DETAILED ACTION
 Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. Applicant’s arguments (appeal brief) filed on 03/02/2021, with respect to the 102 rejection have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Landivar (US Pat.No.8, 037,415).

Claim Rejections - 35 USC § 102
3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

4.Claim(s) 1-2, 4, 6, 10-11, 13, 15 and 19-20 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Landivar (US Pat.No.8,037,415).

5.    Regarding claims 1 and 10 Landivar teaches a method and a system comprising:
acquiring, by a client security manager [which is the host file manager of fig.4-6] running on a client computer system associated with a private network, a remote host name resolution file maintained by a remote server or a network security appliance associated with the private network; importing, by the client security manager, the remote host name resolution file  (Figs.4-6, Col.6, lines.32-41 teaches the host file is in a remote or local network server. Col.10, lines.41-50 and Col.11, lines.30-37 teaches coping the host file comprising writing the content of host file to a local computer system from another or remote location);

using, by the client computer system, the local host name resolution file to resolve host names to Internet Protocol (IP) addresses (Col.3, lines. 28-41 teaches translate the domain name or host name into an IP address via a computer's local host’s file, or via the DNS resolver. For example, when a user of a computer 141 points his browser to the hostname "www.abccorp.com," this hostname is translated into an IP address by either consulting the computer's hosts file, or by consulting DNS, and this is called name-to-IP resolution).

6. Regarding claims 2 and 11 Landivar teaches the method and the system, wherein the remote server comprises a file server and wherein the remote host name resolution file is shared freely or on a subscription basis (Col.10, lines.41-50 teaches the host file is shared freely).

7.    Regarding claims 4 and 13 Landivar teaches the method and the system, wherein the network security appliance provides one or more of network firewalling, Virtual Private Networking (VPN), antivirus protection, intrusion prevention (IPS), content filtering, data leak prevention (DLP), antispam, antispyware, logging and reputation-based protections on behalf of the private network (Col.1, lines.20-46 teaches the network security appliance provides intrusion prevention).

8.    Regarding claims 6 and 15 Landivar teaches the method and the system wherein the remote host name resolution file is pushed to the client security manager by the network security appliance (Col.8, lines. 42-55 teaches the program application manager will be 

9. Regarding claims 19 and 20 Landivar teaches the method and the client computer system, wherein the remote host name resolution file comprises a customized host file that includes host name-IP address mappings that are tailored to enhance network security or regulate network accessibility of the client computer system (Col.3, lines. 28-41 teaches a host name will be translated or mapped into an IP address via the local Hosts file on the computer or the DNS server, and this is called name-to-IP resolution, which regulate network accessibility of the client system . Fig.5 and Col.11, lines.16-29 teaches modified version of host file, which is the customized version herein).

                                  Claim Rejections - 35 USC §103
10. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


11.    Claims 3, 5, 12 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Landivar (US Pat. No. 8,037,415) as applied to claims 1 and 10 above and further in view of Hsieh (US Pat.No.8, 316,440).



Hsieh teaches the method and the system, further comprising prior to said importing, verifying, by the client security manager, integrity of the host name resolution file (Col.4, lines.56-57 teaches a host name will be translated or mapped into an IP address via the local Hosts file on the computer or DNS server, and this is called "name-to-IP resolution". Col.4, lines.8-20, lines.62-67 and Col.5, lines.1-3, lines.39-45 teaches the detection process detects any suspicious changes in name-to-IP resolution. When the computer obtains an IP address for a host name, either from the local Hosts file or by querying a DNS server, the Detection Process analyzes the host name and the IP address based on various rules and in connection with the data saved in Historical Data. If the analysis indicates that the IP address is suspicious, then the Detection Process alerts an owner or user of the computer system).

    Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar to include verifying, by the client security manager, integrity of the host name resolution file as taught by Hsieh, since such a setup will give a predictable result to detect and prevent pharming attacks especially changes in name-to-IP resolutions on computer systems.

13.    Regarding claims 5 and 14 Landivar teaches the method and the system, further comprising: establishing, by the client security manager, a connection with the network security appliance through the private network (Col.6, lines.32-40 teaches the connection between the client computer with the security appliance is through a local or remote network, which is the private network); but does not expressly teach sending, by the client security 

Hsieh teaches sending, by the client security manager, environment information of the client computer system to the network security appliance (Col.4, lines.3-20 teaches the client not currently affected by the pharming attack [which is the environmental information herein]);
wherein said acquiring, by a client security manager running on a client computer system associated with a private network, a remote host name resolution file involves the network security appliance selecting among a plurality of remote host name resolution files based on the environment information (Col.3, lines.65-67, Col.4, lines.1-20 teaches selecting a host name files from plurality based on the legitimate IP address, as such not affected by the pharming attack).

Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar to include sending, by the client security manager, environment information of the client computer system to the network security appliance as taught by Hsieh, since such a setup will give a predictable result to detect and prevent pharming attacks on computer systems.

14.    Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Landivar (US Pat.No.8,037,415) as applied to claim 1 above and in view of Hsieh (US Pat.No.8, 316,440) and further in view of Cranor (US Pub.No.2003/0112792).



Hsieh teaches responsive to editing of the local host name resolution file, verifying, by the client security manager, integrity of the local host name resolution file by checking for one or more of proper syntax, naming of the local host name resolution file (Col.4, lines.62-67; Col.5, lines.1-3 teaches the detection process 140 detects any suspicious changes in name-to-IP resolution 142. When the computer obtains an IP address for a host name, either from the local Hosts file or by querying a DNS server, the Detection Process 140 analyzes the host name and the IP address based on various rules and in connection with the data saved in Historical Data. If the analysis indicates that the IP address is suspicious, then the Detection Process 140 alerts 150 an owner or user 160 of the computer system, i.e., the integrity of the local host name resolution file is checking based on proper syntax [see, table 2 in Col.7, lines. 45-50]); but does not express teach encoding of content of the local host name resolution file.

Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar to include verifying, by the client security manager, integrity of the local host name resolution file by checking for one or more of proper syntax, naming of the local host name resolution file as taught by Hsieh, since such a setup will give a predictable result to detect and prevent pharming attacks on computer systems

Cranor teaches encoding of content of the local host name resolution file (Para: 0023 teaches encoding the content of the host name file).

Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar and Hsieh to include encode the content of the local host name resolution file as taught by Cranor, since such a setup will give a predictable result of encrypting the content of the host file to make more secure.

16.    Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Landivar (US Pat. No. 8,037,415) as applied to claims 1 and 10 above and in view of Goel (US Pub.No.2016/0380988).

17.    Regarding claims 8 and 17 Landivar teaches all the above claimed limitations, but does not expressly teach the method and the system, further comprising causing, by the client security manager, the local host name resolution file to have higher priority than other remote name resolution methods by appropriately setting a name service switch of the client computer system.

Goel teaches the method and the system, further comprising causing, by the client security manager, the local host name resolution file to have higher priority than other remote name resolution methods by appropriately setting a name service switch of the client computer system (Para:0026 teach the OS of the device supports a name service switch NSS 142. Para: 0035 teaches setting the name service switch (NSS) module 142 in the device will enable the host names in the client device to have higher priority).

Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar to include the local host name resolution file to have higher priority than other remote name resolution methods by appropriately setting a name .

18.    Claim 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Landivar (US Pat. No. 8,037,415) as applied to claims 1 and 10 above and further of Lee (US Pub.No.2009/0055929).

19.    Regarding claims 9 and 18 Landivar teaches all the above claimed limitations but does not expressly teach the method and the system, further comprising generating, by the client security manager, an address group from the local host name resolution file; creating, by the client security manager, a network policy for the address group.

Lee teaches the method and the system, further comprising generating, by the client security manager, an address group from the local host name resolution file (Para: 0057, Para: 0087 -0088 teaches generate an IP address group from the host name file); and creating, by the client security manager, a network policy for the address group (Para: 0057 and Para: 0097 teaches creating policy for IP address group).

Therefore, it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Landivar to include generate an address group and creating a network policy for the address group as taught by Lee, such a setup will classify the IP addresses of the clients into groups and allocates a predetermined time so that a specific web page is accessed for the allocated time and a DNS user is notified of information related to DNS (para: 0057).

                                                       Conclusion


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 -272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431