Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note
	Examiner called Applicant and proposed amending independent claims 1, 11 & 17 by incorporating limitations of claims 2 & 3, 12 & 13, 18 & 19 respectively. Examiner noted that the amendment will place the case in allowable condition. The Applicant agreed to consider the proposition and promised to get back with a response soonest possible.
Subsequently, the Applicant emailed the Examiner the proposed amendment as recommended by Examiner (please see the attached “Email from the Applicant” for details)’
The case has now been placed in allowable condition... 	
	
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email from Joanna Chen (Reg. No.72,754) on 8/25/2021.
AMENDMENTS TO THE CLAIMS:

	1. (Currently Amended) A computer-implemented method, comprising:
sending a service provider request within a network having one or more network devices sharing a server;
receiving a response from a responding network device, wherein the response comprises an answer;
identifying a level of trust of the responding network device based on the answer; and applying a network policy to the responding network device based on the level of trust,
wherein the service provider request , 
wherein the service provider request is a DNS request and the response is a DNS response, and 
wherein the DNS response further comprises metadata about a proof of integrity of the responding network device provided by an evaluation of the answer, by a trusted platform module crypto-processor, with respect to an identity of hardware and software components of the responding network device, and 
wherein the answer is evaluated based on logs maintained in a trusted storage of the responding network device, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding trustworthiness of the responding network device.


2. (Canceled)

3. (Canceled)

4. (Currently Amended) The computer-implemented method of claim [[2]] 1, wherein the DNS response further comprises a proof of freshness using a signature over verifiably fresh data such as a current time when the DNS response is sent.

5. (Currently Amended) The computer-implemented method of claim 4,
wherein the DNS request the trusted platform module crypto-processor associated with the responding network device to generate a signature based on the nonce,
wherein the signature could not been generated before the nonce was provided, and
wherein the DNS response comprises the signature.

6. (Currently Amended) The computer-implemented method of claim [[2]] 1,
wherein the DNS response further comprises a proof of freshness by a token,
wherein the [[DNS]] server validates the token with respect to the responding network device's freshness of data based on a state of internal counters within [[a]] ]] the trusted platform module crypto-processor associated with the responding network device, and
wherein the [[DNS]] server hosts a directory of reference integrity values, known good reference values, and public keys published as certificates of other peer devices for validating [[the]] tokens.

7. (Currently Amended) The computer-implemented method of claim 6, wherein the [[DNS]] server detects a change in an IP address of the responding network device and dynamically identifies a level of trust for the responding network device before updating the IP address in the of the server, by re-validating information the token appended to the responding network device's DNS response indicating a change in IP address.

8. (Currently Amended) The computer-implemented method of claim [[2]] 1, further comprising:
receiving multiple DNS responses from multiple responding network devices, each DNS response comprising a random number, forming a set of random numbers,
wherein the set of random numbers are algorithmically combined into a single nonce, and
wherein the single nonce is passed through a crypto-processor to generate a signature based on the single nonce.

9. (Original) The computer-implemented method of claim 8, wherein the set of random numbers is combined algorithmically into a single nonce using a Bloom filter.

10. (Original) The computer-implemented method of claim 1, wherein the network policy for the responding network device is reevaluated at a predetermined frequency.

11. (Currently Amended) A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processor, cause a computing device to:
broadcast a multicast domain name service (mDNS) message;
receive a mDNS response from a responding service provider, wherein the mDNS response comprises an answer;
identify a level of trust of the responding service provider based on the answer; and apply a network policy to the responding service provider based on the level of trust,
wherein the mDNS message further comprises a service request for a particular service and a responding network device offers the particular service, 
wherein the mDNS response further comprises metadata about the responding network device's proof of integrity provided by an evaluation of the answer, by a trusted platform module crypto-processor, with respect to the identity of hardware and software components of the responding network device, and 
wherein the answer is evaluated based on logs maintained in a trusted storage of the responding network device, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding the responding network device's trustworthiness.

12. (Canceled)

13. (Canceled)

14. (Original) The non-transitory computer-readable storage medium of claim 11, wherein the mDNS response further comprises a proof of freshness by means of a token, wherein the token validates the responding network device's freshness of data based on a state of internal counters within a trusted platform module crypto-processor associated with the responding network device.

15. (Original) The non-transitory computer-readable storage medium of claim 14, wherein the token comprises extracted current counters from the responding network device's trusted platform module crypto-processor and hashed with information within an external trusted platform module crypto-processor.

16. (Original) The non-transitory computer-readable storage medium of claim 11, wherein the network policy for the responding network device is reevaluated at a predetermined frequency.

17. (Currently Amended) A system, comprising:
at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the at least one processor to:
receive a service request message comprising a service request for a particular service and attestation metadata;
identify a level of trust of an end device of the service request 
apply a network policy to the end device of the service request 
broadcast the service request message for a responding service provider that offers the particular service,
wherein the attestation metadata comprises metadata about the service request end device's proof of integrity provided by an evaluation of the attestation metadata, by a trusted platform module crypto-processor, with respect to the identity of hardware and software components of the end device of the service request, and
wherein the attestation metadata is evaluated based on logs maintained in a trusted storage of the end device of the service request, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding the end device's trustworthiness.

18. (Canceled)

19. (Canceled)

20. (Original) The system of claim 17, wherein the service request message further comprises a proof of freshness by means of a signature over verifiably fresh data such as a current time when the service request message is sent.

Allowable Subject Matter
Claims 1,4-11, 14-17 and 20 are allowed.

	The following is an examiner’s statement of reasons for allowance:
        Regarding claim 1, although the prior art of record teaches (such as, Beaudet (US 20160248596, in para 0017), sending a service provider request within a network having one or more network devices sharing a server; receiving a response from a responding network device; none of the prior art, alone or in combination teaches wherein the service provider request is a DNS request and the response is a DNS response, and wherein the DNS response further comprises metadata about a proof of integrity of the responding network device provided by an evaluation of the answer, by a trusted platform module crypto-processor, with respect to an identity of hardware and software components of the responding network device, and wherein the answer is evaluated based on logs maintained in a trusted storage of the responding network device, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding trustworthiness of the responding network device; in view of other limitations of claim 1..
Regarding claim 11, although the prior art of record teaches (such as, Beaudet (US 20160248596, in para 0017) broadcast a multicast domain name service (mDNS) message; receive a mDNS response from a responding service provider; none of the prior art, alone or in combination teaches wherein the mDNS message further comprises a service request for a particular service and a responding network device offers the particular service,wherein the mDNS response further comprises metadata about the responding network device's proof of integrity provided by an evaluation of the answer, by a trusted platform module crypto-processor, with respect to the identity of hardware and software components of the responding network device, and wherein the answer is evaluated based on logs maintained in a trusted storage of the responding network device, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding the responding network device's trustworthiness;in view of other limitations of claim 11.
Regarding claim 17, although the prior art of record teaches (such as, Beaudet (US20160248596, in para 0017) receive a service request message comprising a service request for a particular service and attestation metadata.; none of the prior art, alone or in combination teaches wherein the attestation metadata comprises metadata about the service request end device's proof of integrity provided by an evaluation of the attestation metadata, by a trusted platform module crypto-processor, with respect to the identity of hardware and software components of the end device of the service request, and wherein the attestation metadata is evaluated based on logs maintained in a trusted storage of the end device of the service request, wherein the logs indicate a set of transactions that have occurred since boot time and provides data regarding the end device's trustworthiness; in view of other limitations of claim 17..

	The closest prior art (patent publications) made of records are: 
Beaudet (US20160248596,) teaches receiving mDNS packets can include a network, which can include an access controller, an mDNS gateway, and a number of network interfaces configured to reflect a multicast Domain Name Service (mDNS) packet. 
Devarapalli (US 20120096166) teaches techniques are provided to enable a network device, such as a switch, to perform global server load balancing (GSLB) while operating as a proxy to a domain name system security extensions (DNSSEC)-capable authoritative DNS server. The network device preserves an original signature generated by the DNSSEC-capable authoritative DNS server for a resource record set contained in a DNSSEC reply. 
Spacek (US20180343122) teaches an example method includes obtaining a first public key associated with a private key of an application vendor of an application package signed with the private key. The first public key includes metadata including an identifier of the first public key. The method also includes transforming, via a processing device, the identifier into a Domain Name System ( DNS) name, sending the DNS name to a DNS server to determine that the DNS name corresponds to a trustworthy source, in response to receiving, from the DNS server, a second public key associated with the DNS name in a DNS data store, confirming that the DNS name corresponds to the trustworthy source, and determining whether the second public key matches the first public key to verify whether the first public key and the associated private key used to sign the application package are authentic. 
 Archbold (US20140068043) teaches systems and methods are disclosed for providing a risk aware domain name service (DNS), which includes modulating a time to live (TTL) value associated with the DNS based at least in part on one or more DNS-related metrics associated with a DNS server providing DNS resolution. 
Renteria (US20160142429) teaches system and techniques for preventing access to malicious websites are described herein. A communication message containing content may be received. A query may be generated based on the content of the communication message. The query may be executed against a database of known malicious content items and a score may be generated based on similarity of the content of the communication message to one or more of the known malicious content items. It may be determined whether to block the communication message based on the score relative to a predetermined threshold.
Halley (US20180159815) teaches a method for selectively extending a life of prefetched content for DNS content delivery is disclosed. The method includes providing a cache to keep at least one DNS entry. The DNS entry includes a domain name and a DNS answer associated with the domain name. The DNS entry is assigned a lifetime. The method includes determining that a DNS query is received, wherein the DNS query includes a further domain name matching the domain name of the DNS entry. The method further includes determining that the lifetime of the DNS entry is to expire within a pre-determined interval. In response to the determination, the method allows sending the DNS query to an authoritative DNS to obtain a further DNS answer associated with the domain name. If the further DNS answer is not received, the method generates a copy of the DNS entry with a shorter lifetime. 


Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497