DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a reply to the application filed on 12/30/2019, in which, claim(s) 1-20 are pending. Claim(s) 1, 8 and 15 are independent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/25/2020, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Drawings
The drawings filed on 12/30/2019 are accepted by The Examiner.

Claim Objections
Claims 1, 8, and 15 are objected to because of the following informalities:  
Claim 1 (Lines 5, 7 & 11) recites “agent's IP address”, “an HTTP server” and “an SSL/TLS connection”. It is suggested to spell out the acronyms when they are mentioned the very first time in the claim set.
Claim 8 (Lines 1 & 4) recites “an SSL/TLS request”, and “an HTTP
Claim 15 (Lines 2, 6, 7 & 11) recites “a UDP server”, “agent's IP address”, “an HTTP server” and “an SSL/TLS connection”. It is suggested to spell out the acronyms when they are mentioned the very first time in the claim set.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-6, 8-9, 11-13, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Gujarathi et al. (US 2018/0159856 A1).
Regarding Claim 1, Lapidous discloses A method of managing Domain Name Server (DNS) requests, comprising: 
receiving a DNS request from a browser on a client device in an endpoint DNS agent on a device on a local network, the DNS request comprising a requested domain name ([0008], “If the client-side application is aware that it's connected through the proxy server (the DNS agent) … the proxy server issues its own DNS requests for specified domains (name)”, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15 may store and execute one or more applications 102. In particular, the applications 102 may include such applications as a web browser or other application that sends or receives data from a remote device over a network”); 
sending a DNS response from the endpoint DNS agent to the browser on the client device, the DNS response comprising the endpoint DNS agent's IP address ([0065], “A DNS response is created 316 that includes the pseudo IP address allocated at step 210 and the TTL set at step 314 and the DNS response is returned 218 to the application that generated the intercepted 202 DNS request”); 
receiving from the browser on the client device a message with a Server Name Identification (SNI) tag identifying the requested domain name to an HTTP server in the endpoint DNS agent ([0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header”); and 
establishing an SSL/TLS connection between the HTTP server on the endpoint DNS agent and the browser on the client device ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes application after it issues TLS request for the same domain with the same session ID or a ticket”).  
Lapidous does not explicitly teach but Gujarathi teaches
generating a certificate for the requested domain name and sending it from the endpoint DNS agent to the browser on the client device ([0129], “client devices 715 may obtain certificates issued by the enterprise certificate authority from outside of the enterprise internal network and via the tenant-specific cloud services 711”, [0031], “from client device 107 a user may access web server 105 using an Internet browser”),
Lapidous and Gujarathi are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gujarathi with the disclosure of Lapidous. The motivation/suggestion would have been for using a multi-tenant web relay service to provide secure access to on-premises web services from a tenant-specific cloud service (Gujarathi, Abstract).

Regarding Claims 2 and 16, the combined teaching of Lapidous and Gujarathi teaches retrieving information from a domain associated with the requested domain name in the endpoint DNS agent, and selectively forwarding the requested information from the endpoint DNS agent to the browser on the client device to provide security to the client device (Lapidous, [0053], “one or more HTTP content requests are submitted to a client side HTTP proxy 112, which forwards requested domain inside a HOST header. In another implementation, one or more 

Regarding Claims 3, 11 and 17, the combined teaching of Lapidous and Gujarathi teaches wherein generating a certificate for the requested domain name comprises generating a certificate in a cloud service operable to sign the certificate as a recognized certificate authority (Gujarathi, [0129], “client devices 715 may obtain certificates issued by the enterprise certificate authority from outside of the enterprise internal network and via the tenant-specific cloud services 711”).

Regarding Claim 4, the combined teaching of Lapidous and Gujarathi teaches wherein the receiving a DNS request from a client device and sending a DNS response from the endpoint DNS agent are performed in a UDP server of the endpoint DNS agent (Lapidous, [0040], “a UDP (server) connection”).

Regarding Claims 5 and 18, the combined teaching of Lapidous and Gujarathi teaches wherein the device on the local network is the client device (Lapidous, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15”).

Regarding Claims 6 and 19, the combined teaching of Lapidous and Gujarathi teaches wherein the device on the local network is a router, a gateway, or a security appliance (Lapidous, [0049], “The computing device 1500 may likewise host a virtual private router”).

Regarding Claim 8, Lapidous discloses A method of intercepting an SSL/TLS request to a remote server, comprising: 
receiving a message from a client device in a man-in-the-middle server, the message comprising a Server Name Identification (SNI) tag identifying a requested domain name to an HTTP server in a man-in-the-middle server ([0008], “If the client-side application is aware that it's connected through the proxy (i.e. man-in-the-middle) server”, [0048], “a computing (client) device”, [0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header” message”); and 
establishing an SSL/TLS connection between the client device and the HTTP server on the man-in-the-middle server ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes TLS response to the client. Client caches the TLS response and returns it to the application after it issues TLS request for the same domain with the same session ID or a ticket”).
Lapidous does not explicitly teach but Gujarathi teaches
generating a certificate for the requested domain name and sending it from the man-in-the-middle server to the client device ([0129], “client devices 715 may obtain certificates issued by the enterprise certificate authority from outside of the client device 107 a user may access web server 105 using an Internet browser”),
Lapidous and Gujarathi are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gujarathi with the disclosure of Lapidous. The motivation/suggestion would have been for using a multi-tenant web relay service to provide secure access to on-premises web services from a tenant-specific cloud service (Gujarathi, Abstract).

Regarding Claim 9, the combined teaching of Lapidous and Gujarathi teaches retrieving information from a domain associated with the requested domain name in the man-in-the-middle server, and selectively forwarding the requested information from the man-in-the-middle server to the client to provide security to the client device (Lapidous, [0053], “one or more HTTP content requests are submitted to a client side HTTP proxy 112 (i.e. man-in-the-middle), which forwards requested domain inside a HOST header. In another implementation, one or more HTTPS content requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header”).

Regarding Claim 12, the combined teaching of Lapidous and Gujarathi teaches wherein the man-in-the-middle server is a server on the client device (Lapidous, [0053], “a client side HTTP proxy 112 (i.e. man-in-the-middle)” server).

Regarding Claim 13, the combined teaching of Lapidous and Gujarathi teaches wherein the man-in-the-middle server is a router, a gateway, or a security appliance on a local network with the client device (Lapidous, [0049], “The computing device 1500 may likewise host a virtual private router”).

Regarding Claim 15, Lapidous discloses A method of managing Domain Name Server (DNS) requests, comprising: 
receiving a DNS request from a browser on a client device in a UDP server on an endpoint DNS agent on a device on a local network, the DNS request comprising a requested domain name ([0008], “If the client-side application is aware that it's connected through the proxy server (the DNS agent) … the proxy server issues its own DNS requests for specified domains (name)”, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15 may store and execute one or more applications 102. In particular, the applications 102 may include such applications as a web browser or other application that sends or receives data from a remote device over a network”, [0040], “a UDP (server) connection”); 
sending a DNS response from the endpoint DNS agent to the client device comprising the endpoint DNS agent's IP address ([0065], “A DNS response is created 316 that includes the pseudo IP address allocated at step 210 and the TTL set at step 314 and the DNS response is returned 218 to the application that generated the intercepted 202 DNS request”); 
forwarding from the endpoint DNS agent's UDP server to an HTTP server in the endpoint DNS agent a message with the requested domain name ([0040], “a UDP (server) connection”, [0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header” message); and 
establishing an SSL/TLS connection between the HTTP server on the endpoint DNS agent and the browser on the client device ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes TLS response to the client. Client caches the TLS response and returns it to the application after it issues TLS request for the same domain with the same session ID or a ticket”).  
Lapidous does not explicitly teach but Gujarathi teaches
generating a certificate for the requested domain name and sending it from the endpoint DNS agent to the browser on the client device ([0129], “client devices 715 may obtain certificates issued by the enterprise certificate authority from outside of the enterprise internal network and via the tenant-specific cloud services 711”, [0031], “from client device 107 a user may access web server 105 using an Internet browser”),
Lapidous and Gujarathi are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gujarathi with the disclosure of Lapidous. The motivation/suggestion would have .

Claims 7, 10, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Gujarathi et al. (US 2018/0159856 A1) further in view of Judge et al. (US 2016/0308875 A1).
Regarding Claims 7, 14 and 20, the combined teaching of Lapidous and Gujarathi does not explicitly teach but Judge teaches
wherein processing the received DNS request in the endpoint DNS agent is based on a security policy set for the client device via the endpoint DNS agent to secure client devices (Judge, [0004], “retrieving a (security) policy associated with the device or user; applying the policy to the DNS request”).
Lapidous, Gujarathi and Judge are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Judge with the combined teaching of Lapidous and Gujarathi. The motivation/suggestion would have been to secure and manage home or other networks (Judge, Abstract).

Regarding Claim 10, the combined teaching of Lapidous and Gujarathi does not explicitly teach but Judge teaches
forwarding information selected based on a security policy for the client (Judge, [0004], “retrieving a (security) policy associated with the device or user; applying the policy to the DNS request”).
Lapidous, Gujarathi and Judge are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Judge with the combined teaching of Lapidous and Gujarathi. The motivation/suggestion would have been to secure and manage home or other networks (Judge, Abstract).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497