DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 
2.	Claims 1-21 are pending.  Claims 1, 8 and 15 are independent.  Claim 1 is currently amended.  Amendment to the claim is accepted.

Response to Arguments

3.	Applicant's arguments filed on 3/15/2022 have been fully considered; however, they are persuasive.  Notice that rejections under 35 USC § 101 of claims 1-7 are removed due to amendment.
	
	In responding to Applicant’s argument that “claim 1 requires that the recited “context information” to be “associated with the virtualized computing instance and mapped to the DNS record information” which are different from a list of domain names in Rudnik,” Examiners respectfully disagree.  Notice that Rubnik’s contextual information and policy information have been equated to “context information” and “DNS record information”, respectively, as being recited in claim 1.  Thus, Rubnik’s contextual information to be associated with domain names in the list of domain names and mapped to Rudnik’s policy information associated with the domain names is the same as “context information” to be “associated with the virtualized computing instance and mapped to the DNS record information” as required in claim 1.

Claim Rejections - 35 USC § 102
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

5.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

6.	Claims 1, 3-8, 10-15 and 17-21 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rudnik (US PG Pub. 2020/0314067).
As regarding claim 1, Rudnik discloses A method for a computer system to perform context-aware domain name system (DNS) query handling, wherein the method comprises: 
detecting, by the computer system, a DNS query to translate a domain name, wherein the DNS query is initiated by a client requiring access to the domain name [para. 54; DNS proxy server receiving DNS request]; 
identifying, by the computer system, DNS record information that translates the domain name to a network address assigned to a virtualized computing instance [para. 54; identifying policy information stored in a customized list for querying a list of domain names]; 
identifying, by the computer system, context information that is associated with the virtualized computing instance and mapped to the DNS record information [para. 54; identifying contextual information in policy information for querying a list of domain names]; and
in response to detecting a potential security threat based on the context information, performing, by the computer system, a remediation action to block access to the virtualized computing instance [para. 54-58; sending a response indicating that access to the requested website is blocked]; 
otherwise, generating and sending, by the computer system, a DNS reply specifying the network address assigned to allow access to the virtualized computing instance [para. 54-58; sending a response allowing access to the requested website is blocked].  

As regarding claim 3, Rudnik further discloses The method of claim 1, wherein detecting the potential security threat comprises: determining that the context information indicates a health status associated with the virtualized computing instance [para. 89 – unhealthy website or para. 124 – health of the hardware resources], wherein the health status is derivable based on one or more of the following: operating system (OS) kernel behavior information, process behavior information, process identifier (ID) information, network flow information, universally unique ID (UUID) information and network address information associated with the virtualized computing instance [para. 56; the status of the IP address is blocked].  

As regarding claim 4, Rudnik further discloses The method of claim 1, wherein performing the remediation action comprises:  E341-22-redirecting the client to a standby network address by generating and sending a DNS reply specifying the standby network address assigned to a standby virtualized computing instance [para. 56; blocked DNS response including the IP address of a “blocked” website].  

As regarding claim 5, Rudnik further discloses The method of claim 3, wherein performing the remediation action comprises: translating the domain name to a standby domain name that is associated with the standby network address [para. 56; blocked DNS response including the IP address of a “blocked” website].  

As regarding claim 6, Rudnik further discloses The method of claim 1, wherein the method further comprises: identifying client context information associated with the client [para. 62]; and in response to detecting a potential security threat associated with the client based on the client context information [para. 62], blocking the client from accessing the virtualized computing instance [para. 56 and 62].  

As regarding claim 7, Rudnik further discloses The method of claim 6, wherein identifying the client context information comprises: identifying the client context information associated with the client in the form of a user device [para. 62], wherein the client context information includes one or more of the following: hardware profile information, software profile information, geographical location information and user profile information [para. 34, 62 and 220; contextual information including user preferences and profile].  

As regarding claim 8, Rudnik discloses A non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a processor of a computer system, cause the processor to perform a method of context-aware domain name system (DNS) query handling, wherein the method comprises: 
detecting a DNS query to translate a domain name, wherein the DNS query is initiated by a client requiring access to the domain name [para. 54; DNS proxy server receiving DNS request]; 
identifying DNS record information that translates the domain name to a network address assigned to a virtualized computing instance [para. 54; identifying policy information stored in a customized list for querying a list of domain names]; 
identifying context information that is associated with the virtualized computing instance and mapped to the DNS record information [para. 54; identifying contextual information in policy information for querying a list of domain names]; and  
E341-23-in response to detecting a potential security threat based on the context information, performing a remediation action to block access to the virtualized computing instance [para. 54-58; sending a response indicating that access to the requested website is blocked];  
otherwise, generating and sending a DNS reply specifying the network address assigned to allow access to the virtualized computing instance [para. 54-58; sending a response allowing access to the requested website is blocked].  

As regarding claim 10, Rudnik further discloses The non-transitory computer-readable storage medium of claim 8, wherein detecting the potential security threat comprises: determining that the context information indicates a health status associated with the virtualized computing instance [para. 89 – unhealthy website or para. 124 – health of the hardware resources], wherein the health status is derivable based on one or more of the following: operating system (OS) kernel behavior information, process behavior information, process identifier (ID) information, network flow information, universally unique ID (UUID) information and network address information associated with the virtualized computing instance [para. 56; the status of the IP address is blocked].  

As regarding claim 11, Rudnik further discloses The non-transitory computer-readable storage medium of claim 8, wherein performing the remediation action comprises: redirecting the client to a standby network address by generating and sending a DNS reply specifying the standby network address assigned to a standby virtualized computing instance [para. 56; blocked DNS response including the IP address of a “blocked” website].    

As regarding claim 12, Rudnik further discloses The non-transitory computer-readable storage medium of claim 10, wherein performing the remediation action comprises: translating the domain name to a standby domain name that is associated with the standby network address [para. 56; blocked DNS response including the IP address of a “blocked” website].  

As regarding claim 13, Rudnik further discloses The non-transitory computer-readable storage medium of claim 8, wherein the method further comprises: identifying client context information associated with the client [para. 62]; and in response to detecting a potential security threat associated with the client based on the client context information [para. 62], blocking the client from accessing the virtualized computing instance [para. 56 and 62].  

As regarding claim 14, Rudnik further discloses The non-transitory computer-readable storage medium of claim 13, wherein identifying the client context information comprises: identifying the client context information associated with the client in the form of a user device [para. 62], wherein the client context information includes one or more of the following: hardware profile information, software profile information, geographical location information and user profile information [para. 34, 62 and 220; contextual information including user preferences and profile].  

As regarding claim 15, Rudnik discloses A computer system configured to perform context-aware domain name system (DNS) query handling, wherein the computer system comprises: 
a processor [abstract and 96]; and 
a non-transitory computer-readable medium having stored thereon instructions that, when executed by the processor, cause the processor [abstract and 96] to: 
detect a DNS query to translate a domain name, wherein the DNS query is initiated by a client requiring access to the domain name [para. 54; DNS proxy server receiving DNS request]; 
identify DNS record information that translates the domain name to a network address assigned to a virtualized computing instance [para. 54; identifying policy information stored in a customized list for querying a list of domain names]; 
identify context information that is associated with the virtualized computing instance and mapped to the DNS record information [para. 54; identifying contextual information in policy information for querying a list of domain names]; and 
in response to detecting a potential security threat based on the context information, perform a remediation action to block access to the virtualized computing instance [para. 54-58; sending a response indicating that access to the requested website is blocked];  
otherwise, generate and send a DNS reply specifying the network address assigned to allow access to the virtualized computing instance [para. 54-58; sending a response allowing access to the requested website is blocked].  

As regarding claim 17, Rudnik further discloses The computer system of claim 15, wherein the instructions for detecting the potential security threat cause the processor to: determine that the context information indicates a health status associated with the virtualized computing instance [para. 89 – unhealthy website or para. 124 – health of the hardware resources], wherein the health status is derivable based on one or more of the following: operating system (OS) kernel behavior information, process behavior information, process identifier (ID) information, network flow information, universally unique ID (UUID) information and network address information associated with the virtualized computing instance [para. 56; the status of the IP address is blocked].  

As regarding claim 18, Rudnik further discloses The computer system of claim 1, wherein the instructions for performing the remediation action cause the processor to: redirect the client to a standby network address by generating and sending a DNS reply specifying the standby network address assigned to a standby virtualized computing instance [para. 56; blocked DNS response including the IP address of a “blocked” website].    

As regarding claim 19, Rudnik further discloses The computer system of claim 17, wherein the instructions for performing the remediation action cause the processor to: translate the domain name to a standby domain name that is associated with the standby network address [para. 56; blocked DNS response including the IP address of a “blocked” website].  

As regarding claim 20, Rudnik further discloses The computer system of claim 15, wherein the instructions further cause the processor to: identify client context information associated with the client [para. 62]; and in response to detecting a potential security threat associated with the client based on the client context information [para. 62], block the client from accessing the virtualized computing instance [para. 56 and 62].  

As regarding claim 21, Rudnik further discloses The computer system of claim 20, wherein the instructions for identifying the client context information cause the processor to: identify the client context information associated with the client in the form of a user device [para. 62], wherein the client context information includes one or more of the following: hardware profile information, software profile information, geographical location information and user profile information [para. 34, 62 and 220; contextual information including user preferences and profile].  
Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

9.	Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable by Tyagi (US PG Pub. 2016/0357962) in view of Day (US PG Pub. 2014/0245439).
As regarding claim 2, Rudnik does not explicitly disclose detecting the potential security threat comprises: determining that the context information indicates a deviation between a runtime state and an intended state associated with the virtualized computing instance.  However, Day disclose it [abstract, para. 33, 46, and claim 1].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Rudnik’s detecting the potential security threat to further comprise determining that the context information indicates a deviation between a runtime state and an intended state associated with the virtualized computing instance, as disclosed by Day, as one of alternative context information for detecting a potential security threat without premising on knowing what the threat resembles in a computing system [Day para. 33].
As regarding claim 9, Rudnik and Day also disclose The non-transitory computer-readable storage medium of claim 8, wherein detecting the potential security threat comprises: determining that the context information indicates a deviation between a runtime state and an intended state associated with the virtualized computing instance [Day abstract, para. 33, 46, and claim 1].  

As regarding claim 16, Rudnik and Day also disclose The computer system of claim 15, wherein the instructions for detecting the potential security threat cause the processor to: determine that the context information indicates a deviation between a runtime state and an intended state associated with the virtualized computing instance [Day abstract, para. 33, 46, and claim 1].  

Conclusion
Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/THONG P TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433