DETAILED ACTION
	This application has been examined. Claims 1-20 are pending.
In order to facilitate communication with the Examiner and expedite the prosecution of the instant application the Applicant is requested to submit written authorization to authorize the USPTO to communicate via electronic mail.  The written authorization must be compliant with the language from MPEP § 502.03.
 
Priority
	 
	The effective date of the claims described in this application is October 31, 2018.

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2,12 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown (USPGPUB 2018/0316618) further in view of Uppal (US Patent 10469513).
 
In regard to Claim 1

Brown Paragraph 52,57,76 disclosed wherein DNS spy 130 maps multiple hostname/IP address pairs to entries of the identification table by intercepting and inspecting multiple DNS responses. 

Brown disclosed (re. Claim 1) a computer-implemented method, comprising:   
identifying a resource deployed in a computer network, (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses. The DNS spy 130 may also intercept other types of packets traversing the first network 120, the second network 140, or both, (e.g., non-DNS data packets) and update the identification table based on characteristics of the intercepted packets, Paragraph 76, Rather than decrypting the data packets, in an embodiment, the transport manager 270 identifies the hostname of the content server 290 by extracting the IP address of the content server 290 from one of the data packets, accessing an information table stored in a storage 232, identifying an entry in the information table including the extracted IP address, and determining the hostname by reading the identified entry )  wherein discovery protocol data traffic from the resource is unencrypted; ( Brown- Paragraph 76, extracting the IP address of the content server 290 from one of the data packets. Paragraph 57, Because the DNS response is not encrypted, the DNS spy 130 extracts the hostname and the IP address from the DNS response without performing decryption. The Examiner notes wherein the extracted IP address is not decrypted and thus is equivalent to the claimed protocol traffic that is unencrypted ) 
receiving metadata associated with the discovery protocol data traffic; (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses. The DNS spy 130 may also intercept other types of packets traversing the first network 120, the second network 140, or both, (e.g., non-DNS data packets) and update the identification table based on characteristics of the intercepted packets )  
updating the computer network based at least in part on information included in the metadata; (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses. The DNS spy 130 may also intercept other types of packets traversing the first network 120, the second network 140, or both, (e.g., non-DNS data packets) and update the identification table based on characteristics of the intercepted packets )  
 DNS server 350 then generates a DNS response including a plurality of RRs that include the hostname and the IP address. The DNS server 350 transmits the DNS response to the source of the DNS request. For example, when the DNS request is transmitted from a client device, the DNS server 350 transmits the DNS response to the client device )  

While Brown substantially disclosed the claimed invention Brown does not disclose (re. Claim 1) authenticating a request from the client to access the resource using an encrypted protocol; and 
providing, to the client, access to the resource upon authentication, according to a resource attribute. 	Uppal Column 2 Lines 45-65 disclosed wherein request can be handled as erroneous or potentially malicious.
Uppal disclosed (re. Claim 1) authenticating a request from the client to access the resource using an encrypted protocol; (Uppal-Column 2 Lines 65, a router or computing device may determine whether a request to communicate with a network address should be considered valid, based on validity information encoded into the network address. Should the request be invalid (e.g., due to an expired TTL), the request can be handled as erroneous or potentially malicious, thus enabling the router or computing device to determine validity as a function of a network address, potentially without referencing external information regarding the request.  )    and 
a DNS service and a destination computing device may work cooperatively to ensure that all client computing devices accessing the destination computing device are legitimate users of the DNS service. Such cooperation may assist, for example, in mitigating network attacks )  	Brown and Uppal are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the effective filing date of the claimed invention it would have been obvious to combine Uppal into Brown.  The motivation for the said combination would have been to implement inclusion of validity information within a network address and enable computing devices to readily and efficiently distinguish legitimate from illegitimate traffic. (Uppal-Column 6 Lines 1-5)
In regard to Claim 12
 Claim 12 (re. system) recites substantially similar limitations as Claim 1.  Claim 12 is rejected on the same basis as Claim 1.
In regard to Claim 19
 Claim 19 (re. non-transitory computer-readable medium) recites substantially similar limitations as Claim 1.  Claim 19 is rejected on the same basis as Claim 1.

In regard to Claim 2
Brown-Uppal disclosed (re. Claim 2) wherein identifying the resource deployed in the computer network (Brown-Paragraph 118, the characteristics are used by a transport manager to identify hostname/IP address pairs associated with relatively burdensome data flows. For example, the transport manager identifies entries including relatively large amounts of cumulative bytes as likely to be associated with elephant flows )   comprises determining that the resource is deployed in a network edge of the computing network (Brown-Paragraph 106, content server 390 may deliver, transfer, transport, and/or otherwise provide media files and other content to network edge caches (not shown), which may deliver, transfer, transport, and/or otherwise provide the content to requesting devices )  when the discovery protocol data traffic from the resource is unencrypted. ( Brown- Paragraph 76, extracting the IP address of the content server 290 from one of the data packets. The Examiner notes wherein the extracted IP address is not decrypted and thus is equivalent to the claimed protocol traffic that is unencrypted )
Claims 3-5 ,7,10-11,13-16,18,20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown (USPGPUB 2018/0316618) further in view of Uppal (US Patent 10469513) further in view of BenShaul (USPGPUB 2002/0010798).

In regard to Claim 3,13,20
Brown-Uppal disclosed (re. Claim 3,13,20) wherein: receiving the metadata associated with the discovery protocol data traffic includes receiving a network address and a domain name for the resource; (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses. The DNS spy 130 may also intercept other types of packets traversing the first network 120, the second network 140, or both, (e.g., non-DNS data packets) and update the identification table based on characteristics of the intercepted packets, Paragraph 44, parsing the DNS responses to create a mapping between a content delivery network (CDN) server's internet protocol (IP) address(es) and the domain name based on the DNS responses  )  
updating the computer network based at least in part on the information included in the metadata (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses  )  includes parsing network addresses in the computer network and updating a domain name service with the domain name for the resource; (Brown- Paragraph 44, parsing the DNS responses to create a mapping between a content delivery network (CDN) server's internet protocol (IP) address(es) and the domain name based on the DNS responses )  
and providing, to the client, the response includes providing, to the client, the domain name for the resource (Brown-Paragraph 94, DNS server 350 then generates a DNS response including a plurality of RRs that include the hostname and the IP address. The DNS server 350 transmits the DNS response to the source of the DNS request. For example, when the DNS request is transmitted from a client device, the DNS server 350 transmits the DNS response to the client device )      	While Brown-Uppal substantially disclosed the claimed invention Brown-Uppal 

Benshaul Par. 171 certain domain names are translated to the IP address of the regional edge server 30. The additional domain names that are used may be znn-regionalX.com, where X stands for a number. This naming convention accommodates a set of regional servers that serve requests.
BenShaul disclosed (re. Claim 3,13,20) a service advertisement associated with the resource.( Benshaul Par. 171, certain domain names are translated to the IP address of the regional edge server 30. The additional domain names that are used may be znn-regionalX.com, where X stands for a number. This naming convention accommodates a set of regional servers that serve requests ,  Paragraph  148, responsive to one of the registrations, effecting a resolution of the DNS address resolution request in the regional DNS server, to define a network address, and communicating the network address from the regional DNS server to the client, Paragraph 176, Figure 4, a request is initiated from the client 14 and the resolution is finally returned from the client regional DNS server 22, as indicated by the notation (1, 4) )    The Examiner notes wherein communicating the DNS address resolution information , wherein the said resolution is returned to the requesting client,  is equivalent to a service advertisement associated with the resource.
Brown, Uppal and BenShaul are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the effective filing date of the claimed invention it would have been obvious to combine 

In regard to Claim 4,14
Brown-Uppal-BenShaul disclosed (re. Claim 4,14) wherein receiving the network address and the domain name for the resource comprises receiving a subnetwork address for a router associated with the resource  (Brown-Paragraph 52, DNS spy 130 is configured to intercept DNS responses sent from the DNS server 150 to the client device 110, and to generate and/or update an identification table based on hostname/IP address pairs in the DNS responses. The DNS spy 130 may also intercept other types of packets traversing the first network 120, the second network 140) and receiving a device universal unique identifier for the router.(BenShaul-Paragraph 171, in the region 32 certain domain names are translated to the IP address of the regional edge server 30. For example, the additional domain names that are used may be znn-regionalX.com, where X stands for a number. This naming convention accommodates a set of regional servers that serve requests for renamed URLs at their respective regions ) 
In regard to Claim 5,16
Brown-Uppal-BenShaul disclosed (re. Claim 5,16) wherein receiving the network address and the domain name for the resource comprises grouping the network addresses into a subnetwork and forming a subnetwork mask (BenShaul-Paragraph  in the region 32 certain domain names are translated to the IP address of the regional edge server 30. For example, the additional domain names that are used may be znn-regionalX.com, where X stands for a number. This naming convention accommodates a set of regional servers that serve requests for renamed URLs at their respective regions )  to monitor a usage of the network addresses. (Brown-Figure 13,Paragraph 44,collecting/storing statistical data on previously mentioned data flows as a whole or as determined by the domain name, and determining the most significant domain name(s) on a given network by analyzing the whole of the statistical data collected. Paragraph 73, a data flow can be identified as an elephant flow by identifying a hostname associated with the data flow. When a data flow is identified as being to or from a host that has been previously known to be likely to generate elephant flows, the transport manager 270 identifies the data flow as an elephant flow) 
In regard to Claim 7
Brown-Uppal-BenShaul disclosed (re. Claim 7) wherein receiving the network address and the domain name for the resource comprises mapping the network address to the domain name in response to the network address being accessed by a valid request from a client device. (Brown-Paragraph 44, parsing the DNS responses to create a mapping between a content delivery network (CDN) server's internet protocol (IP) address(es) and the domain name based on the DNS responses )   
 	In regard to Claim 10,18
 processor 352 executes one or more policies 356 stored in the storage 354…the processor 352 executes program commands stored in the storage 354. ) 	In regard to Claim 11
Brown-Uppal-BenShaul disclosed (re. Claim 11) further comprising identifying popular servers out of a plurality of servers in the computer network based at least in part on a frequency of access to the plurality of servers ( Brown-Paragraph 170 , granular statistics on all traffic with a specific domain can be used to determine the top n domains on a specified network )  and updating the domain name service with the popular servers. (BenShaul-Paragraph 171, in the region 32 certain domain names are translated to the IP address of the regional edge server 30. For example, the additional domain names that are used may be znn-regionalX.com, where X stands for a number. This naming convention accommodates a set of regional servers that serve requests for renamed URLs at their respective regions )
In regard to Claim 15
Brown-Uppal-BenShaul disclosed (re. Claim 15) wherein identifying the resource deployed in the computer network (Brown-Paragraph 118, the characteristics are used by a transport manager to identify hostname/IP address pairs associated with relatively burdensome data flows. For example, the transport manager identifies entries including relatively large amounts of cumulative bytes as likely to be associated with elephant flows )   comprises determining that the resource is deployed in a network edge of the computing network (Brown-Paragraph 106, content server 390 may deliver, transfer, transport, and/or otherwise provide media files and other content to network edge caches (not shown), which may deliver, transfer, transport, and/or otherwise provide the content to requesting devices )  when the discovery protocol data traffic from the resource is unencrypted. ( Brown- Paragraph 76, extracting the IP address of the content server 290 from one of the data packets. The Examiner notes wherein the extracted IP address is not decrypted and thus is equivalent to the claimed protocol traffic that is unencrypted )
  
Claims 6,17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown (USPGPUB 2018/0316618) further in view of Uppal (US Patent 10469513) further in view of BenShaul (USPGPUB 2002/0010798) further in view of Wang (US 2017/0318040) further in view of Achilles (US 2006/0236227) further in view of what was well-known in the networking art.

In regard to Claim 6,17
While Brown-Uppal-BenShaul substantially disclosed the claimed invention Brown-Uppal-BenShaul does not disclose (re. Claim 6,17)  wherein receiving the network address and the domain name for the resource comprises issuing a warning to a system server in response to domain name exhaustion being reached.
Wang Paragraph 20,Paragraph 22 disclosed wherein the switch 13 monitors that the IP addresses are allocated for the client terminals and monitors the IP addresses in After the switch 13 monitors that the IP addresses are allocated for the client terminals 11 and 12 coupled to the ports 131 and 132 thereof, the switch 13 may execute the method for defending the DHCP attack, identify the insecure client terminal 11, and take corresponding measures, thus effectively avoiding the problem that the normal client terminal 12 cannot acquire an IP address and cannot access the network because the IP addresses in the address pool of the DHCP server are maliciously exhausted by the insecure client terminal 11. The Examiner notes wherein the switch 13 monitors that the IP addresses are allocated for the client terminals and monitors the IP addresses in the address pool of the DHCP server are maliciously exhausted by the insecure client terminal.  )   	Brown, Uppal and Wang are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the effective filing date of the claimed invention it would have been obvious to combine 
While Brown-Uppal-Wang substantially disclosed the claimed invention Brown-Uppal-Wang does not disclose (re. Claim 6,17)  issuing a warning to a system server in response to domain name exhaustion being reached.
  Achilles Paragraph 13, Paragraph 18 disclosed detecting that a number of unassigned content identifiers in the set of unassigned content identifiers has been reduced below a threshold value due to selection and assignment of unassigned content identifiers to successively received or encountered content portions.
Achilles disclosed (re. Claim 6,17)  issuing a warning to a system server in response to domain name exhaustion being reached. (Achilles-Paragraph 44, At some threshold level, the content manager 150 can briefly halt processing of content portions 103 (e.g. the markup parser 115 can cache XML content for a brief period) while the recover operation 152 completes.  The Examiner notes where the Achilles domain names and content identifiers are equivalent to the Wang IP addresses in the address pool of the DHCP server that are maliciously exhausted by the insecure client terminal ).

 	Official Notice (see MPEP 2144.03) is taken that at the time of the invention it would have been well-known in the networking art to issue a warning message for threshold conditions.  In the context of the Brown-Uppal-Wang-Achilles it would have been obvious to send a warning message regarding the detected Achilles threshold level in order that the system administrators are made aware of the conditions while Achilles is executing the recover operation.

Brown, Uppal,Wang and Achilles are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the effective filing date of the claimed invention it would have been obvious to combine Achilles into Brown-Uppal-Wang.  The motivation for the said combination would have been to avoid a situation in which the set of available numeric identifiers is not large enough to represent all content portions uniquely such that the Wang IP addresses in the address pool of the DHCP server are maliciously exhausted by the insecure client terminal. In other words, as more and more different text strings are encountered and converted to content identifiers, the set of available content identifiers become smaller and smaller. Eventually, a situation can arise in which there are no more content identifiers available for assignment as numeric identifiers to individual respectively unique content portions such as text strings (e.g. tags or URIs). (Achilles-Paragraph 13)
Claims 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown (USPGPUB 2018/0316618) further in view of Uppal (US Patent 10469513) further in view of BenShaul (USPGPUB 2002/0010798) further in view of Dunn (USPGPUB 2014/0330948).

In regard to Claim 8
Brown-Uppal disclosed (re. Claim 8)   parsing the network addresses in the computer network (Brown-Paragraph 44, parsing the DNS responses to create a mapping between a content delivery network (CDN) server's internet protocol (IP) address(es) and the domain name based on the DNS responses  )  
While Brown-Uppal substantially disclosed the claimed invention Brown-Uppal does not disclose (re. Claim 8) setting bindings between new domain names and the network addresses with a pre-selected refresh interval. 	Dunn Paragraph 26 disclosed periodically replenishing the pool of partially initialized service domains to ensure that a partially initialized service domain is available upon demand from one of the guest domains.
Dunn disclosed (re. Claim 8) setting bindings between new domain names and the network addresses with a pre-selected refresh interval.( Dunn-Paragraph  26, periodically replenishing the pool of partially initialized service domains to ensure that a partially initialized service domain is available upon demand from one of the guest domains ) 
Brown, Uppal and Dunn are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the 

Claims 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown (USPGPUB 2018/0316618) further in view of Uppal (US Patent 10469513) further in view of BenShaul (USPGPUB 2002/0010798) further in view of Pereira (USPGPUB 2019/0089721).
In regard to Claim 9
Brown-Uppal disclosed (re. Claim 8)   parsing the network addresses in the computer network . (Brown-Paragraph 44, parsing the DNS responses to create a mapping between a content delivery network (CDN) server's internet protocol (IP) address(es) and the domain name based on the DNS responses  )  

While Brown-Uppal-BenShaul substantially disclosed the claimed invention Brown-Uppal-BenShaul does not disclose (re. Claim 9) recycling at least one of the network addresses with a new domain name.
 	Pereira Paragraph 108 disclosed reusing words at the beginning and end of domains, utilize/concatenate a combination of three or more from their dictionaries to 
Pereira disclosed (re. Claim 9) recycling at least one of the network addresses with a new domain name. (Pereira-Paragraph 108,reusing words at the beginning and end of domains, utilize/concatenate a combination of three or more from their dictionaries to generate each domain, then typically reuse each of the words that are sometimes used for a middle word in the domain.)
Brown, Uppal and Pereira are analogous art because they present concepts and practices regarding packet data flows and resource access control.  At the time of the effective filing date of the claimed invention it would have been obvious to combine Pereira into Brown-Uppal.  The motivation for the said combination would have been to implement detection of algorithmically generated domains based on a dictionary and  performing community detection using the graph to identify the malicious dictionary.(Pereira-Paragraph 36) 


Conclusion

Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
Please refer to the enclosed PTO-892 form.
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREG C BENGZON whose telephone number is (571)272-3944.  The examiner can normally be reached on Monday - Friday 8 AM - 4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/GREG C BENGZON/           Primary Examiner, Art Unit 2444