DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Applicant(s) Response to Official Action
The response filed on 12/21/2021 has been entered and made of record.  

Response to Amendment/Remarks
In the response filed Claims 1, 12, 14-15, and 17-22 were amended.  Claims 2 and 16 were canceled.  Claims 23-24 were added new.  Claims 1, 3-15, and 17-24 were presented for examination.  

Applicants’ amendments/remarks regarding rejections under 35 USC 112(b) to their respective pending claims have been fully considered, are persuasive, and accordingly, withdrawn.  Applicants’ amendments/arguments overcome the prior art of record; the rejections of the claims under AIA  35 U.S.C. 103; and are persuasive.  Accordingly, said rejections are withdrawn.  Examiner further articulates the differences between the prior art and in allowed claims in the examiners reason for allowance below. 


Allowable Subject Matter
Claims 1, 3-15, and 17-24 are allowed.  

The following is an Examiner's statement of reasons for allowance:

The independent claims generally deal with checking DNS record for evidence of malicious behavior.  Various examples have been found in the art describe aspects of the claimed invention.  Pon et al. (US 10,862,907 B1) Fig. 2, step 202, Col. 17 Ln. 25-30 teaches monitoring DNS data.  Pon, Fig. 1, Data Handler 130 on Network analyzer 120, Col. 17 Ln. 53-59, Col. 6, Ln. 25-47, Data Handler performs step 202 and is a module on network analyzer 120 and implemented as a computer.  Pon, Col. 17 Ln. 53-59, DNS data is collected.  Pon Col. 9 Ln. 10-27 discloses that DNS data is collected from messages passing back and forth during DNS requests and resolutions.  Pon, Col. 8 Ln. 4-30 discloses the DNS serves which are resolving DNS requests for top level domains and subdomain level requests.  Pon, Col. 18, Ln. 25-27 and Col. 19 Ln. 25-29 network event includes detecting that DNS information has changed.  Pon, Fig. 1, Data Handler 130, and Data Analyzer 122 on Network analyzer 120 perform step 204.  Pon, Fig. 2, step 204 Col. 18, Ln. 63-67 based on detecting a network event which includes a change in the DNS data assess the network threat to an identity of the entity.  Pon, Col. 25 Ln. 37- Col. 26 Ln. 3 teaches that the assessment can incorporate multiple data sources to make a determination about the network event and the change.  
the method to include various metadata related to the DNS data such as the time and geographic location of the DNS request to make security decisions.  
Pon in view of Wu does not, but in related art, Janakiraman (US 2020/0137094 A1) ¶ 79-81 disclose detecting either the service that is being accessed or the destination IP for the DNS record that is being accessed.  Janakiraman ¶ 64-67 discloses accessing DNS records either by recording passive flow data or accessing databases.  
However, as applicant notes, the cited references do not teach the amended portions of the independent claims and corresponding limitations in newly added independent claim 23.
Hence, while various art tangentially discusses aspects of the claimed invention none of the prior individually or in reasonable combination discloses the claimed invention.  
Dependent claims being dependent on their respective independent claims are therefore allowed under the same rationale.

Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments to Statement of Reasons for Allowance.”  

Additionally, the closest prior art has been supplied in the record.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507.  The examiner can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-273-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.  



/STEPHEN GUNDRY/
Examiner, Art Unit 2435

/J. BRANT MURPHY/Primary Examiner, Art Unit 2435