DETAILED ACTION

Currently pending claims are 1 – 15.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 13 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter where “A cloud computing environment” as recited in the claim does not fall into any of statutory classes defined in 35 U.S.C 101.  It may be merely directed to an abstract structure of architecture.  Examiner respectfully suggests to amend the claim such as “A  processing circuitry which is configured to execute computer executable code, that when executed, performs the following steps: receive a DNS query, by one or more processor devices, at [[the]] a cloud computing environment …. Any other claims not addressed are rejected by virtue of their dependency.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 9 and 12 – 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Xu et al. (U.S. Patent 9,560,072). 

As per claim 1 & 13 – 15, Xu teaches a method for resolving a Domain Name System, DNS, query received at a third party cloud computing environment, the method comprising: 
receiving a DNS query at the third party cloud computing environment (Xu: Figure 1 / E-106 & E-102, Col. 23 Line 22 – 24, Col. 21 Line 46 – 50 and Col. 20 Line 43 – 48: (a) a security device (FIG. 1 / E-102) receives a DNS query from a client (host) device, wherein (b) the security device is associated with a cloud security service (FIG. 1 / E-120) that can identify and log various (more) different infected hosts in customer networks (e.g. in a 3rd-party cloud computing environment w.r.t. the cloud secuirty device) to prevent future malware infections of hosts on the customer networks and accordingly, (c) a networking environment that includes a cloud security service (FIG. 1 / E-120), a host system (FIG. 1 / E-110) and a security device (FIG. 1 / E-102) constitutes one type of third party cloud computing environments (i.e. customer networks) to provide security services for a plurality of host systems (FIG. 1 / E-110));
forwarding the DNS query to a sinkhole DNS server if the DNS query comprises an unauthorised domain name (Xu: see above & Col. 21 Line 6 – 11 / Line 39 – 58, Col. 20 Line 43 – 48 / Line 55 – 63, Col. 22 Line 1 – 2 / Line 19 – 25 and Col. 21 Line 19 – 29: (a) a cloud security device, as a service provider of a local security device, can also perform additional security analysis for the local security device (i.e. as a subscriber / customer of the cloud security device) to identify, report a host that is infected and also distributing different log data and signature data (using signature publisher) to the local security device (Xu: Col. 22 Line 1 – 2 / Line 19 – 25, Col. 21 Line 19 – 29 & Col. 20 Line 43 – 48) – e.g., (b) forwarding the DNS query with NX (non-existant) domains (e.g. malicious / bad domains) to a cloud security service (FIG. 1 / E-120) for identifying and logging various (more) different infected hosts in customer networks, and as such (c) a cloud security service (FIG. 1 / E-120) along with an associated local security device (FIG. 1 / E-102), as a whole (in entirety), in a third party cloud computing environment indeed constitute one type of sinkhole DNS servers that can prevent future malware infections of hosts on the customer networks (i.e. as a third party cloud computing environments)); and
forwarding the DNS query to a default DNS server of the third party cloud computing environment if the DNS query does not comprise an unauthorised domain name (Xu: see above, Figure 1 / E-112 & E-106, E-108, E-104, Col. 20 Line 55 – 58 and Col. 8 Line 63 – 67: (a) blocking the client device from attempting to connect to a known (bad) malware domain of a DNS query while, otherwise, (b) for an authorized domain name indicated in a DNS query, the DNS query is forwarded to a directly connected local DNS server (FIG. 1 / E-112), which constitutes as one type of location-based default DNS servers, that can perform a DNS service to translate a domain name into a target IP address (Xu: FIG. 1 / E-112 & Col. 8 Line 63 – 67) – Examiner notes an additional evidence, enclosed in the record of PTO-892, can be used, as a reinforcement, to further support the rationale of rejection for the clarity purpose – for example, U.S. Patent 10,187,356 (Tabares: Abstract, Col. 6 Line 24 – 28 & Col. 7 Line 57 – 59: as per a customer network in a cloud computing environment, a local DNS server can be assigned as a default DNS server).  

As per claim 2, Xu teaches wherein the sinkhole DNS server is implemented in the third party cloud environment (Xu: see above & FIG. 1 / E-120, Col. 21 Line 46 – 50 and Col. 20 Line 43 – 48: the cloud security device (FIG. 1 / E-120), in a 3rd -party cloud environment, that can track and analyze the DNS query destined to a public sinkhole server, indeed constitutes one type of sinkhole DNS servers that can prevent future malware infections of hosts on the customer networks by distributing different log data and signature data to the security device (FIG. 1 / E-102) – i.e. a customer of the cloud security device using signature publisher (Xu: Col. 20 Line 43 – 48)).  

As per claim 3, Xu teaches wherein the sinkhole DNS server does not respond with a message that indicates a domain is not found (Xu: see above & Col. 4 Line 59 – 60: for a malware (bad) domain, no response indicating the domain is not found and instead the request is directed to a sinkholed IP address in order to sinkhole each of the malicious domain names).  

As per claim 4, Xu teaches the sinkhole DNS server responds to the DNS query with a message that indicates the DNS query completed successfully (NOERR) (Xu: see above, Figure 1 / E-112 & Col. 20 Line 55 – 58 and Col. 8 Line 63 – 67: the local security device, at least, as a part of the sinkhole DNS server (see above) should respond to the DNS query indicating the DNS query completed successfully after translating a domain name into a target IP address by a local DNS server (see above) because the client device attempting to connect to a known (bad) malware domain would be blocked otherwise (Xu: Col. 20 Line 55 – 58)).

As per claim 5, Xu teaches wherein the sinkhole DNS server responds to the DNS query with a message that indicates there is no answer to the DNS query (NOANS) (Xu: see above & Col. 4 Line 59 – 60: for a malware (bad) domain associated with a received DNS query, the response message is directed to a sinkholed IP address in order to sinkhole each of the malicious domain names, which implicitly indicating there is no answer to the DNS query as a result).  

As per claim 6, Xu teaches prior to forwarding the DNS query to a sinkhole DNS server if the DNS query comprises an unauthorised domain name, determining whether the DNS query comprises an address in a whitelist; and upon determining that the address is not in the whitelist; forwarding the DNS query to the sinkhole DNS server (Xu: see above, Figure 1 / E-112 & Col. 20 Line 55 – 58 and Col. 8 Line 63 – 67: based on a signature list of a known (bad) malware domain – i.e. a black/whitelisting of domain anmes (& see above) – i.e. a distributed different log data and signature data using a signature publisher).  

As per claim(s) 7 – 8 & 12, the claims contain(s) similar limitations to claim(s) 1 & 6 and thus is/are rejected with the same rationale.

As per claim 9, the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 1 & 6 with the exception of the feature(s) of if the DNS query comprises an authorised external domain name (Xu: see above & Col. 20 Line 43 – 48: based on a distributed different log data and signature data using a signature publisher that clearly includes external domain names).  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 10 – 11 are rejected under 35 U.S.C.103 as being unpatentable over Xu et al. (U.S. Patent 9,560,072), in view of Thakar et al. (U.S. Patent 10,791,085).  

As per claim 10, Thakar (& Xu) teaches determining whether the DNS query comprises a local address; and forwarding the DNS query to the native DNS server of the third party cloud environment if the DNS query comprises a local address (Thakar: Col. 6 Line 52 – 55 / Line 60 – 65 and Col. 8 Line 26 – 45: (a) dynamically providing a user with a DNS alternative by enabling the user to direct the DNS resolution process based on a user preference by overriding a default DNS setting (Thakar: Col. 6 Line 52 – 55 / Line 60 – 65), wherein (b) transmitting a DNS query with a primary IP address w.r.t. the user-selected primary resursive resolver by a local user device in its local DNS settings, which constitutes as one type of local addess(es) as an address specified by the local user device (Thakar: Col. 8 Line 26 – 45), and (c) forwarding the DNS query to the native DNS server(s) such as a primary resursive resolver or a secondary resursive resolver by the local user device as needed) || (Xu: see above).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of forwarding the DNS query to the native DNS server of the third party cloud environment if the DNS query comprises a local address because Thakar teaches to alternatively, effectively and securely provide a user with DNS flexibility by enabling the user to direct the DNS resolution process based on a user preference indicated in the DNS setting, wherein the transmitted DNS query specifies a primary IP address as a user-selected primary resursive resolver and forward the DNS query to the native DNS server(s) such as a primary resursive resolver or a secondary resursive resolver as needed (see above) within the Xu’s system of providing a DNS resolution process in a public networking environment managed by an enterprise network provider to block a client device from attempting to connect to a known (bad) malware domain and identify, report a host that is infected and also distribute different log data and signature data (using signature publisher) to a local security device and otherwise, direct the DNS query to a DNS server that can perform a DNS service to translate a domain name into a target IP address as queried (see above). 

As per claim 11, the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 10 with the exception of the feature(s) of regarding the DNS query comprises a shared access area (Thakar: Col. 6 Line 52 – 55 / Line 60 – 65 and Col. 8 Line 26 – 45: as per each individual user preference at the user account, a DNS server such as a primary resursive resolver or a secondary resursive resolver (see claim 10) that can be specified in user account’s DNS setting to act as a default server indeed constitutes as one type of shared access areas – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0016] Line 4 – 5: a sharea access area comprises a DNS server that can act as a default server for each user account)).  See the same rationale of combination applied herein as above in rejecting the claim 10.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2357 – 2022
---------------------------------------------------