DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.	Claims 1, 2, 4-11, 13-20 are pending. 
	Claims 1, 10, and 19 have been amended.
	Claims 3 and 112 have been canceled. 
	The 35 U. S. C. § 112(b) and  112(a) rejections with respect to claims 1-9 is hereby withdrawn in light of the claims amendment presented on 09/21/2021. 
The claim objection with respect to claim 14 is hereby withdrawn in light of the claim amendment presented on 09/21/2021.

Response to Arguments
3.	Applicant's arguments filed on 09/21/2021 have been fully considered but they are not persuasive.  
Applicant argues that “The combination of Xie and Pidathala fails to suggest these aspects. Xie is cited for allowing/blocking at a DNS server, but does not suggest inline inspection. Pidathala is cited for inline inspection but relates to email and does not suggest a DNS-based approach. The combination fails to suggest using DNS for security with an inline cloud-based system for inspection.”  (Remarks page 10). Examiner respectfully disagrees. Xie teaches a security appliance for performing security check on a DNS request, and blocking or Pidathala teaches a cloud based multilevel suspicious URL detecting system wherein the URL can be a domain name (Pidathala [0034] [0026]). Regarding the limitation “DNS server”, the security appliance disclosed by Xie can be implemented as client device comprising DNS server (Xie [0013[0012]). As discussed above, Pidathala teaches a cloud-based inline inspection system. Therefore, the combination of Xie and Pidathala teaches the amendments of claims 1, 10 and 19 and the rejection will be maintained. 


Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


5.	Claims 1, 4-6, 10, 13-15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie), in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala).

Regarding claim 1,
Xie teaches:
“A system comprising: a Domain Name System (DNS) server communicatively coupled to a user device; a policy data store communicatively coupled to the server and storing a policy for the user device; and” (Xie [0015] [0017] a security appliance to enforce various enterprise polices on client device associated with domain names requested by the client device. The security appliance includes storage or domain names database to store the policy or domain names. The security appliance can be implemented as a client device in which a DNS server included as disclosed in paragraphs [0013][0012]).
 “wherein the DNS server is configured to responsive to a request from a user device, perform a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security” (Xie [0015] [0018], conducting security check on DNS request from client based on stored domain names to determine whether the domain name is part of black list or block list. The security appliance also enforces the policy to allow or deny the DNS).
(Xie [0018], performing security check on the DNS request and  allowing the DNS request if the domain name is permitted, and denying the DNS request if the domain names is categorized as block list or black list in the domain names database. Forwarding the allowed DNS request to DNS server, and blocking the denied DNS request). 
Xie does not explicitly teach: 
“an inline inspection system communicatively coupled to the server, wherein the inline inspection system comprises a node in a cloud-based system” and “cause inline inspection of the request, via forwarding the request to the inline inspection system by the DNS server, based on the security check determining the request includes suspicious content; and wherein the inline inspection system is configured to responsive to the inline inspection, one of allow the request to the Internet and block the request.”
Pidathala teaches:
“an inline inspection system communicatively coupled to the server, wherein the inline inspection system comprises a node in a cloud-based system” and “cause inline inspection of the request, via forwarding the request to the inline inspection system by the DNS server, based on the security check determining the request includes suspicious content; and wherein the inline inspection system is configured to responsive to the inline inspection, one of allow the request to the Internet and block the request.” (Pidathala [0033] [0034] [0035] [0044] [0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for performing the analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).
Because both Xie and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).

Regarding claim 10,
Xie teaches 
“A cloud-based security method using Domain Name System (DNS), the cloud-based security method comprising” (Xie [0012] [0013], distributed DNS servers and security appliances connected via internet. The security appliance comprises firewall, and configured to perform plurality of security features associated with DNS communications).
“Page 34 of 38Attorney Docket No.: 5897C1PCONPATENT responsive to a request from a user device at a DNS server, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security;” (Xie [0015] [0018], conducting security check on DNS request from a client based on stored domain names to determine whether the domain name is part of black list or block list. The security appliance enforces the policy to allow or deny the DNS. The security appliance can be implemented as a client device in which a DNS server included as disclosed in paragraphs [0013][0012]).
(Xie [0018] performing security check on the DNS request and  allowing the DNS request if the domain name is permitted, and denying the DNS request if the domain names is categorized as block list or black list in the domain names database. Forwarding the allowed DNS request to DNS server, and blocking the denied DNS request).
Xie does not explicitly teach:
“causing inline inspection of the request based on the security check determining the request includes suspicious content by forwarding the request from DNS server to cloud system; and responsive to the inline inspection, one of allowing the request to the Internet and blocking the request.”
Pidathala teaches:
“causing inline inspection of the request based on the security check determining the request includes suspicious content by forwarding the request from DNS server to cloud system; and responsive to the inline inspection, one of allowing the request to the Internet and blocking the request” (Pidathala [0033] [0034] [0035] [0044] [0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for performing further analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).


Regarding claim 19,
Xie teaches:
“A non-transitory computer-readable storage medium having computer readable code stored thereon for programming a Domain Name System (DNS) server to perform steps of:” (Xie [0007][0016] and claim 20, teaches a computer program embodied in a computer readable storage medium. A security appliance to perform security functions related to DNS requests. The security appliance can be implemented as a client device in which a DNS server included as disclosed in paragraphs [0013][0012]).
“responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security” (Xie [0015] [0018], conducting security check on DNS request from a client based on stored domain names to determine whether the domain name is part of black list or block list. The security appliance enforces the policy to allow or deny the DNS).
“ responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and” (Xie [0018] performing security check on the DNS request and  allowing the DNS request if the domain name is permitted, and denying the DNS request if the domain names is categorized as block list or black list in the domain names database. Forwarding the allowed DNS request to DNS server, and blocking the denied DNS request).
Xie does not explicitly teach:
“ Page 36 of 38Attorney Docket No.: 5897CIPCONPATENT forwarding the request to a cloud-based system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked
Pidathala teaches:
“ Page 36 of 38Attorney Docket No.: 5897CIPCONPATENT forwarding the request to a cloud-based system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked” (Pidathala [0033] [0034] [0035][0044][0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for preforming further analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).
Because both Xie and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).


Xie teaches: 
“wherein the request is allowed based on any of a whitelist and the settings related to the content filtering and security; and wherein the request is disallowed is based on any of a blacklist and the settings related to the content filtering and security” (Xie [0018] [0014] domain name filtering based on comparing the DNS request with list of domains in the domain name database. Denying the DNS request based on black list, and allowing the DNS request when the domain is non malicious permitted domain. The domain name database indexed malicious domains and valid domains).

Regarding claims 5 and 14, the combination of Xie and Pidathala teaches all the limitations of claims 1 and 12.
Pidathala teaches: 
“wherein the suspicious content is based on a domain known to contain malicious content based on Uniform Resource Locator (URL) categories” (Pidathala [0033], filtering  suspicious URLs based on whitelists and blacklists to determine known malicious links and non-malicious links).
Because both Xie and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include suspicious URL filtering based on whitelists and black lists as disclosed by Pidathala, such filtering is useful to detect new malicious URLs since the blacklist and whitelist are updated periodically (Pidathala [0033]). 

Regarding claims 6 and 15, the combination of Xie and Pidathala teaches all the limitations of claims 1 and 12.
Xie teaches: 
“ wherein the server is configured to look up the policy associated with the user device based on a source of the request” (Xie [0014] and Fig. 1, applying the policy based on particular user to allow access for particular domain, and preventing access to other users to the particular domain. Client devices for user). 

6.	Claims 7, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie) in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), further in view of Bhogavilli et al. (US 2012/0174196 hereinafter referred to as Bhogavilli). 

Regarding claims 7, 16 and 20 the combination of Xie and Pidathala teaches all the limitations of claims 1, 10 and 19.
Bhogavilli teaches:
“wherein the server is configured to uniquely identify a user of the user device based on data in the request; and utilize an identity of the user for the policy associated with the user device” (Bhogavilli [0046], identifying the client based on information associated with the request, and whitelisting the client’s IP address associated with request).
Because Xie, Pidathala and Bhogavilli teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of .

7.	 Claims 2 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie) in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), and further in view of Park et al. (US 9,239,907 hereinafter referred to as Park).

Regarding claim 2 and 11, the combination of Xie and Pidathala teaches all the limitations of claim 1.
Pidathala further teaches:
“ wherein the inline inspection performs a plurality of malicious Uniform Resource Locator (URL) filtering, deep content inspection, advanced persistent threat protection/sandboxing, and Data Loss Prevention (DLP)” (Pidathala [0037][0026][0055][0020][0043], further URL filtering by the second and third system. Inspecting the URL’s characteristics to determine malware. Inspecting the characteristics include deep packet inspection techniques. Using sandboxed dedicated environment for malware detection associated with received URL. Checking whether a file or document referenced by the URL is permitted for downloading or attempt of unauthorized access (this feature is consistent with Data Loss Prevention (DLP).
Because both Xie and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the 
 Xie and Pidathala do not teach:
“antivirus/antispyware detection”
Park teaches:
“antivirus/antispyware detection” (Park col. 7 lines 1-25, detecting anti-spyware or anti-virus from URL by misleading application module). 
Because Xie, Pidathala and Park teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Pidathala to include anti-virus or anti-spyware detection feature as disclosed by Park such inclusion is useful to deny the misleading application included in a request or to take one or more actions (Park Fig. 4).

8.	Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie) in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), and further in view Mahadik et al. (US 2014/0089661 hereinafter referred to as Mahadik).

Regarding claims 8, 17, the combination of Xie and Pidathala teaches all the limitations of claims 1 and 10. 
Xie teaches:
(Xie [0010][0016][0015], URL filtering to detect malicious domain and to block the malicious activity commination associated with the malicious domain. Monitoring DNS requests and identifying suspect or malicious domains based on unknown DNS request. Blok list domains, black list domains and permitted domains).
Pidathala teaches:
“invokes the inline inspection” (Pidathala teaches performing further analysis as discussed in claim1 based on the disclosure in paragraphs [0033] [0034] [0035][0044][0026]).
Xie and Pidathala do not teach:
“Safe Search on an application on the user device which enforces all searches on the user device with a safe search setting” 
Secure Sockets Layer (SSL) inspection”
Mahadik teaches:
“Safe Search on an application on the user device which enforces all searches on the user device with a safe search setting” (Mahadik [0017], allowing an access to a search engine but preventing the search operation if the search query include blacklisted term).
“Secure Sockets Layer (SSL) inspection” (Mahadik [0029], detecting SSL/HTTPS based websites).
Because Xie, Pidathala and Mahadik teach performing security check, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed .  

9.	Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie) in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala) further in view of Agarwal et al. (US 20120281706 hereinafter referred to as Agarwal). 

Regarding claims 9 and 18, the combination of Xie and Pidathala teaches all the limitations of claims 1 and 10.
Agarwal teaches:
“wherein the policy is one of a plurality of policies for the location, each of the plurality of policies is designated by a different address of the DNS server and different Virtual Local Area Networks (VLANs)” (Agarwal [0008] [0137] [0257] [0265], teaches multiple VLANs n multiple appliances using policies to support customers. The appliance can be a Domain Name service (DNS) resolver. The appliance corresponds to the geographically closest datacenter or cloud network (i.e., policies for location). The appliances assigned their own addresses).  
Because Xie, Pidathala  and Agarwal  teaches security, therefore, it would have been obvious to one with ordinary skill in the art before the effective filling date of the claimed invention to modify Xie and Pidathala to configure network appliances based geographical location as disclosed by Agarwal ([0257]) in order to route client’s request to the closest service provider, .

Conclusion
10.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESFU N MEKONEN whose telephone number is (571)270-0587. The examiner can normally be reached Monday - Friday, 8:00 AM to 4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/T.N.M/Examiner, Art Unit 2454


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2454