DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to communication filed 12/22/2021. Claims 1, 9 and 17 are currently amended. Claims 4, 6, 7, 12, 14, 15 and 19 are previously cancelled. Claims 1-3, 5, 8-11, 13, 16-18 and 20 are pending for examination.

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/22/2021 has been entered. 

Response to Arguments
3.          Applicant’s arguments filed on 12/22/2021 with respect to claims 1, 9 and 17 have been considered but are moot in view of the new ground of rejection necessitated by Applicant’s amendment.

Claim Rejections - 35 USC § 103

4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.   
5.   Claim 1-3, 8, 9-11, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar (US 2020/0396200 A1) in view of Migault (WO 2017/163104 A1), in view of Drako (US 2008/0184357 A1), further in view of Xu (US 2019/0268305 A1).

Regarding claim 1 and 17, Kumar teaches a method comprising:
	receiving, at a domain name system (DNS) service (DNS resolver 22-Fig. 1) being executed on a DNS server (20-Fig. 1)( see Fig. 1, DNS resolver is executed on DNS server; Also [0038]), a DNS request (DNS query 50/UDP request-[0035]) sent by a client (40A-Fig. 1) for a particular destination (network device 30D-Fig. 1) (Fig.1; [0035], DNS resolver 22 receives DNS query 50 sent from a client device 40A, for network device 30D{see [0023]; [0034]} ) that is different from the DNS server (20-Fig. 1) (30D is different from 20-see Fig. 1)(Hence 22 receives a DNS request sent by 40A for 30D.);
	determining, by the DNS service (DNS resolver 22-Fig. 1), that a connection between the client (40A-Fig. 1) and the particular destination (network device 30D-Fig. 1) will not support use of Quick User Datagram Protocol (UDP) Internet connections (QUICK) protocol (Fig.1, [0035], DNS resolver 22 receives DNS query 50 according to UDP protocol, sent from a client device 40A, for network device 30D{see [0023]; [0034]}; then the 22 generates DNS response 52 and sends the response 52{that including an indication of an IP (i.e. TCP) address corresponding to the network device 30D-see [0034]} to the client according to TCP protocol; wherein traffic between client, DNS server {i.e. 22} and network device according to TCP protocol/connection-see [0023]].) (Hence 22 determines that connection between 40A and 30D do not support UDP protocol/connection.)
	generating, by the DNS service (DNS resolver 22-Fig. 1), a DNS response (52-Fig. 1) to the DNS request (50-Fig.1) that includes an indication ([0035], 22 receives DNS query 50; then the 22 generates DNS response 52, including an indication(see [0034]).) that the connection between the client (40A-Fig. 1) and the particular destination (network device 30D-Fig. 1) will not support use of the QUIC protocol  ( [0035], the 22 generates DNS response 52 and sends the response 52 {that including an indication of an IP (i.e. TCP) address corresponding to the network device 30D-see [0034]} to the client according to TCP protocol; wherein traffic between client, DNS server {i.e. 22} and network device according to TCP protocol/connection-see [0023]].)  within a field (options field 148-Fig. 3B) of the DNS response (52/130-Fig. 1/Fig. 3B) (the indication within options field 148 in the DNS response 52/130-[0053]; Fig. 1, 3B.) (Hence 22 generates DNS response that includes an indication that connection between client and network device do not support UDP protocol/connection within a field of the DNS response.); and
	Kumar teaches UDP protocol.
	Kumar does not teach QUIC protocol and DNS response that includes an indication within an Extensions Mechanisms for DNS (EDNS) field of the DNS response.
	However, in an analogous art, Migault teaches
	generating, by the DNS service (guard 204-Fig. 2/DNS proxy-[0041), a DNS response (212) to the DNS request (210) that includes an indication ([0076], guard receives DNS request; then [0077], guard generates DNS response including an indicator/indication.) that the connection between the client (DNS Client 202-Fig. 2)  and the particular destination (DNS server 206-Fig. 2) will not support use of the QUIC protocol (see Fig. 3) (Fig. 5, [0076], Responsive to determining that the DNS request was received in a UDP packet (i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; [0045]. ) within an Extensions Mechanisms for DNS (EDNS) field of the DNS response (indicator/indication as EDNS0 field in DNS Response-see [0088]) (Hence guard generates DNS response that includes an indication that connection between client and DNS server do not support UDP protocol/connection within ENDS0 of the DNS response.); and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Migault and apply them on the teaching of Kumar to provide a method for protecting against denial of service type attacks to mitigate DNS attacks, to improve utilization of bandwidth (Migault ; [001]; [0006]; [0002]).
	Kumar -Migault teaches UDP protocol
	Kumar-Migault does not teach quick UDP internet connection (QUIC) protocol, and sending the DNS response, by the DNS service, to cause a software defined networking (SDN) controller to install a policy on an intermediary between the client and the particular destination to explicitly reject a QUIC protocol connection attempted by the client with the particular destination, wherein the intermediary comprises a firewall or access device.
However, in an analogous art, Drako teaches sending the DNS response (response 30), by the DNS service (domain name service 28-Fig. 1), to cause a software defined networking (SDN) controller ([0020] & [0025], firewall {22/46 of Fig. 1/ 3} receives response 30 from the Domain Name Service 28; wherein [0024]; Fig. 3- the firewall 46 includes a controller 54. Hence it is obvious, the controller 54 receives DNS response from the DNS server 28.) to install (enforce) a policy (rule) on an intermediary (firewall 22/46-Fig. 1/3) between the client (20-Fig. 1) and the particular destination (31-Fig. 1) (see Fig. 1, firewall is between 20 and 31) to explicitly reject (deny/restricted) a QUIC protocol connection attempted by the client (20) with the particular destination (31) ( [0015] & [0016], user 14 (i.e. 20) targets/attempts to access the website 31{with IP protocol-[0002].}) ( [0026],The function of the controller 54 is to enforce the domain name rules to deny access to a website. Wherein the domain name rules identify the domain name for which access is restricted.) (Hence the DNS response 30 causes the controller 54 to install a rule on a firewall 22/46 to explicitly deny/restrict a connection between 20 and 31.), wherein the intermediary comprises a firewall (firewall 22/46-Fig. 1/3; [0024]) or access device.
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Drako and apply them on the teaching of Kumar-Migault to provide firewalls and selectively blocking access to Internet websites (Drako; [0001]).
	Kumar -Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar-Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 2, 10 and 18, Kumar teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within a field of the DNS response.
	Kumar -Migault- Drako does not teach wherein determining that a connection between the client and the particular destination will not support use of the QUIC protocol comprises: attempting, by the DNS service, a QUIC protocol connection with the particular destination.
	However, in an analogous art, Xu teaches wherein determining that a connection between the client and the particular destination will not support use of the QUIC protocol comprises:
	attempting, by the DNS service (DNS server 130 and 132-Fig. 1; [0024]), a QUIC protocol connection with the particular destination(site 168/ server 173.194.67.100-Fig. 1; [0107]) ([0104]; [0107]; Bob’s client device 106 attempts to connect with site 168/server using QUIC { Line 506 }(via 102 and 130-[0099]; [0101]); wherein [0101], Bob's IP address as a source in both the DNS request (526) and QUIC traffic (528), and site 168's IP address as both the destination IP address of client 106's QUIC session.)(Hence it is obvious, attempting, by DNS server, a QUIC session/connection with site 168.).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar -Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 3 and 11, Kumar teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within a field of the DNS response.
	Kumar- Drako does not teach wherein the explicit rejection of the attempted QUIC protocol connection by the intermediary causes the client to instead attempt a Transmission Control Protocol (TCP) connection with the particular destination.
	However, in an analogous art, Migault teaches wherein the explicit rejection of the attempted QUIC protocol connection by the intermediary causes the client (202) to instead attempt a Transmission Control Protocol (TCP) connection with the particular destination (206)( [0069], EDNSO option is added to include an explicit indication{in a DNS response-[0077]} that the client 202 should use TCP{as opposed to UDP-see [0062]; [0038]} for sending DNS queries.),
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Migault and apply them on the teaching of Kumar- Drako to provide a method for protecting against denial of service type attacks to mitigate DNS attacks, to improve utilization of bandwidth (Migault ; [001]; [0006]; [0002]).
	Kumar -Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
		It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar -Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 8 and 16, Kumar teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within a field of the DNS response.
	Kumar -Migault- Drako does not teach wherein the intermediary probes the particular destination for QUIC protocol support, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with the particular destination.
	However, in an analogous art, Xu teaches wherein the intermediary probes the particular destination for QUIC protocol support, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with the particular destination ([0104]; [0107]; Bob’s client device 106 attempts to connect with site 168/server using QUIC{ Line 506 }; wherein [0107], Data appliance 102 observes QUIC traffic (i.e. protocol) between client device 106 and a server reachable at 173.194.67.100 (at 602); then data appliance 102 takes a remedial action, such as ending the session, alerting Bob that his actions are not permitted, etc. Hence 102 probes host/server for QUICK protocol, subsequent to explicitly rejecting the QUIC protocol connection attempted by the client with host/server).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar -Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

Regarding claim 9, Kumar teaches an apparatus (DNS server 20-Fig.1), comprising:
	one or more network interfaces (link) to communicate with a network (7-Fig.1) (see [0020]; Fig. 1; Hence 20 has a link to communicate with network 7.);
	a processor (Abstract; [0067]; 20 has a processor) coupled to the network interfaces (link) (see [0020; Fig.1; 20 has a link) (Hence processor of 20 is coupled to the link.) and configured to execute one or more processes ([0067];); and
	a memory (Abstract; [0029]) configured to store a process executable by the processor (Abstract; [0067]]) ([0067), the process when executed configured to:
	receive a DNS request (DNS query 50/UDP request-[0035]) sent by a client (40A-Fig. 1) for a particular destination (network device 30D-Fig. 1) (Fig.1; [0035], DNS resolver 22 of DNS server 20 receives DNS query 50 sent from a client device 40A, for network device 30D{see [0023]; [0034]} ) (Hence 22 of 20 receives a DNS request sent by 40A for 30D.);
 	wherein the apparatus is a DNS server (20-Fig. 1) that is different from the particular destination (network device 30D-Fig. 1) (30D is different from 20-see Fig. 1).
	determine that a connection between the client (40A-Fig. 1) and the particular destination (network device 30D-Fig. 1) will not support use of Quick User Datagram Protocol (UDP) Internet connections (QUICK) protocol (Fig.1, [0035], DNS resolver 22 of DNS server 20, receives DNS query 50 according to UDP protocol, sent from a client device 40A, for network device 30D{see [0023]; [0034]}; then the 22 generates DNS response 52 and sends the response 52{that including an indication of an IP (i.e. TCP) address corresponding to the network device 30D-see [0034]} to the client according to TCP protocol; wherein traffic between client, DNS server {i.e. 22} and network device according to TCP protocol/connection-see [0023]].) (Hence 22 of 20 determines that connection between 40A and 30D do not support UDP protocol/connection.)
	generate a DNS response (52-Fig. 1) to the DNS request (50-Fig.1) that includes an indication ([0035], 22 receives DNS query 50; then the 22 generates DNS response 52, including an indication(see [0034]).) that the connection between the client (40A-Fig. 1) and the particular destination (network device 30D-Fig. 1) will not support use of the QUIC protocol  ( [0035], the 22 of 20, generates DNS response 52 and sends the response 52 {that including an indication of an IP (i.e. TCP) address corresponding to the network device 30D-see [0034]} to the client according to TCP protocol; wherein traffic between client, DNS server {i.e. 22} and network device according to TCP protocol/connection-see [0023]].)  within a field (options field 148-Fig. 3B) of the DNS response (52/130-Fig. 1/Fig. 3B) (the indication within options field 148 in the DNS response 52/130-[0053]; Fig. 1, 3B.) (Hence 22 of 20, generates DNS response that includes an indication that connection between client and network device do not support UDP protocol/connection within a field of the DNS response.); and
	Kumar teaches UDP protocol.
	Kumar does not teach QUIC protocol and DNS response that includes an indication within an Extensions Mechanisms for DNS (EDNS) field of the DNS response.
	However, in an analogous art, Migault teaches
	generate a DNS response (212) to the DNS request (210) that includes an indication ([0076], guard receives DNS request; then [0077], guard generates DNS response including an indicator/indication.) that the connection between the client (DNS Client 202-Fig. 2)  and the particular destination (DNS server 206-Fig. 2) will not support use of the QUIC protocol (see Fig. 3) (Fig. 5, [0076], Responsive to determining that the DNS request was received in a UDP packet (i.e. protocol), a DNS response is sent to the client device including an indication that the client device should use TCP protocol{  e.g. as opposed to UDP/switch from-[0062]} for sending DNS query (block 420); wherein DNS server and guard to convey DNS packets over TCP connection-see [0036]; [0045]. ) within an Extensions Mechanisms for DNS (EDNS) field of the DNS response (indicator/indication as EDNS0 field in DNS Response-see [0088]) (Hence guard generates DNS response that includes an indication that connection between client and DNS server do not support UDP protocol/connection within ENDS0 of the DNS response.); and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Migault and apply them on the teaching of Kumar to provide a method for protecting against denial of service type attacks to mitigate DNS attacks, to improve utilization of bandwidth (Migault ; [001]; [0006]; [0002]).
	Kumar -Migault teaches UDP protocol
	Kumar-Migault does not teach quick UDP internet connection (QUIC) protocol, and send the DNS response to cause a software defined networking (SDN) controller to install a policy on an intermediary between the client and the particular destination to explicitly reject a QUIC protocol connection attempted by the client with the particular destination, wherein the intermediary comprises a firewall or access device.
However, in an analogous art, Drako teaches send the DNS response (response 30), to cause a software defined networking (SDN) controller ([0020] & [0025], firewall {22/46 of Fig. 1/ 3} receives response 30 from the Domain Name Service 28; wherein [0024]; Fig. 3- the firewall 46 includes a controller 54. Hence it is obvious, the controller 54 receives DNS response from the DNS server 28.) to install (enforce) a policy (rule) on an intermediary (firewall 22/46-Fig. 1/3) between the client (20-Fig. 1) and the particular destination (31-Fig. 1) (see Fig. 1, firewall is between 20 and 31) to explicitly reject (deny/restricted) a QUIC protocol connection attempted by the client (20) with the particular destination (31) ( [0015] & [0016], user 14 (i.e. 20) targets/attempts to access the website 31{with IP protocol-[0002].}) ( [0026],The function of the controller 54 is to enforce the domain name rules to deny access to a website. Wherein the domain name rules identify the domain name for which access is restricted.) (Hence the DNS response 30 causes the controller 54 to install a rule on a firewall 22/46 to explicitly deny/restrict a connection between 20 and 31.), wherein the intermediary comprises a firewall (firewall 22/46-Fig. 1/3; [0024]) or access device.
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Drako and apply them on the teaching of Kumar-Migault to provide firewalls and selectively blocking access to Internet websites (Drako; [0001]).
	Kumar -Migault- Drako does not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]), and
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar-Migault- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).

6.   Claim 5, 13, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar (US 2020/0396200 A1) in view of Migault (WO 2017/163104 A1), in view of Drako (US 2008/0184357 A1), in view of Xu (US 2019/0268305 A1), in view of Morris (US 2007/0043856 A1).

Regarding claim 5, 13 and 20, Kumar teaches a method for generating by DNS service, a DNS response to the received DNS request that includes an indication that a connection between client and destination will not support UDP protocol within a field of the DNS response.
	Kumar-Migault- Drako does not teach wherein the intermediary uses Internet Control Message Protocol (ICMP) signaling to explicitly reject the QUIC protocol connection attempted by the client.
	However, in an analogous art, Morris teaches wherein the intermediary (module of 630-Fig. 6) uses Internet Control Message Protocol (ICMP) signaling to explicitly reject the QUIC protocol connection attempted by the client (610-Fig. 6) ([0057], Each module at pipeline 630 that receives a session-request event {UDP packets/connection-[0032]}; If a module chooses to reject, the session-request event is not delivered to any modules further along in the pipeline. The client 610 is notified that the session was rejected via an ICMP packet.).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Morris and apply them on the teaching of Kumar-Migault- Drako to provide improved method for handling network traffic, causing a reduced latency time (Morris; [0016]).
	Kumar-Migault -Morris- Drako do not teach quick UDP internet connection (QUIC) protocol.
	However, in an analogous art, Xu teaches quick UDP internet connection (QUIC) protocol ([0097]).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to take the teaching of Xu and apply them on the teaching of Kumar-Migault- Morris- Drako to provide next generation firewalls (data appliance-[0014]) generally provide higher performance to maximize network throughput while minimizing latency(Xu; [0020]).
Conclusion
7.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MEHEDI S ALEY whose telephone number is (571)270-0439. The examiner can normally be reached Mon, Thus, Fri: 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey M Rutkowski can be reached on 571-270-01215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MEHEDI S ALEY/Examiner, Art Unit 2415     

/JEFFREY M RUTKOWSKI/Supervisory Patent Examiner, Art Unit 2415