DETAILED ACTION

1. This communication is in response to the amendment filed on 12/21/2020.  The present application is being examined under the AIA  first to invent provisions. 

  1a. Status of the claims:    
       Claims 1-20 are canceled.
       Claims 21, 27, and 38 are amended.
       Claims 21-40 are pending.
Response to Argument
2. Applicant's arguments filed 12/21/2020 have been fully considered but they are not persuasive.

A,  Applicant argues that Jensen, either alone or in combination with Baginski and McCarthy, fails to disclose, or even suggest “a "system" comprising "a processing device to: build a data reference table based on the received data; enrich a data record associated with the data reference table using a domain name and an IP address for a remote service; and categorize the IP traffic using the enriched data record based on a dynamic traffic categorization technique that creates entries in the data reference table," as presently claimed," as recited in claim1 (Remarks, page 11).

In response to A, the Applicant’s argument is not convincing because Baginski discloses in paragraphs  [0027]-[0028]  a transaction entry being created ( being created is equated to being built) in the transaction table ( transaction entry (IP address and DNS name)  is equated to data reference);  a table of entries is being built with IP address   and DNS name; Baginski discloses entry of a DNS table having a particular device, the address field of a server, and google domain name is produce after a DNS request. The remaining of the limitations “categorize the IP traffic using the enriched data record based on a dynamic traffic categorization technique that creates entries in the data reference table” is moot in view of the new ground(s) of rejection because the remaining limitation is addressed by a new prior art. 

B,  Applicant argues that Jensen does not “create, nor have the ability to categorize IP traffic or create any type of data reference table, let alone one that is based on dynamic traffic categorization. In the Office Action, the Examiner alleges that Jensen, together with at least Baginski and McCarthy, teach these limitations. However, none of these references cure the deficiencies of Jensen," as recited in claim 1 (Remarks, page 12).

In response to B, see Examiner’s response in section A.

C,  Applicant argues that “nothing in Baginski and McCarthy teaches or suggests why "dynamic traffic categorization" would be included in Jensen's system. Such a combination would be based on classic improper hindsight. For example, McCarthy teaches nothing about creating a DNS table. Even the Examiner does not cite to any portion of the McCarthy reference for this limitation. The Examiner does rely on Baginski, citing paragraph [0028]. However, nothing in this cited portion of Baginski teaches or discloses creating any type of DNS data table. At most, Baginski's system handles DNS requests by updating and adding to fields of a DNS request, and uses a "mapping table." Creating and using this mapping table is not the same as categorize the IP traffic using the enriched data record "based on a dynamic traffic categorization technique that creates entries in the data reference table," as recited in claim1 (Remarks, page 12).

In response to C, the Examiner has considered the argument but it is not convincing because the Examiner has considered the claim invention in light of the prior art. For example, Jensen discloses DNS request in column 5, lines 33-34; Baginski discloses transaction table having DNS names as entries. Both references are in the field of DNS transactions. In addition, the argument about “categorize the IP traffic using the enriched data record "based on a dynamic traffic categorization technique that creates entries in the data reference table” is moot because a new prior art is cited to respond to this argument.


   “it would have been obvious to one of ordinary skill in the art to combine the teachings of Baginski with systems of Jensen and McCarthy "to facilitate Internet access by resolving DNS queries." This, however, is nothing more than a feature of the Baginski reference itself. Merely stating that it would have been obvious to combine with the other references, without any evidence or explanation, is not a proper basis for obviousness. Furthermore, the Examiner fails say why or how such a combination would work," as recited in claim1 (Remarks, page 12).

In response to D, the Applicant’s argument is moot in view of new ground(s) of rejection. New prior art is cited to address the amendment.   

E,  Applicant argues that the prior art does not teach claims 27 and 28 limitations as followed:
 “ the arguments set forth above with respect to claim 21 are equally applicable to claims 27 and 38," (Remarks, page 13).

In response to E, the same rationale stated in section about the address the arguments about claim 1 applies also for claim 27 and 38.

F,  Applicant argues that the secondary reference (i.e., Hotz) fails to disclose, or even suggest, “ the deficiencies of the primary reference as discussed above with respect to independent claims 21 and 27. Thus, the combination of the secondary reference with the primary reference also fails to disclose, or even suggest, the deficiencies of the primary reference as discussed above with respect to independent claim 21 or 27,"  as recited in  claims 25, 30, and 36-37 (Remarks, page 13).

In response to F, The Examiner has considered the argument but Hotz does not have to cure the deficiencies of the combination of the secondary reference with the primary reference.  The argument is moot in view of new ground of rejection.

the deficiencies of the primary reference as discussed above with respect to independent claim 27," as recited in claim 31 (Remarks, page 14).

In response to G, The Examiner has considered the argument but Ong does not have to cure the deficiencies of the combination of the secondary reference with the primary reference.  The argument is moot in view of new ground of rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

           A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention
           is not identically disclosed as set forth in section 102 of this title, if the differences between the 
           claimed invention and the prior art are such that the claimed invention as a whole would 
           have been obvious before the effective filing date of the claimed invention to a person having 
           ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated 
           by the manner in which the invention was made. 

3. Claims 21-24, 26-29, 32,  34, 36, and 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over Jensen (US 9,021,085 B1), in view of Baginski et al. . (hereinafter “Baginski”) (US 2013/0151725 A1), and further in view of McMorris et al. (hereinafter “McMorris”) (US 2003/0163567  A1). 
  
Regarding claim 21, Jensen discloses a system, comprising: a monitoring device to:
      monitor IP traffic in a network (Jensen discloses IP addresses being used  for monitoring  network transactions between a user and a webserver (Jensen, column 5, lines 35-40), the IP traffic  (Jensen discloses DNS traffic correlated IP addresses of a user making DNS requests (Jensen, column 4, lines 9-16 )), comprising domain name system (DNS) transactions between a customer device and a DNS service (Jensen discloses DNS transactions between a user device and a web server (Jensen, column 5,  lines 46-56  ); and    
receive data from the monitored DNS transactions (Jensen discloses an IP address of a domain name being obtained ( being obtained is equated to being received) from a DNS monitor monitoring DNS transactions (Jensen, column 4, lines 37-50 )), wherein the data comprises at least one of a domain name, an IP address, a customer ID, or a customer device ID (Jensen discloses a record of a record of DNS transaction having a DNS name (Jensen, column, 4, lines 29-34 )).

                   Jensen does not disclose a processing device to: build a data reference table based on the received data; enrich a data record associated with the data reference table using a domain name and an IP address for a remote service; and categorize the IP traffic using the enriched data record based on a dynamic traffic categorization technique that creates entries in the data reference table.   

            Baginski discloses a processing device to: build a data reference table based on the received data (Baginski, [0027], a transaction entry being created ( being created is equated to being built) in the transaction table ( transaction entry (IP address and DNS name)  is equated to data reference) ); enrich a data record associated with the data reference table using a domain name and an IP address for a remote service (Baginski, [0028], entry of a DNS table having a particular device, the address field of a server, and google domain name is produce after a DNS request; the internet  is used remotely for communicating, fig.1; “www.gooogle.com."  is an online service that is remotely located ).

           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Baginski’s feature of DNS table with device ID with Jensen’s teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to facilitate Internet access by resolving DNS queries. (Baginski, [0001]).
 
               Jensen in view of Baginski do not disclose categorize the IP traffic using the enriched data record based on a dynamic traffic categorization technique that creates entries in the data reference table.

             McMorris discloses categorize the IP traffic using the enriched data record based on a dynamic traffic categorization technique that creates entries in the data reference table (McMorris discloses in paragraph [0031] “mapping table 460 corresponding to the URL https://www.hotmail.com- , an entry "*.*.hotmail.passport.com" may be added to the returned domain name field 460 corresponding to the requested domain name field 410 containing domain name hotmail.com”; McMorris discloses also in paragraph [0034]  “the contents of the cache 250 are the most commonly/frequently requested domain names. Yet, in another embodiment the cache contains all entries of the mapping table”; as can be seen, a table corresponding to URL ,an entry, is being added to a domain field name field; where the domain names in the table have entries such as commonly/frequently requested domain names for example (commonly/ frequently domain names are domain names that are being classified in the table based on for example as frequent the domains are present is a network traffic ); an interpretation that is based on the specification [0007] that discloses the table entry made of enriched data record   include a domain  name (McMorris, [0031]; [0034])).

          Categorizing the IP traffic using the enriched data record is well known in the art. It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate McMorris’ feature of domain name service (DNS) that is used to group IP addresses with Jensens’ teachings in view of Baginski’s teaching of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to securely access a domain name from a digital certificate by using a mapping table that facilitate the matching of a domain name in a user entered domain name with a domain name retrieved from a digital  certificate.

Regarding claim 22, Jensen, Baginski, and McMorris disclose the system of claim 21, Jensen discloses wherein the customer device comprises at least one of a desktop, a laptop, a phone, a tablet, or a TV (Jensen discloses  a laptop being disclosed as a user computer(Jensen, column 4,  lines 34, Fig.2 ). 

Regarding claim 23, Jensen, Baginski, and McMorris disclose the system of claim 21, Jensen teaches wherein the monitoring device is provided at a node in the network (Jensen discloses node 223 being a monitor implemented in a computer ( the computer being the node of the network) (Jensen, column 3 lines 25-28, Fig.2 ).  

Regarding claim 24, Jensen, Baginski, and McMorris disclose the system of claim 21, wherein the monitoring device comprises at least one of a modem, a router, a switch, a multiplexor, a firewall, or a cable modem termination system (CMT S) (Jensen discloses a modern being disclosed (Jensen, column 2, lines 65-66 ).  

Regarding claim 26, Jensen, Baginski, and McMorris disclose the system of claim 21, further comprising a database of domain names and corresponding service categories (Jensen discloses a database containing reputation of domain names; where the reputation includes category (because reputation includes category , service reputation corresponds also to service category) (Jensen, column  3, lines 66-67, column 4, lines 1-4).   

Regarding claim 27, claim 27 is substantially similar to claim 21, thus the same rationale applies. 

Regarding claim 28, Jensen, Baginski, and MacCarthy disclose the method of claim 27, wherein the DNS transactions comprise DNS requests and responses (Jensen discloses a DNS  transaction having  a DNS response corresponding to a DNS request completed (Jensen, column 4, lines 11-19).   

Regarding claim 29 Jensen, Baginski, and McMorris disclose, the method of claim 28.

              Jensen does not disclose further comprising: updating the data reference table based on new DNS requests and responses that are received.  

further comprising: updating the data reference table based on new DNS requests and responses that are received (Baginski, [0032],  each new client device that is connected to the transaction table a network used a DNS request that has a corresponding DNS response ( transaction entry (IP address and DNS name)  is equated to data reference); when a new client device is connected to a translation table the translation table is also updated ).  
 
           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Baginski’s feature of DNS table with device ID with Jensen’s teachings in view of McMorris’ teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to facilitate Internet access by resolving DNS queries. (Baginski, [0001]).   


Regarding claim 32, the method of claim 27, Jensen, Baginski, and McMorris disclose. 

              Jensen does not disclose wherein the data reference table further comprises data associated with other DNS transactions.   

            Baginski discloses wherein the data reference table further comprises data associated with other DNS transactions (Baginski, [0027], transaction entries being part of the transaction table where other transaction entries are disclosed where multiple transaction entries are disclosed ( because more than one transactions are connected to the transaction table, other transactions are also connected when a first transaction is considered) ).  
 
           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Baginski’s feature of DNS table with device ID with Jensen’s teachings in view of McMorris’ teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to facilitate Internet access by resolving DNS queries. (Baginski, [0001]).

wherein the data further comprises at least one of a timestamp, or a time-to-live (Jensen discloses a time- stamp  associated with a record (Jensen, column 4, lines 59-60 ).  

Regarding claim 36, Jensen, Baginski, and McMorris disclose the method of claim 27, wherein the dynamic traffic categorization technique comprises: determining a service category based on the domain name in a database of service categories (Jensen discloses a service category being determined by the reputation of a domain name in a database (because reputation includes category , service reputation corresponds also to service category) (Jensen, column  3, lines 66-67, column 4, lines 1-4).   

Regarding claim 38, Jensen discloses a non-transitory computer-readable storage medium having an executable stored thereon, which when executed instructs a processor (Jensen discloses a non-transitory  in a memory are stored program codes for execution by a processor (Jensen, column 3, lines 3-6 ); in addition, claim 38 is substantially similar to claim 21, thus the same rationale applies.  

Regarding claim 39, claim 39 is substantially similar to claim 35, thus the same rationale applies. 
Regarding claim 40, claim 40 is substantially similar to claim 36, thus the same rationale applies. 


3a. Claims 25, 30, and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Jensen, in view of Baginski, in view of McMorris as applied to claims 21-24, 26-29, 32,  34, 36, and 38-40  above, and further in view of Hotz et al. (hereinafter “Hotz”) (US 2004/0039798 A1).  

Regarding claim 25, Jensen, Baginski, and McMorris disclose the system of claim 21.

      Jensen in view of  Baginski and in view of  McMorris do not disclose further comprising: a collector subsystem to receive a stream of data records from the monitoring device, wherein: the processing device is part of the collector subsystem; and the collector subsystem to transmit a stream of enriched data records to a traffic analyzer. 

      Hotz discloses further comprising: a collector subsystem to receive a stream of data records from the monitoring device, wherein: the processing device is part of the collector subsystem; and the collector subsystem to transmit a stream of enriched data records to a traffic analyzer (Hotz, [0101], a DNS management control and delegate access pattern of users accessing domain name data; the DNs management control is equated by the examiner as traffic analyzer because it can delegate access based on traffic patterns; some analysis has to be done in order to delegate the access to a domain ).   

           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Hotz’s teachings with Jensen’s teachings in view of Baginski’s teachings and in view of McMorris’s teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to transmit data stream more efficiently by using a traffic analyzer that transmit traffic based on the access pattern of a user. 

Regarding claim 30, Jensen, Baginski, and McMorris disclose the method of claim 29.

      Jensen in view of  Baginski and in view of  McMorris do not disclose wherein updating the data reference table comprises purging stale entries.    

      Hotz discloses wherein updating the data reference table comprises purging stale entries (Hotz, [0110], IP route is withdrawn is a server is no longer responds to DNS queries).    
 
           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Hotz’s teachings with Jensen’s teachings in view of Baginski’s teachings and in view of McMorris’ teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to reducing traffic  more efficiently by withdrawn IP route that is no longer used. 

Regarding claim 37, Jensen, Baginski, and McMorris disclose the method of claim 36.

      Jensen in view of  Baginski and in view of  McMorris do not disclose wherein the database of service categories is configurable by an administrator.   

      Hotz discloses wherein the database of service categories is configurable by an administrator (Hotz, [0103], a domain administrator is disclosed configuring DNS record types).  

           It would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate Hotz’s teachings with Jensen’s teachings in view of Baginski’s teachings and in view of McMorris’ teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to configure services categories more accurately by having an administrator doing the configuration. 

3b. Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Jensen, in view of Baginski, in view of McMorris as applied to claims 21-24, 26-29, 32,  34, 36, and 38-40  above, and further in view of McCarthy et al. (hereinafter “McCarthy”) (US 2007/0118668 A1).

Regarding claim 35, Jensen, Baginski, and McMorris disclose the method of claim 27.

      Jensen in view of Baginski  and in view of McMorris do not disclose wherein the dynamic traffic categorization technique comprises: determining a type of service delivered by the remote service to the customer device using the enriched data record.   

      MacCarthy discloses wherein the dynamic traffic categorization technique comprises: determining a type of service delivered by the remote service to the customer device using the enriched data record (MacCarthy discloses in [0005] a domain name service(DNS) that is used to group IP addresses from where a stream should be sourced for delivery to a recipient; 
          Categorizing the IP traffic using the enriched data record is well known in the art; hence, MacCarthy discloses a domain name service (DNS) that is used to group IP addresses; it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate MacCarthy’s feature of domain name service (DNS) that is used to group IP addresses with Jensens’ teachings in view of Baginski’s teaching and in view of Morris’teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to stream from a source a delivery for a recipient; it would be obvious to combine them because doing so would  resolve IP address of a domain name service (MacCarthy, [0005]). 
  
Regarding claim 36, Jensen, Baginski, and McMorris disclose the method of claim 27, wherein the dynamic traffic categorization technique comprises: determining a service category based on the domain name in a database of service categories (Jensen discloses a service category being determined by the reputation of a domain name in a database (because reputation includes category , service reputation corresponds also to service category) (Jensen, column  3, lines 66-67, column 4, lines 1-4).  

3c. Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Jensen, in view of Baginski, in view of McMorris as applied to claims21-24, 26-29, 32,  34, 36, and 38-40  above, and further in view of Ong et al. (hereinafter “Ong”) (US 2013/0215833 A1).  

Regarding claim 31, Jensen, Baginski, and McMorris disclose the method of claim 27.

      Jensen in view of  Baginski and in view of  McMorris do not disclose wherein the data record comprises an IP detail record (IPDR).   

       Ong discloses the feature wherein the data record comprises an IP detail record (IPDR) (Ong discloses in [0024] IP detail record (IPDR)). 
  

3d. Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Jensen, in view of Baginski, in view of McMorris as applied to claims 1-2, 4, 6-12, 14, and 16-20 above, and further in view of BU et al (hereinafter “BU”) (US 2009/0088147 A1). 

Regarding claim 33, Jensen, Baginski, and McMorris disclose the method of claim 27.

      Jensen in view of  Baginski and in view of  MacCarthy do not disclose wherein the customer ID or the customer device ID comprises at least one of an International Mobile Subscriber Identity (IMSI) number, or an International Mobile Station Equipment Identity (IIMEI) number.   

       BU discloses wherein the customer ID or the customer device ID comprises at least one of an International Mobile Subscriber Identity (IMSI) number, or an International Mobile Station Equipment Identity (IIMEI) number ( BU discloses in [0034] International Mobile Subscriber Identity). 
      Using International Mobile Subscriber Identity for identify a user is well known in the art; hence, BU discloses International Mobile Subscriber Identity feature; it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to incorporate BU’s feature of International Mobile Subscriber Identity with Jensen’s teachings in view of Baginski’s teachings and in view of McMorris’ teachings of categorizing IP-based network traffic using DNS data. One skilled in the art would be motivated to combine them in order to create a successful PDP, Packet Data Protocol, context when a mobile unit wishes to begin a new data session (BU, [0033]- [0034]).         


Conclusion
4. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARIEGEORGES A HENRY whose telephone number is (571)270-3226.  The examiner can normally be reached on 11:00am -8:00pm East M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on 571 272-8365.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MARIEGEORGES A HENRY/Examiner, Art Unit 2455                      
 
/ZI YE/Primary Examiner, Art Unit 2455