Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
The amendment filed 01/06/2021 has been entered and fully considered. Applicant has amended claims 1, 2, 7, 12, 13, 16, and 17.  Applicant has cancelled claims 6, 8, 14, 18, 20, and 22.
Applicant’s arguments, see pp. 8-11, filed 01/06/2021, with respect to overcoming the prior art of the rejection of claims 1-19 under 35 U.S.C. § 103 have been fully considered and are persuasive.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
	Authorization for this examiner’s amendment was given in a telephone interview with Ryan Davis (Registration No.: 68,412) on 04/30/2021.
Please replace the Claims as follows:
1.	(Currently Amended) A method for routing traffic, the method comprising:
	instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory;
	receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory;
	forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service;

	generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network; 
	routing, from the VPN client, the domain name-based request to a domain name system (DNS) to obtain IP addresses associated with the network-based service, wherein the DNS used to resolve the domain name-based request is based on the routing instructions provided by the identified policy, and wherein the IP addresses are stored in a routing table associated with the VPN client; and
	establishing the flow path between the client device and the network-based service, wherein the VPN client routes the flow path to the network-based service using IP addresses stored in the routing table of the VPN client and in accordance with the generated routing instructions. 
2.	(Previously Presented) The method of claim 1, wherein the identified policy is one of a plurality of different policies associated with the policy service, and wherein the identified policy is selected from the plurality of different policies based on one or more factors associated with a user, the client device, and the network-based service.  
3.  	(Original) The method of claim 2, wherein the one or more factors associated with the user includes an identity of the user, and wherein the identity of the user including whether the user is an employee of an enterprise of which the network-based service is associated with.
4.  	(Original) The method of claim 2, wherein the one or more factors associated with the user includes a geo-location of the user.

6.  	(Canceled) 
7.	(Previously Presented) The method of claim 1, wherein the routing instructions include identifying whether to resolve the domain name-based request at a private DNS or a public DNS. 
8.	(Canceled) 
9.	(Original) The method of claim 1 further comprising updating routing instructions for the VPN client based on a change in the identified policy for the VPN client.
10.	(Original) The method of claim 9, wherein the updates to the routing instructions for the VPN client are performed when the flow path between the client device and the IP address affected by the updated routing instructions is not currently in use.
11.	(Original) The method of claim 1, wherein the routing instructions include a pre-determined time period with each of the IP addresses, and wherein after the pre-determined time period expires the VPN client is instructed to discard IP address stored in the routing table.
12.	(Currently Amended) A system for routing traffic, the system comprising:
	a processor; and
	a computer-readable device storing instructions which, when executed by the processor, cause the processor to perform operations comprising:
	instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory;
	receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response 
forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service;
	identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy service, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service;
	generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network;
	routing, from the VPN client, the domain name-based request to a domain name system (DNS) to obtain IP addresses associated with the network-based service, wherein the DNS used to resolve the domain name-based request is based on the routing instructions provided by the identified policy, and wherein the IP addresses are stored in a routing table associated with the VPN client; and
	establishing the flow path between the client device and the network-based service, wherein the VPN client routes the flow path to the network-based service using the IP addresses stored in the routing table of the VPN client and in accordance with the generated routing instructions. 
13.	(Previously Presented) The system of claim 12, wherein the identified policy is one of a plurality of different policies associated with the policy service, and wherein the identified policy is selected from 
14.	(Canceled)
15.	(Original) The system of claim 12, wherein the instructions further include updating routing instructions for the VPN client based on a change in the identified policy for the VPN client, and wherein the updates to the routing instructions for the VPN client are performed when the flow path between the client device and the IP address affected by the updated routing instructions is not currently in use. 
16.	(Currently Amended) A computer-readable device storing instructions which, when executed by a computer device, cause the computer device to perform operations comprising:
	instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory;
	receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory;
	forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service;
	identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy serve, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service;
	generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network;

 	establishing the flow path between the client device and the network-based service, wherein the VPN client routes the flow path to the network-based service using IP addresses stored in the routing table of the VPN client and in accordance with the generated routing instructions.
17.	(Previously Presented) The computer-readable device of claim 16, wherein the identified policy is one of a plurality of different policies associated with the policy service, and wherein the identified policy is selected from the plurality of different policies based on one or more factors associated with a user, the client device, and the network-based service.
18.	(Canceled) 
19.	(Original) The computer-readable device of claim 16, wherein the instructions further include updating routing instructions for the VPN client based on a change in the identified policy for the VPN client, and wherein the updates to the routing instructions for the VPN client are performed when the flow path between the client device and the IP address affected by the updated routing instructions is not currently in use. 
20.	(Canceled) 
21.	(Previously Presented) The system of claim 12, wherein the routing instructions include identifying whether to resolve the domain name-based request at a private DNS or a public DNS. 
22.	(Canceled) 
23.	(Previously Presented) The computer-readable device of claim 16, wherein the routing instructions include identifying whether to resolve the domain name-based request at a private DNS or a public DNS.
Allowable Subject Matter
Claims 1-5, 7, 9-13, 15-17, 19, 21 and 23 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments with respect to the claim amendments traversing the prior art of record are persuasive.  In addition, based on an updated search and further consideration, the Examiner finds that the claimed invention is patentably distinct based on the following additional rationale.
 Sinha et al. (US Pre-Grant Publication No. 20200287985, hereinafter Sinha) teaches a method for routing traffic, the method comprising: instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory.    
 Hisada et al. (US Pre-Grant Publication No. 20060143702, hereinafter Hisada) teaches receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory; forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service.  
 Mukherjee et al. (US Pre-Grant Publication No. 20040225895, hereinafter Mukherjee) teaches identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy service, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service; generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, routing, from the VPN client, the domain name-based request to a domain name system (DNS) to obtain IP addresses associated with the network-based service, wherein 
 Narayanaswamy et al. (US Pre-Grant Publication No. 20040225895, hereinafter Narayanaswamy) teaches wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network.
The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention, within the context of the claimed invention as a whole, as recited in Claim 1.
Although Sinha discloses a method for routing traffic, the method comprising: instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory, Sinha does not disclose receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory; forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service; identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy service, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service;  generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network; routing, from the VPN client, the domain name-based request to a domain name system (DNS) Hisada, which teaches receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory; forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service, and Mukherjee, which teaches identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy service, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service; generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy,  routing, from the VPN client, the domain name-based request to a domain name system (DNS) to obtain IP addresses associated with the network-based service, wherein the DNS used to resolve the domain name-based request is based on the routing instructions provided by the identified policy, and wherein the IP addresses are stored in a routing table associated with the VPN client; and establishing the flow path between the client device and the network-based service, wherein the VPN client routes the flow path to the network-based service using IP addresses stored in the routing table of the VPN client and in accordance with the generated routing instructions,  and Narayanaswamy, which teaches wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network.  However, the Examiner notes that the prior art does not provide 
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious the claimed invention as a whole, without the usage of impermissible hindsight reasoning.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491