DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant's arguments filed 11/30/2021 have been fully considered but they are not persuasive.
Applicant argues that Jain does not disclose appending, to a DNS query, a functional label that describes the context and transmitting the DNS query with the appended functional label to a DNS analysis server.
Examiner disagrees.
Jain discloses:
appending, to a DNS query (paragraphs 67, 222, 223), a functional label that describes the context (paragraph 67; paragraphs 222, 223); and
transmitting the DNS query with the appended functional label to a DNS analysis server (paragraph 191 “MDM server set”; paragraph 175 “forward additional MDM attributes that are provided by the MDM server to the service nodes”; paragraphs 202, 209; paragraph 222 “vector labels …”; paragraph 223).

Applicant argues that Jain and Bremen do not disclose analyzing, at the DNS analysis server, the DNS query to determine whether the user device is permitted to access the network resource based on the functional label.
Examiner disagrees.
Jain discloses:
analyzing, at the DNS analysis server (Fig. 23; paragraphs 37; paragraph 10 “RDM server …”), the DNS query to determine whether the user device is permitted to access the network resource based on the functional label (Fig. 23; paragraph 37 “analyzes the MDM attribute set associated with a data message flow …”).


Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim 15 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jain (U.S. Pat. Pub. No. 2017/0063794) (Creating and Using Remote Device Management Attribute Rule Data Store).

1.1	Regarding claim 15, Jain discloses a method, comprising:
receiving, on a device, a request for a network resource (Figs. 15, 16; paragraphs 29, 30; paragraph 146; paragraph 147 “receives a DNS name query …”);
determining a context of the device based on metadata of the device (paragraph 222 “MDM-attribute based service rules …”; paragraphs 223, 224; paragraph 79 “MDM context …”; paragraph 67 “inert flow-based metadata (which includes MDM attribute set for the flow) in a tunnel header”);
appending, to a DNS query (paragraphs 67, 222, 223), a functional label that describes the context (paragraph 67; paragraphs 222, 223); and
.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

s 1 – 14 and 16 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jain (U.S. Pat. Pub. No. 2017/0063794) in view of (U.S. Pat. Pub. No. Bremen) (U.S. Pat. Pub. No. 2016/0072847) (Internet Mediation).

2.1	Regarding claim 1, Jain discloses a method, comprising:
receiving a Domain Name Service (DNS) query for a network resource (Figs. 15, 16; paragraphs 29, 30; paragraph 146; paragraph 147 “receives a DNS name query …”) from a user device at a DNS analysis server, the DNS query including a functional label (paragraph 222 “MDM labels”; paragraphs 223, 224) describing a context of the user device (paragraph 222 “MDM-attribute based service rules …”; paragraphs 223, 224; paragraph 79 “MDM context …”);
analyzing, at the DNS analysis server (Fig. 23; paragraphs 37; paragraph 10 “RDM server …”), the DNS query to determine whether the user device is permitted to access the network resource based on the functional label (Fig. 23; paragraph 37 “analyzes the MDM attribute set associated with a data message flow …”); and
in response to the functional label indicating that the user device is not permitted to access the network resource (paragraph 63 “Firewall rules … defined in terms of MDM attribute sets … then performs the action (allow, deny, redirect, …)”; paragraphs 86, 104; paragraph 198 “Examples of action tuple values include allow, deny (also called drop or block), …”).However, Jain does not explicitly disclose transmitting a block page to the user device.

Bremen discloses transmitting a block page to the user device (paragraph 14 “returning a block page to the client”; paragraph 15, 18, 43, 65, 67, 74; paragraph 54 “displays a blocking page”) in the same scenario as Jain (DNS query access restriction).
It would have been obvious to one of ordinary skill in the art at the time of filing to incorporate the transmitting of a block page to the user feature of Bremen into Jain in order to better inform the user as to an error that has prevented data access.
2.2	Per claim 2, Jain teaches the method of claim 1, wherein the functional label is added to the DNS query by a Mobile Device Management (MDM) application executing on the user device when the DNS query is transmitted from the user device, wherein the MDM application extrapolates the context based on metadata (paragraph 12 “The associated RDM attribute set provides the context for processing the data-processing rules that the VPN gateway enforces …”; paragraph 70 “The aggregated MDM attributes … provide the MDM context for processing the data messages …”; paragraph 80 “Based on this context, the rule processor 220 can perform one or more operations on the data messages …”; paragraph 15 “tunnel protocol allows the VPN gateway to insert flow-based metadata (which includes an RDM attribute set for the flow) in a tunnel header.”; paragraph 67) for the user device when generating the DNS query (Fig. 23; paragraph 37 “analyzes the MDM attribute set associated with a data message flow at least one of:
a device type of the user device;
a location type where the user device is located;
an operating system or software application running on the user device; or
a user type of an account logged into the user device (paragraph 76 “OS type”; paragraphs 84, 124).2.4	Per claim 4, Jain teaches the method of claim 1, wherein the functional label is added to the DNS query by a router that receives the DNS query from the user device and forwards the DNS query including the functional label to the DNS analysis server (paragraph 8 “routing rules for routers …”; paragraph 83 “the rule processor 220 forwards the data message to its destination through a set of network elements (e.g., switches and routers) …”; paragraphs 88, 109; paragraph 10 “remote device’s request …”).2.5	Regarding claim 5, Jain discloses the method of claim 1, wherein the functional label is added to the DNS query in response to the DNS analysis server requesting the functional label for the user device from an enterprise server associated with the user device (paragraph 191 “MDM server set”; paragraph 175 “forward additional MDM attributes that are provided by the MDM server to the service nodes”; paragraphs 202, 
aggregating the DNS query with previously blocked requests that share at least one value in the functional label (paragraphs 222, 223); and
identifying one or more UDs sharing the at least one value in the functional label as security compromised devices (paragraphs 222, 223).2.7	Regarding claim 7, Jain does not explicitly disclose the method of claim 1, further comprising:
wherein the block page indicates one or more security policies that deny access to the network resource based on the context.Bremen discloses the method of claim 1, further comprising:
wherein the block page indicates one or more security policies that deny access to the network resource based on the context (paragraph 11 “the response including an error indication”; paragraph 18; paragraph 43 “For example, ‘mediation’ may include … responding with a block page, responding with an error indication, …).
It would have been obvious to one of ordinary skill in the art at the time of filing to incorporate the features of Bremen into Jain in order to better inform the user as to the precise error that has prevented data access.

2.8	Per claims 8 – 14 and 16 – 20, the rejection of claims 1 – 7 under 35 USC 103 (paragraphs 2.1 – 2.7 above) applies fully.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH R COULTER whose telephone number is (571)272-3879.  The examiner can normally be reached on M-F, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Oscar Louie can be reached on M-F, 8am-5pm.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KENNETH R COULTER/Primary Examiner, Art Unit 2445                                                                                                                                                                                                        
/KRC/