTTP and port 443 for HTTPS” from UnknownTCP, the list  of Port Number/Description, thus web service is disclosed) and a protocol demultiplexer (TCP/IP protocol suite, UnknownTCP, the sixth paragraph) configured to receive an incoming message over a first virtual port and conducts an analysis of information within the incoming message to determine a communication protocol associated with the incoming message (“The data from different applications operating on a network device are multiplexed at the sending device using port numbers and demultiplexed at the receiving device, again using port numbers” from UnknownTCP, the second paragraph and “Each network application will bind itself to an available port number, so that TCP/IP protocol suite can identify the network application based on port numbers. So we can view port numbers as an application level address for network communication” from UnknownTCP, the sixth paragraph), the protocol demultiplexer routing contents of the incoming message to the first process in response to the communication protocol being a first communication protocol type and routing contents of the incoming message to the second process in response to the communication protocol being a second communication protocol type (“Each network application will bind itself to an available port number, so that TCP/IP protocol suite can identify the network application based on port numbers. So we can view port numbers as an application level address for network communication”, UnknownTCP, the sixth paragraph).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use TCP/IP protocol service and web service as taught by UnknownTCP to modify the controller of Lapidous in order to comply with the rules and standard procedures for the way information is communicated over the internet.
Furthermore, Lapidous-UnknownTCP does not explicitly disclose wherein the controller operates as a server during establishment of a secure communication path with a cloud connection appliance and subsequently operates as a client in response to a reverse tunnel being established with the cloud connection appliance as part of the secure communication path.
Sauter discloses a controller operates as a server during establishment of a secure communication path with a cloud connection appliance (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: “the server at home” sends a request, setting up a reverse tunnel between (home server) port 443 and (remote proxy server) port 4444, to remote proxy server and client initiates request and server response in client-server model, thus the claimed limitation is disclosed) and subsequently operates as a client in response to a reverse tunnel being established with the cloud connection appliance as part of the secure communication path (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: the command, “ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443” means that the local service(s) at port 80 or 443 on the server at home will be accessible on the remote proxy server at port 8888 or port 4444 respectively and client initiates request and server response in client-server model, thus the claimed limitation is disclosed).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the controller of Lapidous-UnknownTCP in order to provide hosted services to public without interruption.

As to claim 2, Lapidous-UnknownTCP-Sauter discloses the controller of claim 1, wherein the first virtual port corresponds to a Transmission Control Protocol 443 (port 443 for HTTPS, UnknownTCP, the list  of Port Number/Description). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use TCP/IP protocol service and web service as taught by UnknownTCP to modify the controller of Lapidous-UnknownTCP in order to comply with the rules and standard procedures for the way information is communicated over the internet.

As to claim 3, Lapidous-UnknownTCP-Sauter discloses the controller of claim 2, wherein the first communication protocol type corresponds to a Hypertext Transfer Protocol Secure (HTTPS) communication protocol  (Lapidous, [0094]-[0095]) and the second communication protocol type corresponds to a Secure Shell (SSH) protocol (Lapidous, [0101], [0037]). 

As to claim 4, Lapidous-UnknownTCP-Sauter discloses the controller of claim 1, wherein the protocol demultiplexer conducts an analysis of the information within the incoming message by at least analyzing a header of the incoming message (The two 16 bit fields in the TCP Header, Source port and Destination port identifies the port number which the application is listening at the sending device and receiving device, UnknownTCP, the third paragraph). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use TCP/IP protocol service and web service as taught by UnknownTCP to modify the controller of Lapidous-UnknownTCP in order to comply with the rules and standard procedures for the way information is communicated over the internet.

As to claim 5, Lapidous-UnknownTCP-Sauter discloses the controller of claim 1 being communicatively coupled to a cloud connection appliance via a reverse tunnel encapsulated within a Secure Shell (SSH) communication path to receive the incoming message (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]).

As to claim 6, Lapidous-UnknownTCP-Sauter discloses the controller of claim 5, wherein the reverse tunnel enables the controller to directly send control information to the cloud connection appliance even though the cloud connection application lacks an assigned Internet Protocol (IP) address (The method is also ideal for hosting services at home in case the ISP does not assign a public IP address to the link, Sauter, the first paragraph). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the controller of Lapidous-UnknownTCP-Sauter in order to provide hosted services to public without interruption.

As to claim 17, Lapidous-UnknownTCP-Sauter discloses the controller of claim 1, wherein the first process corresponds to a web server process (encrypted WebRTC (Web Real Time Communication), Lapidous, [0100]-[0102]).

As to claim 18, Lapidous-UnknownTCP-Sauter discloses The controller of claim 1, wherein the first process corresponds to a tunneling process (the VPN server 104 may additionally or alternatively include a proxy or an application-level tunnel server (such as a SSH server), capable of providing reverse connection through an encrypted channel, Lapidous, [0100]-[0102]).

Claims 7-13 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous in view of Sauter.

As to claim 7, Lapidous teaches a cloud connection appliance (provider computer, Lapidous, [0096]-[0097]), comprising:
a processor (processor, Lapidous, [0088]-[0090], Fig. 11); and
a non-transitory storage medium (computer-readable media, Lapidous, [0088]-[0090], Fig. 11) communicatively coupled to the processor (Lapidous, [0088]-[0090]. Fig. 11), the non- transitory storage medium comprises management control logic to control registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller (The provider computer 102a connects 404 to the VPN server 104 and registers 406 as a provider of content for URL_A. Registering 406 the provider computer 102a as provider of content for URL_A may include transmitting URL_A to VPN server 104 along with one or more access rules for URL_A. The VPN server 104 registers 408 the received URL_A and access rules with a connection identifier of the VPN client 120 of provider computer 102a from which they were received, thereby mapping the personal server 118 of the provider computer 102a to URL_A, Lapidous, [0115]-[0116]. Note: the VPN server 104 may additionally or alternatively include a proxy or an application-level tunnel server (such as a SSH server), capable of providing reverse connection through an encrypted channel, Lapidous, [0101], [0037]).
wherein the controller and the cloud connection appliance operate in a client-server relationship with the cloud connection appliance operating as a server when receiving control information through the reverse tunnel (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 (e.g. cloud connection appliance) through the reverse connection provided by VPN server 104 (e.g. controller). After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]. Note: in client server model, client establishes a connection with a server by sending a request to the server and server responses the request to the client),
wherein the reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]).
Lapidous does not explicitly disclose the cloud connection appliance operating as a client when establishing the communication path and prior to establishing the reverse tunnel and operating as a server when receiving control information through the reverse tunnel after establishing the reverse tunnel, wherein the reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking an assigned Internet Protocol (IP) address.
Sauter discloses an appliance operating as a client when establishing a communication path and prior to establishing a reverse tunnel (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: “the server at home” sends a request, setting up a reverse tunnel between (home server) port 443 and (remote proxy server) port 4444, to remote proxy server and client initiates request and server response in client-server model, thus the claimed limitation is disclosed) and operating as a server when receiving control information through the reverse tunnel after establishing the reverse tunnel (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: the command, “ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443” means that the local service(s) at port 80 or 443 on the server at home will be accessible on the remote proxy server at port 8888 or port 4444 respectively and client initiates request and server response in client-server model, thus the claimed limitation is disclosed), wherein the reverse tunnel enables the appliance to directly receive information from the controller despite the cloud connection application lacking an assigned Internet Protocol (IP) address (The method is also ideal for hosting services at home in case the ISP does not assign a public IP address to the link, Sauter, the first paragraph, the third and fourth paragraphs).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the appliance of Lapidous in order to provide hosted services to public without interruption.

As to claim 8, Lapidous-Sauter discloses the cloud connection appliance of claim 7 further comprising: a first input/output (I/O) interface to provide for an exchange of messages and control information with the controller (Lapidous, [0097]); a second I/O interface to provide for an exchange of messages with one or more computing devices deployed within a local area network (Lapidous, [0096]); and a third I/O interface to provide for an exchange of messages with router for propagation over a wide area network (Lapidous, [0098]).

As to claim 9, Lapidous-Sauter discloses the cloud connection appliance of claim 8, wherein the non-transitory storage medium further comprises data processing logic and cryptographic logic that operate on data for transmission as encrypted data messages over the second I/O interface and the third I/O interface (encrypted reverse connection and HTTPS, Lapidous, [0055], [0099]).

As to claim 10, Lapidous teaches a method for establishing direct communications between a cloud-based controller and a cloud connection appliance, comprising:
transmitting a request message from the cloud connection appliance to the cloud-based controller, the cloud-based controller and the cloud connection appliance operating in a client-server relationship (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]. Note: in client server model, client establishes a connection with a server by sending a request to the server and server responses the request to the client); and
conducting a message exchange between the cloud connection appliance and the cloud-based controller to produce a secure communication path with a reverse tunnel encapsulated within the secure communication path, wherein after establishing the secure communication path, the cloud-based controller operates as a client and the cloud connection appliance operates as a server (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]. Note: in client server model, client establishes a connection with a server by sending a request to the server and server responses the request to the client), and
wherein the reverse tunnel enables the cloud connection appliance to directly receive control information from the cloud-based controller (This request is received by protocol conversion proxy 116, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106, Lapidous, [0099]).
Lapidous does not explicitly disclose wherein the cloud-based controller operates as a server and the cloud connection apparatus operates as a client prior to establishing the reverse tunnel, wherein after establishing the reverse tunnel, the cloud-based controller operates as the client and the cloud connection appliance operates as the server, and wherein the reverse tunnel enables the cloud connection appliance to directly receive control information from the cloud-based controller despite the cloud connection application lacking an assigned Internet Protocol (IP) address.
Sauter discloses a controller operates as a server and an apparatus operates as a client prior to establishing the reverse tunnel (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: “the server at home” sends a request, setting up a reverse tunnel between (home server) port 443 and (remote proxy server) port 4444, to remote proxy server and client initiates request and server responses in client-server model, thus the claimed limitation is disclosed), wherein after establishing the reverse tunnel, the controller operates as the client and the appliance operates as the server (On the server at home: ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443, Sauter, the third and fourth paragraphs. Note: the command, “ssh -R 8888:locahost:80 or ssh -R 4444:localhost:443” means that the local service(s) at port 80 or 443 on the server at home will be accessible on the remote proxy server at port 8888 or port 4444 respectively and client initiates request and server response in client-server model, thus the claimed limitation is disclosed), and wherein the reverse tunnel enables the appliance to directly receive information from the controller despite the connection application lacking an assigned Internet Protocol (IP) address (The method is also ideal for hosting services at home in case the ISP does not assign a public IP address to the link, Sauter, the first paragraph, the third and fourth paragraphs).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the method of Lapidous in order to provide hosted services to public without interruption.

As to claim 11, Lapidous-Sauter discloses the method of claim 10, wherein the transmitting of the request message is based on registration of the cloud connection appliance with the controller (Lapidous, [0115]-[0116], [0099]).

As to claim 12, Lapidous-Sauter discloses the method of claim 10, wherein the message exchange includes an exchange of information for use in cryptographic transmissions including at least one of one or more cryptographic keys, digital certificates, digital signatures, or hash values (Lapidous, [0018]-[0021]).

As to claim 13, Lapidous-Sauter discloses the method of claim 10 further comprising: transmitting a management message via a Transmission Control Protocol (TCP) 443 port from the cloud-based controller to the cloud connection appliance, the management message includes an executable command to control operability of the cloud connection appliance (and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104, Lapidous, [0099]. Note: Sauter discloses “On the server at home: ssh -R 4444:localhost:443” in the third and fourth paragraphs). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the method of Lapidous-Sauter in order to provide hosted services to public without interruption.

Claim(s) 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous modified by Sauter as applied to claim 10 above, and further in view of UnknownTCP.

As to claim 14, Lapidous-Sauter substantially discloses a method as set forth in claim 13 above and further discloses transmitting data traffic via the TCP 443 port from the cloud connection appliance to the cloud-based controller (and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104, Lapidous, [0099]. Note: Sauter discloses “On the server at home: ssh -R 4444:localhost:443” in the third and fourth paragraphs).
Lapidous-Sauter does not explicitly disclose wherein the cloud-based controller conducts an analysis of a communication protocol associated with the data traffic to determine which process of a plurality of processes to which data associated with the data traffic is directed.
UnknownTCP discloses a controller conducts an analysis of a communication protocol associated with the data traffic to determine which process of a plurality of processes to which data associated with the data traffic is directed (“The data from different applications operating on a network device are multiplexed at the sending device using port numbers and demultiplexed at the receiving device, again using port numbers” from UnknownTCP, the second paragraph and “Each network application will bind itself to an available port number, so that TCP/IP protocol suite can identify the network application based on port numbers. So we can view port numbers as an application level address for network communication” from UnknownTCP, the sixth paragraph).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use TCP/IP protocol service and web service as taught by UnknownTCP to modify the method of Lapidous-Sauter in order to comply with the rules and standard procedures for the way information is communicated over the internet.

As to claim 15, Lapidous-Sauter-UnknownTCP discloses the method of claim 14, wherein the cloud-based controller comprises a protocol demultiplexer configured to receive the data traffic over the TCP 443 port (TCP/IP protocol suite, UnknownTCP, the sixth and second paragraphs). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use TCP/IP protocol service and web service as taught by UnknownTCP to modify the method of Lapidous-Sauter-UnknownTCP in order to comply with the rules and standard procedures for the way information is communicated over the internet.

As to claim 16, Lapidous-Sauter-UnknownTCP discloses the method of claim 14, wherein the analysis of the communication protocol associated with the data traffic comprises routing the data to a first process of the plurality of processes when the communication protocol corresponds to a Hypertext Transfer Protocol Secure (HTTPS) communication protocol (Lapidous, [0094]-[0095]) and routing the data to a second process of the plurality of processes when the communication protocol corresponds to a Secure Shell (SSH) protocol (Lapidous, [0101], [0037]).

Response to Arguments
Applicant's arguments filed 10/04/2022 have been fully considered but they are not persuasive.

Regarding Applicant’s argument “Claims 1-6 are rejected under 35 U.S.C. §101 because the claimed invention may be directed to software per se which is directed to non-statutory subject matter. Applicant respectfully disagrees, at least in view of the amendments set forth above. With respect to the analysis of a claim under 35 U.S.C. § 101, the Supreme Court initially set forth a two-step analysis in the holding of Alice Corp. v. CLS Bank. The USPTO has since promulgated multiple memorandums providing further clarification for the analysis. The most recent such memorandum entitled, "2019 Revised Patent Subject Matter Eligibility Guidance" ("2019 Memorandum") was published January 7, 2019 and provides a concrete framework for analyzing whether a claim should be categorized as an abstract idea…… In view of the foregoing, the outstanding §101 rejection is improper for pending claim 1 and claims 2-6 dependent thereon. Withdrawal of the outstanding §101 rejection is respectfully requested.” on page 6-8, Examiner respectfully disagrees.
 Applicant’s argument is not responsive to the rejection. Per MPEP §2016 I, two criteria for subject matter eligibility:
“First, the claimed invention must be to one of the four statutory categories. 35 U.S.C. 101  defines the four categories of invention that Congress deemed to be the appropriate subject matter of a patent: processes, machines, manufactures and compositions of matter." (hereinafter First Criterion). See MPEP § 2106.03 for detailed information on the four categories.
"Second, the claimed invention also must qualify as patent-eligible subject matter, i.e., the claim must not be directed to a judicial exception unless the claim as a whole includes additional limitations amounting to significantly more than the exception." (hereinafter Second Criterion). See MPEP § 2106.04 for detailed information on the judicial exceptions.
As set forth in non-final office action mailed on 08/12/2022 and the final office action, the claimed controller is a software per se. Software comprising a series of executable steps does not fall in any statutory categories of invention (i.e., Machine, Manufacture, Composition of Matter, and Process). Thus, claim 1 and dependent claims 2-6 do not fall in any statutory categories of invention and are non-statutory.  Applicant’s argument is directed to the judicial exceptions, Second Criterion, while the rejection is based on First Criterion. Therefore, Applicant’s argument is not responsive to the rejection.

Regarding Applicant’s argument “the combined teachings of Lapidous, Sauter and UnknownTCP fail to describe or suggest that (1) the controller and the cloud connection appliance operate in a client-server relationship with the cloud connection appliance (a) operating as a client when establishing the communication path and prior to establishing the reverse tunnel and (b) operating as a server when receiving control information through the reverse tunnel after establishing the reverse tunnel (claim 7) or (2) the cloud-based controller operates as a server and the cloud connection apparatus operates as a client prior to establishing the reverse tunnel, and after establishing the reverse tunnel, the cloud-based controller operates as the client and the cloud connection appliance operates as the server (claim 10).” on page 9, Examiner respectfully disagrees.
Sauter discloses hosting services at home in case the ISP does not assign a public IP address to the link by tunneling the local port 443 to a higher non-priviledged port such as 4444 on the remote machine. With socat running as root, TCP packets are then tunneled between remote port 443 to remote port 4444, and from there via ssh tunneling to port 443 on the server at home (see the first, third, and fourth paragraphs). Specifically, Sauter runs instructions ssh -R 8888:locahost:80 and ssh -R 4444:localhost:443 on the server at home to establish a reverse tunnel with the remote machine. Note that the server at home sends request (ssh -R 8888:locahost:80 and ssh -R 4444:localhost:443 on the server at home) to establish a reverse tunnel with the remote machine, the server at home is client and the remote machine is server is server in this situation. The instructions “ssh -R 8888:locahost:80 and ssh -R 4444:localhost:443” make the local service(s) at port 80 or 443 on the server at home being accessible on the remote proxy server at port 8888 or port 4444 after establishing the reverse tunnel, Therefore, the server at home is server and the remote machine is client in this situation. It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use reverse SSH tunnel for services with public IP address as taught by Sauter to modify the controller / appliance / method of Lapidous (or in view of UnknownTCP) in order to provide hosted services to public without interruption.

For similar argument regarding rejection to claim 1 on page 8, Examiner respectfully disagrees.
See response above.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522. The examiner can normally be reached Monday-Friday 9:00AM-5:30PM IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached on (571)272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RUOLEI ZONG/Primary Examiner, Art Unit 2441                                                                                                                                                                                                        11/29/2022