DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is a reply to the amendment filed on 05/31/2022, in which, claim(s) 1-20 are pending. Claim(s) 1, 3-4, 8, 11 and 14-15, 17 are amended. No claim(s) are cancelled or newly added.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 1, 8, and 15 have been considered. The objection of claim(s) 1, 8, and 15 have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s arguments with respect to the rejection of claim(s) 1-20 have been considered but are moot in view of the new ground(s) of rejection.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-2, 4-6, 8-9, 12-13, and 15-16, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Boneh et al. (US 2004/0015725 A1).
Regarding Claim 1, Lapidous discloses A method of managing Domain Name Server (DNS) requests, comprising: 
receiving a DNS request from a browser on a client device in an endpoint DNS agent, the DNS request comprising a requested domain name ([0049], “a virtual private router (VPR) 104 (as the DNS agent)…the VPR 104 may include a traffic interceptor 106 that intercepts both of requests for domain name resolution (e.g. domain name service (DNS) requests)”, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15 may store and execute one or more applications 102. In particular, the applications 102 may include such applications as a web browser or other application that sends or receives data from a remote device over a network”); 
sending a DNS response from the endpoint DNS agent to the browser on the client device, the DNS response comprising the endpoint DNS agent's Internet Protocol (IP) address ([0065], “A DNS response is created 316 that includes the pseudo IP address allocated at step 210 and the TTL set at step 314 and the DNS response is returned 218 to the application that generated the intercepted 202 DNS request”); 
receiving from the browser on the client device a message with a Server Name Identification (SNI) tag identifying the requested domain name to a Hyper Text Transfer Protocol (HTTP) server in the endpoint DNS agent ([0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header”); and 
establishing a Secure Socket Laver/Transport Laver Security (SSL/TSL) connection between the HTTP server on the endpoint DNS agent and the browser on the client device ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes TLS response to the client. Client caches the TLS response and returns it to the application after it issues TLS request for the same domain with the same session ID or a ticket”).  
Lapidous does not explicitly teach but Boneh teaches
an endpoint DNS agent installed on a device on a local network (Fig. 4 shows proxy device on a local network),
generating, by the endpoint DNS agent, a certificate for the requested domain name and sending it from the endpoint DNS agent to the browser on the client device ([0037], “the web proxy (as the endpoint DNS agent) to generate a proxy-server certificate identifying itself as the domain www.xyz.com”, [0038], “the web proxy sends a server-hello message and the proxy-server certificate generated in step 806 back to the user's browser”, [0012], “the common name inside the certificate matches the domain name in the URL requested by the client”),
Lapidous and Boneh are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Boneh with the disclosure of Lapidous. The motivation/suggestion would have been to establish the security capabilities between the client and server (Boneh, [0012]).

Regarding Claims 2 and 16, the combined teaching of Lapidous and Boneh teaches retrieving information from a domain associated with the requested domain name in the endpoint DNS agent, and selectively forwarding the requested information from the endpoint DNS agent to the browser on the client device to provide security to the client device (Lapidous, [0053], “one or more HTTP content requests are submitted to a client side HTTP proxy 112, which forwards requested domain inside a HOST header. In another implementation, one or more HTTPS content requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header”).

Regarding Claim 4, the combined teaching of Lapidous and Boneh teaches wherein the receiving a DNS request from a client device and sending a DNS response from the endpoint DNS agent are performed in a User Datagram Protocol (UDP) server of the endpoint DNS agent (Lapidous, [0040], “a UDP (server) connection”).

Regarding Claims 5 and 18, the combined teaching of Lapidous and Boneh teaches wherein the device on the local network is the client device (Lapidous, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15”).

Regarding Claims 6 and 19, the combined teaching of Lapidous and Boneh teaches wherein the device on the local network is a router, a gateway, or a security appliance (Lapidous, [0049], “The computing device 1500 may likewise host a virtual private router”).

Regarding Claim 8, Lapidous discloses A method of intercepting a Secure Socket Laver/Transport Laver Security (SSL/TSL) request to a remote server, comprising: 
receiving a message from a client device in a man-in-the-middle server, the message comprising a Server Name Identification (SNI) tag identifying a requested domain name to a Hyper Text Transfer Protocol (HTTP) server in a man-in-the-middle server ([0008], “If the client-side application is aware that it's connected through the proxy (i.e. man-in-the-middle) server”, [0048], “a computing (client) device”, [0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header” message”); and 
establishing an SSL/TLS connection between the client device and the HTTP server on the man-in-the-middle server ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes TLS response to the client. Client caches the TLS response and returns it to the application after it issues TLS request for the same domain with the same session ID or a ticket”),
Lapidous does not explicitly teach but Boneh teaches
generating, by an endpoint Domain Name Server (DNS) agent installed on a device on a local network, a certificate for the requested domain name and sending it from the man-in-the-middle server to the client device (Fig. 4 shows proxy device on a local network, [0037], “the web proxy (as the endpoint DNS agent) to generate a proxy-server certificate identifying itself as the domain www.xyz.com”, [0038], “the web proxy sends a server-hello message and the proxy-server certificate generated in step 806 back to the user's browser”, [0012], “the common name inside the certificate matches the domain name in the URL requested by the client”),
Lapidous and Boneh are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Boneh with the disclosure of Lapidous. The motivation/suggestion would have been to establish the security capabilities between the client and server (Boneh, [0012]).

Regarding Claim 9, the combined teaching of Lapidous and Boneh teaches retrieving information from a domain associated with the requested domain name in the man-in-the-middle server, and selectively forwarding the requested information from the man-in-the-middle server to the client to provide security to the client device (Lapidous, [0053], “one or more HTTP content requests are submitted to a client side HTTP proxy 112 (i.e. man-in-the-middle), which forwards requested domain inside a HOST header. In another implementation, one or more HTTPS content requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header”).

Regarding Claim 12, the combined teaching of Lapidous and Boneh teaches wherein the man-in-the-middle server is a server on the client device (Lapidous, [0053], “a client side HTTP proxy 112 (i.e. man-in-the-middle)” server).

Regarding Claim 13, the combined teaching of Lapidous and Boneh teaches wherein the man-in-the-middle server is a router, a gateway, or a security appliance on a local network with the client device (Lapidous, [0049], “The computing device 1500 may likewise host a virtual private router”).

Regarding Claim 15, Lapidous discloses A method of managing Domain Name Server (DNS) requests, comprising: 
receiving a DNS request from a browser on a client device in a User Datagram Protocol (UDP) server on an endpoint DNS agent, the DNS request comprising a requested domain name ([0049], “a virtual private router (VPR) 104 (as the DNS agent)…the VPR 104 may include a traffic interceptor 106 that intercepts both of requests for domain name resolution (e.g. domain name service (DNS) requests)”, [0048], “a computing (client) device, such as a the computing device 1500 of FIG. 15 may store and execute one or more applications 102. In particular, the applications 102 may include such applications as a web browser or other application that sends or receives data from a remote device over a network”, [0040], “a UDP (server) connection”); 
sending a DNS response from the endpoint DNS agent to the client device comprising the endpoint DNS agent's Internet Protocol (IP) address ([0065], “A DNS response is created 316 that includes the pseudo IP address allocated at step 210 and the TTL set at step 314 and the DNS response is returned 218 to the application that generated the intercepted 202 DNS request”); 
forwarding from the endpoint DNS agent's UDP server to a Hyper Text Transfer Protocol (HTTP) server in the endpoint DNS agent a message with the requested domain name ([0040], “a UDP (server) connection”, [0053], “The VPR 104 redirects DNS request including a requested domain from one or more client-side applications to a client side proxy”, “requests are submitted to a client side HTTPS proxy, which forwards requested domain inside an SNI (server name identification) header” message); and 
establishing a Secure Socket Laver/Transport Laver Security (SSL/TSL) connection between the HTTP server on the endpoint DNS agent and the browser on the client device ([0124], “establishing TCP connections to one or more real IP addresses of the related domains”, [0125], “the TLS handshake performed by the client for a particular domain, uses obtained value to preemptively initiate another TLS handshake for the same domain, and then passes TLS response to the client. Client caches the TLS response and returns it to the application after it issues TLS request for the same domain with the same session ID or a ticket”),  
Lapidous does not explicitly teach but Boneh teaches
an endpoint DNS agent installed on a device on a local network (Fig. 4 shows proxy device on a local network),
generating, by the endpoint DNS agent, a certificate for the requested domain name and sending it from the endpoint DNS agent to the browser on the client device ([0037], “the web proxy (as the endpoint DNS agent) to generate a proxy-server certificate identifying itself as the domain www.xyz.com”, [0038], “the web proxy sends a server-hello message and the proxy-server certificate generated in step 806 back to the user's browser”, [0012], “the common name inside the certificate matches the domain name in the URL requested by the client”),
Lapidous and Boneh are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Boneh with the disclosure of Lapidous. The motivation/suggestion would have been to establish the security capabilities between the client and server (Boneh, [0012]).

Claims 3, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Boneh et al. (US 2004/0015725 A1) further in view of Coulson et al. (US 2011/0276716 A1).
Regarding Claims 3, 11 and 17, the combined teaching of Lapidous and Boneh does not explicitly teach but Coulson teaches
receiving a user election to override a DNS redirection returned in response to the DNS request ([0012], “monitoring incoming domain name and/or Uniform Resource Locator (URL) requests, comparing the requested resource to a list of categorized resources, and making a determination as to either proceed to the requested resource or redirect to a different resource based upon a set of parameters”, [0013], “to allow the end-user to override a redirection, and the processing of the redirection itself”),
Lapidous, Boneh and Coulson are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Coulson with the combined teaching of Lapidous and Boneh. The motivation/suggestion would have been for redirecting Internet traffic away from illegitimate web sites (Coulson, Abstract).

Claims 7, 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Boneh et al. (US 2004/0015725  A1) further in view of Judge et al. (US 2016/0308875 A1).
Regarding Claims 7 and 20, the combined teaching of Lapidous and Boneh does not explicitly teach but Judge teaches
wherein processing the received DNS request in the endpoint DNS agent is based on a security policy set for the client device via the endpoint DNS agent to secure client devices (Judge, [0004], “retrieving a (security) policy associated with the device or user; applying the policy to the DNS request”).
Lapidous, Boneh and Judge are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Judge with the combined teaching of Lapidous and Boneh. The motivation/suggestion would have been to secure and manage home or other networks (Judge, Abstract).

Regarding Claim 10, the combined teaching of Lapidous and Boneh does not explicitly teach but Judge teaches
forwarding information selected based on a security policy for the client (Judge, [0004], “retrieving a (security) policy associated with the device or user; applying the policy to the DNS request”).
Lapidous, Boneh and Judge are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Judge with the combined teaching of Lapidous and Boneh. The motivation/suggestion would have been to secure and manage home or other networks (Judge, Abstract).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Lapidous et al. (US 2019/0036871 A1) in view of Boneh et al. (US 2004/0015725  A1) further in view of Coulson et al. (US 2011/0276716 A1) and further in view of Judge et al. (US 2016/0308875 A1).
Regarding Claim 14, the combined teaching of Lapidous, Boneh and Coulson does not explicitly teach but Judge teaches
wherein processing the received DNS request in the endpoint DNS agent is based on a security policy set for the client device via the endpoint DNS agent to secure client devices (Judge, [0004], “retrieving a (security) policy associated with the device or user; applying the policy to the DNS request”).
Lapidous, Boneh, Coulson and Judge are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Judge with the combined teaching of Lapidous, Boneh and Coulson. The motivation/suggestion would have been to secure and manage home or other networks (Judge, Abstract).

Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497