DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in responsive to amendment filed on 4/27/21. Claims 1-24 are pending.  

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Response to Amendment
Claims 1, 9 and 17 are amended.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious 


Claims 1-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Blacka et al. (US 2015/0026341 A1), hereinafter “Blacka”, in view of Prince et al. (US 2011/0282997 A1), hereinafter “Prince”, in further view of Lovegreen (US 2014/0066110).

As to claim 1, Blacka discloses a method (Blacka, Abstract) comprising: 
receiving an indication that a domain comprises a blocked domain, the blocked domain associated with a first network address (If a user opens a web browser on client 120, for example, and types, e.g., http://www.example.com (block domain i.e. first network address), into the browser, To determine if the site is blocked, the user's web browser sends a DNS query for www.example.com to recursive DNS server 110, shown at step 205, in FIG. 2.  Recursive DNS server 110 may then try to determine if the user should be allowed to access the website) (Blacka, ¶ [0024-0030], figs 4-6, 8A);  
creating a web server, the web server having a second network address different from the first network address associated with the blocked domain (At 220, the user's browser then sends a request for the web site www.example.com to block web server 150.  At 225, block web server 150 (web server having second network address different from the first address i.e. example.com) then sends a "block page" to the user's browser, where it is presented to the user, FIG. 4 shows an exemplary block page 400.  Block page 400 may include a title 405, which may indicate an Internet service provider, domain name registrar, or the like which may own and run the block page.  Block page 400 may include a statement 410 indicating that the site the user is trying to access is blocked.  Block page 400 may include a reason why the page is blocked 415, such as the site is malicious.  Block page 400 may include selectable items, such as buttons 420 and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0032], figs 4-6, 8A);  
creating block page content for the web server (At 220, the user's browser then sends a request for the web site www.example.com to block web server 150.  At 225, block web server 150 (web server having second network address different from the first address i.e. exaelmple.com) then sends a "block page" to the user's browser, where it is presented to the user, and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0032], figs 4-6, 8A).  
However, Blacka does not explicitly disclose returning the second network address to a browser application requesting a web site of the blocked domain, wherein the browser application is configured to display the block page content without providing a security warning; creating a temporary web server on a web server host computing device in response to said receiving the indication and destroying the temporary web server. 
In an analogous art, Prince disclose returning the second network address to a browser application requesting a web site of the blocked domain, wherein the browser application is configured to display the block page content without providing a security warning (the request threat manager 225 may block the request 154 without a response 162 being transmitted to the visitor, block the request 154 and generate a block page for the response 162 that indicates that the request was blocked (the block page may include a mechanism for the visitor to dismiss the block page), cause a response to redirect the request to the validating domain server 180, and decreases the speed at which content can be delivered to the visitor.) (Prince, ¶ [0084-0086, 0140-0142]).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to implement Prince’s teachings into Blacka’s teaching of returning the second network address to a browser application requesting a web site of the blocked domain, wherein the browser application is configured to display the block page content without providing a security warning. This combination would customized based on the characteristic of the requested website and/or the characteristic of the visitor.
However, Blacka disclose displaying a block page content (At 220, the user's browser then sends a request for the web site www.example.com to block web server 150.  At 225, block web server 150 (web server having second network address different from the first address i.e. exaelmple.com) then sends a "block page" to the user's browser, where it is presented to the user, and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0032], figs 4-6, 8A); Blacka-Prince does not explicitly disclose creating a temporary web server and destroying the temporary web server after the page content has been displayed. 
In an analogous art, Lovegreen disclose creating a temporary web server and destroying the temporary web server (When the browser 66 navigates to the mobile valet application 67, a temporary webpage 85 is displayed on the guest mobile phone.  The webpage is unique to the guest.  On the webpage is a link 86 that the guest clicks to request his vehicle.  Additional links 87 and 88 may be included to offer other features and services provided by the valet company and that may be of interest to the guest.  The server may remove the temporary webpage (destroying the webpage server after displaying the content) following a period of time after the guest requests his vehicle..) (Lovegreen, ¶ [0061]).
Lovegreen’s teachings into Blacka’s- Prince’s teaching of creating a temporary web server and destroying the temporary web server after the page content has been displayed. This combination having domain name Server (DNS) based load balancing helps reduce administration cost associated with configuring hardware load balancers.

As to claim 2, Blacka-Prince- Lovegreen discloses the method of claim 1, wherein creating block page content includes setting references to one or more shared resources used in the block page content to refer to the blocked domain (Block page 400 may include a title 405, which may indicate an Internet service provider, domain name registrar, or the like which may own and run the block page.  Block page 400 may include a statement 410 indicating that the site the user is trying to access is blocked.  Block page 400 may include a reason why the page is blocked 415, such as the site is malicious.  Block page 400 may include selectable items, such as buttons 420 and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0031], figs 4-6, 8A). 

As to claim 3, Blacka-Prince- Lovegreen discloses the method of claim 1, further comprising: generating a security certificate based, at least in part, on a root certificate (Cookies (security certificate) may be added to the global allow cookie list after it is determined that the visitor does not pose a threat.  For example, the service may provide a mechanism for a user of a client device to verify that he or she is a human user and not a bot.  For example, the service may direct the user to respond to a CAPTCHA and record their input in response to a graphical image, audio recording, math problem, or other challenge-response test (root certificate).  If successfully passing the CAPTCHA, the service may associate the cookie with a human user and add to the global allow cookie list (associated server with security certificate).  Similarly, a domain owner may cause cookies to be added to its local allow cookie list after determining, from a previous session, that the visitor associated with the cookie is not a potential threat to the origin server.  A domain owner may cause cookies to be added to its local restricted cookie list after determining, from a previous session, that the cookie has been recorded as a potential threat to the origin server (e.g., email harvesting, comment or blog spamming, SQL injection attacks or other web software vulnerability attacks, denial of service attacks, etc.)) (Prince, ¶ [0060-0061, 0121-0125]); and associating the temporary web server with the security certificate (Cookies (security certificate) may be added to the global allow cookie list after it is determined that the visitor does not pose a threat.  For example, the service may provide a mechanism for a user of a client device to verify that he or she is a human user and not a bot.  For example, the service may direct the user to respond to a CAPTCHA and record their input in response to a graphical image, audio recording, math problem, or other challenge-response test (root certificate).  If successfully passing the CAPTCHA, the service may associate the cookie with a human user and add to the global allow cookie list (associated server with security certificate).  Similarly, a domain owner may cause cookies to be added to its local allow cookie list after determining, from a previous session, that the visitor associated with the cookie is not a potential threat to the origin server.  A domain owner may cause cookies to be added to its local restricted cookie list after determining, from a previous session, that the cookie has been recorded as a potential threat to the origin server (e.g., email harvesting, comment or blog spamming, SQL injection attacks or other web software vulnerability attacks, denial of service attacks, etc.)) (Prince, ¶ [0060-0061, 0121-0125]). Examiner supplies the same rationale for the combination of the reference as in claim 1 above.

As to claim 4, Blacka-Prince- Lovegreen discloses the method of claim 3, further comprising providing the root certificate to a client system prior to the client system issuing a request for the blocked domain (At block 940, the proxy server 120 queries the threat database 124 to determine whether the cookie (if one is included in the request 154) is included on the global allow cookie list or the local allow cookie list for the requested domain.  If the cookie included in the request is one or both of those lists, then flow moves to block 935, otherwise flow moves to block 945) (Prince, ¶ [0060-0061, 0121-0125]). Examiner supplies the same rationale for the combination of the reference as in claim 1 above.

As to claim 5, Blacka-Prince- Lovegreen discloses the method of claim 1, wherein creating the block page content includes identifying the blocked domain and information indicating a reason for blocking the domain in the block page content (Block page 400 may include a title 405, which may indicate an Internet service provider, domain name registrar, or the like which may own and run the block page.  Block page 400 may include a statement 410 indicating that the site the user is trying to access is blocked.  Block page 400 may include a reason why the page is blocked 415, such as the site is malicious.  Block page 400 may include selectable items, such as buttons 420 and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0031], figs 4-6, 8A). 

As to claim 6, Blacka-Prince- Lovegreen discloses the method of claim 1, further comprising Blacka disclose displaying a block page content (At 220, the user's browser then sends a request for the web site www.example.com to block web server 150.  At 225, block web server 150 (web server having second network address different from the first address i.e. exaelmple.com) then sends a "block page" to the user's browser, where it is presented to the user, and 425, which may give the user a choice to leave the site or continue to the site) (Blacka, ¶ [0024-0032], figs 4-6, 8A); Lovegreen destroying the temporary web server in response to determining that the page content has been provided to the browser application (When the browser 66 navigates to the mobile valet application 67, a temporary webpage 85 is displayed on the guest mobile phone.  The webpage is unique to the guest.  On the webpage is a link 86 that the guest clicks to request his vehicle.  Additional links 87 and 88 may be included to offer other features and services provided by the valet company and that may be of interest to the guest.  The server may remove the temporary webpage (destroying the webpage server after displaying the content) following a period of time after the guest requests his vehicle.) (Lovegreen, ¶ [0061]). Examiner supplies the same rationale for the combination of the reference as in claim 1 above.

As to claim 7, Blacka-Prince- Lovegreen discloses the method of claim 1, further comprising destroying the temporary web server in response to expiration of a timer associated with the temporary web server (When the browser 66 navigates to the mobile valet application 67, a temporary webpage 85 is displayed on the guest mobile phone.  The webpage is unique to the guest.  On the webpage is a link 86 that the guest clicks to request his vehicle.  Additional links 87 and 88 may be included to offer other features and services provided by the valet company and that may be of interest to the guest.  The server may remove the temporary webpage (destroying the webpage server after displaying the content) following a period of time after the guest requests his vehicle.) (Lovegreen, ¶ [0061]). Examiner supplies the same rationale for the combination of the reference as in claim 1 above.

As to claim 8, Blacka-Prince- Lovegreen discloses the method of claim 1, further comprising: receiving a second request for the first network address associated with the blocked domain (If the hash is valid, an entry, which may be temporary, is added to the whitelist stored in recursive DNS server 110 for the client IP address and the blocked do shown at step 335.  This whitelist entry may be valid for only the 2*N minutes the timestamp covers, where N was described above and in which 2*N would be 10 minutes in this example.  After the expiration of the whitelist entry, that is, after 10 minutes, the blocked domain name will be blacklisted for the user's IP address.  Thus the user will not be able to access the site after expiration of the whitelist entry) (Blacka, ¶ [0033-0042], figs 4-6, 8A); and in response to determining that the temporary web server already exists for the blocked domain, resetting a timer associated with the temporary web server and returning the second network address to a source of the second request (it is determined if the hash is valid.  If the hash fails to validate, shown at step 330, the A record for the blocked page is returned, and the hash is recomputed with a different timestamp.  For example, if the timestamp is for the nearest 5 minutes rounded down, the recomputed hash would replace the time stamp of the original hash with the timestamp from 5 minutes earlier.  Then the process returns to step 320 where recursive DNS server 110 tries to validate the recomputed hash; If the hash is valid, an entry, which may be temporary, is added to the whitelist stored in recursive DNS server 110 for the client IP address and the blocked do shown at step 335.  This whitelist entry may be valid for only the 2*N minutes the timestamp covers, where N was described above and in which 2*N would be 10 minutes in this example.  After the expiration of the whitelist entry, that is, after 10 minutes, the blocked domain name will be blacklisted for the user's IP address.  Thus the user will not be able to access the site after expiration of the whitelist entry) (Blacka, ¶ [0033-0042], figs 4-6, 8A).

Claims 9-16 list all the same elements of claims 1-8, but in a non-transitory machine-readable storage medium having stored thereon computer-executable instructions for providing instanced web servers, the computer-executable instructions to cause one or more processors to perform operations to perform the method of claim 1 (Blacka, ¶ [0070], figs 4-6, 8A).  Therefore, the supporting rationale of the rejection to claims 1-8 applies equally as well to claims 9-16.  

Claims 17-24 list all the same elements of claims 1-8 but in an apparatus comprising: one or more processors; and a machine-readable storage medium having stored thereon computer-executable instructions for providing instanced web servers, the computer-executable instructions to cause the one or more processors to perform operations (Blacka, ¶ [0070], figs 4-6, 8A) to perform the method of claim 1.  Therefore, the supporting rationale of the rejection to claims 1-8 applies equally as well to claims 17- 24.  

Response to Arguments
Lovegreen (US 2014/0066110 A1) have been introduced to address amended. Applicant’s arguments have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HITESH R PATEL whose telephone number is (571)270-5442.  The examiner can normally be reached on Monday-Friday 7am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on 571-270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 






/Hitesh Patel/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
5/4/21