Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s amendment filed on 06/21/2021 to Application #16/369,551 filed on 03/29/2019 in which Claims 1, 2, 5-11, 14-18 are pending.

Status of Claims
Claims 1, 2, 5-11, 14-18 are pending, of which Claims 1, 2, 5-11, 14-18 are allowable via Examiner’s Amendment.

Applicant’s Most Recent Claim Set of 06/21/2021
Applicant’s most recent amended claim set of 06/21/2021 is considered to be the latest claim set under consideration by the examiner.

112(f) Interpretation
All previous claim interpretations by the examiner under 112(f) are hereby removed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 

Authorization for this examiner’s amendment was given in a telephone interview with Matthew Nigriny on June 28, 2021.
 
The application has been amended as follows:

In the Claims:

Claim 8: (Currently Amended)
Regarding Claim 8, in Claim 8 Line(s) 4, replace the phrase:
“rule of a firewall of the another virtual machine based on the network address information.”
with the following:
“rule of a firewall of the second virtual machine based on the network address information.”


Claim 10: (Currently Amended)
Regarding Claim 10, in Claim 10 Line(s) 1-3, replace the phrases:
“A computer-implemented system for efficiently configuring the security rules for application firewalls in a cloud-based infrastructure, the system comprising:

with the following:
“A computer-implemented system for efficiently configuring the security rules for application firewalls in a cloud-based infrastructure, the system comprising:
a computer processor;
at least one of a virtual machine, running on the computer processor, comprising an”


Claim 10: (Currently Amended)
Regarding Claim 10, in Claim 10 Line(s) 9, replace the phrases:
“decode the DNS query response, and identify the network address information; and”
with the following:
“decode the DNS Server query response, and identify the network address information; and”


Claim 16: (Currently Amended)
Regarding Claim 16, in Claim 16 Line(s) 2, replace the phrase:
“transmit the network address information to another”
with the following:
“transmit the network address information to a second”


Claim 17: (Currently Amended)
Regarding Claim 17, in Claim 17 Line(s) 1-3, replace the phrases:
“The computer implemented system of claim 16, wherein the DNS computer Agent of the another virtual machine is further configured to update a security rule of a firewall of the another virtual machine based on the network address information.”
with the following:
“The computer implemented system of claim 16, wherein the DNS computer Agent of the second virtual machine is further configured to update a security rule of a firewall of the second virtual machine based on the network address information.”


Claim 18: (Currently Amended)
Regarding Claim 18, in Claim 18 Line(s) 4, replace the phrase:
“wherein the DNS computer Agents of each of the plurality of virtual machines is”
with the following:
“wherein the DNS computer Agents of each of the plurality of virtual machines are”


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 1, 2, 5-11, 14-18 are considered allowable.

The instant invention is directed to providing efficient configuring of the security rules for application firewalls in a cloud-based infrastructure.

The closest prior art, as recited, Bharali et al. US Patent Application Publication No. 2014/0150051 and Lee US Patent Application Publication No. 2015/0341318, are also generally directed to various aspects of providing efficient configuring of the security rules for application firewalls in a cloud-based infrastructure.  However, Bharali et al. or Lee does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claims 1, 10.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
an application requests network address data from a domain name system server for a fully qualified domain name, the domain name server’s response’s data packets to the application’s request are intercepted by a domain name system computer agent, the domain name system computer agent decodes the domain name server’s response’s data packets and identifies the requested network address data contained in the domain name server’s response’s data packets, the domain name system computer agent utilizes the decoded network address data to update a security rule of a firewall that includes a list of authorized external addresses of which the requesting application is allowed to communicate, the domain name system computer agent identifies any address information related to a fully qualified domain name in the domain name server’s response’s data packets that is stored in the list of authorized external addresses of which the requesting application is allowed to communicate, the domain name system computer agent then adds the address information related to the fully qualified domain name to the firewall security rule’s list of authorized external addresses of which the requesting application is allowed to communicate, provided that there is no previous address information related to the fully qualified domain name already included in the list of authorized external addresses of which the requesting application is allowed to communicate
When combined with the additional limitations found in Claim 1.

Regarding Claim 10:
an application requests network address data from a domain name system server for a fully qualified domain name, the domain name server’s response’s data packets to the application’s request are intercepted by a domain name system computer agent, the domain name system computer agent decodes the domain name server’s response’s data packets and identifies the requested network address data contained in the domain name server’s response’s data packets, the domain name system computer agent utilizes the decoded network address data to update a security rule of a firewall that includes a list of authorized external addresses of which the requesting application is allowed to communicate, the domain name system computer agent identifies any address information related to a fully qualified domain name in the domain name server’s response’s data packets that is stored in the list of authorized external addresses of which the requesting application is allowed to communicate, the domain name system computer agent then adds the address information related to the fully qualified domain name to the firewall security rule’s list of authorized external addresses of which the requesting application is allowed to communicate, provided that there is no previous address information related to the fully qualified domain name already included in the list of authorized external addresses of which the requesting application is allowed to communicate
When combined with the additional limitations found in Claim 10.

Therefore Claims 1, 2, 5-11, 14-18 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Martinez et al - US_20120185913: Martinez et al. teaches a cloud abstraction layer with security policies, rules, and procedures.
Ji et al - US_20160087939: Ji et al teaches rule development and binding for web application servers.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272- 8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498