Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION  
This office action is in response to the amendments filed on 08/02/2022.
As per instant Amendment, claims 1, 11 and 18 have been amended and claims 21-23 have been added.
Claims 1-3, 6-12, 14-18 and 21-23 are pending as claims 4-5, 13 and 19-20 have been cancelled according to the examiner’s amendment below.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Mark T. Stephenson (Reg. No. 60,530) on August 12th, 2022.  During the telephone conference, Mr. Mark has agreed and authorized the Examiner to amend claims 1, 11 and 18 and to cancel claims 4-5, 13 and 19-20. 
The application has been amended as follows:
CLAIMS
1. (Currently Amended) A method comprising:
receiving, by a network apparatus comprising a processor device, a connection request sent from a client computing device toward a target computing device;
extracting, from the connection request, a target identifier that identifies the target computing device;
at a same time:
sending, by the network apparatus, the connection request to the target computing device;
sending, by the network apparatus, a reputation request with the target identifier to a web resource analyser engine; and
initiating a timer;
in response to detecting that a response to the connection request from the target computing device is received before a response from the web resource analyser engine, holding the response to the connection request from the target computing device; and
in response to detecting an expiration of the timer before a receipt of the response from the web resource analyser engine, approving the connection request and releasing the response to the connection request, and in response to the [[a]] receipt of the response from the web resource analyser engine before the expiration of the timer, approving the connection request based on the response from the web resource analyser engine and releasing the response to the connection request, or denying the connection request based on the response from the web resource analyser engine.
2.	(Original) The method according to claim 1, wherein the target identifier comprises a Uniform Resource Locator (URL) extracted from a header or a Server Name Indication (SNI) extracted from a Transport Layer Security (TLS) handshake.
3.	(Original) The method according to claim 1, wherein the network apparatus is installed on a network gateway.
4.	(Cancelled) 
5.	(Cancelled) 

6.	(Original) The method according to claim 1, the method further comprising in response to detecting that the response from the web resource analyser engine is received before the response to the connection request from the target computing device, approving or denying the connection request based on the response from the web resource analyser engine when the response to the connection request from the target computing device is received.
7.	(Original) The method according to claim 1, the method further comprising maintaining a local cache of reputation request response data received from the web resource analyser engine and in response to detecting a further connection request to the target computing device, wherein respective reputation request response data of a same target computing device being already in the local cache of reputation request response data, approving or denying the further connection request without sending a further reputation request to the web resource analyser engine.
8.	(Original) The method according to claim 1, wherein the user-space utility program comprises a kernel-level iptables component used for configuring IP packet filter rules.
9.	(Original) The method according to claim 1, wherein the operating system kernel module comprises a netfilter queue used for managing network packets in iptables components.
10.	(Original) The method according to claim 1, the method further comprising determining, based on the response from the web resource analyser engine, that the target computing device belongs to a third-party tracker and, based on determining that the target computing device belongs to the third-party tracker, blocking connections between the client computing device and the target computing device, wherein blocking the connection between the client computing device and the target computing device further comprises one of: sending a Hypertext Transfer Protocol (HTTP) or a Transport Layer Security (TLS) message indicating a message was received and no content is to be displayed, and terminating the connection.
11.	(Currently Amended) An apparatus in a computer network system comprising:
		one or more processor devices; and
		a non-transitory computer-readable medium comprising stored program code, the program code comprised of computer-executable instructions that, when executed by the one or more processor devices, cause the one or more processor devices to:
receive a connection request sent from a client computing device toward a target computing device;
extract, from the connection request, a target identifier that identifies the target computing device;
at a same time:
send the connection request to the target computing device;
send a reputation request with the target identifier to a web resource analyser engine; and
initiate a timer;
in response to detecting that a response to the connection request from the target computing device is received before a response from the web resource analyser engine, hold the response to the connection request from the target computing device; and
in response to detection of an expiration of the timer before a receipt of the response from the web resource analyser engine, approve the connection request and release the response to the connection request, and in response to the [[a]] receipt of the response from the web resource analyser engine before the expiration of the timer, approve the connection request based on the response from the web resource analyser engine and release the response to the connection request, or deny the connection request based on the response from the web resource analyser engine.
12.	(Original) The apparatus according to claim 11, wherein the target identifier comprises a Uniform Resource Locator (URL) extracted from a header or Server Name Indication (SNI) extracted from a Transport Layer Security (TLS) handshake.
13.	(Cancelled) 
14.	(Original) The apparatus according to claim 11, the one or more processor devices being further configured to maintain a local cache of reputation request response data received from the web resource analyser engine and in response to detecting a further connection request to the target computing device, wherein respective reputation request response data of a same target computing device being already in the local cache of reputation request response data, approve or deny the further connection request without sending a further reputation request to the web resource analyser engine.
15.	(Original) The apparatus according to claim 11, wherein the user-space utility program comprises a kernel-level iptables component used for configuring IP packet filter rules.
16.	(Original) The apparatus according to claim 11, wherein the operating system kernel module comprises a netfilter queue used for managing network packets in iptables components.
17.	(Original) The apparatus according to claim 11, the one or more processor devices being further configured to determine, based on the response from the web resource analyser engine, that the target computing device belongs to a third-party tracker, and based on determining that the target computing device belongs to the third-party tracker, block connections between the client computing device and the target computing device, wherein blocking the connection between the client computing device and the target computing device further comprises one of: sending a Hypertext Transfer Protocol (HTTP) or a Transport Layer Security (TLS) message indicating a message was received and no content is to be displayed, and terminating the connection.
18.	(Currently Amended) A non-transitory computer-readable medium comprising stored program code, the program code comprised of computer-executable instructions that, when executed by a processor device, causes the processor device to:
receive a connection request sent from a client computing device toward a target computing device;
extract, from the connection request, a target identifier that identifies the target computing device;
at a same time:
send the connection request to the target computing device;
send a reputation request with the target identifier to a web resource analyser engine; and
initiate a timer;
in response to detecting that a response to the connection request from the target computing device is received before a response from the web resource analyser engine, hold the response to the connection request from the target computing device; and
in response to detection of an expiration of the timer before a receipt of the response from the web resource analyser engine, approve the connection request and release the response to the connection request, and in response to the [[a]] receipt of the response from the web resource analyser engine before the expiration of the timer, approve the connection request based on the response from the web resource analyser engine and release the response to the connection request, or deny the connection request based on the response from the web resource analyser engine.
19.	(Cancelled) 
20.	(Cancelled) 
21.	(Previously Presented) The method according to claim 1, wherein holding the response to the connection request includes performing a rewrite in a target section of a user-space utility program rule and by using an operating system kernel module in a user-space memory area of the network apparatus.
22.	(Previously Presented) The apparatus according to claim 11, wherein the hold the response to the connection request includes performing a rewrite in a target section of a user-space utility program rule and by using an operating system kernel module in a user-space memory area of the network apparatus.
23.	(Previously Presented) The non-transitory computer-readable medium according to claim 18, wherein the hold the response to the connection request includes performing a rewrite in a target section of a user-space utility program rule and by using an operating system kernel module in a user-space memory area of the network apparatus. 
Response to Arguments
 The rejection of claims 10 and 17 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, is withdrawn in response to the applicant's amendments.
The previous rejection of claims 1-20 under 35 U.S.C. § 103 is withdrawn in response to the applicant's amendments.
Allowable Subject Matter
 Claims 1-3, 6-12, 14-18 and 21-23 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 1-3, 6-12, 14-18 and 21-23, the closest prior arts, Lee (US 2010/0192196), in view of Fattal (US 2020/0213116), in view of  Mulkey (US 2016/0142274), in view of Ide (US 2011/0296519) and further in view of Alperovitch (US 8,589,503), alone or in combination fails to anticipate or render obvious the claim invention.  
Lee (prior art of record) discloses a protection system is described herein that dynamically determines whether a computer system can access a particular resource based on a combination of a dynamic health state of the computer system and a dynamic reputation of the resource. When a user attempts to access a resource, the protection system intercepts the request. The protection system determines the reputation of the resource that the user is attempting to access. the reputation service provides a response that indicates the reputation of the requested resource, or in some cases a response that indicates that the reputation of the requested resource is not known by the reputation service. The protection system works in combination with, rather than in place of, traditional filtering techniques. For example, the system can use health checks in combination with user group membership, URL reputation category, or time-of-day restrictions to determine whether to allow access to a particular resource- See the abstract, par. 0013, 0023-0028 and 0043 of Lee.
Fattal (prior art of record) discloses a system includes a network interface and a processor. The processor is configured to (i) receive, via the network interface, a request originating from a request-origin application and directed to a request-destination application that runs on a request-destination device, (ii) subsequently to receiving the request, communicate the request to the request-destination device, (iii) subsequently to communicating the request to the request-destination device, receive a response, from the request-destination application, to the request, (iv) while holding the response, identify information contained in at least one log entry that was recorded by the request-destination application responsively to the request, and (v) perform a function in response to the information. Other embodiments are also described. The system identifies at least one log entry that pertains to the request, by identifying, in the log entry, the metadata that were recorded earlier- See the abstract, par. 0053 and 0058 of Fattal.
Ide (prior art) discloses methods and systems for operation upon one or more data processors for reputation based firewall processing of communications. The reputation based firewall processing includes receiving a communication identifying an entity, retrieving the reputation of the entity identified by the communication, and handling the communication based upon the retrieved reputation. The firewall processing module 500 can request reputation information from the reputation retrieval module 510 in response to receiving a communication or connection request. The reputation retrieval module 510 can query a reputation server 140 to retrieve reputation information associated with the communication. In some implementations, the query can include identification of entities associated with the communication or connection request. The reputation retrieval module 510 can parse the communication to identify the entities associated with the communication. In other implementations, the query can include the communication or connection request itself- See the abstract and par. 0051 of Ide.
Alperovitch (prior art) discloses methods and systems for operation upon one or more data processors for prioritizing transmission of communications associated with an entity based upon reputation information associated with the entity. The identification comprises: requesting reputation information associated with at least one of the entities associated with the new connection request from a local reputation store, wherein in response to determining that the request for the reputation information from the local reputation store failed, querying a reputation system for the reputation information; identifying a new connection priority for the new connection request based upon application of a prioritization policy to the identified reputations; identifying an existing connection having a lowest assigned priority; if the lowest assigned priority is lower than the new connection priority, dropping the existing connection having the lowest assigned priority; and if a connection is dropped, connecting the new connection request- See the abstract and claim 6 of Alperovitch.
However, none of Lee, Fattal, Mulkey, Ide and Alperovitch teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1, 11 and 18.  For example, none of the cited prior art teaches or suggest the steps of at a same time: sending, by the network apparatus, the connection request to the target computing device; sending, by the network apparatus, a reputation request with the target identifier to a web resource analyser engine; and initiating a timer; in response to detection of an expiration of the timer before a receipt of the response from the web resource analyser engine, approve the connection request and release the response to the connection request, and in response to the receipt of the response from the web resource analyser engine before the expiration of the timer, approve the connection request based on the response from the web resource analyser engine and release the response to the connection request, or deny the connection request based on the response from the web resource analyser engine.
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2-3, 6-10, 12, 14-17 and 21-23 are directly or indirectly dependent upon claims 1, 11 and 18 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495