DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to communication filed 04/16/2021. Claims 1, 3, 8, 9, 11, 16 and 17 are currently amended. Claims 4, 6, 7, 12, 14, 15 and 19 are currently cancelled. Claims 1-3, 5, 8-11, 13, 16-18 and 20 are pending for examination.

Response to Arguments
2.          Applicant’s arguments filed on 04/16/2021, with respect to the rejections of claims 1, 9 and 17 have been considered but moot, since the amended claim limitations has changed the scope. Therefore the examiner did new ground of rejection using Drako (US 2008/0184357 A1) and Xu (US 2019/0268305 A1).

Claim Rejections - 35 USC § 112
3.     The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
4.     Claims 1-3, 5, 8-11, 13, 16-18 and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly 
	a)    Claim 1, 9 and 17 recites the limitation “The QUIC protocol” in 5th line, 9th line and 5th line of claim 1, 9 and 17, respectively. There is insufficient antecedent basis for this limitation in the claim. Applicant should remove “the” before “QUIC protocol” from 5th line, 9th line and 5th line of claim 1, 9 and 17, respectively.

Claim Rejections - 35 USC § 103

5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.   
6.   Claim 1-3, 8, 9-11, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Migault (WO 2017/163104 A1) in view of Drako (US 2008/0184357 A1), further in view of Xu (US 2019/0268305 A1).
Regarding claim 1 and 17, Migault teaches a method comprising:
	receiving, at a domain name system (DNS) service (guard 204-Fig. 2/DNS proxy-[0041]), a DNS request (210) sent by a client (DNS Client 202-Fig. 2) for a particular destination (DNS server 206-Fig. 2) (Fig. 5, [0075], guard receiving first DNS query (request 210-[0042]) sent from a client device to a DNS server (block 400); Fig. 3.);
	determining, by the DNS service (guard 204-Fig. 2/DNS proxy-[0041), that a connection between the client (DNS Client 202-Fig. 2) and the particular destination (DNS server 206-Fig. 2) will not support use of the Quick User Datagram Protocol (UDP) Internet Connections (QUIC) protocol (connection between client and DNS server do not support UDP/support TCP-see Fig. 3)(Fig. 5, [0075], guard receiving first DNS query (request 210-[0042]) sent from a client device to a DNS server (block 400); Then [0076], Responsive to determining that the DNS request was received in a UDP packet(i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; [0045].)(Hence guard determines that connection between client and DNS server do not support UDP protocol/connection. );
	generating, by the DNS service (guard 204-Fig. 2/DNS proxy-[0041), a DNS response (212) to the DNS request (210) that includes an indication ([0076], guard receives DNS request; then [0077], guard generates DNS response including an indicator/indication.) that the connection between the client (DNS Client 202-Fig. 2)  and the particular destination (DNS server 206-Fig. 2) will not support use of the QUIC protocol (see Fig. 3) (Fig. 5, [0076], Responsive to determining that the DNS request was received in a UDP packet (i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; [0045]. ) within an Extensions Mechanisms for DNS (EDNS) field of the DNS response (indicator/indication as EDNS0 field in DNS Response-see [0088]) (Hence guard generates DNS response that includes an indication that connection between client and DNS server do not support UDP protocol/connection within ENDS0 of the DNS response.); and
	Migault teaches UDP protocol
	Migault does not teach quick UDP internet connection (QUIC) protocol, and
sending the DNS response, by the DNS service, to cause a software defined networking (SDN) controller to install a policy on an intermediary between the client and the particular destination to explicitly reject a QUIC protocol connection attempted by the client with the particular destination, wherein the intermediary comprises a firewall or access device.
However, in an analogous art, Drako teaches sending the DNS response (response 30), by the DNS service (domain name service 28-Fig. 1), to cause a software defined networking (SDN) controller ([0020] & [0025], firewall {22/46 of Fig. 1/ 3} receives response 30 from the Domain Name Service 28; wherein [0024]; Fig. 3- the firewall 46 includes a controller 54. Hence it is obvious, the controller 54 receives  to install (enforce) a policy (rule) on an intermediary (firewall 22/46-Fig. 1/3) between the client (20-Fig. 1) and the particular destination (31-Fig. 1) (see Fig. 1, firewall is between 20 and 31) to explicitly reject (deny/restricted) a QUIC protocol connection attempted by the client (20) with the particular destination (31) ( [0015] & [0016], user 14 (i.e. 20) targets/attempts to access the website 31{with IP protocol-[0002].}) ( [0026],The function of the controller 54 is to enforce the domain name rules to deny access to a website. Wherein the domain name rules identify the domain name for which access is restricted.) (Hence the DNS response 30 causes the controller 54 to install a rule on a firewall 22/46 to explicitly deny/restrict a connection between 20 and 31.), wherein the intermediary comprises a firewall (firewall 22/46-Fig. 1/3; [0024]) or access device.
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Drako and apply them on the teaching of Migault to provide firewalls and selectively blocking access to Internet websites (Drako; [0001]).
	Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).
Regarding claim 2, 10 and 18, Migault teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within ENDS field of the DNS response.
	Migault- Drako does not teach wherein determining that a connection between the client and the particular destination will not support use of the QUIC protocol comprises: attempting, by the DNS service, a QUIC protocol connection with the particular destination.
	However, in an analogous art, Xu teaches wherein determining that a connection between the client and the particular destination will not support use of the QUIC protocol comprises:
	attempting, by the DNS service (DNS server 130 and 132-Fig. 1; [0024]), a QUIC protocol connection with the particular destination(site 168/ server 173.194.67.100-Fig. 1; [0107]) ([0104]; [0107]; Bob’s client device 106 attempts to connect with site 168/server using QUIC { Line 506 }(via 102 and 130-[0099]; [0101]); wherein [0101], Bob's IP address as a source in both the DNS request (526) and QUIC traffic (528), and site 168's IP address as both the destination IP address of client 106's QUIC session.)(Hence it is obvious, attempting, by DNS server, a QUIC session/connection with site 168.).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Drako to provide next generation firewalls (data appliance-Xu; [0020]).

Regarding claim 3 and 11, Migault further teaches wherein the explicit rejection of the attempted QUIC protocol connection by the intermediary causes the client (202) to instead attempt a Transmission Control Protocol (TCP) connection with the particular destination (206)( [0069], EDNSO option is added to include an explicit indication{in a DNS response-[0077]} that the client 202 should use TCP{as opposed to UDP-see [0062]; [0038]} for sending DNS queries.),
	Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
		It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 8 and 16, Migault teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within ENDS field of the DNS response.
	Migault- Drako does not teach wherein the intermediary probes the particular destination for QUIC protocol support, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with the particular destination.
	However, in an analogous art, Xu teaches wherein the intermediary probes the particular destination for QUIC protocol support, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with the particular destination ([0104]; [0107]; Bob’s client device 106 attempts to connect with site 168/server using QUIC{ Line 506 }; wherein [0107], Data appliance 102 observes QUIC traffic (i.e. protocol) between client device 106 and a server reachable at 173.194.67.100 (at 602); then data appliance 102 takes a remedial action, such as ending the session, alerting Bob that his actions are not permitted, etc. Hence 102 probes host/server for QUICK protocol, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with host/server).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 9, Migault teaches an apparatus (network device-guard; Fig. 1, 7; [0089]), comprising:
	one or more network interfaces (communication interface 506-Fig. 7; [0089]) to communicate with a network(200)([0089]; [0041]; Fig. 1; Hence guard has interface to communicate with network.);
	a processor(502-Fig. 7) coupled to the network interfaces(communication interface 506-Fig. 7) (see in Fig. 7, 502 coupled to 506.) and configured to execute one or more processes([0089]; [0094]); and
	a memory(504-Fig. 7) configured to store a process executable by the processor(502-Fig. 7)([0089]; [0094]), the process when executed configured to:
	receive a DNS request (210) sent by a client (DNS Client 202-Fig. 2) for a particular destination (DNS server 206-Fig. 2) (Fig. 5, [0075], guard receiving first DNS query (request 210-[0042]) sent from a client device to a DNS server (block 400); Fig. 3.);
	determine that a connection between the client (DNS Client 202-Fig. 2) and the particular destination (DNS server 206-Fig. 2) will not support use of the Quick User Datagram Protocol (UDP) Internet Connections (QUIC) protocol (connection between client and DNS server do not support UDP/support TCP-see Fig. 3)(Fig. 5, [0075], guard receiving first DNS query (request 210-[0042]) sent from a client device to a DNS server (block 400); Then [0076], Responsive to determining that the DNS request was received in a UDP packet(i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; )(Hence guard determines that connection between client and DNS server do not support UDP protocol/connection. );
	generate a DNS response(212) to the DNS request (210) that includes an indication ([0076], guard receives DNS request; then [0077], guard generates DNS response including an indicator/indication.) that the connection between the client (DNS Client 202-Fig. 2)  and the particular destination(DNS server 206-Fig. 2) will not support use of the QUIC protocol (see Fig. 3) (Fig. 5, [0076], Responsive to determining that the DNS request was received in a UDP packet (i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; [0045]. ) within an Extensions Mechanisms for DNS (EDNS) field of the DNS response(indicator/indication as EDNS0 field in DNS Response-see [0088]) (Hence guard generates DNS response that includes an indication that connection between client and DNS server do not support UDP protocol/connection within ENDS0 of the DNS response.); and
	Migault teaches UDP protocol
	Migault does not teach quick UDP internet connection (QUIC) protocol, and
sending the DNS response, by the DNS service, to cause a software defined networking (SDN) controller to install a policy on an intermediary between the client and the particular destination to explicitly reject a QUIC protocol connection attempted by the client with the particular destination, wherein the intermediary comprises a firewall or access device.
Drako teaches sending the DNS response (response 30), by the DNS service (domain name service 28-Fig. 1), to cause a software defined networking (SDN) controller ([0020] & [0025], firewall {22/46 of Fig. 1/ 3} receives response 30 from the Domain Name Service 28; wherein [0024]; Fig. 3- the firewall 46 includes a controller 54. Hence it is obvious, the controller 54 receives DNS response from the DNS server 28.) to install (enforce) a policy (rule) on an intermediary (firewall 22/46-Fig. 1/3) between the client (20-Fig. 1) and the particular destination (31-Fig. 1) (see Fig. 1, firewall is between 20 and 31) to explicitly reject (deny/restricted) a QUIC protocol connection attempted by the client (20) with the particular destination (31) ( [0015] & [0016], user 14 (i.e. 20) targets/attempts to access the website 31{with IP protocol-[0002].}) ( [0026],The function of the controller 54 is to enforce the domain name rules to deny access to a website. Wherein the domain name rules identify the domain name for which access is restricted.) (Hence the DNS response 30 causes the controller 54 to install a rule on a firewall 22/46 to explicitly deny/restrict a connection between 20 and 31.), wherein the intermediary comprises a firewall (firewall 22/46-Fig. 1/3; [0024]) or access device.
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Drako and apply them on the teaching of Migault to provide firewalls and selectively blocking access to Internet websites (Drako; [0001]).
	Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

7.   Claim 5, 13, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Migault (WO 2017/163104 A1) in view of Drako (US 2008/0184357 A1), in view of Xu (US 2019/0268305 A1), in view of Morris (US 2007/0043856 A1).

Regarding claim 5, 13 and 20, Migault teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within ENDS field of the DNS response.
	Migault- Drako does not teach wherein the intermediary uses Internet Control Message Protocol (ICMP) signaling to explicitly reject the QUIC protocol connection attempted by the client.
	However, in an analogous art, Morris teaches wherein the intermediary (module of 630-Fig. 6) uses Internet Control Message Protocol (ICMP) signaling to explicitly reject the QUIC protocol connection attempted by the client (610-Fig. 6) ([0057], Each module at pipeline 630 that receives a session-request event {UDP packets/connection-[0032]}; If a module chooses to reject, the session-request event is .).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Morris and apply them on the teaching of Migault- Drako to provide improved method for handling network traffic, causing a reduced latency time (Morris; [0016]).
	Migault -Morris- Drako do not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Migault- Morris- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Conclusion
8.	 Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is 
                                                                                                                                                                                                 

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MEHEDI S ALEY whose telephone number is (571)270-0439.  The examiner can normally be reached on Mon, Thus, Fri: 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey M Rutkowski can be reached on 571-270-01215.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/MEHEDI S ALEY/Examiner, Art Unit 2415    

/JEFFREY M RUTKOWSKI/Supervisory Patent Examiner, Art Unit 2415