DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3 March 2021 has been considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 5-7 and 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent No. 7,296,155 to Trostle et al.
As to claim 1, Trostle discloses a gateway apparatus, comprising: 
a hardware platform comprising a processor and a memory (Trostle: Fig. 4); and 
instructions stored within the memory (Trostle: Col 16, Lines 2-19; instructions stored in memory to execute the invention) to instruct the processor to: 
provide a domain name system (DNS) server (Trostle: 230 – Fig 2A; Col 7, Lines 4-10, local DNS server), the DNS server to provide an encrypted DNS service (Trostle: Col 7, Lines 11-31; local DNS service provides encryption using IPSec) , and to cache resolved domain names (Trostle: Fig 3A; Col 8, Line 42 – Col 9, Line 11; resolved domain names are cached with security information);
receive an outgoing network packet (Trostle: 312: Fig 3B; Col 9, Lines 15-23; outgoing data packet received by local DNS server) ; 
determine a destination address of the outgoing network packet (Trostle: 320 – Fig 3; Col 9, Lines 24-32; destination address determined to search cache); and 
upon determining that the destination address was not cached, apply a security policy (Trostle: 334, 336 – Fig 3; Col 9, Lines 33-44; addresses not in the cache have a security policy assigned).
As to claim 2, Trostle further discloses wherein the DNS server is a caching or forwarding server (Trostle: Fig 2B: Col 7, Lines 42-57; DNS with IPSec caching).
As to claim 5, Trostle further discloses wherein the instructions are further to provide an internet gateway service (Trostle: Col 15, Lines 27 -41; IPSec security gateway).
As to claim 6, Trostle further discloses wherein the instructions are further to provide a security agent to provide domain name-based security (Trostle: Col 4, Line 54 – Col 5, Line 3; IPSec acts as a domain name based security agent).
As to claim 7, Trostle further discloses wherein the instructions are further to purge cached queries after a time to live (TTL) (Trostle: Col 5: Lines 4-24; cache entries purged after use, TTL is for one match and application).
  As to claim 15, Trostle discloses one or more tangible, non-transitory computer-readable storage media having stored thereon executable instructions (Trostle: Col 16, Lines 2-19; instructions stored in memory to execute the invention) to: 
provision a domain name system (DNS) query cache (Trostle: Fig 3A; Col 8, Line 42 – Col 9, Line 11; resolved domain names are cached with security information); 
provide a secure DNS server (Trostle: 230 – Fig 2A; Col 7, Lines 4-10, local DNS server), the secure DNS server to provide at least one of DNS over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) (Trostle: Col 5, Lines 3-34; IPSEC implementation disclosed) , and to cache addresses of resolved domain names with a time to live (TTL) (Trostle: Fig 3A; Col 8, Line 42 – Col 9, Line 11; resolved domain names are cached with security information, TTL is for one match and application); 
provide domain name-based security services (Trostle: Col 4, Line 54 – Col 5, Line 3; IPSec acts as a domain name based security agent); and 
apply a security policy to an outgoing packet after determining that a destination address of the outgoing packet is not in the DNS query cache (Trostle: 334, 336 – Fig 3; Col 9, Lines 33-44; addresses not in the cache have a security policy assigned).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 7,296,155 to Trostle et al. in view of U.S. Patent Application Publication No. 2018/0131665 by Joffe et al.
As to claim 3, Trostle discloses all recited elements of claim 1 from which claim 3 depends.
Trostle does not expressly disclose wherein the DNS server is an authoritative server.
Joffe discloses wherein the DNS server is an authoritative server (Joffe: Page 4, Sec 50 - Page 5, Sec 51; Authoritative server using IPSec disclosed).
Trostle and Joffe are analogous art because they are from the common area of secure DNS servers.
It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the authoritative server of Joffe in the system of Trostle.  The rationale would have been to apply security to the results of the authoritative server (Joffe: Page 2, Sec 18).

Allowable Subject Matter
Claims 18-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

None of the art of record discloses, individually or in reasonable combination, recursively resolving DNS over DoH or DNS over DoT queries in the context of a secure DNS policy enforcement environment as claimed by Applicant.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Claims 4, 8-14 and 16-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432



/Michael S McNally/Primary Examiner, Art Unit 2432