DETAILED ACTION
Claims 1-20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1, 3, 6, 7, 11, 13, 16-18 and 20 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Wood (USPGPUB No. 2015/0326530).

As per claim 1, Wood teaches a method for enforcing a segmentation policy (Claim interpretation, a segmentation policy is simply a policy that controls permissible communication between workloads on a network, see [0002] of the instant application) that controls permissibility of connections between workloads (Claim interpretation – “workload” is a an application, application component or process see [0014] of the Claim interpretation – “workload” is a an application, application component or process see [0014] of the instant application) on a host device and a domain name ([0075], identifying domain name with traffic requester identity, along with current status, i.e. blocked – this data would be associated with commands that view the list or change/modify the list as user are permitted to do), and the management instruction indicating permissibility of a connection between the first workload on the host device and a second workload in the network domain identified by the domain name ([0009], a device/s using whitelist on domain names and IP addresses to control connections with domains); storing, by the enforcement module, the domain name in a whitelist of domain names ([0008], whitelist can be applied to applications, ports as well as domains); responsive to a connection request from the first workload to the network domain identified by the domain name, obtaining (Claim interpretation – “snoop” is not clearly defined in the instant application and is interpreted to be listening for a response or receiving a response from the DNS and deriving an IP address) on a DNS response received by the host device in response to the connection request ([0070], in response to a request to connect to a domain) to obtain a network address associated with the network domain ([0068]-[0070], requesting IP address for entered domain name); storing, based on the DNS response from the network domain 
responsive to a connection request from the first workload to the network domain identified by the domain name, snooping (Claim interpretation – “snoop” is not clearly defined in the instant application and is interpreted to be listening for a response or receiving a response from the DNS and deriving an IP address) on a DNS response received by the host device in response to the connection request ([0070], in response to a request to connect to a domain) to obtain a network address associated with the network domain ([0068]-[0070], requesting IP address for entered domain name)

As per claim 3, Wood teaches the method of claim 1, further comprising: storing a mapping of the network address to the domain name; and sending the mapping to the segmentation server to enable the segmentation server to associate the network address with the domain name ([0086], requesting and recording IP addresses associated with “blocked” and “allowed” domains then using them to enforce policy see [0036]).
see [0086]).

As per claim 7, Wood teaches the method of claim 6, further comprising: reporting to the segmentation server, a mapping between the detected network address and the network domain ([0086], mapping of domains and IP addresses are recorded).

As per claim 11, the substance of the claimed invention is identical or substantially similar to that of claim 1.  Accordingly, this claim is rejected under the same rationale.

As per claim 13, the substance of the claimed invention is identical or substantially similar to that of claim 3.  Accordingly, this claim is rejected under the same rationale.

As per claim 16, the substance of the claimed invention is identical or substantially similar to that of claim 6.  Accordingly, this claim is rejected under the same rationale.

As per claim 17, the substance of the claimed invention is identical or substantially similar to that of claim 7.  Accordingly, this claim is rejected under the same rationale.



As per claim 20, the substance of the claimed invention is identical or substantially similar to that of claim 3.  Accordingly, this claim is rejected under the same rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wood in view of McGleenon (US PGPUB No. 2012/0084423).


Wood does not explicitly teach storing a time-to-live value in association with the network address; and responsive to the time-to-live value expiring, removing the network address from the whitelist of network addresses.  McGleenon teaches storing a time-to-live value in association with the network address ([0077], time period tracked for IP address); and responsive to the time-to-live value expiring, removing the network address from the whitelist of network addresses ([0077], removing IP address from whitelist after IP address expires).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wood with the teachings of McGleenon, storing a time-to-live value in association with the network address; and responsive to the time-to-live value expiring, removing the network address from the whitelist of network addresses, to keep the security access policies fresh.

As per claim 12, the substance of the claimed invention is identical or substantially similar to that of claim 2.  Accordingly, this claim is rejected under the same rationale.

As per claim 19, the substance of the claimed invention is identical or substantially similar to that of claim 2.  Accordingly, this claim is rejected under the same rationale.

Claims 4, 5, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Wood in view of Amini et al. (US PGPUB No. 2004/0249939) [hereinafter “Amini”].


Wood does not teach detecting a redirect from the domain name to an alias name; snooping on a DNS response received by the enforcement module in response to the redirect to the alias name to obtain the network address. Amini teaches detecting a redirect from the domain name to an alias name ([0005], detecting a redirect to an alias); snooping on a DNS response received by the enforcement module in response to the redirect to the alias name to obtain the network address ([0005], looking up IP address).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wood with the teachings of Amini, detecting a redirect from the domain name to an alias name; snooping on a DNS response received by the enforcement module in response to the redirect to plan for user error in typing and locating domain name servers.

As per claim 5, the combination of Wood and Amini teaches the method of claim 4, further comprising: storing a mapping of the alias name to the domain name ([0005], association of alias name, i.e. cname, to domain name); sending the mapping to the segmentation server to enable the segmentation server to associate the alias name with the domain name ([0005], association sent to and stored at DNS and also sent to client devices to resolve IP address with DNS).

As per claim 14, the substance of the claimed invention is identical or substantially similar to that of claim 4.  Accordingly, this claim is rejected under the same rationale.

As per claim 15, the substance of the claimed invention is identical or substantially similar to that of claim 5.  Accordingly, this claim is rejected under the same rationale.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Wood in view of Canoy et al. (US PGPUB No. 2015/0237055) [hereinafter “Canoy”].

As per claim 8, Wood teaches the method of claim 1.
Wood does not teach storing one or more port numbers in association with the domain name; wherein determining that the domain name is in the whitelist further comprises determining that a port number associated with the connection request is included in the one or more port numbers associated with the domain name; and wherein updating the local firewall configuration further comprises permitting the connection with the port number associated with the connection request.  Canoy teaches storing one or more port numbers in association with the domain name ([0027], combination of a domain name and a port ascribed a source on a whitelist); wherein determining that the domain name is in the whitelist further comprises determining that a port number associated with the connection request is included in the one or more port numbers associated with the domain name; and wherein updating the local firewall configuration further comprises permitting the connection with the port number associated with the connection request (Col. 8, lines 58-62, identify domain names using wildcard characters for access whitelists).
.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Wood in view of Schiffman (US Patent No. 9,762,612).

As per claim 9, Wood teaches the method of claim 1.
Wood does not teach wherein the rule of the segmentation policy identifies the domain name based on an expression including one or more wildcard characters.  Schiffman teaches wherein the rule of the segmentation policy identifies the domain name based on an expression including one or more wildcard characters (Col. 8, lines 58-62, identify domain names using wildcard characters for access whitelists).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wood with the teachings of Schiffman, wherein the rule of the segmentation policy identifies the domain name based on an expression including one or more .

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Wood in view of Kaliski JR. et al. (US PGPUB No. 2016/0173439) [hereinafter “Kaliski”].

As per claim 10, Wood teaches the method of claim 1.
Wood does not teach authenticating the domain name based on domain name system security extensions (DNSSEC). Kaliski teaches authenticating the domain name based on domain name system security extensions (DNSSEC) ([0037], validating DNS records, i.e. domain names, with DNSSEC).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wood with the teachings of Kaliski, authenticating the domain name based on domain name system security extensions (DNSSEC), to use and build upon a well-known protocol in validating domain names.

Response to Arguments
Applicant's arguments with respect to the rejection of claims 1-20 under 35 U.S.C. 102 and 103 have been fully considered but they are not persuasive. The amendments appear to reword and clarify the language but do not add substantive limitations that require additional references to be introduced. 
As per claim 1, Applicant argues that Wood does not anticipate amended claim 1. Applicant reasons that Wood is not related to a segmentation policy. See (Wood; Abstract and [0005]). Examiner notes that there are other definitions of “segmentation” in the art but the term has not been defined in the specification to include such definitions. 
As per claim 1, Applicant further argues that Wood does not describe an "enforcement module" that receives "from a segmentation server," "a management instruction" that "identif[ies] a first workload on a host device and a domain name" and that "indicat[es] a permissibility of a connection between the first workload on the host device and a second workload in a network domain identified by the domain name.” and Wood also does not disclose "updating an access control rule of a local firewall.. .based on the whitelist of network addresses," as claimed.  Applicant reasons that Wood relates to specific mechanisms for operating a firewall in relation to communications to and from servers controlled by a DNS and does not disclose a technique for receiving management instructions of a segmentation policy of an enforcement module and updating an access control rule of a firewall. Examiner submits Wood does teach such network management instructions given the broad definition of “segmentation policy”. The firewall/s (each traffic requester has one) and related components act as enforcement modules for the network security policies and enforce the access rules implemented in the firewall.  See (Wood; Abstract and Fig. 1). Applicant further points out the disadvantages of Wood’s firewall platform and then contrasts Wood with the claimed process of the instant application which receives a management instruction that specifies the domain name, and the IP address is determined by “snooping”. Basically, Applicant is arguing that Wood does not teach “snooping” the IP address. Examiner submits that “snooping” is not clearly defined in the specification of the instant application and is interpreted to be listening for a response or receiving a response from the DNS and deriving an IP address. The claim language explicitly reads “snooping on a DNS response received by the host device in response to the connection request to obtain a network address associated with the network domain”; Examiner does not read any language in this limitation that defines “snooping” as anything other than listening. Therefore, since the specification does not provide a definition, Examiner interprets the host in Wood to be listening or waiting for, i.e. snooping for, the address response initiated by the entering of the domain name. See Wood [0068]-[0070].
As per all remaining claims, the above arguments are repeated and therefore are addressed in the same manner.

To expedite prosecution, Examiner suggests drawing language from the specification to describe/define the segmentation policy which would likely distinguish the invention from the prior art.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Salcedo (US PGPUB No. 2016/0006693), Bartik et al. (US PGPUB No. 2019/0036930), Lison et al. ("Neural reputation models learned from .

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179.  The examiner can normally be reached on Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.