DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Remarks

	In response to communications sent March 17, 2021, claim(s) 1 and 3-21 is/are pending in this application; of these claim(s) 1, 10, and 16 is/are in independent form.  Claim(s) 1, 4-21 is/are previously presented; claim(s) 3 is/are original; claim(s) 2 is/are cancelled.

Response to Arguments
Applicant's arguments filed March 17, 2021 have been fully considered but they are not persuasive.
Regarding the rejection of claims 1 and 3-21 for non-statutory double patenting, the rejection is not withdrawn because no arguments were presented and a terminal disclaimer was not filed.
Regarding the rejection of claims 1, 3-5, 7-13, and 15-21 under 35 U.S.C. § 102 and claims 6 and 14 under 35 U.S.C. § 103:
 Applicant argues that the mapping to US 2009/0043900 A1 (“Barber”) does not align to the reference’s Provisional Patent Application 60/964,373 because the paragraph numbers and exact wording do not align.  However, MPEP §  2136(I) merely requires “proper support.”  For evidence of proper support for the subject matter relied upon for the rejection that were disputed by Applicant, see the following table:
Mapping from the Non-Final Rejection sent December 17, 2020 corresponding to paragraphs that are disputed in Applicant’s Remarks
Support from the Provisional Patent Application 60/964,373 
Non-provisional Para [0012]: the DNS server provides the subscriber service of domain name resolution using the secure connection and receiving the resolved domain IP address from the DNS server
See page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server.
Non-provisional Para [0073]:  storing a gray list website for domain name resolution at a domain name resolution server
See Figure 1 depicting the “Gray list” connected to the DNS server; see also page 4 lines 23 – page 5 line 9, which teaches using the gray list for domain name resolution using a secure DNS server.
Non-provisional Para [0074]:  determining, based on a gray list, an IP address of a DNS server for resolving the domain name
See page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9.

See page 6 lines 10-15 for establishing a secure connection using tokens for security.
Non-provisional Para [0090]:  establishing a session between a client and the DNS server using the source and target IP addresses
See page 6 lines 14 – 23 for establishing a session using the source (sIP) and target (tIP) Internet Protocol addresses.


Applicant further argues that the Provisional Patent Application 60/964,373 does not disclose, teach, or suggest any of the subject matter for which US 2009/0043900 A1 (“Barber”) is relied upon (emphasis added to this paraphrase of the argument).  The Examiner respectfully disagrees because of any one of the mappings in the table above provides contrary evidence.

Applicant further argues that the provisional patent application teaches connectionless UDP networking instead of a “connection.”  The Examiner respectfully disagrees that the connectionless UDP networking was relied upon for the rejections.  The connectionless UDP networking is a mere background teaching to illustrate the problems in the prior art in the provisional patent application.  
The invention described in the provisional patent application involves a secure session with the DNS server.  See the Specification of the Provisional Patent Application 60/964,373 at page 5 lines 19-23.  The sessions using HTTP, underscoring that the UDP is not relied upon for the embodiment of the rejection.  Furthermore, the Provisional Patent Application 60/964,373 at page 6 lines 8-9 teaches the use of HTTP protocol, which involves connections.

Therefore, the rejection under 35 U.S.C. § 103 of claims 6 and 14 is not withdrawn.  Nevertheless, the Non-Final Rejection sent December 17, 2020 included a rejection under the statute 35 U.S.C. 102(b) instead of 35 U.S.C. 102(e).  Therefore, a new grounds for rejection is made in this Office action based on 35 U.S.C. 102(e) for claims 1, 3-5, 7-13, and 15-21.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 

Claim(s) 1, 3-5, 7-13, and 15-21 is/are rejected under pre-AIA  35 U.S.C. 102(e) as being anticipated by US 2009/0043900 A1 (“Barber”).

As to claim 1, Barber teaches a method, comprising:
receiving a first request for a first network address for a first node having a first name (Barber Para [0070]: receiving a DNS request to resolve a domain name for a website; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9);
determining, based on information from a local database, an Internet Protocol (IP) address associated with a remote secure DNS server that is to be employed in resolving the first name (Barber Para [0074]:  determining, based on a gray list, an IP address of a DNS server for resolving the domain name; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9);
establishing a secure connection (Barber Para [0089]: establishing a secure connection involving security tokens; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security) with the remote secure DNS server using the IP address (Barber Para [0090]: establishing a session between a client and the DNS server using the source and target IP addresses; see Barber’s provisional patent application at page 6 lines 14 – 23 for establishing a session using the source (sIP) and target (tIP) Internet Protocol addresses);
querying the remote secure DNS server for a network address associated with the first name via the secure connection (Barber Para [0012]: the DNS server provides the subscriber service of domain name resolution using the secure connection; in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server); and
receiving the first network address in response to the query (Barber [0012]: receiving the resolved domain IP address from the DNS server; in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server).

As to claim 3, Barber teaches the method of claim 1, further comprising:
receiving a second request for a second network address for a second node having a second name (Barber Para [0071]-[0072]: receiving a second request for a suspicious domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 6);
(Barber Para [0071]-[0072]: determining that the gray list database associates the suspicious name with a categorization for determining blocking; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
not finding the second name in the local database (Barber Para [0071]-[0072]: not finding a suspicious name in the gray list database; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15); and
querying another DNS server for the second network address (Barber Para [0072]: implementation of DNS domain name resolution by a special server for a special service plan; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15).

As to claim 4, Barber teaches the method of claim 1, further comprising:
receiving a second request for a second network address for a second node having a second name (Barber Para [0071]-[0072]: receiving a second request for a suspicious domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
determining that the local database associates the second name with a second network address for another remote secure DNS server (Barber Para [0071]-[0072]: determining that the gray list database associates the suspicious name with a categorization for blocking; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
attempting to establish a secure connection with the other remote secure DNS server at the second network address (Barber Para [0071]-[0072]: attempting to find a suspicious name in the gray list database and checking for special categorization of the domain; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
failing to establish the secure connection with the other remote secure DNS server at the second network address (Barber Para [0072]: implementation of DNS domain name resolution by a special server for a special service plan by ultimately blocks the resolution of the domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15); and
terminating further DNS queries for the second name (Barber Para [0072]: blocking the requested website using a table of blocked domains; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15).

As to claim 5, Barber teaches the method of claim 1, wherein establishing the secure connection includes use of a Layer 3 security mechanism (Barber Para [0047]: the connection involves a session that involves tokens as a security mechanism affecting Layer 3; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 7, Barber teaches the method of claim 1, wherein establishing the secure connection includes transmitting an identifier of a user to the remote secure DNS server (Barber Para [0047]: establishing the session includes transmitting a token identifier associated with a client for presentation to the remote DNS server; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 8, Barber teaches the method of claim 1, wherein establishing the secure connection includes transmitting an identifier for a node to the remote secure DNS server (Barber Para [0047]: establishing the session includes transmitting a token identifier associated with a client for presentation to the remote DNS server; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 9, Barber teaches the method of claim 1, further comprising:
establishing communications with the first node using the received first network address (Barber Para [0070]: establishing the session using the requested domain address; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9).

As to claim 10, Barber teaches a computing device, comprising:
at least one memory and at least one hardware-based instruction execution system, wherein the at least one memory and the at least one hardware-based (Figure 1A; see the Figure 1 in Barber’s provisional patent application for evidence of a computer) are configured to:
store a database including a mapping that associates an Internet Protocol (IP) address of a remote secure DNS server address to at least one host name (Barber Para [0073]: storing a gray list website for domain name resolution at a domain name resolution server; in the Barber’s provisional patent application, see Figure 1 depicting the “Gray list” connected to the DNS server; see also page 4 lines 23 – page 5 line 9, which teaches using the gray list for domain name resolution using a secure DNS server);
receive a request for a network address associated with a first name (Barber Para [0070]: receiving a DNS request to resolve a domain name for a website; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9);
retrieve, based on the mapping, the IP address of the remote secure DNS server as an indication that the remote secure DNS server is to be employed in obtaining the network address associated with the first name (Barber Para [0074]:  determining, based on a gray list, an IP address of a DNS server for resolving the domain name; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9);
establish a secure connection (Barber Para [0089]: establishing a secure connection involving security tokens; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security) with the remote secure DNS server using the retrieved IP address of the secure DNS server (Barber Para [0090]: establishing a session between a client and the DNS server using the source and target IP addresses; see Barber’s provisional patent application at page 6 lines 14 – 23 for establishing a session using the source (sIP) and target (tIP) Internet Protocol addresses);
query the remote secure DNS server with the first name via the secure connection (Barber Para [0012]: the DNS server provides the subscriber service of domain name resolution using the secure connection; in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server); and
receive the network address associated with the first name via the secure connection (Barber [0012]: receiving the resolved domain IP address from the DNS server; in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server).

As to claim 11, Barber teaches the computing device of claim 10, wherein the at least one memory and the at least one hardware-based instruction execution system are further configured to:
(Barber Para [0071]-[0072]: receiving a second request for a suspicious domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
determine, that the database does not include any mapping for the second name (Barber Para [0071]-[0072]: not finding a suspicious name in the gray list database; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15); and
perform a DNS query with an unsecured name resolver for the network address associated with the second name (Barber Para [0072]: implementation of DNS domain name resolution by a special server for a special service plan; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15).

As to claim 12, Barber teaches the computing device of claim 10, wherein the at least one memory and the at least one hardware-based instruction execution system are further configured to:
receive a request for a network address associated with a second name (Barber Para [0071]-[0072]: receiving a second request for a suspicious domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
retrieve, from the database, an IP address associated with another remote secure DNS server (Barber Para [0072]: implementation of DNS domain name resolution by a special server for a special service plan; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
attempt to establish secure connection with the other secure DNS server using the retrieved IP address of the other remote secure DNS server (Barber Para [0071]-[0072]: attempting to find the suspicious name in the gray list database and checking for special categorization of the domain; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15);
fail to establish the secure connection with the other remote secure DNS server (Barber Para [0072]: implementation of DNS domain name resolution by a special server for a special service plan by ultimately blocks the resolution of the domain name; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15); and
terminate further DNS queries for the network address associated with the second name (Barber Para [0072]: blocking the requested website using a table of blocked domains; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15).

As to claim 13, Barber teaches the computing device of claim 10, wherein establishing the secure connection comprised use of a Layer 3 security mechanism (Barber Para [0047]: the connection involves a session that involves tokens as a security mechanism affecting Layer 3; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

(Barber Para [0047]: establishing the session includes transmitting a token identifier associated with a client for presentation to the remote DNS server; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 16, Barber teaches a computing device, comprising:
at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instruction for causing the computing device (Figure 1A; see the Figure 1 in Barber’s provisional patent application for evidence of a computer) to:
store a local name resolution database comprising a plurality of mappings between network addresses and one or more names associated with respective ones of the network addresses (Barber Para [0073]: storing a gray list website for domain name resolution at a domain name resolution server; in the Barber’s provisional patent application, see Figure 1 depicting the “Gray list” connected to the DNS server; see also page 4 lines 23 – page 5 line 9, which teaches using the gray list for domain name resolution using a secure DNS server);
receive a request from a first remote client node , the request being in response to a mapping on the first remote client node associating a hostname being (Barber Para [0070]: receiving a DNS request to resolve a domain name for a website; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9);
establish secure connection (Barber Para [0089]: establishing a secure connection involving security tokens; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security) with the first remote client node (Barber Para [0090]: establishing a session between a client and the DNS server using the source and target IP addresses; see Barber’s provisional patent application at page 6 lines 14 – 23 for establishing a session using the source (sIP) and target (tIP) Internet Protocol addresses);
determine, based on at least one of the plurality of mappings, a network address associated with the hostname being resolved by the first remote client node (Barber Para [0012]: the DNS server provides the subscriber service of domain name resolution using the secure connection;  in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server); and
provide the network address to the first remote client node via the established connection (Barber [0012]: receiving the resolved domain IP address from the DNS server; in Barber’s provisional patent application, see page 5 lines 18-24: the DNS server provides a service of domain name resolution over HTTP protocol using secure credentials; see page 7 line 4-9 for receiving a resolved domain from the DNS server).

As to claim 17, Barber teaches the computing device of claim 16, wherein the instructions are also for causing the computing device to:
store a database of authorized clients (Barber Para [0074]:  store a gray list; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9); and
refuse to communicate with a second remote client node that is not listed in the database of authorized clients (Barber Para [0072]: blocking the requested website using a table of blocked domains; in Barber’s provisional patent application, see page 3 line 28 – page 4 line 15).

As to claim 18, Barber teaches the computing device of claim 16, wherein:
the instructions are also for causing the computing device to:
store a database of authorized clients (Barber Para [0074]:  store a gray list; in Barber’s provisional patent application, see page 7 line 4-9 for receiving a resolved domain by taking into account the blocked sites established by the gray list taught on page 4 lines 23 – page 5 line 9); and
the establishment of the secure connection with the first remote client node (Barber Para [0089]: establishing a secure connection; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security) includes:
establishment of the secure connection with the first remote client node in response to an identifier of the first remote client device being associated with an entry in the database of authorized clients (Barber Para [0089]: establishing a secure connection in response to security tokens for the clients; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 19, Barber teaches the computing device of claim 18, wherein the identifier is a Media Access Control (MAC) address (this element is claimed in the alternative and does not need to be mapped) or a hardware identifier of the first remote client node (Barber Para [0089]: security token identifiers of a client node made from hardware; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

As to claim 20, Barber teaches the computing device of claim 16, wherein the instructions are also for causing the computing device to:
receive a unique identifier of the first remote client node clients (Barber Para [0089]: establishing a secure connection in response to security tokens for the clients; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

(Barber Para [0089]: determining, based on the security tokens, whether the client is authorized to connect to the DNS server; see Barber’s provisional patent application at page 6 lines 10-15 for establishing a secure connection using tokens for security).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 6 and 14 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over US 2009/0043900 A1 (“Barber”) in view of US 7,296,155 B1 (“Trostle”).


Nevertheless, Trostle teaches wherein the Layer 3 security mechanism comprises IPsec (Trostle Col 7 line 43 – 57: establishing a connection via IPSEC that conveys a process identifier and Transaction ID in Figure 2B to indirectly identify an application-type user to the DNS server)
Barber and Trostle are in the same field of domain name resolution.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the teachings of Barber to include the teachings of Trostle because IPsec is more secure (See Trostle, Abstract).
	

As to claim 14, Barber teaches the computing device of claim 13, but does not teach wherein the Layer 3 security mechanism comprises IPsec.
Nevertheless, Trostle teaches wherein the Layer 3 security mechanism comprises IPsec (Trostle Col 7 line 43 – 57: establishing a connection via IPSEC that conveys a process identifier and Transaction ID in Figure 2B to indirectly identify an application-type user to the DNS server).
Barber and Trostle are in the same field of domain name resolution.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the teachings of Barber to include the teachings of Trostle because IPsec is more secure (See Trostle, Abstract).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 and 3-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 3-20 of U.S. Patent No 8,935,748.  Although the claims at issue are not identical, they are not patentably distinct from each other because the genus claimed in the instant Application 15/662,922 is anticipated by the species in U.S. Patent No. 8,935,748 B2.

Instant Application 15/662,922
U.S. Patent No 8,935,748 B2
1. A method, comprising:
receiving a first request for a first network address for a first node having a first name;




determining, based on information from a local database, an Internet Protocol (IP) address associated with a remote secure DNS server that is to be employed in resolving the first name;

establishing a secure connection with the remote secure DNS server using the IP address;

querying the remote secure DNS server for a network address associated with the first name via the secure connection; and

receiving the first network address in response to the query.

receiving a first request for a first network address for a first device having a first name;



finding a first entry in said database, said first entry comprising said first name and an identifier associated with a secure DNS server;

establishing an authenticated session with said secure DNS server using said identifier;

querying said secure DNS server with a query comprising said first name;
receiving said first network address; and

establishing a connection with said first network address.





looking up the second name in the local database;
not finding the second name in the local database; and

querying another DNS server for the second network address.




looking up said second name in said database;
not finding said second name in said database; and



querying an unsecured DNS server for said third network address.

receiving a second request for a second network address for a second node having a second name;

determining that the local database associates the second name with a second network address for another remote secure DNS server;


attempting to establish a secure connection with the other remote secure DNS server at the second network address;
failing to establish the secure connection with the other remote secure DNS server at the second network address; and

terminating further DNS queries for the second name.

receiving a second request for a third network address for a second device having a second name;
looking up said second name in said database;
finding a second entry in said database, said second entry comprising said second name and a third network 

attempting to establish an authenticated session with said other secure DNS server using said third network address;
failing to establish said authenticated session with said other secure DNS server; and

terminating further DNS queries for said second name.

5. The method of claim 2, said authenticated session comprising a Layer 3 security mechanism.
6. The method of claim 5, wherein the Layer 3 security mechanism comprises IPsec.
6. The method of claim 5, said Layer 3 security mechanism comprising IPsec.
7. The method of claim 1, wherein establishing the secure connection includes transmitting an identifier of a user to the remote secure DNS server.
7. The method of claim 2, said establishing said authenticated session with said secure DNS server comprising 

8. The method of claim 7, said unique identifier being an identifier for a device.
9. The method of claim 1, further comprising:
establishing communications with the first node using the received first network address.
9. The method of claim 7, said unique identifier being an identifier for a user.
10. A computing device, comprising:
at least one memory and at least one hardware-based instruction execution system, wherein the at least one memory and the at least one hardware-based instruction execution system are configured to:

store a database including a mapping that associates an Internet Protocol (IP) address of a remote secure DNS server address to at least one host name;








retrieve, based on the mapping, the IP address of the remote secure DNS server as an indication that the remote secure DNS server is to be employed in obtaining the network address associated with the first name;

establish a secure connection with the remote secure DNS server using the retrieved IP address of the secure DNS server;

query the remote secure DNS server with the first name via the secure connection; and


a database comprising at least one secure DNS server address and at least one host name to be resolved by said at least one secure DNS server;
a secure name resolver adapted to:










look up said first name in a database, said database being a local database;

find a first entry in said database, said first entry comprising said first name and a second network address associated with a secure DNS server;



establish an authenticated session with said secure DNS server using said second network address;

query said secure DNS server with a query comprising said first name; and

receive said first network address; and


receive a request for a network address associated with a second name;


determine, that the database does not include any mapping for the second name; and

perform a DNS query with an unsecured name resolver for the network address associated with the second name.
11. The client hardware device of claim 10, said secure name resolver further adapted to:


receive a second request for a third network address for a second device having a second name;

look up said second name in said database;
not find said second name in said database; and

perform a DNS query of said unsecured name resolver of said second name.
12. The computing device of claim 10, wherein the at least one memory and the at least one hardware-based 

receive a request for a network address associated with a second name;


retrieve, from the database, an IP address associated with another remote secure DNS server;


attempt to establish secure connection with the other secure DNS server using the retrieved IP address of the other remote secure DNS server;

fail to establish the secure connection with the other remote secure DNS server; and

terminate further DNS queries for the network address associated with the second name.




receive a second request for a third network address for a second device having a second name;

look up said second name in said database;
find a second entry in said database, said second entry comprising said second name and a fourth network address associated with another secure DNS server;

attempt to establish an authenticated session with said other secure DNS server using said fourth network address;


fail to establish said authenticated session with said other secure DNS server; and

terminate further DNS queries for said second name.

13. The client hardware device of claim 10, said authenticated session comprising a Layer 3 security mechanism.
14. The computing device of claim 13, wherein the Layer 3 security mechanism comprises IPsec.
14. The client hardware device of claim 13, said Layer 3 security mechanism comprising IPsec.
15. The computing device of claim 10, wherein the at least one memory and the at least one hardware-based instruction execution system are further configured to transmit a unique identifier to the remote secure DNS server as part of establishment of the secure connection.
15. The client hardware device of claim 10 wherein said secure name resolver is further adapted to transfer a unique identifier to said secure DNS server as part of said authenticated session.
16. A computing device, comprising:
at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and 

store a local name resolution database comprising a plurality of mappings between network addresses and one or more names associated with respective ones of the network addresses;

receive a request from a first remote client node, the request being in response to a mapping on the first remote client node associating a hostname being resolved by the first remote client node to an Internet Protocol (IP) address associated with the computing device;




establish secure connection with the first remote client node;








provide the network address to the first remote client node via the established connection.









receiving a first request for a first network address of a first device having a first name;



looking up the first name in a database, the database being a local database;




identifying within the database a network address of a secure DNS server that is associated with the first entry;


querying the secure DNS server with a query comprising the first name;

receiving the first network address; and

establishing a connection with the first network address.

store a database of authorized clients; and
refuse to communicate with a second remote client node that is not listed in the database of authorized clients.
17. The computer-readable storage device of claim 16, wherein the operations further comprise:
receiving a second request for a third network address for a second device having a second name;
looking up the second name in the database;
not finding the second name in the database; and


the instructions are also for causing the computing device to:

store a database of authorized clients; and








the establishment of the secure connection with the first remote client node includes:
establishment of the secure connection with the first remote client node in response to an identifier of the first remote client device being associated 


receiving a second request for a third network address for a second device having a second name;

looking up the second name in the database;
identifying within the database a third network address of another secure DNS server that is associated with the second entry;

attempting to establish an authenticated session with the other secure DNS server using the third network address;
failing to establish the authenticated session with the other secure DNS server; and


terminating further DNS queries for the second name.

19. The computer-readable storage device of claim 16, wherein authenticated session employs IPsec.
20. The computing device of claim 16, wherein the instructions are also for causing the computing device to:
receive a unique identifier of the first remote client node.
20. The computer-readable storage device of claim 16, wherein establishing the authenticated session with the secure DNS server comprises transmitting a user identifier and/or a device identifier to the secure DNS server.
21. The computing device of claim 20, wherein the instructions are also for causing the computing device to: determine, based on the received unique identifier of the first remote client device, whether the first remote client node is authorized to access a secure DNS server on the computing device.
(See claim 17.)


Claims 1 and 3-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 3-20 of U.S. Patent No. 9,740,781. Although the claims at issue are not identical, they are not patentably distinct from each other because the genus claimed in the instant Application 15/662,922 is anticipated by the species in U.S. Patent No. 9,740,781 B2.

Instant Application 15/662,922
U.S. Patent No. 9,740,781 B2
1. A method, comprising:
receiving a first request for a first network address for a first node having a first name;

determining, based on information from a local database, an Internet Protocol (IP) address associated with a remote secure DNS server that is to be employed in resolving the first name;


establishing a secure connection with the remote secure DNS server using the IP address;

querying the remote secure DNS server for a network address associated with the first name via the secure connection; and

receiving the first network address in response to the query.

receiving a first request for a first network address for a first node having a first name;

determining, based on information from a local database, an identifier associated with a secure DNS server, wherein the local database includes a mapping that indicates that the secure DNS server associated with the identifier is to be employed in resolving the first name;



querying the secure DNS server for a network address associated with the first name; and


receiving the first network address in response to the query.


receiving a second request for a second network address for a second node having a second name;

looking up the second name in the local database;

not finding the second name in the local database; and




receiving a second request for a second network address for a second node having a second name;

looking up the second name in the local database;

not finding the second name in the local database; and



receiving a second request for a second network address for a second node having a second name;

determining that the local database associates the second name with a second network address for another remote secure DNS server;

attempting to establish a secure connection with the other remote secure DNS server at the second network address;

failing to establish the secure connection with the other remote secure DNS server at the second network address; and



receiving a second request for a second network address for a second node having a second name;

determining that the local database associates the second name with a second network address for another secure DNS server;

attempting to establish an authenticated session with the other secure DNS server at the second network address;

failing to establish the authenticated session with the other secure DNS server at the second network address; and



5. The method of claim 1, wherein establishing the authenticated session includes use of a Layer 3 security mechanism.
6. The method of claim 5, wherein the Layer 3 security mechanism comprises IPsec.
6. The method of claim 5, the Layer 3 security mechanism comprises IPsec.
7. The method of claim 1, wherein establishing the secure connection includes transmitting an identifier of a user to the remote secure DNS server.
7. The method of claim 1, wherein establishing the authenticated session includes transmitting an identifier of a user to the secure DNS server.
8. The method of claim 1, wherein establishing the secure connection includes transmitting an identifier for a node to the remote secure DNS server.
8. The method of claim 1, wherein establishing the authenticated session includes transmitting an identifier for a node to the secure DNS server.
9. The method of claim 1, further comprising:
establishing communications with the first node using the received first network address.
9. The method of claim 1, further comprising:
establishing a connection with the first node using the received first network address.
10. A computing device, comprising:


store a database including a mapping that associates a an Internet Protocol (IP) address of a remote secure DNS server address to at least one host name;

receive a request for a network address associated with a first name;

retrieve, based on the mapping, the IP address of the remote secure DNS server as an indication that the remote secure DNS server is to be employed in obtaining the network address associated with the first name;




query the remote secure DNS server with the first name via the secure connection; and
receive the network address associated with the first name via the secure connection.



store a database including a mapping that associates a network address of a secure DNS server address to at least one host name;

receive a request for a network address associated with a first name;

retrieving, based on the mapping, the network address of the secure DNS server as an indication that the secure DNS server is to be employed in obtaining the network address associated with the first name;

establish an authenticated session with the secure DNS server using the 


query the secure DNS server with the first name; and

receive the network address associated with the first name.


receive a request for a network address associated with a second name;




perform a DNS query with an unsecured name resolver for the network address associated with the second name.


receive a request for a network address associated with a second name;




performing a DNS query with an unsecured name resolver for the network address associated with the second name.


receive a request for a network address associated with a second name;


retrieve, from the database, an IP address associated with another remote secure DNS server;




attempt to establish a secure connection with the other remote secure DNS server using the retrieved IP address of the other remote secure DNS server;


fail to establish the secure connection with the other remote secure DNS server; and

terminate further DNS queries for the network address associated with the second name.


receive a request for a network address associated with a second name;


retrieve, from the database, a network address associated with another secure DNS server;




attempt to establish an authenticated session with the other secure DNS server using the retrieved network address of the other secure DNS server;


fail to establish the authenticated session with the other secure DNS server; and
terminate further DNS queries for the network address associated with the second name.

13. The computing device of claim 10, wherein establishing the authenticated session comprised use of a Layer 3 security mechanism.
14. The computing device of claim 13, wherein the Layer 3 security mechanism comprises IPsec.
14. The computing device of claim 13, the Layer 3 security mechanism comprises IPsec.
15. The computing device of claim 10, wherein the at least one memory and 


at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instruction for causing the computing device to:

store a local name resolution database comprising a plurality of mappings between network addresses and one or more names associated with respective ones of the network addresses;

receive a request from a first remote client node, the request being in response to a mapping on the first remote client node associating a 


establish a secure connection with the first remote client node;

determine, based on at least one of the plurality of mappings, a network address associated with the hostname being resolved by the first remote client node; and

provide the network address to the first remote client node via the established secure connection.

at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instruction for causing the computing device to:

store a name resolution database comprising a plurality of mappings between network addresses and one or more names associated with respective ones of the network addresses;


receive a request from a first client node, the request being in response to a mapping on the first client node 

authenticate the first client node;

establish a secure connection with the first client node;

determine, based on at least one of the plurality of mappings, a network address associated with the hostname being resolved by the first client node; and

provide the network address to the first client node.

store a database of authorized clients; and


store a database of authorized clients; and


the instructions are also for causing the computing device to:

store a database of authorized clients; and





the establishment of the secure connection with the first remote client node includes:

establishment of the secure connection with the first remote client node in response to an identifier of the first remote client device being associated 

the instructions are also for causing the computing device to:

store a database of authorized clients;
the authentication of the first client node includes:
receipt of an identifier of the first client node from the first client node; and

the establishment of the secure connection with the first client node includes:

establishment of the secure connection with the first client node in response to the identifier of the first client device being associated with an entry in the database of authorized clients.
19. The computing device of claim 18, wherein the identifier is a Media Access Control (MAC) address or a hardware identifier of the first remote client node.
19. The computing device of claim 18, wherein the identifier is a Media Access Control (MAC) address or a hardware identifier of the first client node.
20. The computing device of claim 16, wherein the instructions are also for causing the computing device to:
receive a unique identifier of the first remote client node.
20. The computing device of claim 16, the authentication of the first client node includes:

receipt of a unique identifier of the first client node.
21. The computing device of claim 20, wherein the instructions are also for causing the computing device to: determine, based on the received unique identifier of the first remote client device, whether the first remote client node is authorized to access a secure DNS server on the computing device.
(See claim 17.)



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  The following art has previously been made of record:
US 2004/0250119 A1: Relied upon for rejection in a parent application and noted on Applicant’s Information Disclosure Statement.
US 7,945,666 B2:  Pertinent because of the use of IPSec protocol for DNS lookup with an intermediate server involved.
US 7,299,491 B2:  Pertinent because of authenticated domain name resolution.
Ateniese, Giuseppe, and Stefan Mangard. "A new approach to DNS security (DNSSEC)." In Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 86-95. ACM, 2001.
(Cited on Applicant’s Information Disclosure Statement.)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jesse P Frumkin whose telephone number is (571)270-1849.  The examiner can normally be reached on Monday - Saturday, 10-5 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JESSE P FRUMKIN/         Primary Examiner, Art Unit 1631                                                                                                                                                                                               	April 3, 2021