DETAILED ACTION
Claims 1-4, 6-21 are allowed.
This office action is in response REC filed on January 15, 2021.  Claims 1, 3, 8, 10, and 15-20 have been amended.  Claim 5 has been canceled.  Claim 21 has been added.  Therefore, claims 1-4 and 6-21 are presented here.  Claim 1, 8, and 15 are independent.
The prior office actions incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 34 CFR 1.114
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 15, 2021 has been entered. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the records appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with attorney Albert J. Fasulo, Reg. No. 43607 on 02/05/2021.

The application has been amended as follows: 
In the claims:
(Currently Amended) A computer implemented method using one or more hardware processors, the method comprising:
at an endpoint connected to a network:
responsive to sending domain name system (DNS) requests to a DNS resolver, receiving, from the DNS resolver, DNS responses that resolve a requested domain name to Internet Protocol (IP) addresses and include classification values for the requested domain name ranging in value to indicate safe to unsafe domains; 
computing an average of the classification values based on a predetermined number of the DNS responses obtained from the DNS resolver as an endpoint DNS-based score that represents security risk from safe to unsafe for the DNS responses
computing an endpoint security posture score based on security parameters of software executing on the endpoint; 
computing a security score of the endpoint, the security score including [[an]] the endpoint security posture score to represent security risk associated with the software executing on the endpoint and the endpoint DNS-based score;
providing, to the DNS resolver, a DNS request including the endpoint security posture score and the endpoint DNS-based score of the security score, and the requested domain name to be resolved by the DNS resolver;

by the one or more hardware processors, accessing the IP address.

3. (Currently Amended) The method of claim 1, 

wherein the classification values range from zero to three, with zero indicating a safe domain name, one indicating an unknown or newly seen domain name, two indicating a suspicious domain name, and three indicating a malicious domain name.

(Currently Amended) An apparatus comprising:
a communication interface configured to enable network communications; and
a processing device of an endpoint coupled with the communication interface, and configured to:
responsive to sending domain name system (DNS) requests to a DNS resolver, receive, from the DNS resolver, DNS responses that resolve a requested domain name to Internet Protocol (IP) addresses and include classification values for the requested domain name ranging in value to indicate safe to unsafe domains; 
compute an average of the classification values based on a predetermined number of the DNS responses obtained from the DNS resolver as an endpoint DNS-based score that represents security risk from safe to unsafe for the DNS responses
compute an endpoint security posture score based on security parameters of software executing on the endpoint;
the endpoint security posture score to represent security risk associated with the software executing on the endpoint and the endpoint DNS-based score;
provide, to the DNS resolver, a DNS request including the endpoint security posture score and the endpoint DNS-based score of the security score, and the requested domain name to be resolved by the DNS resolver;
obtain, from the DNS resolver, a DNS response including an IP address resolved to an IP address of the requested domain name, an IP address of a proxy server, or an IP address of a blocked page based on the endpoint security posture score, the endpoint DNS-based score, and the requested domain name; and
access the IP address.

10. (Currently Amended) The apparatus of claim 9, wherein the 

endpoint security posture score ranges in value to indicate a best security posture to a poorest security posture. 

15. (Currently Amended) One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor of an endpoint, cause the processor to:
responsive to sending domain name system (DNS) requests to a DNS resolver, receive, from the DNS resolver, DNS responses that resolve a requested domain name to Internet Protocol (IP) addresses and include classification values for the requested domain name ranging in value to indicate safe to unsafe domains; 
compute an average of the classification values based on a predetermined number of the DNS responses obtained from the DNS resolver as an endpoint DNS-based score 
compute an endpoint security posture score based on security parameters of software executing on the endpoint;
compute a security score of the endpoint, the security score including [[an]] the endpoint security posture score to represent security risk associated with the software executing on the endpoint and the endpoint DNS-based score;
provide, to the DNS resolver, a DNS request including the endpoint security posture score and the endpoint DNS-based score of the security score, and the requested domain name to be resolved by the DNS resolver;
provide, to the DNS resolver, a DNS request including the endpoint security posture score and the endpoint DNS-based score of the security score, and the requested domain name to be resolved by the DNS resolver;
obtain, from the DNS resolver, a DNS response including an IP address resolved to an IP address of the requested domain name, an IP address of a proxy server, or an IP address of a blocked page based on the endpoint security posture score, the endpoint DNS-based score, and the requested domain name; and
access the IP address.

17. (Currently Amended) The one or more non-transitory computer readable storage media of claim 16, wherein the 

endpoint security posture score ranges in value to indicate a best security posture to a poorest security posture.

Allowable Subject Matter
Claims 1-4 and 6-21 are allowed over prior art of record.


Examiner’s Statement of Reason for Allowance
The following is an examiner’s statement of reason for allowance:  Independent claim 1, 8, and 15 are allowed in view of prior art.
The closest prior art of record Benson et al. (US Patent No. 9,979,588) discloses, a technology is described for prioritizing DNS name resolutions requests received from DNS resolvers. An example method may include receiving a DNS name resolution request addressed to a DNS name server from a DNS resolver. The DNS resolver associated with the DNS name resolution request may be identified as a known DNS resolver or an unknown DNS resolver, where a known DNS resolver may have DNS resolver characteristics that correspond to a valid DNS resolver. The DNS name resolution request may be prioritized according to the identity of the DNS resolver as a known DNS resolver or an unknown DNS resolver. The DNS name resolution request may then be provided to the DNS name server according to the priority assigned to the DNS name resolution request.
The prior art of Nicodemus et al. (US PGPUB No. 2007/0143851) discloses, methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated 
The prior art of Balderas et al. (US PGPUB No. 2015/0180892) discloses, methods, systems, and apparatus in which the functionality of a DNS server is modified to take into account security intelligence when determining an answer to return in response to a requesting client. Such a DNS server may consider a variety of security characteristics about the client and/or the client's request, as described more fully herein. Such a DNS server can react to clients in a variety of ways based on the threat assessment, preferably in a way that proactively counters or mitigates the perceived threat.
The prior art of Reddy et al. (US PGPUB No. 2016/0080395) discloses, in one implementation, a network device is configured to monitor communications associated with an endpoint and identify domain name service messages in the communications. Subsequently, the network device receives a hypertext transfer protocol (HTTP) request and determines whether a destination internet protocol (IP) address of the HTTP request is present in or absent from the domain name service messages. When the IP address is absent from the domain name service messages, the HTTP request is modified to trigger increased security.
The prior art of Hu et al. (US PGPUB No. 2019/0052650) discloses, A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share 
The prior art of Foxhoven et al. (US PGPUB No. 2017/0310709) discloses, a cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection. 

None of the prior arts of record teaches or makes obvious the following limitation recited in independent claim 1 and the similar limitation recited in independent claims 8 and 15 considering the claims as a whole:  “A method comprising: at an endpoint connected to a network: responsive to sending domain name system (DNS) requests to a DNS resolver, receiving, from the DNS resolver, DNS responses that resolve a requested domain name to Internet Protocol (IP) addresses and include classification values for the requested domain name ranging in value to indicate safe to unsafe domains; computing an average of the classification values as an endpoint DNS-based score that represents security risk from safe to unsafe for the DNS responses obtained IP address resolved to an IP address of the requested domain name, an IP address of a proxy server, or an IP address of a blocked page based on the endpoint security posture score, the endpoint DNS-based score, and the requested domain name; and accessing the IP address.”
None of the prior arts record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  Therefore, claims 1, 8, and 15 are considered to be allowable.
Dependent claims 2-4, 6-7, 9-14, and 16-21 depend upon the above-mentioned allowable claims 1, 8, and 15 are therefore allowed by virtue of their dependency.

Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S SHAMS whose telephone number is (571)272-3406.  The examiner can normally be reached on Monday-Friday 8:00 AM-5:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/SAMSON B LEMMA/Primary Examiner, Art Unit 2498