Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 17/026,621 filed on 09/21/2020.
Claims 1-20 have been examined and are pending in this application. 
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 04/22/2022, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 10 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claims 10 and 17, claims 10 and 17 recite “the target computing device belongs to a third-party tracker …….” which is unclear. It is not clear how the target computing device belongs to a tracker and further the third-party tracker is not defined.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, 10-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2010/0192196) and in view of Fattal (US 2020/0213116).
Regarding claim 1, Lee discloses a method comprising: 
5receiving, by a network apparatus comprising a processor device, a connection request sent from a client computing device toward a target computing device (Lee par. 0013. Lee teaches that when a user attempts to access a resource, the protection system intercepts the request. For example, a user may use a web browser to request a particular web page by specifying a URL. The protection system determines the reputation of the resource that the user is attempting to access. See also par. 0021-0022 and Fig.1 and 3); 
extracting, from the connection request, a target identifier that identifies the target computing device; 10sending, by the network apparatus, the connection request to the target computing device (Lee par. 0022 and 0035. Lee teaches that the request received by the resource request component identifies the resource to be accessed, such as by IP address, domain name, URL, or similar identification); 
sending, by the network apparatus, a reputation request with the target identifier to a web resource analyser engine (Lee abstract and par. 0013. Lee teaches that when a user attempts to access a resource, the protection system intercepts the request. The protection system determines the reputation of the resource that the user is attempting to access); 
in response to detecting that a response to the connection request from 15the target computing device performing a rewrite in a target section of a user-space utility program rule and by using an operating system kernel module in a user- space memory area of the network apparatus (Lee par. 0013, 0018, 0061-0063 and 0066. Lee teaches that the protection system intercepts the request. For example, a user may use a web browser to request a particular web page by specifying a URL. The protection system determines the reputation of the resource that the user is attempting to access. The protection is dynamic because both the health of the computer system and the reputation of a particular resource may change over time, and the protection system protects the computer system based on the reputation and health at the time of the request. The protection system allows the administrator to define a level of access to resources independently for each defined increment of the reputation score. The protection system considers the health score described further herein, the resource reputation score, and any defined policy to determine which resources a particular computer system can access. See also par. 0024, 0037 and claim 7); and 
20in response to an occurrence of one of an event, releasing the response to the connection request, wherein the two events comprise an expiration of a timer and a receipt of the response from the web resource analyser engine (Lee par. 0023-0028 and 0043. Lee teaches that the reputation service provides a response that indicates the reputation of the requested resource, or in some cases a response that indicates that the reputation of the requested resource is not known by the reputation service. The protection system works in combination with, rather than in place of, traditional filtering techniques. For example, the system can use health checks in combination with user group membership, URL reputation category, or time-of-day restrictions to determine whether to allow access to a particular resource).
Lee teaches, extracting, from the connection request, a target identifier; performing a rewrite in a target section of a user-space utility program rule and releasing the response to the connection request (Lee par. 0013, 0023, 0037). However, Lee does not explicitly disclose wherein in response to detecting that a response to the connection request from 15the target computing device is received before a response from the web resource analyser engine, holding the response to the connection request from the target computing device and an earliest occurrence of one of two events.
However, in an analogous art, Fattal teaches wherein in response to detecting that a response to the connection request from 15the target computing device is received before a response from the web resource analyser engine, holding the response to the connection request from the target computing device (Fattal abstract and par. 0053. Fattal teaches that The processor is configured to (i) receive, via the network interface, a request originating from a request-origin application and directed to a request-destination application (24b) that runs on a request-destination device (24), (ii) subsequently to receiving the request, communicate the request to the request-destination device, (iii) subsequently to communicating the request to the request-destination device, receive a response, from the request-destination application, to the request, (iv) while holding the response, identify information contained in at least one log entry that was recorded by the request-destination application responsively to the request, and (v) perform a function in response to the information. the system may allow a request sent from a client to a server to pass through, but then hold the response that is sent from the server to the client. While the response is held, the system may inspect the relevant log entries pertaining to the request. To facilitate this functionality, the system may reside physically or logically between the client and the server, such that all communication between the client and the server passes through the system. Alternatively, the server may be configured to forward any received requests to the system before the relevant request-processing application receives these requests. See also par. 0058) and 
an earliest occurrence of one of two events (Fattal par. 0058. Fattal teaches that the system identifies at least one log entry that pertains to the request, by identifying, in the log entry, the metadata that were recorded earlier).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fattal with the method and system of Lee, wherein in response to detecting that a response to the connection request from 15the target computing device is received before a response from the web resource analyser engine, holding the response to the connection request from the target computing device and an earliest occurrence of one of two events to provide users with a means for protecting computer resources, e.g., on a computer network, from unauthorized or malicious entities (Fattal par. 0002).
Regarding claim 2, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses wherein the target identifier comprises a Uniform Resource Locator (URL) extracted from a header or a Server Name Indication (SNI) extracted from a Transport Layer Security (TLS) handshake (Lee par. 0023 and 0035. Lee teaches that the resource request component 110 may receive a URL and the resource reputation component 120 may send the URL to a resource reputation service hosted on the Internet to determine the reputation of the resource. A user may use a web browser to request a particular web page by specifying a URL. Continuing in block 320, the system determines a reputation of the requested resource. For example, if the resource is a website, then the system may send the URL to a trusted URL reputation service and receive a response that indicates a reputation score for the resource).  
Regarding claim 3, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses wherein the network apparatus is 30installed on a network gateway (Lee par. 0027. Lee teaches that the component 150 sends the received request through the network stack as if the protection system 100 had not intercepted the request). 
Regarding claim 4, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses the method further comprising in response to detecting the expiration of the timer before the receipt of the response from the web resource analyser engine, approving the connection request (Lee par. 0023-0028 and 0043. Lee teaches that the reputation service provides a response that indicates the reputation of the requested resource, or in some cases a response that indicates that the reputation of the requested resource is not known by the reputation service. The protection system works in combination with, rather than in place of, traditional filtering techniques. For example, the system can use health checks in combination with user group membership, URL reputation category, or time-of-day restrictions to determine whether to allow access to a particular resource).
Regarding claim 5, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses the method further comprising in response to receipt of the response from the web resource analyser engine before expiration of the timer, approving the connection request or denying the connection request based on the response from the web resource analyser 10engine (Lee par. 0023-0028 and 0043. Lee teaches that the protection system 100 determines whether to allow or deny a particular access request based on the current health state of the computer system and the reputation service provides a response that indicates the reputation of the requested resource. The system can use health checks in combination with user group membership, URL reputation category, or time-of-day restrictions to determine whether to allow access to a particular resource).  
Regarding claim 6, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses the method further comprising, approving or denying the connection request based on the response from the web resource analyser engine when the response to the connection request from the target computing device is received (Lee par. 0023-0028 and 0043. Lee teaches that the protection system 100 determines whether to allow or deny a particular access request based on the current health state of the computer system and the reputation service provides a response that indicates the reputation of the requested resource. The system can use health checks in combination with user group membership, URL reputation category, or time-of-day restrictions to determine whether to allow access to a particular resource).  
Fattal further discloses in response to detecting that the response from the web resource analyser engine is received before the response to the connection request from the target 15computing device (Fattal abstract and par. 0053. Fattal teaches that The processor is configured to (i) receive, via the network interface, a request originating from a request-origin application and directed to a request-destination application (24b) that runs on a request-destination device (24), (ii) subsequently to receiving the request, communicate the request to the request-destination device, (iii) subsequently to communicating the request to the request-destination device, receive a response, from the request-destination application, to the request, (iv) while holding the response, identify information contained in at least one log entry that was recorded by the request-destination application responsively to the request, and (v) perform a function in response to the information).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fattal with the method and system of Lee, wherein in response to detecting that a response to the connection request from 15the target computing device is received before a response from the web resource analyser engine, holding the response to the connection request from the target computing device and an earliest occurrence of one of two events to provide users with a means for protecting computer resources, e.g., on a computer network, from unauthorized or malicious entities (Fattal par. 0002).
Regarding claim 7, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses the method further comprising 20maintaining a local cache of reputation request response data received from the web resource analyser engine and in response to detecting a further connection request to the target computing device, wherein respective reputation request response data of a same target computing device being already in the local cache of reputation request response data, approving or denying the further 25connection request without sending a further reputation request to the web resource analyser engine (Lee par. 0033. Lee teaches that he enforcement policies of the protection system can refer to the statement-of-health, cached by the NAP Agent, and can be used in combination with policies containing URL reputation categories, user group membership, or time-of-day restrictions to determine whether one of the client computer systems 210 can access a requested resource).  
Regarding claim 10, Lee and Fattal disclose the method according to claim 1, 
Lee further discloses the method further comprising determining, based on the response from the web resource analyser engine, that the target computing device belongs to a third-party tracker and, based on determining that the target computing device belongs to the third-party tracker, blocking connections between the client computing device and the target 10computing device, wherein blocking the connection between the client computing device and the target computing device further comprises one of: sending a Hypertext Transfer Protocol (HTTP) or a Transport Layer Security (TLS) message indicating a message was received and no content is to be displayed, and terminating the connection (Lee par. 0023 and 0028. Lee teaches that the protection system 100 determines whether to allow or deny a particular access request based on the current health state of the computer system and the reputation service provides a response that indicates the reputation of the requested resource.  If the access control component 150 denies access to a resource, the component 150 provides a response to the request (e.g., through the resource request component 110) that indicates failure to access the resource. For example, if the request is a Hypertext Transfer Protocol (HTTP) request received from a web browser, the access control component 150 may provide a 404 (resource not found) or other appropriate HTTP error code to the web browser to inform the user that the system denied the request (and to prevent the application from waiting for a timeout and/or retrying repeatedly).
Regarding claims 11-14 and 17; claims 11-14 and 17 are directed to an apparatus associated with the method claimed in claims 1-2, 4, 7 and 10 respectively. Claims 11-14 and 17 are similar in scope to claims 1-2, 4, 7 and 10 respectively  and are therefore rejected under similar rationale respectively.
Regarding claims 18-20; claims 18-20 are directed to non-transitory computer readable medium associated with the method claimed in claims 1 and 4-5 respectively. Claims 18-20 are similar in scope to claims 1 and 4-5 respectively and are therefore rejected under similar rationale respectively.
Claims 8-9 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2010/0192196), in view of Fattal (US 2020/0213116) and further in view of Mulkey (US 2016/0142274) .
Regarding claim 8, Lee and Fattal disclose the method according to claim 1, 
Lee and Fattal failed to disclose but  Mulkey discloses wherein the user-space utility program comprises a kernel-level iptables component used for configuring IP packet filter rules (Mulkey par. 0037. Mulkey teaches that PTables is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term iptables is also commonly used to refer to this kernel-level firewall. IPTables is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term iptables is also commonly used to refer to this kernel-level firewall. It can be configured directly with iptables, or by using one of the many frontends and GUIs. iptables is used for IPv4 and ip6tables is used for IPv6. iptables is used to inspect, modify, forward, redirect, and/or drop IPv4 packets. See also par. 0038).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mulkey with the method and system of Lee and Fattal, wherein the user-space utility program comprises a kernel-level iptables component used for configuring IP packet filter rules to provide users with a means for monitoring packets sent periodically across IP network tunnels that traverse internet connections to a customer location, and the monitoring packets used to determine current packet-loss, latency (Mulkey abstract).
Regarding claim 9, Lee and Fattal disclose the method according to claim 1, 
Lee and Fattal failed to disclose but  Mulkey wherein the operating system kernel module comprises a netfilter queue used for managing network packets in iptables components (Mulkey par. 0037. Mulkey teaches that PTables is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term iptables is also commonly used to refer to this kernel-level firewall).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mulkey with the method and system of Lee and Fattal, wherein the user-space utility program comprises a kernel-level iptables component used for configuring IP packet filter rules to provide users with a means for monitoring packets sent periodically across IP network tunnels that traverse internet connections to a customer location, and the monitoring packets used to determine current packet-loss, latency (Mulkey abstract).
Regarding claims 15-16; claims 15-16 are directed to an apparatus associated with the method claimed in claims 8-9 respectively. Claims 15-16 are similar in scope to claims 8-9 respectively  and are therefore rejected under similar rationale respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495