DETAILED ACTION
This office action is in response to the application filed on 09/25/2019. Claims 1-22 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 9, 11 and 13 are objected to because of the following informalities:
 	Claims 9, 11 and 13 recite “wherein the computer program instructions are further configured to”, should be “wherein the computer program code is further configured to”. 
 Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claims 1-3, 5-10, 12-17 and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over Balderas (U.S Pub No. 2015/0180892 A1, referred to as Balderas), in view of M’Raihi et al. (U.S Pub No. 2011/0283174 A1, referred to as M’Raihi.
Regarding claims 1, 8 and 15, Balderas teaches:
An apparatus, comprising: a processor; computer memory holding computer program instructions executed by the processor (Balderas: Fig. 7, Items 704 (Processor), 706, 708, 710 (Memory); ¶ 0080), to retrieve threat information that is organized according to a set of threat information types (Balderas: Fig. 1, Items 102, 103, 104, 105, 106; ¶ 0030- ¶ 0031, “As illustrated in FIG. 1, the recursive DNS server 102, via threat assessment module 103, accesses a variety of services 104-106 (a set of threat information types) to provide security intelligence and determine a threat level of the client device 101.”; ¶ 0032- ¶ 0039), 5the computer program instructions including program code configured to: 
Balderas does not explicitly disclose, however M’Raihi teaches:
associate a set of domain name system (DNS) zones with the threat information types such that a particular DNS zone is associated to a particular threat information type (M’Raihi: Fig. 1, Item 110, 116; Fig. 2; ¶ 0017- ¶ 0018, “As described more fully in relation to FIG. 2 below, the data processor 112 will receive DNS queries from communications module 114, which is able to both transmit and receive data and messages, parse the DNS query, extract a host name from the DNS query, access memory 116, and compare the host name (threat information) against the DNS zone file to determine if the host name is associated with a customer of the Trust Services provider.”); 
receive a request (M’Raihi: Fig. 2, Step 210; ¶ 0022);  
10parse the request to identify given information (M’Raihi: Fig. 2, Steps 211-212; ¶ 0024); 
(M’Raihi: Fig. 2, Step 213; ¶ 0024); 
receive a response to the DNS query that includes the threat information; and provide a response to the request (M’Raihi: Fig. 2, Steps 214, 220, 222; ¶ 0025; ¶ 0034).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balderas by M’Raihi parse the DNS query, extract a host name from the DNS query, access a DNS file zone, and compare the host name against the DNS zone file to determine if the host name is associated with a customer of the Trust Services provider in order to improve security. (M’Raihi: ¶ 0018).

Regarding claim 22, Balderas teaches:
A control system associated with a threat intelligence service that hosts threat information organized according to a set of threat information types (Balderas: Fig. 1, Items 102 (A control system), 103, 104, 105, 106; ¶ 0030- ¶ 0031, “As illustrated in FIG. 1, the recursive DNS server 102, via threat assessment module 103, accesses a variety of services 104-106 (a set of threat information types) to provide security intelligence and determine a threat level of the client device 101.”; ¶ 0032- ¶ 0039), comprising: 
a computing element executing an application (Balderas: ¶ 0030, “FIG. 1 illustrates a system embodiment in which a recursive DNS server 102 receives a 101 and makes a threat assessment (application)”; and 
a computing element executing a threat intelligence service application programming 5interface (API), the API configured to receive an event associated with the application (Balderas: ¶ 0031, “As illustrated in FIG. 1, the recursive DNS server 102, via threat assessment module 103 (a threat intelligence service application), accesses a variety of services 104-106 to provide security intelligence and determine a threat level of the client device 101.”).
Balderas does not explicitly disclose, however M’Raihi teaches:
 parse the event to identify given information, based on the given information direct a zone-specific Domain Name System (DNS) query to a data store of threat information, receive a response to the zone-specific DNS query that includes threat data, and provide a DNS reply to the application that includes the threat data; 10wherein the application uses the threat data to make an access decision (M’Raihi: Fig. 2, Steps 211-222; ¶ 0024- 0034; ¶ 0055).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balderas by M’Raihi parse the DNS query, extract a host name from the DNS query, access a DNS file zone, and compare the host name against the DNS zone file to determine if the host name is associated with a customer of the Trust Services provider in order to improve security. (M’Raihi: ¶ 0018).

Regarding claims 2, 9 and 16, the combination of Balderas and M’Raihi teaches all the features of claims 1, 8 and 15, as outlined above.
Balderas teaches:
wherein the threat information is encoded in the response to the request (Balderas: Fig. 2, Item 218; ¶ 0040, “Box 218: Invoke a predetermined response according to static configuration. For example, return localhost address ‘127.0.0.1’ to the client, or one or more IP addresses that point to resources in the ISP that are pre-configured to handle and mitigate threats (e.g., tarpits, honeypots, security-hardened machines, to a “managed” proxy that obtains content for the client but also observes client actions in a security context). These machines may or may not have content associated with the requested domain name.

Regarding claims 3, 10 and 17, the combination of Balderas and M’Raihi teaches all the features of claims 1, 8 and 15, as outlined above.
Balderas teaches:
wherein the set of threat information types includes one of: a denied party list occurrence, a risk score, an IP address or URL category, and other threat information (Balderas: Fig. 1, Items 102, 103, 104, 105, 106; ¶ 0030- ¶ 0031, “As illustrated in FIG. 1, the recursive DNS server 102, via threat assessment module 103, accesses a variety of services 104-106 (a set of threat information types) to provide security intelligence and determine a threat level of the client device 101; ¶ 0013, “In a preferred embodiment, a given DNS server leverages an IP reputation service to score a client and thereby determine a threat level based on the IP address of the requesting client. Other ”).

Regarding claims 5, 12 and 19, the combination of Balderas and M’Raihi teaches all the features of claims 1, 8 and 15, as outlined above.
Balderas does not explicitly disclose, however M’Raihi teaches:
wherein the given information is one of: an IP address, a URL, a name, and information associated with a resource (Balderas: Fig. 2, Steps 202, 204; ¶ 0037, “At step 202, the DNS server 102 determines the IP address of the requesting client device, e.g., by reading it from the source IP field of the incoming packets. At step 204, the DNS server 102 determines the threat level of the client.”).

Regarding claims 6, 13 and 20, the combination of Balderas and M’Raihi teaches all the features of claims 1, 8 and 15, as outlined above.
Balderas does not explicitly disclose, however M’Raihi teaches:
further including writing threat 5information associated with a particular threat information type to a DNS zone file (M’Raihi: Fig. 1, Item 116; ¶ 0017, “Processor 132 is able to retrieve the customer list and provide the customer list to data processor 112, which then stores the customer list in memory 116 as a DNS zone file. Thus, the DNS zone file is updated (writing) on a regular basis as appropriate to the particular implementation”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balderas by M’Raihi parse . (M’Raihi: ¶ 0018).

Regarding claims 7, 14 and 21, the combination of Balderas and M’Raihi teaches all the features of claims 6, 13 and 20, as outlined above.
Balderas does not explicitly disclose, however M’Raihi teaches:
wherein the DNS query is directed to the DNS zone file (M’Raihi: Fig. 2, Steps 210-213; ¶ 0024).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balderas by M’Raihi parse the DNS query, extract a host name from the DNS query, access a DNS file zone, and compare the host name against the DNS zone file to determine if the host name is associated with a customer of the Trust Services provider in order to improve security. (M’Raihi: ¶ 0018).

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Balderas in view of M’Raihi and further in view of Malina et al. (U.S Pub No. 2006/0195402 A1, referred to as Malina).


Regarding claims 4, 11 and 18, the combination of Balderas and M’Raihi teaches all the features of claims 1, 8 and 15, as outlined above.
Balderas does not explicitly disclose, however Malina teaches:
decrypting the request to expose the given information; and encrypting the response that includes the threat information (Malina: Fig. 11; ¶ 0047).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balderas by Malina and have a system to decrypt a received encrypted request and to transmit an encrypted response to the requestor in order to insure a secured communication. (Malina: ¶ 0040)


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/HASSAN SAADOUN/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435