DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/04/2022 has been entered.

Response to Amendment
3.	Claims 1,2 4-11, and 13-20 are pending.
	Claims 1,10 and 19 have been amended.
	Claims 3 and 12 have been canceled. 

Response to Arguments
4.	Applicant’s arguments with respect to claims 1,10 and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

6.	Claims 1, 4-6, 10, 13-15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie), in view of Yin (US 2015/0372977 hereinafter referred to as Yin), and further in view of  Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala).

Regarding claim 1,
Xie teaches:
“ A system comprising: A Domain Name System (DNS) server communicatively coupled to a user device; a policy data store communicatively coupled to the server and storing a policy for the user device; and ” (Xie [0015] [0017] a security appliance to enforce various enterprise polices on client device associated with domain names requested by the client device. The security appliance includes storage or domain names database to store the policy or domain names. The security appliance can be implemented as a client device in which a DNS server included as disclosed in paragraphs [0013][0012]).
Xie teaches enforcing varies firewall policies for different categories of domain names and different users as disclosed in paragraph [0015]. Furthermore, Xie teaches allowing or blocking DNS requests based on the polices as disclosed in paragraph [0018].
However, Xie does not explicitly teach:
“an inline inspection system communicatively coupled to the server, wherein the inline inspection system comprises a node in a cloud-based system; and”
“wherein the DNS server is configured to responsive to a request from a user device, perform a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security, wherein a location may include a plurality of policies for different groups of users;”
“ responsive to the security check, perform one of: directly allow the request to the Internet based on the security check determining the request is allowed by the settings; directly block the request based on the security check determining the request is disallowed by the settings; and” 
“cause inline inspection of the request, via forwarding the request to the inline inspection system by the DNS server, based on the security check determining the request includes suspicious content; and wherein the inline inspection system is configured to responsive to the inline inspection, one of allow the request to the Internet and block the request.”
Yin teaches :
“wherein the DNS server is configured to responsive to a request from a user device, perform a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security, wherein a location may include a plurality of policies for different groups of users;” (Yin [0012][0057],  teaches an organization firewall policy comprising individual polices for selected applications, users, group of users to monitor their  traffic pattern in the organization. Using the firewall polices to check whether  a request from specific department or group of  users is complying with the firewall policy of the organization and to take an action). 
“ responsive to the security check, perform one of: directly allow the request to the Internet based on the security check determining the request is allowed by the settings; directly block the request based on the security check determining the request is disallowed by the settings; and” (Yin [0057], blocking request of particular department or group of users’ request based on firewall policy configuration for that department or group users, and allowing the request to the internet when the request is complying with the firewall policy configurations for that department or the group of users. See examples disclosed in the paragraph). 
Because both Xie and Yin teaches performing a security check on request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include plurality of individual firewall policies for selected applications or  group of users in an organization as disclosed by Yin, such inclusion helps to implement improved and efficient firewall policy based on organizational requirements (Yin [0031]). 
Xie and Yin do not  teach:
“an inline inspection system communicatively coupled to the server, wherein the inline inspection system comprises a node in a cloud-based system” and “cause inline inspection of the request, via forwarding the request to the inline inspection system by the DNS server, based on the security check determining the request includes suspicious content; and wherein the inline inspection system is configured to responsive to the inline inspection, one of allow the request to the Internet and block the request.”
Pidathala teaches:
“an inline inspection system communicatively coupled to the server, wherein the inline inspection system comprises a node in a cloud-based system” and “cause inline inspection of the request, via forwarding the request to the inline inspection system by the DNS server, based on the security check determining the request includes suspicious content; and wherein the inline inspection system is configured to responsive to the inline inspection, one of allow the request to the Internet and block the request.” (Pidathala [0033] [0034] [0035] [0044] [0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for performing the analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).
Because Xie, Pidathala and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Pidathala  to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).

Regarding claim 10,
Xie teaches 
“A cloud-based security method using Domain Name System (DNS), the cloud-based security method comprising” (Xie [0012] [0013], distributed DNS servers and security appliances connected via internet. The security appliance comprises firewall, and configured to perform plurality of security features associated with DNS communications).
Xie teaches enforcing varies firewall policies for different categories of domain names and different users as disclosed in paragraph [0015]. Furthermore, Xie teaches allowing or blocking DNS request based on the polices as disclosed  in paragraph [0018].
However, Xie does not explicitly teach: 
“Page 34 of 38Attorney Docket No.: 5897C1PCONPATENTresponsive to a request from a user device at a DNS server, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; and wherein a location many include a plurality of polices for different group of users”
 “responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and” 
“causing inline inspection of the request based on the security check determining the request includes suspicious content by forwarding the request from DNS server to cloud system; and responsive to the inline inspection, one of allowing the request to the Internet and blocking the request.”
Yin teaches: 
“Page 34 of 38Attorney Docket No.: 5897C1PCONPATENTresponsive to a request from a user device at a DNS server, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; and wherein a location many include a plurality of polices for different group users” (Yin [0012][0057],  teaches an organization firewall policy comprising individual polices for selected applications, users, group of users to monitor their  traffic pattern in the organization. Using the firewall polices to check whether a request from specific department or group user is complying with  the firewall policy of the organization, and to take an action). 
“responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and” (Yin [0057], blocking request of particular department or group of users’ based on firewall policy configuration for that department or group users, and allowing the request when the request is complying with the firewall policy configurations for the department or the group of users. See examples disclosed in the paragraph). 
Because both Xie and Yin teaches performing a security check on request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include plurality of individual firewall policies for selected applications or  group of users in an organization as disclosed by Yin, such inclusion helps to implement improved and efficient firewall policy based on organizational requirements (Yin [0031]). 
Xie and Yin do not  teach:
“causing inline inspection of the request based on the security check determining the request includes suspicious content by forwarding the request from DNS server to cloud system; and responsive to the inline inspection, one of allowing the request to the Internet and blocking the request”
Pidathala teaches:
“causing inline inspection of the request based on the security check determining the request includes suspicious content by forwarding the request from DNS server to cloud system; and responsive to the inline inspection, one of allowing the request to the Internet and blocking the request” (Pidathala [0033] [0034] [0035] [0044] [0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for performing further analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).
Because Xie, Yin and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Yin to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).

Regarding claim 19,
Xie teaches:
“A non-transitory computer-readable storage medium having computer readable code stored thereon for programming a Domain Name System (DNS) server to perform steps of:” (Xie [0007][0016] and claim 20, teaches a computer program embodied in a computer readable storage medium. A security appliance to perform security functions related to DNS requests. The security appliance can be implemented as a client device in which a DNS server included as disclosed in paragraphs [0013][0012]).
Xie teaches enforcing varies firewall policies for different categories of domain names and  different users as disclosed in paragraph [0015]. Furthermore, Xie teaches allowing or blocking DNS request based on the polices as disclosed  in paragraph [0018].
However, Xie does not explicitly teach:
“responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security, and wherein a location many include a plurality of polices for different group users” 
“responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and” 
 “ Page 36 of 38Attorney Docket No.: 5897CIPCONPATENTforwarding the request to a cloud-based system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked”
Yin teaches:
“responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security, and wherein a location many include a plurality of polices for different group users” (Yin [0012][0057] teaches an organization firewall policy comprising individual polices for selected applications, users, group of users to monitor their  traffic pattern in the organization. Using the firewall polices to  check a request from specific department or group user is complying with  the firewall policy of the organization, and to take an action). 
“ responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and” (Yin [0057], blocking request of particular department or group of users’ based on firewall policy configuration for that department or group users, and allowing the request when the request is complying with the firewall policy configurations for the department or the group of users. See examples disclosed in the paragraph). 
Because both Xie and Yin teaches performing a security check on request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie to include plurality of individual firewall policies for selected applications or  group of users in an organization as disclosed by Yin, such inclusion helps to implement improved and efficient firewall policy based on organizational requirements (Yin [0031]). 
Xie and Yin do not  teach:
“ Page 36 of 38Attorney Docket No.: 5897CIPCONPATENTforwarding the request to a cloud-based system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked”
Pidathala teaches:
“ Page 36 of 38Attorney Docket No.: 5897CIPCONPATENTforwarding the request to a cloud-based system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked” (Pidathala [0033] [0034] [0035][0044][0026], passing a non-malicious or malicious URL links detected by a first system to the next level for further analysis. Cloud based multilevel detection system for preforming further analysis on the URL links by second and third system to determine whether the suspicious URL is to be a malicious. Sending the URL if no malware is detected or blocking the URL if the malware is detected. The suspicious URL can be a domain name).
Because Xie, Yin and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Yin to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).

Regarding claims 4 and 13, the combination of Xie, Yin and Pidathala teaches all the limitations of claims 1 and 12.
Xie teaches: 
“wherein the request is allowed based on any of a whitelist and the settings related to the content filtering and security; and wherein the request is disallowed is based on any of a blacklist and the settings related to the content filtering and security” (Xie [0018] [0014] domain name filtering based on comparing the DNS request with list of domains in the domain name database. Denying the DNS request based on black list, and allowing the DNS request when the domain is non malicious permitted domain. The domain name database indexed malicious domains and valid domains).

Regarding claims 5 and 14, the combination of Xie, Yin and Pidathala teaches all the limitations of claims 1 and 12.
Pidathala teaches: 
“wherein the suspicious content is based on a domain known to contain malicious content based on Uniform Resource Locator (URL) categories” (Pidathala [0033], filtering  suspicious URLs based on whitelists and blacklists to determine known malicious links and non-malicious links).
Because Xie, Yin and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Yin to include suspicious URL filtering based on whitelists and black lists as disclosed by Pidathala, such filtering is useful to detect new malicious URLs since the blacklist and whitelist are updated periodically (Pidathala [0033]). 

Regarding claims 6 and 15, the combination of Xie, Yin  and Pidathala teaches all the limitations of claims 1 and 12.
Xie teaches: 
“ wherein the server is configured to look up the policy associated with the user device based on a source of the request” (Xie [0014] and Fig. 1, applying the policy based on particular user to allow access for particular domain, and preventing access to other users to the particular domain. Client devices for user). 

7.	Claims 7, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie), in view of Yin (US 2015/0372977 hereinafter referred to as Yin), in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), and further in view of Bhogavilli et al. (US 2012/0174196 hereinafter referred to as Bhogavilli). 

Regarding claims 7, 16 and 20,  the combination of Xie, Yin and Pidathala teaches all the limitations of claims 1, 10 and 19.
The combination of Xie, Yin and Pidathala does not teach :
“wherein the server is configured to uniquely identify a user of the user device based on data in the request; and utilize an identity of the user for the policy associated with the user device”
Bhogavilli teaches:
“wherein the server is configured to uniquely identify a user of the user device based on data in the request; and utilize an identity of the user for the policy associated with the user device”  (Bhogavilli [0046], identifying the client based on information associated with the request, and whitelisting the client’s IP address associated with request).
Because Xie, Pidathala, Yin and Bhogavilli teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie, Yin and Pidathala to include a feature to identify a client as disclosed by Bhogavilli, such inclusion is useful to classify legitimate clients (Bhogavilli [0046]).

8.	 Claims 2 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie), in view of Yin (US 2015/0372977 hereinafter referred to as Yin), in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), and further in view of Park et al. (US 9,239,907 hereinafter referred to as Park).

Regarding claim 2 and 11, the combination of Xie, Yin  and Pidathala teaches all the limitations of claims 1 and 10.
Pidathala teaches:
“ wherein the inline inspection performs a plurality of malicious Uniform Resource Locator (URL) filtering, deep content inspection, advanced persistent threat protection/sandboxing, and Data Loss Prevention (DLP)” (Pidathala [0037][0026][0055][0020][0043], further URL filtering by the second and third system. Inspecting the URL’s characteristics to determine malware. Inspecting the characteristics include deep packet inspection techniques. Using sandboxed dedicated environment for malware detection associated with received URL. Checking whether a file or document referenced by the URL is permitted for downloading or attempt of unauthorized access (this feature is consistent with Data Loss Prevention (DLP).
Because Xie, Yin and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Yin to perform plurality of analysis based on plurality characteristics associated with the URL as disclosed by Pidathala, such analysis is useful to determine successfully identifying malicious links based on the plurality of analysis and characteristics ([0037][0026][0055][0020][0043]). 
 Xie, Yin and Pidathala do not teach:
“antivirus/antispyware detection”
Park teaches:
“antivirus/antispyware detection” (Park col. 7 lines 1-25, detecting anti-spyware or anti-virus from URL by misleading application module). 
Because Xie, Yin, Pidathala and Park teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie, Yin and Pidathala to include anti-virus or anti-spyware detection feature as disclosed by Park such inclusion is useful to deny the misleading application included in a request or to take one or more actions (Park Fig. 4).

9.	Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie), in view of Yin (US 2015/0372977 hereinafter referred to as Yin), in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), and further in view Mahadik et al. (US 2014/0089661 hereinafter referred to as Mahadik).

Regarding claims 8, 17, the combination of Xie and Pidathala teaches all the limitations of claims 1 and 10. 
Xie teaches:
“ wherein the policy includes any of content filtering which provides the policy for allowing or blocking the request at the DNS server, threat security which denotes a suspicious site for the request or an unknown site for the request” and  “and black and white listing of sites which exempts or blocks sites for the request based on user provisioning” (Xie [0010][0016][0015], URL filtering to detect malicious domain and to block the malicious activity commination associated with the malicious domain. Monitoring DNS requests and identifying suspect or malicious domains based on unknown DNS request. Blok list domains, black list domains and permitted domains).
Pidathala teaches:
“invokes the inline inspection” (Pidathala teaches performing further analysis as discussed in claim1 based on the disclosure in paragraphs [0033] [0034] [0035][0044][0026]).
Because Xie, Yin and Pidathala teach performing security check on a request, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie and Yin to include a feature that perform multi-level security check analysis as disclosed by Pidathala, such multi-level analysis provide efficient malware detection and verification system (Pidathala [0039]).
Xie, Yin and Pidathala do not teach:
“Safe Search on an application on the user device which enforces all searches on the user device with a safe search setting” 
Secure Sockets Layer (SSL) inspection”
Mahadik teaches:
“Safe Search on an application on the user device which enforces all searches on the user device with a safe search setting” (Mahadik [0017], allowing an access to a search engine but preventing the search operation if the search query include blacklisted term).
“Secure Sockets Layer (SSL) inspection” (Mahadik [0029], detecting SSL/HTTPS based websites).
Because Xie, Yin Pidathala and Mahadik teach performing security check, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Xie, Yin  and Pidathala to include search filtering and SSL based website detection as disclosed by Mahadik, such security features are useful to prevent searching blacklisted terms and to provide security based on the SSL (Mahadik [0029]).  

10.	Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US 2012/0303808 hereinafter referred to as Xie),  in view of Yin (US 2015/0372977 hereinafter referred to as Yin), in view of Pidathala et al. (US 2015/0007312 hereinafter referred to as Pidathala), further in view of Agarwal et al. (US 20120281706 hereinafter referred to as Agarwal). 

Regarding claims 9 and 18, the combination of Xie, Yin  and Pidathala teaches all the limitations of claims 1 and 10.
Agarwal teaches:
“wherein the policy is one of a plurality of policies for the location, each of the plurality of policies is designated by a different address of the DNS server and different Virtual Local Area Networks (VLANs)” (Agarwal [0008] [0137] [0257] [0265], teaches multiple VLANs n multiple appliances using policies to support customers. The appliance can be a Domain Name service (DNS) resolver. The appliance corresponds to the geographically closest datacenter or cloud network (i.e., policies for location). The appliances assigned their own addresses).  
Because Xie, Yin Pidathala  and Agarwal  teaches security, therefore, it would have been obvious to one with ordinary skill in the art before the effective filling date of the claimed invention to modify Xie, Yin  and Pidathala to configure network appliances based geographical location as disclosed by Agarwal ([0257]) in order to route client’s request to the closest service provider, and would have been consistent with rationale of use of known technique to improve similar devices (methods, or products) in the same way (MPEP 2143(I)(C)).

Conclusion
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESFU N MEKONEN whose telephone number is (571)270-0587. The examiner can normally be reached Monday - Friday, 8:00 AM to 4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 5712703037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/T.N.M/            Examiner, Art Unit 2456


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2456