DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 28, 2021 has been entered.
Response to Amendment
The amendments, filed on January 28, 2021, have been entered. Applicant amended claims 20-23, 25-28, 30, and 31, cancelled claims 24 and 29, and added new claims 32 and 33. Claims 20-23, 25-28, and 30-33 remain pending in the application.
Response to Arguments
Applicant’s arguments, filed on January 28, 2021, with respect to the Final Office Action dated September 28, 2020, have been fully considered and they are persuasive.  Therefore, 
Previous objections to claims are withdrawn
Previous 35 U.S.C. 112 rejections are withdrawn.
Previous 35 U.S.C. 103 rejections are withdrawn.
However, upon further consideration, a new grounds of rejection is made over Pandya et al. (US PGPUB No. US 20160119276 A1) in view of Holliday (US PGPUB No. 20130198409).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 20, 22, 23, 25, 27, 28, 30, 32, and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Pandya et al. (US PGPUB No. US 20160119276 A1), hereinafter, Pandya, in view of Holliday (US PGPUB No. 20130198409), hereinafter Holliday.
Regarding claim 20:
	Pandya teaches:
	A computer-implemented method for detecting migration of a user computing device from  an  enterprise network to a non-enterprise network, said method comprising the following computer-implemented steps  ( see Fig. 3 depicting a method for determining whether the computing device (user computing device) is inside or outside of a network. Fig. 1 shows the computing device 120 is inside the network and Fig. 2 shows the computing device 120 is outside the network):
	 configuring a computer-implemented, event-driven network detector  installed within said user computing device to identify a first fully qualified domain name (FQDN) among  a plurality of enterprise domains located within said enterprise network and pre-configured to communicate with said user computing device, and  triggering said network detector  to transmit  a DNS query to a first DNS server (paragraph 0032, lines 1-4, teaches inside/outside network determination module (network detector) included in the computing device as stated “Computing device 120 includes inside/outside network determination module 122, which determines whether computing device 120 is inside network 102 or outside network 102 at any particular time”.  Fig. 1 shows DNS service. Paragraph 0016, lines 7-8, states “DNS service 106 is typically implemented on one or more servers”. Paragraph 0032, lines 11-14, teaches domain name as states “One or more DNS service 106 operate to map a particular name, such as a domain name, to a corresponding network address that can be used by computing device 120 to access a particular device or service.” . Paragraph 0044 teaches generating DNS query with a particular domain name as stated “In process 300, the computing device generates a DNS query (act 302). This DNS query is a query to resolve a particular name, and the computing device expects a particular value in return if the computing device is inside a particular network. This particular name can be a URL or alternatively another name. For example, this particular name can take the form "insideoutside.<domain-name>", where "insideoutside" identifies the DNS query as a query being used to determine whether the computing device is inside a particular network, and "<domain-name>" identifies the particular network”. Paragraph 0045, lines 1-2 teaches sending the DNS query to the DNS server as stated “The inside/outside network determination module causes the DNS query to be sent to a DNS service (act 304)”);
 determining, by said network detector, after elapse of a predetermined time period, if said first DNS server identified based on said first fully qualified domain name responded to said DNS query ; determining, by said network detector, after elapse of  said predetermined time period, if said second DNS server identified based on said [[first wild card domain name]] responded to  redirected DNS query ; 3determining, by said network detector , if a response provided by one of said first DNS server and said second DNS server in respect of  said DNS query and said redirected DNS query respectively is in line  (paragraph 0051, lines 1-2, teaches threshold amount of time related to DNS response. Paragraph 0049, lines 11-17, teaches verifying the DNS response with the expected value as stated “Additionally, if a DNS response is received, then the DNS response is verified in act 312. The DNS response can be verified in different manners, such as by checking whether the DNS response includes the expected value for the particular name that was included in the DNS query and/or whether the DNS response is digitally signed by a trusted authority”. DNS response from second DNS server can be evaluated using similar process); 
responsive to ascertaining that said response is in line with said predefined value, determining, by said network detector, that said user computing device is located within said enterprise network (paragraph 0050 teaches if the expected DNS response received, the computing device is determined to be inside the network as states “Process 300 proceeds based on a check of whether a verified DNS response is received (act 314). If a verified DNS response is received, then the computing device is determined to be inside the particular network (act 316).”); and 
responsive to ascertaining that said response is not in line with said predefined value, determining, by said network detector , that said user computing device has migrated from said enterprise network to said non-enterprise network (paragraph 0051 teaches if the expected DNS response not received, the computing device is determined to be outside the network ).
Pandya does not teach a first fully qualified domain name (FQDN) ; in an event said first FQDN is deemed unavailable, configuring said network detector to implement a postfix search among said plurality of enterprise domains, and select a first wild card domain name derived based on said postfix search and incorporate only a postfix entry of said first wild card domain name into said DNS query, and redirect said DNS query to at least a second DNS server located within said enterprise network and identifiable based on said wild card domain name.
(paragraph 0023, lines 1-4, teaches redirecting DNS query with wild card domain name when the DNS name is not resolvable i.e. unavailable as stated “Embodiments described herein include a combination of wildcard DNS entries (e.g. 116) and a (software) load balancer to direct network traffic while the DNS name is not resolvable”. Paragraph 0024, lines 2-7, teaches DNS query with “serv1.app.com" (FQDN) and modifying the DNS query with *.app.com i.e.  Postfix entry as stated “if an unregistered or a recently registered customer 405 (or other internet user) sent a request for service instance 1 (415A), for example, by typing "serv1.app.com" into an internet browser application, the wildcard DNS entry 407 for *.app.com will forward that request to the IP address of the software load balancer 410 (LB.app.com) “    ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pandya to incorporate the teaching of Holliday to modify the DNS query with wild card DNS entry. One would be motivated to use wild card DNS query to resolve DNS name (see paragraph 0064, lines 23-27, of Holliday).

As to claim 22, the rejection of claim 20 is incorporate. Pandya, in view of Holliday, teaches all the limitations of claim 20 as shown above.
Pandya, in view of Holliday, teaches first fully qualified domain name and said wild card domain name (see claim 20 rejection as shown above).
(paragraphs 0032, 0036, and 0038 teach DNS query includes a domain name and DNS response includes the IP address mapped to the domain name. Paragraph 0032, lines 6-14, states “A DNS system allows devices or services to be identified using a domain name (e.g., included in a Uniform Resource Locator (URL)) that is typically more easily used and referred to by users than network addresses (such as Internet Protocol (IP) v4 or v6 addresses). One or more DNS service 106 operate to map a particular name, such as a domain name, to a corresponding network address that can be used by computing device 120 to access a particular device or service”).
As to claim 23, the rejection of claim 20 is incorporate. Pandya, in view of Holliday, teaches all the limitations of claim 20 as shown above.
Pandya further teaches wherein the step of configuring said computer-implemented, event-driven network detector installed within said user computing device, further includes the step of configuring said network detector to be responsive to events selected from a group consisting of rebooting of said user computing device and shifting between operational modes of said user computing device (see paragraph 0053, lines 4-5 discussing change of the operational state of the computing device including sleeping of the device, as stated “By way of another example, process 300 can be performed in response to particular events, such as in response to the computing device resuming operation from a reduced power mode (e.g., from a sleep or hibernate mode)”).
Regarding claim 25:
(see at least Fig. 5 and paragraph 0070-0073), performing the method of claim 20. Accordingly, it is rejected under similar rationale. 
Claim 27 is directed towards a system performing the method of claim 22. Accordingly it is rejected under similar rationale.
Claim 28 is directed towards a system performing the method of claim 23. Accordingly it is rejected under similar rationale.
Regarding claim 30:
Claim 30 is directed towards a non-transitory computer readable storage medium having computer- executable instructions stored thereon, said computer-executable instructions, when executed by a processor(see at least Fig. 5 and paragraph 0070-0073), performing the method of claim 20. Accordingly, it is rejected under similar rationale. 
As to claim 32, the rejection of claim 20 is incorporate. Pandya, in view of Holliday, teaches all the limitations of claim 20 as shown above.
Pandya further teaches wherein the step of determining, by said network detector, that said user computing device is located within said enterprise network, further includes the step of configuring said plurality of enterprise domains and one of said first DNS server and second DNS server to communicate with said user computing device via said enterprise network (Fig. 1 shows DNS service. Paragraph 0016, lines 7-8, states "DNS service 106 is typically implemented on one or more servers". Paragraph 0032, lines 11-14, teaches domain name as states "One or more DNS service 106 operate to map a particular name, such as a domain name, to a corresponding network address that can be used by computing device 120 to access a particular device or service.").
Claim 33 is directed towards a system performing the method of claim 32. Accordingly it is rejected under similar rationale.
Claims 21, 26, and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Pandya, in view of Holliday, and further in view of Chang (US Patent No. 10581803), hereinafter, Chang.
As to claim 21, the rejection of claim 20 is incorporate. Pandya, in view of Holliday, teaches all the limitations of claim 20 as shown above.
Pandya teaches wherein the step of determining, by said network detector, that said user computing device has migrated from said enterprise network to said non-enterprise network (see claim 20 rejection as shown above). 
Pandya does not teach further includes the step of configuring said network detector to initiate a virtual private network (VPN) connection between said user computing device, said non-enterprise network, and said enterprise network.
Chang teaches further includes the step of configuring said network detector to initiate a virtual private network (VPN) connection between said user computing device, said non-enterprise network, and said enterprise network (Fig. 3 shows initiation of VPN connectivity when the device is in public network. Col 16, lines 21-24, states “Conversely, if VPN handler 5 determines that client device 4 is positioned externally to enterprise network 10, then VPN handler 5 determines that client device 4 may require secure data connection 15 to access resources 14”. Col 16, lines 64-67 states “If host checker 32 detects an action initiated at client device 4 that potentially requires the use of secure data connection 15, host checker 32 causes VPN handler 5 to establish secure data connection 15 (62).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pandya to incorporate the teaching of Chang to initiate a VPN connection upon determining that the user device has migrated from the enterprise network. One (see col. 1 , lines 20-31 of Chang).
Claim 26 is directed towards a system performing the method of claim 21. Accordingly it is rejected under similar rationale.
Claim 31 is directed towards a system performing the methods of claims 21-23. Accordingly it is rejected under similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAMAL HOSSAIN whose telephone number is (571)270-3070.  The examiner can normally be reached on 8:30-5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on (571)272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




May 3, 2021

/KAMAL HOSSAIN/Examiner, Art Unit 2457                                                                                                                                                                                                        




/RAMY M OSMAN/Primary Examiner, Art Unit 2457