Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114

1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Applicant's submission filed on 1-19-2021 has been entered.

2.        Claims 1 - 6, 8 - 13, 15 - 19, 21, 22 are pending.  Claims 1, 6, 8, 15, 19 have been amended.  Claims 21, 22 are new.  Claims 7, 14, 20 have been canceled.  Claims 1, 8, 15 are independent.    This application was filed on 3-16-2017.  

Response to Arguments

3.    Applicant's arguments have been fully considered, however upon further consideration of the prior art and the claimed limitation, they were not persuasive.

A.  Applicant argues on page 10 of Remarks:    ...   Wang does not describe one mechanism for determining a domain name for HTTPS traffic when “the mobile network session is associated with a full handshake status” and another mechanism for determining a domain name when “the mobile network session is associated with an abbreviated handshake status,”   ...   . 

    The Examiner respectfully disagrees.  Parthasarathy discloses an abbreviated handshake utilized when a session between a client and server is resumed from a previous SSL/TLS (secure) session.  Session ticket information (partial information) is transmitted between client and server to resume the session.  A full handshake is utilized for an initial session. (see Parthasarathy paragraph [0042], lines 10-16: for resuming previously established session, client sends session ticket data back to server in extension to a client hello message identifying a particular SSL/TLS session; paragraph [0044], lines 8-10: for resuming a previously established SSL/TLS session an abbreviated handshake between client and server can occur; paragraph [0032], lines 5-18: device determines the type of content being transmitted in both secured and unsecured session (i.e. HTTP and HTTPS sessions))  

B.  Applicant argues on page 10 of Remarks:    ...   any relationship between the procedure for determining a domain name and a “handshake status,”   ...   . 

    The Examiner respectfully disagrees.  Parthasarathy discloses an abbreviated handshake utilized when a session between a client and server is resumed from a previous SSL/TLS (secure) session.  Session ticket information (partial information) is transmitted between client and server to resume the session.  A full handshake is utilized for an initial session. (see Parthasarathy paragraph [0042], lines 10-16: for resuming previously established session, client sends session ticket data back to server in extension to a client hello message identifying a particular SSL/TLS session; 

C.  Applicant argues on page 11 of Remarks: Independent claims 8 and 15 have been amended similarly to claim 1. Therefore, Applicant respectfully submits that amended independent claims 8 and 15 and their corresponding dependent claims should be allowed for at least the same reasons as claim 1. 

    Independent claims 8 and 15 have similar limitations as independent claim 1.  Responses to arguments against independent claim 1 also answer arguments against independent claims 8 and 15.   

D.  Applicant argues on page 11 of Remarks: None of the cited references teach or suggest the use of a “DNS reverse cache ... for an initial packet classification”   ...   . 

    The Examiner respectfully disagrees.   Backholm discloses the usage of a DNS reverse cache for management of session information. (see Backholm paragraph [0063], lines 1-3: enhanced DNS caching includes enhanced caching of DNS requests and reverse DNS requests; paragraph [0065], lines 8-19: when caching of operating on HTTPs requests, reverse DNS requests that are part of SSL handshake are cached; cache system maintains reverse mapping information; an additional communication connection need not be established to answer reverse DNS requests if request can be satisfied from cache)

E.  Applicant argues on page 11 of Remarks:    ...   Backholm does not teach or suggest anything about “refining [an] initial packet classification,”   ...   . 

    The Examiner respectfully disagrees.   Parthasarathy discloses the usage of TLS information in the management of session information. (see Parthasarathy paragraph [0016], lines 1-9: utilizing handshake messages to determine textual identifiers utilizing site detector (i.e. information refinement); paragraph [0054], lines 1-4: stores determined textual identification information such as domain names (i.e. information); paragraph [0032], lines 5-18: device determines the type of content being transmitted in both secured and unsecured session (i.e. HTTP and HTTPS sessions), SSL, TLS protocols (i.e. TLS handshakes))  Parthasarathy and Backholm utilize an obviousness rejection to discloses DNS reverse cache and refining packet information utilizing TLS protocol. 
    A 103 rejection based on multiple references is a legitimate technique according to the MPEP.   The 103 rejection allows portions of the rejection citations for a claimed invention to come from different prior art references.   The rejection to each independent and dependent claim includes a citation from the referenced prior art that discloses the basis for the rejection.  Each obviousness combination clearly indicates the claim limitation(s) the combined referenced prior art teaches.  In addition, a cited passage from the referenced prior art indicates the motivation for the obviousness combination.  Each obviousness combination’s disclosure is equivalent to the Applicant’s claim limitation(s) for the claimed invention.

F.  Applicant argues on page 11 of Remarks:    ...   Applicant respectfully submits that claims 4,11, and 17 should be allowed for at least the same reasons that were presented above in connection with claims 1, 8, and 15, respectively.

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.   

G.  Applicant argues on page 12 of Remarks: New Claims 21 and 22. 

    The new claims are addressed in the current Office Action.     

Claim Rejections - 35 USC § 103  

4.       The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.        Claims 1 - 3, 5, 6, 8 - 10, 12, 13, 15, 16, 18, 19, 21, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (US PGPUB No. 20130312054) in view of Parthasarathy et al. (US PGPUB No. 20160255047) and further in view of Backholm (US PGPUB No. 20150058488).     	

Regarding Claims 1, 8, 15, Wang discloses a computerized method of detecting a domain name in a mobile network session for use in applying mobile policy and enforcement functions based on the domain name and a computing device for detecting a domain name in a mobile network session for use in applying mobile policy and 
a)  receiving, at a computing device, a packet associated with a request from a user equipment to access a domain at a server; (see Wang paragraph [0018], lines 1-15: network device extracts identification information associated with initial handshake message; SNI (Service Name Initiation) identification used to distinguish between multiple DNS hostnames and determine the hostname that is utilized; (accessing a particular file (i.e. message) communicated within a particular domain))    
b)  determining, at the computing device, a traffic type associated with the packet, the determined traffic type including one of Hypertext Transfer Protocol (HTTP) traffic, Hypertext Transfer Protocol Secure (HTTPS) traffic, and non HTTP or HTTPS traffic; (see Wang paragraph [0014], lines 1-7: traffic communicated between network devices using communication protocols such as TCP (TCP/IP) protocol, UDP protocol, ATM protocol, Frame Relay protocol, IPX protocol; paragraph [0034], lines 7-14: server reads virtual host information from HTTP header (i.e. HTTP type of communication traffic utilized))    
d)  extracting, by the computing device, a domain name from a host header in the packet when the determined traffic type comprises HTTP traffic, (see Wang paragraph [0034], lines 7-14: server reads virtual host information from HTTP header (i.e. HTTP type of communication traffic utilized)) and


Although Wang discloses a determination of network traffic type such as HTTP network traffic (see Wang paragraph [0020], lines 1-3: identification information indicative of an application type for traffic associated with a communication session between network-connected nodes (client and server); paragraph [0034], lines 7-14: server reads virtual host information from HTTP header (i.e. HTTP type of communication traffic utilized), Wang does not specifically disclose determining a domain name from a determined traffic type. 

Furthermore, Wang discloses wherein for e): extracting, by the computing device, at least one of a server name indication (SNI) and a server common name from the packet to determine a domain name when the determined traffic type comprises HTTPS traffic. (see Wang paragraph [0018], lines 1-15: network device extracts identification information associated with initial handshake message; SNI (Service Name Indicator) identification used to distinguish between the multiple DNS hostnames and determine the hostname that is utilized)

Wang does not specifically disclose a full handshake and/or an abbreviated 
However, Parthasarathy discloses: 
c)  determining, at the computing device, a domain name based on the determined traffic type, (see Parthasarathy paragraph [0033], lines 1-12: adaptive traffic manager determines identification information associated with a particular server (i.e. application); identification information includes domain name; identification information utilized for traffic management (type of network traffic); paragraph [0034], lines 1-15: domain name used to classify the type of content provided (i.e. application network traffic type); type of traffic associated with determination of particular domain name) and
e)  the mobile network session is associated with a full handshake status, (see Wang paragraph [0018], lines 1-15: network device extracts identification information associated with initial handshake message; SNI (Service Name Indicator) identification used to distinguish between the multiple DNS hostnames and determine the hostname that is utilized) and 
f)   extracting, by the computing device, a session ticket associated with the request and comparing the session ticket with a previously generated session ticket created during a previous full handshake between the user equipment and the server when the determined traffic type comprises HTTPS traffic and the mobile network session is associated with an abbreviated handshake status. (see Parthasarathy paragraph [0042], lines 10-16: for resuming previously established session, client sends session ticket data back to server in extension to a client hello message identifying a particular SSL/TLS session; paragraph [0044], lines 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang for determining a domain name from a determined traffic type and a full handshake and/or an abbreviated handshake as taught by Parthasarathy.  One of ordinary skill in the art would have been motivated to employ the teachings of Parthasarathy for the benefits achieved from the flexibility of a system that enables the processing of multiple types of network traffic across multiple network domains. (see Parthasarathy paragraph [0033]; [0034])  

Furthermore, Wang discloses wherein for g): extracting, by the computing device, a destination IP address from the packet, and using the destination IP address to determine a matching domain name when the determined traffic type comprises non HTTP or HTTPS traffic. (see Wang paragraph [0034], lines 7-14: server reads virtual host information from HTTP header (i.e. HTTP type of communication traffic utilized); paragraph [0014], lines 1-7: traffic communicated between network devices uses communication protocols such as UDP protocol (Non HTTP type traffic))  

Wang-Parthasarathy does not specifically disclose using a DNS reverse cache for determining a matching domain name.  
However, Backholm discloses:

        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-
Parthasarathy for using a DNS reverse cache for determining a matching domain name as taught by Backholm.   One of ordinary skill in the art would have been motivated to employ the teachings of Backholm for the benefits achieved from a system that enables enhancing DNS caching in order to provide signaling optimization for application level traffic. (see Backholm paragraph [0043], lines 1-3)  

Furthermore, Wang discloses for Claim 8, data storage; and a processor in communication with the data storage, and configured to run a module stored in memory that is configured to cause the processor to perform operations. (see Wang paragraph [0038], lines 8-14: memory comprises one or more non-transitory computer readable storage media encoded with software comprising computer executable instructions to perform operations)    

Regarding Claims 2, 9, 16, Wang-Parthasarathy-Backholm discloses the method of claim 1 and the computing device of Claim 8 and the non-transitory computer readable 

Regarding Claims 3, 10, Wang-Parthasarathy-Backholm discloses the method of claim 1 and the computing device of Claim 8, further comprising applying, by the computing device, deep packet inspection to the packet to determine the traffic type. (see Wang paragraph [0002], lines 4-7: in order to apply policy decisions, inspecting network traffic by performing deep packet inspection and viewing the underlying packet data for analysis)    

Regarding Claims 5, 12, 18, Wang-Parthasarathy-Backholm discloses the method of claim 1 and the computing device of Claim 8 and the non-transitory computer readable medium of claim 15, wherein the service comprises at least one of a quality of service (QoS), charging semantics, and metering semantics. (see Wang paragraph [0019], lines 1-12: identification information extracted and a policy applied to communications;  identification information compared against a blacklist database of network-connected nodes to which connections should be blocked; (Quality of Service (QoS) indicates service capability that is improved by blocking suspect IP addresses comprising the entries within a black list))    

Regarding Claim 6, Wang-Parthasarathy-Backholm discloses the method of claim 1.
Wang-Backholm does not specifically disclose refining packet classification using handshake data (i.e. matching TLS node information). 
However, Parthasarathy discloses wherein refining the initial packet classification when handshake data becomes available. (see Parthasarathy paragraph [0016], lines 1-9: utilizing handshake messages to determine textual identifiers utilizing site detector (i.e. information refinement); paragraph [0054], lines 1-4: stores determined textual identification information such as domain names (i.e. information); paragraph [0032], lines 5-18: device determines the type of content being transmitted in both secured and unsecured session (i.e. HTTP and HTTPS sessions), SSL, TLS protocols (i.e. TLS handshakes)) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-Backholm for refining packet classification using handshake data (i.e. matching TLS node information) as taught by Parthasarathy.  One of ordinary skill in the art would have been motivated to employ the teachings of Parthasarathy for the benefits achieved from the flexibility of a system that enables the processing of multiple types of network traffic across multiple network domains. (see Parthasarathy paragraph [0033]; [0034])

Wang-Parthasarathy does not specifically disclose matching domain name in DNS reverse cache used for packet classification.
However, Backholm discloses wherein the matching domain name in the DNS reverse cache is used for an initial packet classification. (see Backholm paragraph [0063], lines 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-Parthasarathy for matching domain name in DNS reverse cache used for packet classification as taught by Backholm. One of ordinary skill in the art would have been motivated to employ the teachings of Backholm for the benefits achieved from a system that enables enhancing DNS caching in order to provide signaling optimization for application level traffic. (see Backholm paragraph [0043], lines 1-3)    

Regarding Claims 13, 19, Wang-Parthasarathy-Backholm discloses the method of claim 1 and the computing device of Claim 8 and the non-transitory computer readable medium of claim 15, wherein non HTTP or HTTPS traffic comprises at least one of Internet Control Message Protocol (ICMP) traffic, User Datagram Protocol (UDP) traffic, and non-HTTP protocols using Transmission Control Protocol (TCP) traffic.  (see Wang paragraph [0014], lines 1-7: traffic communicated between network devices using communication protocols such as TCP (TCP/IP) protocol, UDP protocol, ATM protocol, Frame Relay protocol, IPX protocol; (selected: non-HTTP protocols using Transmission Control Protocol (TCP) traffic))    

Regarding Claim 21, Wang-Parthasarathy-Backholm discloses the method of claim 1
Wang-Backholm does not specifically disclose storing a mapping utilizing a canonical name record. 
However, Parthasarathy discloses wherein the traffic type associated with the packet comprises HTTPS traffic, wherein the mobile network session is associated with the full handshake status, and wherein determining the domain name further comprises: extracting a server canonical name record from a certificate message sent by an HTTP server; and storing a mapping between the server canonical name record and a session identifier in a cache. (see Parthasarathy paragraph [0042], lines 10-16: for resuming previously established session, client sends session ticket data back to server in extension to a client hello message identifying a particular SSL/TLS session; paragraph [0044], lines 8-10: for resuming a previously established SSL/TLS session an abbreviated handshake between client and server can occur; paragraph [0032], lines 5-18: device determines the type of content being transmitted in both secured and unsecured session (i.e. HTTP and HTTPS sessions)); paragraph [0070], lines 1-8: domain mapping tables provide access to node identification information (i.e. domain name, certificate); paragraph [0032], lines 5-18: device determines type of content being transmitted in both secured and unsecured sessions (i.e. HTTP traffic and HTTPS traffic sessions), SSL and TLS protocols)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-Backholm for storing a mapping utilizing a canonical name record as taught by Parthasarathy.  One of ordinary skill in 

Regarding Claim 22, Wang-Parthasarathy-Backholm discloses the method of claim 1.
Wang-Backholm does not specifically disclose traffic associated with an abbreviated handshake status and mapping information associated with a canonical name record. 
However, Parthasarathy discloses wherein the traffic type associated with the packet comprises HTTPS traffic, wherein the mobile network session is associated with the abbreviated handshake status (see Parthasarathy paragraph [0042], lines 10-16: for resuming previously established session, client sends session ticket data back to server in extension to a client hello message identifying a particular SSL/TLS session; paragraph [0044], lines 8-10: for resuming a previously established SSL/TLS session an abbreviated handshake between client and server can occur; paragraph [0032], lines 5-18: device determines the type of content being transmitted in both secured and unsecured session (i.e. HTTP and HTTPS sessions)), and wherein determining the domain name further comprises mapping a session identifier in a server hello message to a server canonical name record in a cache. (see Parthasarathy paragraph [0070], lines 1-8: domain mapping tables provide access to node identification information (i.e. domain name, certificate); paragraph [0032], lines 5-18: device determines type of content being transmitted in both secured and unsecured sessions (i.e. HTTP traffic and HTTPS traffic sessions), SSL and TLS protocols)
  

6.        Claims 4, 11, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Parthasarathy and further in view of Backholm and Jackowski et al. (US PGPUB No. 20120078994).  
   
Regarding Claims 4, 11, Wang-Parthasarathy-Backholm discloses the method of claim 1 and the computing device of Claim 8, including transmitting, by the computing device, an address to the user equipment indicative of a domain name. (see Wang paragraph [0018], lines 1-15: network device extracts identification information (i.e. address information) associated with initial handshake message; SNI (Service Name Initiation) identification used to distinguish between the multiple DNS hostnames and determine the hostname that is utilized)
Wang-Parthasarathy-Backholm does not specifically discloses a loopback address indicative of user equipment.  
However, Jackowski discloses wherein further comprising: transmitting a loopback address to the user equipment. (see Jackowski paragraph [0278], lines 13-16: filters include source or destination IP addresses matching hosted IP addresses of the system 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-Parthasarathy-Backholm for a loopback address indicative of user equipment as taught by Jackowski.  One of ordinary skill in the art would have been motivated to employ the teachings of Jackowski for the benefits achieved from the flexibility of a system that enables traffic of different types to be easily balanced and prioritized by QoS requirements.  (see Jackowski paragraph [0003], lines 10-16)

Regarding Claim 17, Wang-Parthasarathy-Backholm discloses the non-transitory computer readable medium of claim 15, wherein the apparatus is further caused to: apply deep packet inspection to the packet to determine the traffic type. (see Wang paragraph [0002], lines 4-7: in order to apply policy decisions, inspecting network traffic by performing deep packet inspection and viewing the underlying packet data for analysis)  
Furthermore, Wang discloses wherein to transmit an address to user equipment indicative of the domain name.  (see Wang paragraph [0018], lines 1-15: network device extracts identification information (i.e. address information) associated with initial handshake message; SNI (Service Name Initiation) identification used to distinguish between multiple DNS hostnames utilized)     
Wang-Parthasarathy-Backholm does not specifically disclose transmitting a loopback address to user equipment. 
However, Jackowski discloses wherein transmit a loopback address to the user 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Wang-Parthasarathy-Backholm for transmitting a loopback address to user equipment as taught by Jackowski.  One of ordinary skill in the art would have been motivated to employ the teachings of Jackowski for the benefits achieved from the flexibility of a system that enables traffic of different types to be easily balanced and prioritized by QoS requirements.  (see Jackowski paragraph [0003], lines 10-16)   

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/CJ/
May 24, 2021


                                                                                                                                                                                       /FATOUMATA TRAORE/Primary Examiner, Art Unit 2436