DETAILED ACTION
This is a non-final office action in response to applicant’s communication filed on 2/18/2021.
Claims 1-20 are pending and being considered.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Applicant’s claim for the benefit of a prior-filed application (No. 62/978,780, filed on 2/19/2020) under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/24/2021 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, initialed and dated copy of Applicant’s IDS form 1449 filed as stated above is attached to the instant Office Action.
Applicant is advised that the cited references submitted 8/24/2021, e.g. 
KOZUCH, Kate, "Apple Glasses: Release date, price, features and leaks," August 4, 2021, tom's guide, available: https://www.tomsguide.com/news/apple-glasses; 
LESWING, Kif, "Apple is preparing for the death of the iPhone," Business Insider, July 1, 2017, available: https://www.businessinsider.com/apple-prepares-for-the-death-the-iphone-2017-6, 
etc. 
have been strike-out by the examiner. It has been placed in the application file, but the information referred to therein has not been considered as to the merits since the references appear to be irrelevant to the claimed invention. Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).
Drawings
The drawings are objected to because:
Fig. 2, Fig. 3, Fig. 4, missing reference “110”. The specification of the instant applicant refers to reference “110” in at least following paragraphs, [22], [34], [46], [47], etc. However, reference “110” has not been shown in any figures.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The disclosure is objected to because of the following informalities: 
Para. [7] line 3 “my” may be typo; 
Para. [32] line 1, “agent 106” may read “agent 104”; 
Para. [35] lines 2-4, “If the agent, in determines a connection is being made to a domain on the DO_NOT_CARE list then the device agent allows the connection to proceed without modification” is not clear;
Para. [40] “If PROF_IP” may read “If the PROT_* is PROF_IP”;
Para. [60] line 6, “… agent 104 is only is able to …” may read “… agent 104 is only 
Para. [62] line 1, “… that is more stringent that”, “underlined “that” may be typo;
Para. [70] line 3, “security component 108” may read “security component 106”;
Para. [78] line 10, “than” may be typo.
Appropriate correction is required.
Claim Objections
Claims 1, 7, 9, 13, 15, 19 are objected to because of the following informalities:  
Claim 1 lines 9-10, “a resolution of the DNS according to a policy” may read “a resolution of the DNS request according to the policy”;
Claim 1 line 14, “… that privacy is a consideration …” may read “… that the privacy is a consideration …”;
Claim 9, 15 respectively recites limitations similar to claim 1, concern identified for claim 1 also apply.
Claim 15 line 2, “cause the device to …” may read “cause the client device to …”.
Claim 7 line 6, “an update to the database reflect that …” may read “an update to the database reflecting that …”, or more appropriate form.
Similarly, claim 13, claim 19.
Claim dependency errors:
Claim 16 recites “The system of claim 15”, whereas claim 15 is a non-transitory computer-readable medium claim. For examination, claim 16 is interpreted as “The non-transitory computer-readable medium of claim 15”.
Similarly, claims 17-20.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 6-7, 9, 12-13, 15, 18-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 line 4 recites “the resolution”. There is insufficient antecedent basis for this limitation in the claim; and 
Claim 1 line 9 recites “the first database”. There is insufficient antecedent basis for this limitation in the claim;
Claim 1 line 13 recites “proceeding with the processing of the DNS request”. There is insufficient antecedent basis for the underlined limitation in the claim;
Claim 1 line 10 recites “… according to a policy from the associated with the domain name or …”. The underlined “associated with” is not clear and appears missing a subject “associated with”.
Claim 1 last line recites “the required level of privacy”. There is insufficient antecedent basis for this limitation in the claim. It is not clear whether the required level of privacy is the second level of privacy required by the policy or not.
Claim 6, claim 7 are also rejected for lack of antecedent basis of “the required level of privacy”.
Similarly, claim 12, 13, 18, 19.
Claim 9, claim 15, each respectively recites limitations with concerns similar to claim 1 as identified above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-7, 9-13, 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Xue (US20120303808A1, hereinafter, "Xue"), in view of Mahaffey et al (US20150128205A1, hereinafter, “Mahaffey”).
Regarding claim 1, Xie teaches:
A method (Xie, discloses filtering domain names in response to request for domain name resolution based on a security policy, see [Abstract]) comprising: 
receiving, by a software component executing on a network-enabled client device, from an application executing on the client device initiating a first connection, a domain name system (DNS) request for the resolution of a domain name (Xie, refer to Fig. 2, and [0013] security appliance 206 (i.e. software component) comprises a firewall configured to enforce policies or rules with respect to various communications that it receives. For example, security appliance 206 may be configured to intercept DNS communications between a client 202, enterprise DNS server 204 ... security appliance 206 may be implemented directly on a client device 202 as a host-based solution. And Fig. 4 step 402-404, and [0018] the DNS request received at 402 comprises a DNS query from a client such as client 202 of FIG. 2 or an enterprise or corporate DNS server such as DNS server 204 of FIG. 2. At 404, the DNS request received at 402 is parsed to extract a domain name from the request); Examiner notes client devices such as client(s) 202 in Fig. 2 are connected to the network therefore network-enabled client device(s).
determining, by the software component, whether the domain name is listed in a database or is associated with a first category in the database, the database containing at least one domain name or category of domains, each domain name or category associated with a policy (Xue, [0018] At 406, the domain name extracted at 404 is compared with or matched against a domain name list or database such as database 214 of FIG. 2. In some embodiments, domain names in such as list or database are organized according to categories. In some such cases, 406 includes identifying or determining a category associated with the extracted domain name); 
and when the determination is that the domain name is listed in the database or is associated with a category in the first database, initiating, by the software component, a resolution of the DNS according to a policy from the associated with the domain name or the category in the database (Xue, [0009] In such cases, the web browser of client 102 forwards a request to a DNS (Domain Name System) server 104 to resolve the domain name of the URL into a corresponding IP (Internet Protocol) address. DNS server 104, for example, may comprise a name server that client 102 has been configured to use to resolve domain names into corresponding IP addresses. And [0018] If classified as allowed, for example, because access to the extracted domain name is permitted and/or the extracted domain name is unknown, the received DNS request is forwarded to the DNS server to which it was originally directed at 412), 
While Xie teaches domain name resolution process in response to domain name request using a database according to security policies, but does not explicitly teach the following limitation(s), however in the same field of endeavor Mahaffey teaches:
wherein: when the policy indicates that privacy is not a consideration in the first connection, proceeding with the processing of the DNS request (Mahaffey, discloses secure network connections based on appropriate level of security associated with context information, [Abstract]. In particular, Mahaffey is related to DNS request, see e.g. [0126], [0345]. See Fig. 14 step 1435, Maintain the network connection, i.e. regardless of context information corresponding to the particular context specified in the security policy, and [0339] Alternatively, if the connection does match, the system allows the connection to be maintained (step 1435)); Examiner notes, privacy is interpreted as security as shown by Mahaffey in [0048] shown below; Examiner further notes it is obvious to one ordinary skilled in the art that when the privacy/security is not a concern, any processing of DNS request would be allowed or maintained in contract to situation when the privacy/security is of concern shown below;
when the policy indicates that privacy is a consideration in the first connection, determining, by the software component using at least one of information associated with the [DNS request or information associated with the domain name in the database], whether a first level of privacy associated with the first connection is at least equal to a second level of privacy required by the policy, and: when the first level of privacy is at least equal to the second level of privacy, proceeding with the processing of [the DNS request], or when the first level of privacy is less than the second level of privacy, causing, by the software component, the application to create a second connection [to a domain associated with the domain name], the second connection providing at least the required level of privacy (Mahaffey, [0048] A user of a device or an administrator of a device may desire an appropriate level of security on a network connection made by a device to protect the privacy of data sent or received over the network connection. See Fig. 13, steps 1325-1330, or 1335, and [0334] In a step 1325, the security policy is applied using the collected context information. In a step 1330, based on the application of the security policy a determination is made as to whether there should be a second type of network connection between the mobile communications device and the remote destination, where the second type of network connection offers a level of security different from the first type of network connection. If so, the second type of network connection is established (…). If not, the first type of network connection is established (…)). Examiner notes, limitation(s) in bracket are taught by Xue as shown above. It is obvious to one ordinary skilled in the art that the domain name can be applied to domain name request of Xue as the context data to the secure connection of Mahaffey.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Mahaffey in the method of filtering domain names using DNS communications of Xue to further determine appropriate network connection having appropriate level of security based on context data. This would have been obvious because the person having ordinary skill in the art would have been motivated to apply security policy to determine that the security offered by the network connection is appropriate for the context (i.e. domain name request/resolution of client device of Xue) and a different network connection having an appropriate level of security may be used for the data associated with the context (Mahaffey, [Abstract]). 

Regarding claim 9, Xie-Mahaffey combination teaches:
A system comprising a network-enabled client device including at least one processor and memory with instructions that when executed by the at least one processor cause the system (Xie, discloses filtering domain names in response to request for domain name resolution based on a security policy, [Abstract], See Fig. 2 a system of network environment, and Fig. 3 of CPU 302 and memory 304) to perform actions including: method steps substantially similar to the method steps of claim 1, therefore is rejected with same rational set forth as rejection of claim 1 above.

Regarding claim 15, Xie-Mahaffey combination teaches:
A non-transitory computer-readable medium comprising instructions that when executed by a processor of a network-enabled client device cause the device (Xie, discloses filtering domain names in response to request for domain name resolution based on a security policy, [Abstract], See Fig. 3 of CPU 302). And [0007] The invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium) to perform actions including: method steps substantially similar to the method steps of claim 1, therefore is rejected with same rational set forth as rejection of claim 1 above.

Regarding claim 3, similarly claim 10, claim 16, Xie-Mahaffey combination further teaches:
The method of claim 1, the system of claim 9, the system (as non-transitory computer-readable medium) of claim 15,
wherein the database includes a first plurality of domain names or first category for which the policy requires the first connection to have a specified level of privacy (Mahaffey, [0005] If the security offered by the network connection is not appropriate for the context, the network connection may be made more secure, less secure, or a different network connection having an appropriate level of security may be used for the data associated with the context. And [0203] For example, safe browsing module 564 and malware identifier 566 may be in communication with one or more databases that serve as a centralized repository for libraries of safe and malicious websites and IP addresses, as well as safe and malicious files. And [Claim 10] wherein one of the first or second network connection includes providing safe browsing by controlling a domain name system (DNS) server for resolving network addresses …, the one of the first or second network connection thereby offering a greater level of security than another of the first or second network connection).  

Regarding claim 4, similarly claim 11, claim 17, Xie-Mahaffey combination further teaches:
The method of claim 3, the system of claim 10, the system (as non-transitory computer-readable medium) of claim 16,
wherein the specified level of privacy specifies one of: use of a transport layer security (TLS) protocol; use of an encrypted signal name indication (ESNI) protocol; or use of a virtual private network (VPN) (Mahaffey, [0074] The connection uses a standardized transport protocol such as HTTP to transmit data in both directions. The connection may use a security layer such as TLS (Transport Layer Security) or SSL (Secure Sockets Layer). And [0101] But if the user is in a coffee shop connected to a public Wi-Fi access point, a VPN (or other secure connection) may be desired to preserve the privacy and security of information being communicated). 

Regarding claim 5, Xie-Mahaffey combination further teaches:
The method of claim 1, wherein the policy is specified by one of an enterprise associated with the client device or a user associated with the client device (Mahaffey, [0137] policies may be managed at a group level by a group administrator. In this example, the group administrator may be an administrator for an organization, corporation, or enterprise. The group administrator may change or modify policies associated with the applications the organization has installed on its employees' mobile communications devices).  

Regarding claim 6, similarly claim 12, claim 18, Xie-Mahaffey combination further teaches:
The method of claim 1, the system of claim 9, the system (as non-transitory computer-readable medium) of claim 15,
further comprising: monitoring, by the software component, traffic associated with the first connection or the second connection; determining, by the software component, from the monitored traffic that a protocol associated with the required level of privacy is not being followed (Xue, [0011] The monitoring of DNS communications may be useful for identifying attempted connections to malicious domains that are not currently valid or registered with the Domain Name System (i.e. protocol associated with the required level of privacy is not being followed). An attempt to connect to such a domain name would go undetected if only URL filtering were employed at the HTTP level since in such cases the domain name cannot be resolved into an IP address and hence no HTTP connection can be attempted); 
Mahaffey further teaches: and causing, by the software component, a change to a third connection providing the required level of privacy (Mahaffey, [0020] The method may further include if the type of network connection established between the mobile communications device and the target destination does not match the particular type of network connection specified in the security policy, terminating the first network connection and establishing a second (i.e. it is obvious this may be a third) network connection between the mobile communications device and the target destination, where the second network connection is of the particular type specified in the policy, and where a level of security offered by the second network connection is greater than a level of security offered by the terminated first network connection).   

Regarding claim 7, similarly claim 13, claim 19, Xie-Mahaffey combination further teaches:
The method of claim 1, the system of claim 9, the system (as non-transitory computer-readable medium) of claim 15
further comprising: monitoring, by the software component, traffic associated with the first connection or the second connection; determining, by the software component, from the monitored traffic that a protocol associated with the required level of privacy is not being followed (Xue, [0011] The monitoring of DNS communications may be useful for identifying attempted connections to malicious domains that are not currently valid or registered with the Domain Name System (i.e. protocol associated with the required level of privacy is not being followed). An attempt to connect to such a domain name would go undetected if only URL filtering were employed at the HTTP level since in such cases the domain name cannot be resolved into an IP address and hence no HTTP connection can be attempted); and initiating, by the software component, an update to the database reflect that the protocol is not followed in communications to the domain (Xie, [0016] In addition to blocking access to certain domain names, new suspect or malicious domain names may be learned by security appliance 206 based on received DNS traffic and may be used to update or populate database 214).  

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Xue-Mahaffey combination as applied above to claim 1, further in view of Montenot et al (US20180270189A1, hereinafter, “Montenot”).
Regarding claim 2, Xie-Mahaffey combination teaches:
The method of claim 1, 
While the combination of Xie-Mahaffey does not explicitly teach the following limitation(s), however in the same field of endeavor Montenot teaches:
wherein the database includes a first plurality of domain names or first category for which the policy allows the connection to have any level of privacy (Montenot, discloses equipment and method for offering domain name resolution services, [Title]/[Abstract]. And [0004] a domain name resolution unit suitable for performing domain name resolution operations by means of a cache (i.e. database) in which said equipment stores associations of IP addresses and respective domain names, said cache being populated by means of results of domain name resolutions made by external name servers each corresponding to one of said security domains to which said equipment is intended to be connected via respective secure tunnels and to which said equipment resort to, independently of said security domains, when said cache does not include data allowing to effect the required domain name resolution).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Montenot in the method of filtering domain names using DNS communications of Xue-Mahaffey to provide domain name resolution independently of security domain. This would have been obvious because the person having ordinary skill in the art would have been motivated to reinforce simplicity of use of equipment when new security domains are added (Montenot, [Abstract], [0004]). 

Claims 8, 14, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xue-Mahaffey combination as applied above, further in view of Lee (WO2020159283A1, hereinafter, “Lee”).
Regarding claim 8, similarly claim 14, claim 20, Xie-Mahaffey combination teaches:
The method of claim 1, the system of claim 9, the system (as non-transitory computer-readable medium) of claim 15,
The combination of Xue-Mahaffey does not explicitly teach the following limitation(s), in the same field of endeavor Lee teaches:
wherein, when processing the DNS request results in a determination that an IP address associated with the domain name is also associated with additional domain names, the method further comprises: Page 60 of 65Attorney Docket No. 1129.160NPRsubstituting, by the software component, a smaller time-to-live (TTL) value for an initial TTL value associated with the IP address; providing, by the software component, the smaller TTL value to the application along with the IP address (Lee, discloses method of identifying a number of hops connecting to a server corresponding to IP address, [Abstract]. And [91] Furthermore, the process of determining whether or not the communication connection is established on the basis of the smaller number of hops than the identified number of hops may also be performed by setting a TTL value included in a header of an IP packet to be the same as the identified number of hops to attempt a TCP handshake and determining whether or not a TTL value included in a response packet to the attempt is smaller than the TTL value of the IP packet. And [93] the electronic device 100 may perform the detection process of a man-in-the-middle attack as described above in at least one of a case in which an HTTP connection with the server 200 is established on the basis of the obtained IP address, a case in which an HTTPS connection with the server 200 is established on the basis of the obtained IP address, a case in which it is determined that an IP address corresponding to a first domain name and an IP address corresponding to a second domain name different from the first domain name are the same as each other (i.e. more than one domain names with same IP address)).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the method of filtering domain names using DNS communications of Xue-Mahaffey to identify TTL value associated with server IP address to control number of hops. This would have been obvious because the person having ordinary skill in the art would have been motivated to identify man-in-the-middle attack in network when communication connection with the server is established on the basis of a smaller number of hops than the identified number of hops (Lee, [Abstract]). 
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Moore et al (US20200351244A1) discloses method and systems for preventing attacks associated with domain name system.
Bosch et al (US2020025237A1) discloses method for managing application traffic with policy. 
Thakar (US20170142060A1) discloses method for directing a domain name service resolution process.
Fregly et al (US20190036708A1) discloses methods and systems for preserving privacy of a registrant in domain name system.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436