DETAILED ACTION
Claims 1-21 are pending.
The Office Action is responsive to the communication filed on 10/30/2022.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Response to Amendment
The amendment, filed 10/30/2022, is fully responsive.  
The claim rejections under 112(b) to claims 12-15 have been corrected and the rejections have been removed.


Response to Arguments
Applicant's arguments filed 10/30/2022 have been fully considered but they are not persuasive.  

Regarding claims 1-11 and 15-21, the applicant argues that the cited references do not teach or suggest the claim limitations with respect to independent claim 1 below.  Independent claims 20-21 are substantially similar to independent claim 1.  Dependent claims 2-11 and 15-19 depend, directly or indirectly, from independent claim 1.  The Examiner respectfully disagrees.  The cited prior art describe the claim limitations as briefly outlined below and as described in the rejection of claims 1 and 20-21 below.
in response to receiving approval of the request from the plurality of predefined approvers, (Vasko: “In another example, the OEM may request remote management functionality 312 that conflicts with one or more enterprise security policies 310; however, the end user may allow an exception to the policy for the OEM (e.g., if the requested management functionality is preferably performed by the OEM and not by plant personnel).” Paragraph 0047)
automatically creating a connection between an electronic device in the manufacturing facility and a computer system for the equipment supplier, (Applicant’s remarks are directed to the cited prior art not suggesting or teaching the automatic creation of a connection; Examiner respectfully disagrees; Vasko describes creating and maintaining a portal based on the access privileges and the portal serves as a secure connection pipeline as described in paragraphs 0029 and 0048 of Vasko; if applicant intends for a connection to have a particular meaning, examiner recommends amending claims 1 and 20-21 to specify the particular meaning for the connection; Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)
wherein the connection is used for the remote support activity; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048)
Accordingly, applicant’s arguments are not persuasive since the cited prior art describe the limitations in these claims.

For at least these reasons, the rejection of the claims is maintained.


Allowable Subject Matter
Claims 12-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1, 7-8, 11, 15-16, and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2015/0074749 (Vasko) in view of U.S. Patent Application Publication No. 2014/0040397 (Bomgaars).


Claim 1:
The cited prior art describes a method, comprising, at a computer system of a manufacturer, (Vasko: “FIG. 1 illustrates an asset management solution that facilitates customized remote access to an industrial asset by both an end user and an OEM. The asset management solution comprises a remote asset server 102 communicatively coupled to a local industrial asset 114. Remote asset server 102 allows the industrial asset 114 to be monitored and managed securely and safely by an end user 108 and an OEM 112 from remote locations. Industrial asset 114 can comprise substantially any industrial device, collection of devices, or machine, including but not limited to an industrial controller, a motor drive (e.g., a variable frequency drive), a human-machine interface (HMI) terminal, a sensor, a meter, a control cabinet, a vision system, or other such asset.” Paragraph 0027)
wherein the manufacturer operates a manufacturing facility comprising equipment from an equipment supplier: (Vasko: see the industrial asset 114 and the original equipment manufacturer 112 as illustrated in figure 1; “Similarly, OEM 112 can remotely access remote asset server 102 through an OEM portal 110 instantiated in the cloud architecture. As will be described in more detail below, end user portal 106 and OEM portal 110 provide different views and access privileges to industrial asset 114 via remote asset server 102. By maintaining the cloud infrastructure used to instantiate end user portal 106 and OEM portal 110, connectivity broker 104 provides a secure data pipeline into the end-user's plant, and facilitates customized, role-specific access to the end user's industrial assets.” Paragraph 0028)
receiving a request for electronic access by the equipment supplier to the manufacturing facility to perform a remote support activity for the equipment; (Vasko: “At 1006, a request to access the industrial asset is received from a remote device via one of the multiple cloud-based portals.” Paragraph 0082; “In general, remote asset server 102 serves as a specialized network infrastructure device that regulates access to industrial asset 114 by different entities (e.g., plant personnel, OEMs, system integrators, etc.) in accordance with enterprise security policies defined by the end user.” Paragraph 0029)
routing the request to a plurality of predefined approvers; (Vasko: “End users can also remotely submit approval of remote management functionality 312 requested by the OEM to facilitate configuration of OEM portal 110.” Paragraph 0050; “At 1008, the set of security policies associated with the portal is invoked.” Paragraph 0082)
receiving approval of the request from the plurality of predefined approvers; (Vasko: “Remote asset server 102 (or the cloud platform) requires the end user to approve the requested remote management functionality 312 before OEM portal 110 will be instantiated in the cloud platform and made available to the OEM. In this way, remote asset server 102, together with the cloud infrastructure maintained by connectivity broker 104, provides OEMs with tools for specifying how they wish to access industrial asset 114 in order to reliably manage their machine on behalf of the end user, while making such access subject to end user approval, affording the end user the ability to deny access to selected aspects of industrial asset 114 for reasons of safety, security, or business interests.” Paragraph 0046; “Alternatively, if it is determined at step 1010 that the request is permitted, the methodology moves to step 1012, where the request to access the industrial asset is allowed.” Paragraph 0083)
in response to receiving approval of the request from the plurality of predefined approvers, (Vasko: “In another example, the OEM may request remote management functionality 312 that conflicts with one or more enterprise security policies 310; however, the end user may allow an exception to the policy for the OEM (e.g., if the requested management functionality is preferably performed by the OEM and not by plant personnel).” Paragraph 0047)
automatically creating a connection between an electronic device in the manufacturing facility and a computer system for the equipment supplier, (Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)
wherein the connection is used for the remote support activity; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048)

Vasko does not explicitly describe automatically terminating as described below.  However, Bomgaars teaches the automatically terminating as described below.  
upon completion of the remote support activity, automatically terminating the connection. (Bomgaars: “After the session is complete, the remote customer can take an exit survey, which obtains feedback from the customer on the support experience. By way of the example, the customer is prompted to enter a rating of the service provided by to the representative and to write comments about the customer's experience in the session as depicted in screen 800c of (FIG. 8C). This survey information, in another embodiment, can be available for later viewing through the reporting feature of an administrative interface. The customer can also receive notification relating to the termination of the support session; e.g., whether that the representative can no longer view the customer's screen and/or that the support software has been completely uninstalled from the customer system 105.” Paragraph 0110)
One of ordinary skill in the art would have recognized that applying the known technique of Vasko, namely, remote asset management services for industrial assets, with the known techniques of Bomgaars, namely, providing secure remote access and control, would have yielded predictable results and resulted in an improved system.  Accordingly, applying the teachings of Vasko to provide remote access to industrial assets based on approval with the teachings of Bomgaars to provide for secure remote access would have been recognized by those of ordinary skill in the art as resulting in an improved secure remote access system (i.e., connecting and terminating connections for secure remote access of Vasko based on the teachings of terminating connections for secure remote access in Bomgaars).

Claim 7:
The cited prior art describes the method of claim 1, wherein the remote support activity comprises uploading or downloading data relating to the equipment. (Vasko: “This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform. “ paragraph 0032; “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048; “Remote asset server 102 can also be configured by the end user to allow controlled, regulated access to industrial asset 114 by an OEM.” Paragraph 0045; “For example, during access negotiation, the OEM may request (via remote management functionality 312) unlimited write access to the industrial asset's configuration parameters. However, the user-defined enterprise security policies 310 may specify that certain control loop tuning parameters may only be modified locally, and therefore remote write access to these identified parameters must be denied for all users.” Paragraph 0047; “Example local peripheral devices 802 include video cameras set to record video footage of the industrial asset 114 during operation, a telemetry device that measures an aspect (e.g., temperature, pressure, etc.) of a downstream process that depends on operation of the industrial asset 114, a user authentication device (e.g., card reader, biometric device, barcode reader, etc.) that records an identifier associated with a current operator of industrial asset 114, or other such device.” Paragraph 0075)

Claim 8:
The cited prior art describes the method of claim 7, wherein the data is selected from the group consisting of a data file, a data stream, or data for accessing an application relating to the equipment. (Vasko: “This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform. “ paragraph 0032; “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048; “Remote asset server 102 can also be configured by the end user to allow controlled, regulated access to industrial asset 114 by an OEM.” Paragraph 0045; “For example, during access negotiation, the OEM may request (via remote management functionality 312) unlimited write access to the industrial asset's configuration parameters. However, the user-defined enterprise security policies 310 may specify that certain control loop tuning parameters may only be modified locally, and therefore remote write access to these identified parameters must be denied for all users.” Paragraph 0047; “Example local peripheral devices 802 include video cameras set to record video footage of the industrial asset 114 during operation, a telemetry device that measures an aspect (e.g., temperature, pressure, etc.) of a downstream process that depends on operation of the industrial asset 114, a user authentication device (e.g., card reader, biometric device, barcode reader, etc.) that records an identifier associated with a current operator of industrial asset 114, or other such device.” Paragraph 0075)

Claim 11:
The cited prior art describes the method of claim 7, further comprising specifying 
a destination of the data, (Vasko: “However, the user-defined enterprise security policies 310 may specify that certain control loop tuning parameters may only be modified locally, and therefore remote write access to these identified parameters must be denied for all users. Accordingly, remote asset server 102 may implement only such functionality requested by the OEM that does not conflict with the user-defined enterprise security policies 310, thus making remote management functionality 312 subservient to enterprise security policies 310.” Paragraph 0047)
who has access to the data, and (Vasko: “As will be described in more detail below, remote asset server 102 allows the end user to define different access policies corresponding to different categories of authorized users (e.g., plant personnel, OEMs, device or machine vendors, etc.). Once these enterprise security policies have been established, remote asset server 102 allows each authorized user to remotely access industrial asset 114 via cloud-based, role-specific portals (e.g., end user portal 106 and OEM portal 110), which are configured in the cloud infrastructure based on the enterprise security policies 310 defined by the end user.” Paragraph 0039)
how long the data will persist. (Vasko: “Since the administrative interface is accessible from any remote location via end user portal 106, the authorized end user can use these tools to remotely view and control access to the industrial asset at any time from any location.” Paragraph 0052; “The cloud-based remote access system can then generate and deliver automated notifications to specified client devices associated with the OEM at the appropriate times. In some embodiments, the end user may configure OEM portals 110 to only allow access to the industrial asset 114 during these pre-scheduled review periods, and to block access via the OEM portals at all other times. Based on these configured preferences, the remote access system will automatically enable and disable the OEM portals at the appropriate times to allow the OEM to perform their scheduled machine review.” Paragraph 0061)

Claim 15:
The cited prior art describes the method of claim 1, wherein: 
the equipment comprises a manufacturing tool connected to the computer system of the manufacturer through a network at the manufacturing facility; and (Vasko: see the industrial asset 114 and the original equipment manufacturer 112 as illustrated in figure 1; “Similarly, OEM 112 can remotely access remote asset server 102 through an OEM portal 110 instantiated in the cloud architecture. As will be described in more detail below, end user portal 106 and OEM portal 110 provide different views and access privileges to industrial asset 114 via remote asset server 102. By maintaining the cloud infrastructure used to instantiate end user portal 106 and OEM portal 110, connectivity broker 104 provides a secure data pipeline into the end-user's plant, and facilitates customized, role-specific access to the end user's industrial assets.” Paragraph 0028)
the plurality of predefined approvers comprise an approver selected from the group consisting of an owner of the manufacturing tool, an operator of the manufacturing tool, and a manager of the manufacturing facility. (Vasko: “End users can also remotely submit approval of remote management functionality 312 requested by the OEM to facilitate configuration of OEM portal 110.” Paragraph 0050; “At 1008, the set of security policies associated with the portal is invoked.” Paragraph 0082)

Claim 16:
Vasko does not explicitly describe start and end as described below.  However, Bomgaars teaches the start and end as described below.  
The cited prior art describes the method of claim 1, wherein: 
the request specifies a start time and an end time for the remote support activity; (Bomgaars: “FIGS. 6D-6E demonstrate the functions associated with the "Customer Client" tab 604. The administrator can introduce support sessions by displaying a customer agreement or a customer greeting. Should a customer request support when no representative is logged into the appliance 101, an orphaned session message can alert the customer to retry at a different time, and if defined, the URL option can then direct the user to the designated site. The administrator can also upload a banner to be displayed at the top of the user's chat window. At the end of the session, the remote client automatically uninstalls from the user's computer. The administrator can create a custom message or use the default uninstall message. Once the session is complete, the administrator can give the user the option of downloading the session recording or the chat transcript. The administrator can also configure security settings should the remote client loses its connection.” Paragraph 0068)
the connection is automatically created at the start time; and (Bomgaars: “An alternate approach for starting a support session is through the use of one-time, randomly generated session keys. When the customer calls with a support request rather than filling out an online support request, the representative can generate a session key 705 using the representative client interface, as shown in screen 700f (FIG. 7F). The representative may then either direct the customer to the unique URL or ask the customer to enter this session key on the customer interface, which will automatically add that customer to the private queue and open a new session tab.” Paragraph 0093; Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)
the connection is automatically terminated at the end time. (Bomgaars: “After the session is complete, the remote customer can take an exit survey, which obtains feedback from the customer on the support experience. By way of the example, the customer is prompted to enter a rating of the service provided by to the representative and to write comments about the customer's experience in the session as depicted in screen 800c of (FIG. 8C). This survey information, in another embodiment, can be available for later viewing through the reporting feature of an administrative interface. The customer can also receive notification relating to the termination of the support session; e.g., whether that the representative can no longer view the customer's screen and/or that the support software has been completely uninstalled from the customer system 105.” Paragraph 0110; “FIGS. 6O and 6P show screens 600o and 600p, which provide the "Presentation" tab 609. Through this tab 609, the administrator can introduce presentations by displaying a customer agreement or a customer greeting. Should a customer enter a presentation when the presenting representative is not logged into the appliance 101, an expiration timeout determines the length of time the attendee will be allowed to wait before the attendee is logged out and an orphaned session message is displayed. The administrator can also upload a banner to be displayed at the top of the attendee's chat window. At the end of the session, the remote client automatically uninstalls from the attendee's computer. The administrator can create a custom message or use the default uninstall message.” Paragraph 0073; “A "Session Key Timeout" field sets a length of time for which a session key remains valid. If the remote customer does not use the session key within the time allotted, the customer cannot connect to the representative, the key will expire and the representative will need to create a new session key.” Paragraph 0084)
Vasko and Bomgaars are combinable for the same rationale as set forth above with respect to claim 1.

Claim 18:
The cited prior art describes the method of claim 1, further comprising, at the computer system of the manufacturer: 
logging information regarding the request, the connection, and the remote support activity; and (Vasko: “Based on results of the program upload and compare functions, the cloud services may also generate an audit trail that logs changes made to the program or device configuration. In an example embodiment, each entry in the change log could include such information as the nature of the modification, the time the modification was detected, a user identity associated with the modification, etc.” paragraph 0064)

Vasko does not explicitly describe a report as described below.  However, Bomgaars teaches the report as described below.  
generating a report specifying at least a portion of the logged information. (Bomgaars: “In addition to configuring the network appliance 101, the administrator also has the capability to manage representatives, generate activity reports, view or download customer exit surveys, add/remove users, etc.” paragraph 0064; “At the beginning of the session, a report of the remote computer's system information can be logged for later view in the session report. Sessions can be recorded in, for example, Flash video format at several different screen sizes. The administrator can also select to be automatically alerted if license usage should exceed a certain number or percent of representatives logged in at the same time.” Paragraph 0067; “Additionally, the administrators can generate activity reports, with a full chat transcript, files transferred, permissions granted, and a Flash video recording, along with other details such as system information, session duration and local and remote computer names and IP addresses. Additionally, the administrator can view or download reports of customer or representative exit surveys based on date range, support team or support representative. By way of example, reports can be viewed online or downloaded into a .csv (Comma Separated Value) file. This capability is depicted in FIG. 6DD via the "Reports" tab 613.” Paragraph 0078)
Vasko and Bomgaars are combinable for the same rationale as set forth above with respect to claim 1.

Claim 19:
The cited prior art describes the method of claim 1, wherein: 
receiving the request, routing the request, receiving approval of the request, automatically creating the connection, and automatically terminating the connection are performed by a first application running on the computer system of the manufacturer; (Vasko: “FIG. 1 illustrates an asset management solution that facilitates customized remote access to an industrial asset by both an end user and an OEM. The asset management solution comprises a remote asset server 102 communicatively coupled to a local industrial asset 114. Remote asset server 102 allows the industrial asset 114 to be monitored and managed securely and safely by an end user 108 and an OEM 112 from remote locations.” Paragraph 0027; “In some embodiments, components 204, 206, 208, 210, and 212 can comprise software instructions stored on memory 218 and executed by processor(s) 216.” Paragraph 0031)
the first application is configured to communicate with a second application running on the computer system of the equipment supplier; (Vasko: “Plant network interface component 204 can be configured to interface remote asset server 102 with a plant or enterprise network at the end user's facility (e.g., the plant's office Ethernet network). Cloud interface component 206 can be configured to couple the remote asset server to a web-based or private cloud platform and exchange data with the cloud platform. This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform.” Paragraph 0032; “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048)
the request is received from the second application; and (Vasko: “At 1006, a request to access the industrial asset is received from a remote device via one of the multiple cloud-based portals.” Paragraph 0082; “In general, remote asset server 102 serves as a specialized network infrastructure device that regulates access to industrial asset 114 by different entities (e.g., plant personnel, OEMs, system integrators, etc.) in accordance with enterprise security policies defined by the end user.” Paragraph 0029)
the connection comprises a connection between the first application and the second application. (Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)

Claim 20:
The cited prior art describes a non-transitory computer-readable storage medium storing one or more programs for execution by one or more processors of a computer system of a manufacturer, (Vasko: “FIG. 1 illustrates an asset management solution that facilitates customized remote access to an industrial asset by both an end user and an OEM. The asset management solution comprises a remote asset server 102 communicatively coupled to a local industrial asset 114. Remote asset server 102 allows the industrial asset 114 to be monitored and managed securely and safely by an end user 108 and an OEM 112 from remote locations. Industrial asset 114 can comprise substantially any industrial device, collection of devices, or machine, including but not limited to an industrial controller, a motor drive (e.g., a variable frequency drive), a human-machine interface (HMI) terminal, a sensor, a meter, a control cabinet, a vision system, or other such asset.” Paragraph 0027; “Computers and servers include one or more processors--electronic integrated circuits that perform logic operations employing electric signals--configured to execute instructions stored in media such as random access memory (RAM), read only memory (ROM), a hard drives, as well as removable memory devices, which can include memory sticks, memory cards, flash drives, external hard drives, and so on.” Paragraph 0084)
wherein the manufacturer operates a manufacturing facility comprising equipment from an equipment supplier, the one or more programs including instructions for: (Vasko: see the industrial asset 114 and the original equipment manufacturer 112 as illustrated in figure 1; “Similarly, OEM 112 can remotely access remote asset server 102 through an OEM portal 110 instantiated in the cloud architecture. As will be described in more detail below, end user portal 106 and OEM portal 110 provide different views and access privileges to industrial asset 114 via remote asset server 102. By maintaining the cloud infrastructure used to instantiate end user portal 106 and OEM portal 110, connectivity broker 104 provides a secure data pipeline into the end-user's plant, and facilitates customized, role-specific access to the end user's industrial assets.” Paragraph 0028)
in response to receiving a request for electronic access by the equipment supplier to the manufacturing facility to perform a remote support activity for the equipment, routing the request to a plurality of predefined approvers; (Vasko: “At 1006, a request to access the industrial asset is received from a remote device via one of the multiple cloud-based portals.” Paragraph 0082; “In general, remote asset server 102 serves as a specialized network infrastructure device that regulates access to industrial asset 114 by different entities (e.g., plant personnel, OEMs, system integrators, etc.) in accordance with enterprise security policies defined by the end user.” Paragraph 0029; “End users can also remotely submit approval of remote management functionality 312 requested by the OEM to facilitate configuration of OEM portal 110.” Paragraph 0050; “At 1008, the set of security policies associated with the portal is invoked.” Paragraph 0082)
in response to receiving approval of the request from the plurality of predefined approvers, (Vasko: “Remote asset server 102 (or the cloud platform) requires the end user to approve the requested remote management functionality 312 before OEM portal 110 will be instantiated in the cloud platform and made available to the OEM. In this way, remote asset server 102, together with the cloud infrastructure maintained by connectivity broker 104, provides OEMs with tools for specifying how they wish to access industrial asset 114 in order to reliably manage their machine on behalf of the end user, while making such access subject to end user approval, affording the end user the ability to deny access to selected aspects of industrial asset 114 for reasons of safety, security, or business interests.” Paragraph 0046; “Alternatively, if it is determined at step 1010 that the request is permitted, the methodology moves to step 1012, where the request to access the industrial asset is allowed.” Paragraph 0083; “In another example, the OEM may request remote management functionality 312 that conflicts with one or more enterprise security policies 310; however, the end user may allow an exception to the policy for the OEM (e.g., if the requested management functionality is preferably performed by the OEM and not by plant personnel).” Paragraph 0047)
automatically creating a connection between an electronic device in the manufacturing facility and a computer system for the equipment supplier, (Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)
wherein the connection is used for the remote support activity; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048)

Vasko does not explicitly describe automatically terminating as described below.  However, Bomgaars teaches the automatically terminating as described below.  
upon completion of the remote support activity, automatically terminating the connection. (Bomgaars: “After the session is complete, the remote customer can take an exit survey, which obtains feedback from the customer on the support experience. By way of the example, the customer is prompted to enter a rating of the service provided by to the representative and to write comments about the customer's experience in the session as depicted in screen 800c of (FIG. 8C). This survey information, in another embodiment, can be available for later viewing through the reporting feature of an administrative interface. The customer can also receive notification relating to the termination of the support session; e.g., whether that the representative can no longer view the customer's screen and/or that the support software has been completely uninstalled from the customer system 105.” Paragraph 0110)
Vasko and Bomgaars are combinable for the same rationale as set forth above with respect to claim 1.

Claim 21:
The cited prior art describes a system, comprising: (Vasko: “FIG. 1 illustrates an asset management solution that facilitates customized remote access to an industrial asset by both an end user and an OEM. The asset management solution comprises a remote asset server 102 communicatively coupled to a local industrial asset 114. Remote asset server 102 allows the industrial asset 114 to be monitored and managed securely and safely by an end user 108 and an OEM 112 from remote locations. Industrial asset 114 can comprise substantially any industrial device, collection of devices, or machine, including but not limited to an industrial controller, a motor drive (e.g., a variable frequency drive), a human-machine interface (HMI) terminal, a sensor, a meter, a control cabinet, a vision system, or other such asset.” Paragraph 0027; “Computers and servers include one or more processors--electronic integrated circuits that perform logic operations employing electric signals--configured to execute instructions stored in media such as random access memory (RAM), read only memory (ROM), a hard drives, as well as removable memory devices, which can include memory sticks, memory cards, flash drives, external hard drives, and so on.” Paragraph 0084)
equipment from an equipment supplier, (Vasko: “A given industrial enterprise can comprise many industrial devices, assets, and machines provided by different product vendors or original equipment manufacturers (OEMs). Both end users (e.g., the owners of the industrial assets) and OEMs require the ability to remotely operate and maintain critical production assets in a safe, secure, timely, and cost-effective manner.” Paragraph 0023; “The OEM may be a manufacturer of industrial asset 114, and the end user may have a service agreement in place with the OEM to manage industrial asset 114 as needed.” Paragraph 0045)
the equipment being situated in a manufacturing facility operated by a manufacturer; (Vasko: “A given industrial enterprise can comprise many industrial devices, assets, and machines provided by different product vendors or original equipment manufacturers (OEMs). Both end users (e.g., the owners of the industrial assets) and OEMs require the ability to remotely operate and maintain critical production assets in a safe, secure, timely, and cost-effective manner.” Paragraph 0023)
a computer system of the manufacturer, comprising one or more processors and memory storing one or more programs for execution by the one or more processors, (Vasko: “FIG. 1 illustrates an asset management solution that facilitates customized remote access to an industrial asset by both an end user and an OEM. The asset management solution comprises a remote asset server 102 communicatively coupled to a local industrial asset 114. Remote asset server 102 allows the industrial asset 114 to be monitored and managed securely and safely by an end user 108 and an OEM 112 from remote locations. Industrial asset 114 can comprise substantially any industrial device, collection of devices, or machine, including but not limited to an industrial controller, a motor drive (e.g., a variable frequency drive), a human-machine interface (HMI) terminal, a sensor, a meter, a control cabinet, a vision system, or other such asset.” Paragraph 0027; “Computers and servers include one or more processors--electronic integrated circuits that perform logic operations employing electric signals--configured to execute instructions stored in media such as random access memory (RAM), read only memory (ROM), a hard drives, as well as removable memory devices, which can include memory sticks, memory cards, flash drives, external hard drives, and so on.” Paragraph 0084)
the one or more programs comprising instructions for: 
in response to receiving a request for electronic access by the equipment supplier to the manufacturing facility to perform a remote support activity for the equipment, routing the request to a plurality of predefined approvers; (Vasko: “At 1006, a request to access the industrial asset is received from a remote device via one of the multiple cloud-based portals.” Paragraph 0082; “In general, remote asset server 102 serves as a specialized network infrastructure device that regulates access to industrial asset 114 by different entities (e.g., plant personnel, OEMs, system integrators, etc.) in accordance with enterprise security policies defined by the end user.” Paragraph 0029; “End users can also remotely submit approval of remote management functionality 312 requested by the OEM to facilitate configuration of OEM portal 110.” Paragraph 0050; “At 1008, the set of security policies associated with the portal is invoked.” Paragraph 0082)
in response to receiving approval of the request from the plurality of predefined approvers, (Vasko: “Remote asset server 102 (or the cloud platform) requires the end user to approve the requested remote management functionality 312 before OEM portal 110 will be instantiated in the cloud platform and made available to the OEM. In this way, remote asset server 102, together with the cloud infrastructure maintained by connectivity broker 104, provides OEMs with tools for specifying how they wish to access industrial asset 114 in order to reliably manage their machine on behalf of the end user, while making such access subject to end user approval, affording the end user the ability to deny access to selected aspects of industrial asset 114 for reasons of safety, security, or business interests.” Paragraph 0046; “Alternatively, if it is determined at step 1010 that the request is permitted, the methodology moves to step 1012, where the request to access the industrial asset is allowed.” Paragraph 0083; “In another example, the OEM may request remote management functionality 312 that conflicts with one or more enterprise security policies 310; however, the end user may allow an exception to the policy for the OEM (e.g., if the requested management functionality is preferably performed by the OEM and not by plant personnel).” Paragraph 0047)
automatically creating a connection between an electronic device in the manufacturing facility and a computer system for the equipment supplier, (Vasko: “Once remote management functionality 312 has been agreed upon between the OEM and end user, the cloud infrastructure can create and maintain OEM portal 110 based on the agreed upon management functions and access privileges. Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310. Like end user portal 106, OEM portal 110 can deliver a customized interface to authenticated OEM remote client devices 306, providing an OEM-specific view of industrial asset 114 that may be different than the view provided to plant personnel via end user portal 106.” Paragraph 0048; “These defined security policies can be implemented in the cloud platform as role-specific portals (e.g., end user portal 106 and OEM portal 110), which serve as secure connection pipelines to industrial asset 114 via remote asset server 102.” Paragraph 0029; “At 908, remote access to the industrial asset is regulated by the remote asset server in accordance with the one or more security policies, where the remote access is facilitated by a communication portal instantiated in the cloud platform by the connectivity broker.” Paragraph 0081)
wherein the connection is used for the remote support activity; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048)

Vasko does not explicitly describe automatically terminating as described below.  However, Bomgaars teaches the automatically terminating as described below.  
upon completion of the remote support activity, automatically terminating the connection. (Bomgaars: “After the session is complete, the remote customer can take an exit survey, which obtains feedback from the customer on the support experience. By way of the example, the customer is prompted to enter a rating of the service provided by to the representative and to write comments about the customer's experience in the session as depicted in screen 800c of (FIG. 8C). This survey information, in another embodiment, can be available for later viewing through the reporting feature of an administrative interface. The customer can also receive notification relating to the termination of the support session; e.g., whether that the representative can no longer view the customer's screen and/or that the support software has been completely uninstalled from the customer system 105.” Paragraph 0110)
Vasko and Bomgaars are combinable for the same rationale as set forth above with respect to claim 1.


Claims 2-6 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2015/0074749 (Vasko) in view of U.S. Patent Application Publication No. 2014/0040397 (Bomgaars) and further in view of U.S. Patent Application Publication No. 2019/0182106 (Gibson).


Claim 2:
Vasko and Bomgaars do not explicitly describe a virtual private network as described below.  However, Gibson teaches the virtual private network as described below.  
The cited prior art describes the method of claim 1, wherein: 
automatically creating the connection comprises creating a virtual private network comprising a tunnel between the electronic device in the manufacturing facility and the computer system of the equipment supplier; and (Gibson: see the secure VPN tunnel ports 443 between OEM sites, end user sites, and system location as illustrated in figure 3; “Techniques to facilitate communication between remote industrial assets are disclosed herein. In at least one implementation, a computing system provides a virtual private network (VPN) service for an industrial automation network of an industrial automation enterprise. The computing system communicates with a first gateway system to establish a first connection between a first industrial asset and the VPN service for the industrial automation network. The computing system also communicates with a second gateway system to establish a second connection between a second industrial asset and the VPN service for the industrial automation network, wherein the second industrial asset is located at a disparate location than the first industrial asset.” Paragraph 0004)
automatically terminating the connection comprises terminating the virtual private network. (Bomgaars: “After the session is complete, the remote customer can take an exit survey, which obtains feedback from the customer on the support experience. By way of the example, the customer is prompted to enter a rating of the service provided by to the representative and to write comments about the customer's experience in the session as depicted in screen 800c of (FIG. 8C). This survey information, in another embodiment, can be available for later viewing through the reporting feature of an administrative interface. The customer can also receive notification relating to the termination of the support session; e.g., whether that the representative can no longer view the customer's screen and/or that the support software has been completely uninstalled from the customer system 105.” Paragraph 0110)
One of ordinary skill in the art would have recognized that applying the known technique of Vasko, namely, remote asset management services for industrial assets, and the known techniques of Bomgaars, namely, providing secure remote access and control, with the knownt techniques of Gibson, namely, remote line integration for industrial assets, would have yielded predictable results and resulted in an improved system.  Accordingly, applying the teachings of Vasko to provide remote access to industrial assets based on approval and the teachings of Bomgaars to provide for secure remote access with the teachings of Gibson to connect industrial assets via VPN would have been recognized by those of ordinary skill in the art as resulting in an improved secure remote access system (i.e., connecting and terminating connections for secure remote access using VPN of Vasko based on the teachings of terminating connections for secure remote access in Bomgaars and the teachings of connecting industrial assets using VPN in Gibson).

Claim 3:
Vasko and Bomgaars do not explicitly describe a virtual private network as described below.  However, Gibson teaches the virtual private network as described below.  
	The cited prior art describes the method of claim 2, wherein the virtual private network uses encryption keys controlled by the manufacturer. (Gibson: “In operation, a secure VPN connection is hosted in the cloud network 320 specializing in machine communication. The VPN service could be configured in bridged mode with traffic routing enabled. Security could be provided by secure sockets layer (SSL), transport layer security (TLS), or any other cryptographic security protocol.” Paragraph 0026; Bomgaars: “The "SSL Configuration" tab of FIG. 5H allows the appliance administrator to request a certificate authority for an SSL certificate for the network appliance 101. After an SSL Certificate Request is generated, the public portion can be given to a trusted certificate authority (i.e., Verisign, Geotrust, etc.) for them to sign it. After the signed certificate is received back, the certificate, along with the private key generated with it, can be uploaded to the appliance 101 using the "Upload New SSL Certificate" form on the "IP Configuration" page (FIG. 5E). A self-signed SSL certificate indicates to the users (e.g., customers) that the company guarantees the security of the appliance connection. This self-signed certificate contains the company's correct information and will take the place of any previously existing certificate. At any time, the original SSL certificate that comes with the appliance 101 can be restored.” Paragraph 0060)
Vasko, Bomgaars, and Gibson are combinable for the same rationale as set forth above with respect to claim 2.

Claim 4:
The cited prior art describes the method of claim 2, wherein: 
the equipment comprises a manufacturing tool connected to the computer system of the manufacturer through a network at the manufacturing facility; (Vasko: see the industrial asset 114 connected to the remote asset server 102 as illustrated in figure 1; “Plant network interface component 204 can be configured to interface remote asset server 102 with a plant or enterprise network at the end user's facility (e.g., the plant's office Ethernet network). Cloud interface component 206 can be configured to couple the remote asset server to a web-based or private cloud platform and exchange data with the cloud platform. This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform.  Machine network interface component 208 can be configured to interface remote asset server 102 with a machine network (e.g., an industrial or plant floor network) at the end user's facility. In an example embodiment, the machine network can comprise a common industrial protocol (CIP) network used to exchange data between industrial machines and assets on the plant floor.” Paragraph 0032)
the electronic device controls the manufacturing tool; (Vasko: see the industrial asset 114 connected to the remote asset server 102 as illustrated in figure 1; “Plant network interface component 204 can be configured to interface remote asset server 102 with a plant or enterprise network at the end user's facility (e.g., the plant's office Ethernet network). Cloud interface component 206 can be configured to couple the remote asset server to a web-based or private cloud platform and exchange data with the cloud platform. This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform.  Machine network interface component 208 can be configured to interface remote asset server 102 with a machine network (e.g., an industrial or plant floor network) at the end user's facility. In an example embodiment, the machine network can comprise a common industrial protocol (CIP) network used to exchange data between industrial machines and assets on the plant floor.” Paragraph 0032)
the remote support activity comprises remotely controlling the manufacturing tool; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048; “Remote asset server 102 can also be configured by the end user to allow controlled, regulated access to industrial asset 114 by an OEM.” Paragraph 0045; “For example, during access negotiation, the OEM may request (via remote management functionality 312) unlimited write access to the industrial asset's configuration parameters. However, the user-defined enterprise security policies 310 may specify that certain control loop tuning parameters may only be modified locally, and therefore remote write access to these identified parameters must be denied for all users.” Paragraph 0047)

Vasko and Bomgaars do not explicitly describe a virtual private network as described below.  However, Gibson teaches the virtual private network as described below.  
the virtual private network connects the manufacturing tool to the computer system of the equipment supplier. (Gibson: see the secure VPN tunnel ports 443 between OEM sites, end user sites, and system location as illustrated in figure 3; “Techniques to facilitate communication between remote industrial assets are disclosed herein. In at least one implementation, a computing system provides a virtual private network (VPN) service for an industrial automation network of an industrial automation enterprise. The computing system communicates with a first gateway system to establish a first connection between a first industrial asset and the VPN service for the industrial automation network. The computing system also communicates with a second gateway system to establish a second connection between a second industrial asset and the VPN service for the industrial automation network, wherein the second industrial asset is located at a disparate location than the first industrial asset.” Paragraph 0004)
Vasko, Bomgaars, and Gibson are combinable for the same rationale as set forth above with respect to claim 2.

Claim 5:
The cited prior art describes the method of claim 2, wherein: 
the equipment comprises a manufacturing tool connected to the computer system of the manufacturer through a network at the manufacturing facility; (Vasko: see the industrial asset 114 connected to the remote asset server 102 as illustrated in figure 1; “Plant network interface component 204 can be configured to interface remote asset server 102 with a plant or enterprise network at the end user's facility (e.g., the plant's office Ethernet network). Cloud interface component 206 can be configured to couple the remote asset server to a web-based or private cloud platform and exchange data with the cloud platform. This can include exchanging data with one or more end user portals and/or OEM portals instantiated in the cloud platform.  Machine network interface component 208 can be configured to interface remote asset server 102 with a machine network (e.g., an industrial or plant floor network) at the end user's facility. In an example embodiment, the machine network can comprise a common industrial protocol (CIP) network used to exchange data between industrial machines and assets on the plant floor.” Paragraph 0032)
the remote support activity comprises remotely assisting with the manufacturing tool; and (Vasko: “Authorized OEM remote client devices 306 can then remotely access industrial asset 114 via OEM portal 110, which enforces the access rights and restrictions defined by remote management functionality 312 and security policies 310.” Paragraph 0048; “Remote asset server 102 can also be configured by the end user to allow controlled, regulated access to industrial asset 114 by an OEM.” Paragraph 0045; “For example, during access negotiation, the OEM may request (via remote management functionality 312) unlimited write access to the industrial asset's configuration parameters. However, the user-defined enterprise security policies 310 may specify that certain control loop tuning parameters may only be modified locally, and therefore remote write access to these identified parameters must be denied for all users.” Paragraph 0047)
the electronic device in the manufacturing facility comprises a camera. (Vasko: “For example, FIG. 8 illustrates a remote asset server 102 capable of linking asset data with peripheral data from a local peripheral device. In this example, one or more local peripheral devices 802 can be connected to remote asset server 102 (e.g., via the server's local device interface component 210). Example local peripheral devices 802 include video cameras set to record video footage of the industrial asset 114 during operation, a telemetry device that measures an aspect (e.g., temperature, pressure, etc.) of a downstream process that depends on operation of the industrial asset 114, a user authentication device (e.g., card reader, biometric device, barcode reader, etc.) that records an identifier associated with a current operator of industrial asset 114, or other such device.” Paragraph 0075)

Claim 6:
The cited prior art describes the method of claim 5, further comprising verifying that views provided by the camera during the remote support activity are allowed views. (Vasko: “Using remote asset server 102, together with the cloud-based infrastructure maintained by connectivity broker 104, an end user can define which aspects of industrial asset 114 are allowed to be remotely viewed, accessed, and/or modified by an OEM or other outside entity.” Paragraph 0029; “For example, in the event that an outside entity connected via OEM portal 110 attempts to bypass the end user's security policies and access a data area outside the allowed scope of access defined by remote management functionality 312, OEM portal 110 can trigger an alert to a specified end user client device informing of the unauthorized access attempt. The notification can include an identification of the particular OEM portal through which the security breach was attempted.” Paragraph 0049; “For example, FIG. 8 illustrates a remote asset server 102 capable of linking asset data with peripheral data from a local peripheral device. In this example, one or more local peripheral devices 802 can be connected to remote asset server 102 (e.g., via the server's local device interface component 210). Example local peripheral devices 802 include video cameras set to record video footage of the industrial asset 114 during operation, a telemetry device that measures an aspect (e.g., temperature, pressure, etc.) of a downstream process that depends on operation of the industrial asset 114, a user authentication device (e.g., card reader, biometric device, barcode reader, etc.) that records an identifier associated with a current operator of industrial asset 114, or other such device.” Paragraph 0075)


Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2015/0074749 (Vasko) in view of U.S. Patent Application Publication No. 2014/0040397 (Bomgaars) and further in view of U.S. Patent Application Publication No. 2003/0147369 (Singh).


Claim 9:
Vasko and Bomgaars do not explicitly describe verifying size as described below.  However, Singh teaches the verifying size as described below.  
The cited prior art describes the method of claim 7, further comprising verifying that a size of the data matches an expected size of the data. (Singh: “Since the data size is dynamic, a parser at the device first reads the content length and then the complete data content. A check is made to ensure the size of data sent matches the size sent. Thus, receiving software on the device ensures that any data packets that get corrupted in transit are rejected on the device, thereby ensuring the integrity of the data that is transmitted.” Paragraph 0142)
One of ordinary skill in the art would have recognized that applying the known technique of Vasko, namely, remote asset management services for industrial assets, and the known techniques of Bomgaars, namely, providing secure remote access and control, with the knownt techniques of Singh, namely, secure data transfer between computing devices, would have yielded predictable results and resulted in an improved system.  Accordingly, applying the teachings of Vasko to provide remote access to industrial assets based on approval and the teachings of Bomgaars to provide for secure remote access with the teachings of Singh to provide secure data transfer would have been recognized by those of ordinary skill in the art as resulting in an improved secure remote access system (i.e., connecting and terminating connections for secure remote access and verifying data transferred between devices of Vasko based on the teachings of terminating connections for secure remote access in Bomgaars and the teachings of verifying data transferred between device in Singh).

Claim 10:
Vasko and Bomgaars do not explicitly describe verifying a template as described below.  However, Singh teaches the verifying a template as described below.  
The cited prior art describes the method of claim 7, further comprising verifying that a template for the data matches an expected template for the data. (Singh: “Step 605 At this point, the content data size in the packet matches the expected size. A check is made to see if this is the first packet that was received. If this is the first packet, go to step 611; else step 606 is performed.” Paragraph 0363; “Step 608 Check if this is the last packet (that is, if the current packet number is equal to the total number of packets). If so, invoke a clean up module.” Paragraph 0366)
Vasko, Bomgaars, and Gibson are combinable for the same rationale as set forth above with respect to claim 9.


Claims 17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2015/0074749 (Vasko) in view of U.S. Patent Application Publication No. 2014/0040397 (Bomgaars) and further in view of U.S. Patent Application Publication No. 2020/0134222 (Walker).

Claim 17:
Vasko and Bomgaars do not explicitly describe capturing a screen image as described below.  However, Walker teaches the capturing a screen image as described below.  
The cited prior art describes the method of claim 1, further comprising: 
detecting that a user at the equipment supplier has captured a screen image during the remote support activity; and (Walker: “At step 404, the received screenshot capture request is processed. The processing of the screenshot capture request includes, at step 406, determining whether a graphical user interface being displayed on a display device of the mobile device at the time the screenshot capture request is received is generated at least in part by one of the enterprise applications executing in the protected workspace container. The processing of the screenshot capture request further includes, at step 408, in response to determining that the graphical user interface displayed on the display device of the mobile device at the time the screenshot capture request is received is being generated at least in part by an enterprise application executing within the protected workspace container in the mobile device, performing a secure screenshot save operation that includes i) storing, within the mobile device, a screenshot image of the user interface displayed on the display device of the mobile device at the time the screenshot capture request is received, and ii) preventing the screenshot image from being accessed by the personal application executing on the mobile device outside of the protected workspace container.” Paragraph 0058)
in response to the detecting, raising an alarm. (Walker: “At step 404, the received screenshot capture request is processed. The processing of the screenshot capture request includes, at step 406, determining whether a graphical user interface being displayed on a display device of the mobile device at the time the screenshot capture request is received is generated at least in part by one of the enterprise applications executing in the protected workspace container. The processing of the screenshot capture request further includes, at step 408, in response to determining that the graphical user interface displayed on the display device of the mobile device at the time the screenshot capture request is received is being generated at least in part by an enterprise application executing within the protected workspace container in the mobile device, performing a secure screenshot save operation that includes i) storing, within the mobile device, a screenshot image of the user interface displayed on the display device of the mobile device at the time the screenshot capture request is received, and ii) preventing the screenshot image from being accessed by the personal application executing on the mobile device outside of the protected workspace container.” Paragraph 0058; “At step 504, a screenshot image of the display is stored, and access to the stored screenshot image by personal applications executing outside of the protected workspace container is prevented.” Paragraph 0062)
One of ordinary skill in the art would have recognized that applying the known technique of Vasko, namely, remote asset management services for industrial assets, and the known techniques of Bomgaars, namely, providing secure remote access and control, with the knownt techniques of Walker, namely, detecting a screen image capture, would have yielded predictable results and resulted in an improved system.  Accordingly, applying the teachings of Vasko to provide remote access to industrial assets based on approval and the teachings of Bomgaars to provide for secure remote access with the teachings of Walker to capture and secure a screen image capture would have been recognized by those of ordinary skill in the art as resulting in an improved secure remote access system (i.e., connecting and terminating connections for secure remote access and securing screen captures of Vasko based on the teachings of terminating connections for secure remote access in Bomgaars and the teachings of securing screen captures in Walker).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patent Application Publication No. 2014/0104045 describes a control system with a remote control component.
U.S. Patent Application Publication No. 2002/0013908 describes a remote diagnostic system for a semiconductor manufacturing system.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER E EVERETT whose telephone number is (571)272-2851. The examiner can normally be reached Monday-Friday 8:00 am to 5:00 pm (Eastern).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kenneth Lo can be reached on 571-272-9774. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Christopher E. Everett/Primary Examiner, Art Unit 2116